Merge remote-tracking branch 'origin/v1.8' into v1.8

backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java

@@ -134,7 +134,7 @@ public class DePermissionAnnotationHandler {
             return access(o, annotation, ++layer);
         } else {
             // 当作自定义类处理
-            String[] values = value.split("u002E");
+            String[] values = value.split("\\.");
             String fieldName = values[layer];
 
             Object fieldValue = getFieldValue(arg, fieldName);

backend/src/main/java/io/dataease/commons/constants/ResourceAuthLevel.java

@@ -15,7 +15,11 @@ public enum ResourceAuthLevel {
 
     LINK_LEVEL_USE(1),
     LINK_LEVEL_MANAGE(3),
-    LINK_LEVEL_GRANT(15);
+    LINK_LEVEL_GRANT(15),
+
+    DATASOURCE_LEVEL_USE(1),
+    DATASOURCE_LEVEL_MANAGE(3),
+    DATASOURCE_LEVEL_GRANT(15);
 
     private Integer level;
 

backend/src/main/java/io/dataease/config/Knife4jConfiguration.java

@@ -74,7 +74,7 @@ public class Knife4jConfiguration implements BeanPostProcessor{
                 .title("DataEase")
                 .description("人人可用的开源数据可视化分析工具")
                 .termsOfServiceUrl("https://dataease.io")
-                .contact(new Contact("fit2cloud","https://www.fit2cloud.com/dataease/index.html","dataease@fit2cloud.com"))
+                .contact(new Contact("Dataease","https://www.fit2cloud.com/dataease/index.html","dataease@fit2cloud.com"))
                 .version(version)
                 .build();
     }

backend/src/main/java/io/dataease/controller/chart/ChartController.java

-package io.dataease.controller.chart;
-
-import com.alibaba.fastjson.JSON;
-import com.github.xiaoymin.knife4j.annotations.ApiSupport;
-import io.dataease.controller.request.dataset.DataSetTableRequest;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import org.springframework.web.bind.annotation.*;
-
-import java.util.ArrayList;
-import java.util.List;
-
-@Api(tags = "视图：视图管理")
-@ApiSupport(order = 110)
-@RestController
-@RequestMapping("chart/table")
-public class ChartController {
-
-
-    @ApiOperation("查询")
-    @PostMapping("list")
-    public List<JSON> list(@RequestBody DataSetTableRequest dataSetTableRequest) {
-        return new ArrayList<>();
-    }
-
-}

backend/src/main/java/io/dataease/controller/chart/ChartGroupController.java

@@ -21,24 +21,28 @@ public class ChartGroupController {
     @Resource
     private ChartGroupService chartGroupService;
 
+    @ApiIgnore
     @ApiOperation("保存")
     @PostMapping("/save")
     public ChartGroupDTO save(@RequestBody ChartGroup ChartGroup) {
         return chartGroupService.save(ChartGroup);
     }
 
+    @ApiIgnore
     @ApiOperation("查询树")
     @PostMapping("/tree")
     public List<ChartGroupDTO> tree(@RequestBody ChartGroupRequest ChartGroup) {
         return chartGroupService.tree(ChartGroup);
     }
 
+    @ApiIgnore
     @ApiOperation("查询树节点")
     @PostMapping("/treeNode")
     public List<ChartGroupDTO> treeNode(@RequestBody ChartGroupRequest ChartGroup) {
         return chartGroupService.tree(ChartGroup);
     }
 
+    @ApiIgnore
     @ApiOperation("删除")
     @PostMapping("/delete/{id}")
     public void tree(@PathVariable String id) {

backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java

@@ -45,14 +45,13 @@ public class DataSetGroupController {
         return dataSetGroupService.save(datasetGroup);
     }
 
-    @RequiresPermissions("data:read")
-    @ApiOperation("查询树")
+    @ApiIgnore
     @PostMapping("/tree")
     public List<DataSetGroupDTO> tree(@RequestBody DataSetGroupRequest datasetGroup) {
         return dataSetGroupService.tree(datasetGroup);
     }
 
