Adding ACL policy filters to CustomApplicationRepository functions
This commit is contained in:
Arpit Mohan
parent
0914acdca6
commit
f47e7eb882
|
|
@ -14,5 +14,4 @@ import reactor.core.publisher.Mono;
|
|||
@AclEntity("applications")
|
||||
public interface ApplicationRepository extends BaseRepository<Application, String>, CustomApplicationRepository {
|
||||
|
||||
Mono<Application> findByName(String name);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,9 +1,40 @@
|
|||
package com.appsmith.server.repositories;
|
||||
|
||||
import com.appsmith.external.models.QBaseDomain;
|
||||
import com.appsmith.server.domains.User;
|
||||
import com.querydsl.core.types.Path;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.data.mongodb.core.query.Criteria;
|
||||
|
||||
import static org.springframework.data.mongodb.core.query.Criteria.where;
|
||||
|
||||
@Slf4j
|
||||
public class BaseAppsmithRepositoryImpl {
|
||||
|
||||
public static final Criteria notDeleted() {
|
||||
return new Criteria().orOperator(
|
||||
where(fieldName(QBaseDomain.baseDomain.deleted)).exists(false),
|
||||
where(fieldName(QBaseDomain.baseDomain.deleted)).is(false)
|
||||
);
|
||||
}
|
||||
|
||||
public static final Criteria userAcl(User user, String permission) {
|
||||
log.debug("Going to add userAcl for user: {} and permission: {}", user.getUsername(), permission);
|
||||
|
||||
Criteria userCriteria = Criteria.where("policies")
|
||||
.elemMatch(Criteria.where("users").all(user.getUsername())
|
||||
.and("permissions").all(permission)
|
||||
);
|
||||
log.debug("Got the userCriteria: {}", userCriteria.getCriteriaObject());
|
||||
|
||||
Criteria groupCriteria = Criteria.where("policies")
|
||||
.elemMatch(Criteria.where("groups").all(user.getGroupIds())
|
||||
.and("permissions").all(permission));
|
||||
|
||||
log.debug("Got the groupCriteria: {}", groupCriteria.getCriteriaObject());
|
||||
return new Criteria().orOperator(userCriteria, groupCriteria);
|
||||
}
|
||||
|
||||
public static final String fieldName(Path path) {
|
||||
return path != null ? path.getMetadata().getName() : null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,8 @@ import java.io.Serializable;
|
|||
import java.util.List;
|
||||
|
||||
import static com.appsmith.server.repositories.BaseAppsmithRepositoryImpl.fieldName;
|
||||
import static com.appsmith.server.repositories.BaseAppsmithRepositoryImpl.notDeleted;
|
||||
import static com.appsmith.server.repositories.BaseAppsmithRepositoryImpl.userAcl;
|
||||
import static org.springframework.data.mongodb.core.query.Criteria.where;
|
||||
|
||||
/**
|
||||
|
|
@ -53,43 +55,12 @@ public class BaseRepositoryImpl<T extends BaseDomain, ID extends Serializable> e
|
|||
this.mongoOperations = mongoOperations;
|
||||
}
|
||||
|
||||
protected Criteria notDeleted() {
|
||||
return new Criteria().orOperator(
|
||||
where(fieldName(QBaseDomain.baseDomain.deleted)).exists(false),
|
||||
where(fieldName(QBaseDomain.baseDomain.deleted)).is(false)
|
||||
);
|
||||
}
|
||||
|
||||
protected Criteria userAcl(User user, String permission) {
|
||||
log.debug("Going to add userAcl");
|
||||
// Criteria userCriteria = Criteria.where(fieldName(QBaseDomain.baseDomain.policies))
|
||||
// .elemMatch(Criteria.where(fieldName(QPolicy.policy.users)).all(user.getUsername())
|
||||
// .and(fieldName(QPolicy.policy.permissions)).all(permission)
|
||||
// );
|
||||
Criteria userCriteria = Criteria.where("policies")
|
||||
.elemMatch(Criteria.where("users").all(user.getUsername())
|
||||
.and("permissions").all(permission)
|
||||
);
|
||||
log.debug("Got the userCriteria: {}", userCriteria);
|
||||
|
||||
// Criteria groupCriteria = Criteria.where(fieldName(QBaseDomain.baseDomain.policies))
|
||||
