forked from github/dataease
Merge pull request #1648 from dataease/pr@dev@columnpermission
refactor: 修复冲突
This commit is contained in:
taojinlong
GitHub
commit
a53c1c6437
@ -207,7 +207,7 @@
|
||||
<dependency>
|
||||
<groupId>io.dataease</groupId>
|
||||
<artifactId>dataease-plugin-interface</artifactId>
|
||||
<version>1.6</version>
|
||||
<version>1.7</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>cn.hutool</groupId>
|
||||
|
||||
@ -0,0 +1,10 @@
|
||||
package io.dataease.commons.constants;
|
||||
|
||||
public class ColumnPermissionConstants {
|
||||
|
||||
public final static String Prohibit = "Prohibit";
|
||||
public final static String Desensitization = "Desensitization";
|
||||
public final static String Desensitization_desc = "******";
|
||||
|
||||
|
||||
}
|
||||
@ -19,7 +19,7 @@ public class DefaultLicenseService {
|
||||
private InnerLicenseService innerLicenseService;
|
||||
|
||||
private static final String LICENSE_ID = "fit2cloud_license";
|
||||
private static final String validatorUtil = "/usr/bin/validator";
|
||||
private static final String validatorUtil = "/usr/local/bin/validator";
|
||||
private static final String product = "DataEase";
|
||||
|
||||
public F2CLicenseResponse validateLicense(String product, String licenseKey) {
|
||||
|
||||
@ -6,6 +6,7 @@ import io.dataease.base.domain.*;
|
||||
import io.dataease.base.mapper.ChartViewMapper;
|
||||
import io.dataease.base.mapper.ext.ExtChartGroupMapper;
|
||||
import io.dataease.base.mapper.ext.ExtChartViewMapper;
|
||||
import io.dataease.commons.constants.ColumnPermissionConstants;
|
||||
import io.dataease.commons.constants.CommonConstants;
|
||||
import io.dataease.commons.constants.JdbcConstants;
|
||||
import io.dataease.commons.utils.AuthUtils;
|
||||
@ -27,6 +28,7 @@ import io.dataease.provider.query.QueryProvider;
|
||||
import io.dataease.service.dataset.DataSetTableFieldsService;
|
||||
import io.dataease.service.dataset.DataSetTableService;
|
||||
import io.dataease.service.dataset.DataSetTableUnionService;
|
||||
import io.dataease.service.dataset.PermissionService;
|
||||
import io.dataease.service.datasource.DatasourceService;
|
||||
import org.apache.commons.collections4.CollectionUtils;
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
@ -41,6 +43,8 @@ import java.util.*;
|
||||
import java.util.concurrent.locks.ReentrantLock;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static io.dataease.commons.constants.ColumnPermissionConstants.Desensitization_desc;
|
||||
|
||||
/**
|
||||
* @Author gin
|
||||
* @Date 2021/3/1 12:34 下午
|
||||
@ -61,6 +65,8 @@ public class ChartViewService {
|
||||
private ExtChartGroupMapper extChartGroupMapper;
|
||||
@Resource
|
||||
private DataSetTableUnionService dataSetTableUnionService;
|
||||
@Resource
|
||||
private PermissionService permissionService;
|
||||
|
||||
//默认使用非公平
|
||||
private ReentrantLock lock = new ReentrantLock();
|
||||
@ -187,6 +193,25 @@ public class ChartViewService {
|
||||
return calcData(view, request, request.isCache());
|
||||
}
|
||||
|
||||
private void checkPermissions(List<? extends ChartViewFieldBaseDTO> chartViewFieldDTOS, List<DatasetTableField> fields, List<String> desensitizationList, Boolean alowDesensitization) throws Exception{
|
||||
String filedName = "";
|
||||
for (ChartViewFieldBaseDTO chartViewFieldDTO : chartViewFieldDTOS) {
|
||||
if(alowDesensitization){
|
||||
if (!fields.stream().map(DatasetTableField::getDataeaseName).collect(Collectors.toList()).contains(chartViewFieldDTO.getDataeaseName())) {
|
||||
filedName = filedName + chartViewFieldDTO.getName() + " ,";
|
||||
}
|
||||
}else {
|
||||
if (desensitizationList.contains(chartViewFieldDTO.getDataeaseName()) || !fields.stream().map(DatasetTableField::getDataeaseName).collect(Collectors.toList()).contains(chartViewFieldDTO.getDataeaseName())) {
|
||||
filedName = filedName + chartViewFieldDTO.getName() + " ,";
|
||||
}
|
||||
}
|
||||
}
|
||||
filedName = filedName.endsWith(",") ? filedName.substring(0, filedName.length() - 1) : filedName;
|
||||
if(StringUtils.isNotEmpty(filedName)){
|
||||
throw new Exception("以下字段没有权限: " + filedName);
|
||||
}
|
||||
}
|
||||
|
||||
public ChartViewDTO calcData(ChartViewDTO view, ChartExtRequest requestList, boolean cache) throws Exception {
|
||||
if (ObjectUtils.isEmpty(view)) {
|
||||
throw new RuntimeException(Translator.get("i18n_chart_delete"));
|
||||
@ -208,39 +233,52 @@ public class ChartViewService {
|
||||
}.getType());
|
||||
List<ChartViewFieldDTO> drill = new Gson().fromJson(view.getDrillFields(), new TypeToken<List<ChartViewFieldDTO>>() {
|
||||
}.getType());
|
||||
// 获取对应数据集行权限
|
||||
|
||||
|
||||
DatasetTableField datasetTableFieldObj = DatasetTableField.builder().tableId(view.getTableId()).checked(Boolean.TRUE).build();
|
||||
List<DatasetTableField> fields = dataSetTableFieldsService.list(datasetTableFieldObj);
