From 4d261225320360709b46f47013508efaa7957d53 Mon Sep 17 00:00:00 2001
From: wangjiahao <1522128093@qq.com>
Date: Wed, 23 Jun 2021 15:28:06 +0800
Subject: [PATCH] =?UTF-8?q?feat(fix):=20=E5=A2=9E=E5=8A=A0=E5=88=A0?=
=?UTF-8?q?=E9=99=A4=E7=9B=AE=E5=BD=95=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?=
=?UTF-8?q?=20=E5=A2=9E=E5=8A=A0=E6=95=B0=E6=8D=AE=E6=BA=90=E6=9D=83?=
=?UTF-8?q?=E9=99=90=E6=8E=A7=E5=88=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../base/mapper/ext/ExtDataSourceMapper.xml | 3 +-
.../base/mapper/ext/ExtSysAuthMapper.java | 3 +
.../base/mapper/ext/ExtSysAuthMapper.xml | 4 +
.../service/chart/ChartGroupService.java | 7 ++
.../service/dataset/DataSetGroupService.java | 8 ++
.../service/panel/PanelGroupService.java | 4 +
.../dataease/service/sys/SysAuthService.java | 7 ++
.../resources/db/migration/V3__init_data.sql | 1 -
.../main/resources/db/migration/V5__auth.sql | 108 ++++++++++++------
.../resources/i18n/messages_en_US.properties | 3 +-
.../resources/i18n/messages_zh_CN.properties | 2 +-
.../resources/i18n/messages_zh_TW.properties | 3 +-
.../src/views/system/datasource/DsTree.vue | 7 +-
frontend/src/views/system/datasource/form.vue | 8 +-
14 files changed, 125 insertions(+), 43 deletions(-)
diff --git a/backend/src/main/java/io/dataease/base/mapper/ext/ExtDataSourceMapper.xml b/backend/src/main/java/io/dataease/base/mapper/ext/ExtDataSourceMapper.xml
index 4178d702c5..ca4d20e4a9 100644
--- a/backend/src/main/java/io/dataease/base/mapper/ext/ExtDataSourceMapper.xml
+++ b/backend/src/main/java/io/dataease/base/mapper/ext/ExtDataSourceMapper.xml
@@ -24,7 +24,8 @@
+
+
diff --git a/backend/src/main/java/io/dataease/service/chart/ChartGroupService.java b/backend/src/main/java/io/dataease/service/chart/ChartGroupService.java
index 4057690685..3d95b994e0 100644
--- a/backend/src/main/java/io/dataease/service/chart/ChartGroupService.java
+++ b/backend/src/main/java/io/dataease/service/chart/ChartGroupService.java
@@ -11,10 +11,12 @@ import io.dataease.controller.request.chart.ChartGroupRequest;
import io.dataease.controller.request.dataset.DataSetTableRequest;
import io.dataease.dto.chart.ChartGroupDTO;
import io.dataease.i18n.Translator;
+import io.dataease.service.sys.SysAuthService;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;
+import org.springframework.util.Assert;
import javax.annotation.Resource;
import java.util.ArrayList;
@@ -34,6 +36,8 @@ public class ChartGroupService {
private ExtChartGroupMapper extChartGroupMapper;
@Resource
private ExtDataSetGroupMapper extDataSetGroupMapper;
+ @Resource
+ private SysAuthService sysAuthService;
public ChartGroupDTO save(ChartGroup chartGroup) {
checkName(chartGroup);
@@ -52,6 +56,9 @@ public class ChartGroupService {
}
public void delete(String id) {
+ Assert.notNull(id, "id cannot be null");
+ sysAuthService.checkTreeNoManageCount("chart",id);
+
ChartGroup cg = chartGroupMapper.selectByPrimaryKey(id);
ChartGroupRequest ChartGroup = new ChartGroupRequest();
BeanUtils.copyBean(ChartGroup, cg);
diff --git a/backend/src/main/java/io/dataease/service/dataset/DataSetGroupService.java b/backend/src/main/java/io/dataease/service/dataset/DataSetGroupService.java
index 50a3cd790d..4bb8f629a1 100644
--- a/backend/src/main/java/io/dataease/service/dataset/DataSetGroupService.java
+++ b/backend/src/main/java/io/dataease/service/dataset/DataSetGroupService.java
