diff --git a/backend/pom.xml b/backend/pom.xml index 8ed59a2fa0..2ec6c7ff5e 100644 --- a/backend/pom.xml +++ b/backend/pom.xml @@ -207,7 +207,7 @@ io.dataease dataease-plugin-interface - 1.6 + 1.7 cn.hutool diff --git a/backend/src/main/java/io/dataease/commons/constants/ColumnPermissionConstants.java b/backend/src/main/java/io/dataease/commons/constants/ColumnPermissionConstants.java new file mode 100644 index 0000000000..52f1a00796 --- /dev/null +++ b/backend/src/main/java/io/dataease/commons/constants/ColumnPermissionConstants.java @@ -0,0 +1,10 @@ +package io.dataease.commons.constants; + +public class ColumnPermissionConstants { + + public final static String Prohibit = "Prohibit"; + public final static String Desensitization = "Desensitization"; + public final static String Desensitization_desc = "******"; + + +} diff --git a/backend/src/main/java/io/dataease/commons/license/DefaultLicenseService.java b/backend/src/main/java/io/dataease/commons/license/DefaultLicenseService.java index 4ec131a818..d4b8224600 100644 --- a/backend/src/main/java/io/dataease/commons/license/DefaultLicenseService.java +++ b/backend/src/main/java/io/dataease/commons/license/DefaultLicenseService.java @@ -19,7 +19,7 @@ public class DefaultLicenseService { private InnerLicenseService innerLicenseService; private static final String LICENSE_ID = "fit2cloud_license"; - private static final String validatorUtil = "/usr/bin/validator"; + private static final String validatorUtil = "/usr/local/bin/validator"; private static final String product = "DataEase"; public F2CLicenseResponse validateLicense(String product, String licenseKey) { diff --git a/backend/src/main/java/io/dataease/service/chart/ChartViewService.java b/backend/src/main/java/io/dataease/service/chart/ChartViewService.java index 291a17c709..f0a7679475 100644 --- a/backend/src/main/java/io/dataease/service/chart/ChartViewService.java +++ b/backend/src/main/java/io/dataease/service/chart/ChartViewService.java @@ -6,6 +6,7 @@ import io.dataease.base.domain.*; import io.dataease.base.mapper.ChartViewMapper; import io.dataease.base.mapper.ext.ExtChartGroupMapper; import io.dataease.base.mapper.ext.ExtChartViewMapper; +import io.dataease.commons.constants.ColumnPermissionConstants; import io.dataease.commons.constants.CommonConstants; import io.dataease.commons.constants.JdbcConstants; import io.dataease.commons.utils.AuthUtils; @@ -27,6 +28,7 @@ import io.dataease.provider.query.QueryProvider; import io.dataease.service.dataset.DataSetTableFieldsService; import io.dataease.service.dataset.DataSetTableService; import io.dataease.service.dataset.DataSetTableUnionService; +import io.dataease.service.dataset.PermissionService; import io.dataease.service.datasource.DatasourceService; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.ObjectUtils; @@ -41,6 +43,8 @@ import java.util.*; import java.util.concurrent.locks.ReentrantLock; import java.util.stream.Collectors; +import static io.dataease.commons.constants.ColumnPermissionConstants.Desensitization_desc; + /** * @Author gin * @Date 2021/3/1 12:34 下午 @@ -61,6 +65,8 @@ public class ChartViewService { private ExtChartGroupMapper extChartGroupMapper; @Resource private DataSetTableUnionService dataSetTableUnionService; + @Resource + private PermissionService permissionService; //默认使用非公平 private ReentrantLock lock = new ReentrantLock(); @@ -187,6 +193,25 @@ public class ChartViewService { return calcData(view, request, request.isCache()); } + private void checkPermissions(List chartViewFieldDTOS, List fields, List desensitizationList, Boolean alowDesensitization) throws Exception{ + String filedName = ""; + for (ChartViewFieldBaseDTO chartViewFieldDTO : chartViewFieldDTOS) { + if(alowDesensitization){ + if (!fields.stream().map(DatasetTableField::getDataeaseName).collect(Collectors.toList()).contains(chartViewFieldDTO.getDataeaseName())) { + filedName = filedName + chartViewFieldDTO.getName() + " ,"; + } + }else { + if (desensitizationList.contains(chartViewFieldDTO.getDataeaseName()) || !fields.stream().map(DatasetTableField::getDataeaseName).collect(Collectors.toList()).contains(chartViewFieldDTO.getDataeaseName())) { + filedName = filedName + chartViewFieldDTO.getName() + " ,"; + } + } + } + filedName = filedName.endsWith(",") ? filedName.substring(0, filedName.length() - 1) : filedName; + if(StringUtils.isNotEmpty(filedName)){ + throw new Exception("以下字段没有权限: " + filedName); + } + } + public