fix: 列权限校验

f33e4b93 · taojinlong · 17e2ec66 · f33e4b93 · f33e4b93 · f33e4b93
--- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java
+++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableFieldController.java
@@ -61,6 +61,19 @@ public class DataSetTableFieldController {
        return fields;
    }

+    @ApiOperation("查询表下属字段")
+    @PostMapping("listWithPermission/{tableId}")
+    public List<DatasetTableField> listWithPermission(@PathVariable String tableId) {
+        DatasetTableField datasetTableField = DatasetTableField.builder().build();
+        datasetTableField.setTableId(tableId);
+        List<DatasetTableField> fields = dataSetTableFieldsService.list(datasetTableField);
+        List<String> desensitizationList = new ArrayList<>();
+        fields = permissionService.filterColumnPermissons(fields, desensitizationList, tableId, null);
+        fields = fields.stream().filter(item -> !desensitizationList.contains(item.getDataeaseName())).collect(Collectors.toList());
+        return fields;
+    }
+
+    //管理权限，可以列出所有字段
    @ApiOperation("查询表下属字段")
    @PostMapping("listForPermissionSeting/{tableId}")
    public List<DatasetTableField> listForPermissionSeting(@PathVariable String tableId) {
@@ -70,6 +83,7 @@ public class DataSetTableFieldController {
        return fields;
    }

+    //管理权限，可以列出所有字段
    @ApiOperation("分组查询表下属字段")
    @PostMapping("listByDQ/{tableId}")
    public DatasetTableField4Type listByDQ(@PathVariable String tableId) {
@@ -77,10 +91,8 @@ public class DataSetTableFieldController {
        datasetTableField.setTableId(tableId);
        datasetTableField.setGroupType("d");
        List<DatasetTableField> dimensionList = dataSetTableFieldsService.list(datasetTableField);
-        dimensionList = permissionService.filterColumnPermissons(dimensionList, new ArrayList<>(), tableId, null);
        datasetTableField.setGroupType("q");
        List<DatasetTableField> quotaList = dataSetTableFieldsService.list(datasetTableField);
-        quotaList = permissionService.filterColumnPermissons(quotaList, new ArrayList<>(), tableId, null);

        DatasetTableField4Type datasetTableField4Type = new DatasetTableField4Type();
        datasetTableField4Type.setDimensionList(dimensionList);
@@ -134,7 +146,30 @@ public class DataSetTableFieldController {
    public List<Object> multFieldValues(@RequestBody MultFieldValuesRequest multFieldValuesRequest) throws Exception {
        List<Object> results = new ArrayList<>();
        for (String fieldId : multFieldValuesRequest.getFieldIds()) {
-            List<Object> fieldValues = dataSetFieldService.fieldValues(fieldId, multFieldValuesRequest.getUserId());
+            List<Object> fieldValues = dataSetFieldService.fieldValues(fieldId, multFieldValuesRequest.getUserId(), true);
+            if (CollectionUtil.isNotEmpty(fieldValues)) {
+                results.addAll(fieldValues);
+            }
+
+        }
+        ArrayList<Object> list = results.stream().collect(
+                Collectors.collectingAndThen(
+                        Collectors.toCollection(
+                                () -> new TreeSet<>(Comparator.comparing(t -> {
+                                    if (ObjectUtils.isEmpty(t))
+                                        return "";
+                                    return t.toString();
+                                }))),
+                        ArrayList::new));
+        return list;
+    }
+
+    @ApiOperation("多字段值枚举")
+    @PostMapping("multFieldValuesForPermissions")
+    public List<Object> multFieldValuesForPermissions(@RequestBody MultFieldValuesRequest multFieldValuesRequest) throws Exception {
+        List<Object> results = new ArrayList<>();
+        for (String fieldId : multFieldValuesRequest.getFieldIds()) {
+            List<Object> fieldValues = dataSetFieldService.fieldValues(fieldId, multFieldValuesRequest.getUserId(), false);
            if (CollectionUtil.isNotEmpty(fieldValues)) {
                results.addAll(fieldValues);
            }

--- a/backend/src/main/java/io/dataease/service/chart/ChartViewService.java
+++ b/backend/src/main/java/io/dataease/service/chart/ChartViewService.java
@@ -305,6 +305,10 @@ public class ChartViewService {
                        filterRequest.setFieldId(fId);

                        DatasetTableField datasetTableField = dataSetTableFieldsService.get(fId);
+                        if(datasetTableField == null){
+                            continue;
+                        }
+                        if(!desensitizationList.contains(datasetTableField.getDataeaseName()) && dataeaseNames.contains(datasetTableField.getDataeaseName())){
                            filterRequest.setDatasetTableField(datasetTableField);
                            if (StringUtils.equalsIgnoreCase(datasetTableField.getTableId(), view.getTableId())) {
                                if (CollectionUtils.isNotEmpty(filterRequest.getViewIds())) {
@@ -319,11 +323,13 @@ public class ChartViewService {
                    }
                }
            }
+        }