@@ -13,11 +13,13 @@ import io.dataease.controller.request.dataset.DataSetTableRequest;
import io.dataease.dto.dataset.DataSetGroupDTO;
import io.dataease.dto.dataset.DataSetTableDTO;
import io.dataease.i18n.Translator;
+import io.dataease.service.sys.SysAuthService;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Service;
+import org.springframework.util.Assert;
import javax.annotation.Resource;
import java.util.*;
@@ -36,6 +38,8 @@ public class DataSetGroupService {
private DataSetTableService dataSetTableService;
@Resource
private ExtDataSetGroupMapper extDataSetGroupMapper;
+ @Resource
+ private SysAuthService sysAuthService;
public DataSetGroupDTO save(DatasetGroup datasetGroup) {
checkName(datasetGroup);
@@ -54,6 +58,10 @@ public class DataSetGroupService {
}
public void delete(String id) throws Exception {
+
+ Assert.notNull(id, "id cannot be null");
+ sysAuthService.checkTreeNoManageCount("dataset",id);
+
DatasetGroup dg = datasetGroupMapper.selectByPrimaryKey(id);
DataSetGroupRequest datasetGroup = new DataSetGroupRequest();
BeanUtils.copyBean(datasetGroup, dg);
diff --git a/backend/src/main/java/io/dataease/service/panel/PanelGroupService.java b/backend/src/main/java/io/dataease/service/panel/PanelGroupService.java
index 6fd619b435..70e4c389e7 100644
--- a/backend/src/main/java/io/dataease/service/panel/PanelGroupService.java
+++ b/backend/src/main/java/io/dataease/service/panel/PanelGroupService.java
@@ -17,6 +17,7 @@ import io.dataease.dto.panel.PanelDesignDTO;
import io.dataease.dto.panel.PanelGroupDTO;
import io.dataease.i18n.Translator;
import io.dataease.service.chart.ChartViewService;
+import io.dataease.service.sys.SysAuthService;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
@@ -57,6 +58,8 @@ public class PanelGroupService {
private ShareService shareService;
@Resource
private PanelLinkService panelLinkService;
+ @Resource
+ private SysAuthService sysAuthService;
public List tree(PanelGroupRequest panelGroupRequest) {
String userId = String.valueOf(AuthUtils.getUser().getUserId());
@@ -132,6 +135,7 @@ public class PanelGroupService {
public void deleteCircle(String id) {
Assert.notNull(id, "id cannot be null");
+ sysAuthService.checkTreeNoManageCount("panel",id);
// 同时会删除对应默认仪表盘
extPanelGroupMapper.deleteCircle(id);
storeService.removeByPanelId(id);
diff --git a/backend/src/main/java/io/dataease/service/sys/SysAuthService.java b/backend/src/main/java/io/dataease/service/sys/SysAuthService.java
index bfb9a1355a..e633df73e7 100644
--- a/backend/src/main/java/io/dataease/service/sys/SysAuthService.java
+++ b/backend/src/main/java/io/dataease/service/sys/SysAuthService.java
@@ -41,9 +41,11 @@ public class SysAuthService {
@Resource
private ExtVAuthModelMapper extVAuthModelMapper;
+
private static List PRI_MODEL_TYPE = Arrays.asList("link", "dataset", "chart", "panel", "menu");
+
/**
* @Description: 查询可见授权数据的数据如果是管理员(IsAdmin = true)且modelType 为link dataset chart panel menu可以查询到所有的数据,
* 如果是普通用户,只能查询到自己的数据;但是 node_type 为spine 时 节点也会返回
@@ -137,5 +139,10 @@ public class SysAuthService {
return authId;
}
+ public void checkTreeNoManageCount(String modelType,String nodeId){
+ if(extSysAuthMapper.checkTreeNoManageCount(AuthUtils.getUser().getUserId(),modelType,nodeId)){
+ throw new RuntimeException(Translator.get("i18n_no_all_delete_privilege_folder"));
+ }
+ }
}
