From 1f845b3021637b8544cf4f40b371b51823a564a1 Mon Sep 17 00:00:00 2001
From: taojinlong <jinlong@fit2cloud.com>
Date: Wed, 26 Oct 2022 15:08:20 +0800
Subject: [PATCH] =?UTF-8?q?fix(=E6=95=B0=E6=8D=AE=E9=9B=86):=20=E6=A0=A1?=
 =?UTF-8?q?=E9=AA=8Csql=E5=8F=82=E6=95=B0=EF=BC=8C=E5=8F=AA=E8=83=BD?=
 =?UTF-8?q?=E5=9C=A8=E7=9B=B4=E8=BF=9E=E6=97=B6=E4=BD=BF=E7=94=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../service/dataset/DataSetTableService.java  | 30 ++++++++++++-------
 .../resources/i18n/messages_en_US.properties  |  1 +
 .../resources/i18n/messages_zh_CN.properties  |  1 +
 .../resources/i18n/messages_zh_TW.properties  |  1 +
 frontend/src/views/dataset/add/AddSQL.vue     |  1 +
 5 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java b/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
index a3daa200d0..2324f62cb8 100644
--- a/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
+++ b/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
@@ -1054,24 +1054,25 @@ public class DataSetTableService {
         return sql;
     }
 
-    public String removeVariables(String sql, String dsType) throws Exception {
+    public String removeVariables(final String sql, String dsType) throws Exception {
+        String tmpSql = sql;
         Pattern pattern = Pattern.compile(regex);
-        Matcher matcher = pattern.matcher(sql);
+        Matcher matcher = pattern.matcher(tmpSql);
         boolean hasVariables = false;
         while (matcher.find()) {
             hasVariables = true;
-            sql = sql.replace(matcher.group(), SubstitutedParams);
+            tmpSql = tmpSql.replace(matcher.group(), SubstitutedParams);
         }
-        if (!hasVariables && !sql.contains(SubstitutedParams)) {
-            return sql;
+        if (!hasVariables && !tmpSql.contains(SubstitutedParams)) {
+            return tmpSql;
         }
-        CCJSqlParserUtil.parse(sql, parser -> parser.withSquareBracketQuotation(true));
-        Statement statement = CCJSqlParserUtil.parse(sql);
+        CCJSqlParserUtil.parse(tmpSql, parser -> parser.withSquareBracketQuotation(true));
+        Statement statement = CCJSqlParserUtil.parse(tmpSql);
         Select select = (Select) statement;
 
         if (select.getSelectBody() instanceof PlainSelect) {
             return handlePlainSelect((PlainSelect) select.getSelectBody(), select, dsType);
-        }else {
+        } else {
             String result = "";
             SetOperationList setOperationList = (SetOperationList) select.getSelectBody();
             for (int i = 0; i < setOperationList.getSelects().size(); i++) {
@@ -1175,15 +1176,24 @@ public class DataSetTableService {
     }
 