|
||||
DatasetTable datasetTable = dataSetTableService.get(view.getTableId());
|
||||
List<ChartFieldCustomFilterDTO> permissionFields = dataSetTableService.getCustomFilters(fields, datasetTable, requestList.getUser());
|
||||
|
||||
//列权限
|
||||
List<String> desensitizationList = new ArrayList<>();
|
||||
fields = permissionService.filterColumnPermissons(fields, desensitizationList, datasetTable, null);
|
||||
checkPermissions(fieldCustomFilter, fields, desensitizationList, false);
|
||||
//行权限
|
||||
List<ChartFieldCustomFilterDTO> permissionFields = permissionService.getCustomFilters(fields, datasetTable, requestList.getUser());
|
||||
fieldCustomFilter.addAll(permissionFields);
|
||||
|
||||
for (ChartFieldCustomFilterDTO ele : fieldCustomFilter) {
|
||||
ele.setField(dataSetTableFieldsService.get(ele.getId()));
|
||||
}
|
||||
|
||||
if (StringUtils.equalsIgnoreCase("text", view.getType())
|
||||
|| StringUtils.equalsIgnoreCase("gauge", view.getType())
|
||||
|| StringUtils.equalsIgnoreCase("liquid", view.getType())) {
|
||||
xAxis = new ArrayList<>();
|
||||
if (CollectionUtils.isEmpty(yAxis)) {
|
||||
ChartViewDTO dto = new ChartViewDTO();
|
||||
BeanUtils.copyBean(dto, view);
|
||||
return dto;
|
||||
}
|
||||
} else if (StringUtils.equalsIgnoreCase("table-info", view.getType())) {
|
||||
yAxis = new ArrayList<>();
|
||||
if (CollectionUtils.isEmpty(xAxis)) {
|
||||
ChartViewDTO dto = new ChartViewDTO();
|
||||
BeanUtils.copyBean(dto, view);
|
||||
return dto;
|
||||
}
|
||||
} else {
|
||||
if (CollectionUtils.isEmpty(xAxis) && CollectionUtils.isEmpty(yAxis)) {
|
||||
ChartViewDTO dto = new ChartViewDTO();
|
||||
BeanUtils.copyBean(dto, view);
|
||||
return dto;
|
||||
}
|
||||
if (CollectionUtils.isEmpty(xAxis) && CollectionUtils.isEmpty(yAxis)) {
|
||||
return emptyChartViewDTO(view);
|
||||
}
|
||||
|
||||
switch (view.getType()){
|
||||
case "text":
|
||||
case "gauge":
|
||||
case "liquid":
|
||||
xAxis = new ArrayList<>();
|
||||
checkPermissions(yAxis, fields, desensitizationList, false);
|
||||
if (CollectionUtils.isEmpty(yAxis)) {
|
||||
return emptyChartViewDTO(view);
|
||||
}
|
||||
break;
|
||||
case "table-info":
|
||||
yAxis = new ArrayList<>();
|
||||
checkPermissions(xAxis, fields, desensitizationList, true);
|
||||
if (CollectionUtils.isEmpty(xAxis)) {
|
||||
return emptyChartViewDTO(view);
|
||||
}
|
||||
break;
|
||||
case "table-normal":
|
||||
checkPermissions(xAxis, fields, desensitizationList, true);
|
||||
checkPermissions(yAxis, fields, desensitizationList, true);
|
||||
break;
|
||||
default:
|
||||
checkPermissions(xAxis, fields, desensitizationList, false);
|
||||
checkPermissions(yAxis, fields, desensitizationList, false);
|
||||
}
|
||||
|
||||
// 过滤来自仪表板的条件
|
||||
@ -344,7 +382,7 @@ public class ChartViewService {
|
||||
if (ObjectUtils.isEmpty(ds)) {
|
||||
throw new RuntimeException(Translator.get("i18n_datasource_delete"));
|
||||
}
|
||||
if(StringUtils.isNotEmpty(ds.getStatus()) && ds.getStatus().equalsIgnoreCase("Error")){
|
||||
if (StringUtils.isNotEmpty(ds.getStatus()) && ds.getStatus().equalsIgnoreCase("Error")) {
|
||||
throw new Exception(Translator.get("i18n_invalid_ds"));
|
||||
}
|
||||
DatasourceProvider datasourceProvider = ProviderFactory.getProvider(ds.getType());
|
||||
@ -569,7 +607,7 @@ public class ChartViewService {
|
||||
}
|
||||
|
||||
// table组件,明细表,也用于导出数据
|
||||
Map<String, Object> mapTableNormal = transTableNormal(xAxis, yAxis, view, data, extStack);
|
||||
Map<String, Object> mapTableNormal = transTableNormal(xAxis, yAxis, view, data, extStack, desensitizationList);
|
||||
|
||||
map.putAll(mapChart);
|
||||
map.putAll(mapTableNormal);
|
||||
@ -587,6 +625,12 @@ public class ChartViewService {
|
||||
return dto;
|
||||
}
|
||||
|
||||
private ChartViewDTO emptyChartViewDTO(ChartViewDTO view) {
|
||||
ChartViewDTO dto = new ChartViewDTO();
|
||||
BeanUtils.copyBean(dto, view);
|
||||
return dto;
|
||||
}
|
||||
|
||||
private boolean checkCalcType(String dateStyle, String calcType) {
|
||||
switch (dateStyle) {
|
||||
case "y":
|
||||
@ -1510,7 +1554,7 @@ public class ChartViewService {
|
||||
}
|
||||
|
||||
// 表格
|
||||
private Map<String, Object> transTableNormal(List<ChartViewFieldDTO> xAxis, List<ChartViewFieldDTO> yAxis, ChartViewWithBLOBs view, List<String[]> data, List<ChartViewFieldDTO> extStack) {
|
||||
private Map<String, Object> transTableNormal(List<ChartViewFieldDTO> xAxis, List<ChartViewFieldDTO> yAxis, ChartViewWithBLOBs view, List<String[]> data, List<ChartViewFieldDTO> extStack, List<String> desensitizationList) {
|
||||
Map<String, Object> map = new TreeMap<>();
|
||||
List<ChartViewFieldDTO> fields = new ArrayList<>();
|
||||
List<Map<String, Object>> tableRow = new ArrayList<>();
|
||||
@ -1526,9 +1570,14 @@ public class ChartViewService {
|
||||
