add: sql执行添加表权限校验逻辑

3 months ago · 2e64ad5b97
3 changed files with 22 additions and 78 deletions
--- a/hzims-service-api/big-model-api/src/main/java/com/hnac/hzims/bigmodel/entity/FuncParamEntity.java
+++ b/hzims-service-api/big-model-api/src/main/java/com/hnac/hzims/bigmodel/entity/FuncParamEntity.java
@ -1,43 +0,0 @@
 package com.hnac.hzims.bigmodel.entity;
 import com.baomidou.mybatisplus.annotation.TableName;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import org.springblade.core.mp.support.QueryField;
 import org.springblade.core.mp.support.SqlCondition;
 import org.springblade.core.tenant.mp.TenantEntity;
 import javax.validation.constraints.Max;
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
 /**
 * @Author: huangxing
 * @Date: 2024/04/26 10:56
 */
@TableName("HZIMS_FUNC_PARAM")
@ApiModel(value = "大模型函数参数entity",description = "大模型函数参数entity")
@Data
 public class FuncParamEntity extends TenantEntity {
    @ApiModelProperty(value = "函数表主键ID")
    @QueryField(condition = SqlCondition.EQUAL)
    @NotNull
    private Long funcId;
    @ApiModelProperty("参数名称")
    @QueryField(condition = SqlCondition.LIKE)
    @NotBlank
    private String name;
    @ApiModelProperty(value = "参数别名，传参参数")
    @QueryField(condition = SqlCondition.EQUAL)
    private String alias;
    @ApiModelProperty(value = "是否必须")
    @QueryField(condition = SqlCondition.EQUAL)
    private Boolean isRequire;
 }
--- a/hzims-service/hzims-big-model/src/main/java/com/hnac/hzims/bigmodel/business/service/DataSourceService.java
+++ b/hzims-service/hzims-big-model/src/main/java/com/hnac/hzims/bigmodel/business/service/DataSourceService.java
@ -1,12 +1,19 @@
 package com.hnac.hzims.bigmodel.business.service;
 import com.baomidou.dynamic.datasource.toolkit.DynamicDataSourceContextHolder;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.hnac.hzims.bigmodel.business.vo.SqlVO;
 import com.hnac.hzims.bigmodel.business.vo.TableAuthVO;
 import com.hnac.hzims.bigmodel.maintenance.entity.TablePropertyEntity;
 import com.hnac.hzims.bigmodel.maintenance.service.TablePropertyService;
 import com.hnac.hzims.common.service.UserAuthDataService;
 import com.hnac.hzinfo.exception.HzServiceException;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springblade.core.log.exception.ServiceException;
 import org.springblade.core.tool.api.ResultCode;
 import org.springblade.core.tool.utils.Func;
 import org.springblade.core.tool.utils.StringUtil;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.stereotype.Service;
@ -27,6 +34,7 @@ public class DataSourceService {
    private final JdbcTemplate jdbcTemplate;
    private final UserAuthDataService userAuthDataService;
    private final TablePropertyService tablePropertyService;
    private static final Pattern UPDATE_PATTERN = Pattern.compile("^UPDATE\\s", Pattern.CASE_INSENSITIVE);
    private static final Pattern DELETE_PATTERN = Pattern.compile("^DELETE\\s", Pattern.CASE_INSENSITIVE);
@ -41,45 +49,22 @@ public class DataSourceService {
        String userAuthDataSQL = userAuthDataService.getUserAuthDataSQL(Long.parseLong(sqlVO.getUserId()));
        if(StringUtil.isNotBlank(userAuthDataSQL)) {
            for (TableAuthVO tableAuthVO : sqlVO.getTableAuthVOList()) {
                // 查询改数据源下的表格是否存在鉴权
                LambdaQueryWrapper<TablePropertyEntity> wrapper = Wrappers.<TablePropertyEntity>lambdaQuery()
                        .eq(TablePropertyEntity::getDatasourceId, tableAuthVO.getDatasourceName())
                        .eq(TablePropertyEntity::getTableName, tableAuthVO.getTableName());
                List<TablePropertyEntity> propertise = tablePropertyService.list(wrapper);
                Assert.isTrue(Func.isNotEmpty(propertise), () -> {