diff --git a/backend/src/main/resources/db/migration/V3__init_data.sql b/backend/src/main/resources/db/migration/V3__init_data.sql
index 48802608c0..cdf5009401 100644
--- a/backend/src/main/resources/db/migration/V3__init_data.sql
+++ b/backend/src/main/resources/db/migration/V3__init_data.sql
@@ -15,7 +15,6 @@ INSERT INTO `sys_menu` VALUES (16, 2, 0, 2, '删除用户', NULL, NULL, 999, NUL
INSERT INTO `sys_menu` VALUES (17, 2, 0, 2, '编辑用户', NULL, NULL, 999, NULL, NULL, b'0', b'0', b'0', 'user:edit', NULL, NULL, 1614930935529, 1614930935529);
INSERT INTO `sys_menu` VALUES (24, 34, 0, 2, '创建连接', NULL, NULL, 997, NULL, NULL, b'0', b'0', b'0', 'datasource:add', NULL, NULL, 1614931168956, 1615783705537);
-INSERT INTO `sys_menu` VALUES (27, 34, 0, 2, '校验连接', NULL, NULL, 999, NULL, NULL, b'0', b'0', b'0', 'datasource:validate', NULL, NULL, 1614931268578, 1614931268578);
INSERT INTO `sys_menu` VALUES (28, 2, 0, 2, '修改密码', NULL, NULL, 999, NULL, NULL, b'0', b'0', b'0', 'user:editPwd', NULL, NULL, 1615275128262, 1615275128262);
INSERT INTO `sys_menu` VALUES (30, 0, 0, 1, '仪表板', 'panel', 'panel/index', 1, NULL, '/panel', b'0', b'0', b'0', NULL, NULL, NULL, NULL, 1619081449067);
INSERT INTO `sys_menu` VALUES (34, 0, 4, 1, '数据源', 'datasource', 'system/datasource/index', 4, NULL, '/datasource', b'0', b'0', b'0', 'datasource:read', NULL, NULL, NULL, NULL);
diff --git a/backend/src/main/resources/db/migration/V5__auth.sql b/backend/src/main/resources/db/migration/V5__auth.sql
index 8dbe7a63df..d8ef426165 100644
--- a/backend/src/main/resources/db/migration/V5__auth.sql
+++ b/backend/src/main/resources/db/migration/V5__auth.sql
@@ -64,6 +64,31 @@ CREATE ALGORITHM = UNDEFINED SQL SECURITY DEFINER VIEW `v_auth_model` AS select
DROP VIEW IF EXISTS `v_auth_privilege`;
CREATE ALGORITHM = UNDEFINED SQL SECURITY DEFINER VIEW `v_auth_privilege` AS select `sys_auth`.`auth_source` AS `auth_source`,`sys_auth`.`auth_source_type` AS `auth_source_type`,group_concat(`sys_auth_detail`.`privilege_extend` separator ',') AS `privileges` from (`sys_auth` left join `sys_auth_detail` on((`sys_auth`.`id` = `sys_auth_detail`.`auth_id`))) where ((`sys_auth_detail`.`privilege_value` = 1) and (((`sys_auth`.`auth_target_type` = 'dept') and (`sys_auth`.`auth_target` = (select `sys_user`.`dept_id` from `sys_user` where (`sys_user`.`user_id` = '4')))) or ((`sys_auth`.`auth_target_type` = 'user') and (`sys_auth`.`auth_target` = '4')) or ((`sys_auth`.`auth_target_type` = 'role') and (`sys_auth`.`auth_target` = (select `sys_users_roles`.`role_id` from `sys_users_roles` where (`sys_users_roles`.`user_id` = '4')))))) group by `sys_auth`.`auth_source`,`sys_auth`.`auth_source_type`;
+-- ----------------------------
+-- Function structure for CHECK_TREE_NO_MANAGE_PRIVILEGE
+-- ----------------------------
+DROP FUNCTION IF EXISTS `CHECK_TREE_NO_MANAGE_PRIVILEGE`;
+delimiter ;;
+CREATE FUNCTION `CHECK_TREE_NO_MANAGE_PRIVILEGE`(userId varchar(255),modelType varchar(255),nodeId varchar(255))
+ RETURNS int(11)
+ READS SQL DATA
+BEGIN
+
+DECLARE privilegeType INTEGER;
+DECLARE allTreeIds longtext;
+DECLARE allPrivilegeTreeIds longtext;
+DECLARE result INTEGER;
+
+select privilege_type into privilegeType from sys_auth_detail where auth_id =modelType and privilege_extend ='manage';
+select GET_V_AUTH_MODEL_WITH_CHILDREN( nodeId ,modelType) into allTreeIds;
+select GET_V_AUTH_MODEL_WITH_PRIVILEGE(userId,modelType,privilegeType) into allPrivilegeTreeIds;