ChartViewDTO calcData(ChartViewDTO view, ChartExtRequest requestList, boolean cache) throws Exception { if (ObjectUtils.isEmpty(view)) { throw new RuntimeException(Translator.get("i18n_chart_delete")); @@ -208,39 +233,52 @@ public class ChartViewService { }.getType()); List drill = new Gson().fromJson(view.getDrillFields(), new TypeToken>() { }.getType()); - // 获取对应数据集行权限 + + DatasetTableField datasetTableFieldObj = DatasetTableField.builder().tableId(view.getTableId()).checked(Boolean.TRUE).build(); List fields = dataSetTableFieldsService.list(datasetTableFieldObj); DatasetTable datasetTable = dataSetTableService.get(view.getTableId()); - List permissionFields = dataSetTableService.getCustomFilters(fields, datasetTable, requestList.getUser()); + + //列权限 + List desensitizationList = new ArrayList<>(); + fields = permissionService.filterColumnPermissons(fields, desensitizationList, datasetTable, null); + checkPermissions(fieldCustomFilter, fields, desensitizationList, false); + //行权限 + List permissionFields = permissionService.getCustomFilters(fields, datasetTable, requestList.getUser()); fieldCustomFilter.addAll(permissionFields); for (ChartFieldCustomFilterDTO ele : fieldCustomFilter) { ele.setField(dataSetTableFieldsService.get(ele.getId())); } - if (StringUtils.equalsIgnoreCase("text", view.getType()) - || StringUtils.equalsIgnoreCase("gauge", view.getType()) - || StringUtils.equalsIgnoreCase("liquid", view.getType())) { - xAxis = new ArrayList<>(); - if (CollectionUtils.isEmpty(yAxis)) { - ChartViewDTO dto = new ChartViewDTO(); - BeanUtils.copyBean(dto, view); - return dto; - } - } else if (StringUtils.equalsIgnoreCase("table-info", view.getType())) { - yAxis = new ArrayList<>(); - if (CollectionUtils.isEmpty(xAxis)) { - ChartViewDTO dto = new ChartViewDTO(); - BeanUtils.copyBean(dto, view); - return dto; - } - } else { - if (CollectionUtils.isEmpty(xAxis) && CollectionUtils.isEmpty(yAxis)) { - ChartViewDTO dto = new ChartViewDTO(); - BeanUtils.copyBean(dto, view); - return dto; - } + if (CollectionUtils.isEmpty(xAxis) && CollectionUtils.isEmpty(yAxis)) { + return emptyChartViewDTO(view); + } + + switch (view.getType()){ + case "text": + case "gauge": + case "liquid": + xAxis = new ArrayList<>(); + checkPermissions(yAxis, fields, desensitizationList, false); + if (CollectionUtils.isEmpty(yAxis)) { + return emptyChartViewDTO(view); + } + break; + case "table-info": + yAxis = new ArrayList<>(); + checkPermissions(xAxis, fields, desensitizationList, true); + if (CollectionUtils.isEmpty(xAxis)) { + return emptyChartViewDTO(view); + } + break; + case "table-normal": + checkPermissions(xAxis, fields, desensitizationList, true); + checkPermissions(yAxis, fields, desensitizationList, true); + break; + default: + checkPermissions(xAxis, fields, desensitizationList, false); + checkPermissions(yAxis, fields, desensitizationList, false); } // 过滤来自仪表板的条件 @@ -344,7 +382,7 @@ public class ChartViewService { if (ObjectUtils.isEmpty(ds)) { throw new RuntimeException(Translator.get("i18n_datasource_delete")); } - if(StringUtils.isNotEmpty(ds.getStatus()) && ds.getStatus().equalsIgnoreCase("Error")){ + if (StringUtils.isNotEmpty(ds.getStatus()) && ds.getStatus().equalsIgnoreCase("Error")) { throw new Exception(Translator.get("i18n_invalid_ds")); } DatasourceProvider datasourceProvider = ProviderFactory.getProvider(ds.getType()); @@ -569,7 +607,7 @@ public class ChartViewService { } // table组件,明细表,也用于导出数据 - Map mapTableNormal = transTableNormal(xAxis, yAxis, view, data, extStack); + Map mapTableNormal = transTableNormal(xAxis, yAxis, view, data, extStack, desensitizationList); map.putAll(mapChart); map.putAll(mapTableNormal); @@ -587,6 +625,12 @@ public class ChartViewService { return dto; } + private ChartViewDTO emptyChartViewDTO(ChartViewDTO view) { + ChartViewDTO dto = new ChartViewDTO(); + BeanUtils.copyBean(dto, view); + return dto; + } + private boolean checkCalcType(String dateStyle, String calcType) { switch (dateStyle) { case "y": @@ -1510,7 +1554,7 @@ public class ChartViewService { } // 表格 - private Map transTableNormal(List xAxis, List yAxis, ChartViewWithBLOBs view, List data, List extStack) { + private Map transTableNormal(List xAxis, List yAxis, ChartViewWithBLOBs view, List data, List extStack, List desensitizationList) { Map map = new TreeMap<>(); List fields = new ArrayList<>(); List> tableRow = new ArrayList<>(); @@ -1526,9 +1570,14 @@ public class ChartViewService { data.forEach(ele -> { Map d = new HashMap<>(); for (int i = 0; i < fields.size(); i++) { + if(CollectionUtils.isNotEmpty(desensitizationList) && desensitizationList.contains(fields.get(i).getDataeaseName())){ + d.put(fields.get(i).getDataeaseName(), ColumnPermissionConstants.Desensitization_desc); + continue; + } + ChartViewFieldDTO chartViewFieldDTO = fields.get(i); if (chartViewFieldDTO.getDeType() == 0 || chartViewFieldDTO.getDeType() == 1) { - d.put(fields.get(i).getDataeaseName(), StringUtils.isEmpty(ele[i]) ? "" : ele[i]); + d.put(fields.get(i).getDataeaseName(), StringUtils.isEmpty(ele[i]) ? "" : ele[i]); } else if (chartViewFieldDTO.getDeType() == 2 || chartViewFieldDTO.getDeType() == 3) { d.put(fields.get(i).getDataeaseName(), StringUtils.isEmpty(ele[i]) ? null : new BigDecimal(ele[i]).setScale(2, RoundingMode.HALF_UP)); } diff --git a/backend/src/main/java/io/dataease/service/dataset/DataSetTableFieldsService.java b/backend/src/main/java/io/dataease/service/dataset/DataSetTableFieldsService.java index 9b5c480810..4744c14637 100644 --- a/backend/src/main/java/io/dataease/service/dataset/DataSetTableFieldsService.java +++ b/backend/src/main/java/io/dataease/service/dataset/DataSetTableFieldsService.java @@ -91,6 +91,10 @@ public class DataSetTableFieldsService { return datasetTableFieldMapper.selectByExample(datasetTableFieldExample); } + public DatasetTableField selectByPrimaryKey(String id) { + return datasetTableFieldMapper.selectByPrimaryKey(id); + } + public List getListByIdsEach(List ids) { List list = new ArrayList<>(); if (CollectionUtils.isNotEmpty(ids)) { diff --git a/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java b/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java index b6eace9983..bac36183c6 100644 --- a/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java +++ b/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java @@ -1,21 +1,12 @@ package io.dataease.service.dataset; - -import com.alibaba.fastjson.JSONObject; import com.google.gson.Gson; -import io.dataease.auth.api.dto.CurrentRoleDto; -import io.dataease.auth.api.dto.CurrentUserDto; -import io.dataease.auth.entity.SysUserEntity; -import io.dataease.auth.service.AuthUserService; import io.dataease.base.domain.*; import io.dataease.base.mapper.*; import io.dataease.base.mapper.ext.ExtDataSetGroupMapper; import io.dataease.base.mapper.ext.ExtDataSetTableMapper; import io.dataease.base.mapper.ext.UtilMapper; -import io.dataease.commons.constants.DatasourceTypes; -import io.dataease.commons.constants.JobStatus; -import io.dataease.commons.constants.ScheduleType; -import io.dataease.commons.constants.TaskStatus; +import io.dataease.commons.constants.*; import io.dataease.commons.exception.DEException; import io.dataease.commons.utils.*; import io.dataease.controller.request.dataset.DataSetGroupRequest; @@ -23,7 +14,6 @@ import io.dataease.controller.request.dataset.DataSetTableRequest; import io.dataease.controller.request.dataset.DataSetTaskRequest; import io.dataease.controller.request.datasource.DatasourceRequest; import io.dataease.controller.response.DataSetDetail; -import io.dataease.dto.chart.ChartCustomFilterItemDTO; import io.dataease.dto.chart.ChartFieldCustomFilterDTO; import io.dataease.dto.dataset.*; import io.dataease.dto.dataset.union.UnionDTO; @@ -32,12 +22,7 @@ import io.dataease.dto.dataset.union.UnionParamDTO; import io.dataease.dto.datasource.TableFiled; import io.dataease.exception.DataEaseException; import io.dataease.i18n.Translator; -import io.dataease.plugins.config.SpringContextUtil; import io.dataease.plugins.loader.ClassloaderResponsity; -import io.dataease.plugins.xpack.auth.dto.request.DataSetRowPermissionsDTO; -import io.dataease.plugins.xpack.auth.dto.request.DatasetRowPermissions; -import io.dataease.plugins.xpack.auth.dto.response.XpackSysAuthDetailDTO; -import io.dataease.plugins.xpack.auth.service.RowPermissionService; import io.dataease.provider.ProviderFactory; import io.dataease.provider.datasource.DatasourceProvider; import io.dataease.provider.datasource.JdbcProvider; @@ -72,7 +57,7 @@ import java.text.SimpleDateFormat; import java.util.