|
@@ -81,17 +81,18 @@ public class CubeDataBrowserService {
|
|
|
@Autowired
|
|
@Autowired
|
|
|
private DialectContext dialectContext;
|
|
private DialectContext dialectContext;
|
|
|
//${系统变量}
|
|
//${系统变量}
|
|
|
- static private final String sql = "where ( ${permissionCubeColumnId1} = ${publicPermission} or ( ${creatorUserCubeColumnId} = ${userId1} ) or ( ${userIdsCubeColumnId} like '%${userId2}${userIdDelimiter}%' and ${permissionCubeColumnId2} = ${privatePermission} ) )";
|
|
|
|
|
|
|
+ static private final String sql = " ( ${permissionCubeColumnId1} = ${publicPermission} or ( ${creatorUserCubeColumnId} = ${userId1} ) or ( ${userIdsCubeColumnId} like '%${userId2}${userIdDelimiter}%' and ${permissionCubeColumnId2} = ${privatePermission} ) )";
|
|
|
//${系统变量}
|
|
//${系统变量}
|
|
|
static private final String permissionCubeColumnId1 = "\\$\\{permissionCubeColumnId1\\}";
|
|
static private final String permissionCubeColumnId1 = "\\$\\{permissionCubeColumnId1\\}";
|
|
|
static private final String publicPermission = "\\$\\{publicPermission\\}";
|
|
static private final String publicPermission = "\\$\\{publicPermission\\}";
|
|
|
static private final String permissionCubeColumnId2 = "\\$\\{permissionCubeColumnId2\\}";
|
|
static private final String permissionCubeColumnId2 = "\\$\\{permissionCubeColumnId2\\}";
|
|
|
static private final String privatePermission = "\\$\\{privatePermission\\}";
|
|
static private final String privatePermission = "\\$\\{privatePermission\\}";
|
|
|
static private final String userIdsCubeColumnId = "\\$\\{userIdsCubeColumnId\\}";
|
|
static private final String userIdsCubeColumnId = "\\$\\{userIdsCubeColumnId\\}";
|
|
|
- static private final String userId1 = "\\$\\{userId\\}";
|
|
|
|
|
- static private final String userId2 = "\\$\\{userId\\}";
|
|
|
|
|
|
|
+ static private final String userId1 = "\\$\\{userId1\\}";
|
|
|
|
|
+ static private final String userId2 = "\\$\\{userId2\\}";
|
|
|
static private final String userIdDelimiter = "\\$\\{userIdDelimiter\\}";
|
|
static private final String userIdDelimiter = "\\$\\{userIdDelimiter\\}";
|
|
|
static private final String creatorUserCubeColumnId = "\\$\\{creatorUserCubeColumnId\\}";
|
|
static private final String creatorUserCubeColumnId = "\\$\\{creatorUserCubeColumnId\\}";
|
|
|
|
|
+
|
|
|
public static void main(String[] args) {
|
|
public static void main(String[] args) {
|
|
|
// 创建一个Pattern对象,并编译一个正则表达式,用于匹配方括号内的内容
|
|
// 创建一个Pattern对象,并编译一个正则表达式,用于匹配方括号内的内容
|
|
|
Pattern pattern = Pattern.compile(permissionCubeColumnId1);
|
|
Pattern pattern = Pattern.compile(permissionCubeColumnId1);
|
|
@@ -104,6 +105,7 @@ public class CubeDataBrowserService {
|
|
|
System.out.println(s);
|
|
System.out.println(s);
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
+
|
|
|
/**
|
|
/**
|
|
|
* @param
|
|
* @param
|
|
|
* @param cubeId
|
|
* @param cubeId
|
|
@@ -152,9 +154,6 @@ public class CubeDataBrowserService {
|
|
|
List<String> conditionSqlList = new ArrayList<String>();
|
|
List<String> conditionSqlList = new ArrayList<String>();
|
|
|
Map<String, String> conditionSqlMap = new HashMap<>();
|
|
Map<String, String> conditionSqlMap = new HashMap<>();
|
|
|
String rowPermissionSql = sql;
|
|
String rowPermissionSql = sql;
|
|
|
- if (rowPermissionParam == null) {
|
|
|
|
|
- rowPermissionSql = " where ";
|
|
|
|
|
- }
|
|
|
|
|
Map<String, List<Object>> extraParams = querySqlService.buildGlobalParams(null, bladeUser);
|
|
Map<String, List<Object>> extraParams = querySqlService.buildGlobalParams(null, bladeUser);
|
|
|
// 行/列 权限
|
|
// 行/列 权限
