From afa4b4ed323ff1202d94a47c182c748f9e520996 Mon Sep 17 00:00:00 2001 From: taojinlong Date: Sat, 26 Feb 2022 17:06:15 +0800 Subject: [PATCH 1/9] =?UTF-8?q?fix:=20=E6=95=B0=E6=8D=AE=E6=BA=90=E3=80=81?= =?UTF-8?q?=E6=95=B0=E6=8D=AE=E9=9B=86=20api=20=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../aop/DePermissionAnnotationHandler.java | 2 +- .../commons/constants/ResourceAuthLevel.java | 6 +++- .../dataset/DataSetGroupController.java | 2 +- .../dataset/DataSetTableController.java | 13 ++++++++ .../dataset/DataSetTableFieldController.java | 20 ++++++++++-- .../dataset/DataSetTableTaskController.java | 8 ++++- .../DataSetTableTaskLogController.java | 12 ++++--- .../dataset/DataSetTableUnionController.java | 9 ++++++ .../dataset/DatasetFunctionController.java | 6 ++++ .../datasource/DatasourceController.java | 32 ++++++------------- .../server/ColumnPermissionsController.java | 17 +++++++++- .../server/RowPermissionsController.java | 16 ++++++++++ .../main/resources/db/migration/V32__1.8.sql | 3 ++ frontend/src/views/login/index.vue | 1 - .../src/views/system/datasource/DsTree.vue | 3 +- 15 files changed, 112 insertions(+), 38 deletions(-) diff --git a/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java b/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java index 5654a987b6..616c9d14e9 100644 --- a/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java +++ b/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java @@ -134,7 +134,7 @@ public class DePermissionAnnotationHandler { return access(o, annotation, ++layer); } else { // 当作自定义类处理 - String[] values = value.split("u002E"); + String[] values = value.split("\\."); String fieldName = values[layer]; Object fieldValue = getFieldValue(arg, fieldName); diff --git a/backend/src/main/java/io/dataease/commons/constants/ResourceAuthLevel.java b/backend/src/main/java/io/dataease/commons/constants/ResourceAuthLevel.java index 4eae45a734..f9ce6ad80a 100644 --- a/backend/src/main/java/io/dataease/commons/constants/ResourceAuthLevel.java +++ b/backend/src/main/java/io/dataease/commons/constants/ResourceAuthLevel.java @@ -15,7 +15,11 @@ public enum ResourceAuthLevel { LINK_LEVEL_USE(1), LINK_LEVEL_MANAGE(3), - LINK_LEVEL_GRANT(15); + LINK_LEVEL_GRANT(15), + + DATASOURCE_LEVEL_USE(1), + DATASOURCE_LEVEL_MANAGE(3), + DATASOURCE_LEVEL_GRANT(15); private Integer level; diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java index f4cdcff78b..cd433007f2 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java @@ -72,7 +72,7 @@ public class DataSetGroupController { return dataSetGroupService.getScene(id); } - @ApiOperation("检测kettle") + @ApiIgnore @PostMapping("/isKettleRunning") public boolean isKettleRunning() { return extractDataService.isKettleRunning(); diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java index 3d9356e50b..9639ec9aa2 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java @@ -76,6 +76,7 @@ public class DataSetTableController { dataSetTableService.alter(request); } + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("删除") @PostMapping("delete/{id}") @@ -83,18 +84,21 @@ public class DataSetTableController { dataSetTableService.delete(id); } + @RequiresPermissions("data:read") @ApiOperation("查询") @PostMapping("list") public List list(@RequestBody DataSetTableRequest dataSetTableRequest) { return dataSetTableService.list(dataSetTableRequest); } + @RequiresPermissions("data:read") @ApiOperation("查询组") @PostMapping("listAndGroup") public List listAndGroup(@RequestBody DataSetTableRequest dataSetTableRequest) { return dataSetTableService.listAndGroup(dataSetTableRequest); } + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE) @ApiOperation("详息") @PostMapping("get/{id}") @@ -102,12 +106,14 @@ public class DataSetTableController { return dataSetTableService.get(id); } + @RequiresPermissions("data:read") @ApiOperation("带权限查询") @PostMapping("getWithPermission/{id}") public DataSetTableDTO getWithPermission(@PathVariable String id) { return dataSetTableService.getWithPermission(id, null); } + @RequiresPermissions("data:read") @ApiOperation("查询原始字段") @PostMapping("getFields") public List getFields(@RequestBody DatasetTable datasetTable) throws Exception { @@ -167,24 +173,31 @@ public class DataSetTableController { return dataSetTableService.excelSaveAndParse(file, tableId, editType); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("检测doris") @PostMapping("checkDorisTableIsExists/{id}") public Boolean checkDorisTableIsExists(@PathVariable String id) throws Exception { return dataSetTableService.checkDorisTableIsExists(id); } + @RequiresPermissions("data:read") @ApiOperation("搜索") @PostMapping("search") public List search(@RequestBody DataSetTableRequest dataSetTableRequest) { return dataSetTableService.search(dataSetTableRequest); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("数据集同步表结构") @PostMapping("syncField/{id}") public DatasetTable syncDatasetTableField(@PathVariable String id) throws Exception { return dataSetTableService.syncDatasetTableField(id); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, value = "id") @ApiOperation("关联数据集预览数据") @PostMapping("unionPreview") public Map unionPreview(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java index 9a0abdc441..42a1eb98e2 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java @@ -21,6 +21,7 @@ import io.dataease.service.dataset.PermissionService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.apache.commons.lang3.ObjectUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; @@ -28,6 +29,7 @@ import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import cn.hutool.core.collection.CollectionUtil; +import springfox.documentation.annotations.ApiIgnore; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; @@ -54,6 +56,8 @@ public class DataSetTableFieldController { @Resource private PermissionService permissionService; + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("查询表下属字段") @PostMapping("list/{tableId}") public List list(@PathVariable String tableId) { @@ -64,6 +68,8 @@ public class DataSetTableFieldController { return fields; } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("查询表下属字段") @PostMapping("listWithPermission/{tableId}") public List listWithPermission(@PathVariable String tableId) { @@ -77,6 +83,8 @@ public class DataSetTableFieldController { } //管理权限,可以列出所有字段 + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("查询表下属字段") @PostMapping("listForPermissionSeting/{tableId}") public List listForPermissionSeting(@PathVariable String tableId) { @@ -87,6 +95,8 @@ public class DataSetTableFieldController { } //管理权限,可以列出所有字段 + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("分组查询表下属字段") @PostMapping("listByDQ/{tableId}") public DatasetTableField4Type listByDQ(@PathVariable String tableId) { @@ -103,12 +113,15 @@ public class DataSetTableFieldController { return datasetTableField4Type; } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("批量更新") @PostMapping("batchEdit") public void batchEdit(@RequestBody List