Merge pull request #1839 from dataease/pr@v1.8@refactor_permission

refactor: 视图权限
2022-02-28 11:23:16 +08:00 · 2022-02-28 11:23:16 +08:00 · cc9a961927
commit cc9a961927
parent a0893ae0e0 64d9471c33
7 changed files with 56 additions and 42 deletions
--- a/backend/src/main/java/io/dataease/controller/chart/ChartViewController.java
+++ b/backend/src/main/java/io/dataease/controller/chart/ChartViewController.java
@ -1,7 +1,10 @@
 package io.dataease.controller.chart;

 import com.github.xiaoymin.knife4j.annotations.ApiSupport;
+import io.dataease.auth.annotation.DePermission;
 import io.dataease.base.domain.ChartViewWithBLOBs;
+import io.dataease.commons.constants.DePermissionType;
+import io.dataease.commons.constants.ResourceAuthLevel;
 import io.dataease.commons.utils.AuthUtils;
 import io.dataease.controller.request.chart.ChartCalRequest;
 import io.dataease.controller.request.chart.ChartExtRequest;
@ -11,10 +14,12 @@ import io.dataease.dto.chart.ChartViewDTO;
 import io.dataease.service.chart.ChartViewService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;

 import javax.annotation.Resource;
+import javax.ws.rs.Path;
 import java.util.List;

 /**
@ -29,52 +34,65 @@ public class ChartViewController {
    @Resource
    private ChartViewService chartViewService;

+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_MANAGE)
    @ApiOperation("保存")
-    @PostMapping("/save")
-    public ChartViewWithBLOBs save(@RequestBody ChartViewWithBLOBs chartViewWithBLOBs) {
+    @PostMapping("/save/{panelId}")
+    public ChartViewWithBLOBs save(@PathVariable String panelId, @RequestBody ChartViewWithBLOBs chartViewWithBLOBs) {
        return chartViewService.save(chartViewWithBLOBs);
    }

+    @ApiIgnore
    @ApiOperation("查询")
    @PostMapping("/list")
    public List<ChartViewDTO> list(@RequestBody ChartViewRequest chartViewRequest) {
        return chartViewService.list(chartViewRequest);
    }

+    @ApiIgnore
    @ApiOperation("查询组")
    @PostMapping("/listAndGroup")
    public List<ChartViewDTO> listAndGroup(@RequestBody ChartViewRequest chartViewRequest) {
        return chartViewService.listAndGroup(chartViewRequest);
    }

+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_VIEW, paramIndex = 1)
    @ApiOperation("详细信息")
-    @PostMapping("/get/{id}")
-    public ChartViewWithBLOBs get(@PathVariable String id) {
+    @PostMapping("/get/{id}/{panelId}")
+    public ChartViewWithBLOBs get(@PathVariable String id, @PathVariable String panelId) {
        return chartViewService.get(id);
    }

+    @ApiIgnore
    @ApiOperation("删除")
    @PostMapping("/delete/{id}")
    public void delete(@PathVariable String id) {
        chartViewService.delete(id);
    }

+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_VIEW, paramIndex = 1)
    @ApiOperation("数据")
-    @PostMapping("/getData/{id}")
-    public ChartViewDTO getData(@PathVariable String id, @RequestBody ChartExtRequest requestList) throws Exception {
+    @PostMapping("/getData/{id}/{panelId}")
+    public ChartViewDTO getData(@PathVariable String id, @PathVariable String panelId, @RequestBody ChartExtRequest requestList) throws Exception {
        return chartViewService.getData(id, requestList);
    }

+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_VIEW, paramIndex = 1)
    @ApiOperation("视图详情")
-    @PostMapping("chartDetail/{id}")
-    public ChartDetail chartDetail(@PathVariable String id) {
+    @PostMapping("chartDetail/{id}/{panelId}")
+    public ChartDetail chartDetail(@PathVariable String id, @PathVariable String panelId) {
        return chartViewService.getChartDetail(id);
    }