|
|
|
CubePermParseDto cubePermParseDto = cubeDataPermissionService.parseCubePermission(cubeId, bladeUser);
|
|
CubePermParseDto cubePermParseDto = cubeDataPermissionService.parseCubePermission(cubeId, bladeUser);
|
|
@@ -190,7 +189,7 @@ public class CubeDataBrowserService {
|
|
|
// BrowserParam browserParam = CollectionUtil.isNotEmpty(paramList) ? .findFirst().orElse(null) : null;
|
|
// BrowserParam browserParam = CollectionUtil.isNotEmpty(paramList) ? .findFirst().orElse(null) : null;
|
|
|
//开启表单行权限
|
|
//开启表单行权限
|
|
|
if (rowPermissionParam != null) {
|
|
if (rowPermissionParam != null) {
|
|
|
- replaceRowPermissionParam(rowPermissionParam, column, queryColumnName,rowPermissionSql);
|
|
|
|
|
|
|
+ rowPermissionSql = replaceRowPermissionParam(rowPermissionParam, column, queryColumnName, rowPermissionSql);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
List<BrowserParam> collect = paramList.stream().filter(item -> item.getCubeColumnId().equals(column.getId())).collect(Collectors.toList());
|
|
List<BrowserParam> collect = paramList.stream().filter(item -> item.getCubeColumnId().equals(column.getId())).collect(Collectors.toList());
|
|
@@ -223,11 +222,23 @@ public class CubeDataBrowserService {
|
|
|
if (StrUtil.isNotBlank(cubePermParseDto.getFilterSql())) {
|
|
if (StrUtil.isNotBlank(cubePermParseDto.getFilterSql())) {
|
|
|
conditionSqlList.add(cubePermParseDto.getFilterSql());
|
|
conditionSqlList.add(cubePermParseDto.getFilterSql());
|
|
|
}
|
|
}
|
|
|
- // 拼接查询条件
|
|
|
|
|
- if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
- querySqlBuilder.append(rowPermissionSql).append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
|
|
+ // 拼接行权限条件
|
|
|
|
|
+ if (rowPermissionParam != null) {
|
|
|
|
|
+ querySqlBuilder.append(" where ").append(rowPermissionSql);
|
|
|
|
|
+ // 拼接查询条件
|
|
|
|
|
+ if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
+ querySqlBuilder.append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ // 拼接行权限条件
|
|
|
|
|
+ if (rowPermissionParam == null) {
|
|
|
|
|
+ // 拼接查询条件
|
|
|
|
|
+ if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
+ querySqlBuilder.append(" where ").append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+
|
|
|
// ID和别名Map
|
|
// ID和别名Map
|
|
|
Map<Integer, String> columnDict = columnList.stream().collect(Collectors.toMap(CubeTableColumn::getId, CubeTableColumn::getColumnAliasName));
|
|
Map<Integer, String> columnDict = columnList.stream().collect(Collectors.toMap(CubeTableColumn::getId, CubeTableColumn::getColumnAliasName));
|
|
|
|
|
|
|
@@ -236,26 +247,27 @@ public class CubeDataBrowserService {
|
|
|
return new CubeBrowserSqlModel(querySqlBuilder.toString(), columnDict);
|
|
return new CubeBrowserSqlModel(querySqlBuilder.toString(), columnDict);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- private static void replaceRowPermissionParam(RowPermissionParam rowPermissionParam, CubeTableColumn column, String queryColumnName,String rowPermissionSql) {
|
|
|
|
|
|
|
+ private static String replaceRowPermissionParam(RowPermissionParam rowPermissionParam, CubeTableColumn column, String queryColumnName, String rowPermissionSql) {
|
|
|
|
|
|
|
|
if (rowPermissionParam.getPermissionCubeColumnId().equals(column.getId())) {
|
|
if (rowPermissionParam.getPermissionCubeColumnId().equals(column.getId())) {
|
|
|
- replaceSql(permissionCubeColumnId1,queryColumnName, rowPermissionSql);
|
|
|
|
|
- replaceSql(publicPermission,rowPermissionParam.getPublicPermission(), rowPermissionSql);
|
|
|
|
|
- replaceSql(permissionCubeColumnId2,queryColumnName, rowPermissionSql);
