From 871c88d167cd658086621c7a66c5513b348ac938 Mon Sep 17 00:00:00 2001 From: LXW <1264174498@qq.com> Date: Sun, 23 Jun 2024 21:57:49 +0800 Subject: [PATCH] (improvement)(Demo) The demo opens data query permission to new user by default (#1197) Co-authored-by: lxwcodemonkey --- .../api/pojo/response/DomainResp.java | 4 +++ .../service/impl/DomainServiceImpl.java | 26 +++++++------------ .../tencent/supersonic/demo/S2ArtistDemo.java | 1 + .../tencent/supersonic/demo/S2VisitsDemo.java | 3 ++- .../src/main/resources/db/data-h2.sql | 2 +- .../tencent/supersonic/headless/BaseTest.java | 12 +++++++++ .../supersonic/headless/QueryBySqlTest.java | 11 ++++---- .../headless/QueryByStructTest.java | 3 ++- .../supersonic/headless/SchemaAuthTest.java | 1 + 9 files changed, 39 insertions(+), 24 deletions(-) diff --git a/headless/api/src/main/java/com/tencent/supersonic/headless/api/pojo/response/DomainResp.java b/headless/api/src/main/java/com/tencent/supersonic/headless/api/pojo/response/DomainResp.java index dc9ffa21f..802f7896e 100644 --- a/headless/api/src/main/java/com/tencent/supersonic/headless/api/pojo/response/DomainResp.java +++ b/headless/api/src/main/java/com/tencent/supersonic/headless/api/pojo/response/DomainResp.java @@ -29,6 +29,10 @@ public class DomainResp extends SchemaItem { private boolean hasModel; + public boolean openToAll() { + return isOpen != null && isOpen == 1; + } + @Override public boolean equals(Object o) { if (o == null || getClass() != o.getClass()) { diff --git a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DomainServiceImpl.java b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DomainServiceImpl.java index 5a849ce5c..4bfb5d08a 100644 --- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DomainServiceImpl.java +++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DomainServiceImpl.java @@ -127,7 +127,7 @@ public class DomainServiceImpl implements DomainService { } if (authTypeEnum.equals(AuthType.VISIBLE)) { domainWithAuth = domainResps.stream() - .filter(domainResp -> checkDataSeterPermission(orgIds, user, domainResp)) + .filter(domainResp -> checkViewPermission(orgIds, user, domainResp)) .collect(Collectors.toList()); } List domainIds = domainWithAuth.stream().map(DomainResp::getId) @@ -255,27 +255,21 @@ public class DomainServiceImpl implements DomainService { return false; } - private boolean checkDataSeterPermission(Set orgIds, User user, DomainResp domainDesc) { - List admins = domainDesc.getAdmins(); - List viewers = domainDesc.getViewers(); - List adminOrgs = domainDesc.getAdminOrgs(); - List viewOrgs = domainDesc.getViewOrgs(); - if (user.isSuperAdmin()) { + private boolean checkViewPermission(Set orgIds, User user, DomainResp domainResp) { + if (checkAdminPermission(orgIds, user, domainResp)) { return true; } - if (admins.contains(user.getName()) - || viewers.contains(user.getName()) - || domainDesc.getCreatedBy().equals(user.getName())) { + List viewers = domainResp.getViewers(); + List viewOrgs = domainResp.getViewOrgs(); + if (domainResp.openToAll()) { return true; } - if (CollectionUtils.isEmpty(adminOrgs) && CollectionUtils.isEmpty(viewOrgs)) { + if (viewers.contains(user.getName())) { + return true; + } + if (CollectionUtils.isEmpty(viewOrgs)) { return false; } - for (String orgId : orgIds) { - if (adminOrgs.contains(orgId)) { - return true; - } - } for (String orgId : orgIds) { if (viewOrgs.contains(orgId)) { return true; diff --git a/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2ArtistDemo.java b/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2ArtistDemo.java index 06293e0b2..a38765b20 100644 --- a/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2ArtistDemo.java +++ b/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2ArtistDemo.java @@ -95,6 +95,7 @@ public class