-    @ApiOperation("查询树节点")
+    @ApiIgnore
     @PostMapping("/treeNode")
     public List<DataSetGroupDTO> treeNode(@RequestBody DataSetGroupRequest datasetGroup) {
         return dataSetGroupService.treeNode(datasetGroup);
@@ -72,7 +71,7 @@ public class DataSetGroupController {
         return dataSetGroupService.getScene(id);
     }
 
-    @ApiOperation("检测kettle")
+    @ApiIgnore
     @PostMapping("/isKettleRunning")
     public boolean isKettleRunning() {
         return extractDataService.isKettleRunning();

backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java

@@ -10,9 +10,9 @@ import io.dataease.commons.constants.DePermissionType;
 import io.dataease.commons.constants.ResourceAuthLevel;
 import io.dataease.controller.request.dataset.DataSetTableRequest;
 import io.dataease.controller.response.DataSetDetail;
-import io.dataease.dto.datasource.TableField;
 import io.dataease.dto.dataset.DataSetTableDTO;
 import io.dataease.dto.dataset.ExcelFileData;
+import io.dataease.dto.datasource.TableField;
 import io.dataease.service.dataset.DataSetTableService;
 import io.swagger.annotations.*;
 import org.apache.shiro.authz.annotation.Logical;
@@ -76,6 +76,7 @@ public class DataSetTableController {
         dataSetTableService.alter(request);
     }
 
+    @RequiresPermissions("data:read")
     @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("删除")
     @PostMapping("delete/{id}")
@@ -83,18 +84,23 @@ public class DataSetTableController {
         dataSetTableService.delete(id);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "sceneId")
     @ApiOperation("查询")
     @PostMapping("list")
     public List<DataSetTableDTO> list(@RequestBody DataSetTableRequest dataSetTableRequest) {
         return dataSetTableService.list(dataSetTableRequest);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "sceneId")
     @ApiOperation("查询组")
     @PostMapping("listAndGroup")
     public List<DataSetTableDTO> listAndGroup(@RequestBody DataSetTableRequest dataSetTableRequest) {
         return dataSetTableService.listAndGroup(dataSetTableRequest);
     }
 
+    @RequiresPermissions("data:read")
     @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE)
     @ApiOperation("详息")
     @PostMapping("get/{id}")
@@ -102,54 +108,72 @@ public class DataSetTableController {
         return dataSetTableService.get(id);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE)
     @ApiOperation("带权限查询")
     @PostMapping("getWithPermission/{id}")
     public DataSetTableDTO getWithPermission(@PathVariable String id) {
         return dataSetTableService.getWithPermission(id, null);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId")
     @ApiOperation("查询原始字段")
     @PostMapping("getFields")
     public List<TableField> getFields(@RequestBody DatasetTable datasetTable) throws Exception {
         return dataSetTableService.getFields(datasetTable);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "id")
     @ApiOperation("查询生成字段")
     @PostMapping("getFieldsFromDE")
     public Map<String, List<DatasetTableField>> getFieldsFromDE(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception {
         return dataSetTableService.getFieldsFromDE(dataSetTableRequest);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "id")
     @ApiOperation("查询预览数据")
     @PostMapping("getPreviewData/{page}/{pageSize}")
     public Map<String, Object> getPreviewData(@RequestBody DataSetTableRequest dataSetTableRequest, @PathVariable Integer page, @PathVariable Integer pageSize) throws Exception {
         return dataSetTableService.getPreviewData(dataSetTableRequest, page, pageSize, null);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId")
     @ApiOperation("根据sql查询预览数据")
     @PostMapping("sqlPreview")
     public Map<String, Object> getSQLPreview(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception {
         return dataSetTableService.getSQLPreview(dataSetTableRequest);
     }
 