+select count(id) into result from v_auth_model where v_auth_model.model_type=modelType and FIND_IN_SET(v_auth_model.id,allTreeIds) and (!FIND_IN_SET(v_auth_model.id,allPrivilegeTreeIds) or ISNULL(allPrivilegeTreeIds));
+
+RETURN result;
+END
+;;
+delimiter ;
+
-- ----------------------------
-- Function structure for copy_auth
-- ----------------------------
@@ -372,37 +397,10 @@ BEGIN
DECLARE oTempLeafIds longtext;
DECLARE oTempAllIds longtext;
-select GROUP_CONCAT(auth_source) into oTempLeafIds from (
-SELECT
- sys_auth.auth_source_type,
- sys_auth.auth_source
- FROM
- sys_auth
- LEFT JOIN sys_auth_detail ON sys_auth.id = sys_auth_detail.auth_id
- WHERE
- sys_auth_detail.privilege_type = 1
- and sys_auth.auth_source_type = modelType
- AND (
- (
- sys_auth.auth_target_type = 'dept'
- AND sys_auth.auth_target in ( SELECT dept_id FROM sys_user WHERE user_id = userId )
- )
- OR (
- sys_auth.auth_target_type = 'user'
- AND sys_auth.auth_target = userId
- )
- OR (
- sys_auth.auth_target_type = 'role'
- AND sys_auth.auth_target in ( SELECT role_id FROM sys_users_roles WHERE user_id = userId )
- )
- OR (1 = ( SELECT is_admin FROM sys_user WHERE user_id = userId ))
- )
- GROUP BY
- sys_auth.auth_source_type,
- sys_auth.auth_source
- having (sum( sys_auth_detail.privilege_value )> 0 or 1 = ( SELECT is_admin FROM sys_user WHERE user_id = userId ))) temp;
- select GROUP_CONCAT(id) into oTempAllIds from (select GET_V_AUTH_MODEL_WITH_PARENT ( oTempLeafIds ,modelType) cids) t, v_auth_model where v_auth_model.model_type=modelType and FIND_IN_SET(v_auth_model.id,cids);
+select GET_V_AUTH_MODEL_WITH_PRIVILEGE(userId,modelType,1) into oTempLeafIds;
+
+select GROUP_CONCAT(id) into oTempAllIds from (select GET_V_AUTH_MODEL_WITH_PARENT ( oTempLeafIds ,modelType) cids) t, v_auth_model where v_auth_model.model_type=modelType and FIND_IN_SET(v_auth_model.id,cids) order by id asc;
RETURN oTempAllIds;
END
@@ -433,7 +431,7 @@ DO
SET oTemp = CONCAT(oTemp,',',oTempChild);
-SELECT GROUP_CONCAT(id) INTO oTempChild FROM V_AUTH_MODEL WHERE FIND_IN_SET(pid,oTempChild) > 0 and V_AUTH_MODEL.model_type=modelType;
+SELECT GROUP_CONCAT(id) INTO oTempChild FROM V_AUTH_MODEL WHERE FIND_IN_SET(pid,oTempChild) > 0 and V_AUTH_MODEL.model_type=modelType order by id asc;
END WHILE;
@@ -467,7 +465,7 @@ DO
SET oTemp = CONCAT(oTemp,',',oTempParent);
-SELECT GROUP_CONCAT(pid) INTO oTempParent FROM V_AUTH_MODEL WHERE FIND_IN_SET(id,oTempParent) > 0 and V_AUTH_MODEL.model_type=modelType;
+SELECT GROUP_CONCAT(distinct pid) INTO oTempParent FROM V_AUTH_MODEL WHERE FIND_IN_SET(id,oTempParent) > 0 and V_AUTH_MODEL.model_type=modelType order by pid asc;
END WHILE;
@@ -477,6 +475,52 @@ END
;;
delimiter ;
+-- ----------------------------
+-- Function structure for GET_V_AUTH_MODEL_WITH_PRIVILEGE
+-- ----------------------------
+DROP FUNCTION IF EXISTS `GET_V_AUTH_MODEL_WITH_PRIVILEGE`;
+delimiter ;;
+CREATE FUNCTION `GET_V_AUTH_MODEL_WITH_PRIVILEGE`(userId longtext,modelType varchar(255),privilegeType varchar(255))
+ RETURNS longtext CHARSET utf8
+ READS SQL DATA
+BEGIN
+
+DECLARE oTempLeafIds longtext;
+select GROUP_CONCAT(auth_source) into oTempLeafIds from (
+SELECT
+ sys_auth.auth_source_type,
+ sys_auth.auth_source
+ FROM
+ sys_auth
+ LEFT JOIN sys_auth_detail ON sys_auth.id = sys_auth_detail.auth_id
+ WHERE
+ sys_auth_detail.privilege_type = privilegeType
