fix: Move static data update in permission

appsmithorg · Jun 19, 2024 · 4b29951 · 4b29951
1 parent 505162b
commit 4b29951
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 5 deletions.
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/aspect/PermissionAspect.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/aspect/PermissionAspect.java
@@ -24,6 +24,12 @@ public class PermissionAspect {
     @Around("execution(* com.appsmith.server.repositories..*(..))")
     public Object handlePermission(ProceedingJoinPoint joinPoint) throws Throwable {
 
+        Class<?> returnType =
+                ((MethodSignature) joinPoint.getSignature()).getMethod().getReturnType();
+        if (!Mono.class.isAssignableFrom(returnType) && !Flux.class.isAssignableFrom(returnType)) {
+            return joinPoint.proceed(joinPoint.getArgs());
+        }
+
         AclPermission permissionWithoutUserContext = Arrays.stream(joinPoint.getArgs())
                 .filter(arg -> arg instanceof AclPermission
                         || (arg instanceof Optional && ((Optional<?>) arg).orElse(null) instanceof AclPermission)
@@ -42,13 +48,8 @@ public Object handlePermission(ProceedingJoinPoint joinPoint) throws Throwable {
         if (permissionWithoutUserContext == null) {
             return joinPoint.proceed(joinPoint.getArgs());
         }
-        // Make sure the user context is not available in the permission object to avoid any static data leaks from the
-        // earlier call.
-        permissionWithoutUserContext.setUser(null);
 
         Mono<AclPermission> permissionMono = updateAclWithUserContext(permissionWithoutUserContext);
-        Class<?> returnType =
-                ((MethodSignature) joinPoint.getSignature()).getMethod().getReturnType();
         if (Mono.class.isAssignableFrom(returnType)) {
             return permissionMono.then(Mono.defer(() -> {
                 try {

diff --git a/...server/appsmith-server/src/main/java/com/appsmith/server/helpers/UserPermissionUtils.java b/...server/appsmith-server/src/main/java/com/appsmith/server/helpers/UserPermissionUtils.java
@@ -47,6 +47,9 @@ public static Mono<AclPermission> updateAclWithUserContext(AclPermission permiss
         if (permission == null) {
             return Mono.empty();
         }
+        // Make sure the user context is not available in the permission object to avoid any static data leaks from the
+        // earlier call.
+        permission.setUser(null);
         return getCurrentUser()
                 .map(user -> {
                     permission.setUser(user);