diff --git a/core/backend/src/main/java/io/dataease/service/dataset/impl/direct/DirectFieldService.java b/core/backend/src/main/java/io/dataease/service/dataset/impl/direct/DirectFieldService.java index bdb0ee9102..bbd73f6a19 100644 --- a/core/backend/src/main/java/io/dataease/service/dataset/impl/direct/DirectFieldService.java +++ b/core/backend/src/main/java/io/dataease/service/dataset/impl/direct/DirectFieldService.java @@ -1,10 +1,14 @@ package io.dataease.service.dataset.impl.direct; import com.google.gson.Gson; +import io.dataease.auth.entity.SysUserEntity; +import io.dataease.auth.service.AuthUserService; import io.dataease.commons.model.BaseTreeNode; +import io.dataease.commons.utils.AuthUtils; import io.dataease.commons.utils.BeanUtils; import io.dataease.commons.utils.LogUtil; import io.dataease.commons.utils.TreeUtils; +import io.dataease.dto.dataset.DataSetTableDTO; import io.dataease.dto.dataset.DataSetTableUnionDTO; import io.dataease.plugins.common.dto.dataset.DataTableInfoDTO; import io.dataease.dto.dataset.DeSortDTO; @@ -53,6 +57,8 @@ public class DirectFieldService implements DataSetFieldService { private EngineService engineService; @Resource private PermissionsTreeService permissionsTreeService; + @Resource + private AuthUserService authUserService; @Override public List fieldValues(String fieldId, Long userId, Boolean userPermissions, Boolean rowAndColumnMgm) throws Exception { @@ -107,7 +113,13 @@ public class DirectFieldService implements DataSetFieldService { DatasetTable datasetTable = dataSetTableService.get(field.getTableId()); if (ObjectUtils.isEmpty(datasetTable) || StringUtils.isEmpty(datasetTable.getName())) return null; - + SysUserEntity userEntity = userId != null ? authUserService.getUserById(userId) : AuthUtils.getUser(); + if (userEntity != null && !userEntity.getIsAdmin()) { + DataSetTableDTO withPermission = dataSetTableService.getWithPermission(datasetTable.getId(), userEntity.getUserId()); + if (ObjectUtils.isEmpty(withPermission.getPrivileges()) || !withPermission.getPrivileges().contains("use")) { + DataEaseException.throwException(Translator.get("i18n_dataset_no_permission") + String.format(":table name [%s]", withPermission.getName())); + } + } DatasetTableField datasetTableField = DatasetTableField.builder().tableId(field.getTableId()).checked(Boolean.TRUE).build(); List fields = dataSetTableFieldsService.list(datasetTableField);