+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_MANAGE, paramIndex = 1)
    @ApiOperation("复制")
    @PostMapping("chartCopy/{id}/{panelId}")
    public String chartCopy(@PathVariable String id, @PathVariable String panelId) {
-        return chartViewService.chartCopy(id,panelId);
+        return chartViewService.chartCopy(id, panelId);
    }

    @ApiIgnore
@ -83,26 +101,21 @@ public class ChartViewController {
        return chartViewService.searchAdviceSceneId(panelId);
    }

-    @ApiOperation("根据权限查详情")
-    @PostMapping("/getOneWithPermission/{id}")
-    public ChartViewDTO getOneWithPermission(@PathVariable String id, @RequestBody ChartExtRequest requestList) throws Exception {
-        //如果能获取用户 则添加对应的权限
-        ChartViewDTO dto = chartViewService.getData(id, requestList);
-        return dto;
-    }
-
    @ApiOperation("搜索")
    @PostMapping("search")
    public List<ChartViewDTO> search(@RequestBody ChartViewRequest chartViewRequest) {
        return chartViewService.search(chartViewRequest);
    }

+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.PANEL, level = ResourceAuthLevel.PANNEL_LEVEL_VIEW)
    @ApiOperation("计算结果")
-    @PostMapping("/calcData")
-    public ChartViewDTO calcData(@RequestBody ChartCalRequest request) throws Exception {
+    @PostMapping("/calcData/{panelId}")
+    public ChartViewDTO calcData(@PathVariable String panelId, @RequestBody ChartCalRequest request) throws Exception {
        return chartViewService.calcData(request.getView(), request.getRequestList(), false);
    }

+    @ApiIgnore
    @ApiOperation("验证视图是否使用相同数据集")
    @GetMapping("/checkSameDataSet/{viewIdSource}/{viewIdTarget}")
    public String checkSameDataSet(@PathVariable String viewIdSource, @PathVariable String viewIdTarget) throws Exception {
--- a/frontend/src/api/chart/chart.js
+++ b/frontend/src/api/chart/chart.js
@ -9,16 +9,6 @@ export function post(url, data) {
  })
 }

-export function ajaxGetData(id, data) {
-  return request({
-    url: '/chart/view/getOneWithPermission/' + id,
-    method: 'post',
-    loading: true,
-    hideMsg: true,
-    data
-  })
-}
-
 export function getChartTree(data) {
  return request({
    url: 'api',
@ -60,9 +50,9 @@ export function checkSameDataSet(viewIdSource, viewIdTarget) {
  })
 }

-export function ajaxGetDataOnly(id, data) {
+export function ajaxGetDataOnly(id, panelId, data) {
  return request({
-    url: '/chart/view/getData/' + id,
+    url: '/chart/view/getData/' + id + '/' + panelId,
    method: 'post',
    loading: true,
    hideMsg: true,
--- a/frontend/src/api/panel/panel.js
+++ b/frontend/src/api/panel/panel.js
@ -56,9 +56,9 @@ export function groupTree(data, loading = true, timeout = 60000) {
  })
 }

