fix: NPE for policies when policyMap is not present (#36323)

## Description /test all ### 🔍 Cypress test results  > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/10878646145> > Commit: 5bbb0ad > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=10878646145&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.All` > Spec: > <hr>Mon, 16 Sep 2024 07:32:37 UTC  ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No  ## Summary by CodeRabbit - **Bug Fixes** - Improved the reliability of policies retrieval methods to prevent null values, ensuring they always return a non-null result. - **New Features** - Enhanced API design with safer handling of collections by returning an empty set when no policies are available.
appsmithorg · Sep 16, 2024 · 4c7ce27 · 4c7ce27
1 parent 996e26b
commit 4c7ce27
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 6 deletions.
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/acl/ce/PolicyGeneratorCE.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/acl/ce/PolicyGeneratorCE.java
@@ -317,6 +317,9 @@ public Set<Policy> getAllChildPolicies(
             Set<Policy> policySet,
             Class<? extends BaseDomain> sourceEntity,
             Class<? extends BaseDomain> destinationEntity) {
+        if (policySet == null) {
+            return new HashSet<>();
+        }
         Set<Policy> policies = policySet.stream()
                 .map(policy -> {
                     AclPermission aclPermission =

diff --git a/...c/main/java/com/appsmith/server/actioncollections/base/ActionCollectionServiceCEImpl.java b/...c/main/java/com/appsmith/server/actioncollections/base/ActionCollectionServiceCEImpl.java
@@ -533,7 +533,9 @@ protected Mono<ActionDTO> createJsAction(ActionCollection actionCollection, Acti
         newAction.setUnpublishedAction(action);
 
         Set<Policy> actionCollectionPolicies = new HashSet<>();
-        actionCollection.getPolicies().forEach(policy -> {
+        Set<Policy> existingPolicies =
+                actionCollection.getPolicies() == null ? Set.of() : actionCollection.getPolicies();
+        existingPolicies.forEach(policy -> {
             Policy actionPolicy = Policy.builder()
                     .permission(policy.getPermission())
                     .permissionGroups(policy.getPermissionGroups())

diff --git a/...server/appsmith-server/src/main/java/com/appsmith/server/helpers/UserPermissionUtils.java b/...server/appsmith-server/src/main/java/com/appsmith/server/helpers/UserPermissionUtils.java
@@ -15,7 +15,8 @@
 public class UserPermissionUtils {
     public static boolean validateDomainObjectPermissionExists(
             BaseDomain baseDomain, AclPermission aclPermission, Set<String> permissionGroups) {
-        Optional<Policy> permissionPolicy = baseDomain.getPolicies().stream()
+        Set<Policy> basePolicies = baseDomain.getPolicies() == null ? Set.of() : baseDomain.getPolicies();
+        Optional<Policy> permissionPolicy = basePolicies.stream()
                 .filter(policy -> policy.getPermission().equals(aclPermission.getValue()))
                 .findFirst();
         return permissionPolicy.isPresent()

diff --git a/...ith/server/migrations/db/ce/Migration025RemoveUnassignPermissionFromUnnecessaryRoles.java b/...ith/server/migrations/db/ce/Migration025RemoveUnassignPermissionFromUnnecessaryRoles.java
@@ -14,6 +14,7 @@
 import org.springframework.data.mongodb.core.query.Update;
 
 import java.util.Optional;
+import java.util.Set;
 
 import static com.appsmith.server.migrations.constants.DeprecatedFieldName.POLICIES;
 import static com.appsmith.server.migrations.constants.FieldName.POLICY_MAP;
@@ -49,7 +50,9 @@ public void executeMigration() {
 
         mongoTemplate.stream(optimizedQueryForInterestingPermissionGroups, PermissionGroup.class)
                 .forEach(permissionGroup -> {
-                    Optional<Policy> optionalUnassignPolicy = permissionGroup.getPolicies().stream()
+                    Set<Policy> policies =
+                            permissionGroup.getPolicies() == null ? Set.of() : permissionGroup.getPolicies();
+                    Optional<Policy> optionalUnassignPolicy = policies.stream()
                             .filter(policy -> policy.getPermission().equals("unassign:permissionGroups"))
                             .findFirst();
 

diff --git a/...ver/migrations/db/ce/Migration028TagUserManagementRolesWithoutDefaultDomainTypeAndId.java b/...ver/migrations/db/ce/Migration028TagUserManagementRolesWithoutDefaultDomainTypeAndId.java
@@ -51,7 +51,8 @@ public void tagUserManagementRolesWithoutDefaultDomainTypeAndId() {
          */
         Set<String> userManagementRoleIds = new HashSet<>();
         existingUsers.forEach(existingUser -> {
-            Optional<Policy> resetPasswordPolicyOptional = existingUser.getPolicies().stream()
+            Set<Policy> policies = existingUser.getPolicies() == null ? Set.of() : existingUser.getPolicies();
+            Optional<Policy> resetPasswordPolicyOptional = policies.stream()
                     .filter(policy1 -> RESET_PASSWORD_USERS.getValue().equals(policy1.getPermission()))
                     .findFirst();
             resetPasswordPolicyOptional.ifPresent(resetPasswordPolicy -> {

diff --git a/...ith/server/migrations/db/ce/Migration029PopulateDefaultDomainIdInUserManagementRoles.java b/...ith/server/migrations/db/ce/Migration029PopulateDefaultDomainIdInUserManagementRoles.java
@@ -20,6 +20,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
+import java.util.Set;
 
 import static com.appsmith.server.acl.AclPermission.RESET_PASSWORD_USERS;
 import static com.appsmith.server.migrations.constants.DeprecatedFieldName.POLICIES;
@@ -51,7 +52,8 @@ public void populateDefaultDomainIdInUserManagementRoles() {
         Map<String, String> userManagementRoleIdToUserIdMap = new HashMap<>();
         mongoTemplate.stream(queryExistingUsersWithResetPasswordPolicy, User.class)
                 .forEach(existingUser -> {
-                    Optional<Policy> resetPasswordPolicyOptional = existingUser.getPolicies().stream()
+                    Set<Policy> policies = existingUser.getPolicies() == null ? Set.of() : existingUser.getPolicies();
+                    Optional<Policy> resetPasswordPolicyOptional = policies.stream()
                             .filter(policy1 -> RESET_PASSWORD_USERS.getValue().equals(policy1.getPermission()))
                             .findFirst();
                     resetPasswordPolicyOptional.ifPresent(resetPasswordPolicy -> {

diff --git a/...th-server/src/main/java/com/appsmith/server/services/ce/PermissionGroupServiceCEImpl.java b/...th-server/src/main/java/com/appsmith/server/services/ce/PermissionGroupServiceCEImpl.java
@@ -309,7 +309,8 @@ public Mono<String> getPublicPermissionGroupId() {
 
     @Override
     public boolean isEntityAccessible(BaseDomain object, String permission, String permissionGroupId) {
-        return object.getPolicies().stream()
+        Set<Policy> policies = object.getPolicies() == null ? Set.of() : object.getPolicies();
+        return policies.stream()
                 .filter(policy -> policy.getPermission().equals(permission)
                         && policy.getPermissionGroups().contains(permissionGroupId))
                 .findFirst()