From 4758ae8a237da020fb75e02997f8dcdcc9eb4e09 Mon Sep 17 00:00:00 2001 From: taojinlong Date: Thu, 7 Nov 2024 18:28:53 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E9=9D=9E=E7=AE=A1=E7=90=86=E5=91=98?= =?UTF-8?q?=E6=97=A0=E6=9D=83=E8=AE=BF=E9=97=AE=E5=BC=95=E6=93=8E=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../datasource/server/EngineServer.java | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/core/core-backend/src/main/java/io/dataease/datasource/server/EngineServer.java b/core/core-backend/src/main/java/io/dataease/datasource/server/EngineServer.java index 788336f184..5b61fcb4f2 100644 --- a/core/core-backend/src/main/java/io/dataease/datasource/server/EngineServer.java +++ b/core/core-backend/src/main/java/io/dataease/datasource/server/EngineServer.java @@ -1,11 +1,14 @@ package io.dataease.datasource.server; +import com.mchange.rmi.NotAuthorizedException; import io.dataease.api.ds.EngineApi; import io.dataease.datasource.dao.auto.entity.CoreDeEngine; import io.dataease.datasource.dao.auto.mapper.CoreDeEngineMapper; import io.dataease.datasource.manage.EngineManage; import io.dataease.datasource.provider.CalciteProvider; +import io.dataease.exception.DEException; import io.dataease.extensions.datasource.dto.DatasourceDTO; +import io.dataease.utils.AuthUtils; import io.dataease.utils.BeanUtils; import io.dataease.utils.IDUtils; import jakarta.annotation.Resource; @@ -30,6 +33,9 @@ public class EngineServer implements EngineApi { @Override public DatasourceDTO getEngine() { + if (!AuthUtils.getUser().getUserId().equals(1L)) { + DEException.throwException("非管理员,无权访问!"); + } DatasourceDTO datasourceDTO = new DatasourceDTO(); List deEngines = deEngineMapper.selectList(null); if (CollectionUtils.isEmpty(deEngines)) { @@ -40,23 +46,29 @@ public class EngineServer implements EngineApi { @Override public void save(DatasourceDTO datasourceDTO) { + if (!AuthUtils.getUser().getUserId().equals(1L)) { + DEException.throwException("非管理员,无权访问!"); + } if (StringUtils.isNotEmpty(datasourceDTO.getConfiguration())) { datasourceDTO.setConfiguration(new String(Base64.getDecoder().decode(datasourceDTO.getConfiguration()))); } CoreDeEngine coreDeEngine = new CoreDeEngine(); BeanUtils.copyBean(coreDeEngine, datasourceDTO); - if(coreDeEngine.getId() == null){ + if (coreDeEngine.getId() == null) { coreDeEngine.setId(IDUtils.snowID()); datasourceDTO.setId(coreDeEngine.getId()); deEngineMapper.insert(coreDeEngine); - }else { + } else { deEngineMapper.updateById(coreDeEngine); } calciteProvider.update(datasourceDTO); } @Override - public void validate(DatasourceDTO datasourceDTO) throws Exception{ + public void validate(DatasourceDTO datasourceDTO) throws Exception { + if (!AuthUtils.getUser().getUserId().equals(1L)) { + DEException.throwException("非管理员,无权访问!"); + } CoreDeEngine coreDeEngine = new CoreDeEngine(); BeanUtils.copyBean(coreDeEngine, datasourceDTO); coreDeEngine.setConfiguration(new String(Base64.getDecoder().decode(coreDeEngine.getConfiguration()))); @@ -65,6 +77,9 @@ public class EngineServer implements EngineApi { @Override public void validateById(Long id) throws Exception { + if (!AuthUtils.getUser().getUserId().equals(1L)) { + DEException.throwException("非管理员,无权访问!"); + } engineManage.validate(deEngineMapper.selectById(id)); }