From fabb431b7d40ac5f29f9ed97261331c578ed9ee7 Mon Sep 17 00:00:00 2001
From: junjun <junjie.xia@fit2cloud.com>
Date: Wed, 23 Feb 2022 12:10:28 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E8=A7=86=E5=9B=BE?=
 =?UTF-8?q?=E4=B8=AD=E6=95=B0=E6=8D=AE=E9=9B=86=E5=AD=97=E6=AE=B5=E3=80=81?=
 =?UTF-8?q?=E6=95=B0=E6=8D=AE=EF=BC=8C=E6=9C=AA=E5=8F=97=E6=95=B0=E6=8D=AE?=
 =?UTF-8?q?=E9=9B=86=E6=9D=83=E9=99=90=E6=8E=A7=E5=88=B6=E7=9A=84=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../service/chart/ChartViewService.java       | 30 +++++++++++--------
 frontend/src/views/chart/view/ChartEdit.vue   |  2 ++
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/backend/src/main/java/io/dataease/service/chart/ChartViewService.java b/backend/src/main/java/io/dataease/service/chart/ChartViewService.java
index 78a32e13af..003b8ef757 100644
--- a/backend/src/main/java/io/dataease/service/chart/ChartViewService.java
+++ b/backend/src/main/java/io/dataease/service/chart/ChartViewService.java
@@ -18,6 +18,7 @@ import io.dataease.controller.request.datasource.DatasourceRequest;
 import io.dataease.controller.response.ChartDetail;
 import io.dataease.controller.response.DataSetDetail;
 import io.dataease.dto.chart.*;
+import io.dataease.dto.dataset.DataSetTableDTO;
 import io.dataease.dto.dataset.DataSetTableUnionDTO;
 import io.dataease.dto.dataset.DataTableInfoDTO;
 import io.dataease.i18n.Translator;
@@ -43,8 +44,6 @@ import java.util.*;
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.stream.Collectors;
 
-import static io.dataease.commons.constants.ColumnPermissionConstants.Desensitization_desc;
-
 /**
  * @Author gin
  * @Date 2021/3/1 12:34 下午
@@ -243,11 +242,13 @@ public class ChartViewService {
 
         DatasetTableField datasetTableFieldObj = DatasetTableField.builder().tableId(view.getTableId()).checked(Boolean.TRUE).build();
         List<DatasetTableField> fields = dataSetTableFieldsService.list(datasetTableFieldObj);
-        DatasetTable datasetTable = dataSetTableService.get(view.getTableId());
+        // 获取数据集,需校验权限
+        DataSetTableDTO table = dataSetTableService.getWithPermission(view.getTableId());
+        checkPermission("use", table);
 
         //列权限
         List<String> desensitizationList = new ArrayList<>();
-        List<DatasetTableField> columnPermissionFields = permissionService.filterColumnPermissons(fields, desensitizationList, datasetTable.getId(), requestList.getUser());
+        List<DatasetTableField> columnPermissionFields = permissionService.filterColumnPermissons(fields, desensitizationList, table.getId(), requestList.getUser());
         //将没有权限的列删掉
         List<String> dataeaseNames = columnPermissionFields.stream().map(DatasetTableField::getDataeaseName).collect(Collectors.toList());
         dataeaseNames.add("*");
@@ -258,7 +259,7 @@ public class ChartViewService {
 
 
         //行权限
-        List<ChartFieldCustomFilterDTO> rowPermissionFields = permissionService.getCustomFilters(columnPermissionFields, datasetTable, requestList.getUser());
+        List<ChartFieldCustomFilterDTO> rowPermissionFields = permissionService.getCustomFilters(columnPermissionFields, table, requestList.getUser());
         fieldCustomFilter.addAll(rowPermissionFields);
 
         for (ChartFieldCustomFilterDTO ele : fieldCustomFilter) {
@@ -390,11 +391,6 @@ public class ChartViewService {
             }
         }
 
-        // 获取数据集,需校验权限
-        DatasetTable table = dataSetTableService.get(view.getTableId());
-        if (ObjectUtils.isEmpty(table)) {
-            throw new RuntimeException(Translator.get("i18n_dataset_delete_or_no_permission"));
-        }
         // 判断连接方式，直连或者定时抽取 table.mode
         DatasourceRequest datasourceRequest = new DatasourceRequest();
         List<String[]> data = new ArrayList<>();
@@ -1680,9 +1676,9 @@ public class ChartViewService {
         return chartViewMapper.selectByPrimaryKey(id);
     }
 
-    public String chartCopy(String id,String panelId) {
+    public String chartCopy(String id, String panelId) {
         String newChartId = UUID.randomUUID().toString();
-        extChartViewMapper.chartCopy(newChartId, id,panelId);
+        extChartViewMapper.chartCopy(newChartId, id, panelId);
         return newChartId;
     }
 
@@ -1697,4 +1693,14 @@ public class ChartViewService {
             return "NO";
         }
     }
+
+    // check permission
+    private void checkPermission(String needPermission, DataSetTableDTO table) {
+        if (ObjectUtils.isEmpty(table) || ObjectUtils.isEmpty(table.getPrivileges())) {
+            throw new RuntimeException(Translator.get("i18n_dataset_delete_or_no_permission"));
+        }
+        if (!AuthUtils.getUser().getIsAdmin() && !table.getPrivileges().contains(needPermission)) {
+            throw new RuntimeException(Translator.get("i18n_dataset_delete_or_no_permission"));
+        }
+    }
 }
diff --git a/frontend/src/views/chart/view/ChartEdit.vue b/frontend/src/views/chart/view/ChartEdit.vue
index d7a8fb6a66..f80cbd17a6 100644
--- a/frontend/src/views/chart/view/ChartEdit.vue
+++ b/frontend/src/views/chart/view/ChartEdit.vue
@@ -56,6 +56,7 @@
               <div class="padding-lr field-height">
                 <span>{{ $t('chart.dimension') }}</span>
                 <draggable
+                  v-if="table && hasDataPermission('use',table.privileges)"
                   v-model="dimensionData"
                   :options="{group:{name: 'drag',pull:'clone'},sort: true}"
                   animation="300"
@@ -81,6 +82,7 @@
               <div class="padding-lr field-height">
                 <span>{{ $t('chart.quota') }}</span>
                 <draggable
+                  v-if="table && hasDataPermission('use',table.privileges)"
                   v-model="quotaData"
                   :options="{group:{name: 'drag',pull:'clone'},sort: true}"
                   animation="300"