list) { dataSetTableFieldsService.batchEdit(list); } + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("保存") @PostMapping("save") @@ -126,13 +139,14 @@ public class DataSetTableFieldController { return dataSetTableFieldsService.save(datasetTableField); } + //TODO 校验权限 @ApiOperation("删除") @PostMapping("delete/{id}") public void delete(@PathVariable String id) { dataSetTableFieldsService.delete(id); } - @ApiOperation("多字段值枚举") + @ApiIgnore @PostMapping("linkMultFieldValues") public List linkMultFieldValues(@RequestBody MultFieldValuesRequest multFieldValuesRequest) throws Exception { @@ -145,7 +159,7 @@ public class DataSetTableFieldController { return multFieldValues(multFieldValuesRequest); } - @ApiOperation("多字段值枚举") + @ApiIgnore @PostMapping("multFieldValues") public List multFieldValues(@RequestBody MultFieldValuesRequest multFieldValuesRequest) throws Exception { List results = new ArrayList<>(); @@ -168,7 +182,7 @@ public class DataSetTableFieldController { return list; } - @ApiOperation("多字段值枚举") + @ApiIgnore @PostMapping("multFieldValuesForPermissions") public List multFieldValuesForPermissions(@RequestBody MultFieldValuesRequest multFieldValuesRequest) throws Exception { List results = new ArrayList<>(); diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskController.java index e0703d256b..74bb8cc0b7 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskController.java @@ -16,7 +16,9 @@ import io.dataease.service.dataset.DataSetTableTaskLogService; import io.dataease.service.dataset.DataSetTableTaskService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; +import springfox.documentation.annotations.ApiIgnore; import javax.annotation.Resource; import java.util.List; @@ -42,18 +44,21 @@ public class DataSetTableTaskController { return dataSetTableTaskService.save(dataSetTaskRequest); } + //TODO @ApiOperation("删除") @PostMapping("delete/{id}") public void delete(@PathVariable String id) { dataSetTableTaskService.delete(id); } + @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("list") public List list(@RequestBody DatasetTableTask datasetTableTask) { return dataSetTableTaskService.list(datasetTableTask); } + @RequiresPermissions("task:read") @ApiOperation("分页查询") @PostMapping("/pageList/{goPage}/{pageSize}") public Pager> taskList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseGridRequest request) { @@ -62,12 +67,13 @@ public class DataSetTableTaskController { return PageUtils.setPageInfo(page, dataSetTableTaskService.taskList4User(request)); } - @ApiOperation("上次执行时间") + @ApiIgnore @PostMapping("/lastExecStatus") public DataSetTaskDTO lastExecStatus(@RequestBody DataSetTaskDTO datasetTableTask) { return dataSetTableTaskLogService.lastExecStatus(datasetTableTask); } + @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("更新状态") @PostMapping("/updateStatus") public void updateStatus(@RequestBody DatasetTableTask datasetTableTask) throws Exception{ diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskLogController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskLogController.java index 5160a2b5c2..960e9ff62b 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskLogController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskLogController.java @@ -14,6 +14,7 @@ import io.dataease.dto.dataset.DataSetTaskLogDTO; import io.dataease.service.dataset.DataSetTableTaskLogService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import javax.annotation.Resource; @@ -38,12 +39,13 @@ public class DataSetTableTaskLogController { return dataSetTableTaskLogService.save(datasetTableTaskLog); } - @ApiOperation("删除") - @PostMapping("delete/{id}") - public void delete(@PathVariable String id) { - dataSetTableTaskLogService.delete(id); - } +// @ApiOperation("删除") +// @PostMapping("delete/{id}") +// public void delete(@PathVariable String id) { +// dataSetTableTaskLogService.delete(id); +// } + @RequiresPermissions("task:read") @ApiOperation("分页查询") @PostMapping("list/{type}/{goPage}/{pageSize}") public Pager> list(@RequestBody BaseGridRequest request, @PathVariable String type, @PathVariable int goPage, @PathVariable int pageSize) { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableUnionController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableUnionController.java index c2b8a689d7..8f0c8048c4 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableUnionController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableUnionController.java @@ -1,11 +1,15 @@ package io.dataease.controller.dataset; import com.github.xiaoymin.knife4j.annotations.ApiSupport; +import io.dataease.auth.annotation.DePermission; import io.dataease.base.domain.DatasetTableUnion; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.dto.dataset.DataSetTableUnionDTO; import io.dataease.service.dataset.DataSetTableUnionService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import javax.annotation.Resource; @@ -23,18 +27,23 @@ public class DataSetTableUnionController { @Resource private DataSetTableUnionService dataSetTableUnionService; + @RequiresPermissions("data:read") @ApiOperation("保存") @PostMapping("save") public DatasetTableUnion save(@RequestBody DatasetTableUnion datasetTableUnion) { return dataSetTableUnionService.save(datasetTableUnion); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("删除") @PostMapping("delete/{id}") public void delete(@PathVariable String id) { dataSetTableUnionService.delete(id); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("查询") @PostMapping("listByTableId/{tableId}") public List listByTableId(@PathVariable String tableId) { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DatasetFunctionController.java b/backend/src/main/java/io/dataease/controller/dataset/DatasetFunctionController.java index 32bb6c4067..66c1ba8d72 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DatasetFunctionController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DatasetFunctionController.java @@ -1,10 +1,14 @@ package io.dataease.controller.dataset; import com.github.xiaoymin.knife4j.annotations.ApiSupport; +import io.dataease.auth.annotation.DePermission; import io.dataease.base.domain.DatasetTableFunction; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.service.dataset.DatasetFunctionService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; @@ -25,6 +29,8 @@ public class DatasetFunctionController { @Resource private DatasetFunctionService datasetFunctionService; + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("listByTableId/{tableId}") public List listByTableId(@PathVariable String tableId) { diff --git a/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java b/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java index a47f6b28cc..d03a15f2db 100644 --- a/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java +++ b/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java @@ -1,26 +1,19 @@ package io.dataease.controller.datasource; -import com.github.pagehelper.Page; -import com.github.pagehelper.PageHelper; import com.github.xiaoymin.knife4j.annotations.ApiSupport; import