Merge pull request #697 from tianlu-root/master

fix:storyboard permission bug fix
running-elephant · Jan 27, 2022 · df07dbe · df07dbe
2 parents cec6004 + 3ab886a
commit df07dbe
Show file tree

Hide file tree

Showing 8 changed files with 34 additions and 187 deletions.
diff --git a/core/src/main/java/datart/core/base/consts/Const.java b/core/src/main/java/datart/core/base/consts/Const.java
@@ -48,7 +48,7 @@ public class Const {
     public static final String DEFAULT_VARIABLE_QUOTE = "$";
     //变量匹配符
     public static final Pattern VARIABLE_PATTERN = Pattern.compile("\\$\\S+\\$");
-
+    //变量正则模板
     public static final String VARIABLE_PATTERN_TEMPLATE = "\\$%s\\$";
 
     /**

diff --git a/data-providers/src/main/java/datart/data/provider/jdbc/PermissionVariablePlaceholder.java b/data-providers/src/main/java/datart/data/provider/jdbc/PermissionVariablePlaceholder.java
diff --git a/data-providers/src/main/java/datart/data/provider/jdbc/QueryVariablePlaceholder.java b/data-providers/src/main/java/datart/data/provider/jdbc/QueryVariablePlaceholder.java
diff --git a/data-providers/src/main/java/datart/data/provider/jdbc/RegexVariableResolver.java b/data-providers/src/main/java/datart/data/provider/jdbc/RegexVariableResolver.java
@@ -59,6 +59,7 @@ private static VariablePlaceholder createPlaceholder(SqlDialect sqlDialect, Stri
         String variableExpression = tryMatchVariableExpression(sql, variableFragment);
 
         SqlCall sqlCall = parseAsSqlCall(variableExpression, variableFragment);
+
         if (sqlCall == null) {
             return new SimpleVariablePlaceholder(variable, sqlDialect, variableFragment);
         } else {

diff --git a/data-providers/src/main/java/datart/data/provider/jdbc/SimpleVariablePlaceholder.java b/data-providers/src/main/java/datart/data/provider/jdbc/SimpleVariablePlaceholder.java
@@ -55,35 +55,6 @@ public ReplacementPair replacementPair() {
         return new ReplacementPair(originalSqlFragment, formatValue(variable));
     }
 
-    private String formatValue(ScriptVariable variable) {
-        switch (variable.getValueType()) {
-            case NUMERIC:
-            case KEYWORD:
-            case SNIPPET:
-            case FRAGMENT:
-            case IDENTIFIER:
-                return formatWithoutQuote(variable.getValues());
-            default:
-                return formatWithQuote(variable.getValues());
-        }
-    }
-
-    private String formatWithoutQuote(Set<String> values) {
-        if (CollectionUtils.isEmpty(values)) {
-            return "";
-        }
-        return String.join(",", values);
-    }
-
-    private String formatWithQuote(Set<String> values) {
-        if (CollectionUtils.isEmpty(values)) {
-            return "";
-        }
-        return values.stream().map(SqlSimpleStringLiteral::new)
-                .map(node -> SqlNodeUtils.toSql(node, sqlDialect))
-                .collect(Collectors.joining(","));
-    }
-
     @Override
     public int getStartPos() {
         return Integer.MAX_VALUE;

diff --git a/data-providers/src/main/java/datart/data/provider/jdbc/TrueVariablePlaceholder.java b/data-providers/src/main/java/datart/data/provider/jdbc/TrueVariablePlaceholder.java
diff --git a/data-providers/src/main/java/datart/data/provider/script/VariablePlaceholder.java b/data-providers/src/main/java/datart/data/provider/script/VariablePlaceholder.java
@@ -289,11 +289,40 @@ protected ReplacementPair replaceAsSting() {
             Matcher matcher = variablePattern.matcher(originalSqlFragment);
             if (matcher.find()) {
                 String group = matcher.group();
-                SqlNode sqlNode = SqlNodeUtils.toSingleSqlLiteral(variable, SqlParserPos.ZERO);
-                replacement = replacement.replace(group, sqlNode.toSqlString(sqlDialect).getSql());
+                replacement = replacement.replace(group, formatValue(variable));
             }
         }
         return new ReplacementPair(originalSqlFragment, replacement);
     }
 
+    protected String formatValue(ScriptVariable variable) {
+        switch (variable.getValueType()) {
+            case NUMERIC:
+            case KEYWORD:
+            case SNIPPET:
+            case FRAGMENT:
+            case IDENTIFIER:
+                return formatWithoutQuote(variable.getValues());
+            default:
+                return formatWithQuote(variable.getValues());
+        }
+    }
+
+    protected String formatWithoutQuote(Set<String> values) {
+        if (org.springframework.util.CollectionUtils.isEmpty(values)) {
+            return "";
+        }
+        return String.join(",", values);
+    }
+
+    protected String formatWithQuote(Set<String> values) {
+        if (org.springframework.util.CollectionUtils.isEmpty(values)) {
+            return "";
+        }
+        return values.stream().map(SqlSimpleStringLiteral::new)
+                .map(node -> SqlNodeUtils.toSql(node, sqlDialect))
+                .collect(Collectors.joining(","));
+    }
+
+
 }
diff --git a/server/src/main/java/datart/server/service/impl/StoryboardServiceImpl.java b/server/src/main/java/datart/server/service/impl/StoryboardServiceImpl.java
@@ -120,7 +120,7 @@ public void requirePermission(Storyboard storyboard, int permission) {
     }
 
     private boolean hasPermission(Role role, Storyboard storyboard, int permission) {
-        if (storyboard.getId() == null || (permission & Const.CREATE) == permission) {
+        if (storyboard.getId() == null || (permission & Const.CREATE) == Const.CREATE) {
             return securityManager.hasPermission(PermissionHelper.vizPermission(storyboard.getOrgId(), role.getId(), ResourceType.STORYBOARD.name(), permission));
         } else {
             return securityManager.hasPermission(PermissionHelper.vizPermission(storyboard.getOrgId(), role.getId(), storyboard.getId(), permission));