[NAE-2201] Dashboard management missing permissions

[timbez]

Description

Fix dashboard permissions (add default role)

Fixes NAE-2201

Dependencies

Third party dependencies

Blocking Pull requests

There are no dependencies on other PR

How Has Been This Tested?

• <Name of a test [test file](link to the test file)>

Test Configuration

<Please describe configuration for tests to run if applicable, like program parameters, host OS, VM configuration etc.>

Name	Tested on
OS	Windows 11
Runtime	Java 21.0.7
Dependency Manager	maven 3.9.9
Framework version	spring boot 3.2.5
Run parameters
Other configuration

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• My changes have been checked, personally or remotely, with @machacjozef
• I have commented my code, particularly in hard-to-understand areas
• I have resolved all conflicts with the target branch of the PR
• I have updated and synced my code with the target branch
• I have added tests that prove my fix is effective or that my feature works
• New and existing tests pass locally with my changes:
  • Lint test
  • Unit tests
  • Integration tests
• I have checked my contribution with code analysis tools:
  • SonarCloud
  • Snyk
• I have made corresponding changes to the documentation:
  • Developer documentation
  • User Guides
  • Migration Guides

Summary by CodeRabbit

• New Features

  • Default users can now view dashboard items and dashboard management.
  • Plugins support storing custom metadata.
  • Scripting environment preloads common engine packages for easier script authoring.

• Bug Fixes

  • User listings now retain the original order from paged results, ensuring consistent, predictable ordering.

• Chores

  • Updated project to 7.0.0-RC6.1 parent version across modules.

[coderabbitai]

Walkthrough

Parent POM versions updated to 7.0.0-RC6.1 across modules. Introduces a new Nullable utility, a nullable(...) helper in ActionDelegate, and adds related Groovy/script imports via configuration and application.yaml. Adds metadata Map to Plugin. Grants default role view permissions in two petri nets. Preserves ordering in UserService with LinkedHashSet.

Changes

Cohort / File(s)	Summary
Parent version bump pom.xml, application-engine/pom.xml, nae-object-library/pom.xml, nae-spring-core-adapter/pom.xml, nae-user-ce/pom.xml, nae-user-common/pom.xml	Update parent version from 7.0.0-SNAPSHOT to 7.0.0-RC6.1.
Nullable utility & script imports nae-object-library/src/main/java/com/netgrif/application/engine/objects/utils/Nullable.java, application-engine/src/main/groovy/.../ActionDelegate.groovy, application-engine/src/main/java/.../GroovyShellConfiguration.java, application-engine/src/main/resources/application.yaml	Add Nullable class; add ActionDelegate helper nullable(T); extend Groovy default star imports; add Nullable import to actions configuration.
Plugin metadata nae-object-library/src/main/java/com/netgrif/application/engine/objects/plugin/domain/Plugin.java	Add metadata Map<String, String>; adjust constructors and initialization (LinkedHashMap).
Petri nets: default role view application-engine/src/main/resources/petriNets/engine-processes/dashboard_item.xml, .../dashboard_management.xml	Add root-level roleRef id="default" with caseLogic view=true.
User service ordering nae-user-ce/src/main/java/com/netgrif/application/engine/auth/service/UserServiceImpl.java	Use LinkedHashSet instead of HashSet to preserve insertion order from page content.

Sequence Diagram(s)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• [NAE-2185] Align plugin property handling and metadata registration with architecture standards #347 — Also modifies Plugin to add metadata map and related constructor changes.
• [NAE-2184] Nullable object as serializable alternative to Optional #346 — Adds Nullable wrapper and integrates it into ActionDelegate and configuration similarly.

Suggested labels

improvement, Medium

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch NAE-2201

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 8

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

nae-object-library/src/main/java/com/netgrif/application/engine/objects/plugin/domain/Plugin.java (1)

52-63: Prevent null maps from Lombok builder; add defensive copies

Using @Builder on the all-args ctor allows null for entryPoints and metadata, bypassing the non-null defaults from the no-args ctor. Make the builder path null-safe and defensively copy inputs to avoid shared mutable state.

Apply:

-    public Plugin(String identifier, String name, String version, String description, String url, int restPort, int grpcPort, Map<String, EntryPoint> entryPoints, boolean active, Map<String, String> metadata) {
+    public Plugin(String identifier, String name, String version, String description, String url, int restPort, int grpcPort, Map<String, EntryPoint> entryPoints, boolean active, Map<String, String> metadata) {
         this.identifier = identifier;
         this.name = name;
         this.version = version;
         this.description = description;
         this.url = url;
         this.restPort = restPort;
         this.grpcPort = grpcPort;
-        this.entryPoints = entryPoints;
+        this.entryPoints = (entryPoints != null) ? new HashMap<>(entryPoints) : new HashMap<>();
         this.active = active;
-        this.metadata = metadata;
+        this.metadata = (metadata != null) ? new LinkedHashMap<>(metadata) : new LinkedHashMap<>();
     }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b8abb83 and b139601.

