diff --git a/backend/src/main/java/io/dataease/service/chart/ChartViewService.java b/backend/src/main/java/io/dataease/service/chart/ChartViewService.java index 78a32e13af..003b8ef757 100644 --- a/backend/src/main/java/io/dataease/service/chart/ChartViewService.java +++ b/backend/src/main/java/io/dataease/service/chart/ChartViewService.java @@ -18,6 +18,7 @@ import io.dataease.controller.request.datasource.DatasourceRequest; import io.dataease.controller.response.ChartDetail; import io.dataease.controller.response.DataSetDetail; import io.dataease.dto.chart.*; +import io.dataease.dto.dataset.DataSetTableDTO; import io.dataease.dto.dataset.DataSetTableUnionDTO; import io.dataease.dto.dataset.DataTableInfoDTO; import io.dataease.i18n.Translator; @@ -43,8 +44,6 @@ import java.util.*; import java.util.concurrent.locks.ReentrantLock; import java.util.stream.Collectors; -import static io.dataease.commons.constants.ColumnPermissionConstants.Desensitization_desc; - /** * @Author gin * @Date 2021/3/1 12:34 下午 @@ -243,11 +242,13 @@ public class ChartViewService { DatasetTableField datasetTableFieldObj = DatasetTableField.builder().tableId(view.getTableId()).checked(Boolean.TRUE).build(); List fields = dataSetTableFieldsService.list(datasetTableFieldObj); - DatasetTable datasetTable = dataSetTableService.get(view.getTableId()); + // 获取数据集,需校验权限 + DataSetTableDTO table = dataSetTableService.getWithPermission(view.getTableId()); + checkPermission("use", table); //列权限 List desensitizationList = new ArrayList<>(); - List columnPermissionFields = permissionService.filterColumnPermissons(fields, desensitizationList, datasetTable.getId(), requestList.getUser()); + List columnPermissionFields = permissionService.filterColumnPermissons(fields, desensitizationList, table.getId(), requestList.getUser()); //将没有权限的列删掉 List dataeaseNames = columnPermissionFields.stream().map(DatasetTableField::getDataeaseName).collect(Collectors.toList()); dataeaseNames.add("*"); @@ -258,7 +259,7 @@ public class ChartViewService { //行权限 - List rowPermissionFields = permissionService.getCustomFilters(columnPermissionFields, datasetTable, requestList.getUser()); + List rowPermissionFields = permissionService.getCustomFilters(columnPermissionFields, table, requestList.getUser()); fieldCustomFilter.addAll(rowPermissionFields); for (ChartFieldCustomFilterDTO ele : fieldCustomFilter) { @@ -390,11 +391,6 @@ public class ChartViewService { } } - // 获取数据集,需校验权限 - DatasetTable table = dataSetTableService.get(view.getTableId()); - if (ObjectUtils.isEmpty(table)) { - throw new RuntimeException(Translator.get("i18n_dataset_delete_or_no_permission")); - } // 判断连接方式,直连或者定时抽取 table.mode DatasourceRequest datasourceRequest = new DatasourceRequest(); List data = new ArrayList<>(); @@ -1680,9 +1676,9 @@ public class ChartViewService { return chartViewMapper.selectByPrimaryKey(id); } - public String chartCopy(String id,String panelId) { + public String chartCopy(String id, String panelId) { String newChartId = UUID.randomUUID().toString(); - extChartViewMapper.chartCopy(newChartId, id,panelId); + extChartViewMapper.chartCopy(newChartId, id, panelId); return newChartId; } @@ -1697,4 +1693,14 @@ public class ChartViewService { return "NO"; } } + + // check permission + private void checkPermission(String needPermission, DataSetTableDTO table) { + if (ObjectUtils.isEmpty(table) || ObjectUtils.isEmpty(table.getPrivileges())) { + throw new RuntimeException(Translator.get("i18n_dataset_delete_or_no_permission")); + } + if (!AuthUtils.getUser().getIsAdmin() && !table.getPrivileges().contains(needPermission)) { + throw new RuntimeException(Translator.get("i18n_dataset_delete_or_no_permission")); + } + } } diff --git a/frontend/src/views/chart/view/ChartEdit.vue b/frontend/src/views/chart/view/ChartEdit.vue index d7a8fb6a66..f80cbd17a6 100644 --- a/frontend/src/views/chart/view/ChartEdit.vue +++ b/frontend/src/views/chart/view/ChartEdit.vue @@ -56,6 +56,7 @@
{{ $t('chart.dimension') }} {{ $t('chart.quota') }}