     public Map<String, Object> getSQLPreview(DataSetTableRequest dataSetTableRequest) throws Exception {
+        DataTableInfoDTO dataTableInfo = new Gson().fromJson(dataSetTableRequest.getInfo(), DataTableInfoDTO.class);
+        String sql = dataTableInfo.isBase64Encryption() ? new String(java.util.Base64.getDecoder().decode(dataTableInfo.getSql())) : dataTableInfo.getSql();
         Datasource ds = datasourceMapper.selectByPrimaryKey(dataSetTableRequest.getDataSourceId());
         if (ds == null) {
             throw new Exception(Translator.get("i18n_invalid_ds"));
         }
+        String tmpSql = removeVariables(sql, ds.getType());
+        if (dataSetTableRequest.getMode() == 1 && (tmpSql.contains(SubstitutedParams) || tmpSql.contains(SubstitutedSql.trim()))) {
+            throw new Exception(Translator.get("I18N_SQL_variable_direct_limit"));
+        }
+        if (tmpSql.contains(SubstitutedParams)) {
+            throw new Exception(Translator.get("I18N_SQL_variable_limit"));
+        }
         Provider datasourceProvider = ProviderFactory.getProvider(ds.getType());
         DatasourceRequest datasourceRequest = new DatasourceRequest();
         datasourceRequest.setDatasource(ds);
-        DataTableInfoDTO dataTableInfo = new Gson().fromJson(dataSetTableRequest.getInfo(), DataTableInfoDTO.class);
-        String sql = dataTableInfo.isBase64Encryption() ? new String(java.util.Base64.getDecoder().decode(dataTableInfo.getSql())) : dataTableInfo.getSql();
+
+
         sql = handleVariableDefaultValue(sql, dataSetTableRequest.getSqlVariableDetails(), ds.getType());
         if (StringUtils.isEmpty(sql)) {
             DataEaseException.throwException(Translator.get("i18n_sql_not_empty"));
diff --git a/backend/src/main/resources/i18n/messages_en_US.properties b/backend/src/main/resources/i18n/messages_en_US.properties
index d3ba643e92..df1effdcd3 100644
--- a/backend/src/main/resources/i18n/messages_en_US.properties
+++ b/backend/src/main/resources/i18n/messages_en_US.properties
@@ -194,6 +194,7 @@ I18N_DATASOURCE_LEVEL_GRANT=Grant
 I18N_NO_PERMISSION=You do not have permission to
 I18N_PLEASE_CONCAT_ADMIN=Please contact the administrator for authorization
 I18N_SQL_variable_limit=SQL variables can only be used in where conditions
+I18N_SQL_variable_direct_limit=SQL variables can only be used for direct connection
 I18N_EMAIL_CONFIG_ERROR=Email config error
 I18N_EMAIL_HOST_ERROR=Email host can not be empty
 I18N_EMAIL_PORT_ERROR=Email port can not be empty
diff --git a/backend/src/main/resources/i18n/messages_zh_CN.properties b/backend/src/main/resources/i18n/messages_zh_CN.properties
index bdaa67a794..a0972f0da7 100644
--- a/backend/src/main/resources/i18n/messages_zh_CN.properties
+++ b/backend/src/main/resources/i18n/messages_zh_CN.properties
@@ -194,6 +194,7 @@ I18N_DATASOURCE_LEVEL_GRANT=\u6388\u6743
 I18N_NO_PERMISSION=\u5F53\u524D\u7528\u6237\u6CA1\u6709\u6743\u9650
 I18N_PLEASE_CONCAT_ADMIN=\u8BF7\u8054\u7CFB\u7BA1\u7406\u5458\u5F00\u901A
 I18N_SQL_variable_limit=SQL \u53D8\u91CF\u53EA\u80FD\u5728 WHERE \u6761\u4EF6\u4E2D\u4F7F\u7528
+I18N_SQL_variable_direct_limit=SQL变量只能用于直连
 I18N_EMAIL_CONFIG_ERROR=\u90AE\u4EF6\u914D\u7F6E\u9519\u8BEF
 I18N_EMAIL_HOST_ERROR=\u90AE\u4EF6\u4E3B\u673A\u4E0D\u80FD\u4E3A\u7A7A
 I18N_EMAIL_PORT_ERROR=\u90AE\u4EF6\u7AEF\u53E3\u4E0D\u80FD\u4E3A\u7A7A
diff --git a/backend/src/main/resources/i18n/messages_zh_TW.properties b/backend/src/main/resources/i18n/messages_zh_TW.properties
index 2003f5a638..fb269a8bda 100644
--- a/backend/src/main/resources/i18n/messages_zh_TW.properties
+++ b/backend/src/main/resources/i18n/messages_zh_TW.properties
@@ -190,6 +190,7 @@ I18N_DATASOURCE_LEVEL_GRANT=\u6388\u6B0A
 I18N_NO_PERMISSION=\u7576\u524D\u7528\u6236\u6C92\u6709\u6B0A\u9650
 I18N_PLEASE_CONCAT_ADMIN=\u8ACB\u806F\u7CFB\u7BA1\u7406\u54E1\u958B\u901A
 I18N_SQL_variable_limit=SQL\u8B8A\u6578\u53EA\u80FD\u5728WHERE\u689D\u4EF6\u4E2D\u4F7F\u7528
+I18N_SQL_variable_direct_limit=SQL變數只能用於直連
 I18N_EMAIL_CONFIG_ERROR=\u90F5\u4EF6\u914D\u7F6E\u932F\u8AA4
 I18N_EMAIL_HOST_ERROR=\u90F5\u4EF6\u4E3B\u6A5F\u4E0D\u80FD\u70BA\u7A7A
 I18N_EMAIL_PORT_ERROR=\u90F5\u4EF6\u7AEF\u53E3\u4E0D\u80FD\u70BA\u7A7A
diff --git a/frontend/src/views/dataset/add/AddSQL.vue b/frontend/src/views/dataset/add/AddSQL.vue
index 4426915030..bbc0f45a81 100644
--- a/frontend/src/views/dataset/add/AddSQL.vue
+++ b/frontend/src/views/dataset/add/AddSQL.vue
@@ -703,6 +703,7 @@ export default {
       post('/dataset/table/sqlPreview', {
         dataSourceId: this.dataSource,
         type: 'sql',
+        mode: parseInt(this.mode),
         sqlVariableDetails: JSON.stringify(this.variables),
         info: JSON.stringify({
           sql: Base64.encode(this.sql.trim()),