Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit120fbc9

Browse files
committed
fix: sorted out application view rights for all cases
1 parentcc5333c commit120fbc9

File tree

11 files changed

+258
-137
lines changed

11 files changed

+258
-137
lines changed
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
packageorg.lowcoder.domain.application.model;
2+
3+
publicenumApplicationRequestType {
4+
PUBLIC_TO_ALL,
5+
PUBLIC_TO_MARKETPLACE,
6+
AGENCY_PROFILE,
7+
}

‎server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/application/repository/ApplicationRepository.java

Lines changed: 22 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -45,13 +45,28 @@ public interface ApplicationRepository extends ReactiveMongoRepository<Applicati
4545
// this we do not need
4646
// Flux<Application> findByPublicToAllIsTrueAndPublicToMarketplaceIsAndAgencyProfileIsAndIdIn(Boolean publicToMarketplace, Boolean agencyProfile, Collection<String> ids);
4747

48-
// Find all Public Applications
49-
Flux<Application>findByPublicToAllIsTrue();
50-
51-
// Find all Marketplace Apps
48+
/**
49+
* Filter public applications from list of supplied IDs
50+
*/
51+
Flux<Application>findByPublicToAllIsTrueAndIdIn(Collection<String>ids);
52+
53+
/**
54+
* Filter marketplace applications from list of supplied IDs
55+
*/
56+
Flux<Application>findByPublicToAllIsTrueAndPublicToMarketplaceIsTrueAndIdIn(Collection<String>ids);
57+
58+
/**
59+
* Filter agency applications from list of supplied IDs
60+
*/
61+
Flux<Application>findByPublicToAllIsTrueAndAgencyProfileIsTrueAndIdIn(Collection<String>ids);
62+
63+
/**
64+
* Find all marketplace applications
65+
*/
5266
Flux<Application>findByPublicToAllIsTrueAndPublicToMarketplaceIsTrue();
53-
54-
// Find all Agencies
67+
68+
/**
69+
* Find all agency applications
70+
*/
5571
Flux<Application>findByPublicToAllIsTrueAndAgencyProfileIsTrue();
56-
5772
}

‎server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/application/service/ApplicationService.java

Lines changed: 42 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
importjava.util.stream.Collectors;
88

99
importorg.lowcoder.domain.application.model.Application;
10+
importorg.lowcoder.domain.application.model.ApplicationRequestType;
1011
importorg.lowcoder.domain.application.model.ApplicationStatus;
1112
importorg.lowcoder.domain.application.repository.ApplicationRepository;
1213
importorg.lowcoder.domain.permission.model.ResourceRole;
@@ -157,8 +158,6 @@ public Mono<Boolean> setApplicationPublicToMarketplace(String applicationId, Boo
157158

158159
returnfindById(applicationId)
159160

160-
// Falk: question - do we need Map<String, Object> applicationDsl = application.getEditingApplicationDSL(); and .editingApplicationDSL(applicationDsl) - or is .publicToMarketplace(publicToMarketplace).build(); enough?
161-
162161
.map(application -> {
163162

164163
Map<String,Object>applicationDsl =application.getEditingApplicationDSL();
@@ -204,81 +203,64 @@ public Mono<Boolean> setApplicationAsAgencyProfile(String applicationId, boolean
204203
returnmongoUpsertHelper.updateById(application,applicationId);
205204
}
206205

207-
// getPublicApplicationIds /view - publicToAll check
208-
// getPublicMarketplaceApplicationIds / marketplace_view - publicToAll and publicToMarketplace check & isPrivateMarketplace check
209-
// getPublicAgencyProfileApplicationIds / agency_profile_view - publicToAll and agencyProfile check
210206

211-
// marketplace_view [anonymous] publicToAll and publicToMarketplace check & isPrivateMarketplace false -> OK
207+
@NonEmptyMono
208+
@SuppressWarnings("ReactiveStreamsNullableInLambdaInTransform")
209+
publicMono<Set<String>>getFilteredPublicApplicationIds(ApplicationRequestTyperequestType,Collection<String>applicationIds,BooleanisAnonymous,BooleanisPrivateMarketplace) {
210+
211+
switch(requestType)
212+
{
213+
casePUBLIC_TO_ALL:
214+
returngetPublicApplicationIds(applicationIds);
215+
casePUBLIC_TO_MARKETPLACE:
216+
returngetPublicMarketplaceApplicationIds(applicationIds,isAnonymous,isPrivateMarketplace);
217+
caseAGENCY_PROFILE:
218+
returngetPublicAgencyApplicationIds(applicationIds);
219+
default:
220+
returnMono.empty();
221+
}
222+
}
212223

