diff --git a/backend/src/main/java/io/dataease/controller/chart/ChartController.java b/backend/src/main/java/io/dataease/controller/chart/ChartController.java deleted file mode 100644 index 8e8c3608b9..0000000000 --- a/backend/src/main/java/io/dataease/controller/chart/ChartController.java +++ /dev/null @@ -1,26 +0,0 @@ -package io.dataease.controller.chart; - -import com.alibaba.fastjson.JSON; -import com.github.xiaoymin.knife4j.annotations.ApiSupport; -import io.dataease.controller.request.dataset.DataSetTableRequest; -import io.swagger.annotations.Api; -import io.swagger.annotations.ApiOperation; -import org.springframework.web.bind.annotation.*; - -import java.util.ArrayList; -import java.util.List; - -@Api(tags = "视图:视图管理") -@ApiSupport(order = 110) -@RestController -@RequestMapping("chart/table") -public class ChartController { - - - @ApiOperation("查询") - @PostMapping("list") - public List list(@RequestBody DataSetTableRequest dataSetTableRequest) { - return new ArrayList<>(); - } - -} diff --git a/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java b/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java index 783a48c74a..6c7a1c234b 100644 --- a/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java +++ b/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java @@ -21,24 +21,28 @@ public class ChartGroupController { @Resource private ChartGroupService chartGroupService; + @ApiIgnore @ApiOperation("保存") @PostMapping("/save") public ChartGroupDTO save(@RequestBody ChartGroup ChartGroup) { return chartGroupService.save(ChartGroup); } + @ApiIgnore @ApiOperation("查询树") @PostMapping("/tree") public List tree(@RequestBody ChartGroupRequest ChartGroup) { return chartGroupService.tree(ChartGroup); } + @ApiIgnore @ApiOperation("查询树节点") @PostMapping("/treeNode") public List treeNode(@RequestBody ChartGroupRequest ChartGroup) { return chartGroupService.tree(ChartGroup); } + @ApiIgnore @ApiOperation("删除") @PostMapping("/delete/{id}") public void tree(@PathVariable String id) { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java index cd433007f2..4338ee09be 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java @@ -45,14 +45,13 @@ public class DataSetGroupController { return dataSetGroupService.save(datasetGroup); } - @RequiresPermissions("data:read") - @ApiOperation("查询树") + @ApiIgnore @PostMapping("/tree") public List tree(@RequestBody DataSetGroupRequest datasetGroup) { return dataSetGroupService.tree(datasetGroup); } - @ApiOperation("查询树节点") + @ApiIgnore @PostMapping("/treeNode") public List treeNode(@RequestBody DataSetGroupRequest datasetGroup) { return dataSetGroupService.treeNode(datasetGroup); diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java index 9639ec9aa2..e6db619cb0 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java @@ -10,9 +10,9 @@ import io.dataease.commons.constants.DePermissionType; import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.controller.request.dataset.DataSetTableRequest; import io.dataease.controller.response.DataSetDetail; -import io.dataease.dto.datasource.TableField; import io.dataease.dto.dataset.DataSetTableDTO; import io.dataease.dto.dataset.ExcelFileData; +import io.dataease.dto.datasource.TableField; import io.dataease.service.dataset.DataSetTableService; import io.swagger.annotations.*; import org.apache.shiro.authz.annotation.Logical; @@ -38,9 +38,9 @@ public class DataSetTableController { @RequiresPermissions("data:read") @DePermissions(value = { - @DePermission(type = DePermissionType.DATASET, value = "id"), - @DePermission(type = DePermissionType.DATASET, value = "sceneId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE), - @DePermission(type = DePermissionType.DATASOURCE, value = "dataSourceId", level = ResourceAuthLevel.DATASET_LEVEL_USE) + @DePermission(type = DePermissionType.DATASET, value = "id"), + @DePermission(type = DePermissionType.DATASET, value = "sceneId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE), + @DePermission(type = DePermissionType.DATASOURCE, value = "dataSourceId", level = ResourceAuthLevel.DATASET_LEVEL_USE) }, logical = Logical.AND) @ApiOperation("批量保存") @PostMapping("batchAdd") @@ -85,6 +85,7 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "sceneId") @ApiOperation("查询") @PostMapping("list") public List list(@RequestBody DataSetTableRequest dataSetTableRequest) { @@ -92,6 +93,7 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "sceneId") @ApiOperation("查询组") @PostMapping("listAndGroup") public