chore: Enforce permission while updating instance-config (#41289)
## Description [Slack Thread](https://theappsmith.slack.com/archives/C03RPDB936Z/p1759920222623799) EE Counterpart PR: https://github.com/appsmithorg/appsmith-ee/pull/8242 Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.All" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/18408366993> > Commit: 698d87930627197831d1ec9f89c40a02928d1b28 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=18408366993&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.All` > Spec: > <hr>Fri, 10 Oct 2025 15:02:32 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Breaking Changes** * Config REST endpoints for fetching/updating by name and ACL-guarded config update paths have been removed; clients relying on those endpoints or permissioned fetch/update should adjust. * **Bug Fixes** * Simplified config access surface to reduce permission-related complexity and potential inconsistencies. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
subratadeypappu
GitHub
parent
7711058ce3
commit
ef79d5f847
|
|
@ -1,16 +0,0 @@
|
|||
package com.appsmith.server.controllers;
|
||||
|
||||
import com.appsmith.server.constants.Url;
|
||||
import com.appsmith.server.controllers.ce.ConfigControllerCE;
|
||||
import com.appsmith.server.services.ConfigService;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@RestController
|
||||
@RequestMapping(Url.CONFIG_URL)
|
||||
public class ConfigController extends ConfigControllerCE {
|
||||
|
||||
public ConfigController(ConfigService service) {
|
||||
super(service);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
package com.appsmith.server.controllers.ce;
|
||||
|
||||
import com.appsmith.external.views.Views;
|
||||
import com.appsmith.server.constants.Url;
|
||||
import com.appsmith.server.domains.Config;
|
||||
import com.appsmith.server.dtos.ResponseDTO;
|
||||
import com.appsmith.server.services.ConfigService;
|
||||
import com.fasterxml.jackson.annotation.JsonView;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.PutMapping;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
@RequestMapping(Url.CONFIG_URL)
|
||||
public class ConfigControllerCE {
|
||||
|
||||
private final ConfigService service;
|
||||
|
||||
public ConfigControllerCE(ConfigService service) {
|
||||
this.service = service;
|
||||
}
|
||||
|
||||
@JsonView(Views.Public.class)
|
||||
@GetMapping("/name/{name}")
|
||||
public Mono<ResponseDTO<Config>> getByName(@PathVariable String name) {
|
||||
return service.getByName(name).map(resource -> new ResponseDTO<>(HttpStatus.OK, resource));
|
||||
}
|
||||
|
||||
@JsonView(Views.Public.class)
|
||||
@PutMapping("/name/{name}")
|
||||
public Mono<ResponseDTO<Config>> updateByName(@PathVariable String name, @RequestBody Config config) {
|
||||
return service.updateByName(config).map(resource -> new ResponseDTO<>(HttpStatus.OK, resource));
|
||||
}
|
||||
}
|
||||
|
|
@ -1,8 +1,6 @@
|
|||
package com.appsmith.server.services.ce;
|
||||
|
||||
import com.appsmith.server.acl.AclPermission;
|
||||
import com.appsmith.server.domains.Config;
|
||||
import com.appsmith.server.domains.User;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import java.util.Map;
|
||||
|
|
@ -11,8 +9,6 @@ public interface ConfigServiceCE {
|
|||
|
||||
Mono<Config> getByName(String name);
|
||||
|
||||
Mono<Config> updateByName(Config config);
|
||||
|
||||
Mono<Config> save(Config config);
|
||||
|
||||
Mono<Config> save(String name, Map<String, Object> config);
|
||||
|
|
@ -21,10 +17,6 @@ public interface ConfigServiceCE {
|
|||
|
||||
Mono<Void> delete(String name);
|
||||
|
||||
Mono<Config> getByName(String name, AclPermission permission);
|
||||
|
||||
Mono<Config> getByNameAsUser(String name, User user, AclPermission permission);
|
||||
|
||||
/**
|
||||
* Get the instance variables from the instance config
|
||||
* @return Map containing the instance variables
|
||||
|
|
|
|||
|
|
@ -1,9 +1,7 @@
|
|||
package com.appsmith.server.services.ce;
|
||||
|
||||
import com.appsmith.server.acl.AclPermission;
|
||||
import com.appsmith.server.constants.FieldName;
|
||||
import com.appsmith.server.domains.Config;
|
||||
import com.appsmith.server.domains.User;
|
||||
import com.appsmith.server.exceptions.AppsmithError;
|
||||
import com.appsmith.server.exceptions.AppsmithException;
|
||||
import com.appsmith.server.repositories.ConfigRepository;
|
||||
|
|
@ -34,20 +32,6 @@ public class ConfigServiceCEImpl implements ConfigServiceCE {
|
|||
Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, FieldName.CONFIG, name)));
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Config> updateByName(Config config) {
|
||||
final String name = config.getName();
|
||||
return repository
|
||||
.findByName(name)
|
||||
.switchIfEmpty(
|
||||
Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, FieldName.CONFIG, name)))
|
||||
.flatMap(dbConfig -> {
|
||||
log.debug("Found config with name: {} and id: {}", name, dbConfig.getId());
|
||||
dbConfig.setConfig(config.getConfig());
|
||||
return repository.save(dbConfig);
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Config> save(Config config) {
|
||||
return repository
|
||||
|
|
@ -85,16 +69,6 @@ public class ConfigServiceCEImpl implements ConfigServiceCE {
|
|||
.flatMap(repository::delete);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Config> getByName(String name, AclPermission permission) {
|
||||
return repository.findByName(name, permission);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Config> getByNameAsUser(String name, User user, AclPermission permission) {
|
||||
return repository.findByNameAsUser(name, user, permission);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Map<String, Object>> getInstanceVariables() {
|
||||
return getByName(FieldName.INSTANCE_CONFIG).map(config -> {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user