io.dataease.auth.annotation.DePermission; -import io.dataease.auth.annotation.DePermissions; import io.dataease.base.domain.Datasource; import io.dataease.commons.constants.DePermissionType; import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.commons.utils.AuthUtils; -import io.dataease.commons.utils.PageUtils; -import io.dataease.commons.utils.Pager; import io.dataease.controller.ResultHolder; import io.dataease.controller.request.DatasourceUnionRequest; import io.dataease.controller.request.datasource.ApiDefinition; -import io.dataease.controller.sys.base.BaseGridRequest; import io.dataease.dto.datasource.DBTableDTO; import io.dataease.service.datasource.DatasourceService; import io.dataease.dto.DatasourceDTO; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; -import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -38,7 +31,7 @@ public class DatasourceController { @Resource private DatasourceService datasourceService; - @RequiresPermissions("datasource:add") + @RequiresPermissions("datasource:read") @DePermission(type = DePermissionType.DATASOURCE, value = "id") @ApiOperation("新增数据源") @PostMapping("/add") @@ -47,7 +40,6 @@ public class DatasourceController { } @RequiresPermissions("datasource:read") - @DePermission(type = DePermissionType.DATASOURCE, value = "id") @ApiOperation("验证数据源") @PostMapping("/validate") public ResultHolder validate(@RequestBody DatasourceDTO datasource) throws Exception { @@ -55,14 +47,14 @@ public class DatasourceController { } @RequiresPermissions("datasource:read") - @DePermission(type = DePermissionType.DATASOURCE) + @DePermission(type = DePermissionType.DATASOURCE, value = "id") @ApiOperation("验证数据源") @GetMapping("/validate/{datasourceId}") public ResultHolder validate(@PathVariable String datasourceId) { return datasourceService.validate(datasourceId); } - + @RequiresPermissions("datasource:read") @ApiOperation("查询当前用户数据源") @GetMapping("/list") public List getDatasourceList() throws Exception { @@ -71,6 +63,7 @@ public class DatasourceController { return datasourceService.getDatasourceList(request); } + @RequiresPermissions("datasource:read") @ApiOperation("查询当前用户数据源") @GetMapping("/list/{type}") public List getDatasourceListByType(@PathVariable String type) throws Exception { @@ -78,28 +71,23 @@ public class DatasourceController { } @RequiresPermissions("datasource:read") - @ApiIgnore - @PostMapping("/list/{goPage}/{pageSize}") - public Pager> getDatasourceList(@RequestBody BaseGridRequest request, @PathVariable int goPage, @PathVariable int pageSize) throws Exception { - Page page = PageHelper.startPage(goPage, pageSize, true); - return PageUtils.setPageInfo(page, datasourceService.gridQuery(request)); - } - - @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.LINK_LEVEL_MANAGE) + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_MANAGE) @ApiOperation("删除数据源") @PostMapping("/delete/{datasourceID}") public void deleteDatasource(@PathVariable(value = "datasourceID") String datasourceID) throws Exception { datasourceService.deleteDatasource(datasourceID); } - @RequiresPermissions("datasource:add") - @DePermission(type = DePermissionType.DATASOURCE, value = "id", level = ResourceAuthLevel.LINK_LEVEL_MANAGE) + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASOURCE, value = "id", level = ResourceAuthLevel.DATASOURCE_LEVEL_MANAGE) @ApiOperation("更新数据源") @PostMapping("/update") public void updateDatasource(@RequestBody Datasource Datasource) { datasourceService.updateDatasource(Datasource); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASOURCE, value = "id") @ApiOperation("查询数据源下属所有表") @PostMapping("/getTables") public List getTables(@RequestBody Datasource datasource) throws Exception { @@ -112,7 +100,7 @@ public class DatasourceController { return datasourceService.getSchema(datasource); } - @ApiOperation("校验API数据源") + @ApiIgnore @PostMapping("/checkApiDatasource") public ApiDefinition checkApiDatasource(@RequestBody ApiDefinition apiDefinition) throws Exception { return datasourceService.checkApiDatasource(apiDefinition); diff --git a/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java b/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java index 68e81c2c9f..c2108ad5a1 100644 --- a/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java +++ b/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java @@ -2,6 +2,9 @@ package io.dataease.plugins.server; import com.github.pagehelper.Page; import com.github.pagehelper.PageHelper; +import io.dataease.auth.annotation.DePermission; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.commons.utils.PageUtils; import io.dataease.commons.utils.Pager; import io.dataease.i18n.Translator; @@ -16,6 +19,7 @@ import io.dataease.plugins.xpack.auth.service.ColumnPermissionService; import io.dataease.plugins.xpack.auth.service.RowPermissionService; import io.swagger.annotations.ApiOperation; import org.apache.commons.lang3.StringUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.util.CollectionUtils; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -27,7 +31,8 @@ import java.util.List; @RequestMapping("plugin/dataset/columnPermissions") public class ColumnPermissionsController { - + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("保存") @PostMapping("save") public DatasetColumnPermissions save(@RequestBody DatasetColumnPermissions datasetColumnPermissions) throws Exception { @@ -52,6 +57,8 @@ public class ColumnPermissionsController { return columnPermissionService.save(datasetColumnPermissions); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("/list") public List searchPermissions(@RequestBody DataSetColumnPermissionsDTO request) { @@ -59,6 +66,8 @@ public class ColumnPermissionsController { return columnPermissionService.searchPermissions(request); } + //TODO + @RequiresPermissions("datasource:read") @ApiOperation("删除") @PostMapping("/delete/{id}") public void delete(@PathVariable String id) { @@ -66,6 +75,8 @@ public class ColumnPermissionsController { columnPermissionService.delete(id); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("分页查询") @PostMapping("/pageList/{datasetId}/{goPage}/{pageSize}") public Pager> rowPermissions(@PathVariable String datasetId, @PathVariable int goPage, @PathVariable int pageSize, @RequestBody XpackGridRequest request) { @@ -81,6 +92,8 @@ public class ColumnPermissionsController { return PageUtils.setPageInfo(page, columnPermissionService.queryPermissions(request)); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("有权限的对象") @PostMapping("/authObjs") public List authObjs(@RequestBody DataSetColumnPermissionsDTO request) { @@ -88,6 +101,8 @@ public class ColumnPermissionsController { return (List) columnPermissionService.authObjs(request); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("详情") @PostMapping("/permissionInfo") public DataSetColumnPermissionsDTO permissionInfo(@RequestBody DataSetColumnPermissionsDTO request) { diff --git a/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java b/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java index