-
Notifications
You must be signed in to change notification settings - Fork 3.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: changes for CD tech debt (#33231)
## Description Creating a new permission for Application, which is APPLICATION_DELETE_PAGES, this permission would be used to derive DELETE_PAGES permission for those permissionGroupIds which don't have DELETE_APPLICATIONS permission. Once such example is CD bot role. although it requires permission to delete pages and entities inside it, we don't want to provide permission for deleting application. This could be achieved by providing DELETE_PAGES permission, however when creating new pages, the permission would still be derived from application and it would lack the particular permission group id in DELETE_PAGES permissionGroups. Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.All" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/9013034630> > Commit: 9c01c08 > Cypress dashboard url: <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=9013034630&attempt=2" target="_blank">Click here!</a> <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No
- Loading branch information
1 parent
a3429f9
commit 6c27ccc
Showing
6 changed files
with
122 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
97 changes: 97 additions & 0 deletions
97
...server/migrations/db/ce/Migration053AddApplicationDeletePagePermissionToApplications.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
package com.appsmith.server.migrations.db.ce; | ||
|
||
import com.appsmith.external.models.BaseDomain; | ||
import com.appsmith.server.acl.AclPermission; | ||
import com.appsmith.server.domains.Application; | ||
import io.mongock.api.annotations.ChangeUnit; | ||
import io.mongock.api.annotations.Execution; | ||
import io.mongock.api.annotations.RollbackExecution; | ||
import lombok.RequiredArgsConstructor; | ||
import lombok.extern.slf4j.Slf4j; | ||
import org.bson.Document; | ||
import org.springframework.data.mongodb.core.MongoTemplate; | ||
import org.springframework.data.mongodb.core.aggregation.Aggregation; | ||
import org.springframework.data.mongodb.core.aggregation.AggregationOperation; | ||
import org.springframework.data.mongodb.core.query.Criteria; | ||
import org.springframework.data.mongodb.core.query.Query; | ||
|
||
import java.util.List; | ||
|
||
import static com.appsmith.server.migrations.db.ce.Migration047AddMissingFieldsInDefaultAppsmithAiDatasource.newerCheckForDeletedCriteria; | ||
import static com.appsmith.server.migrations.db.ce.Migration047AddMissingFieldsInDefaultAppsmithAiDatasource.olderCheckForDeletedCriteria; | ||
|
||
/** | ||
* This class adds a new policy delete:applicationPages to all non deleted applications. | ||
* The permissionGroups of the new policy is copied from the policy having permission delete application | ||
* in the same application. | ||
* | ||
*/ | ||
@Slf4j | ||
@ChangeUnit(order = "053", id = "add-app-delete-pages-permission-to-application", author = " ") | ||
@RequiredArgsConstructor | ||
public class Migration053AddApplicationDeletePagePermissionToApplications { | ||
|
||
private final MongoTemplate mongoTemplate; | ||
|
||
private static final String APPLICATION_DELETE_PAGES_VALUE = AclPermission.APPLICATION_DELETE_PAGES.getValue(); | ||
private static final String DELETE_APPLICATIONS_VALUE = AclPermission.DELETE_APPLICATIONS.getValue(); | ||
|
||
private static final String POLICIES = BaseDomain.Fields.policies; | ||
private static final String PERMISSION = "permission"; | ||
private static final String PERMISSION_GROUPS = "permissionGroups"; | ||
|
||
@RollbackExecution | ||
public void rollbackExecution() {} | ||
|
||
@Execution | ||
public void addApplicationDeletePagesPermissionToApplication() { | ||
|
||
// selection of all the applications which have not been deleted. | ||
Criteria applicationCriteria = | ||
new Criteria().andOperator(olderCheckForDeletedCriteria(), newerCheckForDeletedCriteria()); | ||
|
||
// conditional to match delete:applications permission | ||
Document equalityConditionDoc = new Document("$eq", List.of("$$this.permission", DELETE_APPLICATIONS_VALUE)); | ||
|
||
// filtering the policy from the policies based on equality condition | ||
Document filterPermissionGroupsDoc = new Document( | ||
"$filter", new Document().append("input", "$policies").append("cond", equalityConditionDoc)); | ||
|
||
// selecting the permissionGroups set present at array index, | ||
// (the list is dynamically created after filtering policies on permission and then returning permissionGroups) | ||
Document permissionGroupArrayElementAtDoc = new Document("$arrayElemAt", List.of(filterPermissionGroupsDoc, 0)); | ||
|
||
// creating a new policy with permission delete:applicationPages and permissionGroups from delete:app policy | ||
List<Document> singletonPolicyList = List.of(new Document(PERMISSION, APPLICATION_DELETE_PAGES_VALUE) | ||
.append( | ||
PERMISSION_GROUPS, | ||
new Document( | ||
"$let", | ||
new Document() | ||
.append( | ||
"vars", | ||
new Document("existingPolicy", permissionGroupArrayElementAtDoc)) | ||
.append("in", "$$existingPolicy.permissionGroups")))); | ||
|
||
// concatenating existing policies set with the newly created policy which is in set | ||
Document concatPolicySets = new Document("$concatArrays", List.of("$policies", singletonPolicyList)); | ||
|
||
AggregationOperation aggregationOperation = Aggregation.addFields() | ||
.addFieldWithValue(POLICIES, concatPolicySets) | ||
.build(); | ||
|
||
try { | ||
mongoTemplate.updateMulti( | ||
new Query().addCriteria(applicationCriteria), | ||
Aggregation.newUpdate(aggregationOperation), | ||
Application.class); | ||
} catch (Exception exception) { | ||
log.debug( | ||
"Migration with change-id : add-app-delete-pages-permission-to-application failed due to reason {}." | ||
+ "skipping addition of policy to applications ", | ||
exception.getMessage()); | ||
|
||
throw exception; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters