Skip to content

Commit

Permalink
fix bug
Browse files Browse the repository at this point in the history 
1. fix search user by keyword
2. fix get project permission
3. fix post role members
4. create project dto add visibility
  • Loading branch information
@RichardShan
RichardShan committed May 18, 2019
1 parent ee1dceb commit d020e41
Show file tree
Hide file tree
Showing 9 changed files with 101 additions and 102 deletions.
20 changes: 19 additions & 1 deletion server/src/main/java/edp/davinci/core/enums/SqlVariableValueTypeEnum.java
View file
Expand Up @@ -19,6 +19,8 @@

package edp.davinci.core.enums;

import org.apache.commons.lang.StringUtils;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
Expand All @@ -38,7 +40,7 @@ public enum SqlVariableValueTypeEnum {
this.valueType = valueType;
}

public static List<String> getValue(String valueType, List<Object> values) {
public static List<String> getValues(String valueType, List<Object> values) {
if (null == values || values.size() == 0) {
return new ArrayList<>();
}
Expand All @@ -59,4 +61,20 @@ public static List<String> getValue(String valueType, List<Object> values) {
.collect(Collectors.toList());
}


public static Object getValue(String valueType, String value) {
if (!StringUtils.isEmpty(value)) {
switch (SqlVariableValueTypeEnum.valueOf(valueType.toUpperCase())) {
case STRING:
case DATE:
return String.join("", value.startsWith(apostrophe) ? "" : apostrophe, value, value.endsWith(apostrophe) ? "" : apostrophe);
case NUMBER:
return value;
case BOOLEAN:
return Boolean.parseBoolean(value);
}
}
return value;
}

}
6 changes: 3 additions & 3 deletions server/src/main/java/edp/davinci/core/utils/SqlParseUtils.java
View file
Expand Up @@ -97,7 +97,7 @@ public SqlEntity parseSql(String sqlStr, List<SqlVariable> variables, String sql
if (null != typeEnum) {
switch (typeEnum) {
case QUERYVAR:
queryParamMap.put(variable.getName().trim(), SqlVariableValueTypeEnum.getValue(variable.getValueType(), variable.getDefaultValues()));
queryParamMap.put(variable.getName().trim(), SqlVariableValueTypeEnum.getValues(variable.getValueType(), variable.getDefaultValues()));
break;
case AUTHVARE:
String k = String.join("", String.valueOf(delimiter), variable.getName().trim(), String.valueOf(delimiter));
Expand Down Expand Up @@ -127,11 +127,11 @@ public SqlEntity parseSql(String sqlStr, List<SqlVariable> variables, String sql
public List<String> getAuthVarValue(SqlVariable variable, String email) {
SqlVariableChannel channel = variable.getChannel();
if (null == channel) {
return SqlVariableValueTypeEnum.getValue(variable.getValueType(), variable.getDefaultValues());
return SqlVariableValueTypeEnum.getValues(variable.getValueType(), variable.getDefaultValues());
} else if (DacChannelUtil.dacMap.containsKey(channel.getName())) {
List<Object> data = dacChannelUtil.getData(channel.getName(), channel.getBizId().toString(), email);
if (null != data) {
return SqlVariableValueTypeEnum.getValue(variable.getValueType(), data);
return SqlVariableValueTypeEnum.getValues(variable.getValueType(), data);
}
}
return new ArrayList<>();
Expand Down
2 changes: 2 additions & 0 deletions server/src/main/java/edp/davinci/dto/projectDto/ProjectCreat.java
View file
Expand Up @@ -37,4 +37,6 @@ public class ProjectCreat {
private Long orgId;

private String pic;

private boolean visibility;
}
10 changes: 0 additions & 10 deletions server/src/main/java/edp/davinci/service/impl/EmailScheduleServiceImpl.java
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion server/src/main/java/edp/davinci/service/impl/ProjectServiceImpl.java
View file
Expand Up @@ -648,7 +648,7 @@ public ProjectPermission getProjectPermission(ProjectDetail projectDetail, User
return ProjectPermission.adminPermission();
} else {
UserMaxProjectPermission permission = relRoleProjectMapper.getMaxPermission(projectDetail.getId(), user.getId());
if (null != permission) {
if (null != permission && null != permission.getProjectId()) {
return permission;
} else if (projectDetail.getVisibility() && projectDetail.getOrganization().getMemberPermission() > (short) 0) {
return ProjectPermission.previewPermission();
Expand Down
6 changes: 6 additions & 0 deletions server/src/main/java/edp/davinci/service/impl/RoleServiceImpl.java
View file
Expand Up @@ -270,6 +270,12 @@ public List<RelRoleMember> addMembers(Long id, List<Long> memberIds, User user)
throw new UnAuthorizedExecption("Insufficient permissions");
}


