-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Using create action permission for schema generation #37243
Conversation
…his is only used by developers with appropriate permissions on the datasource
WalkthroughThe changes in this pull request focus on the Changes
Possibly related PRs
Suggested labels
Suggested reviewers
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (2)
app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/DatasourceStructureSolutionCEImpl.java (2)
Line range hint
89-106
: Consider externalizing error messages for i18n support.The error messages are currently hardcoded. Consider:
- Moving them to a message properties file for internationalization
- Making support contact information configurable
Line range hint
89-106
: Review security implications of error handling and caching.A few security considerations:
- Ensure error messages don't leak sensitive datasource information in production
- Consider implementing cache invalidation when datasource permissions change
- Add audit logging for schema generation attempts
Also applies to: 186-186
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
📒 Files selected for processing (1)
app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/DatasourceStructureSolutionCEImpl.java
(1 hunks)
🔇 Additional comments (1)
app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/DatasourceStructureSolutionCEImpl.java (1)
186-186
: Verify permission model consistency across schema operations.
The change from executePermission
to actionCreatePermission
enhances security by requiring higher privileges for schema generation. However, we should verify the consistency of this permission model across related operations.
✅ Verification successful
Let me search for more specific information about the schema-related operations to verify the permission model consistency.
Based on the analysis of the codebase, I can now provide a final response regarding the permission model consistency:
Permission change is consistent with schema generation security model
The change from executePermission
to actionCreatePermission
in getSchemaPreviewData
is intentional and consistent with the codebase's permission model:
getStructure
usesexecutePermission
for basic schema retrievalgetSchemaPreviewData
usesactionCreatePermission
for generating preview data, which requires higher privileges- This separation aligns with the principle of least privilege, where schema preview generation requires elevated permissions compared to basic structure retrieval
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Search for other permission checks in related schema operations
rg -A 2 "getExecutePermission|getActionCreatePermission" --type java
Length of output: 56954
Script:
#!/bin/bash
# Search for schema-related operations and their permission checks
ast-grep --pattern 'getSchema($$$) {
$$$
}'
rg -B 2 -A 2 "getSchema|getStructure|getTableColumns" --type java
Length of output: 76411
…g#37243) Currently, schema generation uses execute permission on the datasource to execute open ended queries for schema generation. Limiting it to developers who have create action permission on the said datasource (and hence have been given rights to run any query on the said datasource) instead of execute datasource permission which is given to everyone. ## Description > [!TIP] > _Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team)._ > > _Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR._ Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.All" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11702166169> > Commit: 8946b48 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11702166169&attempt=2" target="_blank">Cypress dashboard</a>. > Tags: `@tag.All` > Spec: > <hr>Wed, 06 Nov 2024 12:46:12 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Updated permission model for accessing datasource schema previews, enhancing security. - **Bug Fixes** - Improved error handling for specific exceptions, providing clearer feedback during errors. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Currently, schema generation uses execute permission on the datasource to execute open ended queries for schema generation. Limiting it to developers who have create action permission on the said datasource (and hence have been given rights to run any query on the said datasource) instead of execute datasource permission which is given to everyone.
Description
Tip
Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team).
Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR.
Fixes #
Issue Number
or
Fixes
Issue URL
Warning
If no issue exists, please create an issue first, and check with the maintainers if the issue is valid.
Automation
/ok-to-test tags="@tag.All"
🔍 Cypress test results
Tip
🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
Workflow run: https://github.com/appsmithorg/appsmith/actions/runs/11702166169
Commit: 8946b48
Cypress dashboard.
Tags:
@tag.All
Spec:
Wed, 06 Nov 2024 12:46:12 UTC
Communication
Should the DevRel and Marketing teams inform users about this change?
Summary by CodeRabbit
New Features
Bug Fixes