*; import java.util.stream.Collectors; -; +;import static io.dataease.commons.constants.ColumnPermissionConstants.Desensitization_desc; /** * @Author gin @@ -108,7 +93,7 @@ public class DataSetTableService { @Resource private DatasetTableFieldMapper datasetTableFieldMapper; @Resource - private AuthUserService authUserService; + private PermissionService permissionService; private static final String lastUpdateTime = "${__last_update_time__}"; private static final String currentUpdateTime = "${__current_update_time__}"; @@ -448,103 +433,6 @@ public class DataSetTableService { return map; } - private List rowPermissions(String datasetId, Long userId) { - List datasetRowPermissions = new ArrayList<>(); - Map beansOfType = SpringContextUtil.getApplicationContext().getBeansOfType((RowPermissionService.class)); - if (beansOfType.keySet().size() == 0) { - return new ArrayList<>(); - } - RowPermissionService rowPermissionService = SpringContextUtil.getBean(RowPermissionService.class); - CurrentUserDto user = AuthUtils.getUser(); - List roleIds = new ArrayList<>(); - Long deptId = null; - - if (user == null && userId == null) { - return datasetRowPermissions; - } - - if (user != null && userId != null) { - return datasetRowPermissions; - } - - if (user != null) { - if (user.getIsAdmin()) { - return datasetRowPermissions; - } - userId = user.getUserId(); - deptId = user.getDeptId(); - roleIds = user.getRoles().stream().map(CurrentRoleDto::getId).collect(Collectors.toList()); - } - - if (userId != null) { - SysUserEntity userEntity = authUserService.getUserById(userId); - if (userEntity.getIsAdmin()) { - return datasetRowPermissions; - } - deptId = userEntity.getDeptId(); - roleIds = authUserService.roles(userId).stream().map(r -> Long.valueOf(r)).collect(Collectors.toList()); - } - - - DataSetRowPermissionsDTO dataSetRowPermissionsDTO = new DataSetRowPermissionsDTO(); - dataSetRowPermissionsDTO.setDatasetId(datasetId); - dataSetRowPermissionsDTO.setAuthTargetIds(Collections.singletonList(userId)); - dataSetRowPermissionsDTO.setAuthTargetType("user"); - datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO)); - dataSetRowPermissionsDTO.setAuthTargetIds(roleIds); - dataSetRowPermissionsDTO.setAuthTargetType("role"); - datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO)); - dataSetRowPermissionsDTO.setAuthTargetIds(Collections.singletonList(deptId)); - dataSetRowPermissionsDTO.setAuthTargetType("dept"); - datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO)); - return datasetRowPermissions; - } - - private DatasetTableField getFieldById(List fields, String fieldId) { - DatasetTableField field = null; - for (DatasetTableField datasetTableField : fields) { - if (fieldId.equalsIgnoreCase(datasetTableField.getId())) { - field = datasetTableField; - } - } - return field; - } - - public List getCustomFilters(List fields, DatasetTable datasetTable, Long user) { - List customFilter = new ArrayList<>(); - for (DatasetRowPermissions datasetRowPermissions : rowPermissions(datasetTable.getId(), user)) { - ChartFieldCustomFilterDTO dto = new ChartFieldCustomFilterDTO(); - if (StringUtils.isEmpty(datasetRowPermissions.getDatasetFieldId())) { - continue; - } - DatasetTableField field = getFieldById(fields, datasetRowPermissions.getDatasetFieldId()); - if (field == null) { - continue; - } - dto.setField(field); - dto.setId(field.getId()); - dto.setFilterType(datasetRowPermissions.getFilterType()); - if (datasetRowPermissions.getFilterType().equalsIgnoreCase("logic")) { - if (StringUtils.isEmpty(datasetRowPermissions.getFilter())) { - continue; - } - List lists = JSONObject.parseArray(datasetRowPermissions.getFilter(), ChartCustomFilterItemDTO.class); - lists.forEach(chartCustomFilterDTO -> { - chartCustomFilterDTO.setFieldId(field.getId()); - }); - dto.setFilter(lists); - dto.setLogic(datasetRowPermissions.getLogic()); - customFilter.add(dto); - } else { - if (StringUtils.isEmpty(datasetRowPermissions.getEnumCheckField())) { - continue; - } - dto.setEnumCheckField(Arrays.asList(datasetRowPermissions.getEnumCheckField().split(",").clone())); - customFilter.add(dto); - } - } - return customFilter; - } public Map getPreviewData(DataSetTableRequest dataSetTableRequest, Integer page, Integer pageSize, List extFields) throws Exception { Map map = new HashMap<>(); @@ -560,7 +448,11 @@ public class DataSetTableService { return map; } DatasetTable datasetTable = datasetTableMapper.selectByPrimaryKey(dataSetTableRequest.getId()); - List customFilter = getCustomFilters(fields, datasetTable, null); + //列权限 + List desensitizationList = new ArrayList<>(); + fields = permissionService.filterColumnPermissons(fields, desensitizationList, datasetTable, null); + //行权限 + List customFilter = permissionService.getCustomFilters(fields, datasetTable, null); String[] fieldArray = fields.stream().map(DatasetTableField::getDataeaseName).toArray(String[]::new); DataTableInfoDTO dataTableInfoDTO = new Gson().fromJson(dataSetTableRequest.getInfo(), DataTableInfoDTO.class); @@ -873,7 +765,11 @@ public class DataSetTableService { jsonArray = data.stream().map(ele -> { Map tmpMap = new HashMap<>(); for (int i = 0; i < ele.length; i++) { - tmpMap.put(fieldArray[i], ele[i]); + if (desensitizationList.contains(fieldArray[i])) { + tmpMap.put(fieldArray[i], Desensitization_desc); + } else { + tmpMap.put(fieldArray[i], ele[i]); + } } return tmpMap; }).collect(Collectors.toList()); diff --git a/backend/src/main/java/io/dataease/service/dataset/PermissionService.java b/backend/src/main/java/io/dataease/service/dataset/PermissionService.java new file mode 100644 index 0000000000..f82898b949 --- /dev/null +++ b/backend/src/main/java/io/dataease/service/dataset/PermissionService.java @@ -0,0 +1,202 @@ +package io.dataease.service.dataset; + +import com.alibaba.fastjson.JSONObject; +import io.dataease.auth.api.dto.CurrentRoleDto; +import io.dataease.auth.api.dto.CurrentUserDto; +import io.dataease.auth.entity.SysUserEntity; +import io.dataease.auth.service.AuthUserService; +import io.dataease.base.domain.DatasetTable; +import io.dataease.base.domain.DatasetTableField; +import io.dataease.commons.constants.ColumnPermissionConstants; +import io.dataease.commons.utils.AuthUtils; +import io.dataease.dto.chart.ChartCustomFilterItemDTO; +import io.dataease.dto.chart.ChartFieldCustomFilterDTO; +import io.dataease.plugins.config.SpringContextUtil; +import io.dataease.plugins.xpack.auth.dto.request.*; +import io.dataease.plugins.xpack.auth.service.ColumnPermissionService; +import io.dataease.plugins.xpack.auth.service.RowPermissionService; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.stereotype.Service; + +import javax.annotation.Resource; +import java.util.*; +import java.util.stream.Collectors; + +@Service +public class PermissionService { + @Resource + private AuthUserService authUserService; + + public List getCustomFilters(List fields, DatasetTable datasetTable, Long user) { + List customFilter = new ArrayList<>(); + for (DatasetRowPermissions datasetRowPermissions : rowPermissions(datasetTable.getId(), user)) { + ChartFieldCustomFilterDTO dto = new ChartFieldCustomFilterDTO(); + if (StringUtils.isEmpty(datasetRowPermissions.getDatasetFieldId())) { + continue; + } + DatasetTableField field = getFieldById(fields, datasetRowPermissions.getDatasetFieldId()); + if (field == null) { + continue; + } + dto.setField(field); + dto.setId(field.getId()); + dto.setFilterType(datasetRowPermissions.getFilterType()); + if (datasetRowPermissions.getFilterType().equalsIgnoreCase("logic")) { + if (StringUtils.isEmpty(datasetRowPermissions.getFilter())) { + continue; + } + List lists = JSONObject.parseArray(datasetRowPermissions.getFilter(), ChartCustomFilterItemDTO.class); + lists.forEach(chartCustomFilterDTO -> { + chartCustomFilterDTO.setFieldId(field.getId()); + }); + dto.setFilter(lists); + dto.setLogic(datasetRowPermissions.getLogic()); + customFilter.add(dto); + } else { + if (StringUtils.isEmpty(datasetRowPermissions.getEnumCheckField())) { + continue; + } + dto.setEnumCheckField(Arrays.asList(datasetRowPermissions.getEnumCheckField().split(",").clone())); + customFilter.add(dto); + } + } + return customFilter; + } + + public List filterColumnPermissons(List fields, ListdesensitizationList, DatasetTable datasetTable, Long user){ + List result = new ArrayList<>(); + List allColumnPermissionItems = new ArrayList<>(); + for (DataSetColumnPermissionsDTO dataSetColumnPermissionsDTO : columnPermissions(datasetTable.getId(), user)) { + ColumnPermissions columnPermissions = JSONObject.parseObject(dataSetColumnPermissionsDTO.getPermissions(), ColumnPermissions.class); + if(!columnPermissions.getEnable()){continue;} + allColumnPermissionItems.addAll(columnPermissions.getColumns().stream().filter(columnPermissionItem -> columnPermissionItem.getSelected()).collect(Collectors.toList())); + } + fields.forEach(field ->{ + List permissions = allColumnPermissionItems.stream().filter(columnPermissionItem -> columnPermissionItem.getId().equalsIgnoreCase(field.getId())).map(ColumnPermissionItem::getOpt).collect(Collectors.toList()); + if(CollectionUtils.isEmpty(permissions)){ + result.add(field); + }else { + if(!permissions.contains(ColumnPermissionConstants.Prohibit)){ + desensitizationList.add(field.getDataeaseName()); + result.add(field); + } + } + }); + return result; + } + + + private List rowPermissions(String datasetId, Long userId) { + List datasetRowPermissions = new ArrayList<>(); + Map beansOfType = SpringContextUtil.getApplicationContext().getBeansOfType((RowPermissionService.class)); + if (beansOfType.keySet().size() == 0) { + return new ArrayList<>(); + } + RowPermissionService rowPermissionService = SpringContextUtil.getBean(RowPermissionService.class); + CurrentUserDto user = AuthUtils.getUser(); + List roleIds = new ArrayList<>(); + Long deptId = null; + + if (user == null && userId == null) { + return datasetRowPermissions; + } + + if (user != null && userId != null) { + return datasetRowPermissions; + } + + if (user != null) { + if (user.getIsAdmin()) { + return datasetRowPermissions; + } + userId = user.getUserId(); + deptId = user.getDeptId(); + roleIds = user.getRoles().stream().map(CurrentRoleDto::getId).collect(Collectors.toList()); + } + + if (userId != null) { + SysUserEntity userEntity = authUserService.getUserById(userId); + if (userEntity.getIsAdmin()) { + return datasetRowPermissions; + } + deptId = userEntity.getDeptId(); + roleIds = authUserService.roles(userId).stream().map(r -> Long.valueOf(r)).collect(Collectors.toList()); + } + + + DataSetRowPermissionsDTO dataSetRowPermissionsDTO = new DataSetRowPermissionsDTO(); + dataSetRowPermissionsDTO.setDatasetId(datasetId); + dataSetRowPermissionsDTO.setAuthTargetIds(Collections.singletonList(userId)); + dataSetRowPermissionsDTO.setAuthTargetType("user"); + datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO)); + dataSetRowPermissionsDTO.setAuthTargetIds(roleIds); + dataSetRowPermissionsDTO.setAuthTargetType("role"); + datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO)); + dataSetRowPermissionsDTO.setAuthTargetIds(Collections.singletonList(deptId)); + dataSetRowPermissionsDTO.setAuthTargetType("dept"); + datasetRowPermissions.addAll(rowPermissionService.searchRowPermissions(dataSetRowPermissionsDTO)); + return datasetRowPermissions; + } + + private List columnPermissions(String datasetId, Long userId) { + List datasetColumnPermissions = new ArrayList<>(); + Map beansOfType = SpringContextUtil.getApplicationContext().getBeansOfType((ColumnPermissionService.class)); + if (beansOfType.keySet().size() == 0) { + return new ArrayList<>(); + } + ColumnPermissionService columnPermissionService = SpringContextUtil.getBean(ColumnPermissionService.class); + CurrentUserDto user = AuthUtils.getUser(); + List roleIds = new ArrayList<>(); + Long deptId = null; + + if (user == null && userId == null) { + return datasetColumnPermissions; + } + + if (user != null && userId != null) { + return datasetColumnPermissions; + } + + if (user != null) { + if (user.getIsAdmin()) { + return datasetColumnPermissions; + } + userId = user.getUserId(); + deptId = user.getDeptId(); + roleIds = user.getRoles().stream().map(CurrentRoleDto::getId).collect(Collectors.toList()); + } + + if (userId != null) { + SysUserEntity userEntity = authUserService.getUserById(userId); + if (userEntity.getIsAdmin()) { + return datasetColumnPermissions; + } + deptId = userEntity.getDeptId(); + roleIds = authUserService.roles(userId).stream().map(r -> Long.valueOf(r)).collect(Collectors.toList()); + } + + DataSetColumnPermissionsDTO dataSetColumnPermissionsDTO = new DataSetColumnPermissionsDTO(); + dataSetColumnPermissionsDTO.setDatasetId(datasetId); + dataSetColumnPermissionsDTO.setAuthTargetIds(Collections.singletonList(userId)); + dataSetColumnPermissionsDTO.setAuthTargetType("user"); + datasetColumnPermissions.addAll(columnPermissionService.searchPermissions(dataSetColumnPermissionsDTO)); + dataSetColumnPermissionsDTO.setAuthTargetIds(roleIds); + dataSetColumnPermissionsDTO.setAuthTargetType("role"); + datasetColumnPermissions.addAll(columnPermissionService.searchPermissions(dataSetColumnPermissionsDTO)); + dataSetColumnPermissionsDTO.setAuthTargetIds(Collections.singletonList(deptId)); + dataSetColumnPermissionsDTO.setAuthTargetType("dept"); + datasetColumnPermissions.addAll(columnPermissionService.searchPermissions(dataSetColumnPermissionsDTO)); + return datasetColumnPermissions; + } + + private DatasetTableField getFieldById(List fields, String fieldId) { + DatasetTableField field = null; + for (DatasetTableField datasetTableField : fields) { + if (fieldId.equalsIgnoreCase(datasetTableField.getId())) { + field = datasetTableField; + } + } + return field; + } +} diff --git a/backend/src/main/java/io/dataease/service/dataset/impl/direct/DirectFieldService.java b/backend/src/main/java/io/dataease/service/dataset/impl/direct/DirectFieldService.java index 99fae46150..16090f0b04 100644 --- a/backend/src/main/java/io/dataease/service/dataset/impl/direct/DirectFieldService.java +++ b/backend/src/main/java/io/dataease/service/dataset/impl/direct/DirectFieldService.java @@ -4,20 +4,18 @@ import com.google.gson.Gson; import io.dataease.base.domain.DatasetTable; import io.dataease.base.domain.DatasetTableField; import io.dataease.base.domain.Datasource; +import io.dataease.commons.constants.ColumnPermissionConstants; import io.dataease.commons.utils.CommonBeanFactory; import io.dataease.dto.chart.ChartFieldCustomFilterDTO; import io.dataease.i18n.Translator; import io.dataease.provider.datasource.DatasourceProvider; import io.dataease.provider.ProviderFactory; import io.dataease.controller.request.datasource.DatasourceRequest; +import io.dataease.service.dataset.*; import io.dataease.service.datasource.DatasourceService; import io.dataease.dto.dataset.DataSetTableUnionDTO; import io.dataease.dto.dataset.DataTableInfoDTO; import io.dataease.provider.query.QueryProvider; -import io.dataease.service.dataset.DataSetFieldService; -import io.dataease.service.dataset.DataSetTableFieldsService; -import io.dataease.service.dataset.DataSetTableService; -import io.dataease.service.dataset.DataSetTableUnionService; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang3.ObjectUtils; import org.apache.commons.lang3.StringUtils; @@ -40,32 +38,38 @@ public class DirectFieldService implements DataSetFieldService { private DatasourceService datasourceService; @Resource private DataSetTableUnionService dataSetTableUnionService; + @Resource + private PermissionService permissionService; @Override - public List fieldValues(String fieldId, Long userId) throws Exception{ - List list = dataSetTableFieldsService.getListByIds(new ArrayList() {{ - add(fieldId); - }}); - if (CollectionUtils.isEmpty(list)) return null; + public List fieldValues(String fieldId, Long userId) throws Exception { + DatasetTableField field = dataSetTableFieldsService.selectByPrimaryKey(fieldId); + if (field == null || StringUtils.isEmpty(field.getTableId())) return null; - DatasetTableField field = list.get(0); - String tableId = field.getTableId(); - if (StringUtils.isEmpty(tableId)) return null; - - DatasetTable datasetTable = dataSetTableService.get(tableId); + DatasetTable datasetTable = dataSetTableService.get(field.getTableId()); if (ObjectUtils.isEmpty(datasetTable) || StringUtils.isEmpty(datasetTable.getName())) return null; - String tableName; - DatasetTableField datasetTableField = DatasetTableField.builder().tableId(tableId).checked(Boolean.TRUE).build(); + DatasetTableField datasetTableField = DatasetTableField.builder().tableId(field.getTableId()).checked(Boolean.TRUE).build(); List fields = dataSetTableFieldsService.list(datasetTableField); - List customFilter = dataSetTableService.getCustomFilters(fields, datasetTable, userId); + + //列权限 + List desensitizationList = new ArrayList<>(); + fields = permissionService.filterColumnPermissons(fields, desensitizationList, datasetTable, userId); + + if (CollectionUtils.isNotEmpty(desensitizationList) && desensitizationList.contains(field.getDataeaseName())) { + List results = new ArrayList<>(); + results.add(ColumnPermissionConstants.Desensitization_desc); + return results; + } + //行权限 + List customFilter = permissionService.getCustomFilters(fields, datasetTable, userId); DatasourceRequest datasourceRequest = new DatasourceRequest(); DatasourceProvider datasourceProvider = null; if (datasetTable.getMode() == 0) {// 直连 if (StringUtils.isEmpty(datasetTable.getDataSourceId())) return null; Datasource ds = datasourceService.get(datasetTable.getDataSourceId()); - if(StringUtils.isNotEmpty(ds.getStatus()) && ds.getStatus().equalsIgnoreCase("Error")){ + if (StringUtils.isNotEmpty(ds.getStatus()) && ds.getStatus().equalsIgnoreCase("Error")) { throw new Exception(Translator.get("i18n_invalid_ds")); } datasourceProvider = ProviderFactory.getProvider(ds.getType()); @@ -94,7 +98,7 @@ public class DirectFieldService implements DataSetFieldService { datasourceProvider = ProviderFactory.getProvider(ds.getType()); datasourceRequest = new