fix(数据集): 校验sql参数，只能在直连时使用

backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java

@@ -1054,24 +1054,25 @@ public class DataSetTableService {
         return sql;
     }
 
-    public String removeVariables(String sql, String dsType) throws Exception {
+    public String removeVariables(final String sql, String dsType) throws Exception {
+        String tmpSql = sql;
         Pattern pattern = Pattern.compile(regex);
-        Matcher matcher = pattern.matcher(sql);
+        Matcher matcher = pattern.matcher(tmpSql);
         boolean hasVariables = false;
         while (matcher.find()) {
             hasVariables = true;
-            sql = sql.replace(matcher.group(), SubstitutedParams);
+            tmpSql = tmpSql.replace(matcher.group(), SubstitutedParams);
         }
-        if (!hasVariables && !sql.contains(SubstitutedParams)) {
-            return sql;
+        if (!hasVariables && !tmpSql.contains(SubstitutedParams)) {
+            return tmpSql;
         }
-        CCJSqlParserUtil.parse(sql, parser -> parser.withSquareBracketQuotation(true));
-        Statement statement = CCJSqlParserUtil.parse(sql);
+        CCJSqlParserUtil.parse(tmpSql, parser -> parser.withSquareBracketQuotation(true));
+        Statement statement = CCJSqlParserUtil.parse(tmpSql);
         Select select = (Select) statement;
 
         if (select.getSelectBody() instanceof PlainSelect) {
             return handlePlainSelect((PlainSelect) select.getSelectBody(), select, dsType);
-        }else {
+        } else {
             String result = "";
             SetOperationList setOperationList = (SetOperationList) select.getSelectBody();
             for (int i = 0; i < setOperationList.getSelects().size(); i++) {
@@ -1175,15 +1176,24 @@ public class DataSetTableService {
     }
 
     public Map<String, Object> getSQLPreview(DataSetTableRequest dataSetTableRequest) throws Exception {
+        DataTableInfoDTO dataTableInfo = new Gson().fromJson(dataSetTableRequest.getInfo(), DataTableInfoDTO.class);
+        String sql = dataTableInfo.isBase64Encryption() ? new String(java.util.Base64.getDecoder().decode(dataTableInfo.getSql())) : dataTableInfo.getSql();
         Datasource ds = datasourceMapper.selectByPrimaryKey(dataSetTableRequest.getDataSourceId());
         if (ds == null) {
             throw new Exception(Translator.get("i18n_invalid_ds"));
         }
+        String tmpSql = removeVariables(sql, ds.getType());
+        if (dataSetTableRequest.getMode() == 1 && (tmpSql.contains(SubstitutedParams) || tmpSql.contains(SubstitutedSql.trim()))) {
+            throw new Exception(Translator.get("I18N_SQL_variable_direct_limit"));
+        }
+        if (tmpSql.contains(SubstitutedParams)) {
+            throw new Exception(Translator.get("I18N_SQL_variable_limit"));
+        }
         Provider datasourceProvider = ProviderFactory.getProvider(ds.getType());
         DatasourceRequest datasourceRequest = new DatasourceRequest();
         datasourceRequest.setDatasource(ds);
-        DataTableInfoDTO dataTableInfo = new Gson().fromJson(dataSetTableRequest.getInfo(), DataTableInfoDTO.class);
-        String sql = dataTableInfo.isBase64Encryption() ? new String(java.util.Base64.getDecoder().decode(dataTableInfo.getSql())) : dataTableInfo.getSql();
+
+
         sql = handleVariableDefaultValue(sql, dataSetTableRequest.getSqlVariableDetails(), ds.getType());
         if (StringUtils.isEmpty(sql)) {
             DataEaseException.throwException(Translator.get("i18n_sql_not_empty"));

backend/src/main/resources/i18n/messages_en_US.properties

@@ -194,6 +194,7 @@ I18N_DATASOURCE_LEVEL_GRANT=Grant
 I18N_NO_PERMISSION=You do not have permission to
 I18N_PLEASE_CONCAT_ADMIN=Please contact the administrator for authorization
 I18N_SQL_variable_limit=SQL variables can only be used in where conditions
+I18N_SQL_variable_direct_limit=SQL variables can only be used for direct connection
 I18N_EMAIL_CONFIG_ERROR=Email config error
 I18N_EMAIL_HOST_ERROR=Email host can not be empty
 I18N_EMAIL_PORT_ERROR=Email port can not be empty

backend/src/main/resources/i18n/messages_zh_CN.properties

@@ -194,6 +194,7 @@ I18N_DATASOURCE_LEVEL_GRANT=\u6388\u6743
 I18N_NO_PERMISSION=\u5F53\u524D\u7528\u6237\u6CA1\u6709\u6743\u9650
 I18N_PLEASE_CONCAT_ADMIN=\u8BF7\u8054\u7CFB\u7BA1\u7406\u5458\u5F00\u901A
 I18N_SQL_variable_limit=SQL \u53D8\u91CF\u53EA\u80FD\u5728 WHERE \u6761\u4EF6\u4E2D\u4F7F\u7528
+I18N_SQL_variable_direct_limit=SQL变量只能用于直连
 I18N_EMAIL_CONFIG_ERROR=\u90AE\u4EF6\u914D\u7F6E\u9519\u8BEF
 I18N_EMAIL_HOST_ERROR=\u90AE\u4EF6\u4E3B\u673A\u4E0D\u80FD\u4E3A\u7A7A
 I18N_EMAIL_PORT_ERROR=\u90AE\u4EF6\u7AEF\u53E3\u4E0D\u80FD\u4E3A\u7A7A

backend/src/main/resources/i18n/messages_zh_TW.properties

@@ -190,6 +190,7 @@ I18N_DATASOURCE_LEVEL_GRANT=\u6388\u6B0A
 I18N_NO_PERMISSION=\u7576\u524D\u7528\u6236\u6C92\u6709\u6B0A\u9650
 I18N_PLEASE_CONCAT_ADMIN=\u8ACB\u806F\u7CFB\u7BA1\u7406\u54E1\u958B\u901A
 I18N_SQL_variable_limit=SQL\u8B8A\u6578\u53EA\u80FD\u5728WHERE\u689D\u4EF6\u4E2D\u4F7F\u7528
+I18N_SQL_variable_direct_limit=SQL變數只能用於直連
 I18N_EMAIL_CONFIG_ERROR=\u90F5\u4EF6\u914D\u7F6E\u932F\u8AA4
 I18N_EMAIL_HOST_ERROR=\u90F5\u4EF6\u4E3B\u6A5F\u4E0D\u80FD\u70BA\u7A7A
 I18N_EMAIL_PORT_ERROR=\u90F5\u4EF6\u7AEF\u53E3\u4E0D\u80FD\u70BA\u7A7A

frontend/src/views/dataset/add/AddSQL.vue

@@ -703,6 +703,7 @@ export default {
       post('/dataset/table/sqlPreview', {
         dataSourceId: this.dataSource,
         type: 'sql',
+        mode: parseInt(this.mode),
         sqlVariableDetails: JSON.stringify(this.variables),
         info: JSON.stringify({
           sql: Base64.encode(this.sql.trim()),