S2ArtistDemo extends S2BaseDemo { domainReq.setViewOrgs(Collections.singletonList("1")); domainReq.setAdmins(Arrays.asList("admin", "alice")); domainReq.setAdminOrgs(Collections.emptyList()); + domainReq.setIsOpen(1); return domainService.createDomain(domainReq, user); } diff --git a/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2VisitsDemo.java b/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2VisitsDemo.java index 15139196d..b86d89034 100644 --- a/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2VisitsDemo.java +++ b/launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2VisitsDemo.java @@ -180,6 +180,7 @@ public class S2VisitsDemo extends S2BaseDemo { domainReq.setStatus(StatusEnum.ONLINE.getCode()); domainReq.setViewers(Arrays.asList("admin", "tom")); domainReq.setAdmins(Arrays.asList("admin", "jack")); + domainReq.setIsOpen(1); return domainService.createDomain(domainReq, user); } @@ -484,7 +485,7 @@ public class S2VisitsDemo extends S2BaseDemo { public void addAuthGroup_1(ModelResp stayTimeModel) { AuthGroup authGroupReq = new AuthGroup(); authGroupReq.setModelId(stayTimeModel.getId()); - authGroupReq.setName("admin-permission"); + authGroupReq.setName("jack_column_permission"); List authRules = new ArrayList<>(); AuthRule authRule = new AuthRule(); diff --git a/launchers/standalone/src/main/resources/db/data-h2.sql b/launchers/standalone/src/main/resources/db/data-h2.sql index 4ab811c40..2100e17bc 100644 --- a/launchers/standalone/src/main/resources/db/data-h2.sql +++ b/launchers/standalone/src/main/resources/db/data-h2.sql @@ -3,7 +3,7 @@ MERGE INTO s2_user (id, `name`, password, salt, display_name, email, is_admin) values (1, 'admin','c3VwZXJzb25pY0BiaWNvbdktJJYWw6A3rEmBUPzbn/6DNeYnD+y3mAwDKEMS3KVT','jGl25bVBBBW96Qi9Te4V3w==','admin','admin@xx.com', 1); MERGE INTO s2_user (id, `name`, password, salt, display_name, email) values (2, 'jack','c3VwZXJzb25pY0BiaWNvbWxGalmwa0h/trkh/3CWOYMDiku0Op1VmOfESIKmN0HG','MWERWefm/3hD6kYndF6JIg==','jack','jack@xx.com'); MERGE INTO s2_user (id, `name`, password, salt, display_name, email) values (3, 'tom','c3VwZXJzb25pY0BiaWNvbVWv0CZ6HzeX8GRUpw0C8NSaQ+0hE/dAcmzRpCFwAqxK','4WCPdcXXgT89QDHLML+3hg==','tom','tom@xx.com'); -MERGE INTO s2_user (id, `name`, password, salt, display_name, email, is_admin) values (4, 'lucy','c3VwZXJzb25pY0BiaWNvbc7Ychfu99lPL7rLmCkf/vgF4RASa4Z++Mxo1qlDCpci','3Jnpqob6uDoGLP9eCAg5Fw==','lucy','lucy@xx.com', 1); +MERGE INTO s2_user (id, `name`, password, salt, display_name, email) values (4, 'lucy','c3VwZXJzb25pY0BiaWNvbc7Ychfu99lPL7rLmCkf/vgF4RASa4Z++Mxo1qlDCpci','3Jnpqob6uDoGLP9eCAg5Fw==','lucy','lucy@xx.com'); MERGE INTO s2_user (id, `name`, password, salt, display_name, email) values (5, 'alice','c3VwZXJzb25pY0BiaWNvbe9Z4F2/DVIfAJoN1HwUTuH1KgVuiusvfh7KkWYQSNHk','K9gGyX8OAK8aH8Myj6djqQ==','alice','alice@xx.com'); MERGE INTO s2_available_date_info(`id`,`item_id` ,`type` ,`date_format` ,`start_date` ,`end_date` ,`unavailable_date` ,`created_at` ,`created_by` ,`updated_at` ,`updated_by` ) diff --git a/launchers/standalone/src/test/java/com/tencent/supersonic/headless/BaseTest.java b/launchers/standalone/src/test/java/com/tencent/supersonic/headless/BaseTest.java index 8d3b13347..0cab26cfb 100644 --- a/launchers/standalone/src/test/java/com/tencent/supersonic/headless/BaseTest.java +++ b/launchers/standalone/src/test/java/com/tencent/supersonic/headless/BaseTest.java @@ -12,6 +12,8 @@ import com.tencent.supersonic.headless.api.pojo.request.QuerySqlReq; import com.tencent.supersonic.headless.api.pojo.request.QueryStructReq; import com.tencent.supersonic.headless.api.pojo.request.SemanticQueryReq; import com.tencent.supersonic.headless.api.pojo.response.SemanticQueryResp; +import com.tencent.supersonic.headless.server.persistence.dataobject.DomainDO; +import