From afa4b4ed323ff1202d94a47c182c748f9e520996 Mon Sep 17 00:00:00 2001 From: taojinlong Date: Sat, 26 Feb 2022 17:06:15 +0800 Subject: [PATCH 1/5] =?UTF-8?q?fix:=20=E6=95=B0=E6=8D=AE=E6=BA=90=E3=80=81?= =?UTF-8?q?=E6=95=B0=E6=8D=AE=E9=9B=86=20api=20=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../aop/DePermissionAnnotationHandler.java | 2 +- .../commons/constants/ResourceAuthLevel.java | 6 +++- .../dataset/DataSetGroupController.java | 2 +- .../dataset/DataSetTableController.java | 13 ++++++++ .../dataset/DataSetTableFieldController.java | 20 ++++++++++-- .../dataset/DataSetTableTaskController.java | 8 ++++- .../DataSetTableTaskLogController.java | 12 ++++--- .../dataset/DataSetTableUnionController.java | 9 ++++++ .../dataset/DatasetFunctionController.java | 6 ++++ .../datasource/DatasourceController.java | 32 ++++++------------- .../server/ColumnPermissionsController.java | 17 +++++++++- .../server/RowPermissionsController.java | 16 ++++++++++ .../main/resources/db/migration/V32__1.8.sql | 3 ++ frontend/src/views/login/index.vue | 1 - .../src/views/system/datasource/DsTree.vue | 3 +- 15 files changed, 112 insertions(+), 38 deletions(-) diff --git a/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java b/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java index 5654a987b6..616c9d14e9 100644 --- a/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java +++ b/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java @@ -134,7 +134,7 @@ public class DePermissionAnnotationHandler { return access(o, annotation, ++layer); } else { // 当作自定义类处理 - String[] values = value.split("u002E"); + String[] values = value.split("\\."); String fieldName = values[layer]; Object fieldValue = getFieldValue(arg, fieldName); diff --git a/backend/src/main/java/io/dataease/commons/constants/ResourceAuthLevel.java b/backend/src/main/java/io/dataease/commons/constants/ResourceAuthLevel.java index 4eae45a734..f9ce6ad80a 100644 --- a/backend/src/main/java/io/dataease/commons/constants/ResourceAuthLevel.java +++ b/backend/src/main/java/io/dataease/commons/constants/ResourceAuthLevel.java @@ -15,7 +15,11 @@ public enum ResourceAuthLevel { LINK_LEVEL_USE(1), LINK_LEVEL_MANAGE(3), - LINK_LEVEL_GRANT(15); + LINK_LEVEL_GRANT(15), + + DATASOURCE_LEVEL_USE(1), + DATASOURCE_LEVEL_MANAGE(3), + DATASOURCE_LEVEL_GRANT(15); private Integer level; diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java index f4cdcff78b..cd433007f2 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java @@ -72,7 +72,7 @@ public class DataSetGroupController { return dataSetGroupService.getScene(id); } - @ApiOperation("检测kettle") + @ApiIgnore @PostMapping("/isKettleRunning") public boolean isKettleRunning() { return extractDataService.isKettleRunning(); diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java index 3d9356e50b..9639ec9aa2 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java @@ -76,6 +76,7 @@ public class DataSetTableController { dataSetTableService.alter(request); } + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("删除") @PostMapping("delete/{id}") @@ -83,18 +84,21 @@ public class DataSetTableController { dataSetTableService.delete(id); } + @RequiresPermissions("data:read") @ApiOperation("查询") @PostMapping("list") public List list(@RequestBody DataSetTableRequest dataSetTableRequest) { return dataSetTableService.list(dataSetTableRequest); } + @RequiresPermissions("data:read") @ApiOperation("查询组") @PostMapping("listAndGroup") public List listAndGroup(@RequestBody DataSetTableRequest dataSetTableRequest) { return dataSetTableService.listAndGroup(dataSetTableRequest); } + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE) @ApiOperation("详息") @PostMapping("get/{id}") @@ -102,12 +106,14 @@ public class DataSetTableController { return dataSetTableService.get(id); } + @RequiresPermissions("data:read") @ApiOperation("带权限查询") @PostMapping("getWithPermission/{id}") public DataSetTableDTO getWithPermission(@PathVariable String id) { return dataSetTableService.getWithPermission(id, null); } + @RequiresPermissions("data:read") @ApiOperation("查询原始字段") @PostMapping("getFields") public List getFields(@RequestBody DatasetTable datasetTable) throws Exception { @@ -167,24 +173,31 @@ public class DataSetTableController { return dataSetTableService.excelSaveAndParse(file, tableId, editType); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("检测doris") @PostMapping("checkDorisTableIsExists/{id}") public Boolean checkDorisTableIsExists(@PathVariable String id) throws Exception { return dataSetTableService.checkDorisTableIsExists(id); } + @RequiresPermissions("data:read") @ApiOperation("搜索") @PostMapping("search") public List search(@RequestBody DataSetTableRequest dataSetTableRequest) { return dataSetTableService.search(dataSetTableRequest); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("数据集同步表结构") @PostMapping("syncField/{id}") public DatasetTable syncDatasetTableField(@PathVariable String id) throws Exception { return dataSetTableService.syncDatasetTableField(id); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, value = "id") @ApiOperation("关联数据集预览数据") @PostMapping("unionPreview") public Map unionPreview(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java index 9a0abdc441..42a1eb98e2 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java @@ -21,6 +21,7 @@ import io.dataease.service.dataset.PermissionService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.apache.commons.lang3.ObjectUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; @@ -28,6 +29,7 @@ import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import cn.hutool.core.collection.CollectionUtil; +import springfox.documentation.annotations.ApiIgnore; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; @@ -54,6 +56,8 @@ public class DataSetTableFieldController { @Resource private PermissionService permissionService; + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("查询表下属字段") @PostMapping("list/{tableId}") public List list(@PathVariable String tableId) { @@ -64,6 +68,8 @@ public class DataSetTableFieldController { return fields; } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("查询表下属字段") @PostMapping("listWithPermission/{tableId}") public List listWithPermission(@PathVariable String tableId) { @@ -77,6 +83,8 @@ public class DataSetTableFieldController { } //管理权限,可以列出所有字段 + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("查询表下属字段") @PostMapping("listForPermissionSeting/{tableId}") public List listForPermissionSeting(@PathVariable String tableId) { @@ -87,6 +95,8 @@ public class DataSetTableFieldController { } //管理权限,可以列出所有字段 + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("分组查询表下属字段") @PostMapping("listByDQ/{tableId}") public DatasetTableField4Type listByDQ(@PathVariable String tableId) { @@ -103,12 +113,15 @@ public class DataSetTableFieldController { return datasetTableField4Type; } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("批量更新") @PostMapping("batchEdit") public void batchEdit(@RequestBody List list) { dataSetTableFieldsService.batchEdit(list); } + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("保存") @PostMapping("save") @@ -126,13 +139,14 @@ public class DataSetTableFieldController { return dataSetTableFieldsService.save(datasetTableField); } + //TODO 校验权限 @ApiOperation("删除") @PostMapping("delete/{id}") public void delete(@PathVariable String id) { dataSetTableFieldsService.delete(id); } - @ApiOperation("多字段值枚举") + @ApiIgnore @PostMapping("linkMultFieldValues") public List linkMultFieldValues(@RequestBody MultFieldValuesRequest multFieldValuesRequest) throws Exception { @@ -145,7 +159,7 @@ public class DataSetTableFieldController { return multFieldValues(multFieldValuesRequest); } - @ApiOperation("多字段值枚举") + @ApiIgnore @PostMapping("multFieldValues") public List multFieldValues(@RequestBody MultFieldValuesRequest multFieldValuesRequest) throws Exception { List results = new ArrayList<>(); @@ -168,7 +182,7 @@ public class DataSetTableFieldController { return list; } - @ApiOperation("多字段值枚举") + @ApiIgnore @PostMapping("multFieldValuesForPermissions") public List multFieldValuesForPermissions(@RequestBody MultFieldValuesRequest multFieldValuesRequest) throws Exception { List results = new ArrayList<>(); diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskController.java index e0703d256b..74bb8cc0b7 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskController.java @@ -16,7 +16,9 @@ import io.dataease.service.dataset.DataSetTableTaskLogService; import io.dataease.service.dataset.DataSetTableTaskService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; +import springfox.documentation.annotations.ApiIgnore; import javax.annotation.Resource; import java.util.List; @@ -42,18 +44,21 @@ public class DataSetTableTaskController { return dataSetTableTaskService.save(dataSetTaskRequest); } + //TODO @ApiOperation("删除") @PostMapping("delete/{id}") public void delete(@PathVariable String id) { dataSetTableTaskService.delete(id); } + @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("list") public List list(@RequestBody DatasetTableTask datasetTableTask) { return dataSetTableTaskService.list(datasetTableTask); } + @RequiresPermissions("task:read") @ApiOperation("分页查询") @PostMapping("/pageList/{goPage}/{pageSize}") public Pager> taskList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseGridRequest request) { @@ -62,12 +67,13 @@ public class DataSetTableTaskController { return PageUtils.setPageInfo(page, dataSetTableTaskService.taskList4User(request)); } - @ApiOperation("上次执行时间") + @ApiIgnore @PostMapping("/lastExecStatus") public DataSetTaskDTO lastExecStatus(@RequestBody DataSetTaskDTO datasetTableTask) { return dataSetTableTaskLogService.lastExecStatus(datasetTableTask); } + @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("更新状态") @PostMapping("/updateStatus") public void updateStatus(@RequestBody DatasetTableTask datasetTableTask) throws Exception{ diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskLogController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskLogController.java index 5160a2b5c2..960e9ff62b 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskLogController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskLogController.java @@ -14,6 +14,7 @@ import io.dataease.dto.dataset.DataSetTaskLogDTO; import io.dataease.service.dataset.DataSetTableTaskLogService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import javax.annotation.Resource; @@ -38,12 +39,13 @@ public class DataSetTableTaskLogController { return dataSetTableTaskLogService.save(datasetTableTaskLog); } - @ApiOperation("删除") - @PostMapping("delete/{id}") - public void delete(@PathVariable String id) { - dataSetTableTaskLogService.delete(id); - } +// @ApiOperation("删除") +// @PostMapping("delete/{id}") +// public void delete(@PathVariable String id) { +// dataSetTableTaskLogService.delete(id); +// } + @RequiresPermissions("task:read") @ApiOperation("分页查询") @PostMapping("list/{type}/{goPage}/{pageSize}") public Pager> list(@RequestBody BaseGridRequest request, @PathVariable String type, @PathVariable int goPage, @PathVariable int pageSize) { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableUnionController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableUnionController.java index c2b8a689d7..8f0c8048c4 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableUnionController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableUnionController.java @@ -1,11 +1,15 @@ package io.dataease.controller.dataset; import com.github.xiaoymin.knife4j.annotations.ApiSupport; +import io.dataease.auth.annotation.DePermission; import io.dataease.base.domain.DatasetTableUnion; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.dto.dataset.DataSetTableUnionDTO; import io.dataease.service.dataset.DataSetTableUnionService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import javax.annotation.Resource; @@ -23,18 +27,23 @@ public class DataSetTableUnionController { @Resource private DataSetTableUnionService dataSetTableUnionService; + @RequiresPermissions("data:read") @ApiOperation("保存") @PostMapping("save") public DatasetTableUnion save(@RequestBody DatasetTableUnion datasetTableUnion) { return dataSetTableUnionService.save(datasetTableUnion); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("删除") @PostMapping("delete/{id}") public void delete(@PathVariable String id) { dataSetTableUnionService.delete(id); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("查询") @PostMapping("listByTableId/{tableId}") public List listByTableId(@PathVariable String tableId) { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DatasetFunctionController.java b/backend/src/main/java/io/dataease/controller/dataset/DatasetFunctionController.java index 32bb6c4067..66c1ba8d72 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DatasetFunctionController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DatasetFunctionController.java @@ -1,10 +1,14 @@ package io.dataease.controller.dataset; import com.github.xiaoymin.knife4j.annotations.ApiSupport; +import io.dataease.auth.annotation.DePermission; import io.dataease.base.domain.DatasetTableFunction; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.service.dataset.DatasetFunctionService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; @@ -25,6 +29,8 @@ public class DatasetFunctionController { @Resource private DatasetFunctionService datasetFunctionService; + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("listByTableId/{tableId}") public List listByTableId(@PathVariable String tableId) { diff --git a/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java b/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java index a47f6b28cc..d03a15f2db 100644 --- a/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java +++ b/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java @@ -1,26 +1,19 @@ package io.dataease.controller.datasource; -import com.github.pagehelper.Page; -import com.github.pagehelper.PageHelper; import com.github.xiaoymin.knife4j.annotations.ApiSupport; import io.dataease.auth.annotation.DePermission; -import io.dataease.auth.annotation.DePermissions; import io.dataease.base.domain.Datasource; import io.dataease.commons.constants.DePermissionType; import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.commons.utils.AuthUtils; -import io.dataease.commons.utils.PageUtils; -import io.dataease.commons.utils.Pager; import io.dataease.controller.ResultHolder; import io.dataease.controller.request.DatasourceUnionRequest; import io.dataease.controller.request.datasource.ApiDefinition; -import io.dataease.controller.sys.base.BaseGridRequest; import io.dataease.dto.datasource.DBTableDTO; import io.dataease.service.datasource.DatasourceService; import io.dataease.dto.DatasourceDTO; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; -import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -38,7 +31,7 @@ public class DatasourceController { @Resource private DatasourceService datasourceService; - @RequiresPermissions("datasource:add") + @RequiresPermissions("datasource:read") @DePermission(type = DePermissionType.DATASOURCE, value = "id") @ApiOperation("新增数据源") @PostMapping("/add") @@ -47,7 +40,6 @@ public class DatasourceController { } @RequiresPermissions("datasource:read") - @DePermission(type = DePermissionType.DATASOURCE, value = "id") @ApiOperation("验证数据源") @PostMapping("/validate") public ResultHolder validate(@RequestBody DatasourceDTO datasource) throws Exception { @@ -55,14 +47,14 @@ public class DatasourceController { } @RequiresPermissions("datasource:read") - @DePermission(type = DePermissionType.DATASOURCE) + @DePermission(type = DePermissionType.DATASOURCE, value = "id") @ApiOperation("验证数据源") @GetMapping("/validate/{datasourceId}") public ResultHolder validate(@PathVariable String datasourceId) { return datasourceService.validate(datasourceId); } - + @RequiresPermissions("datasource:read") @ApiOperation("查询当前用户数据源") @GetMapping("/list") public List getDatasourceList() throws Exception { @@ -71,6 +63,7 @@ public class DatasourceController { return datasourceService.getDatasourceList(request); } + @RequiresPermissions("datasource:read") @ApiOperation("查询当前用户数据源") @GetMapping("/list/{type}") public List getDatasourceListByType(@PathVariable String type) throws Exception { @@ -78,28 +71,23 @@ public class DatasourceController { } @RequiresPermissions("datasource:read") - @ApiIgnore - @PostMapping("/list/{goPage}/{pageSize}") - public Pager> getDatasourceList(@RequestBody BaseGridRequest request, @PathVariable int goPage, @PathVariable int pageSize) throws Exception { - Page page = PageHelper.startPage(goPage, pageSize, true); - return PageUtils.setPageInfo(page, datasourceService.gridQuery(request)); - } - - @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.LINK_LEVEL_MANAGE) + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_MANAGE) @ApiOperation("删除数据源") @PostMapping("/delete/{datasourceID}") public void deleteDatasource(@PathVariable(value = "datasourceID") String datasourceID) throws Exception { datasourceService.deleteDatasource(datasourceID); } - @RequiresPermissions("datasource:add") - @DePermission(type = DePermissionType.DATASOURCE, value = "id", level = ResourceAuthLevel.LINK_LEVEL_MANAGE) + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASOURCE, value = "id", level = ResourceAuthLevel.DATASOURCE_LEVEL_MANAGE) @ApiOperation("更新数据源") @PostMapping("/update") public void updateDatasource(@RequestBody Datasource Datasource) { datasourceService.updateDatasource(Datasource); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASOURCE, value = "id") @ApiOperation("查询数据源下属所有表") @PostMapping("/getTables") public List getTables(@RequestBody Datasource datasource) throws Exception { @@ -112,7 +100,7 @@ public class DatasourceController { return datasourceService.getSchema(datasource); } - @ApiOperation("校验API数据源") + @ApiIgnore @PostMapping("/checkApiDatasource") public ApiDefinition checkApiDatasource(@RequestBody ApiDefinition apiDefinition) throws Exception { return datasourceService.checkApiDatasource(apiDefinition); diff --git a/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java b/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java index 68e81c2c9f..c2108ad5a1 100644 --- a/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java +++ b/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java @@ -2,6 +2,9 @@ package io.dataease.plugins.server; import com.github.pagehelper.Page; import com.github.pagehelper.PageHelper; +import io.dataease.auth.annotation.DePermission; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.commons.utils.PageUtils; import io.dataease.commons.utils.Pager; import io.dataease.i18n.Translator; @@ -16,6 +19,7 @@ import io.dataease.plugins.xpack.auth.service.ColumnPermissionService; import io.dataease.plugins.xpack.auth.service.RowPermissionService; import io.swagger.annotations.ApiOperation; import org.apache.commons.lang3.StringUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.util.CollectionUtils; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -27,7 +31,8 @@ import java.util.List; @RequestMapping("plugin/dataset/columnPermissions") public class ColumnPermissionsController { - + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("保存") @PostMapping("save") public DatasetColumnPermissions save(@RequestBody DatasetColumnPermissions datasetColumnPermissions) throws Exception { @@ -52,6 +57,8 @@ public class ColumnPermissionsController { return columnPermissionService.save(datasetColumnPermissions); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("/list") public List searchPermissions(@RequestBody DataSetColumnPermissionsDTO request) { @@ -59,6 +66,8 @@ public class ColumnPermissionsController { return columnPermissionService.searchPermissions(request); } + //TODO + @RequiresPermissions("datasource:read") @ApiOperation("删除") @PostMapping("/delete/{id}") public void delete(@PathVariable String id) { @@ -66,6 +75,8 @@ public class ColumnPermissionsController { columnPermissionService.delete(id); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("分页查询") @PostMapping("/pageList/{datasetId}/{goPage}/{pageSize}") public Pager> rowPermissions(@PathVariable String datasetId, @PathVariable int goPage, @PathVariable int pageSize, @RequestBody XpackGridRequest request) { @@ -81,6 +92,8 @@ public class ColumnPermissionsController { return