e685a45eaa..98cbd28999 100644 --- a/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java +++ b/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java @@ -2,6 +2,9 @@ package io.dataease.plugins.server; import com.github.pagehelper.Page; import com.github.pagehelper.PageHelper; +import io.dataease.auth.annotation.DePermission; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.commons.utils.PageUtils; import io.dataease.commons.utils.Pager; import io.dataease.i18n.Translator; @@ -13,6 +16,7 @@ import io.dataease.plugins.xpack.auth.dto.request.DatasetRowPermissions; import io.dataease.plugins.xpack.auth.service.RowPermissionService; import io.swagger.annotations.ApiOperation; import org.apache.commons.lang3.StringUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.util.CollectionUtils; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -24,6 +28,8 @@ import java.util.List; @RequestMapping("plugin/dataset/rowPermissions") public class RowPermissionsController { + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("保存") @PostMapping("save") public void save(@RequestBody DatasetRowPermissions datasetRowPermissions) throws Exception { @@ -49,6 +55,8 @@ public class RowPermissionsController { rowPermissionService.save(datasetRowPermissions); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("/list") public List rowPermissions(@RequestBody DataSetRowPermissionsDTO request) { @@ -56,6 +64,8 @@ public class RowPermissionsController { return rowPermissionService.searchRowPermissions(request); } + //TODO + @RequiresPermissions("datasource:read") @ApiOperation("删除") @PostMapping("/delete/{id}") public void dataSetRowPermissionInfo(@PathVariable String id) { @@ -63,6 +73,8 @@ public class RowPermissionsController { rowPermissionService.delete(id); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("分页查询") @PostMapping("/pageList/{datasetId}/{goPage}/{pageSize}") public Pager> rowPermissions(@PathVariable String datasetId, @PathVariable int goPage, @PathVariable int pageSize, @RequestBody XpackGridRequest request) { @@ -78,6 +90,8 @@ public class RowPermissionsController { return PageUtils.setPageInfo(page, rowPermissionService.queryRowPermissions(request)); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("有权限的对象") @PostMapping("/authObjs") public List authObjs(@RequestBody DataSetRowPermissionsDTO request) { @@ -85,6 +99,8 @@ public class RowPermissionsController { return (List) rowPermissionService.authObjs(request); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("详情") @PostMapping("/dataSetRowPermissionInfo") public DataSetRowPermissionsDTO dataSetRowPermissionInfo(@RequestBody DataSetRowPermissionsDTO request) { diff --git a/backend/src/main/resources/db/migration/V32__1.8.sql b/backend/src/main/resources/db/migration/V32__1.8.sql index 3ffa33fe71..a47a45a818 100644 --- a/backend/src/main/resources/db/migration/V32__1.8.sql +++ b/backend/src/main/resources/db/migration/V32__1.8.sql @@ -404,3 +404,6 @@ CREATE TABLE `dataease_code_version` ( BEGIN; INSERT INTO `dataease_code_version` VALUES (0, 'init', NULL, 1); COMMIT; + +DELETE FALSE `sys_menu` WHERE pid=34; +UPDATE `sys_menu` SET `sub_count` = '0' WHERE (`menu_id` = '34'); \ No newline at end of file diff --git a/frontend/src/views/login/index.vue b/frontend/src/views/login/index.vue index f4fe8aa162..e8ff368bd3 100644 --- a/frontend/src/views/login/index.vue +++ b/frontend/src/views/login/index.vue @@ -202,7 +202,6 @@ export default { loginType: this.loginForm.loginType } const publicKey = localStorage.getItem('publicKey') - console.log(publicKey) this.$store.dispatch('user/login', user).then(() => { this.$router.push({ path: this.redirect || '/' }) this.loading = false diff --git a/frontend/src/views/system/datasource/DsTree.vue b/frontend/src/views/system/datasource/DsTree.vue index c4685a9c8a..e5ca81de49 100644 --- a/frontend/src/views/system/datasource/DsTree.vue +++ b/frontend/src/views/system/datasource/DsTree.vue @@ -5,7 +5,7 @@ {{ $t('commons.datasource') }} - @@ -76,7 +76,6 @@ Date: Sat, 26 Feb 2022 17:10:02 +0800 Subject: [PATCH 2/9] =?UTF-8?q?fix:=20=E6=95=B0=E6=8D=AE=E6=BA=90=E3=80=81?= =?UTF-8?q?=E6=95=B0=E6=8D=AE=E9=9B=86=20api=20=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/src/main/resources/db/migration/V32__1.8.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/main/resources/db/migration/V32__1.8.sql b/backend/src/main/resources/db/migration/V32__1.8.sql index d99ba6b33f..9e223defdd 100644 --- a/backend/src/main/resources/db/migration/V32__1.8.sql +++ b/backend/src/main/resources/db/migration/V32__1.8.sql @@ -405,5 +405,5 @@ BEGIN; INSERT INTO `dataease_code_version` VALUES (0, 'init', NULL, 1); COMMIT; -DELETE FALSE `sys_menu` WHERE pid=34; +DELETE FROM `sys_menu` WHERE pid=34; UPDATE `sys_menu` SET `sub_count` = '0' WHERE (`menu_id` = '34'); \ No newline at end of file From 9642862e57af7963b5c4cd6891333a5ffea0c00f Mon Sep 17 00:00:00 2001 From: junjun Date: Sun, 27 Feb 2022 14:49:59 +0800 Subject: [PATCH 3/9] =?UTF-8?q?refactor:=20=E6=95=B0=E6=8D=AE=E9=9B=86?= =?UTF-8?q?=E8=A7=86=E5=9B=BE=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/chart/ChartController.java | 26 ----------------- .../chart/ChartGroupController.java | 4 +++ .../dataset/DataSetGroupController.java | 5 ++-- .../dataset/DataSetTableController.java | 28 +++++++++++++++---- .../dataset/DataSetTableFieldController.java | 11 ++++++-- frontend/src/views/dataset/data/FieldEdit.vue | 2 +- 6 files changed, 38 insertions(+), 38 deletions(-) delete mode 100644 backend/src/main/java/io/dataease/controller/chart/ChartController.java diff --git a/backend/src/main/java/io/dataease/controller/chart/ChartController.java b/backend/src/main/java/io/dataease/controller/chart/ChartController.java deleted file mode 100644 index 8e8c3608b9..0000000000 --- a/backend/src/main/java/io/dataease/controller/chart/ChartController.java +++ /dev/null @@ -1,26 +0,0 @@ -package io.dataease.controller.chart; - -import com.alibaba.fastjson.JSON; -import com.github.xiaoymin.knife4j.annotations.ApiSupport; -import io.dataease.controller.request.dataset.DataSetTableRequest; -import io.swagger.annotations.Api; -import io.swagger.annotations.ApiOperation; -import org.springframework.web.bind.annotation.*; - -import java.util.ArrayList; -import java.util.List; - -@Api(tags = "视图:视图管理") -@ApiSupport(order = 110) -@RestController -@RequestMapping("chart/table") -public class ChartController { - - - @ApiOperation("查询") - @PostMapping("list") - public List list(@RequestBody DataSetTableRequest dataSetTableRequest) { - return new ArrayList<>(); - } - -} diff --git a/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java b/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java index 783a48c74a..6c7a1c234b 100644 --- a/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java +++ b/backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java @@ -21,24 +21,28 @@ public class ChartGroupController { @Resource private ChartGroupService chartGroupService; + @ApiIgnore @ApiOperation("保存") @PostMapping("/save") public ChartGroupDTO save(@RequestBody ChartGroup ChartGroup) { return chartGroupService.save(ChartGroup); } + @ApiIgnore @ApiOperation("查询树") @PostMapping("/tree") public List tree(@RequestBody ChartGroupRequest ChartGroup) { return chartGroupService.tree(ChartGroup); } + @ApiIgnore @ApiOperation("查询树节点") @PostMapping("/treeNode") public List treeNode(@RequestBody ChartGroupRequest ChartGroup) { return chartGroupService.tree(ChartGroup); } + @ApiIgnore @ApiOperation("删除") @PostMapping("/delete/{id}") public void tree(@PathVariable String id) { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java index cd433007f2..4338ee09be 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java @@ -45,14 +45,13 @@ public class DataSetGroupController { return dataSetGroupService.save(datasetGroup); } - @RequiresPermissions("data:read") - @ApiOperation("查询树") + @ApiIgnore @PostMapping("/tree") public List tree(@RequestBody DataSetGroupRequest datasetGroup) { return dataSetGroupService.tree(datasetGroup); } - @ApiOperation("查询树节点") + @ApiIgnore @PostMapping("/treeNode") public List treeNode(@RequestBody DataSetGroupRequest datasetGroup) { return dataSetGroupService.treeNode(datasetGroup); diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java index 9639ec9aa2..e6db619cb0 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java @@ -10,9 +10,9 @@ import io.dataease.commons.constants.DePermissionType; import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.controller.request.dataset.DataSetTableRequest; import io.dataease.controller.response.DataSetDetail; -import io.dataease.dto.datasource.TableField; import io.dataease.dto.dataset.DataSetTableDTO; import io.dataease.dto.dataset.ExcelFileData; +import io.dataease.dto.datasource.TableField; import io.dataease.service.dataset.DataSetTableService; import io.swagger.annotations.*; import org.apache.shiro.authz.annotation.Logical; @@ -38,9 +38,9 @@ public class DataSetTableController { @RequiresPermissions("data:read") @DePermissions(value = { - @DePermission(type = DePermissionType.DATASET, value = "id"), - @DePermission(type = DePermissionType.DATASET, value = "sceneId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE), - @DePermission(type = DePermissionType.DATASOURCE, value = "dataSourceId", level = ResourceAuthLevel.DATASET_LEVEL_USE) + @DePermission(type = DePermissionType.DATASET, value = "id"), + @DePermission(type = DePermissionType.DATASET, value = "sceneId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE), + @DePermission(type = DePermissionType.DATASOURCE, value = "dataSourceId", level = ResourceAuthLevel.DATASET_LEVEL_USE) }, logical = Logical.AND) @ApiOperation("批量保存") @PostMapping("batchAdd") @@ -85,6 +85,7 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "sceneId") @ApiOperation("查询") @PostMapping("list") public List list(@RequestBody DataSetTableRequest dataSetTableRequest) { @@ -92,6 +93,7 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "sceneId") @ApiOperation("查询组") @PostMapping("listAndGroup") public List listAndGroup(@RequestBody DataSetTableRequest dataSetTableRequest) { @@ -107,6 +109,7 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE) @ApiOperation("带权限查询") @PostMapping("getWithPermission/{id}") public DataSetTableDTO getWithPermission(@PathVariable String id) { @@ -114,48 +117,63 @@ public class DataSetTableController { } @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId") @ApiOperation("查询原始字段") @PostMapping("getFields") public List getFields(@RequestBody DatasetTable datasetTable) throws Exception { return dataSetTableService.getFields(datasetTable); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "id") @ApiOperation("查询生成字段") @PostMapping("getFieldsFromDE") public Map> getFieldsFromDE(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception { return dataSetTableService.getFieldsFromDE(dataSetTableRequest); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "id") @ApiOperation("查询预览数据") @PostMapping("getPreviewData/{page}/{pageSize}") public Map getPreviewData(@RequestBody DataSetTableRequest dataSetTableRequest, @PathVariable Integer page, @PathVariable Integer pageSize) throws Exception { return dataSetTableService.getPreviewData(dataSetTableRequest, page, pageSize, null); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId") @ApiOperation("根据sql查询预览数据") @PostMapping("sqlPreview") public Map getSQLPreview(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception { return dataSetTableService.getSQLPreview(dataSetTableRequest); } - @ApiOperation("客户预览数据") + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId") + @ApiOperation("预览自定义数据数据") @PostMapping("customPreview") public Map customPreview(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception { return dataSetTableService.getCustomPreview(dataSetTableRequest); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "tableId") @ApiOperation("查询增量配置") @PostMapping("incrementalConfig") public DatasetTableIncrementalConfig incrementalConfig(@RequestBody DatasetTableIncrementalConfig datasetTableIncrementalConfig) throws Exception { return dataSetTableService.incrementalConfig(datasetTableIncrementalConfig); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE, value = "tableId") @ApiOperation("保存增量配置") @PostMapping("save/incrementalConfig") public void saveIncrementalConfig(@RequestBody DatasetTableIncrementalConfig datasetTableIncrementalConfig) throws Exception { dataSetTableService.saveIncrementalConfig(datasetTableIncrementalConfig); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET) @ApiOperation("数据集详息") @PostMapping("datasetDetail/{id}") public DataSetDetail datasetDetail(@PathVariable String id) { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java index 42a1eb98e2..fe873b7711 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java @@ -4,6 +4,7 @@ import com.auth0.jwt.JWT; import com.auth0.jwt.interfaces.DecodedJWT; import com.github.xiaoymin.knife4j.annotations.ApiSupport; import io.dataease.auth.annotation.DePermission; +import io.dataease.auth.annotation.DePermissions; import io.dataease.auth.filter.F2CLinkFilter; import io.dataease.base.domain.DatasetTable; import io.dataease.base.domain.DatasetTableField; @@ -21,6 +22,7 @@ import io.dataease.service.dataset.PermissionService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.apache.commons.lang3.ObjectUtils; +import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; @@ -139,10 +141,13 @@ public class DataSetTableFieldController { return dataSetTableFieldsService.save(datasetTableField); } - //TODO 校验权限 + @RequiresPermissions("data:read") + @DePermissions(value = { + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE, paramIndex = 1) + }) @ApiOperation("删除") - @PostMapping("delete/{id}") - public void delete(@PathVariable String id) { + @PostMapping("delete/{id}/{tableId}") + public void delete(@PathVariable String id, @PathVariable String tableId) { dataSetTableFieldsService.delete(id); } diff --git a/frontend/src/views/dataset/data/FieldEdit.vue b/frontend/src/views/dataset/data/FieldEdit.vue index e74c771470..c44b889b9d 100644 --- a/frontend/src/views/dataset/data/FieldEdit.vue +++ b/frontend/src/views/dataset/data/FieldEdit.vue @@ -392,7 +392,7 @@ export default { cancelButtonText: this.