-    @ApiOperation("客户预览数据")
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_USE, value = "dataSourceId")
+    @ApiOperation("预览自定义数据数据")
     @PostMapping("customPreview")
     public Map<String, Object> customPreview(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception {
         return dataSetTableService.getCustomPreview(dataSetTableRequest);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE, value = "tableId")
     @ApiOperation("查询增量配置")
     @PostMapping("incrementalConfig")
     public DatasetTableIncrementalConfig incrementalConfig(@RequestBody DatasetTableIncrementalConfig datasetTableIncrementalConfig) throws Exception {
         return dataSetTableService.incrementalConfig(datasetTableIncrementalConfig);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE, value = "tableId")
     @ApiOperation("保存增量配置")
     @PostMapping("save/incrementalConfig")
     public void saveIncrementalConfig(@RequestBody DatasetTableIncrementalConfig datasetTableIncrementalConfig) throws Exception {
         dataSetTableService.saveIncrementalConfig(datasetTableIncrementalConfig);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET)
     @ApiOperation("数据集详息")
     @PostMapping("datasetDetail/{id}")
     public DataSetDetail datasetDetail(@PathVariable String id) {
@@ -167,24 +191,31 @@ public class DataSetTableController {
         return dataSetTableService.excelSaveAndParse(file, tableId, editType);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET)
     @ApiOperation("检测doris")
     @PostMapping("checkDorisTableIsExists/{id}")
     public Boolean checkDorisTableIsExists(@PathVariable String id) throws Exception {
         return dataSetTableService.checkDorisTableIsExists(id);
     }
 
+    @RequiresPermissions("data:read")
     @ApiOperation("搜索")
     @PostMapping("search")
     public List<DataSetTableDTO> search(@RequestBody DataSetTableRequest dataSetTableRequest) {
         return dataSetTableService.search(dataSetTableRequest);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("数据集同步表结构")
     @PostMapping("syncField/{id}")
     public DatasetTable syncDatasetTableField(@PathVariable String id) throws Exception {
         return dataSetTableService.syncDatasetTableField(id);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, value = "id")
     @ApiOperation("关联数据集预览数据")
     @PostMapping("unionPreview")
     public Map<String, Object> unionPreview(@RequestBody DataSetTableRequest dataSetTableRequest) throws Exception {

backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java

@@ -4,6 +4,7 @@ import com.auth0.jwt.JWT;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.github.xiaoymin.knife4j.annotations.ApiSupport;
 import io.dataease.auth.annotation.DePermission;
+import io.dataease.auth.annotation.DePermissions;
 import io.dataease.auth.filter.F2CLinkFilter;
 import io.dataease.base.domain.DatasetTable;
 import io.dataease.base.domain.DatasetTableField;
@@ -21,6 +22,8 @@ import io.dataease.service.dataset.PermissionService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.apache.commons.lang3.ObjectUtils;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
@@ -28,6 +31,7 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
 import cn.hutool.core.collection.CollectionUtil;
+import springfox.documentation.annotations.ApiIgnore;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
@@ -54,6 +58,8 @@ public class DataSetTableFieldController {
     @Resource
     private PermissionService permissionService;
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET)
     @ApiOperation("查询表下属字段")
     @PostMapping("list/{tableId}")
     public List<DatasetTableField> list(@PathVariable String tableId) {
@@ -64,6 +70,8 @@ public class DataSetTableFieldController {
         return fields;
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET)
     @ApiOperation("查询表下属字段")
     @PostMapping("listWithPermission/{tableId}")
     public List<DatasetTableField> listWithPermission(@PathVariable String tableId) {
@@ -77,6 +85,8 @@ public class DataSetTableFieldController {
     }
 
     //管理权限，可以列出所有字段
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET)
     @ApiOperation("查询表下属字段")
     @PostMapping("listForPermissionSeting/{tableId}")
     public List<DatasetTableField> listForPermissionSeting(@PathVariable String tableId) {
@@ -87,6 +97,8 @@ public class DataSetTableFieldController {
     }
 
     //管理权限，可以列出所有字段
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET)
     @ApiOperation("分组查询表下属字段")
     @PostMapping("listByDQ/{tableId}")
     public DatasetTableField4Type listByDQ(@PathVariable String tableId) {
@@ -103,12 +115,15 @@ public class DataSetTableFieldController {
         return datasetTableField4Type;
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("批量更新")
     @PostMapping("batchEdit")
     public void batchEdit(@RequestBody List<DatasetTableField> list) {
         dataSetTableFieldsService.batchEdit(list);
     }
 