-export function viewData(id, data) {
+export function viewData(id, panelId, data) {
  return request({
-    url: '/chart/view/getData/' + id,
+    url: '/chart/view/getData/' + id + '/' + panelId,
    method: 'post',
    hideMsg: true,
    data
--- a/frontend/src/components/canvas/custom-component/UserView.vue
+++ b/frontend/src/components/canvas/custom-component/UserView.vue
@ -433,7 +433,7 @@ export default {
          ...this.filter,
          cache: cache
        }
-        method(id, requestInfo).then(response => {
+        method(id, this.panelInfo.id, requestInfo).then(response => {
          // 将视图传入echart组件
          if (response.success) {
            this.chart = response.data
--- a/frontend/src/views/chart/group/Group.vue
+++ b/frontend/src/views/chart/group/Group.vue
@ -423,6 +423,9 @@ export default {
  computed: {
    chartType() {
      return this.view.type
+    },
+    panelInfo() {
+      return this.$store.state.panel.panelInfo
    }
  },
  watch: {
@ -545,7 +548,7 @@ export default {
        if (valid) {
          view.title = view.name
          view.sceneId = view.pid
-          post('/chart/view/save', view).then(response => {
+          post('/chart/view/save/' + this.panelInfo.id, view).then(response => {
            this.closeTable()
            this.$message({
              message: this.$t('dataset.save_success'),
@ -772,7 +775,7 @@ export default {
      view.extBubble = JSON.stringify([])
      this.setChartDefaultOptions(view)
      const _this = this
-      post('/chart/view/save', view).then(response => {
+      post('/chart/view/save/' + this.panelInfo.id, view).then(response => {
        this.closeCreateChart()
        this.$store.dispatch('chart/setTableId', null)
        this.$store.dispatch('chart/setTableId', this.table.id)
@ -905,7 +908,7 @@ export default {
    saveMoveDs() {
      const newSceneId = this.tDs.id
      this.dsForm.sceneId = newSceneId
-      post('/chart/view/save', this.dsForm).then(res => {
+      post('/chart/view/save/' + this.panelInfo.id, this.dsForm).then(res => {
        this.closeMoveDs()
        this.expandedArray.push(newSceneId)
        this.treeNode()
--- a/frontend/src/views/chart/view/ChartEdit.vue
+++ b/frontend/src/views/chart/view/ChartEdit.vue
@ -1191,6 +1191,9 @@ export default {
  computed: {
    chartType() {
      return this.chart.type
+    },
+    panelInfo() {
+      return this.$store.state.panel.panelInfo
    }
  },
  watch: {
@ -1446,7 +1449,7 @@ export default {
      this.hasEdit = true
      const view = this.buildParam(getData, trigger, needRefreshGroup, switchType)
      if (!view) return
-      post('/chart/view/calcData', {
+      post('/chart/view/calcData/' + this.panelInfo.id, {
        view: view,
        requestList: {
          filter: [],
@ -1509,7 +1512,7 @@ export default {
      }
      const view = this.buildParam(true, 'chart', false, false)
      if (!view) return
-      post('/chart/view/save', view).then(response => {
+      post('/chart/view/save/' + this.panelInfo.id, view).then(response => {
        this.getChart(response.data.id)
        this.hasEdit = false
        this.refreshGroup(view)
@ -1524,7 +1527,7 @@ export default {
    getData(id) {
      this.hasEdit = false
      if (id) {
-        ajaxGetDataOnly(id, {
+        ajaxGetDataOnly(id, this.panelInfo.id, {
          filter: [],
          drill: this.drillClickDimensionList
        }).then(response => {
@ -1571,7 +1574,7 @@ export default {
    },
    getChart(id) {
      if (id) {
-        post('/chart/view/get/' + id, {}).then(response => {
+        post('/chart/view/get/' + id + '/' + this.panelInfo.id, {}).then(response => {
          this.initTableData(response.data.tableId)
          this.view = JSON.parse(JSON.stringify(response.data))
          this.view.xaxis = this.view.xaxis ? JSON.parse(this.view.xaxis) : []
--- a/frontend/src/views/dataset/common/DatasetChartDetail.vue
+++ b/frontend/src/views/dataset/common/DatasetChartDetail.vue
@ -122,6 +122,11 @@ export default {
      info: {}
    }
  },
+  computed: {
+    panelInfo() {
+      return this.$store.state.panel.panelInfo
+    }
+  },
  watch: {
    'data': function() {
      this.init()
@ -145,7 +150,7 @@ export default {
            this.info = JSON.parse(res.data.table.info)
          })
        } else if (this.type === 'chart') {
-          post('/chart/view/chartDetail/' + this.data.id, null).then(res => {
+          post('/chart/view/chartDetail/' + this.data.id + '/' + this.panelInfo.id, null).then(res => {
            this.detail = res.data
            this.info = JSON.parse(res.data.table.info)
          })