(improvement)(Demo) The demo opens data query permission to new user by default (#1197)

Co-authored-by: lxwcodemonkey

headless/api/src/main/java/com/tencent/supersonic/headless/api/pojo/response/DomainResp.java

@@ -29,6 +29,10 @@ public class DomainResp extends SchemaItem {
 
     private boolean hasModel;
 
+    public boolean openToAll() {
+        return isOpen != null && isOpen == 1;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (o == null || getClass() != o.getClass()) {

headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DomainServiceImpl.java

@@ -127,7 +127,7 @@ public class DomainServiceImpl implements DomainService {
         }
         if (authTypeEnum.equals(AuthType.VISIBLE)) {
             domainWithAuth = domainResps.stream()
-                    .filter(domainResp -> checkDataSeterPermission(orgIds, user, domainResp))
+                    .filter(domainResp -> checkViewPermission(orgIds, user, domainResp))
                     .collect(Collectors.toList());
         }
         List<Long> domainIds = domainWithAuth.stream().map(DomainResp::getId)
@@ -255,27 +255,21 @@ public class DomainServiceImpl implements DomainService {
         return false;
     }
 
-    private boolean checkDataSeterPermission(Set<String> orgIds, User user, DomainResp domainDesc) {
-        List<String> admins = domainDesc.getAdmins();
-        List<String> viewers = domainDesc.getViewers();
-        List<String> adminOrgs = domainDesc.getAdminOrgs();
-        List<String> viewOrgs = domainDesc.getViewOrgs();
-        if (user.isSuperAdmin()) {
+    private boolean checkViewPermission(Set<String> orgIds, User user, DomainResp domainResp) {
+        if (checkAdminPermission(orgIds, user, domainResp)) {
             return true;
         }
-        if (admins.contains(user.getName())
-                || viewers.contains(user.getName())
-                || domainDesc.getCreatedBy().equals(user.getName())) {
+        List<String> viewers = domainResp.getViewers();
+        List<String> viewOrgs = domainResp.getViewOrgs();
+        if (domainResp.openToAll()) {
             return true;
         }
-        if (CollectionUtils.isEmpty(adminOrgs) && CollectionUtils.isEmpty(viewOrgs)) {
+        if (viewers.contains(user.getName())) {
+            return true;
+        }
+        if (CollectionUtils.isEmpty(viewOrgs)) {
             return false;
         }
-        for (String orgId : orgIds) {
-            if (adminOrgs.contains(orgId)) {
-                return true;
-            }
-        }
         for (String orgId : orgIds) {
             if (viewOrgs.contains(orgId)) {
                 return true;

launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2ArtistDemo.java

@@ -95,6 +95,7 @@ public class S2ArtistDemo extends S2BaseDemo {
         domainReq.setViewOrgs(Collections.singletonList("1"));
         domainReq.setAdmins(Arrays.asList("admin", "alice"));
         domainReq.setAdminOrgs(Collections.emptyList());
+        domainReq.setIsOpen(1);
         return domainService.createDomain(domainReq, user);
     }
 

launchers/standalone/src/main/java/com/tencent/supersonic/demo/S2VisitsDemo.java

@@ -180,6 +180,7 @@ public class S2VisitsDemo extends S2BaseDemo {
         domainReq.setStatus(StatusEnum.ONLINE.getCode());
         domainReq.setViewers(Arrays.asList("admin", "tom"));
         domainReq.setAdmins(Arrays.asList("admin", "jack"));
+        domainReq.setIsOpen(1);
         return domainService.createDomain(domainReq, user);
     }
 
@@ -484,7 +485,7 @@ public class S2VisitsDemo extends S2BaseDemo {
     public void addAuthGroup_1(ModelResp stayTimeModel) {
         AuthGroup authGroupReq = new AuthGroup();
         authGroupReq.setModelId(stayTimeModel.getId());
-        authGroupReq.setName("admin-permission");
+        authGroupReq.setName("jack_column_permission");
 
         List<AuthRule> authRules = new ArrayList<>();
         AuthRule authRule = new AuthRule();

launchers/standalone/src/main/resources/db/data-h2.sql

@@ -3,7 +3,7 @@
 MERGE INTO s2_user (id, `name`, password, salt, display_name, email, is_admin) values (1, 'admin','c3VwZXJzb25pY0BiaWNvbdktJJYWw6A3rEmBUPzbn/6DNeYnD+y3mAwDKEMS3KVT','jGl25bVBBBW96Qi9Te4V3w==','admin','admin@xx.com', 1);
 MERGE INTO s2_user (id, `name`, password, salt,  display_name, email) values (2, 'jack','c3VwZXJzb25pY0BiaWNvbWxGalmwa0h/trkh/3CWOYMDiku0Op1VmOfESIKmN0HG','MWERWefm/3hD6kYndF6JIg==','jack','jack@xx.com');
 MERGE INTO s2_user (id, `name`, password, salt,  display_name, email) values (3, 'tom','c3VwZXJzb25pY0BiaWNvbVWv0CZ6HzeX8GRUpw0C8NSaQ+0hE/dAcmzRpCFwAqxK','4WCPdcXXgT89QDHLML+3hg==','tom','tom@xx.com');
-MERGE INTO s2_user (id, `name`, password, salt,  display_name, email, is_admin) values (4, 'lucy','c3VwZXJzb25pY0BiaWNvbc7Ychfu99lPL7rLmCkf/vgF4RASa4Z++Mxo1qlDCpci','3Jnpqob6uDoGLP9eCAg5Fw==','lucy','lucy@xx.com', 1);
+MERGE INTO s2_user (id, `name`, password, salt,  display_name, email) values (4, 'lucy','c3VwZXJzb25pY0BiaWNvbc7Ychfu99lPL7rLmCkf/vgF4RASa4Z++Mxo1qlDCpci','3Jnpqob6uDoGLP9eCAg5Fw==','lucy','lucy@xx.com');
 MERGE INTO s2_user (id, `name`, password, salt,  display_name, email) values (5, 'alice','c3VwZXJzb25pY0BiaWNvbe9Z4F2/DVIfAJoN1HwUTuH1KgVuiusvfh7KkWYQSNHk','K9gGyX8OAK8aH8Myj6djqQ==','alice','alice@xx.com');
 