+    @RequiresPermissions("data:read")
     @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("保存")
     @PostMapping("save")
@@ -126,13 +141,17 @@ public class DataSetTableFieldController {
         return dataSetTableFieldsService.save(datasetTableField);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermissions(value = {
+            @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE, paramIndex = 1)
+    })
     @ApiOperation("删除")
-    @PostMapping("delete/{id}")
-    public void delete(@PathVariable String id) {
+    @PostMapping("delete/{id}/{tableId}")
+    public void delete(@PathVariable String id, @PathVariable String tableId) {
         dataSetTableFieldsService.delete(id);
     }
 
-    @ApiOperation("多字段值枚举")
+    @ApiIgnore
     @PostMapping("linkMultFieldValues")
     public List<Object> linkMultFieldValues(@RequestBody MultFieldValuesRequest multFieldValuesRequest)
             throws Exception {
@@ -145,7 +164,7 @@ public class DataSetTableFieldController {
         return multFieldValues(multFieldValuesRequest);
     }
 
-    @ApiOperation("多字段值枚举")
+    @ApiIgnore
     @PostMapping("multFieldValues")
     public List<Object> multFieldValues(@RequestBody MultFieldValuesRequest multFieldValuesRequest) throws Exception {
         List<Object> results = new ArrayList<>();
@@ -168,7 +187,7 @@ public class DataSetTableFieldController {
         return list;
     }
 
-    @ApiOperation("多字段值枚举")
+    @ApiIgnore
     @PostMapping("multFieldValuesForPermissions")
     public List<Object> multFieldValuesForPermissions(@RequestBody MultFieldValuesRequest multFieldValuesRequest) throws Exception {
         List<Object> results = new ArrayList<>();

backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskController.java

@@ -16,7 +16,9 @@ import io.dataease.service.dataset.DataSetTableTaskLogService;
 import io.dataease.service.dataset.DataSetTableTaskService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
+import springfox.documentation.annotations.ApiIgnore;
 
 import javax.annotation.Resource;
 import java.util.List;
@@ -42,18 +44,21 @@ public class DataSetTableTaskController {
         return dataSetTableTaskService.save(dataSetTaskRequest);
     }
 
+    //TODO
     @ApiOperation("删除")
     @PostMapping("delete/{id}")
     public void delete(@PathVariable String id) {
         dataSetTableTaskService.delete(id);
     }
 
+    @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("查询")
     @PostMapping("list")
     public List<DatasetTableTask> list(@RequestBody DatasetTableTask datasetTableTask) {
         return dataSetTableTaskService.list(datasetTableTask);
     }
 
+    @RequiresPermissions("task:read")
     @ApiOperation("分页查询")
     @PostMapping("/pageList/{goPage}/{pageSize}")
     public Pager<List<DataSetTaskDTO>> taskList(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseGridRequest request) {
@@ -62,12 +67,13 @@ public class DataSetTableTaskController {
         return PageUtils.setPageInfo(page, dataSetTableTaskService.taskList4User(request));
     }
 
-    @ApiOperation("上次执行时间")
+    @ApiIgnore
     @PostMapping("/lastExecStatus")
     public DataSetTaskDTO lastExecStatus(@RequestBody DataSetTaskDTO datasetTableTask) {
         return dataSetTableTaskLogService.lastExecStatus(datasetTableTask);
     }
 
+    @DePermission(type = DePermissionType.DATASET, value = "tableId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("更新状态")
     @PostMapping("/updateStatus")
     public void updateStatus(@RequestBody DatasetTableTask datasetTableTask) throws Exception{

backend/src/main/java/io/dataease/controller/dataset/DataSetTableTaskLogController.java

@@ -14,6 +14,7 @@ import io.dataease.dto.dataset.DataSetTaskLogDTO;
 import io.dataease.service.dataset.DataSetTableTaskLogService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -38,12 +39,13 @@ public class DataSetTableTaskLogController {
         return dataSetTableTaskLogService.save(datasetTableTaskLog);
     }
 