|
|
|
|
|
- replaceSql(privatePermission,rowPermissionParam.getPrivatePermission(), rowPermissionSql);
|
|
|
|
|
|
|
+ rowPermissionSql = replaceSql(permissionCubeColumnId1, queryColumnName, rowPermissionSql);
|
|
|
|
|
+ rowPermissionSql = replaceSql(publicPermission, rowPermissionParam.getPublicPermission(), rowPermissionSql);
|
|
|
|
|
+ rowPermissionSql = replaceSql(permissionCubeColumnId2, queryColumnName, rowPermissionSql);
|
|
|
|
|
+ rowPermissionSql = replaceSql(privatePermission, rowPermissionParam.getPrivatePermission(), rowPermissionSql);
|
|
|
}
|
|
}
|
|
|
if (rowPermissionParam.getUserIdsCubeColumnId().equals(column.getId())) {
|
|
if (rowPermissionParam.getUserIdsCubeColumnId().equals(column.getId())) {
|
|
|
- replaceSql(userIdsCubeColumnId,queryColumnName, rowPermissionSql);
|
|
|
|
|
- replaceSql(userId2,AuthUtil.getUserId()+"", rowPermissionSql);
|
|
|
|
|
- replaceSql(userIdDelimiter,rowPermissionParam.getUserIdDelimiter(), rowPermissionSql);
|
|
|
|
|
|
|
+ rowPermissionSql = replaceSql(userIdsCubeColumnId, queryColumnName, rowPermissionSql);
|
|
|
|
|
+ rowPermissionSql = replaceSql(userId2, AuthUtil.getUserId() + "", rowPermissionSql);
|
|
|
|
|
+ rowPermissionSql = replaceSql(userIdDelimiter, rowPermissionParam.getUserIdDelimiter(), rowPermissionSql);
|
|
|
}
|
|
}
|
|
|
if (rowPermissionParam.getCreatorUserCubeColumnId().equals(column.getId())) {
|
|
if (rowPermissionParam.getCreatorUserCubeColumnId().equals(column.getId())) {
|
|
|
- replaceSql(creatorUserCubeColumnId,queryColumnName, rowPermissionSql);
|
|
|
|
|
- replaceSql(userId1,AuthUtil.getUserId()+"", rowPermissionSql);
|
|
|
|
|
|
|
+ rowPermissionSql = replaceSql(creatorUserCubeColumnId, queryColumnName, rowPermissionSql);
|
|
|
|
|
+ rowPermissionSql = replaceSql(userId1, AuthUtil.getUserId() + "", rowPermissionSql);
|
|
|
}
|
|
}
|
|
|
|
|
+ return rowPermissionSql;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- private static void replaceSql(String rex, String value, String rowPermissionSql) {
|
|
|
|
|
|
|
+ private static String replaceSql(String rex, String value, String rowPermissionSql) {
|
|
|
// 创建一个Pattern对象,并编译一个正则表达式,用于匹配方括号内的内容
|
|
// 创建一个Pattern对象,并编译一个正则表达式,用于匹配方括号内的内容
|
|
|
Pattern pattern = Pattern.compile(rex);
|
|
Pattern pattern = Pattern.compile(rex);
|
|
|
// 创建Matcher对象
|
|
// 创建Matcher对象
|
|
@@ -265,6 +277,7 @@ public class CubeDataBrowserService {
|
|
|
// 将匹配到的文本(不包括方括号)添加到List中
|
|
// 将匹配到的文本(不包括方括号)添加到List中
|
|
|
rowPermissionSql = rowPermissionSql.replace(matcher.group(), value);
|
|
rowPermissionSql = rowPermissionSql.replace(matcher.group(), value);
|
|
|
}
|
|
}
|
|
|
|
|
+ return rowPermissionSql;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
public CubeBrowserSqlModel buildSqlNotParamCondition(Integer cubeId,
|
|
public CubeBrowserSqlModel buildSqlNotParamCondition(Integer cubeId,
|
|
@@ -344,7 +357,7 @@ public class CubeDataBrowserService {
|
|
|
selectSqlList.add(selectColumnName + " as \"" + column.getColumnAliasName() + "\"");
|
|
selectSqlList.add(selectColumnName + " as \"" + column.getColumnAliasName() + "\"");
|
|
|
//开启表单行权限
|
|
//开启表单行权限
|
|
|
if (rowPermissionParam != null) {
|
|
if (rowPermissionParam != null) {
|
|
|
- replaceRowPermissionParam(rowPermissionParam, column, queryColumnName,rowPermissionSql);
|
|
|
|
|
|
|
+ rowPermissionSql = replaceRowPermissionParam(rowPermissionParam, column, queryColumnName, rowPermissionSql);
|
|
|
}
|
|
}
|
|
|
// 是否包含在查询参数中
|
|
// 是否包含在查询参数中
|
|
|