if (null == memberIds || memberIds.size() == 0) {
relRoleUserMapper.deleteByRoleId(id);
return null;
}

List<User> members = userMapper.getByIds(memberIds);
if (null == members || members.size() == 0) {
log.info("user ( :{} ) is not found", memberIds);
Expand Down
153 changes: 68 additions & 85 deletions server/src/main/java/edp/davinci/service/impl/ViewServiceImpl.java
View file
Expand Up @@ -34,6 +34,7 @@
import edp.davinci.core.common.Constants;
import edp.davinci.core.enums.LogNameEnum;
import edp.davinci.core.enums.SqlVariableTypeEnum;
import edp.davinci.core.enums.SqlVariableValueTypeEnum;
import edp.davinci.core.enums.UserPermissionEnum;
import edp.davinci.core.model.SqlEntity;
import edp.davinci.core.utils.SqlParseUtils;
Expand Down Expand Up @@ -68,6 +69,8 @@
import java.util.stream.Collectors;

import static edp.core.consts.Consts.minus;
import static edp.davinci.core.enums.SqlVariableTypeEnum.AUTHVARE;
import static edp.davinci.core.enums.SqlVariableTypeEnum.QUERYVAR;

@Slf4j
@Service("viewService")
Expand Down Expand Up @@ -492,23 +495,9 @@ public PaginateWithQueryColumns getResultDataList(boolean isMaintainer, ViewWith
List<SqlVariable> variables = viewWithSource.getVariables();
//解析sql
SqlEntity sqlEntity = sqlParseUtils.parseSql(viewWithSource.getSql(), variables, sqlTempDelimiter);

//行权限
List<SqlVariable> rowVariables = null;

//列权限(只记录被限制访问的字段)
Set<String> excludeColumns = null;

if (!isMaintainer) {
//获取当前用户对该view的行列权限配置
List<RelRoleView> roleViewList = relRoleViewMapper.getByUserAndView(user.getId(), viewWithSource.getId());
rowVariables = getRowVariables(roleViewList, variables);
excludeColumns = getColumnAuth(roleViewList);
}

parseParams(isMaintainer, sqlEntity, executeParam.getParams(), rowVariables, user);

//替换参数
Set<String> excludeColumns = new HashSet<>();
packageParams(isMaintainer, viewWithSource.getId(), sqlEntity, variables, executeParam.getParams(), excludeColumns, user);
String srcSql = sqlParseUtils.replaceParams(sqlEntity.getSql(), sqlEntity.getQuaryParams(), sqlEntity.getAuthParams(), sqlTempDelimiter);

Source source = viewWithSource.getSource();
Expand Down Expand Up @@ -604,24 +593,10 @@ public List<Map<String, Object>> getDistinctValue(Long id, DistinctParam param,
public List<Map<String, Object>> getDistinctValueData(boolean isMaintainer, ViewWithSource viewWithSource, DistinctParam param, User user) throws ServerException {
try {
if (!StringUtils.isEmpty(viewWithSource.getSql())) {
//解析变量
List<SqlVariable> variables = viewWithSource.getVariables();
//解析sql
SqlEntity sqlEntity = sqlParseUtils.parseSql(viewWithSource.getSql(), variables, sqlTempDelimiter);
packageParams(isMaintainer, viewWithSource.getId(), sqlEntity, variables, param.getParams(), null, user);


//行权限
List<SqlVariable> rowVariables = null;

if (!isMaintainer) {
//获取当前用户对该view的行列权限配置
List<RelRoleView> roleViewList = relRoleViewMapper.getByUserAndView(user.getId(), viewWithSource.getId());
rowVariables = getRowVariables(roleViewList, variables);
}

parseParams(isMaintainer, sqlEntity, param.getParams(), rowVariables, user);

