(improvement)(headless) Parse sql variable (#763)

Co-authored-by: jolunoluo
2025-12-13 21:17:08 +00:00 · 2024-02-26 21:59:55 +08:00
parent 0beb3cefd3
commit 0541614dad
14 changed files with 111 additions and 64 deletions
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/manager/ModelYamlManager.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/manager/ModelYamlManager.java
@@ -4,7 +4,7 @@ import com.tencent.supersonic.headless.api.pojo.Dim;
 import com.tencent.supersonic.headless.api.pojo.Identify;
 import com.tencent.supersonic.headless.api.pojo.Measure;
 import com.tencent.supersonic.headless.api.pojo.ModelDetail;
-import com.tencent.supersonic.headless.api.pojo.enums.DatasourceQuery;
+import com.tencent.supersonic.headless.api.pojo.enums.ModelDefineType;
 import com.tencent.supersonic.headless.api.pojo.response.DatabaseResp;
 import com.tencent.supersonic.headless.api.pojo.response.ModelResp;
 import com.tencent.supersonic.headless.core.adaptor.db.DbAdaptor;
@@ -46,7 +46,7 @@ public class ModelYamlManager {
                .collect(Collectors.toList()));
        dataModelYamlTpl.setName(modelResp.getBizName());
        dataModelYamlTpl.setSourceId(modelResp.getDatabaseId());
-        if (modelDetail.getQueryType().equalsIgnoreCase(DatasourceQuery.SQL_QUERY.getName())) {
+        if (modelDetail.getQueryType().equalsIgnoreCase(ModelDefineType.SQL_QUERY.getName())) {
            dataModelYamlTpl.setSqlQuery(modelDetail.getSqlQuery());
        } else {
            dataModelYamlTpl.setTableQuery(modelDetail.getTableQuery());
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/rest/DatabaseController.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/rest/DatabaseController.java
@@ -73,7 +73,7 @@ public class DatabaseController {
            HttpServletRequest request,
            HttpServletResponse response) {
        User user = UserHolder.findUser(request, response);
-        return databaseService.executeSql(sqlExecuteReq.getSql(), sqlExecuteReq.getId(), user);
+        return databaseService.executeSql(sqlExecuteReq, sqlExecuteReq.getId(), user);
    }

    @RequestMapping("/getDbNames/{id}")
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/DatabaseService.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/DatabaseService.java
@@ -2,6 +2,7 @@ package com.tencent.supersonic.headless.server.service;

 import com.tencent.supersonic.auth.api.authentication.pojo.User;
 import com.tencent.supersonic.headless.api.pojo.request.DatabaseReq;
+import com.tencent.supersonic.headless.api.pojo.request.SqlExecuteReq;
 import com.tencent.supersonic.headless.api.pojo.response.DatabaseResp;
 import com.tencent.supersonic.headless.api.pojo.response.SemanticQueryResp;
 import com.tencent.supersonic.headless.server.pojo.DatabaseParameter;
@@ -13,7 +14,7 @@ public interface DatabaseService {

    SemanticQueryResp executeSql(String sql, DatabaseResp databaseResp);

-    SemanticQueryResp executeSql(String sql, Long id, User user);
+    SemanticQueryResp executeSql(SqlExecuteReq sqlExecuteReq, Long id, User user);

    DatabaseResp getDatabase(Long id, User user);

--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DatabaseServiceImpl.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DatabaseServiceImpl.java
@@ -1,8 +1,9 @@
 package com.tencent.supersonic.headless.server.service.impl;

+import com.google.common.collect.Lists;
 import com.tencent.supersonic.auth.api.authentication.pojo.User;
-import com.tencent.supersonic.common.pojo.exception.InvalidPermissionException;
 import com.tencent.supersonic.headless.api.pojo.request.DatabaseReq;
+import com.tencent.supersonic.headless.api.pojo.request.SqlExecuteReq;
 import com.tencent.supersonic.headless.api.pojo.response.DatabaseResp;
 import com.tencent.supersonic.headless.api.pojo.response.ModelResp;
 import com.tencent.supersonic.headless.api.pojo.response.SemanticQueryResp;
@@ -11,6 +12,7 @@ import com.tencent.supersonic.headless.core.adaptor.db.DbAdaptorFactory;
 import com.tencent.supersonic.headless.core.pojo.Database;
 import com.tencent.supersonic.headless.core.utils.JdbcDataSourceUtils;
 import com.tencent.supersonic.headless.core.utils.SqlUtils;
+import com.tencent.supersonic.headless.core.utils.SqlVariableParseUtils;
 import com.tencent.supersonic.headless.server.persistence.dataobject.DatabaseDO;
 import com.tencent.supersonic.headless.server.persistence.repository.DatabaseRepository;
 import com.tencent.supersonic.headless.server.pojo.DatabaseParameter;
@@ -116,32 +118,19 @@ public class DatabaseServiceImpl implements DatabaseService {
    @Override
    public DatabaseResp getDatabase(Long id, User user) {
        DatabaseResp databaseResp = getDatabase(id);
-        if (!databaseResp.getAdmins().contains(user.getName())
-                && !databaseResp.getViewers().contains(user.getName())
-                && !databaseResp.getCreatedBy().equals(user.getName())) {
-            throw new InvalidPermissionException("您暂无查看该数据库详情的权限, 请联系创建人: "
-                    + databaseResp.getCreatedBy());
-        }
+        checkPermission(databaseResp, user);
        return databaseResp;
    }

    @Override
-    public SemanticQueryResp executeSql(String sql, Long id, User user) {
+    public SemanticQueryResp executeSql(SqlExecuteReq sqlExecuteReq, Long id, User user) {
        DatabaseResp databaseResp = getDatabase(id);
        if (databaseResp == null) {
            return new SemanticQueryResp();
        }
-        List<String> admins = databaseResp.getAdmins();
-        List<String> viewers = databaseResp.getViewers();
-        if (!admins.contains(user.getName())
-                && !viewers.contains(user.getName())
-                && !databaseResp.getCreatedBy().equalsIgnoreCase(user.getName())
-                && !user.isSuperAdmin()) {
-            String message = String.format("您暂无当前数据库%s权限, 请联系数据库管理员%s开通",
-                    databaseResp.getName(),
-                    String.join(",", admins));
-            throw new RuntimeException(message);
-        }
+        checkPermission(databaseResp, user);
+        String sql = sqlExecuteReq.getSql();
+        sql = SqlVariableParseUtils.parse(sql, sqlExecuteReq.getSqlVariables(), Lists.newArrayList());
        return executeSql(sql, databaseResp);
    }

@@ -195,4 +184,18 @@ public class DatabaseServiceImpl implements DatabaseService {
        return queryWithColumns(metaQuerySql, DatabaseConverter.convert(databaseResp));
    }

+    private void checkPermission(DatabaseResp databaseResp, User user) {
+        List<String> admins = databaseResp.getAdmins();
+        List<String> viewers = databaseResp.getViewers();
+        if (!admins.contains(user.getName())
+                && !viewers.contains(user.getName())
+                && !databaseResp.getCreatedBy().equalsIgnoreCase(user.getName())
+                && !user.isSuperAdmin()) {
+            String message = String.format("您暂无当前数据库%s权限, 请联系数据库创建人:%s开通",
+                    databaseResp.getName(),
+                    databaseResp.getCreatedBy());
+            throw new RuntimeException(message);
+        }
+    }
+
 }