📒 Files selected for processing (14)

• application-engine/pom.xml (1 hunks)
• application-engine/src/main/groovy/com/netgrif/application/engine/petrinet/domain/dataset/logic/action/ActionDelegate.groovy (3 hunks)
• application-engine/src/main/java/com/netgrif/application/engine/configuration/groovy/GroovyShellConfiguration.java (3 hunks)
• application-engine/src/main/resources/application.yaml (1 hunks)
• application-engine/src/main/resources/petriNets/engine-processes/dashboard_item.xml (1 hunks)
• application-engine/src/main/resources/petriNets/engine-processes/dashboard_management.xml (1 hunks)
• nae-object-library/pom.xml (1 hunks)
• nae-object-library/src/main/java/com/netgrif/application/engine/objects/plugin/domain/Plugin.java (3 hunks)
• nae-object-library/src/main/java/com/netgrif/application/engine/objects/utils/Nullable.java (1 hunks)
• nae-spring-core-adapter/pom.xml (1 hunks)
• nae-user-ce/pom.xml (1 hunks)
• nae-user-ce/src/main/java/com/netgrif/application/engine/auth/service/UserServiceImpl.java (1 hunks)
• nae-user-common/pom.xml (1 hunks)
• pom.xml (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

nae-object-library/src/main/java/com/netgrif/application/engine/objects/plugin/domain/Plugin.java (1)

nae-object-library/src/main/java/com/netgrif/application/engine/objects/workflow/domain/menu/dashboard/DashboardManagementBody.java (1)

• Builder (13-88)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: Build
• GitHub Check: task-list-completed

🔇 Additional comments (17)

nae-user-common/pom.xml (1)

9-9: Parent bump to 7.0.0-RC6.1 — LGTM.
Consistent with the rest of the PR.

nae-spring-core-adapter/pom.xml (2)

10-10: RC6.1 parent update — OK.
No other POM changes; aligns with the multi-module bump.

---

10-10: Validate effective dependency graph against RC6.1 parent
A local grep only shows mapstruct.version (1.5.5.Final) and querydsl.version (5.0.0). Please run mvn help:effective-pom or mvn dependency:tree to confirm no transitive overrides of the parent BOM’s managed versions.

nae-object-library/pom.xml (2)

10-10: Parent set to 7.0.0-RC6.1 — looks good.
Matches the intended release candidate.

---

10-10: Verify compatibility of jackson-datatype-jsr310 2.18.2 override
Root POM’s <jackson.version> is 2.17.1, but this module explicitly sets jackson-datatype-jsr310 to 2.18.2. Confirm that upgrading to 2.18.2 won’t cause compatibility issues across modules.

nae-user-ce/pom.xml (2)

9-9: Parent version bump to RC6.1 — fine.
No functional changes in this POM.

---

9-9: Confirm parent version alignment
All modules (application-engine, nae-object-library, nae-spring-core-adapter, nae-user-ce, nae-user-common) still reference application-engine-parent version 7.0.0-RC6.1, but you’re on branch release/7.0.0-rev7. Ensure this mismatch is intentional for your release process—or bump all parent versions to 7.0.0-rev7 as needed.

pom.xml (1)

9-9: Root parent version → 7.0.0-RC6.1 — approved.
Centralizes the RC across modules.

application-engine/pom.xml (1)

9-9: Modules aligned to 7.0.0-RC6.1; no 7.0.0-SNAPSHOT occurrences found.

application-engine/src/main/resources/petriNets/engine-processes/dashboard_management.xml (1)

10-15: No explicit default role definition found
Grep search returned no <role><id>default</id></role> in this net. Confirm that your Petriflow version supports referencing the built-in “default” role without an explicit definition; if it doesn’t, add under the <roles> section:

<role>
    <id>default</id>
    <title>Default</title>
</role>

application-engine/src/main/resources/petriNets/engine-processes/dashboard_item.xml (1)

10-15: Confirm implicit default role declaration
No <role><id>default</id> found (only <defaultRole>true</defaultRole> and a <roleRef>). Verify your engine supports implicit default roles; if not, add:

<role>
    <id>default</id>
    <title>Default</title>
</role>

application-engine/src/main/java/com/netgrif/application/engine/configuration/groovy/GroovyShellConfiguration.java (2)

11-12: No action.
Import changes are benign.

---

23-27: Default star imports for Groovy actions — good QoL improvement.
Keeps scripts concise while still allowing config-driven imports.

application-engine/src/main/resources/application.yaml (1)

162-162: No override risk—custom imports append to defaults GroovyShellConfiguration.registers default star imports via getDefaultEngineImports() before applying actionsProperties imports, so adding Nullable won’t override existing defaults; switching to a YAML list for readability remains optional.

application-engine/src/main/groovy/com/netgrif/application/engine/petrinet/domain/dataset/logic/action/ActionDelegate.groovy (3)

93-93: LGTM: Nullable import

Import placement and scope are fine.

---

2769-2780: LGTM: clearer error messages in resolveStoragePath

Using String.formatted(...) is fine with Java 21; no behavior change detected.

---

911-914: No change needed: Nullable.of(null) is supported
The of(T value) Javadoc explicitly allows null and simply wraps it (equivalent to empty()), so nullable(value) is already null-safe by construction.