From 4b299515b4b193b43d26acc308b968d8940468cd Mon Sep 17 00:00:00 2001
From: Abhijeet <abhi.nagarnaik@gmail.com>
Date: Wed, 19 Jun 2024 15:49:56 +0530
Subject: [PATCH] fix: Move static data update in permission

---
 .../com/appsmith/server/aspect/PermissionAspect.java  | 11 ++++++-----
 .../appsmith/server/helpers/UserPermissionUtils.java  |  3 +++
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/aspect/PermissionAspect.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/aspect/PermissionAspect.java
index b25ea06bad7..e3c00117d36 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/aspect/PermissionAspect.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/aspect/PermissionAspect.java
@@ -24,6 +24,12 @@ public class PermissionAspect {
     @Around("execution(* com.appsmith.server.repositories..*(..))")
     public Object handlePermission(ProceedingJoinPoint joinPoint) throws Throwable {
 
+        Class<?> returnType =
+                ((MethodSignature) joinPoint.getSignature()).getMethod().getReturnType();
+        if (!Mono.class.isAssignableFrom(returnType) && !Flux.class.isAssignableFrom(returnType)) {
+            return joinPoint.proceed(joinPoint.getArgs());
+        }
+
         AclPermission permissionWithoutUserContext = Arrays.stream(joinPoint.getArgs())
                 .filter(arg -> arg instanceof AclPermission
                         || (arg instanceof Optional && ((Optional<?>) arg).orElse(null) instanceof AclPermission)
@@ -42,13 +48,8 @@ public Object handlePermission(ProceedingJoinPoint joinPoint) throws Throwable {
         if (permissionWithoutUserContext == null) {
             return joinPoint.proceed(joinPoint.getArgs());
         }
-        // Make sure the user context is not available in the permission object to avoid any static data leaks from the
-        // earlier call.
-        permissionWithoutUserContext.setUser(null);
 
         Mono<AclPermission> permissionMono = updateAclWithUserContext(permissionWithoutUserContext);
-        Class<?> returnType =
-                ((MethodSignature) joinPoint.getSignature()).getMethod().getReturnType();
         if (Mono.class.isAssignableFrom(returnType)) {
             return permissionMono.then(Mono.defer(() -> {
                 try {
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/UserPermissionUtils.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/UserPermissionUtils.java
index 95d72a5fb6b..ba05bd7e8f7 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/UserPermissionUtils.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/UserPermissionUtils.java
@@ -47,6 +47,9 @@ public static Mono<AclPermission> updateAclWithUserContext(AclPermission permiss
         if (permission == null) {
             return Mono.empty();
         }
+        // Make sure the user context is not available in the permission object to avoid any static data leaks from the
+        // earlier call.
+        permission.setUser(null);
         return getCurrentUser()
                 .map(user -> {
                     permission.setUser(user);