// BrowserParam browserParam = CollectionUtil.isNotEmpty(paramList) ? paramList.stream().filter(item -> item.getCubeColumnId().equals(column.getId())).findFirst().orElse(null) : null;
|
|
// BrowserParam browserParam = CollectionUtil.isNotEmpty(paramList) ? paramList.stream().filter(item -> item.getCubeColumnId().equals(column.getId())).findFirst().orElse(null) : null;
|
|
@@ -379,14 +392,25 @@ public class CubeDataBrowserService {
|
|
|
if (StrUtil.isNotBlank(cubePermParseDto.getFilterSql())) {
|
|
if (StrUtil.isNotBlank(cubePermParseDto.getFilterSql())) {
|
|
|
conditionSqlList.add(cubePermParseDto.getFilterSql());
|
|
conditionSqlList.add(cubePermParseDto.getFilterSql());
|
|
|
}
|
|
}
|
|
|
- // 拼接查询条件
|
|
|
|
|
- if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
- querySqlBuilder.append(rowPermissionSql).append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
|
|
+ // 拼接行权限条件
|
|
|
|
|
+ if (rowPermissionParam != null) {
|
|
|
|
|
+ querySqlBuilder.append(" where ").append(rowPermissionSql);
|
|
|
|
|
+ // 拼接查询条件
|
|
|
|
|
+ if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
+ querySqlBuilder.append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ // 未开启行权限
|
|
|
|
|
+ if (rowPermissionParam == null) {
|
|
|
|
|
+ // 拼接查询条件
|
|
|
|
|
+ if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
+ querySqlBuilder.append(" where ").append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
// 拼接复杂查询条件
|
|
// 拼接复杂查询条件
|
|
|
if (!conditionSqlMap.isEmpty()) {
|
|
if (!conditionSqlMap.isEmpty()) {
|
|
|
- if (conditionSqlList.isEmpty()) {
|
|
|
|
|
- querySqlBuilder.append(rowPermissionSql);
|
|
|
|
|
|
|
+ if (conditionSqlList.isEmpty() && rowPermissionParam == null) {
|
|
|
|
|
+ querySqlBuilder.append(" where ");
|
|
|
traverseConditions(paramCondition.getConditions(), paramCondition.getRelation(), conditionSqlMap, querySqlBuilder);
|
|
traverseConditions(paramCondition.getConditions(), paramCondition.getRelation(), conditionSqlMap, querySqlBuilder);
|
|
|
} else {
|
|
} else {
|
|
|
querySqlBuilder.append(" AND ");
|
|
querySqlBuilder.append(" AND ");
|
|
@@ -423,7 +447,6 @@ public class CubeDataBrowserService {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
/**
|
|
/**
|
|
|
* @param cubeId
|
|
* @param cubeId
|
|
|
* @param browserRequest
|
|
* @param browserRequest
|
|
@@ -504,7 +527,7 @@ public class CubeDataBrowserService {
|
|
|
selectSqlList.add(selectColumnName + " as \"" + tableColumnAlias + "\"");
|
|
selectSqlList.add(selectColumnName + " as \"" + tableColumnAlias + "\"");
|
|
|
//开启表单行权限
|
|
//开启表单行权限
|
|
|
if (rowPermissionParam != null) {
|
|
if (rowPermissionParam != null) {
|
|
|
- replaceRowPermissionParam(rowPermissionParam, column, queryColumnName,rowPermissionSql);
|
|
|
|
|
|
|
+ rowPermissionSql = replaceRowPermissionParam(rowPermissionParam, column, queryColumnName, rowPermissionSql);
|
|
|
}
|
|
}
|
|
|
// 是否包含在查询参数中
|
|
// 是否包含在查询参数中
|
|
|
// BrowserParam browserParam = CollectionUtil.isNotEmpty(paramList) ? paramList.stream().filter(item -> item.getCubeColumnId().equals(column.getId())).findFirst().orElse(null) : null;
|
|
// BrowserParam browserParam = CollectionUtil.isNotEmpty(paramList) ? paramList.stream().filter(item -> item.getCubeColumnId().equals(column.getId())).findFirst().orElse(null) : null;
|
|
@@ -555,9 +578,20 @@ public class CubeDataBrowserService {
|
|
|
if (StrUtil.isNotBlank(cubePermParseDto.getFilterSql())) {
|
|
if (StrUtil.isNotBlank(cubePermParseDto.getFilterSql())) {
|
|
|
conditionSqlList.add(cubePermParseDto.getFilterSql());
|
|
conditionSqlList.add(cubePermParseDto.getFilterSql());
|
|
|
}
|
|
}
|
|
|