213-
// marketplace_view [anonymous] publicToAll and publicToMarketplace check & isPrivateMarketplace true -> NOT OK
214-
215-
// marketplace_view [LoggedIn] publicToAll and publicToMarketplace check & isPrivateMarketplace true -> OK
216-
// marketplace_view [LoggedIn] publicToAll and publicToMarketplace check & isPrivateMarketplace false -> OK
217-
218-
219-
// will be extended by EndpointType
220-
/*
221-
* if (EndpointType == view)
222-
* if (EndpointType == marketplace_view)
223-
* if (EndpointType == agency_profile_view)
224+
225+
/**
226+
* Find all public applications - doesn't matter if user is anonymous, because these apps are public
224227
*/
225-
226-
// is it needed?
227228
@NonEmptyMono
228229
@SuppressWarnings("ReactiveStreamsNullableInLambdaInTransform")
229-
publicMono<Set<String>>getPublicApplicationIds(Collection<String>applicationIds,BooleanisAnonymous,BooleanisPrivateMarketplace) {
230+
publicMono<Set<String>>getPublicApplicationIds(Collection<String>applicationIds) {
230231

231-
returnrepository.findByPublicToAllIsTrue()
232+
returnrepository.findByPublicToAllIsTrueAndIdIn(applicationIds)
232233
.map(HasIdAndAuditing::getId)
233234
.collect(Collectors.toSet());
234235
}
235236

236-
// for Marketplaces
237+
238+
/**
239+
* Find all marketplace applications - filter based on whether user is anonymous and whether it's a private marketplace
240+
*/
237241
@NonEmptyMono
238242
@SuppressWarnings("ReactiveStreamsNullableInLambdaInTransform")
239-
publicMono<Set<String>>getPublicMarketplaceApplicationIds(Collection<String>applicationIds,BooleanisAnonymous,BooleanisPrivateMarketplace) {
240-
241-
if(isAnonymous) {
242-
if(isPrivateMarketplace) {
243-
returnrepository.findByPublicToAllIsTrueAndPublicToMarketplaceIsTrue(false,false,applicationIds)
244-
.map(HasIdAndAuditing::getId)
245-
.collect(Collectors.toSet());
246-
}else {
247-
returnrepository.findByPublicToAllIsTrueAndPublicToMarketplaceIsTrue(true,false,applicationIds)
248-
.map(HasIdAndAuditing::getId)
249-
.collect(Collectors.toSet());
250-
}
251-
}else {
252-
returnrepository.findByPublicToAllIsTrueAndPublicToMarketplaceIsTrue(true,true,applicationIds)
253-
.map(HasIdAndAuditing::getId)
254-
.collect(Collectors.toSet());
255-
}
256-
257-
243+
publicMono<Set<String>>getPublicMarketplaceApplicationIds(Collection<String>applicationIds,booleanisAnonymous,booleanisPrivateMarketplace) {
244+
245+
if ((isAnonymous && !isPrivateMarketplace) || !isAnonymous)
246+
{
247+
returnrepository.findByPublicToAllIsTrueAndPublicToMarketplaceIsTrueAndIdIn(applicationIds)
248+
.map(HasIdAndAuditing::getId)
249+
.collect(Collectors.toSet());
250+
}
251+
returnMono.empty();
258252
}
259253

260-
// for Agencies
254+
/**
255+
* Find all agency applications
256+
*/
261257
@NonEmptyMono
262258
@SuppressWarnings("ReactiveStreamsNullableInLambdaInTransform")
263-
publicMono<Set<String>>getPublicAgencyApplicationIds(Collection<String>applicationIds,BooleanisAnonymous,BooleanisPrivateMarketplace) {
264-
265-
if(isAnonymous) {
266-
if(isPrivateMarketplace) {
267-
returnrepository.findByPublicToAllIsTrueAndPublicToMarketplaceIsAndAgencyProfileIsAndIdIn(false,false,applicationIds)
268-
.map(HasIdAndAuditing::getId)
269-
.collect(Collectors.toSet());
270-
}else {
271-
returnrepository.findByPublicToAllIsTrueAndPublicToMarketplaceIsAndAgencyProfileIsAndIdIn(true,false,applicationIds)
272-
.map(HasIdAndAuditing::getId)
273-
.collect(Collectors.toSet());
274-
}
275-
}else {
276-
returnrepository.findByPublicToAllIsTrueAndPublicToMarketplaceIsOrAgencyProfileIsAndIdIn(true,true,applicationIds)
277-
.map(HasIdAndAuditing::getId)
278-
.collect(Collectors.toSet());
279-
}
280-
259+
publicMono<Set<String>>getPublicAgencyApplicationIds(Collection<String>applicationIds) {
281260

