fix: 修复校验数据集权限

2024-08-02 17:55:22 +08:00 · 2024-08-02 17:55:22 +08:00 · fdca53080d
commit fdca53080d
parent a997a1f5dd
5 changed files with 28 additions and 1 deletions
--- a/core/core-backend/src/main/java/io/dataease/chart/manage/ChartDataManage.java
+++ b/core/core-backend/src/main/java/io/dataease/chart/manage/ChartDataManage.java
@ -114,7 +114,7 @@ public class ChartDataManage {
        dto.setAuthEnum(AuthEnum.READ);
        boolean checked = corePermissionManage.checkAuth(dto);
        if (!checked) {
-            DEException.throwException(Translator.get("i18n_no_datasource_permission"));
+            DEException.throwException(Translator.get("i18n_no_dataset_permission"));
        }

        List<ChartViewFieldDTO> allFields = getAllChartFields(view);
--- a/core/core-backend/src/main/java/io/dataease/dataset/manage/DatasetDataManage.java
+++ b/core/core-backend/src/main/java/io/dataease/dataset/manage/DatasetDataManage.java
@ -4,10 +4,12 @@ import io.dataease.api.chart.dto.DeSortField;
 import io.dataease.api.dataset.dto.*;
 import io.dataease.api.dataset.union.DatasetGroupInfoDTO;
 import io.dataease.api.dataset.union.DatasetTableInfoDTO;
+import io.dataease.api.permissions.auth.dto.BusiPerCheckDTO;
 import io.dataease.api.permissions.dataset.dto.DataSetRowPermissionsTreeDTO;
 import io.dataease.auth.bo.TokenUserBO;
 import io.dataease.chart.utils.ChartDataBuild;
 import io.dataease.commons.utils.SqlparserUtils;
+import io.dataease.constant.AuthEnum;
 import io.dataease.dataset.constant.DatasetTableType;
 import io.dataease.dataset.utils.DatasetUtils;
 import io.dataease.dataset.utils.FieldUtils;
@ -34,6 +36,7 @@ import io.dataease.extensions.view.dto.ChartExtRequest;
 import io.dataease.extensions.view.dto.ColumnPermissionItem;
 import io.dataease.extensions.view.dto.SqlVariableDetails;
 import io.dataease.i18n.Translator;
+import io.dataease.system.manage.CorePermissionManage;
 import io.dataease.utils.AuthUtils;
 import io.dataease.utils.BeanUtils;
 import io.dataease.utils.JsonUtil;
@ -73,6 +76,8 @@ public class DatasetDataManage {
    private DatasetTableSqlLogManage datasetTableSqlLogManage;
    @Autowired(required = false)
    private PluginManageApi pluginManage;
+    @Resource
+    private CorePermissionManage corePermissionManage;

    private static Logger logger = LoggerFactory.getLogger(DatasetDataManage.class);

@ -447,6 +452,15 @@ public class DatasetDataManage {
            List<DatasetTableFieldDTO> allFields = new ArrayList<>();
            // 根据图表计算字段，获取数据集
            Long datasetGroupId = field.getDatasetGroupId();
+
+            // check permission
+            BusiPerCheckDTO dto = new BusiPerCheckDTO();
+            dto.setId(datasetGroupId);
+            dto.setAuthEnum(AuthEnum.READ);
+            boolean checked = corePermissionManage.checkAuth(dto);
+            if (!checked) {
+                DEException.throwException(Translator.get("i18n_no_dataset_permission"));
+            }
            if (field.getChartId() != null) {
                allFields.addAll(datasetTableFieldManage.getChartCalcFields(field.getChartId()));
            }
@ -589,6 +603,16 @@ public class DatasetDataManage {

            // 根据图表计算字段，获取数据集
            Long datasetGroupId = field.getDatasetGroupId();
+
+            // check permission
+            BusiPerCheckDTO dto = new BusiPerCheckDTO();
+            dto.setId(datasetGroupId);
+            dto.setAuthEnum(AuthEnum.READ);
+            boolean checked = corePermissionManage.checkAuth(dto);
+            if (!checked) {
+                DEException.throwException(Translator.get("i18n_no_dataset_permission"));
+            }
+
            if (field.getChartId() != null) {
                allFields.addAll(datasetTableFieldManage.getChartCalcFields(field.getChartId()));
            }
--- a/core/core-backend/src/main/resources/i18n/core_en_US.properties
+++ b/core/core-backend/src/main/resources/i18n/core_en_US.properties
@ -32,6 +32,7 @@ i18n_table_duplicate=Leaf can not duplicated
 i18n_no_column_permission=No column permission
 i18n_fetch_error=SQL execute error,please edit again.
 i18n_no_datasource_permission=No datasource permission
+i18n_no_dataset_permission=No dataset permission
 i18n_not_full=Full join not support.

 i18n_field_circular_ref=Field has Circular Reference
--- a/core/core-backend/src/main/resources/i18n/core_zh_CN.properties
+++ b/core/core-backend/src/main/resources/i18n/core_zh_CN.properties
@ -43,6 +43,7 @@ i18n_table_duplicate=\u76F8\u540C\u8282\u70B9\u9700\u91CD\u65B0\u62D6\u5165\u624
 i18n_no_column_permission=\u6CA1\u6709\u5217\u6743\u9650
 i18n_fetch_error=SQL\u6267\u884C\u5931\u8D25\uFF0C\u8BF7\u68C0\u67E5\u8868\u3001\u5B57\u6BB5\u3001\u5173\u8054\u5173\u7CFB\u7B49\u4FE1\u606F\u662F\u5426\u6B63\u786E\u5E76\u91CD\u65B0\u7F16\u8F91\u3002
 i18n_no_datasource_permission=\u65E0\u6570\u636E\u6E90\u8BBF\u95EE\u6743\u9650
+i18n_no_dataset_permission=\u65e0\u6570\u636e\u96c6\u8bbf\u95ee\u6743\u9650
 i18n_not_full=\u5F53\u524D\u6570\u636E\u6E90\u4E0D\u652F\u6301\u5168\u8FDE\u63A5

 i18n_field_circular_ref=\u5B57\u6BB5\u5B58\u5728\u5FAA\u73AF\u5F15\u7528
--- a/core/core-backend/src/main/resources/i18n/core_zh_TW.properties
+++ b/core/core-backend/src/main/resources/i18n/core_zh_TW.properties
@ -33,6 +33,7 @@ i18n_table_duplicate=\u76F8\u540C\u7BC0\u9EDE\u9700\u91CD\u65B0\u62D6\u5165\u624
 i18n_no_column_permission=\u6C92\u6709\u5217\u6B0A\u9650
 i18n_fetch_error=SQL\u57F7\u884C\u5931\u6557\uFF0C\u8ACB\u6AA2\u67E5\u8868\u3001\u5B57\u6BB5\u3001\u95DC\u806F\u95DC\u7CFB\u7B49\u4FE1\u606F\u662F\u5426\u6B63\u78BA\u4E26\u91CD\u65B0\u7DE8\u8F2F\u3002
 i18n_no_datasource_permission=\u65E0\u6570\u636E\u6E90\u8BBF\u95EE\u6743\u9650
+i18n_no_dataset_permission=\u65e0\u6570\u636e\u96c6\u8bbf\u95ee\u6743\u9650
 i18n_not_full=\u7576\u524D\u6578\u64DA\u6E90\u4E0D\u652F\u6301\u5168\u9023\u63A5

 i18n_field_circular_ref=\u5B57\u6BB5\u5B58\u5728\u5FAA\u74B0\u5F15\u7528