                    throw new HzServiceException(ResultCode.FAILURE,"查询语句中存在未进行鉴权的表，查询失败！");
                });
                if("1".equals(propertise.get(0).getAuthType())) {
                    String tableSubStr = "(SELECT * FROM " + tableAuthVO.getTableName() + " where" + userAuthDataSQL +") temp";
                    sql = sql.replace(tableAuthVO.getTableName(),tableSubStr);
                }
            }
        }
        log.info("执行sql：{}",sql);
        return this.queryListOnSpecificDataSource(sql, sqlVO.getTableAuthVOList().get(0).getDatasourceName());
        // 过滤更新、删除语句
 //        Assert.isTrue(!DataSourceService.isUpdateOrDelete(sqlVO.getSql()),() -> {
 //            throw new ServiceException("执行sql语句包含更新/删除操作，执行失败！");
 //        });
 //        String sql = sqlVO.getSql();
 //        String userAuthDataSQL = userAuthDataService.getUserAuthDataSQL(Long.parseLong(sqlVO.getUserId()));
 //        List<Map<String,String>> tempViewList = Lists.newArrayList();
 //        try {
 //            for (TableAuthVO tableAuthVO : sqlVO.getTableAuthVOList()) {
 //                // 创建视图语句
 //                String viewName = "V_TEMP_" + UUID.randomUUID().toString().replace("-", "");
 //                String createView = "CREATE VIEW " + viewName + " AS SELECT * FROM " + tableAuthVO.getTableName() + " where " + userAuthDataSQL;
 //                this.updateOnSpecificDataSource(createView,tableAuthVO.getDatasourceName());
 //                Map<String,String> viewMap = new HashMap(2);
 //                viewMap.put("datasource",tableAuthVO.getDatasourceName());
 //                viewMap.put("viewName",viewName);
 //                tempViewList.add(viewMap);
 //                sql = sql.replace(tableAuthVO.getTableName(),viewName);
 //            }
 //            log.info("执行sql：{}",sql);
 //            return this.queryListOnSpecificDataSource(sql, sqlVO.getTableAuthVOList().get(0).getDatasourceName());
 //        }
 //        catch(Exception e) {
 //            log.error("An Error occurred!",e);
 //            throw new ServiceException("sql执行失败！");
 //        }
 //        finally {
 //            if(CollectionUtil.isNotEmpty(tempViewList)) {
 //                tempViewList.forEach(viewMap -> {
 //                    this.updateOnSpecificDataSource("DROP VIEW IF EXISTS `" + viewMap.get("viewName")+"`;",viewMap.get("datasource"));
 //                });
 //            }
 //        }
    }
    /**
--- a/hzims-service/hzims-big-model/src/main/java/com/hnac/hzims/bigmodel/question/service/QuestionHandlerService.java
+++ b/hzims-service/hzims-big-model/src/main/java/com/hnac/hzims/bigmodel/question/service/QuestionHandlerService.java
@ -83,6 +83,7 @@ public class QuestionHandlerService {
            answerVO.setRunning(0);
            answerVO.setStatus(0);
            answerVO.setAnswer("已成功打开"+selection.getItemName()+"视频");
            answerVO.setVoiceAnswer(new String[]{"已成功打开"+selection.getItemName()+"视频"});
            answerVO.setExtras(new Object[]{JSON.toJSONString(videoExtras)});
            TextMessage textMessage = InteractiveSessionManager.getTextMessage("1", JSON.toJSONString(answerVO));
            wsService.sendMessage(messageDTO.getChatId(),textMessage);
@ -109,6 +110,7 @@ public class QuestionHandlerService {
            answerVO.setRunning(0);
            answerVO.setStatus(0);
            answerVO.setQuery(selection.getItemName());
            answerVO.setVoiceAnswer(new String[]{"已成功打开"+selection.getItemName()+"实时画面"});
            answerVO.setAnswer("已成功打开"+selection.getItemName()+"实时画面");
            answerVO.setExtras(new Object[]{JSON.toJSONString(scadaExtra)});
            TextMessage textMessage = InteractiveSessionManager.getTextMessage("1", JSON.toJSONString(answerVO));