data.forEach(ele -> {
|
||||
Map<String, Object> d = new HashMap<>();
|
||||
for (int i = 0; i < fields.size(); i++) {
|
||||
if(CollectionUtils.isNotEmpty(desensitizationList) && desensitizationList.contains(fields.get(i).getDataeaseName())){
|
||||
d.put(fields.get(i).getDataeaseName(), ColumnPermissionConstants.Desensitization_desc);
|
||||
continue;
|
||||
}
|
||||
|
||||
ChartViewFieldDTO chartViewFieldDTO = fields.get(i);
|
||||
if (chartViewFieldDTO.getDeType() == 0 || chartViewFieldDTO.getDeType() == 1) {
|
||||
d.put(fields.get(i).getDataeaseName(), StringUtils.isEmpty(ele[i]) ? "" : ele[i]);
|
||||
d.put(fields.get(i).getDataeaseName(), StringUtils.isEmpty(ele[i]) ? "" : ele[i]);
|
||||
} else if (chartViewFieldDTO.getDeType() == 2 || chartViewFieldDTO.getDeType() == 3) {
|
||||
d.put(fields.get(i).getDataeaseName(), StringUtils.isEmpty(ele[i]) ? null : new BigDecimal(ele[i]).setScale(2, RoundingMode.HALF_UP));
|
||||
}
|
||||
|
||||
@ -91,6 +91,10 @@ public class DataSetTableFieldsService {
|
||||
return datasetTableFieldMapper.selectByExample(datasetTableFieldExample);
|
||||
}
|
||||
|
||||
public DatasetTableField selectByPrimaryKey(String id) {
|
||||
return datasetTableFieldMapper.selectByPrimaryKey(id);
|
||||
}
|
||||
|
||||
public List<DatasetTableField> getListByIdsEach(List<String> ids) {
|
||||
List<DatasetTableField> list = new ArrayList<>();
|
||||
if (CollectionUtils.isNotEmpty(ids)) {
|
||||
|
||||
@ -1,21 +1,12 @@
|
||||
package io.dataease.service.dataset;
|
||||
|
||||
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import com.google.gson.Gson;
|
||||
import io.dataease.auth.api.dto.CurrentRoleDto;
|
||||
import io.dataease.auth.api.dto.CurrentUserDto;
|
||||
import io.dataease.auth.entity.SysUserEntity;
|
||||
import io.dataease.auth.service.AuthUserService;
|
||||
import io.dataease.base.domain.*;
|
||||
import io.dataease.base.mapper.*;
|
||||
import io.dataease.base.mapper.ext.ExtDataSetGroupMapper;
|
||||
import io.dataease.base.mapper.ext.ExtDataSetTableMapper;
|
||||
import io.dataease.base.mapper.ext.UtilMapper;
|
||||
import io.dataease.commons.constants.DatasourceTypes;
|
||||
import io.dataease.commons.constants.JobStatus;
|
||||
import io.dataease.commons.constants.ScheduleType;
|
||||
import io.dataease.commons.constants.TaskStatus;
|
||||
import io.dataease.commons.constants.*;
|
||||
import io.dataease.commons.exception.DEException;
|
||||
import io.dataease.commons.utils.*;
|
||||
import io.dataease.controller.request.dataset.DataSetGroupRequest;
|
||||
@ -23,7 +14,6 @@ import io.dataease.controller.request.dataset.DataSetTableRequest;
|
||||
import io.dataease.controller.request.dataset.DataSetTaskRequest;
|
||||
import io.dataease.controller.request.datasource.DatasourceRequest;
|
||||
import io.dataease.controller.response.DataSetDetail;
|
||||
import io.dataease.dto.chart.ChartCustomFilterItemDTO;
|
||||
import io.dataease.dto.chart.ChartFieldCustomFilterDTO;
|
||||
import io.dataease.dto.dataset.*;
|
||||
import io.dataease.dto.dataset.union.UnionDTO;
|
||||
@ -32,12 +22,7 @@ import io.dataease.dto.dataset.union.UnionParamDTO;
|
||||
import io.dataease.dto.datasource.TableFiled;
|
||||
import io.dataease.exception.DataEaseException;
|
||||
import io.dataease.i18n.Translator;
|
||||
import io.dataease.plugins.config.SpringContextUtil;
|
||||
import io.dataease.plugins.loader.ClassloaderResponsity;
|
||||
import io.dataease.plugins.xpack.auth.dto.request.DataSetRowPermissionsDTO;
|
||||
import io.dataease.plugins.xpack.auth.dto.request.DatasetRowPermissions;
|
||||
import io.dataease.plugins.xpack.auth.dto.response.XpackSysAuthDetailDTO;
|
||||
import io.dataease.plugins.xpack.auth.service.RowPermissionService;
|
||||
import io.dataease.provider.ProviderFactory;
|
||||
import io.dataease.provider.datasource.DatasourceProvider;
|
||||
import io.dataease.provider.datasource.JdbcProvider;
|
||||
@ -72,7 +57,7 @@ import java.text.SimpleDateFormat;
|
||||
import java.util.*;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
;
|
||||
;import static io.dataease.commons.constants.ColumnPermissionConstants.Desensitization_desc;
|
||||
|
||||
/**
|
||||
* @Author gin
|
||||
@ -108,7 +93,7 @@ public class DataSetTableService {
|
||||
@Resource
|
||||
private DatasetTableFieldMapper datasetTableFieldMapper;
|
||||
@Resource
|
||||
private AuthUserService authUserService;
|
||||
private PermissionService permissionService;
|
||||
|
||||
private static final String lastUpdateTime = "${__last_update_time__}";
|
||||
private static final String currentUpdateTime = "${__current_update_time__}";
|
||||
@ -448,103 +433,6 @@ public class DataSetTableService {
|
||||
return map;
|
||||
}
|
||||
|
||||
private List<DatasetRowPermissions> rowPermissions(String datasetId, Long userId) {
|
||||
List<DatasetRowPermissions> datasetRowPermissions = new ArrayList<>();