PageUtils.setPageInfo(page, columnPermissionService.queryPermissions(request)); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("有权限的对象") @PostMapping("/authObjs") public List authObjs(@RequestBody DataSetColumnPermissionsDTO request) { @@ -88,6 +101,8 @@ public class ColumnPermissionsController { return (List) columnPermissionService.authObjs(request); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("详情") @PostMapping("/permissionInfo") public DataSetColumnPermissionsDTO permissionInfo(@RequestBody DataSetColumnPermissionsDTO request) { diff --git a/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java b/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java index e685a45eaa..98cbd28999 100644 --- a/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java +++ b/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java @@ -2,6 +2,9 @@ package io.dataease.plugins.server; import com.github.pagehelper.Page; import com.github.pagehelper.PageHelper; +import io.dataease.auth.annotation.DePermission; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.commons.utils.PageUtils; import io.dataease.commons.utils.Pager; import io.dataease.i18n.Translator; @@ -13,6 +16,7 @@ import io.dataease.plugins.xpack.auth.dto.request.DatasetRowPermissions; import io.dataease.plugins.xpack.auth.service.RowPermissionService; import io.swagger.annotations.ApiOperation; import org.apache.commons.lang3.StringUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.util.CollectionUtils; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -24,6 +28,8 @@ import java.util.List; @RequestMapping("plugin/dataset/rowPermissions") public class RowPermissionsController { + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("保存") @PostMapping("save") public void save(@RequestBody DatasetRowPermissions datasetRowPermissions) throws Exception { @@ -49,6 +55,8 @@ public class RowPermissionsController { rowPermissionService.save(datasetRowPermissions); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("/list") public List rowPermissions(@RequestBody DataSetRowPermissionsDTO request) { @@ -56,6 +64,8 @@ public class RowPermissionsController { return rowPermissionService.searchRowPermissions(request); } + //TODO + @RequiresPermissions("datasource:read") @ApiOperation("删除") @PostMapping("/delete/{id}") public void dataSetRowPermissionInfo(@PathVariable String id) { @@ -63,6 +73,8 @@ public class RowPermissionsController { rowPermissionService.delete(id); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("分页查询") @PostMapping("/pageList/{datasetId}/{goPage}/{pageSize}") public Pager> rowPermissions(@PathVariable String datasetId, @PathVariable int goPage, @PathVariable int pageSize, @RequestBody XpackGridRequest request) { @@ -78,6 +90,8 @@ public class RowPermissionsController { return PageUtils.setPageInfo(page, rowPermissionService.queryRowPermissions(request)); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("有权限的对象") @PostMapping("/authObjs") public List authObjs(@RequestBody DataSetRowPermissionsDTO request) { @@ -85,6 +99,8 @@ public class RowPermissionsController { return (List) rowPermissionService.authObjs(request); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("详情") @PostMapping("/dataSetRowPermissionInfo") public DataSetRowPermissionsDTO dataSetRowPermissionInfo(@RequestBody DataSetRowPermissionsDTO request) { diff --git a/backend/src/main/resources/db/migration/V32__1.8.sql b/backend/src/main/resources/db/migration/V32__1.8.sql index 3ffa33fe71..a47a45a818 100644 --- a/backend/src/main/resources/db/migration/V32__1.8.sql +++ b/backend/src/main/resources/db/migration/V32__1.8.sql @@ -404,3 +404,6 @@ CREATE TABLE `dataease_code_version` ( BEGIN; INSERT INTO `dataease_code_version` VALUES (0, 'init', NULL, 1); COMMIT; + +DELETE FALSE `sys_menu` WHERE pid=34; +UPDATE `sys_menu` SET `sub_count` = '0' WHERE (`menu_id` = '34'); \ No newline at end of file diff --git a/frontend/src/views/login/index.vue b/frontend/src/views/login/index.vue index f4fe8aa162..e8ff368bd3 100644 --- a/frontend/src/views/login/index.vue +++ b/frontend/src/views/login/index.vue @@ -202,7 +202,6 @@ export default { loginType: this.loginForm.loginType } const publicKey = localStorage.getItem('publicKey') - console.log(publicKey) this.$store.dispatch('user/login', user).then(() => { this.$router.push({ path: this.redirect || '/' }) this.loading = false diff --git a/frontend/src/views/system/datasource/DsTree.vue b/frontend/src/views/system/datasource/DsTree.vue index c4685a9c8a..e5ca81de49 100644 --- a/frontend/src/views/system/datasource/DsTree.vue +++ b/frontend/src/views/system/datasource/DsTree.vue @@ -5,7 +5,7 @@ {{ $t('commons.datasource') }} - @@ -76,7 +76,6 @@ Date: Sat, 26 Feb 2022 17:10:02 +0800 Subject: [PATCH 2/5] =?UTF-8?q?fix:=20=E6=95=B0=E6=8D=AE=E6=BA=90=E3=80=81?= =?UTF-8?q?=E6=95=B0=E6=8D=AE=E9=9B=86=20api=20=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/src/main/resources/db/migration/V32__1.8.