261+
returnrepository.findByPublicToAllIsTrueAndAgencyProfileIsTrueAndIdIn(applicationIds)
262+
.map(HasIdAndAuditing::getId)
263+
.collect(Collectors.toSet());
282264
}
283265

284266
publicFlux<Application>findAll() {

‎server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/permission/service/ApplicationPermissionHandler.java

Lines changed: 36 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
importjava.util.Set;
1616

1717
importorg.lowcoder.domain.application.model.Application;
18+
importorg.lowcoder.domain.application.model.ApplicationRequestType;
1819
importorg.lowcoder.domain.application.service.ApplicationService;
1920
importorg.lowcoder.domain.permission.model.ResourceAction;
2021
importorg.lowcoder.domain.permission.model.ResourcePermission;
@@ -46,7 +47,7 @@ protected Mono<Map<String, List<ResourcePermission>>> getAnonymousUserPermission
4647
}
4748

4849
Set<String>applicationIds =newHashSet(resourceIds);
49-
returnMono.zip(applicationService.getPublicApplicationIds(applicationIds,Boolean.TRUE,config.getMarketplace().isPrivateMode()),
50+
returnMono.zip(applicationService.getPublicApplicationIds(applicationIds),
5051
templateSolution.getTemplateApplicationIds(applicationIds))
5152
.map(tuple -> {
5253
Set<String>publicAppIds =tuple.getT1();
@@ -61,7 +62,7 @@ protected Mono<Map<String, List<ResourcePermission>>> getAnonymousUserPermission
6162
(Collection<String>resourceIds,ResourceActionresourceAction) {
6263

6364
Set<String>applicationIds =newHashSet(resourceIds);
64-
returnMono.zip(applicationService.getPublicApplicationIds(applicationIds,Boolean.FALSE,config.getMarketplace().isPrivateMode()),
65+
returnMono.zip(applicationService.getPublicApplicationIds(applicationIds),
6566
templateSolution.getTemplateApplicationIds(applicationIds))
6667
.map(tuple -> {
6768
Set<String>publicAppIds =tuple.getT1();
@@ -70,7 +71,39 @@ protected Mono<Map<String, List<ResourcePermission>>> getAnonymousUserPermission
7071
});
7172
}
7273

73-
privateList<ResourcePermission>getAnonymousUserPermission(StringapplicationId) {
74+
75+
@Override
76+
protectedMono<Map<String,List<ResourcePermission>>>getAnonymousUserApplicationPermissions(
77+
Collection<String>resourceIds,ResourceActionresourceAction,ApplicationRequestTyperequestType)
78+
{
79+
if (!ANONYMOUS_USER_ROLE.canDo(resourceAction)) {
80+
returnMono.just(emptyMap());
81+
}
82+
83+
Set<String>applicationIds =newHashSet(resourceIds);
84+
returnMono.zip(applicationService.getFilteredPublicApplicationIds(requestType,applicationIds,Boolean.TRUE,config.getMarketplace().isPrivateMode()),
85+
templateSolution.getTemplateApplicationIds(applicationIds))
86+
.map(tuple -> {
87+
Set<String>publicAppIds =tuple.getT1();
88+
Set<String>templateAppIds =tuple.getT2();
89+
returncollectMap(union(publicAppIds,templateAppIds),identity(),this::getAnonymousUserPermission);
90+
});
91+
}
92+
93+
@Override
94+
protectedMono<Map<String,List<ResourcePermission>>>getNonAnonymousUserApplicationPublicResourcePermissions(
95+
Collection<String>resourceIds,ResourceActionresourceAction,ApplicationRequestTyperequestType) {
96+
Set<String>applicationIds =newHashSet(resourceIds);
97+
returnMono.zip(applicationService.getFilteredPublicApplicationIds(requestType,applicationIds,Boolean.FALSE,config.getMarketplace().isPrivateMode()),
98+
templateSolution.getTemplateApplicationIds(applicationIds))
99+
.map(tuple -> {
100+
Set<String>publicAppIds =tuple.getT1();
101+
Set<String>templateAppIds =tuple.getT2();
102+
returncollectMap(union(publicAppIds,templateAppIds),identity(),this::getAnonymousUserPermission);
103+
});
104+
}
105+
106+
privateList<ResourcePermission>getAnonymousUserPermission(StringapplicationId) {
74107
returnCollections.singletonList(ResourcePermission.builder()
75108
.resourceId(applicationId)
76109
.resourceType(ResourceType.APPLICATION)

