chore: refactor new page crud repo methods

[AnaghHegde]

Description

As part of transaction support in PG, we are moving from using the jpa methods for database operations. This PR is refactoring the code to use custom repository class for NewPageRepository from the default CrudRepository.

Automation

/ok-to-test tags="@tag.ImportExport"

🔍 Cypress test results

Tip

🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
Workflow run: https://github.com/appsmithorg/appsmith/actions/runs/12329409662
Commit: d8ff386
Cypress dashboard.
Tags: @tag.ImportExport
Spec:

---

Sat, 14 Dec 2024 11:42:09 UTC

Communication

Should the DevRel and Marketing teams inform users about this change?

• Yes
• No

Summary by CodeRabbit

• New Features

  • Introduced methods to retrieve pages by application ID and count non-deleted pages.

• Bug Fixes

  • Removed outdated methods from the NewPageRepositoryCE interface to streamline functionality.

[coderabbitai]

Walkthrough

The pull request modifies the CustomNewPageRepositoryCE and CustomNewPageRepositoryCEImpl interfaces and implementations in the Appsmith server repository. Two new methods are added: findByApplicationId() to retrieve pages by application ID and countByDeletedAtNull() to count non-deleted pages. Simultaneously, these method signatures are removed from the NewPageRepositoryCE interface, suggesting a refactoring of repository query methods.

Changes

File	Change Summary
app/server/appsmith-server/src/main/java/.../CustomNewPageRepositoryCE.java	Added two method signatures: findByApplicationId() and countByDeletedAtNull()
app/server/appsmith-server/src/main/java/.../CustomNewPageRepositoryCEImpl.java	Implemented the two new methods for querying pages by application ID and counting non-deleted pages
app/server/appsmith-server/src/main/java/.../NewPageRepositoryCE.java	Removed method signatures for findByApplicationId() and countByDeletedAtNull()

Possibly related PRs

• chore: refactor the crud method to custom repo class #38137: Similar findByApplicationId() method added to CustomActionCollectionRepositoryCE
• chore: refactor crud to custom repository #38134: Refactoring of CRUD methods in ApplicationRepositoryCE

Suggested labels

Git Product, skip-changelog, ok-to-test

Suggested reviewers

• abhvsn
• sondermanish
• sharat87

Poem

🌟 Repositories dance and sway,
Methods shifting in their array,
Pages queried with newfound grace,
Code refactored at gentle pace!
Efficiency blooms like spring's first ray 🌱

Tip

CodeRabbit's docstrings feature is now available as part of our Early Access Program! Simply use the command @coderabbitai generate docstrings to have CodeRabbit automatically generate docstrings for your pull request. This feature will be included in our Pro Plan when released.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/ce/CustomNewPageRepositoryCEImpl.java (1)

271-275: LGTM! Consider caching for performance

The implementation is clean and follows the established patterns. However, since this is a count query that might be called frequently, consider adding caching to improve performance.

Example cache implementation:

+@Cacheable(value = "pageCount", key = "'deletedAtNull'")
public Mono<Long> countByDeletedAtNull() {
    final BridgeQuery<NewPage> q = Bridge.notExists(NewPage.Fields.deletedAt);
    return queryBuilder().criteria(q).count();
}

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e2916b2 and d8ff386.

📒 Files selected for processing (3)

• app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/ce/CustomNewPageRepositoryCE.java (1 hunks)
• app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/ce/CustomNewPageRepositoryCEImpl.java (1 hunks)
• app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/ce/NewPageRepositoryCE.java (0 hunks)

💤 Files with no reviewable changes (1)

• app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/ce/NewPageRepositoryCE.java

🔇 Additional comments (3)

app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/ce/CustomNewPageRepositoryCE.java (2)

48-48: LGTM: Clean implementation of soft delete count

The countByDeletedAtNull() method follows the established pattern for soft deletes.

---

46-46: Verify security implications of removing AclPermission parameter

The new findByApplicationId method omits the AclPermission parameter present in existing similar methods. This could potentially bypass access control checks.

✅ Verification successful

Let me analyze the search results to verify the security implications of removing the AclPermission parameter.

The search results show that:

1. The new findByApplicationId method is used in several repository implementations:

   • CustomNewPageRepositoryCEImpl
   • CustomActionCollectionRepositoryCEImpl
   • NewActionRepositoryCE

2. The method is primarily used in:

   • Test cases
   • PolicySolutionCEImpl for updating permissions
   • ApplicationSnapshotService for managing snapshots

3. All usages are internal to the repository layer and are wrapped by service layer methods that enforce permissions:

   • Service methods add AclPermission checks before calling repository methods
   • No direct exposure to API endpoints
   • Used within policy management and snapshot functionality that already have security controls

Repository methods can skip ACL checks as service layer handles permissions

The removal of AclPermission parameter from repository method is safe since:

• Service layer methods enforce proper permission checks before accessing data
• Repository layer focuses on data access while security is handled at higher layers
• Follows separation of concerns principle

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for usages of the new method to verify it's only called from secure contexts
ast-grep --pattern 'findByApplicationId($applicationId)' 

# Search for existing security checks around the usage
rg -B 5 -A 5 'findByApplicationId\([^,]+\)' 

Length of output: 66111

app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/ce/CustomNewPageRepositoryCEImpl.java (1)

265-269: Consider adding AclPermission parameter for consistency

The method lacks access control checks compared to its overloaded version. This could potentially bypass security controls if not used carefully.

Let's verify the usage of this method to ensure it's only called in secure contexts:

Consider one of these approaches:

1. Add AclPermission parameter for consistency with other methods
2. Document the security implications in method's Javadoc
3. Restrict method visibility if it's only meant for internal use

[abhvsn]

@AnaghHegde I hope we have verified this.