 MERGE INTO s2_available_date_info(`id`,`item_id` ,`type`    ,`date_format` ,`start_date`  ,`end_date` ,`unavailable_date` ,`created_at`  ,`created_by`  ,`updated_at`  ,`updated_by` )

launchers/standalone/src/test/java/com/tencent/supersonic/headless/BaseTest.java

@@ -12,6 +12,8 @@ import com.tencent.supersonic.headless.api.pojo.request.QuerySqlReq;
 import com.tencent.supersonic.headless.api.pojo.request.QueryStructReq;
 import com.tencent.supersonic.headless.api.pojo.request.SemanticQueryReq;
 import com.tencent.supersonic.headless.api.pojo.response.SemanticQueryResp;
+import com.tencent.supersonic.headless.server.persistence.dataobject.DomainDO;
+import com.tencent.supersonic.headless.server.persistence.repository.DomainRepository;
 import com.tencent.supersonic.headless.server.service.SemanticLayerService;
 import com.tencent.supersonic.util.DataUtils;
 import org.apache.commons.collections.CollectionUtils;
@@ -28,6 +30,9 @@ public class BaseTest extends BaseApplication {
     @Autowired
     protected SemanticLayerService semanticLayerService;
 
+    @Autowired
+    private DomainRepository domainRepository;
+
     protected SemanticQueryResp queryBySql(String sql) throws Exception {
         return queryBySql(sql, User.getFakeUser());
     }
@@ -97,4 +102,11 @@ public class BaseTest extends BaseApplication {
         return queryStructReq;
     }
 
+    protected void setDomainNotOpenToAll() {
+        Long s2Domain = 1L;
+        DomainDO domainDO = domainRepository.getDomainById(s2Domain);
+        domainDO.setIsOpen(0);
+        domainRepository.updateDomain(domainDO);
+    }
+
 }

launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryBySqlTest.java

@@ -1,10 +1,5 @@
 package com.tencent.supersonic.headless;
 
-import static java.time.LocalDate.now;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertThrows;
-import static org.junit.Assert.assertTrue;
-
 import com.tencent.supersonic.auth.api.authentication.pojo.User;
 import com.tencent.supersonic.common.pojo.QueryColumn;
 import com.tencent.supersonic.common.pojo.exception.InvalidPermissionException;
@@ -13,6 +8,11 @@ import com.tencent.supersonic.util.DataUtils;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
+import static java.time.LocalDate.now;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
+
 public class QueryBySqlTest extends BaseTest {
 
     @Test
@@ -93,6 +93,7 @@ public class QueryBySqlTest extends BaseTest {
     @Test
     public void testAuthorization_model() {
         User alice = DataUtils.getUserAlice();
+        setDomainNotOpenToAll();
         assertThrows(InvalidPermissionException.class,
                 () -> queryBySql("SELECT SUM(pv) FROM 超音数PVUV统计  WHERE department ='HR'", alice));
     }

launchers/standalone/src/test/java/com/tencent/supersonic/headless/QueryByStructTest.java

@@ -103,7 +103,8 @@ public class QueryByStructTest extends BaseTest {
 
     @Test
     public void testAuthorization_model() {
-        User alice = new User(2L, "alice", "alice", "alice@email", 0);
+        User alice = DataUtils.getUserAlice();
+        setDomainNotOpenToAll();
         QueryStructReq queryStructReq1 = buildQueryStructReq(Arrays.asList("department"));
         assertThrows(InvalidPermissionException.class,
                 () -> semanticLayerService.queryByReq(queryStructReq1, alice));

launchers/standalone/src/test/java/com/tencent/supersonic/headless/SchemaAuthTest.java

@@ -30,6 +30,7 @@ public class SchemaAuthTest extends BaseTest {
     @Test
     public void test_getDomainList_alice() {
         User user = DataUtils.getUserAlice();
+        setDomainNotOpenToAll();
         List<DomainResp> domainResps = domainService.getDomainListWithAdminAuth(user);
         List<String> expectedDomainBizNames = Lists.newArrayList("supersonic", "visit_info", "singer", "singer_info");
         Assertions.assertEquals(expectedDomainBizNames,