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/main/resources/db/migration/V32__1.8.sql b/backend/src/main/resources/db/migration/V32__1.8.sql index d99ba6b33f..9e223defdd 100644 --- a/backend/src/main/resources/db/migration/V32__1.8.sql +++ b/backend/src/main/resources/db/migration/V32__1.8.sql @@ -405,5 +405,5 @@ BEGIN; INSERT INTO `dataease_code_version` VALUES (0, 'init', NULL, 1); COMMIT; -DELETE FALSE `sys_menu` WHERE pid=34; +DELETE FROM `sys_menu` WHERE pid=34; UPDATE `sys_menu` SET `sub_count` = '0' WHERE (`menu_id` = '34'); \ No newline at end of file From 9642862e57af7963b5c4cd6891333a5ffea0c00f Mon Sep 17 00:00:00 2001 From: junjun Date: Sun, 27 Feb 2022 14:49:59 +0800 Subject: [PATCH 3/5] =?UTF-8?q?refactor:=20=E6=95=B0=E6=8D=AE=E9=9B=86?= =?UTF-8?q?=E8=A7=86=E5=9B=BE=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/chart/ChartController.java | 26 ----------------- .../chart/ChartGroupController.java | 4 +++ .../dataset/DataSetGroupController.java | 5 ++-- .../dataset/DataSetTableController.java | 28 +++++++++++++++---- .../dataset/DataSetTableFieldController.java | 11 ++++++-- frontend/src/views/dataset/data/FieldEdit.vue | 2 +- 6 files changed, 38 insertions(+), 38 deletions(-) delete mode 100644 backend/src/main/java/io/dataease/controller/chart/ChartController.java diff --git a/backend/src/main/java/io/dataease/controller/chart/ChartController.java b/backend/src/main/java/io/dataease/controller/chart/ChartController.java deleted file mode 100644 index 8e8c3608b9..0000000000 --- a/backend/src/main/java/io/dataease/controller/chart/ChartController.java +++ /dev/null @@ -1,26 +0,0 @@ -package io.dataease.controller.chart; - -import com.alibaba.fastjson.JSON; -import com.github.xiaoymin.knife4j.annotations.ApiSupport; -import io.dataease.controller.request.dataset.DataSetTableRequest; -import io.swagger.annotations.Api; -import io.swagger.annotations.ApiOperation; -import org.springframework.web.bind.annotation.*; - -import java.util.ArrayList; -import java.util.List; - -@Api(tags = "视图:视图管理") -@ApiSupport(order = 110) -@RestController -@RequestMapping("chart/table") -public class ChartController { - - - @ApiOperation("查询") - @PostMapping("list") - public List list(@RequestBody DataSetTableRequest dataSetTableRequest) { - return new ArrayList<>(); - } - -} diff --git a/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java b/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java index 783a48c74a..6c7a1c234b 100644 --- a/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java +++ b/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java @@ -21,24 +21,28 @@ public class ChartGroupController { @Resource private ChartGroupService chartGroupService; + @ApiIgnore @ApiOperation("保存") @PostMapping("/save") public ChartGroupDTO save(@RequestBody ChartGroup ChartGroup) { return chartGroupService.save(ChartGroup); } + @ApiIgnore @ApiOperation("查询树") @PostMapping("/tree") public List tree(@RequestBody ChartGroupRequest ChartGroup) { return chartGroupService.tree(ChartGroup); } + @ApiIgnore @ApiOperation("查询树节点") @PostMapping("/treeNode") public List treeNode(@RequestBody ChartGroupRequest ChartGroup) { return chartGroupService.tree(ChartGroup); } + @ApiIgnore @ApiOperation("删除") @PostMapping("/delete/{id}") public void tree(@PathVariable String id) { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java index cd433007f2..4338ee09be 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java @@ -45,14 +45,13 @@ public class DataSetGroupController { return dataSetGroupService.save(datasetGroup); } - @RequiresPermissions("data:read") - @ApiOperation("查询树") + @ApiIgnore @PostMapping("/tree") public List tree(@RequestBody DataSetGroupRequest datasetGroup) { return dataSetGroupService.tree(datasetGroup); } - @ApiOperation("查询树节点") + @ApiIgnore @PostMapping("/treeNode") public List treeNode(@RequestBody DataSetGroupRequest datasetGroup) { return dataSetGroupService.treeNode(datasetGroup); diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java index 9639ec9aa2..e6db619cb0 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java @@ -10,9 +10,9 @@ import io.dataease.commons.constants.DePermissionType; import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.controller.request.dataset.DataSetTableRequest; import io.dataease.controller.response.DataSetDetail; -import io.dataease.dto.datasource.TableField; import io.dataease.dto.dataset.DataSetTableDTO; import io.dataease.dto.dataset.ExcelFileData; +import io.dataease.dto.datasource.TableField; import io.dataease.service.dataset.DataSetTableService; import io.swagger.annotations.