- // 拼接查询条件
|
|
|
|
|
- if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
- querySqlBuilder.append(rowPermissionSql).append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
|
|
+ // 拼接行权限条件
|
|
|
|
|
+ if (rowPermissionParam != null) {
|
|
|
|
|
+ querySqlBuilder.append(" where ").append(rowPermissionSql);
|
|
|
|
|
+ // 拼接查询条件
|
|
|
|
|
+ if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
+ querySqlBuilder.append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ // 未开启行权限
|
|
|
|
|
+ if (rowPermissionParam == null) {
|
|
|
|
|
+ // 拼接查询条件
|
|
|
|
|
+ if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
+ querySqlBuilder.append(" where ").append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
Map<String, String> extColumnDict = new HashMap<>();
|
|
Map<String, String> extColumnDict = new HashMap<>();
|
|
@@ -655,7 +689,7 @@ public class CubeDataBrowserService {
|
|
|
selectSqlList.add(selectColumnName + " as \"" + tableColumnAlias + "\"");
|
|
selectSqlList.add(selectColumnName + " as \"" + tableColumnAlias + "\"");
|
|
|
//开启表单行权限
|
|
//开启表单行权限
|
|
|
if (rowPermissionParam != null) {
|
|
if (rowPermissionParam != null) {
|
|
|
- replaceRowPermissionParam(rowPermissionParam, column, queryColumnName,rowPermissionSql);
|
|
|
|
|
|
|
+ rowPermissionSql = replaceRowPermissionParam(rowPermissionParam, column, queryColumnName, rowPermissionSql);
|
|
|
}
|
|
}
|
|
|
// 是否包含在查询参数中
|
|
// 是否包含在查询参数中
|
|
|
// BrowserParam browserParam = CollectionUtil.isNotEmpty(paramList) ? paramList.stream().filter(item -> item.getCubeColumnId().equals(column.getId())).findFirst().orElse(null) : null;
|
|
// BrowserParam browserParam = CollectionUtil.isNotEmpty(paramList) ? paramList.stream().filter(item -> item.getCubeColumnId().equals(column.getId())).findFirst().orElse(null) : null;
|
|
@@ -708,14 +742,25 @@ public class CubeDataBrowserService {
|
|
|
if (StrUtil.isNotBlank(cubePermParseDto.getFilterSql())) {
|
|
if (StrUtil.isNotBlank(cubePermParseDto.getFilterSql())) {
|
|
|
conditionSqlList.add(cubePermParseDto.getFilterSql());
|
|
conditionSqlList.add(cubePermParseDto.getFilterSql());
|
|
|
}
|
|
}
|
|
|
- // 拼接权限查询条件
|
|
|
|
|
- if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
- querySqlBuilder.append(rowPermissionSql).append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
|
|
+ // 拼接行权限条件
|
|
|
|
|
+ if (rowPermissionParam != null) {
|
|
|
|
|
+ querySqlBuilder.append(" where ").append(rowPermissionSql);
|
|
|
|
|
+ // 拼接查询条件
|
|
|
|
|
+ if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
+ querySqlBuilder.append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ // 未开启行权限
|
|
|
|
|
+ if (rowPermissionParam == null) {
|
|
|
|
|
+ // 拼接查询条件
|
|
|
|
|
+ if (!conditionSqlList.isEmpty()) {
|
|
|
|
|
+ querySqlBuilder.append(" where ").append(String.join(" AND ", conditionSqlList));
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
// 拼接复杂查询条件
|
|
// 拼接复杂查询条件
|
|
|
if (!conditionSqlMap.isEmpty()) {
|
|
if (!conditionSqlMap.isEmpty()) {
|
|
|
- if (conditionSqlList.isEmpty()) {
|
|
|
|
|
- querySqlBuilder.append(rowPermissionSql);
|
|
|
|
|
|
|
+ if (conditionSqlList.isEmpty()&&rowPermissionParam == null) {
|
|
|
|
|
+ querySqlBuilder.append(" where ");
|
|
|
traverseConditions(paramCondition.getConditions(), paramCondition.getRelation(), conditionSqlMap, querySqlBuilder);
|
|
traverseConditions(paramCondition.getConditions(), paramCondition.getRelation(), conditionSqlMap, querySqlBuilder);
|
|
|
} else {
|
|
} else {
|
|
|
querySqlBuilder.append(" AND ");
|
|
querySqlBuilder.append(" AND ");
|