com.tencent.supersonic.headless.server.persistence.repository.DomainRepository; import com.tencent.supersonic.headless.server.service.SemanticLayerService; import com.tencent.supersonic.util.DataUtils; import org.apache.commons.collections.CollectionUtils; @@ -28,6 +30,9 @@ public class BaseTest extends BaseApplication { @Autowired protected SemanticLayerService semanticLayerService; + @Autowired + private DomainRepository domainRepository; + protected SemanticQueryResp queryBySql(String sql) throws Exception { return queryBySql(sql, User.getFakeUser()); } @@ -97,4 +102,11 @@ public class BaseTest extends BaseApplication { return queryStructReq; } + protected void setDomainNotOpenToAll() { + Long s2Domain = 1L; + DomainDO domainDO = domainRepository.getDomainById(s2Domain); + domainDO.setIsOpen(0); + domainRepository.updateDomain(domainDO); + } + } diff --git a/launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryBySqlTest.java b/launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryBySqlTest.java index aa7beac5b..307353eb3 100644 --- a/launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryBySqlTest.java +++ b/launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryBySqlTest.java @@ -1,10 +1,5 @@ package com.tencent.supersonic.headless; -import static java.time.LocalDate.now; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThrows; -import static org.junit.Assert.assertTrue; - import com.tencent.supersonic.auth.api.authentication.pojo.User; import com.tencent.supersonic.common.pojo.QueryColumn; import com.tencent.supersonic.common.pojo.exception.InvalidPermissionException; @@ -13,6 +8,11 @@ import com.tencent.supersonic.util.DataUtils; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; +import static java.time.LocalDate.now; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; + public class QueryBySqlTest extends BaseTest { @Test @@ -93,6 +93,7 @@ public class QueryBySqlTest extends BaseTest { @Test public void testAuthorization_model() { User alice = DataUtils.getUserAlice(); + setDomainNotOpenToAll(); assertThrows(InvalidPermissionException.class, () -> queryBySql("SELECT SUM(pv) FROM 超音数PVUV统计 WHERE department ='HR'", alice)); } diff --git a/launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryByStructTest.java b/launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryByStructTest.java index 3e917ff78..c7f4abe6c 100644 --- a/launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryByStructTest.java +++ b/launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryByStructTest.java @@ -103,7 +103,8 @@ public class QueryByStructTest extends BaseTest { @Test public void testAuthorization_model() { - User alice = new User(2L, "alice", "alice", "alice@email", 0); + User alice = DataUtils.getUserAlice(); + setDomainNotOpenToAll(); QueryStructReq queryStructReq1 = buildQueryStructReq(Arrays.asList("department")); assertThrows(InvalidPermissionException.class, () -> semanticLayerService.queryByReq(queryStructReq1, alice)); diff --git a/launchers/standalone/src/test/java/com/tencent/supersonic/headless/SchemaAuthTest.java b/launchers/standalone/src/test/java/com/tencent/supersonic/headless/SchemaAuthTest.java index de0e6d9a6..f7b3ee4af 100644 --- a/launchers/standalone/src/test/java/com/tencent/supersonic/headless/SchemaAuthTest.java +++ b/launchers/standalone/src/test/java/com/tencent/supersonic/headless/SchemaAuthTest.java @@ -30,6 +30,7 @@ public class SchemaAuthTest extends BaseTest { @Test public void test_getDomainList_alice() { User user = DataUtils.getUserAlice(); + setDomainNotOpenToAll(); List domainResps = domainService.getDomainListWithAdminAuth(user); List expectedDomainBizNames = Lists.newArrayList("supersonic", "visit_info", "singer", "singer_info"); Assertions.assertEquals(expectedDomainBizNames,