//替换参数
String srcSql = sqlParseUtils.replaceParams(sqlEntity.getSql(), sqlEntity.getQuaryParams(), sqlEntity.getAuthParams(), sqlTempDelimiter);

Source source = viewWithSource.getSource();
Expand Down Expand Up @@ -677,13 +652,22 @@ private Set<String> getColumnAuth(List<RelRoleView> roleViewList) {
return null;
}

private List<SqlVariable> getRowVariables(List<RelRoleView> roleViewList, List<SqlVariable> variables) {

private List<SqlVariable> getQueryVariables(List<SqlVariable> variables) {
if (null != variables && variables.size() > 0) {
return variables.stream().filter(v -> QUERYVAR == SqlVariableTypeEnum.typeOf(v.getType())).collect(Collectors.toList());
}
return null;
}

private List<SqlVariable> getAuthVariables(List<RelRoleView> roleViewList, List<SqlVariable> variables) {
if (null != roleViewList && roleViewList.size() > 0 && null != variables && variables.size() > 0) {
List<SqlVariable> list = new ArrayList<>();
Map<String, SqlVariable> map = new HashMap<>();
variables.forEach(v -> map.put(v.getName(), v));

List<SqlVariable> dacVars = variables.stream().filter(v -> null != v.getChannel() && !v.getChannel().getBizId().equals(0L)).collect(Collectors.toList());
List<SqlVariable> authVarables = variables.stream().filter(v -> AUTHVARE == SqlVariableTypeEnum.typeOf(v.getType())).collect(Collectors.toList());
authVarables.forEach(v -> map.put(v.getName(), v));
List<SqlVariable> dacVars = authVarables.stream().filter(v -> null != v.getChannel() && !v.getChannel().getBizId().equals(0L)).collect(Collectors.toList());

roleViewList.forEach(r -> {
if (!StringUtils.isEmpty(r.getRowAuth())) {
Expand All @@ -709,73 +693,72 @@ private List<SqlVariable> getRowVariables(List<RelRoleView> roleViewList, List<S
}


private void parseParams(boolean isMaintaner, SqlEntity sqlEntity, List<Param> paramList, List<SqlVariable> variables, User user) {
//查询参数
if (null != paramList && paramList.size() > 0) {
if (null == sqlEntity.getQuaryParams()) {
sqlEntity.setQuaryParams(new HashMap<>());
private void packageParams(boolean isProjectMaintainer, Long viewId, SqlEntity sqlEntity, List<SqlVariable> variables, List<Param> paramList, Set<String> excludeColumns, User user) {

List<SqlVariable> queryVariables = getQueryVariables(variables);
List<SqlVariable> authVariables = null;

if (!isProjectMaintainer) {
List<RelRoleView> roleViewList = relRoleViewMapper.getByUserAndView(user.getId(), viewId);
authVariables = getAuthVariables(roleViewList, variables);
if (null != excludeColumns) {
excludeColumns.addAll(getColumnAuth(roleViewList));
}
paramList.forEach(p -> sqlEntity.getQuaryParams().put(p.getName().trim(), p.getValue()));
}

//查询参数
if (null != queryVariables && queryVariables.size() > 0 && null != paramList && paramList.size() > 0) {
Map<String, List<SqlVariable>> map = queryVariables.stream().collect(Collectors.groupingBy(SqlVariable::getName));
paramList.forEach(p -> {
if (map.containsKey(p.getName())) {
List<SqlVariable> list = map.get(p.getName());
if (null != list && list.size() > 0) {
SqlVariable v = list.get(list.size() - 1);
sqlEntity.getQuaryParams().put(p.getName().trim(), SqlVariableValueTypeEnum.getValue(v.getValueType(), p.getValue()));
}
}
});
}

//如果当前用户是project的维护者,直接不走行权限
if (isMaintaner) {
if (isProjectMaintainer) {
sqlEntity.setAuthParams(null);
return;
}

