diff --git a/core/core-backend/src/main/java/io/dataease/share/interceptor/LinkInterceptor.java b/core/core-backend/src/main/java/io/dataease/share/interceptor/LinkInterceptor.java index 2188711918..d7cb58c268 100644 --- a/core/core-backend/src/main/java/io/dataease/share/interceptor/LinkInterceptor.java +++ b/core/core-backend/src/main/java/io/dataease/share/interceptor/LinkInterceptor.java @@ -19,7 +19,7 @@ import java.util.List; @Component public class LinkInterceptor implements HandlerInterceptor { - private final static String whiteListText = "/user/ipInfo, /apisix/check, /datasetData/enumValueObj"; + private final static String whiteListText = "/user/ipInfo, /apisix/check, /datasetData/enumValueObj, /dekey, /share/validate"; @Override @@ -40,7 +40,7 @@ public class LinkInterceptor implements HandlerInterceptor { if (StringUtils.startsWith(requestURI, AuthConstant.DE_API_PREFIX)) { requestURI = requestURI.replaceFirst(AuthConstant.DE_API_PREFIX, ""); } - boolean valid = whiteList.contains(requestURI); + boolean valid = whiteList.contains(requestURI) || WhitelistUtils.match(requestURI); if (!valid) { DEException.throwException("分享链接Token不支持访问当前url[" + requestURI + "]"); } diff --git a/core/core-backend/src/main/java/io/dataease/visualization/server/VisualizationLinkJumpService.java b/core/core-backend/src/main/java/io/dataease/visualization/server/VisualizationLinkJumpService.java index 459bec6710..ecd35afbfb 100644 --- a/core/core-backend/src/main/java/io/dataease/visualization/server/VisualizationLinkJumpService.java +++ b/core/core-backend/src/main/java/io/dataease/visualization/server/VisualizationLinkJumpService.java @@ -137,6 +137,7 @@ public class VisualizationLinkJumpService implements VisualizationLinkJumpApi { }); } + @DeLinkPermit("#p0.targetDvId") @Override public VisualizationLinkJumpBaseResponse queryTargetVisualizationJumpInfo(VisualizationLinkJumpBaseRequest request) { List result = extVisualizationLinkJumpMapper.getTargetVisualizationJumpInfo(request);