fix: NPE for policies when policyMap is not present

app/server/appsmith-server/src/main/java/com/appsmith/server/acl/ce/PolicyGeneratorCE.java

@@ -317,6 +317,9 @@ public Set<Policy> getAllChildPolicies(
             Set<Policy> policySet,
             Class<? extends BaseDomain> sourceEntity,
             Class<? extends BaseDomain> destinationEntity) {
+        if (policySet == null) {
+            return new HashSet<>();
+        }
         Set<Policy> policies = policySet.stream()
                 .map(policy -> {
                     AclPermission aclPermission =

app/server/appsmith-server/src/main/java/com/appsmith/server/actioncollections/base/ActionCollectionServiceCEImpl.java

@@ -533,7 +533,9 @@ protected Mono<ActionDTO> createJsAction(ActionCollection actionCollection, Acti
         newAction.setUnpublishedAction(action);
 
         Set<Policy> actionCollectionPolicies = new HashSet<>();
-        actionCollection.getPolicies().forEach(policy -> {
+        Set<Policy> existingPolicies =
+                actionCollection.getPolicies() == null ? Set.of() : actionCollection.getPolicies();
+        existingPolicies.forEach(policy -> {
             Policy actionPolicy = Policy.builder()
                     .permission(policy.getPermission())
                     .permissionGroups(policy.getPermissionGroups())

app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/UserPermissionUtils.java

@@ -15,7 +15,8 @@
 public class UserPermissionUtils {
     public static boolean validateDomainObjectPermissionExists(
             BaseDomain baseDomain, AclPermission aclPermission, Set<String> permissionGroups) {
-        Optional<Policy> permissionPolicy = baseDomain.getPolicies().stream()
+        Set<Policy> basePolicies = baseDomain.getPolicies() == null ? Set.of() : baseDomain.getPolicies();
+        Optional<Policy> permissionPolicy = basePolicies.stream()
                 .filter(policy -> policy.getPermission().equals(aclPermission.getValue()))
                 .findFirst();
         return permissionPolicy.isPresent()

app/server/appsmith-server/src/main/java/com/appsmith/server/migrations/db/ce/Migration025RemoveUnassignPermissionFromUnnecessaryRoles.java

@@ -14,6 +14,7 @@
 import org.springframework.data.mongodb.core.query.Update;
 
 import java.util.Optional;
+import java.util.Set;
 
 import static com.appsmith.server.migrations.constants.DeprecatedFieldName.POLICIES;
 import static com.appsmith.server.migrations.constants.FieldName.POLICY_MAP;
@@ -49,7 +50,9 @@ public void executeMigration() {
 
         mongoTemplate.stream(optimizedQueryForInterestingPermissionGroups, PermissionGroup.class)
                 .forEach(permissionGroup -> {
-                    Optional<Policy> optionalUnassignPolicy = permissionGroup.getPolicies().stream()
+                    Set<Policy> policies =
+                            permissionGroup.getPolicies() == null ? Set.of() : permissionGroup.getPolicies();
+                    Optional<Policy> optionalUnassignPolicy = policies.stream()
                             .filter(policy -> policy.getPermission().equals("unassign:permissionGroups"))
                             .findFirst();
 

app/server/appsmith-server/src/main/java/com/appsmith/server/migrations/db/ce/Migration028TagUserManagementRolesWithoutDefaultDomainTypeAndId.java

@@ -51,7 +51,8 @@ public void tagUserManagementRolesWithoutDefaultDomainTypeAndId() {
          */
         Set<String> userManagementRoleIds = new HashSet<>();
         existingUsers.forEach(existingUser -> {
-            Optional<Policy> resetPasswordPolicyOptional = existingUser.getPolicies().stream()
+            Set<Policy> policies = existingUser.getPolicies() == null ? Set.of() : existingUser.getPolicies();
+            Optional<Policy> resetPasswordPolicyOptional = policies.stream()
                     .filter(policy1 -> RESET_PASSWORD_USERS.getValue().equals(policy1.getPermission()))
                     .findFirst();
             resetPasswordPolicyOptional.ifPresent(resetPasswordPolicy -> {

app/server/appsmith-server/src/main/java/com/appsmith/server/migrations/db/ce/Migration029PopulateDefaultDomainIdInUserManagementRoles.java

@@ -20,6 +20,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
+import java.util.Set;
 
 import static com.appsmith.server.acl.AclPermission.RESET_PASSWORD_USERS;
 import static com.appsmith.server.migrations.constants.DeprecatedFieldName.POLICIES;
@@ -51,7 +52,8 @@ public void populateDefaultDomainIdInUserManagementRoles() {
         Map<String, String> userManagementRoleIdToUserIdMap = new HashMap<>();
         mongoTemplate.stream(queryExistingUsersWithResetPasswordPolicy, User.class)
                 .forEach(existingUser -> {
-                    Optional<Policy> resetPasswordPolicyOptional = existingUser.getPolicies().stream()
+                    Set<Policy> policies = existingUser.getPolicies() == null ? Set.of() : existingUser.getPolicies();
+                    Optional<Policy> resetPasswordPolicyOptional = policies.stream()
                             .filter(policy1 -> RESET_PASSWORD_USERS.getValue().equals(policy1.getPermission()))
                             .findFirst();
                     resetPasswordPolicyOptional.ifPresent(resetPasswordPolicy -> {

app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/PermissionGroupServiceCEImpl.java

@@ -309,7 +309,8 @@ public Mono<String> getPublicPermissionGroupId() {
 
     @Override
     public boolean isEntityAccessible(BaseDomain object, String permission, String permissionGroupId) {
-        return object.getPolicies().stream()
+        Set<Policy> policies = object.getPolicies() == null ? Set.of() : object.getPolicies();
+        return policies.stream()
                 .filter(policy -> policy.getPermission().equals(permission)
                         && policy.getPermissionGroups().contains(permissionGroupId))
                 .findFirst()