        //联动过滤条件联动条件全部加上
        if (ObjectUtils.isNotEmpty(requestList.getLinkageFilters())) {
            for (ChartExtFilterRequest request : requestList.getLinkageFilters()) {
                DatasetTableField datasetTableField = dataSetTableFieldsService.get(request.getFieldId());
+                if(!desensitizationList.contains(datasetTableField.getDataeaseName()) && dataeaseNames.contains(datasetTableField.getDataeaseName())){
                    request.setDatasetTableField(datasetTableField);
                    if (StringUtils.equalsIgnoreCase(datasetTableField.getTableId(), view.getTableId())) {
                        if (CollectionUtils.isNotEmpty(request.getViewIds())) {
@@ -336,6 +342,7 @@ public class ChartViewService {
                    }
                }
            }
+        }

        // 下钻
        List<ChartExtFilterRequest> drillFilters = new ArrayList<>();

--- a/backend/src/main/java/io/dataease/service/dataset/DataSetFieldService.java
+++ b/backend/src/main/java/io/dataease/service/dataset/DataSetFieldService.java
@@ -5,5 +5,5 @@ import java.util.List;

 public interface DataSetFieldService {

-    List<Object> fieldValues(String fieldId, Long userId) throws Exception;
+    List<Object> fieldValues(String fieldId, Long userId, Boolean userPermissions) throws Exception;
 }
--- a/backend/src/main/java/io/dataease/service/dataset/impl/direct/DirectFieldService.java
+++ b/backend/src/main/java/io/dataease/service/dataset/impl/direct/DirectFieldService.java
@@ -42,7 +42,7 @@ public class DirectFieldService implements DataSetFieldService {
    private PermissionService permissionService;

    @Override
-    public List<Object> fieldValues(String fieldId, Long userId) throws Exception {
+    public List<Object> fieldValues(String fieldId, Long userId, Boolean userPermissions) throws Exception {
        DatasetTableField field = dataSetTableFieldsService.selectByPrimaryKey(fieldId);
        if (field == null || StringUtils.isEmpty(field.getTableId())) return null;

@@ -52,22 +52,23 @@ public class DirectFieldService implements DataSetFieldService {
        DatasetTableField datasetTableField = DatasetTableField.builder().tableId(field.getTableId()).checked(Boolean.TRUE).build();
        List<DatasetTableField> fields = dataSetTableFieldsService.list(datasetTableField);

+        List<ChartFieldCustomFilterDTO> customFilter = new ArrayList<>();
+        if(userPermissions){
            //列权限
            List<String> desensitizationList = new ArrayList<>();
            fields = permissionService.filterColumnPermissons(fields, desensitizationList, datasetTable.getId(), userId);
-
            //禁用的
            if(!fields.stream().map(DatasetTableField::getId).collect(Collectors.toList()).contains(fieldId)){
                return new ArrayList<>();
            }
-
            if (CollectionUtils.isNotEmpty(desensitizationList) && desensitizationList.contains(field.getDataeaseName())) {
                List<Object> results = new ArrayList<>();
                results.add(ColumnPermissionConstants.Desensitization_desc);
                return results;
            }
            //行权限
-        List<ChartFieldCustomFilterDTO> customFilter = permissionService.getCustomFilters(fields, datasetTable, userId);
+            customFilter = permissionService.getCustomFilters(fields, datasetTable, userId);
+        }

        DatasourceRequest datasourceRequest = new DatasourceRequest();
        DatasourceProvider datasourceProvider = null;

--- a/frontend/src/api/dataset/dataset.js
+++ b/frontend/src/api/dataset/dataset.js
@@ -103,6 +103,14 @@ export function fieldList(id, showLoading = true) {
  })
 }

+export function fieldListWithPermission(id, showLoading = true) {
+  return request({
+    url: '/dataset/field/listWithPermission/' + id,
+    loading: showLoading,
+    method: 'post'
+  })
+}
+
 export function fieldListDQ(id, showLoading = true) {
  return request({
    url: '/dataset/field/listByDQ/' + id,

--- a/frontend/src/views/panel/filter/filterDialog.vue
+++ b/frontend/src/views/panel/filter/filterDialog.vue
@@ -184,7 +184,7 @@ import {
 } from 'vuex'
 import {
  groupTree,
-  fieldList,
+  fieldListWithPermission,
  post
 } from '@/api/dataset/dataset'
 import {
@@ -489,7 +489,7 @@ export default {
    },

    loadField(tableId) {
-      fieldList(tableId).then(res => {
+      fieldListWithPermission(tableId).then(res => {
        let datas = res.data
        if (this.widget && this.widget.filterFieldMethod) {
          datas = this.widget.filterFieldMethod(datas)
@@ -498,7 +498,7 @@ export default {
      })
    },
    comLoadField(tableId) {
-      fieldList(tableId).then(res => {
+      fieldListWithPermission(tableId).then(res => {
        let datas = res.data
        if (this.widget && this.widget.filterFieldMethod) {
          datas = this.widget.filterFieldMethod(datas)