List listAndGroup(@RequestBody DataSetTableRequest dataSetTableRequest) { @@ -107,6 +109,7 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE) @ApiOperation("带权限查询") @PostMapping("getWithPermission/{id}") public DataSetTableDTO getWithPermission(@PathVariable String id) { @@ -114,48 +117,63 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId") @ApiOperation("查询原始字段") @PostMapping("getFields") public List getFields(@RequestBody DatasetTable datasetTable) throws Exception { return dataSetTableService.getFields(datasetTable); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "id") @ApiOperation("查询生成字段") @PostMapping("getFieldsFromDE") public Map> getFieldsFromDE(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception { return dataSetTableService.getFieldsFromDE(dataSetTableRequest); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "id") @ApiOperation("查询预览数据") @PostMapping("getPreviewData/{page}/{pageSize}") public Map getPreviewData(@RequestBody DataSetTableRequest dataSetTableRequest, @PathVariable Integer page, @PathVariable Integer pageSize) throws Exception { return dataSetTableService.getPreviewData(dataSetTableRequest, page, pageSize, null); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId") @ApiOperation("根据sql查询预览数据") @PostMapping("sqlPreview") public Map getSQLPreview(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception { return dataSetTableService.getSQLPreview(dataSetTableRequest); } - @ApiOperation("客户预览数据") + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId") + @ApiOperation("预览自定义数据数据") @PostMapping("customPreview") public Map customPreview(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception { return dataSetTableService.getCustomPreview(dataSetTableRequest); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "tableId") @ApiOperation("查询增量配置") @PostMapping("incrementalConfig") public DatasetTableIncrementalConfig incrementalConfig(@RequestBody DatasetTableIncrementalConfig datasetTableIncrementalConfig) throws Exception { return dataSetTableService.incrementalConfig(datasetTableIncrementalConfig); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE, value = "tableId") @ApiOperation("保存增量配置") @PostMapping("save/incrementalConfig") public void saveIncrementalConfig(@RequestBody DatasetTableIncrementalConfig datasetTableIncrementalConfig) throws Exception { dataSetTableService.saveIncrementalConfig(datasetTableIncrementalConfig); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("数据集详息") @PostMapping("datasetDetail/{id}") public DataSetDetail datasetDetail(@PathVariable String id) { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java index 42a1eb98e2..fe873b7711 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java @@ -4,6 +4,7 @@ import com.auth0.jwt.JWT; import com.auth0.jwt.interfaces.DecodedJWT; import com.github.xiaoymin.knife4j.annotations.ApiSupport; import io.dataease.auth.annotation.DePermission; +import io.dataease.auth.annotation.DePermissions; import io.dataease.auth.filter.F2CLinkFilter; import io.dataease.base.domain.DatasetTable; import io.dataease.base.domain.DatasetTableField; @@ -21,6 +22,7 @@ import io.dataease.service.dataset.PermissionService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.apache.commons.lang3.ObjectUtils; +import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; @@ -139,10 +141,13 @@ public class DataSetTableFieldController { return dataSetTableFieldsService.save(datasetTableField); } - //TODO 校验权限 + @RequiresPermissions("data:read") + @DePermissions(value = { + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE, paramIndex = 1) + }) @ApiOperation("删除") - @PostMapping("delete/{id}") - public void delete(@PathVariable String id) { + @PostMapping("delete/{id}/{tableId}") + public void delete(@PathVariable String id, @PathVariable String tableId) { dataSetTableFieldsService.delete(id); } diff --git a/frontend/src/views/dataset/data/FieldEdit.vue b/frontend/src/views/dataset/data/FieldEdit.vue index e74c771470..c44b889b9d 100644 --- a/frontend/src/views/dataset/data/FieldEdit.vue +++ b/frontend/src/views/dataset/data/FieldEdit.vue @@ -392,7 +392,7 @@ export default { cancelButtonText: this.$t('dataset.cancel'), type: 'warning' }).then(() => { - post('/dataset/field/delete/' + item.id, null).then(response => { + post('/dataset/field/delete/' + item.id + '/' + item.tableId, null).then(response => { this.$message({ type: 'success', message: this.$t('chart.delete_success'),