*; import org.apache.shiro.authz.annotation.Logical; @@ -38,9 +38,9 @@ public class DataSetTableController { @RequiresPermissions("data:read") @DePermissions(value = { - @DePermission(type = DePermissionType.DATASET, value = "id"), - @DePermission(type = DePermissionType.DATASET, value = "sceneId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE), - @DePermission(type = DePermissionType.DATASOURCE, value = "dataSourceId", level = ResourceAuthLevel.DATASET_LEVEL_USE) + @DePermission(type = DePermissionType.DATASET, value = "id"), + @DePermission(type = DePermissionType.DATASET, value = "sceneId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE), + @DePermission(type = DePermissionType.DATASOURCE, value = "dataSourceId", level = ResourceAuthLevel.DATASET_LEVEL_USE) }, logical = Logical.AND) @ApiOperation("批量保存") @PostMapping("batchAdd") @@ -85,6 +85,7 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "sceneId") @ApiOperation("查询") @PostMapping("list") public List list(@RequestBody DataSetTableRequest dataSetTableRequest) { @@ -92,6 +93,7 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "sceneId") @ApiOperation("查询组") @PostMapping("listAndGroup") public List listAndGroup(@RequestBody DataSetTableRequest dataSetTableRequest) { @@ -107,6 +109,7 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE) @ApiOperation("带权限查询") @PostMapping("getWithPermission/{id}") public DataSetTableDTO getWithPermission(@PathVariable String id) { @@ -114,48 +117,63 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId") @ApiOperation("查询原始字段") @PostMapping("getFields") public List getFields(@RequestBody DatasetTable datasetTable) throws Exception { return dataSetTableService.getFields(datasetTable); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "id") @ApiOperation("查询生成字段") @PostMapping("getFieldsFromDE") public Map> getFieldsFromDE(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception { return dataSetTableService.getFieldsFromDE(dataSetTableRequest); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "id") @ApiOperation("查询预览数据") @PostMapping("getPreviewData/{page}/{pageSize}") public Map getPreviewData(@RequestBody DataSetTableRequest dataSetTableRequest, @PathVariable Integer page, @PathVariable Integer pageSize) throws Exception { return dataSetTableService.getPreviewData(dataSetTableRequest, page, pageSize, null); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId") @ApiOperation("根据sql查询预览数据") @PostMapping("sqlPreview") public Map getSQLPreview(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception { return dataSetTableService.getSQLPreview(dataSetTableRequest); } - @ApiOperation("客户预览数据") + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId") + @ApiOperation("预览自定义数据数据") @PostMapping("customPreview") public Map customPreview(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception { return dataSetTableService.getCustomPreview(dataSetTableRequest); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "tableId") @ApiOperation("查询增量配置") @PostMapping("incrementalConfig") public DatasetTableIncrementalConfig incrementalConfig(@RequestBody DatasetTableIncrementalConfig datasetTableIncrementalConfig) throws Exception { return dataSetTableService.incrementalConfig(datasetTableIncrementalConfig); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE, value = "tableId") @ApiOperation("保存增量配置") @PostMapping("save/incrementalConfig") public void saveIncrementalConfig(@RequestBody DatasetTableIncrementalConfig datasetTableIncrementalConfig) throws Exception { dataSetTableService.saveIncrementalConfig(datasetTableIncrementalConfig); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("数据集详息") @PostMapping("datasetDetail/{id}") public DataSetDetail datasetDetail(@PathVariable String id) { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java index 42a1eb98e2..fe873b7711 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java @@ -4,6 +4,7 @@ import com.auth0.jwt.JWT; import com.auth0.jwt.interfaces.DecodedJWT; import com.github.xiaoymin.knife4j.annotations.ApiSupport; import io.dataease.auth.annotation.DePermission; +import io.dataease.auth.annotation.DePermissions; import io.dataease.auth.filter.F2CLinkFilter; import io.dataease.base.domain.DatasetTable; import io.dataease.base.domain.DatasetTableField; @@ -21,6 +22,7 @@ import io.dataease.service.dataset.PermissionService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.apache.commons.lang3.ObjectUtils; +import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; @@ -139,10 +141,13 @@ public class DataSetTableFieldController { return dataSetTableFieldsService.save(datasetTableField); } - //TODO 校验权限 + @RequiresPermissions("data:read") + @DePermissions(value = { + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE, paramIndex = 1) + }) @ApiOperation("删除") - @PostMapping("delete/{id}") - public void delete(@PathVariable String id) { + @PostMapping("delete/{id}/{tableId}") + public void delete(@PathVariable String id, @PathVariable String tableId) { dataSetTableFieldsService.delete(id); } diff --git a/frontend/src/views/dataset/data/FieldEdit.vue b/frontend/src/views/dataset/data/FieldEdit.vue index e74c771470..c44b889b9d 100644 --- a/frontend/src/views/dataset/data/FieldEdit.vue +++ b/frontend/src/views/dataset/data/FieldEdit.vue @@ -392,7 +392,7 @@ export default { cancelButtonText: this.$t('dataset.cancel'), type: 'warning' }).then(() => { - post('/dataset/field/delete/' + item.id, null).then(response => { + post('/dataset/field/delete/' + item.id + '/' + item.tableId, null).then(response => { this.$message({ type: 'success', message: this.$t('chart.delete_success'), From c9b355c69e601cd8481025ce6dcfdfa0753564c1 Mon Sep 17 00:00:00 2001 From: taojinlong Date: Mon, 28 Feb 2022 10:43:20 +0800 Subject: [PATCH 4/5] =?UTF-8?q?fix:=20=E6=95=B0=E6=8D=AE=E9=9B=86=20api=20?