DatasourceRequest(); datasourceRequest.setDatasource(ds); - tableName = "ds_" + datasetTable.getId().replaceAll("-", "_"); + String tableName = "ds_" + datasetTable.getId().replaceAll("-", "_"); datasourceRequest.setTable(tableName); QueryProvider qp = ProviderFactory.getQueryProvider(ds.getType()); datasourceRequest.setQuery(qp.createQuerySQL(tableName, Collections.singletonList(field), true, null, customFilter)); diff --git a/backend/src/main/resources/db/migration/V31__1.7.sql b/backend/src/main/resources/db/migration/V31__1.7.sql index 1828fc902c..e244d139aa 100644 --- a/backend/src/main/resources/db/migration/V31__1.7.sql +++ b/backend/src/main/resources/db/migration/V31__1.7.sql @@ -1,2 +1,13 @@ +CREATE TABLE `dataset_column_permissions` ( + `id` varchar(64) NOT NULL COMMENT 'File ID', + `auth_target_type` varchar(255) DEFAULT NULL COMMENT '权限类型:组织/角色/用户', + `auth_target_id` bigint(20) DEFAULT NULL COMMENT '权限对象ID', + `dataset_id` varchar(64) DEFAULT NULL COMMENT '数据集ID', + `permissions` longtext DEFAULT NULL COMMENT '权限', + `update_time` bigint(13) NULL DEFAULT NULL, + PRIMARY KEY (`id`) +)ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE utf8mb4_general_ci; + INSERT INTO `sys_menu` (`menu_id`, `pid`, `sub_count`, `type`, `title`, `name`, `component`, `menu_sort`, `icon`, `path`, `i_frame`, `cache`, `hidden`, `permission`, `create_by`, `update_by`, `create_time`, `update_time`) VALUES (61, 0, 0, 1, '首页', 'wizard', 'wizard/index', 0, '', '/wizard', b'1', b'0', b'0', NULL, NULL, NULL, NULL, 1614915491036); INSERT INTO `system_parameter` (`param_key`, `param_value`, `type`, `sort`) VALUES ('ui.openHomePage', 'true', 'boolean', 13); + diff --git a/backend/src/main/resources/generatorConfig.xml b/backend/src/main/resources/generatorConfig.xml index 5de60adbf5..e90877a423 100644 --- a/backend/src/main/resources/generatorConfig.xml +++ b/backend/src/main/resources/generatorConfig.xml @@ -60,6 +60,6 @@ - +
diff --git a/frontend/src/lang/en.js b/frontend/src/lang/en.js index 8a579bc219..fbe407abdf 100644 --- a/frontend/src/lang/en.js +++ b/frontend/src/lang/en.js @@ -1207,7 +1207,21 @@ export default { auth_type: 'Authorization type', auth_obj: 'Authorized object' }, + column_permission: { + add: 'Add', + edit: 'Edit', + please_select_auth_type: 'Please select the authorization type', + please_select_auth_id: '请选择授权目标', + column_permission_not_empty: 'Please select authorization target', + auth_type: 'Authorization type', + auth_obj: 'Authorized object', + enable: 'Enable column permissions', + prohibit: 'Prohibit', + desensitization: 'Desensitization' + }, row_permissions: 'Row Permissions', + column_permissions: '列权限', + row_column_permissions: '行列权限', union_data: 'Union Dataset', add_union_table: 'Add Union Dataset', edit_union: 'Edit Union Dataset', diff --git a/frontend/src/lang/tw.js b/frontend/src/lang/tw.js index a366eefb46..72e5569ddd 100644 --- a/frontend/src/lang/tw.js +++ b/frontend/src/lang/tw.js @@ -1207,7 +1207,21 @@ export default { auth_type: '授權類型', auth_obj: '授權對象' }, + column_permission: { + add: '添加列權限', + edit: '編輯列權限', + please_select_auth_type: '請選餓授權類型', + please_select_auth_id: '請選擇授權目標', + column_permission_not_empty: '列權限不能為空', + auth_type: '授權類型', + auth_obj: '授權對象', + enable: '啟用列權限', + prohibit: '禁用', + desensitization: '脫敏' + }, row_permissions: '行權限', + column_permissions: '列權限', + row_column_permissions: '行列權限', union_data: '關聯數據集', add_union_table: '添加關聯數據集', edit_union: '編輯關聯數據集', diff --git a/frontend/src/lang/zh.js b/frontend/src/lang/zh.js index afb261a586..a758f900f4 100644 --- a/frontend/src/lang/zh.js +++ b/frontend/src/lang/zh.js @@ -1209,7 +1209,22 @@ export default { auth_type: '授权类型', auth_obj: '授权对象' }, + column_permission: { + add: '添加列权限', + edit: '编辑列权限', + please_select_field: '请选择字段', + please_select_auth_type: '请选择授权类型', + please_select_auth_id: '请选择授权目标', + column_permission_not_empty: '列权限不能为空', + auth_type: '授权类型', + auth_obj: '授权对象', + enable: '启用列权限', + prohibit: '禁用', + desensitization: '脱敏' + }, row_permissions: '行权限', + column_permissions: '列权限', + row_column_permissions: '行列权限', union_data: '关联数据集', add_union_table: '添加关联数据集', edit_union: '编辑关联数据集', diff --git a/frontend/src/views/dataset/data/ViewTable.vue b/frontend/src/views/dataset/data/ViewTable.vue index 9642558444..99183cb218 100644 --- a/frontend/src/views/dataset/data/ViewTable.vue +++ b/frontend/src/views/dataset/data/ViewTable.vue @@ -59,6 +59,9 @@ + + +