// .elemMatch(Criteria.where(fieldName(QPolicy.policy.groups)).all(user.getGroupIds())
|
||||
// .and(fieldName(QPolicy.policy.permissions)).all(permission));
|
||||
Criteria groupCriteria = Criteria.where("policies")
|
||||
.elemMatch(Criteria.where("groups").all(user.getGroupIds())
|
||||
.and("permissions").all(permission));
|
||||
|
||||
log.debug("Got the groupCriteria: {}", groupCriteria);
|
||||
return new Criteria().orOperator(userCriteria, groupCriteria);
|
||||
}
|
||||
|
||||
protected Criteria getIdCriteria(Object id) {
|
||||
return where(entityInformation.getIdAttribute()).is(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<T> findById(ID id) {
|
||||
log.debug("In the baseRepository. Going to findById");
|
||||
Assert.notNull(id, "The given id must not be null!");
|
||||
return ReactiveSecurityContextHolder.getContext()
|
||||
.map(ctx -> ctx.getAuthentication())
|
||||
|
|
|
|||
|
|
@ -5,4 +5,6 @@ import reactor.core.publisher.Mono;
|
|||
|
||||
public interface CustomApplicationRepository {
|
||||
Mono<Application> findByIdAndOrganizationId(String id, String orgId);
|
||||
|
||||
Mono<Application> findByName(String name);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,17 +37,6 @@ public class CustomApplicationRepositoryImpl extends BaseAppsmithRepositoryImpl
|
|||
this.mongoTemplate = mongoTemplate;
|
||||
}
|
||||
|
||||
protected Criteria notDeleted() {
|
||||
return new Criteria().orOperator(
|
||||
where(fieldName(QBaseDomain.baseDomain.deleted)).exists(false),
|
||||
where(fieldName(QBaseDomain.baseDomain.deleted)).is(false)
|
||||
);
|
||||
}
|
||||
|
||||
protected Criteria userAcl(User user, String permission, String entity) {
|
||||
return null;
|
||||
}
|
||||
|
||||
protected Criteria getIdCriteria(Object id) {
|
||||
return where(fieldName(QApplication.application.id)).is(id);
|
||||
}
|
||||
|
|
@ -60,7 +49,7 @@ public class CustomApplicationRepositoryImpl extends BaseAppsmithRepositoryImpl
|
|||
User user = (User) auth.getPrincipal();
|
||||
Query query = new Query(getIdCriteria(id));
|
||||
query.addCriteria(where(fieldName(QApplication.application.organizationId)).is(orgId));
|
||||
query.addCriteria(new Criteria().andOperator(notDeleted(), userAcl(user, "read", Entity.APPLICATIONS)));
|
||||
query.addCriteria(new Criteria().andOperator(notDeleted(), userAcl(user, "read")));
|
||||
|
||||
return mongoOperations.query(Application.class)
|
||||
.matching(query)
|
||||
|
|
@ -68,9 +57,19 @@ public class CustomApplicationRepositoryImpl extends BaseAppsmithRepositoryImpl
|
|||
});
|
||||
}
|
||||
|
||||
// @Override
|
||||
// public Mono<Application> findByName(String name) {
|
||||
// Query query = new Query();
|
||||
// return Mono.empty();
|
||||
// }
|
||||
@Override
|
||||
public Mono<Application> findByName(String name) {
|
||||
return ReactiveSecurityContextHolder.getContext()
|
||||
.map(ctx -> ctx.getAuthentication())
|
||||
.map(auth -> auth.getPrincipal())
|
||||
.flatMap(principal -> {
|
||||
User user = (User) principal;
|
||||
Query query = new Query(where(fieldName(QApplication.application.name)).is(name));
|
||||
query.addCriteria(new Criteria().andOperator(notDeleted(), userAcl(user, "read")));
|
||||
|
||||
return mongoOperations.query(Application.class)
|
||||
.matching(query)
|
||||
.one();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -78,7 +78,6 @@ public class ApplicationServiceImpl extends BaseService<ApplicationRepository, A
|
|||
|
||||
return userMono
|
||||
.map(user -> user.getCurrentOrganizationId())
|
||||
// .flatMap(orgId -> repository.findByIdAndOrganizationId(id, orgId))
|
||||
.flatMap(orgId -> repository.findById(id))
|
||||
.switchIfEmpty(Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, "resource", id)));
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user