= =?UTF-8?q?=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../io/dataease/config/Knife4jConfiguration.java | 2 +- .../plugins/server/ColumnPermissionsController.java | 12 ++++++------ .../plugins/server/RowPermissionsController.java | 12 ++++++------ 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/backend/src/main/java/io/dataease/config/Knife4jConfiguration.java b/backend/src/main/java/io/dataease/config/Knife4jConfiguration.java index be2860cc1d..eff1bb147e 100644 --- a/backend/src/main/java/io/dataease/config/Knife4jConfiguration.java +++ b/backend/src/main/java/io/dataease/config/Knife4jConfiguration.java @@ -74,7 +74,7 @@ public class Knife4jConfiguration implements BeanPostProcessor{ .title("DataEase") .description("人人可用的开源数据可视化分析工具") .termsOfServiceUrl("https://dataease.io") - .contact(new Contact("fit2cloud","https://www.fit2cloud.com/dataease/index.html","dataease@fit2cloud.com")) + .contact(new Contact("Dataease","https://www.fit2cloud.com/dataease/index.html","dataease@fit2cloud.com")) .version(version) .build(); } diff --git a/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java b/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java index c2108ad5a1..f77c74049d 100644 --- a/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java +++ b/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java @@ -31,7 +31,7 @@ import java.util.List; @RequestMapping("plugin/dataset/columnPermissions") public class ColumnPermissionsController { - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("保存") @PostMapping("save") @@ -57,7 +57,7 @@ public class ColumnPermissionsController { return columnPermissionService.save(datasetColumnPermissions); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("/list") @@ -67,7 +67,7 @@ public class ColumnPermissionsController { } //TODO - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @ApiOperation("删除") @PostMapping("/delete/{id}") public void delete(@PathVariable String id) { @@ -75,7 +75,7 @@ public class ColumnPermissionsController { columnPermissionService.delete(id); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("分页查询") @PostMapping("/pageList/{datasetId}/{goPage}/{pageSize}") @@ -92,7 +92,7 @@ public class ColumnPermissionsController { return PageUtils.setPageInfo(page, columnPermissionService.queryPermissions(request)); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("有权限的对象") @PostMapping("/authObjs") @@ -101,7 +101,7 @@ public class ColumnPermissionsController { return (List) columnPermissionService.authObjs(request); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("详情") @PostMapping("/permissionInfo") diff --git a/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java b/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java index 98cbd28999..1bf7543080 100644 --- a/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java +++ b/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java @@ -28,7 +28,7 @@ import java.util.List; @RequestMapping("plugin/dataset/rowPermissions") public class RowPermissionsController { - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("保存") @PostMapping("save") @@ -55,7 +55,7 @@ public class RowPermissionsController { rowPermissionService.save(datasetRowPermissions); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("/list") @@ -65,7 +65,7 @@ public class RowPermissionsController { } //TODO - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @ApiOperation("删除") @PostMapping("/delete/{id}") public void dataSetRowPermissionInfo(@PathVariable String id) { @@ -73,7 +73,7 @@ public class RowPermissionsController { rowPermissionService.delete(id); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("分页查询") @PostMapping("/pageList/{datasetId}/{goPage}/{pageSize}") @@ -90,7 +90,7 @@ public class RowPermissionsController { return PageUtils.setPageInfo(page, rowPermissionService.queryRowPermissions(request)); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("有权限的对象") @PostMapping("/authObjs") @@ -99,7 +99,7 @@ public class RowPermissionsController { return (List) rowPermissionService.authObjs(request); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("详情") @PostMapping("/dataSetRowPermissionInfo") From ea8fe4b44f2b7f708b2769b53e0901081cd641cc Mon Sep 17 00:00:00 2001 From: fit2cloud-chenyw Date: Mon, 28 Feb 2022 11:05:10 +0800 Subject: [PATCH 5/5] =?UTF-8?q?fix:=20tab=E6=96=B0=E5=A2=9E=E5=A4=B1?= =?UTF-8?q?=E8=B4=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- frontend/src/utils/conditionUtil.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/utils/conditionUtil.js b/frontend/src/utils/conditionUtil.js index cc48c9e150..f557d516c6 100644 --- a/frontend/src/utils/conditionUtil.js +++ b/frontend/src/utils/conditionUtil.js @@ -48,7 +48,7 @@ export const buildFilterMap = panelItems => { } if (element.type === 'de-tabs') { element.options.tabList && element.options.tabList.forEach(tab => { - if (tab.content.propValue && tab.content.propValue.viewId) { + if (tab.content && tab.content.propValue && tab.content.propValue.viewId) { result[tab.content.propValue.viewId] = [] } })