dongjunchuan/de
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 非管理员无权访问引擎接口

Browse Source
This commit is contained in:
taojinlong 2024-11-07 18:28:53 +08:00
parent bf2c3ad840
commit 4758ae8a23
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
core/core-backend/src/main/java/io/dataease/datasource/server/EngineServer.java
View File

@ -1,11 +1,14 @@
package io.dataease.datasource.server; package io.dataease.datasource.server;
import com.mchange.rmi.NotAuthorizedException;
import io.dataease.api.ds.EngineApi; import io.dataease.api.ds.EngineApi;
import io.dataease.datasource.dao.auto.entity.CoreDeEngine; import io.dataease.datasource.dao.auto.entity.CoreDeEngine;
import io.dataease.datasource.dao.auto.mapper.CoreDeEngineMapper; import io.dataease.datasource.dao.auto.mapper.CoreDeEngineMapper;
import io.dataease.datasource.manage.EngineManage; import io.dataease.datasource.manage.EngineManage;
import io.dataease.datasource.provider.CalciteProvider; import io.dataease.datasource.provider.CalciteProvider;
import io.dataease.exception.DEException;
import io.dataease.extensions.datasource.dto.DatasourceDTO; import io.dataease.extensions.datasource.dto.DatasourceDTO;
import io.dataease.utils.AuthUtils;
import io.dataease.utils.BeanUtils; import io.dataease.utils.BeanUtils;
import io.dataease.utils.IDUtils; import io.dataease.utils.IDUtils;
import jakarta.annotation.Resource; import jakarta.annotation.Resource;
@ -30,6 +33,9 @@ public class EngineServer implements EngineApi {
@Override @Override
public DatasourceDTO getEngine() { public DatasourceDTO getEngine() {
if (!AuthUtils.getUser().getUserId().equals(1L)) {
DEException.throwException("非管理员,无权访问!");
}
DatasourceDTO datasourceDTO = new DatasourceDTO(); DatasourceDTO datasourceDTO = new DatasourceDTO();
List<CoreDeEngine> deEngines = deEngineMapper.selectList(null); List<CoreDeEngine> deEngines = deEngineMapper.selectList(null);
if (CollectionUtils.isEmpty(deEngines)) { if (CollectionUtils.isEmpty(deEngines)) {
@ -40,23 +46,29 @@ public class EngineServer implements EngineApi {
@Override @Override
public void save(DatasourceDTO datasourceDTO) { public void save(DatasourceDTO datasourceDTO) {
if (!AuthUtils.getUser().getUserId().equals(1L)) {
DEException.throwException("非管理员,无权访问!");
}
if (StringUtils.isNotEmpty(datasourceDTO.getConfiguration())) { if (StringUtils.isNotEmpty(datasourceDTO.getConfiguration())) {
datasourceDTO.setConfiguration(new String(Base64.getDecoder().decode(datasourceDTO.getConfiguration()))); datasourceDTO.setConfiguration(new String(Base64.getDecoder().decode(datasourceDTO.getConfiguration())));
} }
CoreDeEngine coreDeEngine = new CoreDeEngine(); CoreDeEngine coreDeEngine = new CoreDeEngine();
BeanUtils.copyBean(coreDeEngine, datasourceDTO); BeanUtils.copyBean(coreDeEngine, datasourceDTO);
if(coreDeEngine.getId() == null){ if (coreDeEngine.getId() == null) {
coreDeEngine.setId(IDUtils.snowID()); coreDeEngine.setId(IDUtils.snowID());
datasourceDTO.setId(coreDeEngine.getId()); datasourceDTO.setId(coreDeEngine.getId());
deEngineMapper.insert(coreDeEngine); deEngineMapper.insert(coreDeEngine);
}else { } else {
deEngineMapper.updateById(coreDeEngine); deEngineMapper.updateById(coreDeEngine);
} }
calciteProvider.update(datasourceDTO); calciteProvider.update(datasourceDTO);
} }
@Override @Override
public void validate(DatasourceDTO datasourceDTO) throws Exception{ public void validate(DatasourceDTO datasourceDTO) throws Exception {
if (!AuthUtils.getUser().getUserId().equals(1L)) {
DEException.throwException("非管理员,无权访问!");
}
CoreDeEngine coreDeEngine = new CoreDeEngine(); CoreDeEngine coreDeEngine = new CoreDeEngine();
BeanUtils.copyBean(coreDeEngine, datasourceDTO); BeanUtils.copyBean(coreDeEngine, datasourceDTO);
coreDeEngine.setConfiguration(new String(Base64.getDecoder().decode(coreDeEngine.getConfiguration()))); coreDeEngine.setConfiguration(new String(Base64.getDecoder().decode(coreDeEngine.getConfiguration())));
@ -65,6 +77,9 @@ public class EngineServer implements EngineApi {
@Override @Override
public void validateById(Long id) throws Exception { public void validateById(Long id) throws Exception {
if (!AuthUtils.getUser().getUserId().equals(1L)) {
DEException.throwException("非管理员,无权访问!");
}
engineManage.validate(deEngineMapper.selectById(id)); engineManage.validate(deEngineMapper.selectById(id));
} }