Bug : New users aren't able to read their own user object and hence homepage doesnt load.

Fix : Added lateral permissions for user on create.
2020-05-29 05:28:30 +00:00 · 2020-05-29 05:28:30 +00:00 · f1e1e6959a
commit f1e1e6959a
parent 53d81e8ed6
3 changed files with 16 additions and 17 deletions
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ApplicationServiceImpl.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ApplicationServiceImpl.java
@ -215,7 +215,7 @@ public class ApplicationServiceImpl extends BaseService<ApplicationRepository, A
                                    Organization organization = organizationEntry.getValue();
                                    Collection<Application> applicationCollection = applicationsCollectionByOrgId.get(orgId);

-                                    List<Application> applicationList = null;
+                                    List<Application> applicationList = new ArrayList<>();
                                    if (applicationCollection!=null && !applicationCollection.isEmpty()) {
                                        applicationList = applicationCollection.stream().collect(Collectors.toList());
                                    }
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserServiceImpl.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserServiceImpl.java
@ -41,11 +41,11 @@ import java.io.IOException;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
 import java.util.UUID;
-import java.util.stream.Collectors;

 import static com.appsmith.server.acl.AclPermission.MANAGE_APPLICATIONS;
 import static com.appsmith.server.acl.AclPermission.MANAGE_USERS;
@ -507,23 +507,12 @@ public class UserServiceImpl extends BaseService<UserRepository, User, String> i
    }

    private Set<Policy> crudUserPolicy(User user) {
-        Policy manageUserPolicy = Policy.builder()
-                .permission(MANAGE_USERS.getValue())
-                .users(Set.of(user.getUsername())).build();

-        Policy manageUserOrgPolicy = Policy.builder()
-                .permission(USER_MANAGE_ORGANIZATIONS.getValue())
-                .users(Set.of(user.getUsername())).build();
+        Set<AclPermission> aclPermissions = Set.of(MANAGE_USERS, USER_MANAGE_ORGANIZATIONS);

-        user.getPolicies().addAll(Set.of(manageUserPolicy, manageUserOrgPolicy));
+        Map<String, Policy> userPolicies = policyUtils.generatePolicyFromPermission(aclPermissions, user);

-        Set<Policy> policySet = user.getPolicies().stream()
-                .filter(policy ->
-                        policy.getPermission().equals(MANAGE_USERS.getValue()) ||
-                                policy.getPermission().equals(USER_MANAGE_ORGANIZATIONS.getValue())
-                ).collect(Collectors.toSet());
-
-        return policyGenerator.getAllChildPolicies(user, policySet, User.class);
+        return new HashSet<>(userPolicies.values());
    }

    /**
--- a/app/server/appsmith-server/src/test/java/com/appsmith/server/services/UserServiceTest.java
+++ b/app/server/appsmith-server/src/test/java/com/appsmith/server/services/UserServiceTest.java
@ -29,7 +29,9 @@ import java.util.Set;
 import static com.appsmith.server.acl.AclPermission.MANAGE_APPLICATIONS;
 import static com.appsmith.server.acl.AclPermission.MANAGE_USERS;
 import static com.appsmith.server.acl.AclPermission.READ_APPLICATIONS;
+import static com.appsmith.server.acl.AclPermission.READ_USERS;
 import static com.appsmith.server.acl.AclPermission.USER_MANAGE_ORGANIZATIONS;
+import static com.appsmith.server.acl.AclPermission.USER_READ_ORGANIZATIONS;
 import static org.assertj.core.api.Assertions.assertThat;

@Slf4j
@ -143,6 +145,14 @@ public class UserServiceTest {
                .permission(USER_MANAGE_ORGANIZATIONS.getValue())
                .users(Set.of(newUser.getUsername())).build();

+        Policy readUserPolicy = Policy.builder()
+                .permission(READ_USERS.getValue())
+                .users(Set.of(newUser.getUsername())).build();
+
+        Policy readUserOrgPolicy = Policy.builder()
+                .permission(USER_READ_ORGANIZATIONS.getValue())
+                .users(Set.of(newUser.getUsername())).build();
+
        Mono<User> userMono = userService.create(newUser);

        StepVerifier.create(userMono)
@ -153,7 +163,7 @@ public class UserServiceTest {
                    assertThat(user.getEmail()).isEqualTo("new-user-email@email.com");
                    assertThat(user.getName()).isEqualTo("new-user-email@email.com");
                    assertThat(user.getPolicies()).isNotEmpty();
-                    assertThat(user.getPolicies()).containsAll(Set.of(manageUserPolicy, manageUserOrgPolicy));
+                    assertThat(user.getPolicies()).containsAll(Set.of(manageUserPolicy, manageUserOrgPolicy, readUserPolicy, readUserOrgPolicy));
                })
                .verifyComplete();
    }