-    @ApiOperation("删除")
-    @PostMapping("delete/{id}")
-    public void delete(@PathVariable String id) {
-        dataSetTableTaskLogService.delete(id);
-    }
+//    @ApiOperation("删除")
+//    @PostMapping("delete/{id}")
+//    public void delete(@PathVariable String id) {
+//        dataSetTableTaskLogService.delete(id);
+//    }
 
+    @RequiresPermissions("task:read")
     @ApiOperation("分页查询")
     @PostMapping("list/{type}/{goPage}/{pageSize}")
     public Pager<List<DataSetTaskLogDTO>> list(@RequestBody BaseGridRequest request, @PathVariable String type, @PathVariable int goPage, @PathVariable int pageSize) {

backend/src/main/java/io/dataease/controller/dataset/DataSetTableUnionController.java

 package io.dataease.controller.dataset;
 
 import com.github.xiaoymin.knife4j.annotations.ApiSupport;
+import io.dataease.auth.annotation.DePermission;
 import io.dataease.base.domain.DatasetTableUnion;
+import io.dataease.commons.constants.DePermissionType;
+import io.dataease.commons.constants.ResourceAuthLevel;
 import io.dataease.dto.dataset.DataSetTableUnionDTO;
 import io.dataease.service.dataset.DataSetTableUnionService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -23,18 +27,23 @@ public class DataSetTableUnionController {
     @Resource
     private DataSetTableUnionService dataSetTableUnionService;
 
+    @RequiresPermissions("data:read")
     @ApiOperation("保存")
     @PostMapping("save")
     public DatasetTableUnion save(@RequestBody DatasetTableUnion datasetTableUnion) {
         return dataSetTableUnionService.save(datasetTableUnion);
     }
 
+    @RequiresPermissions("datasource:read")
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("删除")
     @PostMapping("delete/{id}")
     public void delete(@PathVariable String id) {
         dataSetTableUnionService.delete(id);
     }
 
+    @RequiresPermissions("datasource:read")
+    @DePermission(type = DePermissionType.DATASET)
     @ApiOperation("查询")
     @PostMapping("listByTableId/{tableId}")
     public List<DataSetTableUnionDTO> listByTableId(@PathVariable String tableId) {

backend/src/main/java/io/dataease/controller/dataset/DatasetFunctionController.java

 package io.dataease.controller.dataset;
 
 import com.github.xiaoymin.knife4j.annotations.ApiSupport;
+import io.dataease.auth.annotation.DePermission;
 import io.dataease.base.domain.DatasetTableFunction;
+import io.dataease.commons.constants.DePermissionType;
+import io.dataease.commons.constants.ResourceAuthLevel;
 import io.dataease.service.dataset.DatasetFunctionService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -25,6 +29,8 @@ public class DatasetFunctionController {
     @Resource
     private DatasetFunctionService datasetFunctionService;
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("查询")
     @PostMapping("listByTableId/{tableId}")
     public List<DatasetTableFunction> listByTableId(@PathVariable String tableId) {

backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java

 package io.dataease.controller.datasource;
 
-import com.github.pagehelper.Page;
-import com.github.pagehelper.PageHelper;
 import com.github.xiaoymin.knife4j.annotations.ApiSupport;
 import io.dataease.auth.annotation.DePermission;
-import io.dataease.auth.annotation.DePermissions;
 import io.dataease.base.domain.Datasource;
 import io.dataease.commons.constants.DePermissionType;
 import io.dataease.commons.constants.ResourceAuthLevel;
 import io.dataease.commons.utils.AuthUtils;
-import io.dataease.commons.utils.PageUtils;
-import io.dataease.commons.utils.Pager;
 import io.dataease.controller.ResultHolder;
 import io.dataease.controller.request.DatasourceUnionRequest;
 import io.dataease.controller.request.datasource.ApiDefinition;
-import io.dataease.controller.sys.base.BaseGridRequest;
 import io.dataease.dto.datasource.DBTableDTO;
 import io.dataease.service.datasource.DatasourceService;
 import io.dataease.dto.DatasourceDTO;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
-import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
@@ -38,7 +31,7 @@ public class DatasourceController {
     @Resource
     private DatasourceService datasourceService;
 