+ and sys_auth.auth_source_type = modelType
+ AND (
+ (
+ sys_auth.auth_target_type = 'dept'
+ AND sys_auth.auth_target in ( SELECT dept_id FROM sys_user WHERE user_id = userId )
+ )
+ OR (
+ sys_auth.auth_target_type = 'user'
+ AND sys_auth.auth_target = userId
+ )
+ OR (
+ sys_auth.auth_target_type = 'role'
+ AND sys_auth.auth_target in ( SELECT role_id FROM sys_users_roles WHERE user_id = userId )
+ )
+ OR (1 = ( SELECT is_admin FROM sys_user WHERE user_id = userId ))
+ )
+ GROUP BY
+ sys_auth.auth_source_type,
+ sys_auth.auth_source
+ having (sum( sys_auth_detail.privilege_value )> 0 or 1 = ( SELECT is_admin FROM sys_user WHERE user_id = userId ))) temp;
+RETURN oTempLeafIds;
+END
+;;
+delimiter ;
+
+
DROP TRIGGER if exists`new_auth_link`;
diff --git a/backend/src/main/resources/i18n/messages_en_US.properties b/backend/src/main/resources/i18n/messages_en_US.properties
index 00e10352c2..afde5fe858 100644
--- a/backend/src/main/resources/i18n/messages_en_US.properties
+++ b/backend/src/main/resources/i18n/messages_en_US.properties
@@ -257,4 +257,5 @@ i18n_excel_header_empty=Excel first row can not empty
i18n_custom_ds_delete=Custom dataset union data is deleted,can not display
i18n_sql_add_not_matching=The data column of incremental SQL does not match the dataset,
i18n_sql_delete_not_matching=The data column of incremental delete SQL does not match the dataset,
-i18n_cst_ds_tb_or_field_deleted=Custom dataset union data is deleted or field changed,can not display
\ No newline at end of file
+i18n_cst_ds_tb_or_field_deleted=Custom dataset union data is deleted or field changed,can not display
+i18n_no_all_delete_privilege_folder=This folder have sources which have no manage or view privilege,Can Not Be Deleted.
diff --git a/backend/src/main/resources/i18n/messages_zh_CN.properties b/backend/src/main/resources/i18n/messages_zh_CN.properties
index 098dccf94e..869b913812 100644
--- a/backend/src/main/resources/i18n/messages_zh_CN.properties
+++ b/backend/src/main/resources/i18n/messages_zh_CN.properties
@@ -258,4 +258,4 @@ i18n_custom_ds_delete=自定义数据集所关联数据被删除,无法正常
i18n_sql_add_not_matching=增量添加 sql 的数据列与数据集不匹配,
i18n_sql_delete_not_matching=增量删除 sql 的数据列与数据集不匹配,
i18n_cst_ds_tb_or_field_deleted=自定义数据集所关联数据被删除或字段发生变化,无法正常显示
-
+i18n_no_all_delete_privilege_folder=该目录下存在没有管理权限或查看权限的资源,无法删除
diff --git a/backend/src/main/resources/i18n/messages_zh_TW.properties b/backend/src/main/resources/i18n/messages_zh_TW.properties
index 11784fa831..a322528b11 100644
--- a/backend/src/main/resources/i18n/messages_zh_TW.properties
+++ b/backend/src/main/resources/i18n/messages_zh_TW.properties
@@ -259,4 +259,5 @@ i18n_excel_header_empty=Excel第一行為空
i18n_custom_ds_delete=自定義數據集所關聯數據被刪除,無法正常顯示
i18n_sql_add_not_matching=增量添加 sql 的數據列與數據集不匹配,
i18n_sql_delete_not_matching=增量刪除 sql 的數據列與數據集不匹配,
-i18n_cst_ds_tb_or_field_deleted=自定義數據集所關聯數據被刪除或字段發生變化,無法正常顯示
\ No newline at end of file
+i18n_cst_ds_tb_or_field_deleted=自定義數據集所關聯數據被刪除或字段發生變化,無法正常顯示
+i18n_no_all_delete_privilege_folder=该目录下存在没有管理权限或查看权限的资源,无法删除
diff --git a/frontend/src/views/system/datasource/DsTree.vue b/frontend/src/views/system/datasource/DsTree.vue
index 854e54bc3e..8f3e48c384 100644
--- a/frontend/src/views/system/datasource/DsTree.vue
+++ b/frontend/src/views/system/datasource/DsTree.vue
@@ -5,7 +5,7 @@
{{ $t('commons.datasource') }}
-
+
@@ -49,6 +49,7 @@
-
+