Skip to content

Commit

Permalink
Merge branch 'release' of https://github.com/appsmithorg/appsmith int…
Browse files Browse the repository at this point in the history
…o action-redesign/rest-api
  • Loading branch information
albinAppsmith committed Sep 10, 2024
2 parents 1b3633d + 316f914 commit 1081c9b
Showing 2 changed files with 64 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package com.appsmith.server.services.ce;

import com.appsmith.external.helpers.AppsmithBeanUtils;
import com.appsmith.external.helpers.EncryptionHelper;
import com.appsmith.server.acl.AclPermission;
import com.appsmith.server.configurations.CommonConfig;
@@ -576,8 +575,7 @@ private Mono<User> update(User existingUser, User userUpdate) {
userUpdate.setPassword(passwordEncoder.encode(userUpdate.getPassword()));
}

AppsmithBeanUtils.copyNewFieldValuesIntoOldObject(userUpdate, existingUser);
return repository.save(existingUser);
return repository.updateById(existingUser.getId(), userUpdate, null);
}

private boolean validateName(String name) {
@@ -603,6 +601,8 @@ public Mono<User> updateCurrentUser(final UserUpdateDTO allUpdates, ServerWebExc
return Mono.error(new AppsmithException(AppsmithError.INVALID_PARAMETER, FieldName.NAME));
}
updates.setName(inputName);
// Set policies to null to avoid overriding them.
updates.setPolicies(null);
updatedUserMono = sessionUserService
.getCurrentUser()
.flatMap(user -> updateWithoutPermission(user.getId(), updates)
Original file line number Diff line number Diff line change
@@ -13,6 +13,7 @@
import com.appsmith.server.domains.TenantConfiguration;
import com.appsmith.server.domains.User;
import com.appsmith.server.domains.UserData;
import com.appsmith.server.domains.UserState;
import com.appsmith.server.domains.Workspace;
import com.appsmith.server.dtos.InviteUsersDTO;
import com.appsmith.server.dtos.ResendEmailVerificationDTO;
@@ -39,6 +40,9 @@
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.boot.test.mock.mockito.SpyBean;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.test.context.support.WithUserDetails;
import org.springframework.test.annotation.DirtiesContext;
@@ -748,4 +752,61 @@ public void updateNameProficiencyAndUseCaseOfUser() {
})
.verifyComplete();
}

private <I> Mono<I> runAs(Mono<I> input, User user, String password) {
log.info("Running as user: {}", user.getEmail());
return input.contextWrite((ctx) -> {
SecurityContext securityContext = new SecurityContextImpl(
new UsernamePasswordAuthenticationToken(user, password, user.getAuthorities()));
return ctx.put(SecurityContext.class, Mono.just(securityContext));
});
}

@Test
@WithUserDetails(value = "api_user")
public void testUpdateCurrentUser_shouldNotUpdatePolicies() {
String testName = "testUpdateName_shouldNotUpdatePolicies";
User user = new User();
user.setEmail(testName + "@test.com");
user.setPassword(testName);
User createdUser = userService.create(user).block();
Set<Policy> policies = createdUser.getPolicies();

assertThat(createdUser.getName()).isNull();
assertThat(createdUser.getPolicies()).isNotEmpty();

UserUpdateDTO updateUser = new UserUpdateDTO();
updateUser.setName("Test Name");

User userUpdatedPostNameUpdate = runAs(userService.updateCurrentUser(updateUser, null), createdUser, testName)
.block();

assertThat(userUpdatedPostNameUpdate.getName()).isEqualTo("Test Name");
userUpdatedPostNameUpdate.getPolicies().forEach(policy -> {
assertThat(policies).contains(policy);
});
}

@Test
@WithUserDetails(value = "api_user")
public void testUpdateWithoutPermission_shouldUpdateChangedFields() {
String testName = "testUpdateWithoutPermission_shouldUpdateChangedFields";
User user = new User();
user.setEmail(testName + "@test.com");
user.setPassword(testName);
User createdUser = userService.create(user).block();
Set<Policy> policies = createdUser.getPolicies();

User update = new User();
update.setName("Test Name");
update.setState(UserState.ACTIVATED);
User updatedUser =
userService.updateWithoutPermission(createdUser.getId(), update).block();

assertThat(updatedUser.getName()).isEqualTo("Test Name");
assertThat(updatedUser.getState()).isEqualTo(UserState.ACTIVATED);
policies.forEach(policy -> {
assertThat(updatedUser.getPolicies()).contains(policy);
});
}
}

0 comments on commit 1081c9b

Please sign in to comment.