-    @RequiresPermissions("datasource:add")
+    @RequiresPermissions("datasource:read")
     @DePermission(type = DePermissionType.DATASOURCE, value = "id")
     @ApiOperation("新增数据源")
     @PostMapping("/add")
@@ -47,7 +40,6 @@ public class DatasourceController {
     }
 
     @RequiresPermissions("datasource:read")
-    @DePermission(type = DePermissionType.DATASOURCE, value = "id")
     @ApiOperation("验证数据源")
     @PostMapping("/validate")
     public ResultHolder validate(@RequestBody DatasourceDTO datasource) throws Exception {
@@ -55,14 +47,14 @@ public class DatasourceController {
     }
 
     @RequiresPermissions("datasource:read")
-    @DePermission(type = DePermissionType.DATASOURCE)
+    @DePermission(type = DePermissionType.DATASOURCE, value = "id")
     @ApiOperation("验证数据源")
     @GetMapping("/validate/{datasourceId}")
     public ResultHolder validate(@PathVariable String datasourceId) {
         return datasourceService.validate(datasourceId);
     }
 
-
+    @RequiresPermissions("datasource:read")
     @ApiOperation("查询当前用户数据源")
     @GetMapping("/list")
     public List<DatasourceDTO> getDatasourceList() throws Exception {
@@ -71,6 +63,7 @@ public class DatasourceController {
         return datasourceService.getDatasourceList(request);
     }
 
+    @RequiresPermissions("datasource:read")
     @ApiOperation("查询当前用户数据源")
     @GetMapping("/list/{type}")
     public List<DatasourceDTO> getDatasourceListByType(@PathVariable String type) throws Exception {
@@ -78,28 +71,23 @@ public class DatasourceController {
     }
 
     @RequiresPermissions("datasource:read")
-    @ApiIgnore
-    @PostMapping("/list/{goPage}/{pageSize}")
-    public Pager<List<DatasourceDTO>> getDatasourceList(@RequestBody BaseGridRequest request, @PathVariable int goPage, @PathVariable int pageSize) throws Exception {
-        Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
-        return PageUtils.setPageInfo(page, datasourceService.gridQuery(request));
-    }
-
-    @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.LINK_LEVEL_MANAGE)
+    @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.DATASOURCE_LEVEL_MANAGE)
     @ApiOperation("删除数据源")
     @PostMapping("/delete/{datasourceID}")
     public void deleteDatasource(@PathVariable(value = "datasourceID") String datasourceID) throws Exception {
         datasourceService.deleteDatasource(datasourceID);
     }
 
-    @RequiresPermissions("datasource:add")
-    @DePermission(type = DePermissionType.DATASOURCE, value = "id", level = ResourceAuthLevel.LINK_LEVEL_MANAGE)
+    @RequiresPermissions("datasource:read")
+    @DePermission(type = DePermissionType.DATASOURCE, value = "id", level = ResourceAuthLevel.DATASOURCE_LEVEL_MANAGE)
     @ApiOperation("更新数据源")
     @PostMapping("/update")
     public void updateDatasource(@RequestBody Datasource Datasource) {
         datasourceService.updateDatasource(Datasource);
     }
 
+    @RequiresPermissions("datasource:read")
+    @DePermission(type = DePermissionType.DATASOURCE, value = "id")
     @ApiOperation("查询数据源下属所有表")
     @PostMapping("/getTables")
     public List<DBTableDTO> getTables(@RequestBody Datasource datasource) throws Exception {
@@ -112,7 +100,7 @@ public class DatasourceController {
        return datasourceService.getSchema(datasource);
     }
 
-    @ApiOperation("校验API数据源")
+    @ApiIgnore
     @PostMapping("/checkApiDatasource")
     public ApiDefinition checkApiDatasource(@RequestBody ApiDefinition apiDefinition) throws Exception {
         return datasourceService.checkApiDatasource(apiDefinition);

backend/src/main/java/io/dataease/plugins/server/ColumnPermissionsController.java

