From 582bf1e913dae9e644dd13456cb556e196e61365 Mon Sep 17 00:00:00 2001
From: taojinlong <jinlong@fit2cloud.com>
Date: Thu, 24 Feb 2022 10:34:30 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E5=85=AC=E5=85=B1=E9=93=BE=E6=8E=A5?=
 =?UTF-8?q?=E8=8E=B7=E5=8F=96=E7=94=A8=E6=88=B7=E4=BF=A1=E6=81=AF=E6=8A=A5?=
 =?UTF-8?q?=E9=94=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../io/dataease/service/chart/ChartViewService.java | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/backend/src/main/java/io/dataease/service/chart/ChartViewService.java b/backend/src/main/java/io/dataease/service/chart/ChartViewService.java
index f16ba398c8..e7b266c21e 100644
--- a/backend/src/main/java/io/dataease/service/chart/ChartViewService.java
+++ b/backend/src/main/java/io/dataease/service/chart/ChartViewService.java
@@ -2,6 +2,9 @@ package io.dataease.service.chart;
 
 import com.google.gson.Gson;
 import com.google.gson.reflect.TypeToken;
+import io.dataease.auth.api.dto.CurrentUserDto;
+import io.dataease.auth.entity.SysUserEntity;
+import io.dataease.auth.service.AuthUserService;
 import io.dataease.base.domain.*;
 import io.dataease.base.mapper.ChartViewMapper;
 import io.dataease.base.mapper.ext.ExtChartGroupMapper;
@@ -66,6 +69,8 @@ public class ChartViewService {
     private DataSetTableUnionService dataSetTableUnionService;
     @Resource
     private PermissionService permissionService;
+    @Resource
+    private AuthUserService authUserService;
 
     //默认使用非公平
     private ReentrantLock lock = new ReentrantLock();
@@ -244,7 +249,7 @@ public class ChartViewService {
         List<DatasetTableField> fields = dataSetTableFieldsService.list(datasetTableFieldObj);
         // 获取数据集,需校验权限
         DataSetTableDTO table = dataSetTableService.getWithPermission(view.getTableId());
-        checkPermission("use", table);
+        checkPermission("use", table, requestList.getUser());
 
         //列权限
         List<String> desensitizationList = new ArrayList<>();
@@ -1695,11 +1700,13 @@ public class ChartViewService {
     }
 
     // check permission
-    private void checkPermission(String needPermission, DataSetTableDTO table) {
+    private void checkPermission(String needPermission, DataSetTableDTO table,  Long userId) {
         if (ObjectUtils.isEmpty(table)) {
             throw new RuntimeException(Translator.get("i18n_dataset_delete"));
         }
-        if (!AuthUtils.getUser().getIsAdmin()) {
+        SysUserEntity user = AuthUtils.getUser();
+        user = user != null ? user : authUserService.getUserById(userId);
+        if (!user.getIsAdmin()) {
             if (ObjectUtils.isEmpty(table.getPrivileges()) || !table.getPrivileges().contains(needPermission)) {
                 throw new RuntimeException(Translator.get("i18n_dataset_no_permission"));
             }