1. fix bug: data permission and viz permisson

2. update version code

assembly/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <artifactId>davinci-parent_3.01</artifactId>
         <groupId>edp.davinci</groupId>
-        <version>0.3.0-SNAPSHOT</version>
+        <version>0.3.1-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

assembly/src/main/assembly/assembly.xml

@@ -20,7 +20,7 @@
 
 
 <assembly>
-    <id>dist-beta.4</id>
+    <id>dist-beta.5</id>
     <formats>
         <format>zip</format>
     </formats>
@@ -51,7 +51,9 @@
             </directory>
             <outputDirectory>bin</outputDirectory>
             <excludes>
-                <exclude>upgrade.go</exclude>
+                <exclude>upgrade/**</exclude>
+                <exclude>upgrade.*</exclude>
+                <exclude>upgrade-*</exclude>
             </excludes>
         </fileSet>
         <fileSet>
@@ -60,17 +62,19 @@
             </directory>
             <outputDirectory>userfiles</outputDirectory>
             <excludes>
-                <exclude>*</exclude>
+                <exclude>download/**</exclude>
+                <exclude>tempFiles/**</exclude>
             </excludes>
         </fileSet>
         <fileSet>
             <directory>
                 ${project.parent.basedir}/logs
             </directory>
             <outputDirectory>logs</outputDirectory>
-            <excludes>
-                <exclude>*</exclude>
-            </excludes>
+            <includes>
+                <include>sys</include>
+                <include>user</include>
+            </includes>
         </fileSet>
         <fileSet>
             <directory>

bin/start-server.sh

@@ -40,7 +40,7 @@ fi
 
 cd $DAVINCI3_HOME
 TODAY=`date "+%Y-%m-%d"`
-LOG_PATH=$DAVINCI3_HOME/logs/davinci.$TODAY.log
+LOG_PATH=$DAVINCI3_HOME/logs/sys/davinci.$TODAY.log
 nohup java -Dfile.encoding=UTF-8 -cp $JAVA_HOME/lib/*:lib/* edp.DavinciServerApplication > $LOG_PATH  2>&1 &
 
 echo "=========================================="

config/application.yml.example

@@ -20,6 +20,9 @@ server:
   address: 127.0.0.1
   port: 8080
 
+  # servlet:
+  #   context-path:
+
   # Userd for mail and download services, can be empty, careful configuration
   # By default, 'server.address' and 'server.port' is used as the string value.
   # access:
@@ -42,8 +45,10 @@ source:
   max-wait: 6000
   max-active: 10
   break-after-acquire-failure: true
-  connection-error-retry-attempts: 3
+  connection-error-retry-attempts: 0
+
   enable-query-log: false
+  result-limit: 1000000
 
 
 spring:
@@ -113,4 +118,10 @@ spring:
     base:
     domainName:    # domainName 指 企业邮箱后缀，如企业邮箱为：xxx@example.com, 这里值为 '@example.com'
 
-phantomjs_home: $your_phantomjs_path$/phantomjs
+phantomjs_home: $your_phantomjs_path$/phantomjs
+
+data-auth-center:
+  channels:
+    - name:
+      base-url:
+      auth-code:

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>edp.davinci</groupId>
     <artifactId>davinci-parent_3.01</artifactId>
-    <version>0.3.0-SNAPSHOT</version>
+    <version>0.3.1-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <parent>
@@ -175,19 +175,6 @@
                         <!--<include>**/*.css</include>-->
                         <!--<include>**/*.js</include>-->
                     </includes>
-                    <!--<excludes>-->
-                        <!--<exclude>**/CSVFormat.scala</exclude>-->
-                        <!--<exclude>**/CSVWriter.scala</exclude>-->
-                        <!--<exclude>**/Formats.scala</exclude>-->
-                        <!--<exclude>**/Quoting.scala</exclude>-->
-                        <!--<exclude>**/csv/package.scala</exclude>-->
-                        <!--<exclude>**/CSVParser.scala</exclude>-->
-                        <!--<exclude>**/CSVReader.scala</exclude>-->
-                        <!--<exclude>**/LineReader.java</exclude>-->
-                        <!--<exclude>**/MalformedCSVException.scala</exclude>-->
-                        <!--<exclude>**/ReaderLineReader.java</exclude>-->
-                        <!--<exclude>**/SourceLineReader.java</exclude>-->
-                    <!--</excludes>-->
                     <extraExtensions>
                         <scala>java</scala>
                     </extraExtensions>

server/pom.xml

@@ -10,7 +10,7 @@
     <parent>
         <groupId>edp.davinci</groupId>
         <artifactId>davinci-parent_3.01</artifactId>
-        <version>0.3.0-SNAPSHOT</version>
+        <version>0.3.1-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

server/src/main/java/edp/core/utils/FileUtils.java

@@ -190,17 +190,15 @@ public boolean remove(String filePath) {
      * @param dir
      * @return
      */
-    public static boolean deleteDir(File dir) {
-        if (dir.isDirectory()) {
-            String[] children = dir.list();
-            for (int i = 0; i < children.length; i++) {
-                boolean success = deleteDir(new File(dir, children[i]));
-                if (!success) {
-                    return false;
-                }
+    public static void deleteDir(File dir) {
+        if (dir.isFile() || dir.list().length == 0) {
+            dir.delete();
+        } else {
+            for (File f : dir.listFiles()) {
+                deleteDir(f);
             }
+            dir.delete();
         }
-        return dir.delete();
     }
 
     /**

server/src/main/java/edp/davinci/core/common/Constants.java

@@ -131,9 +131,9 @@ public class Constants extends Consts {
 
     public static final String EXCEL_FORMAT_TYPE_KEY = "formatType";
 
-    public static final String REG_SQL_PLACEHOLDER = "[a-zA-Z0-9_.-]+\\s?\\w*[<>!=]*\\s?%s\\w+%s?";
+    public static final String REG_SQL_PLACEHOLDER = "[a-zA-Z0-9_.-[\\u4e00-\\u9fa5]*]+\\s*\\w*[<>!=]*\\s*%s\\w+%s";
 
-    public static final String REG_AUTHVAR = "\\([a-zA-Z0-9_.-]{1,}\\s+\\w*[<>!=]*\\s+\\(?%s\\w+%s\\)?\\s?\\)";
+    public static final String REG_AUTHVAR = "\\([a-zA-Z0-9_.-[\\u4e00-\\u9fa5]*]+\\s*\\w*[<>!=]*\\s*\\(?%s\\w+%s\\)?\\s*\\)";
 
 
     public static final String LDAP_USER_PASSWORD = "LDAP";

server/src/main/java/edp/davinci/core/utils/SqlParseUtils.java

@@ -100,11 +100,10 @@ public SqlEntity parseSql(String sqlStr, List<SqlVariable> variables, String sql
                                 queryParamMap.put(variable.getName().trim(), SqlVariableValueTypeEnum.getValues(variable.getValueType(), variable.getDefaultValues()));
                                 break;
                             case AUTHVARE:
-                                String k = String.join("", String.valueOf(delimiter), variable.getName().trim(), String.valueOf(delimiter));
                                 if (null != variable) {
                                     List<String> v = getAuthVarValue(variable, null);
-                                    if (null != v && v.size() > 0) {
-                                        authParamMap.put(k, v);
+                                    if (null != v) {
+                                        authParamMap.put(variable.getName().trim(), v);
                                     }
                                 }
                                 break;
@@ -171,11 +170,12 @@ public String replaceParams(String sql, Map<String, Object> queryParamMap, Map<S
         }
 
         ST st = new ST(sql, delimiter, delimiter);
+        if (null != authParamMap && authParamMap.size() > 0) {
+            authParamMap.forEach((k, v) -> st.add(k, true));
+        }
         //替换query@var
         if (null != queryParamMap && queryParamMap.size() > 0) {
-            for (String key : queryParamMap.keySet()) {
-                st.add(key, queryParamMap.get(key));
-            }
+            queryParamMap.forEach(st::add);
         }
         sql = st.render();
         return sql;
@@ -236,11 +236,7 @@ private static Map<String, String> getParsedExpression(Set<String> expSet, Map<S
                 continue;
             }
         }
-        if (map.size() > 0) {
-            return map;
-        } else {
-            return null;
-        }
+        return map.size() > 0 ? map : null;
     }
 
     private static String getAuthVarExpression(String srcExpression, Map<String, List<String>> authParamMap, char sqlTempDelimiter) throws Exception {
@@ -272,11 +268,14 @@ private static String getAuthVarExpression(String srcExpression, Map<String, Lis
                 if (null != expList && expList.size() > 0) {
                     String left = operatorMap.get(sqlOperator).get(0);
                     String right = operatorMap.get(sqlOperator).get(expList.size() - 1);
+                    if (right.startsWith(parenthesesStart) && right.endsWith(parenthesesEnd)) {
+                        right = right.substring(1, right.length() - 1);
+                    }
                     if (right.startsWith(delimiter) && right.endsWith(delimiter)) {
                         right = right.substring(1, right.length() - 1);
                     }
-                    if (authParamMap.containsKey(right)) {
-                        List<String> list = authParamMap.get(right);
+                    if (authParamMap.containsKey(right.trim())) {
+                        List<String> list = authParamMap.get(right.trim());
                         if (null != list && list.size() > 0) {
                             StringBuilder expBuilder = new StringBuilder();
                             if (list.size() == 1) {

server/src/main/java/edp/davinci/dao/RelRoleSlideMapper.java

@@ -24,7 +24,7 @@ public interface RelRoleSlideMapper {
             "inner join display d on d.id = s.display_id",
             "where rru.user_id = #{userId} and rrs.visible = 0 and d.project_id = #{projectId}"
     })
-    List<Long> getDisableDisplayByUser(@Param("userId") Long userId, @Param("projectId") Long projectId);
+    List<Long> getDisableSlides(@Param("userId") Long userId, @Param("projectId") Long projectId);
 
     @Select({
             "select role_id from rel_role_slide where slide_id = #{slideId} and visible = 0"

server/src/main/java/edp/davinci/dto/dashboardDto/DashboardDto.java

@@ -26,5 +26,5 @@
 
 @Data
 public class DashboardDto extends Dashboard {
-    private List<Long> roles;
+    private List<Long> roleIds;
 }

server/src/main/java/edp/davinci/dto/projectDto/ProjectPermission.java

@@ -18,6 +18,7 @@
 
 package edp.davinci.dto.projectDto;
 
+import com.alibaba.fastjson.annotation.JSONField;
 import edp.davinci.core.enums.UserPermissionEnum;
 import lombok.Data;
 
@@ -38,6 +39,9 @@ public class ProjectPermission {
 
     private Boolean downloadPermission = false;
 
+    @JSONField(serialize = false)
+    private boolean isProjectMaintainer = false;
+
 
     public ProjectPermission() {
     }
@@ -66,6 +70,7 @@ public static ProjectPermission adminPermission() {
         ProjectPermission permission = new ProjectPermission(UserPermissionEnum.DELETE.getPermission());
         permission.setDownloadPermission(true);
         permission.setSharePermission(true);
+        permission.isProjectMaintainer = true;
         return permission;
     }
 }

server/src/main/java/edp/davinci/dto/viewDto/ViewExecuteParam.java

@@ -30,6 +30,8 @@
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
+import static edp.core.consts.Consts.*;
+
 @Data
 public class ViewExecuteParam {
     private String[] groups;
@@ -102,39 +104,43 @@ public void addExcludeColumn(Set<String> excludeColumns, String jdbcUrl) {
         if (null != excludeColumns && excludeColumns.size() > 0 && null != this.aggregators && this.aggregators.size() > 0) {
             excludeColumns.addAll(this.aggregators.stream()
                     .filter(a -> null != excludeColumns && excludeColumns.size() > 0 && excludeColumns.contains(a.getColumn()))
-                    .map(a -> formatColumn(a.getColumn(), a.getFunc(), jdbcUrl))
+                    .map(a -> formatColumn(a.getColumn(), a.getFunc(), jdbcUrl, true))
                     .collect(Collectors.toSet())
             );
         }
     }
 
     public List<String> getAggregators(String jdbcUrl) {
         if (null != this.aggregators && this.aggregators.size() > 0) {
-            return this.aggregators.stream().map(a -> formatColumn(a.getColumn(), a.getFunc(), jdbcUrl)).collect(Collectors.toList());
+            return this.aggregators.stream().map(a -> formatColumn(a.getColumn(), a.getFunc(), jdbcUrl, false)).collect(Collectors.toList());
         }
         return null;
     }
 
 
-    private String formatColumn(String column, String func, String jdbcUrl) {
-        StringBuilder sb = new StringBuilder();
-        if ("COUNTDISTINCT".equals(func.trim().toUpperCase())) {
-            sb.append("COUNT(").append("DISTINCT").append(" ");
-            sb.append(getField(column, jdbcUrl));
-            sb.append(")");
-            sb.append(" AS ").append(SqlUtils.getAliasPrefix(jdbcUrl)).append("COUNTDISTINCT(");
-            sb.append(column);
-            sb.append(")").append(SqlUtils.getAliasSuffix(jdbcUrl));
+    private String formatColumn(String column, String func, String jdbcUrl, boolean isLable) {
+        if (isLable) {
+            return String.join("", func.trim(), parenthesesStart, column.trim(), parenthesesEnd);
         } else {
-            sb.append(func.trim()).append("(");
-            sb.append(getField(column, jdbcUrl));
-            sb.append(")");
-            sb.append(" AS ").append(SqlUtils.getAliasPrefix(jdbcUrl));
-            sb.append(func.trim()).append("(");
-            sb.append(column);
-            sb.append(")").append(SqlUtils.getAliasSuffix(jdbcUrl));
+            StringBuilder sb = new StringBuilder();
+            if ("COUNTDISTINCT".equals(func.trim().toUpperCase())) {
+                sb.append("COUNT").append(parenthesesStart).append("DISTINCT").append(space);
+                sb.append(getField(column, jdbcUrl));
+                sb.append(parenthesesEnd);
+                sb.append(" AS ").append(SqlUtils.getAliasPrefix(jdbcUrl)).append("COUNTDISTINCT").append(parenthesesStart);
+                sb.append(column);
+                sb.append(parenthesesEnd).append(SqlUtils.getAliasSuffix(jdbcUrl));
+            } else {
+                sb.append(func.trim()).append(parenthesesStart);
+                sb.append(getField(column, jdbcUrl));
+                sb.append(parenthesesEnd);
+                sb.append(" AS ").append(SqlUtils.getAliasPrefix(jdbcUrl));
+                sb.append(func.trim()).append(parenthesesStart);
+                sb.append(column);
+                sb.append(parenthesesEnd).append(SqlUtils.getAliasSuffix(jdbcUrl));
+            }
+            return sb.toString();
         }
-        return sb.toString();
     }
 
     public static String getField(String field, String jdbcUrl) {

server/src/main/java/edp/davinci/service/impl/DashboardPortalServiceImpl.java

@@ -115,7 +115,7 @@ public List<DashboardPortal> getDashboardPortals(Long projectId, User user) thro
         Iterator<DashboardPortal> iterator = dashboardPortals.iterator();
         while (iterator.hasNext()) {
             DashboardPortal portal = iterator.next();
-            if (projectPermission.getVizPermission() == UserPermissionEnum.READ.getPermission() && (disbalePortals.contains(portal.getId()) || !portal.getPublish())) {
+            if (!projectPermission.isProjectMaintainer() && (disbalePortals.contains(portal.getId()) || !portal.getPublish())) {
                 iterator.remove();
             }
         }
@@ -197,8 +197,12 @@ public DashboardPortal updateDashboardPortal(DashboardPortalUpdate dashboardPort
         ProjectDetail projectDetail = projectService.getProjectDetail(dashboardPortal.getProjectId(), user, false);
         ProjectPermission projectPermission = projectService.getProjectPermission(projectDetail, user);
 
+        List<Long> disbalePortals = relRolePortalMapper.getDisablePortalByUser(user.getId(), dashboardPortal.getProjectId());
+
+
         //校验权限
-        if (projectPermission.getVizPermission() < UserPermissionEnum.WRITE.getPermission()) {
+        if (projectPermission.getVizPermission() < UserPermissionEnum.WRITE.getPermission() ||
+                (!projectPermission.isProjectMaintainer() && disbalePortals.contains(dashboardPortal.getId()))) {
             log.info("user {} have not permisson to update widget", user.getUsername());
             throw new UnAuthorizedExecption("you have not permission to update portal");
         }
@@ -286,8 +290,12 @@ public boolean deleteDashboardPortal(Long id, User user) throws NotFoundExceptio
         ProjectDetail projectDetail = projectService.getProjectDetail(dashboardPortal.getProjectId(), user, false);
         ProjectPermission projectPermission = projectService.getProjectPermission(projectDetail, user);
 
+        List<Long> disbalePortals = relRolePortalMapper.getDisablePortalByUser(user.getId(), dashboardPortal.getProjectId());
+
+
         //校验权限
-        if (projectPermission.getVizPermission() < UserPermissionEnum.DELETE.getPermission()) {
+        if (projectPermission.getVizPermission() < UserPermissionEnum.DELETE.getPermission() ||
+                (!projectPermission.isProjectMaintainer() && disbalePortals.contains(dashboardPortal.getId()))) {
             log.info("user {} have not permisson to delete widget", user.getUsername());
             throw new UnAuthorizedExecption("you have not permission to delete portal");
         }