@@ -2,6 +2,9 @@ package io.dataease.plugins.server;
 
 import com.github.pagehelper.Page;
 import com.github.pagehelper.PageHelper;
+import io.dataease.auth.annotation.DePermission;
+import io.dataease.commons.constants.DePermissionType;
+import io.dataease.commons.constants.ResourceAuthLevel;
 import io.dataease.commons.utils.PageUtils;
 import io.dataease.commons.utils.Pager;
 import io.dataease.i18n.Translator;
@@ -16,6 +19,7 @@ import io.dataease.plugins.xpack.auth.service.ColumnPermissionService;
 import io.dataease.plugins.xpack.auth.service.RowPermissionService;
 import io.swagger.annotations.ApiOperation;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
@@ -27,7 +31,8 @@ import java.util.List;
 @RequestMapping("plugin/dataset/columnPermissions")
 public class ColumnPermissionsController {
 
-
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("保存")
     @PostMapping("save")
     public DatasetColumnPermissions save(@RequestBody DatasetColumnPermissions datasetColumnPermissions) throws Exception {
@@ -52,6 +57,8 @@ public class ColumnPermissionsController {
         return columnPermissionService.save(datasetColumnPermissions);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("查询")
     @PostMapping("/list")
     public List<DataSetColumnPermissionsDTO> searchPermissions(@RequestBody DataSetColumnPermissionsDTO request) {
@@ -59,6 +66,8 @@ public class ColumnPermissionsController {
        return columnPermissionService.searchPermissions(request);
     }
 
+    //TODO
+    @RequiresPermissions("data:read")
     @ApiOperation("删除")
     @PostMapping("/delete/{id}")
     public void delete(@PathVariable String id) {
@@ -66,6 +75,8 @@ public class ColumnPermissionsController {
         columnPermissionService.delete(id);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("分页查询")
     @PostMapping("/pageList/{datasetId}/{goPage}/{pageSize}")
     public Pager<List<DataSetColumnPermissionsDTO>> rowPermissions(@PathVariable String datasetId, @PathVariable int goPage, @PathVariable int pageSize, @RequestBody XpackGridRequest request) {
@@ -81,6 +92,8 @@ public class ColumnPermissionsController {
         return PageUtils.setPageInfo(page, columnPermissionService.queryPermissions(request));
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("有权限的对象")
     @PostMapping("/authObjs")
     public List<Object> authObjs(@RequestBody DataSetColumnPermissionsDTO request) {
@@ -88,6 +101,8 @@ public class ColumnPermissionsController {
         return (List<Object>) columnPermissionService.authObjs(request);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("详情")
     @PostMapping("/permissionInfo")
     public DataSetColumnPermissionsDTO permissionInfo(@RequestBody DataSetColumnPermissionsDTO request) {

backend/src/main/java/io/dataease/plugins/server/RowPermissionsController.java

@@ -2,6 +2,9 @@ package io.dataease.plugins.server;
 
 import com.github.pagehelper.Page;
 import com.github.pagehelper.PageHelper;
+import io.dataease.auth.annotation.DePermission;
+import io.dataease.commons.constants.DePermissionType;
+import io.dataease.commons.constants.ResourceAuthLevel;
 import io.dataease.commons.utils.PageUtils;
 import io.dataease.commons.utils.Pager;
 import io.dataease.i18n.Translator;
@@ -13,6 +16,7 @@ import io.dataease.plugins.xpack.auth.dto.request.DatasetRowPermissions;
 import io.dataease.plugins.xpack.auth.service.RowPermissionService;
 import io.swagger.annotations.ApiOperation;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
@@ -24,6 +28,8 @@ import java.util.List;
 @RequestMapping("plugin/dataset/rowPermissions")
 public class RowPermissionsController {
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("保存")
     @PostMapping("save")
     public void save(@RequestBody DatasetRowPermissions datasetRowPermissions) throws Exception {
@@ -49,6 +55,8 @@ public class RowPermissionsController {
         rowPermissionService.save(datasetRowPermissions);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("查询")
     @PostMapping("/list")
     public List<DataSetRowPermissionsDTO> rowPermissions(@RequestBody DataSetRowPermissionsDTO request) {
@@ -56,6 +64,8 @@ public class RowPermissionsController {
        return rowPermissionService.searchRowPermissions(request);
     }
 