//权限参数
if (null != variables) {
List<SqlVariable> list = variables.stream().filter(v -> v.getType().equals(SqlVariableTypeEnum.AUTHVARE.getType())).collect(Collectors.toList());
if (null != list && list.size() > 0) {
ExecutorService executorService = Executors.newFixedThreadPool(8);
CountDownLatch countDownLatch = new CountDownLatch(list.size());
ConcurrentHashMap<String, Set<String>> map = new ConcurrentHashMap<>();
try {
list.forEach(sqlVariable -> executorService.execute(() -> {
if (null != sqlVariable) {
List<String> values = sqlParseUtils.getAuthVarValue(sqlVariable, user.getEmail());
if (map.containsKey(sqlVariable.getName().trim())) {
map.get(sqlVariable.getName().trim()).addAll(values);
} else {
map.put(sqlVariable.getName().trim(), new HashSet<>(values));
}
if (null != authVariables && authVariables.size() > 0) {
ExecutorService executorService = Executors.newFixedThreadPool(8);
CountDownLatch countDownLatch = new CountDownLatch(authVariables.size());
ConcurrentHashMap<String, Set<String>> map = new ConcurrentHashMap<>();
try {
authVariables.forEach(sqlVariable -> executorService.execute(() -> {
if (null != sqlVariable) {
List<String> values = sqlParseUtils.getAuthVarValue(sqlVariable, user.getEmail());
if (map.containsKey(sqlVariable.getName().trim())) {
map.get(sqlVariable.getName().trim()).addAll(values);
} else {
map.put(sqlVariable.getName().trim(), new HashSet<>(values));
}
countDownLatch.countDown();
}));
countDownLatch.await();
} catch (InterruptedException e) {
e.printStackTrace();
} finally {
executorService.shutdown();
}

if (map.size() > 0) {
if (null == sqlEntity.getAuthParams()) {
sqlEntity.setAuthParams(new HashMap<>());
}
map.forEach((k, v) -> sqlEntity.getAuthParams().put(k, new ArrayList<String>(v)));
}
} else {
sqlEntity.setAuthParams(new HashMap<>());
countDownLatch.countDown();
}));
countDownLatch.await();
} catch (InterruptedException e) {
e.printStackTrace();
} finally {
executorService.shutdown();
}
}
}

private Map<String, Object> getQueryParam(SqlEntity sqlEntity, ViewExecuteParam viewExecuteParam) {
Map<String, Object> map = null;
if (null != sqlEntity && null != viewExecuteParam) {
map = new HashMap<>();
if (null != sqlEntity.getQuaryParams() && sqlEntity.getQuaryParams().size() > 0) {
map.putAll(sqlEntity.getQuaryParams());
}
if (null != viewExecuteParam.getParams() && viewExecuteParam.getParams().size() > 0) {
for (Param param : viewExecuteParam.getParams()) {
map.put(param.getName().trim(), param.getValue());
if (map.size() > 0) {
if (null == sqlEntity.getAuthParams()) {
sqlEntity.setAuthParams(new HashMap<>());
}
map.forEach((k, v) -> sqlEntity.getAuthParams().put(k, new ArrayList<String>(v)));
}
} else {
sqlEntity.setAuthParams(new HashMap<>());
}
return map;
}


Expand Down
2 changes: 1 addition & 1 deletion server/src/main/resources/mybatis/mapper/RelRoleProjectMapper.xml
View file
Expand Up @@ -72,7 +72,7 @@


<sql id="userMaxPermissionBaseSql">
SELECT IFNULL(rrp.project_id, 0) as projectId,
SELECT rrp.project_id as projectId,
IFNULL(max(rrp.viz_permission), 0) as vizPermission,
IFNULL(max(rrp.widget_permission), 0) as widgetPermission,
IFNULL(max(rrp.view_permission), 0) as viewPermission,
Expand Down
2 changes: 1 addition & 1 deletion server/src/main/resources/mybatis/mapper/UserMapper.xml
View file
Expand Up @@ -81,7 +81,7 @@
</if>
LOWER(username) like CONCAT(CONCAT('%', LOWER(#{keyword})), '%')
or LOWER(name) like CONCAT(CONCAT('%', LOWER(#{keyword})), '%')
or email like #{keyword}
or LOWER(email) like CONCAT(CONCAT('%', LOWER(#{keyword})), '%')
</select>

<select id="getByIds" resultType="edp.davinci.model.User">
Expand Down

0 comments on commit d020e41

Please sign in to comment.