$t('dataset.cancel'), type: 'warning' }).then(() => { - post('/dataset/field/delete/' + item.id, null).then(response => { + post('/dataset/field/delete/' + item.id + '/' + item.tableId, null).then(response => { this.$message({ type: 'success', message: this.$t('chart.delete_success'), From c9b355c69e601cd8481025ce6dcfdfa0753564c1 Mon Sep 17 00:00:00 2001 From: taojinlong Date: Mon, 28 Feb 2022 10:43:20 +0800 Subject: [PATCH 4/9] =?UTF-8?q?fix:=20=E6=95=B0=E6=8D=AE=E9=9B=86=20api=20?= =?UTF-8?q?=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../io/dataease/config/Knife4jConfiguration.java | 2 +- .../plugins/server/ColumnPermissionsController.java | 12 ++++++------ .../plugins/server/RowPermissionsController.java | 12 ++++++------ 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/backend/src/main/java/io/dataease/config/Knife4jConfiguration.java b/backend/src/main/java/io/dataease/config/Knife4jConfiguration.java index be2860cc1d..eff1bb147e 100644 --- a/backend/src/main/java/io/dataease/config/Knife4jConfiguration.java +++ b/backend/src/main/java/io/dataease/config/Knife4jConfiguration.java @@ -74,7 +74,7 @@ public class Knife4jConfiguration implements BeanPostProcessor{ .title("DataEase") .description("人人可用的开源数据可视化分析工具") .termsOfServiceUrl("https://dataease.io") - .contact(new Contact("fit2cloud","https://www.fit2cloud.com/dataease/index.html","dataease@fit2cloud.com")) + .contact(new Contact("Dataease","https://www.fit2cloud.com/dataease/index.html","dataease@fit2cloud.com")) .version(version) .build(); } diff --git a/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java b/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java index c2108ad5a1..f77c74049d 100644 --- a/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java +++ b/backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java @@ -31,7 +31,7 @@ import java.util.List; @RequestMapping("plugin/dataset/columnPermissions") public class ColumnPermissionsController { - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("保存") @PostMapping("save") @@ -57,7 +57,7 @@ public class ColumnPermissionsController { return columnPermissionService.save(datasetColumnPermissions); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("/list") @@ -67,7 +67,7 @@ public class ColumnPermissionsController { } //TODO - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @ApiOperation("删除") @PostMapping("/delete/{id}") public void delete(@PathVariable String id) { @@ -75,7 +75,7 @@ public class ColumnPermissionsController { columnPermissionService.delete(id); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("分页查询") @PostMapping("/pageList/{datasetId}/{goPage}/{pageSize}") @@ -92,7 +92,7 @@ public class ColumnPermissionsController { return PageUtils.setPageInfo(page, columnPermissionService.queryPermissions(request)); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("有权限的对象") @PostMapping("/authObjs") @@ -101,7 +101,7 @@ public class ColumnPermissionsController { return (List) columnPermissionService.authObjs(request); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("详情") @PostMapping("/permissionInfo") diff --git a/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java b/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java index 98cbd28999..1bf7543080 100644 --- a/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java +++ b/backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java @@ -28,7 +28,7 @@ import java.util.List; @RequestMapping("plugin/dataset/rowPermissions") public class RowPermissionsController { - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("保存") @PostMapping("save") @@ -55,7 +55,7 @@ public class RowPermissionsController { rowPermissionService.save(datasetRowPermissions); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("查询") @PostMapping("/list") @@ -65,7 +65,7 @@ public class RowPermissionsController { } //TODO - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @ApiOperation("删除") @PostMapping("/delete/{id}") public void dataSetRowPermissionInfo(@PathVariable String id) { @@ -73,7 +73,7 @@ public class RowPermissionsController { rowPermissionService.delete(id); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("分页查询") @PostMapping("/pageList/{datasetId}/{goPage}/{pageSize}") @@ -90,7 +90,7 @@ public class RowPermissionsController { return PageUtils.setPageInfo(page, rowPermissionService.queryRowPermissions(request)); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("有权限的对象") @PostMapping("/authObjs") @@ -99,7 +99,7 @@ public class RowPermissionsController { return (List) rowPermissionService.authObjs(request); } - @RequiresPermissions("datasource:read") + @RequiresPermissions("data:read") @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("详情") @PostMapping("/dataSetRowPermissionInfo") From ea8fe4b44f2b7f708b2769b53e0901081cd641cc Mon Sep 17 00:00:00 2001 From: fit2cloud-chenyw Date: Mon, 28 Feb 2022 11:05:10 +0800 Subject: [PATCH 5/9] =?UTF-8?q?fix:=20tab=E6=96=B0=E5=A2=9E=E5=A4=B1?= =?UTF-8?q?=E8=B4=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- frontend/src/utils/conditionUtil.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/utils/conditionUtil.js b/frontend/src/utils/conditionUtil.js index cc48c9e150..f557d516c6 100644 --- a/frontend/src/utils/conditionUtil.js +++ b/frontend/src/utils/conditionUtil.js @@ -48,7 +48,7 @@ export const buildFilterMap = panelItems => { } if (element.type === 'de-tabs') { element.options.tabList && element.options.tabList.forEach(tab => { - if (tab.content.propValue && tab.content.propValue.viewId) { + if (tab.content && tab.content.propValue && tab.content.propValue.viewId) { result[tab.content.propValue.viewId] = [] } }) From 6c5d080c0a27ea115638ced6671e0aeda66ff144 Mon Sep 17 00:00:00 2001 From: wangjiahao <1522128093@qq.com> Date: Mon, 28 Feb 2022 11:15:04 +0800 Subject: [PATCH 6/9] =?UTF-8?q?fix:=20=E6=B1=87=E6=80=BB=E8=A1=A8=E8=81=94?= =?UTF-8?q?=E5=8A=A8=E9=94=99=E8=AF=AF=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- frontend/src/store/index.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/frontend/src/store/index.js b/frontend/src/store/index.js index 26b4eb7e5d..55d58a53b2 100644 --- a/frontend/src/store/index.js +++ b/frontend/src/store/index.js @@ -255,7 +255,9 @@ const data = { for (let index = 0; index < state.componentData.length; index++) { const element = state.componentData[index] if (!element.type || element.type !== 'view') continue - const currentFilters = element.linkageFilters || [] // 当前联动filter + // const currentFilters = element.linkageFilters || [] // 当前联动filter + // 联动的视图情况历史条件 + const currentFilters = [] data.dimensionList.forEach(dimension => { const sourceInfo = viewId + '#' + dimension.id From 5141f52abb7bc9284f717112ce73a7d7e20ff6b0 Mon Sep 17 00:00:00 2001 From: junjun Date: Mon, 28 Feb 2022 11:17:26 +0800 Subject: [PATCH 7/9] =?UTF-8?q?refactor:=20=E8=A7=86=E5=9B=BE=E6=9D=83?