+    //TODO
+    @RequiresPermissions("data:read")
     @ApiOperation("删除")
     @PostMapping("/delete/{id}")
     public void dataSetRowPermissionInfo(@PathVariable String id) {
@@ -63,6 +73,8 @@ public class RowPermissionsController {
         rowPermissionService.delete(id);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("分页查询")
     @PostMapping("/pageList/{datasetId}/{goPage}/{pageSize}")
     public Pager<List<DataSetRowPermissionsDTO>> rowPermissions(@PathVariable String datasetId, @PathVariable int goPage, @PathVariable int pageSize, @RequestBody XpackGridRequest request) {
@@ -78,6 +90,8 @@ public class RowPermissionsController {
         return PageUtils.setPageInfo(page, rowPermissionService.queryRowPermissions(request));
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("有权限的对象")
     @PostMapping("/authObjs")
     public List<Object> authObjs(@RequestBody DataSetRowPermissionsDTO request) {
@@ -85,6 +99,8 @@ public class RowPermissionsController {
         return (List<Object>) rowPermissionService.authObjs(request);
     }
 
+    @RequiresPermissions("data:read")
+    @DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
     @ApiOperation("详情")
     @PostMapping("/dataSetRowPermissionInfo")
     public DataSetRowPermissionsDTO dataSetRowPermissionInfo(@RequestBody DataSetRowPermissionsDTO request) {

backend/src/main/resources/db/migration/V32__1.8.sql

@@ -404,3 +404,6 @@ CREATE TABLE `dataease_code_version` (
 BEGIN;
 INSERT INTO `dataease_code_version` VALUES (0, 'init', NULL, 1);
 COMMIT;
+
+DELETE FROM `sys_menu` WHERE pid=34;
+UPDATE `sys_menu` SET `sub_count` = '0' WHERE (`menu_id` = '34');
\ No newline at end of file

frontend/src/utils/conditionUtil.js

@@ -48,7 +48,7 @@ export const buildFilterMap = panelItems => {
     }
     if (element.type === 'de-tabs') {
       element.options.tabList && element.options.tabList.forEach(tab => {
-        if (tab.content.propValue && tab.content.propValue.viewId) {
+        if (tab.content && tab.content.propValue && tab.content.propValue.viewId) {
           result[tab.content.propValue.viewId] = []
         }
       })

frontend/src/views/dataset/data/FieldEdit.vue

@@ -392,7 +392,7 @@ export default {
         cancelButtonText: this.$t('dataset.cancel'),
         type: 'warning'
       }).then(() => {
-        post('/dataset/field/delete/' + item.id, null).then(response => {
+        post('/dataset/field/delete/' + item.id + '/' + item.tableId, null).then(response => {
           this.$message({
             type: 'success',
             message: this.$t('chart.delete_success'),

frontend/src/views/login/index.vue

@@ -202,7 +202,6 @@ export default {
             loginType: this.loginForm.loginType
           }
           const publicKey = localStorage.getItem('publicKey')
-          console.log(publicKey)
           this.$store.dispatch('user/login', user).then(() => {
             this.$router.push({ path: this.redirect || '/' })
             this.loading = false

frontend/src/views/system/datasource/DsTree.vue

@@ -5,7 +5,7 @@
         <span class="title-text">
           {{ $t('commons.datasource') }}
         </span>
-        <el-button v-permission="['datasource:add']" icon="el-icon-plus" type="text" size="mini" style="float: right;"
+        <el-button icon="el-icon-plus" type="text" size="mini" style="float: right;"
                    @click="addFolder"/>
 
       </el-row>
@@ -76,7 +76,6 @@
                 <span v-if="data.type ==='folder'" @click.stop>
                   <span class="el-dropdown-link">
                     <el-button
-                      v-permission="['datasource:add']"
                       icon="el-icon-plus"
                       type="text"
                       size="small"