fix: 非管理员无权访问引擎接口

2025-02-24 19:42:56 +08:00 · 2024-11-07 18:28:53 +08:00 · 2024-11-07 18:28:53 +08:00 · 4758ae8a23
commit 4758ae8a23
parent bf2c3ad840
1 changed files with 18 additions and 3 deletions
--- a/core/core-backend/src/main/java/io/dataease/datasource/server/EngineServer.java
+++ b/core/core-backend/src/main/java/io/dataease/datasource/server/EngineServer.java
@ -1,11 +1,14 @@
 package io.dataease.datasource.server;

+import com.mchange.rmi.NotAuthorizedException;
 import io.dataease.api.ds.EngineApi;
 import io.dataease.datasource.dao.auto.entity.CoreDeEngine;
 import io.dataease.datasource.dao.auto.mapper.CoreDeEngineMapper;
 import io.dataease.datasource.manage.EngineManage;
 import io.dataease.datasource.provider.CalciteProvider;
+import io.dataease.exception.DEException;
 import io.dataease.extensions.datasource.dto.DatasourceDTO;
+import io.dataease.utils.AuthUtils;
 import io.dataease.utils.BeanUtils;
 import io.dataease.utils.IDUtils;
 import jakarta.annotation.Resource;
@ -30,6 +33,9 @@ public class EngineServer implements EngineApi {

    @Override
    public DatasourceDTO getEngine() {
+        if (!AuthUtils.getUser().getUserId().equals(1L)) {
+            DEException.throwException("非管理员，无权访问！");
+        }
        DatasourceDTO datasourceDTO = new DatasourceDTO();
        List<CoreDeEngine> deEngines = deEngineMapper.selectList(null);
        if (CollectionUtils.isEmpty(deEngines)) {
@ -40,23 +46,29 @@ public class EngineServer implements EngineApi {

    @Override
    public void save(DatasourceDTO datasourceDTO) {
+        if (!AuthUtils.getUser().getUserId().equals(1L)) {
+            DEException.throwException("非管理员，无权访问！");
+        }
        if (StringUtils.isNotEmpty(datasourceDTO.getConfiguration())) {
            datasourceDTO.setConfiguration(new String(Base64.getDecoder().decode(datasourceDTO.getConfiguration())));
        }
        CoreDeEngine coreDeEngine = new CoreDeEngine();
        BeanUtils.copyBean(coreDeEngine, datasourceDTO);
-        if(coreDeEngine.getId() == null){
+        if (coreDeEngine.getId() == null) {
            coreDeEngine.setId(IDUtils.snowID());
            datasourceDTO.setId(coreDeEngine.getId());
            deEngineMapper.insert(coreDeEngine);
-        }else {
+        } else {
            deEngineMapper.updateById(coreDeEngine);
        }
        calciteProvider.update(datasourceDTO);
    }

    @Override
-    public void validate(DatasourceDTO datasourceDTO) throws Exception{
+    public void validate(DatasourceDTO datasourceDTO) throws Exception {
+        if (!AuthUtils.getUser().getUserId().equals(1L)) {
+            DEException.throwException("非管理员，无权访问！");
+        }
        CoreDeEngine coreDeEngine = new CoreDeEngine();
        BeanUtils.copyBean(coreDeEngine, datasourceDTO);
        coreDeEngine.setConfiguration(new String(Base64.getDecoder().decode(coreDeEngine.getConfiguration())));
@ -65,6 +77,9 @@ public class EngineServer implements EngineApi {

    @Override
    public void validateById(Long id) throws Exception {
+        if (!AuthUtils.getUser().getUserId().equals(1L)) {
+            DEException.throwException("非管理员，无权访问！");
+        }
        engineManage.validate(deEngineMapper.selectById(id));
    }