‎server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/permission/service/DatasourcePermissionHandler.java

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
importjava.util.stream.Collectors;
1111

1212
importorg.apache.commons.collections4.CollectionUtils;
13+
importorg.lowcoder.domain.application.model.ApplicationRequestType;
1314
importorg.lowcoder.domain.datasource.model.Datasource;
1415
importorg.lowcoder.domain.datasource.service.DatasourceService;
1516
importorg.lowcoder.domain.permission.model.ResourceAction;
@@ -44,6 +45,18 @@ protected Mono<Map<String, List<ResourcePermission>>> getNonAnonymousUserPublicR
4445
}
4546

4647
@Override
48+
protectedMono<Map<String,List<ResourcePermission>>>getAnonymousUserApplicationPermissions(
49+
Collection<String>resourceIds,ResourceActionresourceAction,ApplicationRequestTyperequestType) {
50+
returnMono.just(Collections.emptyMap());
51+
}
52+
53+
@Override
54+
protectedMono<Map<String,List<ResourcePermission>>>getNonAnonymousUserApplicationPublicResourcePermissions(
55+
Collection<String>resourceIds,ResourceActionresourceAction,ApplicationRequestTyperequestType) {
56+
returnMono.just(Collections.emptyMap());
57+
}
58+
59+
@Override
4760
protectedMono<String>getOrgId(StringresourceId) {
4861
returndatasourceService.getById(resourceId)
4962
.map(Datasource::getOrganizationId);

‎server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/permission/service/ResourcePermissionHandler.java

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818

1919
importorg.apache.commons.collections4.CollectionUtils;
2020
importorg.apache.commons.collections4.ListUtils;
21+
importorg.lowcoder.domain.application.model.ApplicationRequestType;
2122
importorg.lowcoder.domain.group.service.GroupMemberService;
2223
importorg.lowcoder.domain.organization.service.OrgMemberService;
2324
importorg.lowcoder.domain.permission.model.ResourceAction;
@@ -153,6 +154,13 @@ protected abstract Mono<Map<String, List<ResourcePermission>>> getAnonymousUserP
153154
protectedabstractMono<Map<String,List<ResourcePermission>>>getNonAnonymousUserPublicResourcePermissions
154155
(Collection<String>resourceIds,ResourceActionresourceAction);
155156

157+
protectedabstractMono<Map<String,List<ResourcePermission>>>getAnonymousUserApplicationPermissions(Collection<String>resourceIds,
158+
ResourceActionresourceAction,ApplicationRequestTyperequestType);
159+
160+
protectedabstractMono<Map<String,List<ResourcePermission>>>getNonAnonymousUserApplicationPublicResourcePermissions
161+
(Collection<String>resourceIds,ResourceActionresourceAction,ApplicationRequestTyperequestType);
162+
163+
156164
privateMono<Map<String,List<ResourcePermission>>>getAllMatchingPermissions0(StringuserId,StringorgId,ResourceTyperesourceType,
157165
Collection<String>resourceIds,
158166
ResourceActionresourceAction) {
@@ -212,4 +220,63 @@ private Mono<Set<String>> getUserGroupIds(String orgId, String userId) {
212220
}
213221