= =?UTF-8?q?=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/chart/ChartViewController.java | 43 ++++++++++++++----- frontend/src/api/chart/chart.js | 4 +- frontend/src/api/panel/panel.js | 4 +- .../canvas/custom-component/UserView.vue | 2 +- frontend/src/views/chart/group/Group.vue | 9 ++-- frontend/src/views/chart/view/ChartEdit.vue | 11 +++-- .../dataset/common/DatasetChartDetail.vue | 7 ++- 7 files changed, 56 insertions(+), 24 deletions(-) diff --git a/backend/src/main/java/io/dataease/controller/chart/ChartViewController.java b/backend/src/main/java/io/dataease/controller/chart/ChartViewController.java index d55cf8be57..cb7a49229c 100644 --- a/backend/src/main/java/io/dataease/controller/chart/ChartViewController.java +++ b/backend/src/main/java/io/dataease/controller/chart/ChartViewController.java @@ -1,7 +1,10 @@ package io.dataease.controller.chart; import com.github.xiaoymin.knife4j.annotations.ApiSupport; +import io.dataease.auth.annotation.DePermission; import io.dataease.base.domain.ChartViewWithBLOBs; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.commons.utils.AuthUtils; import io.dataease.controller.request.chart.ChartCalRequest; import io.dataease.controller.request.chart.ChartExtRequest; @@ -11,10 +14,12 @@ import io.dataease.dto.chart.ChartViewDTO; import io.dataease.service.chart.ChartViewService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; import javax.annotation.Resource; +import javax.ws.rs.Path; import java.util.List; /** @@ -29,52 +34,65 @@ public class ChartViewController { @Resource private ChartViewService chartViewService; + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_MANAGE) @ApiOperation("保存") - @PostMapping("/save") - public ChartViewWithBLOBs save(@RequestBody ChartViewWithBLOBs chartViewWithBLOBs) { + @PostMapping("/save/{panelId}") + public ChartViewWithBLOBs save(@PathVariable String panelId, @RequestBody ChartViewWithBLOBs chartViewWithBLOBs) { return chartViewService.save(chartViewWithBLOBs); } + @ApiIgnore @ApiOperation("查询") @PostMapping("/list") public List list(@RequestBody ChartViewRequest chartViewRequest) { return chartViewService.list(chartViewRequest); } + @ApiIgnore @ApiOperation("查询组") @PostMapping("/listAndGroup") public List listAndGroup(@RequestBody ChartViewRequest chartViewRequest) { return chartViewService.listAndGroup(chartViewRequest); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_VIEW, paramIndex = 1) @ApiOperation("详细信息") - @PostMapping("/get/{id}") - public ChartViewWithBLOBs get(@PathVariable String id) { + @PostMapping("/get/{id}/{panelId}") + public ChartViewWithBLOBs get(@PathVariable String id, @PathVariable String panelId) { return chartViewService.get(id); } + @ApiIgnore @ApiOperation("删除") @PostMapping("/delete/{id}") public void delete(@PathVariable String id) { chartViewService.delete(id); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_VIEW, paramIndex = 1) @ApiOperation("数据") - @PostMapping("/getData/{id}") - public ChartViewDTO getData(@PathVariable String id, @RequestBody ChartExtRequest requestList) throws Exception { + @PostMapping("/getData/{id}/{panelId}") + public ChartViewDTO getData(@PathVariable String id, @PathVariable String panelId, @RequestBody ChartExtRequest requestList) throws Exception { return chartViewService.getData(id, requestList); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_VIEW, paramIndex = 1) @ApiOperation("视图详情") - @PostMapping("chartDetail/{id}") - public ChartDetail chartDetail(@PathVariable String id) { + @PostMapping("chartDetail/{id}/{panelId}") + public ChartDetail chartDetail(@PathVariable String id, @PathVariable String panelId) { return chartViewService.getChartDetail(id); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_MANAGE, paramIndex = 1) @ApiOperation("复制") @PostMapping("chartCopy/{id}/{panelId}") public String chartCopy(@PathVariable String id, @PathVariable String panelId) { - return chartViewService.chartCopy(id,panelId); + return chartViewService.chartCopy(id, panelId); } @ApiIgnore @@ -97,12 +115,15 @@ public class ChartViewController { return chartViewService.search(chartViewRequest); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_VIEW) @ApiOperation("计算结果") - @PostMapping("/calcData") - public ChartViewDTO calcData(@RequestBody ChartCalRequest request) throws Exception { + @PostMapping("/calcData/{panelId}") + public ChartViewDTO calcData(@PathVariable String panelId, @RequestBody ChartCalRequest request) throws Exception { return chartViewService.calcData(request.getView(), request.getRequestList(), false); } + @ApiIgnore @ApiOperation("验证视图是否使用相同数据集") @GetMapping("/checkSameDataSet/{viewIdSource}/{viewIdTarget}") public String checkSameDataSet(@PathVariable String viewIdSource, @PathVariable String viewIdTarget) throws Exception { diff --git a/frontend/src/api/chart/chart.js b/frontend/src/api/chart/chart.js index b7657defbc..98273ff039 100644 --- a/frontend/src/api/chart/chart.js +++ b/frontend/src/api/chart/chart.js @@ -60,9 +60,9 @@ export function checkSameDataSet(viewIdSource, viewIdTarget) { }) } -export function ajaxGetDataOnly(id, data) { +export function ajaxGetDataOnly(id, panelId, data) { return request({ - url: '/chart/view/getData/' + id, + url: '/chart/view/getData/' + id + '/' + panelId, method: 'post', loading: true, hideMsg: true, diff --git a/frontend/src/api/panel/panel.js b/frontend/src/api/panel/panel.js index 0a399b81af..8b9d08eed5 100644 --- a/frontend/src/api/panel/panel.js +++ b/frontend/src/api/panel/panel.js @@ -56,9 +56,9 @@ export function groupTree(data, loading = true, timeout = 60000) { }) } -export function viewData(id, data) { +export function viewData(id, panelId, data) { return request({ - url: '/chart/view/getData/' + id, + url: '/chart/view/getData/' + id + '/' + panelId, method: 'post', hideMsg: true, data diff --git a/frontend/src/components/canvas/custom-component/UserView.vue b/frontend/src/components/canvas/custom-component/UserView.vue index a0243333f4..518dd17148 100644 --- a/frontend/src/components/canvas/custom-component/UserView.vue +++ b/frontend/src/components/canvas/custom-component/UserView.vue @@ -433,7 +433,7 @@ export default { ...this.filter, cache: cache } - method(id, requestInfo).then(response => { + method(id, this.panelInfo.id, requestInfo).then(response => { // 将视图传入echart组件 if (response.success) { this.chart = response.data diff --git a/frontend/src/views/chart/group/Group.vue b/frontend/src/views/chart/group/Group.vue index f90c4f38b1..5b89b3b00c 100644 --- a/frontend/src/views/chart/group/Group.vue +++ b/frontend/src/views/chart/group/Group.vue @@ -423,6 +423,9 @@ export default { computed: { chartType() { return this.view.type + }, + panelInfo() { + return this.$store.state.panel.panelInfo } }, watch: { @@ -545,7 +548,7 @@ export default { if (valid) { view.title = view.name view.sceneId = view.pid - post('/chart/view/save', view).then(response => { + post('/chart/view/save/' + this.panelInfo.id, view).then(response => { this.closeTable() this.$message({ message: this.$t('dataset.save_success'), @@ -772,7 +775,7 @@ export default { view.extBubble = JSON.stringify([]) this.setChartDefaultOptions(view) const _this = this - post('/chart/view/save', view).then(response => { + post('/chart/view/save/' + this.panelInfo.id, view).then(response => { this.closeCreateChart() this.$store.dispatch('chart/setTableId', null) this.$store.dispatch('chart/setTableId', this.table.id) @@ -905,7 +908,7 @@ export default { saveMoveDs() { const newSceneId = this.tDs.id this.dsForm.sceneId = newSceneId - post('/chart/view/save', this.dsForm).then(res => { + post('/chart/view/save/' + this.panelInfo.id, this.dsForm).then(res => { this.closeMoveDs() this.expandedArray.push(newSceneId) this.treeNode() diff --git a/frontend/src/views/chart/view/ChartEdit.vue b/frontend/src/views/chart/view/ChartEdit.vue index 6a28dce9ff..dae87841f3 100644 --- a/frontend/src/views/chart/view/ChartEdit.vue +++ b/frontend/src/views/chart/view/ChartEdit.vue @@ -1191,6 +1191,9 @@ export default { computed: { chartType() { return this.chart.type + }, + panelInfo() { + return this.$store.state.panel.panelInfo } }, watch: { @@ -1446,7 +1449,7 @@ export default { this.hasEdit = true const view = this.buildParam(getData, trigger, needRefreshGroup, switchType) if (!view) return - post('/chart/view/calcData', { + post('/chart/view/calcData/' + this.panelInfo.id, { view: view, requestList: { filter: [], @@ -1509,7 +1512,7 @@ export default { } const view = this.buildParam(true, 'chart', false, false) if (!view) return - post('/chart/view/save', view).then(response => { + post('/chart/view/save/' + this.panelInfo.id, view).then(response => { this.getChart(response.data.id) this.hasEdit = false this.refreshGroup(view) @@ -1524,7 +1527,7 @@ export default { getData(id) { this.hasEdit = false if (id) { - ajaxGetDataOnly(id, { + ajaxGetDataOnly(id, this.panelInfo.id, { filter: [], drill: this.drillClickDimensionList }).then(response => { @@ -1571,7 +1574,7 @@ export default { }, getChart(id) { if (id) { - post('/chart/view/get/' + id, {}).then(response => { + post('/chart/view/get/' + id + '/' + this.panelInfo.id, {}).then(response => { this.initTableData(response.data.tableId) this.view = JSON.parse(JSON.stringify(response.data)) this.view.xaxis = this.view.xaxis ? JSON.parse(this.view.xaxis) : [] diff --git a/frontend/src/views/dataset/common/DatasetChartDetail.vue b/frontend/src/views/dataset/common/DatasetChartDetail.vue index 76353aca75..c890cddc2d 100644 --- a/frontend/src/views/dataset/common/DatasetChartDetail.vue +++ b/frontend/src/views/dataset/common/DatasetChartDetail.vue @@ -122,6 +122,11 @@ export default { info: {} } }, + computed: { + panelInfo() { + return this.$store.state.panel.panelInfo + } + }, watch: { 'data': function() { this.init() @@ -145,7 +150,7 @@ export default { this.info = JSON.parse(res.data.table.info) }) } else if (this.type === 'chart') { - post('/chart/view/chartDetail/' + this.data.id, null).then(res => { + post('/chart/view/chartDetail/' + this.data.id + '/' + this.panelInfo.id, null).then(res => { this.detail = res.data this.info = JSON.parse(res.data.table.info) }) From 64d9471c3396d5c4d6d7e3d546da9f9c86f30b61 Mon Sep 17 00:00:00 2001 From: junjun Date: Mon, 28 Feb 2022 11:22:30 +0800 Subject: [PATCH 8/9] =?UTF-8?q?refactor:=20=E5=88=A0=E9=99=A4=E6=97=A0?= =?UTF-8?q?=E7=94=A8=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../dataease/controller/chart/ChartViewController.java | 8 -------- frontend/src/api/chart/chart.js | 10 ---------- 2 files changed, 18 deletions(-) diff --git a/backend/src/main/java/io/dataease/controller/chart/ChartViewController.java b/backend/src/main/java/io/dataease/controller/chart/ChartViewController.java index cb7a49229c..826892de72 100644 --- a/backend/src/main/java/io/dataease/controller/chart/ChartViewController.java +++ b/backend/src/main/java/io/dataease/controller/chart/ChartViewController.java @@ -101,14 +101,6 @@ public class ChartViewController { return chartViewService.searchAdviceSceneId(panelId); } - @ApiOperation("根据权限查详情") - @PostMapping("/getOneWithPermission/{id}") - public ChartViewDTO getOneWithPermission(@PathVariable String id, @RequestBody ChartExtRequest requestList) throws Exception { - //如果能获取用户 则添加对应的权限 - ChartViewDTO dto = chartViewService.getData(id, requestList); - return dto; - } - @ApiOperation("搜索") @PostMapping("search") public List search(@RequestBody ChartViewRequest chartViewRequest) { diff --git a/frontend/src/api/chart/chart.js b/frontend/src/api/chart/chart.js index 98273ff039..396284c29e 100644 --- a/frontend/src/api/chart/chart.js +++ b/frontend/src/api/chart/chart.js @@ -9,16 +9,6 @@ export function post(url, data) { }) } -export function ajaxGetData(id, data) { - return request({ - url: '/chart/view/getOneWithPermission/' + id, - method: 'post', - loading: true, - hideMsg: true, - data - }) -} - export function getChartTree(data) { return request({ url: 'api', From 7aaad18dd90466351474200fd8073da1a8d2dae3 Mon Sep 17 00:00:00 2001 From: wangjiahao <1522128093@qq.com> Date: Mon, 28 Feb 2022 11:35:32 +0800 Subject: [PATCH 9/9] =?UTF-8?q?fix:=20=E8=87=AA=E5=B7=B1=E5=88=9B=E5=BB=BA?= =?UTF-8?q?=E7=9A=84=E4=BB=AA=E8=A1=A8=E6=9D=BF=E5=8F=B3=E4=B8=8A=E8=A7=92?= =?UTF-8?q?=E6=B2=A1=E6=9C=89=E7=BC=96=E8=BE=91=E6=8C=89=E9=92=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/io/dataease/base/mapper/ext/ExtPanelGroupMapper.java | 4 +++- .../java/io/dataease/base/mapper/ext/ExtPanelGroupMapper.xml | 4 ++-- .../java/io/dataease/service/panel/PanelGroupService.java | 4 ++-- frontend/src/api/panel/panel.js | 3 ++- frontend/src/views/link/view/index.vue | 3 ++- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/backend/src/main/java/io/dataease/base/mapper/ext/ExtPanelGroupMapper.java b/backend/src/main/java/io/dataease/base/mapper/ext/ExtPanelGroupMapper.java index d03e7e7e06..a0ea1417e8 100644 --- a/backend/src/main/java/io/dataease/base/mapper/ext/ExtPanelGroupMapper.java +++ b/backend/src/main/java/io/dataease/base/mapper/ext/ExtPanelGroupMapper.java @@ -15,7 +15,7 @@ public interface ExtPanelGroupMapper { //会级联删除pid 下的所有数据 int deleteCircle(@Param("pid") String pid); - PanelGroupDTO panelGroup(String id); + PanelGroupDTO findOneWithPrivileges(@Param("panelId") String panelId,@Param("userId") String userId); void copyPanelView(@Param("pid") String panelId); @@ -24,4 +24,6 @@ public interface ExtPanelGroupMapper { List panelGroupInit(); + + } diff --git a/backend/src/main/java/io/dataease/base/mapper/ext/ExtPanelGroupMapper.xml b/backend/src/main/java/io/dataease/base/mapper/ext/ExtPanelGroupMapper.xml index defc52803c..07d97f2935 100644 --- a/backend/src/main/java/io/dataease/base/mapper/ext/ExtPanelGroupMapper.xml +++ b/backend/src/main/java/io/dataease/base/mapper/ext/ExtPanelGroupMapper.xml @@ -12,8 +12,8 @@ - + select panel_group.*,panel_group.name as label , get_auths(panel_group.id,'panel',#{userId}) as `privileges` from panel_group where id =#{panelId}