|
||||
Map<String, RowPermissionService> beansOfType = SpringContextUtil.getApplicationContext().getBeansOfType((RowPermissionService.class));
|
||||
if (beansOfType.keySet().size() == 0) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
RowPermissionService rowPermissionService = SpringContextUtil.getBean(RowPermissionService.class);
|
||||
CurrentUserDto user = AuthUtils.getUser();
|
||||
List<Long> roleIds = new ArrayList<>();
|
||||
Long deptId = null;
|
||||
|
||||
if (user == null && userId == null) {
|
||||
return datasetRowPermissions;
|
||||
}
|
||||
|
||||
if (user != null && userId != null) {
|
||||
return datasetRowPermissions;
|
||||
}
|
||||
|
||||
if (user != null) {
|
||||
if (user.getIsAdmin()) {
|
||||
return datasetRowPermissions;
|
||||
}
|
||||
userId = user.getUserId();
|
||||
deptId = user.getDeptId();
|
||||
roleIds = user.getRoles().stream().map(CurrentRoleDto::getId).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
if (userId != null) {
|
||||
SysUserEntity userEntity = authUserService.getUserById(userId);
|
||||
if (userEntity.getIsAdmin()) {
|
||||
return datasetRowPermissions;
|
||||
}
|
||||
deptId = userEntity.getDeptId();
|
||||
roleIds = authUserService.roles(userId).stream().map(r -> Long.valueOf(r)).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
|
||||
DataSetRowPermissionsDTO dataSetRowPermissionsDTO = new DataSetRowPermissionsDTO();
|
||||
dataSetRowPermissionsDTO.setDatasetId(datasetId);
|
||||
dataSetRowPermissionsDTO.setAuthTargetIds(Collections.singletonList(userId));
|
||||
dataSetRowPermissionsDTO.setAuthTargetType("user");
|
||||
datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO));
|
||||
dataSetRowPermissionsDTO.setAuthTargetIds(roleIds);
|
||||
dataSetRowPermissionsDTO.setAuthTargetType("role");
|
||||
datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO));
|
||||
dataSetRowPermissionsDTO.setAuthTargetIds(Collections.singletonList(deptId));
|
||||
dataSetRowPermissionsDTO.setAuthTargetType("dept");
|
||||
datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO));
|
||||
return datasetRowPermissions;
|
||||
}
|
||||
|
||||
private DatasetTableField getFieldById(List<DatasetTableField> fields, String fieldId) {
|
||||
DatasetTableField field = null;
|
||||
for (DatasetTableField datasetTableField : fields) {
|
||||
if (fieldId.equalsIgnoreCase(datasetTableField.getId())) {
|
||||
field = datasetTableField;
|
||||
}
|
||||
}
|
||||
return field;
|
||||
}
|
||||
|
||||
public List<ChartFieldCustomFilterDTO> getCustomFilters(List<DatasetTableField> fields, DatasetTable datasetTable, Long user) {
|
||||
List<ChartFieldCustomFilterDTO> customFilter = new ArrayList<>();
|
||||
for (DatasetRowPermissions datasetRowPermissions : rowPermissions(datasetTable.getId(), user)) {
|
||||
ChartFieldCustomFilterDTO dto = new ChartFieldCustomFilterDTO();
|
||||
if (StringUtils.isEmpty(datasetRowPermissions.getDatasetFieldId())) {
|
||||
continue;
|
||||
}
|
||||
DatasetTableField field = getFieldById(fields, datasetRowPermissions.getDatasetFieldId());
|
||||
if (field == null) {
|
||||
continue;
|
||||
}
|
||||
dto.setField(field);
|
||||
dto.setId(field.getId());
|
||||
dto.setFilterType(datasetRowPermissions.getFilterType());
|
||||
if (datasetRowPermissions.getFilterType().equalsIgnoreCase("logic")) {
|
||||
if (StringUtils.isEmpty(datasetRowPermissions.getFilter())) {
|
||||
continue;
|
||||
}
|
||||
List<ChartCustomFilterItemDTO> lists = JSONObject.parseArray(datasetRowPermissions.getFilter(), ChartCustomFilterItemDTO.class);
|
||||
lists.forEach(chartCustomFilterDTO -> {
|
||||
chartCustomFilterDTO.setFieldId(field.getId());
|
||||
});
|
||||
dto.setFilter(lists);
|
||||
dto.setLogic(datasetRowPermissions.getLogic());
|
||||
customFilter.add(dto);
|
||||
} else {
|
||||
if (StringUtils.isEmpty(datasetRowPermissions.getEnumCheckField())) {
|
||||
continue;
|
||||
}
|
||||
dto.setEnumCheckField(Arrays.asList(datasetRowPermissions.getEnumCheckField().split(",").clone()));
|
||||
customFilter.add(dto);
|
||||
}
|
||||
}
|
||||
return customFilter;
|
||||
}
|
||||
|
||||
public Map<String, Object> getPreviewData(DataSetTableRequest dataSetTableRequest, Integer page, Integer pageSize, List<DatasetTableField> extFields) throws Exception {
|
||||
Map<String, Object> map = new HashMap<>();
|
||||
@ -560,7 +448,11 @@ public class DataSetTableService {
|
||||
return map;
|
||||
}
|
||||
DatasetTable datasetTable = datasetTableMapper.selectByPrimaryKey(dataSetTableRequest.getId());
|
||||
List<ChartFieldCustomFilterDTO> customFilter = getCustomFilters(fields, datasetTable, null);
|
||||
//列权限
|
||||
List<String> desensitizationList = new ArrayList<>();
|
||||
fields = permissionService.filterColumnPermissons(fields, desensitizationList, datasetTable, null);
|
||||
//行权限
|
||||
List<ChartFieldCustomFilterDTO> customFilter = permissionService.getCustomFilters(fields, datasetTable, null);
|
||||
String[] fieldArray = fields.stream().map(DatasetTableField::getDataeaseName).toArray(String[]::new);
|
||||
|
||||
DataTableInfoDTO dataTableInfoDTO = new Gson().fromJson(dataSetTableRequest.getInfo(), DataTableInfoDTO.class);
|
||||
@ -873,7 +765,11 @@ public class DataSetTableService {
|
||||
jsonArray = data.stream().map(ele -> {
|
||||
Map<String, Object> tmpMap = new HashMap<>();
|
||||
for (int i = 0; i < ele.length; i++) {
|
||||
tmpMap.put(fieldArray[i], ele[i]);
|
||||
if (desensitizationList.contains(fieldArray[i])) {
|
||||
tmpMap.put(fieldArray[i], Desensitization_desc);
|
||||
} else {
|
||||
tmpMap.put(fieldArray[i], ele[i]);
|
||||
}
|
||||
}
|
||||
return tmpMap;
|
||||
}).collect(Collectors.toList());
|
||||
|
||||
@ -0,0 +1,202 @@
|
||||
package io.dataease.service.dataset;
|
||||
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import io.dataease.auth.api.dto.CurrentRoleDto;
|
||||
import io.dataease.auth.api.dto.CurrentUserDto;
|
||||
import io.dataease.auth.entity.SysUserEntity;
|
||||
import io.dataease.auth.service.AuthUserService;
|
||||
import io.dataease.base.domain.DatasetTable;
|
||||
import io.dataease.base.domain.DatasetTableField;
|
||||
import io.dataease.commons.constants.ColumnPermissionConstants;
|
||||
import io.dataease.commons.utils.AuthUtils;
|
||||
import io.dataease.dto.chart.ChartCustomFilterItemDTO;
|
||||
import io.dataease.dto.chart.ChartFieldCustomFilterDTO;
|
||||
import io.dataease.plugins.config.SpringContextUtil;
|
||||
import io.dataease.plugins.xpack.auth.dto.request.*;
|
||||
import io.dataease.plugins.xpack.auth.service.ColumnPermissionService;
|
||||
import io.dataease.plugins.xpack.auth.service.RowPermissionService;
|
||||
import org.apache.commons.collections4.CollectionUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.util.*;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@Service
|
||||
public class PermissionService {
|
||||
@Resource
|
||||
private AuthUserService authUserService;
|
||||
|
||||
public List<ChartFieldCustomFilterDTO> getCustomFilters(List<DatasetTableField> fields, DatasetTable datasetTable, Long user) {
|
||||
List<ChartFieldCustomFilterDTO> customFilter = new ArrayList<>();
|
||||
for (DatasetRowPermissions datasetRowPermissions : rowPermissions(datasetTable.getId(), user)) {
|
||||
ChartFieldCustomFilterDTO dto = new ChartFieldCustomFilterDTO();
|
||||
if (StringUtils.isEmpty(datasetRowPermissions.getDatasetFieldId())) {
|
||||
continue;
|
||||
}
|
||||
DatasetTableField field = getFieldById(fields, datasetRowPermissions.getDatasetFieldId());
|
||||
if (field == null) {
|
||||
continue;
|
||||
}
|
||||
dto.setField(field);
|
||||
dto.setId(field.getId());
|
||||
dto.setFilterType(datasetRowPermissions.getFilterType());
|
||||
if (datasetRowPermissions.getFilterType().equalsIgnoreCase("logic")) {
|
||||
if (StringUtils.isEmpty(datasetRowPermissions.getFilter())) {
|
||||
continue;
|
||||
}
|
||||
List<ChartCustomFilterItemDTO> lists = JSONObject.parseArray(datasetRowPermissions.getFilter(), ChartCustomFilterItemDTO.class);
|
||||
lists.forEach(chartCustomFilterDTO -> {
|
||||
chartCustomFilterDTO.setFieldId(field.getId());
|
||||
});
|
||||
dto.setFilter(lists);
|
||||
dto.setLogic(datasetRowPermissions.getLogic());
|
||||
customFilter.add(dto);
|
||||
} else {
|
||||
if (StringUtils.isEmpty(datasetRowPermissions.getEnumCheckField())) {
|
||||
continue;
|
||||
}
|
||||
dto.setEnumCheckField(Arrays.asList(datasetRowPermissions.getEnumCheckField().split(",").clone()));
|
||||
customFilter.add(dto);
|
||||
}
|
||||
}
|
||||
return customFilter;
|
||||
}
|
||||
|
||||
public List<DatasetTableField> filterColumnPermissons(List<DatasetTableField> fields, List<String>desensitizationList, DatasetTable datasetTable, Long user){
|
||||
List<DatasetTableField> result = new ArrayList<>();
|
||||
List<ColumnPermissionItem> allColumnPermissionItems = new ArrayList<>();
|
||||
for (DataSetColumnPermissionsDTO dataSetColumnPermissionsDTO : columnPermissions(datasetTable.getId(), user)) {
|
||||
ColumnPermissions columnPermissions = JSONObject.parseObject(dataSetColumnPermissionsDTO.getPermissions(), ColumnPermissions.class);
|
||||
if(!columnPermissions.getEnable()){continue;}
|
||||
allColumnPermissionItems.addAll(columnPermissions.getColumns().stream().filter(columnPermissionItem -> columnPermissionItem.getSelected()).collect(Collectors.toList()));
|
||||
}
|
||||
fields.forEach(field ->{
|
||||
List<String> permissions = allColumnPermissionItems.stream().filter(columnPermissionItem -> columnPermissionItem.getId().equalsIgnoreCase(field.getId())).map(ColumnPermissionItem::getOpt).collect(Collectors.toList());
|
||||
if(CollectionUtils.isEmpty(permissions)){
|
||||
result.add(field);
|
||||
}else {
|
||||
if(!permissions.contains(ColumnPermissionConstants.Prohibit)){
|
||||
desensitizationList.add(field.getDataeaseName());
|
||||
result.add(field);
|
||||
}
|
||||
}
|
||||
});
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
private List<DatasetRowPermissions> rowPermissions(String datasetId, Long userId) {
|
||||
List<DatasetRowPermissions> datasetRowPermissions = new ArrayList<>();
|
||||
Map<String, RowPermissionService> beansOfType = SpringContextUtil.getApplicationContext().getBeansOfType((RowPermissionService.class));
|
||||
if (beansOfType.keySet().size() == 0) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
RowPermissionService rowPermissionService = SpringContextUtil.getBean(RowPermissionService.class);
|
||||
CurrentUserDto user = AuthUtils.getUser();
|
||||
List<Long> roleIds = new ArrayList<>();
|
||||
Long deptId = null;
|
||||
|
||||
if (user == null && userId == null) {
|
||||
return datasetRowPermissions;
|
||||
}
|
||||
|
||||
if (user != null && userId != null) {
|
||||
return datasetRowPermissions;
|
||||
}
|
||||
|
||||
if (user != null) {
|
||||
if (user.getIsAdmin()) {
|
||||
return datasetRowPermissions;
|
||||
}
|
||||
userId = user.getUserId();
|
||||
deptId = user.getDeptId();
|
||||
roleIds = user.getRoles().stream().map(CurrentRoleDto::getId).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
if (userId != null) {
|
||||
SysUserEntity userEntity = authUserService.getUserById(userId);
|
||||
if (userEntity.getIsAdmin()) {
|
||||
return datasetRowPermissions;
|
||||
}
|
||||
deptId = userEntity.getDeptId();
|
||||
roleIds = authUserService.roles(userId).stream().map(r -> Long.valueOf(r)).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
|
||||
DataSetRowPermissionsDTO dataSetRowPermissionsDTO = new DataSetRowPermissionsDTO();
|
||||
dataSetRowPermissionsDTO.setDatasetId(datasetId);
|
||||
dataSetRowPermissionsDTO.setAuthTargetIds(Collections.singletonList(userId));
|
||||
dataSetRowPermissionsDTO.setAuthTargetType("user");
|
||||
datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO));
|
||||
dataSetRowPermissionsDTO.setAuthTargetIds(roleIds);
|
||||
dataSetRowPermissionsDTO.setAuthTargetType("role");
|
||||
datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO));
|
||||
dataSetRowPermissionsDTO.setAuthTargetIds(Collections.singletonList(deptId));
|
||||
dataSetRowPermissionsDTO.setAuthTargetType("dept");
|
||||
datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO));
|
||||
return datasetRowPermissions;
|
||||
}
|
||||
|
||||
private List<DataSetColumnPermissionsDTO> columnPermissions(String datasetId, Long userId) {
|
||||
List<DataSetColumnPermissionsDTO> datasetColumnPermissions = new ArrayList<>();
|
||||
Map<String, ColumnPermissionService> beansOfType = SpringContextUtil.getApplicationContext().getBeansOfType((ColumnPermissionService.class));
|
||||
if (beansOfType.keySet().size() == 0) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
ColumnPermissionService columnPermissionService = SpringContextUtil.getBean(ColumnPermissionService.class);
|
||||
CurrentUserDto user = AuthUtils.getUser();
|
||||
List<Long> roleIds = new ArrayList<>();
|
||||
Long deptId = null;
|
||||
|
||||
if (user == null && userId == null) {
|
||||
return datasetColumnPermissions;
|
||||
}
|
||||
|
||||
if (user != null && userId != null) {
|
||||
return datasetColumnPermissions;
|
||||
}
|
||||
|
||||
if (user != null) {
|
||||
if (user.getIsAdmin()) {
|
||||
return datasetColumnPermissions;
|
||||
}
|
||||
userId = user.getUserId();
|
||||
deptId = user.getDeptId();
|
||||
roleIds = user.getRoles().stream().map(CurrentRoleDto::getId).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
if (userId != null) {
|
||||
SysUserEntity userEntity = authUserService.getUserById(userId);
|
||||
if (userEntity.getIsAdmin()) {
|
||||
return datasetColumnPermissions;
|
||||
}
|
||||
deptId = userEntity.getDeptId();
|
||||
roleIds = authUserService.roles(userId).stream().map(r -> Long.valueOf(r)).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
DataSetColumnPermissionsDTO dataSetColumnPermissionsDTO = new DataSetColumnPermissionsDTO();
|
||||
dataSetColumnPermissionsDTO.setDatasetId(datasetId);
|
||||
dataSetColumnPermissionsDTO.setAuthTargetIds(Collections.singletonList(userId));
|
||||
dataSetColumnPermissionsDTO.setAuthTargetType("user");
|
||||
datasetColumnPermissions.addAll(columnPermissionService.searchPermissions(dataSetColumnPermissionsDTO));
|
||||
dataSetColumnPermissionsDTO.setAuthTargetIds(roleIds);
|
||||
dataSetColumnPermissionsDTO.setAuthTargetType("role");
|
||||
datasetColumnPermissions.addAll(columnPermissionService.searchPermissions(dataSetColumnPermissionsDTO));
|
||||
dataSetColumnPermissionsDTO.setAuthTargetIds(Collections.singletonList(deptId));
|
||||
dataSetColumnPermissionsDTO.setAuthTargetType("dept");
|
||||
datasetColumnPermissions.addAll(columnPermissionService.searchPermissions(dataSetColumnPermissionsDTO));
|
||||
return datasetColumnPermissions;
|
||||
}
|
||||
|
||||
private DatasetTableField getFieldById(List<DatasetTableField> fields, String fieldId) {
|
||||
DatasetTableField field = null;
|
||||
for (DatasetTableField datasetTableField : fields) {
|
||||
if (fieldId.equalsIgnoreCase(datasetTableField.getId())) {
|
||||
field = datasetTableField;
|
||||
}
|
||||
}
|
||||
return field;
|
||||
}
|
||||
}
|
||||
@ -4,20 +4,18 @@ import com.google.gson.Gson;
|
||||
import io.dataease.base.domain.DatasetTable;
|
||||
import io.dataease.base.domain.DatasetTableField;
|
||||
import io.dataease.base.domain.Datasource;
|
||||
import io.dataease.commons.constants.ColumnPermissionConstants;
|
||||
import io.dataease.commons.utils.CommonBeanFactory;
|
||||
import io.dataease.dto.chart.ChartFieldCustomFilterDTO;
|
||||
import io.dataease.i18n.Translator;
|
||||
import io.dataease.provider.datasource.DatasourceProvider;
|
||||
import io.dataease.provider.ProviderFactory;
|
||||
import io.dataease.controller.request.datasource.DatasourceRequest;
|
||||
import io.dataease.service.dataset.*;
|
||||
import io.dataease.service.datasource.DatasourceService;
|
||||
import io.dataease.dto.dataset.DataSetTableUnionDTO;
|
||||
import io.dataease.dto.dataset.DataTableInfoDTO;
|
||||
import io.dataease.provider.query.QueryProvider;
|
||||
import io.dataease.service.dataset.DataSetFieldService;
|
||||
import io.dataease.service.dataset.DataSetTableFieldsService;
|
||||
import io.dataease.service.dataset.DataSetTableService;
|
||||
import io.dataease.service.dataset.DataSetTableUnionService;
|
||||
import org.apache.commons.collections.CollectionUtils;
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
@ -40,32 +38,38 @@ public class DirectFieldService implements DataSetFieldService {
|
||||
private DatasourceService datasourceService;
|
||||
@Resource
|
||||
private DataSetTableUnionService dataSetTableUnionService;
|
||||
@Resource
|
||||
private PermissionService permissionService;
|
||||
|
||||
@Override
|
||||
public List<Object> fieldValues(String fieldId, Long userId) throws Exception{
|
||||
List<DatasetTableField> list = dataSetTableFieldsService.getListByIds(new ArrayList<String>() {{
|
||||
add(fieldId);
|
||||
}});
|
||||
if (CollectionUtils.isEmpty(list)) return null;
|
||||
public List<Object> fieldValues(String fieldId, Long userId) throws Exception {
|
||||
DatasetTableField field = dataSetTableFieldsService.selectByPrimaryKey(fieldId);
|
||||
if (field == null || StringUtils.isEmpty(field.getTableId())) return null;
|
||||
|
||||
DatasetTableField field = list.get(0);
|
||||
String tableId = field.getTableId();
|
||||
if (StringUtils.isEmpty(tableId)) return null;
|
||||
|
||||
DatasetTable datasetTable = dataSetTableService.get(tableId);
|
||||
DatasetTable datasetTable = dataSetTableService.get(field.getTableId());
|
||||
if (ObjectUtils.isEmpty(datasetTable) || StringUtils.isEmpty(datasetTable.getName())) return null;
|
||||
String tableName;
|
||||
|
||||
DatasetTableField datasetTableField = DatasetTableField.builder().tableId(tableId).checked(Boolean.TRUE).build();
|
||||
DatasetTableField datasetTableField = DatasetTableField.builder().tableId(field.getTableId()).checked(Boolean.TRUE).build();
|
||||
List<DatasetTableField> fields = dataSetTableFieldsService.list(datasetTableField);
|
||||
List<ChartFieldCustomFilterDTO> customFilter = dataSetTableService.getCustomFilters(fields, datasetTable, userId);
|
||||
|
||||
//列权限
|
||||
List<String> desensitizationList = new ArrayList<>();
|
||||
fields = permissionService.filterColumnPermissons(fields, desensitizationList, datasetTable, userId);
|
||||
|
||||
if (CollectionUtils.isNotEmpty(desensitizationList) && desensitizationList.contains(field.getDataeaseName())) {
|
||||
List<Object> results = new ArrayList<>();
|
||||
results.add(ColumnPermissionConstants.Desensitization_desc);
|
||||
return results;
|
||||
}
|
||||
//行权限
|
||||
List<ChartFieldCustomFilterDTO> customFilter = permissionService.getCustomFilters(fields, datasetTable, userId);
|
||||
|
||||
DatasourceRequest datasourceRequest = new DatasourceRequest();
|
||||
DatasourceProvider datasourceProvider = null;
|
||||
if (datasetTable.getMode() == 0) {// 直连
|
||||
if (StringUtils.isEmpty(datasetTable.getDataSourceId())) return null;
|
||||
Datasource ds = datasourceService.get(datasetTable.getDataSourceId());
|
||||
if(StringUtils.isNotEmpty(ds.getStatus()) && ds.getStatus().equalsIgnoreCase("Error")){
|
||||
if (StringUtils.isNotEmpty(ds.getStatus()) && ds.getStatus().equalsIgnoreCase("Error")) {
|
||||
throw new Exception(Translator.get("i18n_invalid_ds"));
|
||||
}
|
||||
datasourceProvider = ProviderFactory.getProvider(ds.getType());
|
||||
@ -94,7 +98,7 @@ public class DirectFieldService implements DataSetFieldService {
|
||||
datasourceProvider = ProviderFactory.getProvider(ds.getType());
|
||||
datasourceRequest = new DatasourceRequest();
|
||||
datasourceRequest.setDatasource(ds);
|
||||
tableName = "ds_" + datasetTable.getId().replaceAll("-", "_");
|
||||
String tableName = "ds_" + datasetTable.getId().replaceAll("-", "_");
|
||||
datasourceRequest.setTable(tableName);
|
||||
QueryProvider qp = ProviderFactory.getQueryProvider(ds.getType());
|
||||
datasourceRequest.setQuery(qp.createQuerySQL(tableName, Collections.singletonList(field), true, null, customFilter));
|
||||
|
||||
@ -1,2 +1,13 @@
|
||||
CREATE TABLE `dataset_column_permissions` (
|
||||
`id` varchar(64) NOT NULL COMMENT 'File ID',
|
||||
`auth_target_type` varchar(255) DEFAULT NULL COMMENT '权限类型:组织/角色/用户',
|
||||
`auth_target_id` bigint(20) DEFAULT NULL COMMENT '权限对象ID',
|
||||
`dataset_id` varchar(64) DEFAULT NULL COMMENT '数据集ID',
|
||||
`permissions` longtext DEFAULT NULL COMMENT '权限',
|
||||
`update_time` bigint(13) NULL DEFAULT NULL,
|
||||
PRIMARY KEY (`id`)
|
||||
)ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE utf8mb4_general_ci;
|
||||
|
||||
INSERT INTO `sys_menu` (`menu_id`, `pid`, `sub_count`, `type`, `title`, `name`, `component`, `menu_sort`, `icon`, `path`, `i_frame`, `cache`, `hidden`, `permission`, `create_by`, `update_by`, `create_time`, `update_time`) VALUES (61, 0, 0, 1, '首页', 'wizard', 'wizard/index', 0, '', '/wizard', b'1', b'0', b'0', NULL, NULL, NULL, NULL, 1614915491036);
|
||||
INSERT INTO `system_parameter` (`param_key`, `param_value`, `type`, `sort`) VALUES ('ui.openHomePage', 'true', 'boolean', 13);
|
||||
|
||||
|
||||
@ -60,6 +60,6 @@
|
||||
</javaClientGenerator>
|
||||
|
||||
<!--要生成的数据库表 -->
|
||||
<table tableName="dataset_row_permissions"/>
|
||||
<table tableName="dataset_column_permissions"/>
|
||||
</context>
|
||||
</generatorConfiguration>
|
||||
|
||||
@ -1207,7 +1207,21 @@ export default {
|
||||
auth_type: 'Authorization type',
|
||||
auth_obj: 'Authorized object'
|
||||
},
|
||||
column_permission: {
|
||||
add: 'Add',
|
||||
edit: 'Edit',
|
||||
please_select_auth_type: 'Please select the authorization type',
|
||||
please_select_auth_id: '请选择授权目标',
|
||||
column_permission_not_empty: 'Please select authorization target',
|
||||
auth_type: 'Authorization type',
|
||||
auth_obj: 'Authorized object',
|
||||
enable: 'Enable column permissions',
|
||||
prohibit: 'Prohibit',
|
||||
desensitization: 'Desensitization'
|
||||
},
|
||||
row_permissions: 'Row Permissions',
|
||||
column_permissions: '列权限',
|
||||
row_column_permissions: '行列权限',
|
||||
union_data: 'Union Dataset',
|
||||
add_union_table: 'Add Union Dataset',
|
||||
edit_union: 'Edit Union Dataset',
|
||||
|
||||
@ -1207,7 +1207,21 @@ export default {
|
||||
auth_type: '授權類型',
|
||||
auth_obj: '授權對象'
|
||||
},
|
||||
column_permission: {
|
||||
add: '添加列權限',
|
||||
edit: '編輯列權限',
|
||||
please_select_auth_type: '請選餓授權類型',
|
||||
please_select_auth_id: '請選擇授權目標',
|
||||
column_permission_not_empty: '列權限不能為空',
|
||||
auth_type: '授權類型',
|
||||
auth_obj: '授權對象',
|
||||
enable: '啟用列權限',
|
||||
prohibit: '禁用',
|
||||
desensitization: '脫敏'
|
||||
},
|
||||
row_permissions: '行權限',
|
||||
column_permissions: '列權限',
|
||||
row_column_permissions: '行列權限',
|
||||
union_data: '關聯數據集',
|
||||
add_union_table: '添加關聯數據集',
|
||||
edit_union: '編輯關聯數據集',
|
||||
|
||||
@ -1209,7 +1209,22 @@ export default {
|
||||
auth_type: '授权类型',
|
||||
auth_obj: '授权对象'
|
||||
},
|
||||
column_permission: {
|
||||
add: '添加列权限',
|
||||
edit: '编辑列权限',
|
||||
please_select_field: '请选择字段',
|
||||
please_select_auth_type: '请选择授权类型',
|
||||
please_select_auth_id: '请选择授权目标',
|
||||
column_permission_not_empty: '列权限不能为空',
|
||||
auth_type: '授权类型',
|
||||
auth_obj: '授权对象',
|
||||
enable: '启用列权限',
|
||||
prohibit: '禁用',
|
||||
desensitization: '脱敏'
|
||||
},
|
||||
row_permissions: '行权限',
|
||||
column_permissions: '列权限',
|
||||
row_column_permissions: '行列权限',
|
||||
union_data: '关联数据集',
|
||||
add_union_table: '添加关联数据集',
|
||||
edit_union: '编辑关联数据集',
|
||||
|
||||
@ -59,6 +59,9 @@
|
||||
<el-tab-pane v-if="isPluginLoaded && hasDataPermission('manage',param.privileges)" :lazy="true" :label="$t('dataset.row_permissions')" name="rowPermissions">
|
||||
<plugin-com v-if="isPluginLoaded && tabActive=='rowPermissions'" ref="RowPermissions" component-name="RowPermissions" :obj="table" />
|
||||
</el-tab-pane>
|
||||
<el-tab-pane v-if="isPluginLoaded && hasDataPermission('manage',param.privileges)" :lazy="true" :label="$t('dataset.column_permissions')" name="columnPermissions">
|
||||
<plugin-com v-if="isPluginLoaded && tabActive=='columnPermissions'" ref="ColumnPermissions" component-name="ColumnPermissions" :obj="table" />
|
||||
</el-tab-pane>
|
||||
</el-tabs>
|
||||
</el-row>
|
||||
</template>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user