214222
protectedabstractMono<String>getOrgId(StringresourceId);
223+
224+
publicMono<UserPermissionOnResourceStatus>checkUserPermissionStatusOnApplication(StringuserId,StringresourceId,
225+
ResourceActionresourceAction,ApplicationRequestTyperequestType)
226+
{
227+
ResourceTyperesourceType =resourceAction.getResourceType();
228+
229+
Mono<UserPermissionOnResourceStatus>publicResourcePermissionMono =getAnonymousUserApplicationPermissions(singletonList(resourceId),resourceAction,requestType)
230+
.map(it ->it.getOrDefault(resourceId,emptyList()))
231+
.map(it -> {
232+
if (!it.isEmpty()) {
233+
returnUserPermissionOnResourceStatus.success(it.get(0));
234+
}
235+
returnisAnonymousUser(userId) ?UserPermissionOnResourceStatus.anonymousUser() :UserPermissionOnResourceStatus.notInOrg();
236+
});
237+
238+
if (isAnonymousUser(userId)) {
239+
returnpublicResourcePermissionMono;
240+
}
241+
242+
Mono<UserPermissionOnResourceStatus>nonAnonymousPublicResourcePermissionMono =getNonAnonymousUserApplicationPublicResourcePermissions(singletonList(resourceId),resourceAction,requestType)
243+
.map(it ->it.getOrDefault(resourceId,emptyList()))
244+
.map(it -> {
245+
if (!it.isEmpty()) {
246+
returnUserPermissionOnResourceStatus.success(it.get(0));
247+
}
248+
returnisAnonymousUser(userId) ?UserPermissionOnResourceStatus.anonymousUser() :UserPermissionOnResourceStatus.notInOrg();
249+
});
250+
251+
252+
Mono<UserPermissionOnResourceStatus>orgUserPermissionMono =getOrgId(resourceId)
253+
.flatMap(orgId ->orgMemberService.getOrgMember(orgId,userId))
254+
.flatMap(orgMember -> {
255+
if (orgMember.isAdmin()) {
256+
returnMono.just(UserPermissionOnResourceStatus.success(buildAdminPermission(resourceType,resourceId,userId)));
257+
}
258+
returngetAllMatchingPermissions0(userId,orgMember.getOrgId(),resourceType,Collections.singleton(resourceId),resourceAction)
259+
.map(it ->it.getOrDefault(resourceId,emptyList()))
260+
.map(permissions ->permissions.isEmpty() ?UserPermissionOnResourceStatus.notEnoughPermission()
261+
:UserPermissionOnResourceStatus.success(getMaxPermission(permissions)));
262+
})
263+
.defaultIfEmpty(UserPermissionOnResourceStatus.notInOrg());
264+
265+
returnMono.zip(publicResourcePermissionMono,nonAnonymousPublicResourcePermissionMono,orgUserPermissionMono)
266+
.map(tuple -> {
267+
UserPermissionOnResourceStatuspublicResourcePermission =tuple.getT1();
268+
UserPermissionOnResourceStatusnonAnonymousPublicResourcePermission =tuple.getT2();
269+
UserPermissionOnResourceStatusorgUserPermission =tuple.getT3();
270+
if (orgUserPermission.hasPermission()) {
271+
returnorgUserPermission;
272+
}
273+
if(nonAnonymousPublicResourcePermission.hasPermission()) {
274+
returnnonAnonymousPublicResourcePermission;
275+
}
276+
if (publicResourcePermission.hasPermission()) {
277+
returnpublicResourcePermission;
278+
}
279+
returnorgUserPermission;
280+
});
281+
}
215282
}

‎server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/permission/service/ResourcePermissionService.java

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
importjavax.validation.constraints.NotNull;
2020

2121
importorg.apache.commons.collections4.CollectionUtils;
22+
importorg.lowcoder.domain.application.model.ApplicationRequestType;
2223
importorg.lowcoder.domain.permission.model.ResourceAction;
2324
importorg.lowcoder.domain.permission.model.ResourceHolder;
2425
importorg.lowcoder.domain.permission.model.ResourcePermission;
@@ -221,6 +222,14 @@ public Mono<ResourcePermission> checkAndReturnMaxPermission(String userId, Strin
221222
returnresourcePermissionHandler.checkUserPermissionStatusOnResource(userId,resourceId,resourceAction);
222223
}
223224

225+
publicMono<UserPermissionOnResourceStatus>checkUserPermissionStatusOnApplication
226+
(StringuserId,StringresourceId,ResourceActionresourceAction,ApplicationRequestTyperequestType) {
227+
ResourceTyperesourceType =resourceAction.getResourceType();
228+
varresourcePermissionHandler =getResourcePermissionHandler(resourceType);
229+
returnresourcePermissionHandler.checkUserPermissionStatusOnApplication(userId,resourceId,resourceAction,requestType);
230+
}
231+
232+
224233
publicMono<Boolean>removeUserApplicationPermission(StringappId,StringuserId) {
225234
returnrepository.removePermissionBy(ResourceType.APPLICATION,appId,ResourceHolder.USER,userId);
226235
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp