From b555beae21a1c2f498063a13148e0692a4157598 Mon Sep 17 00:00:00 2001
From: LXW <1264174498@qq.com>
Date: Fri, 23 Feb 2024 18:41:19 +0800
Subject: [PATCH] (improvement)(headless) database list not return password and
 update schema.sql (#744)

Co-authored-by: jolunoluo
---
 .../headless/api/pojo/request/ViewReq.java    |  2 --
 .../server/persistence/dataobject/ViewDO.java |  2 --
 .../server/rest/DatabaseController.java       |  8 ++++--
 .../server/service/DatabaseService.java       |  6 ++--
 .../service/impl/DatabaseServiceImpl.java     | 28 ++++++++++++++-----
 .../server/utils/DatabaseConverter.java       |  8 +++++-
 .../resources/config.update/sql-update.sql    |  5 +++-
 .../src/main/resources/db/schema-h2.sql       |  1 -
 .../src/main/resources/db/schema-mysql.sql    |  1 -
 9 files changed, 41 insertions(+), 20 deletions(-)

diff --git a/headless/api/src/main/java/com/tencent/supersonic/headless/api/pojo/request/ViewReq.java b/headless/api/src/main/java/com/tencent/supersonic/headless/api/pojo/request/ViewReq.java
index 09e4fb81a..c59a15293 100644
--- a/headless/api/src/main/java/com/tencent/supersonic/headless/api/pojo/request/ViewReq.java
+++ b/headless/api/src/main/java/com/tencent/supersonic/headless/api/pojo/request/ViewReq.java
@@ -16,8 +16,6 @@ public class ViewReq extends SchemaItem {
 
     private String alias;
 
-    private String filterSql;
-
     private QueryConfig queryConfig;
 
     private List<String> admins;
diff --git a/headless/server/src/main/java/com/tencent/supersonic/headless/server/persistence/dataobject/ViewDO.java b/headless/server/src/main/java/com/tencent/supersonic/headless/server/persistence/dataobject/ViewDO.java
index ef98e816f..37646f512 100644
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/persistence/dataobject/ViewDO.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/persistence/dataobject/ViewDO.java
@@ -35,8 +35,6 @@ public class ViewDO {
 
     private String updatedBy;
 
-    private String filterSql;
-
     private String queryConfig;
 
     private String admin;
diff --git a/headless/server/src/main/java/com/tencent/supersonic/headless/server/rest/DatabaseController.java b/headless/server/src/main/java/com/tencent/supersonic/headless/server/rest/DatabaseController.java
index 8a28c2c74..8e3211357 100644
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/rest/DatabaseController.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/rest/DatabaseController.java
@@ -8,7 +8,6 @@ import com.tencent.supersonic.headless.api.pojo.response.DatabaseResp;
 import com.tencent.supersonic.headless.api.pojo.response.SemanticQueryResp;
 import com.tencent.supersonic.headless.server.pojo.DatabaseParameter;
 import com.tencent.supersonic.headless.server.service.DatabaseService;
-import java.util.Map;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -20,6 +19,7 @@ import org.springframework.web.bind.annotation.RestController;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.List;
+import java.util.Map;
 
 @RestController
 @RequestMapping("/api/semantic/database")
@@ -49,8 +49,10 @@ public class DatabaseController {
     }
 
     @GetMapping("/{id}")
-    public DatabaseResp getDatabase(@PathVariable("id") Long id) {
-        return databaseService.getDatabase(id);
+    public DatabaseResp getDatabase(@PathVariable("id") Long id, HttpServletRequest request,
+                                    HttpServletResponse response) {
+        User user = UserHolder.findUser(request, response);
+        return databaseService.getDatabase(id, user);
     }
 
     @GetMapping("/getDatabaseList")
diff --git a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/DatabaseService.java b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/DatabaseService.java
index b255d50eb..99a1f3d97 100644
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/DatabaseService.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/DatabaseService.java
@@ -15,6 +15,10 @@ public interface DatabaseService {
 
     SemanticQueryResp executeSql(String sql, Long id, User user);
 
+    DatabaseResp getDatabase(Long id, User user);
+
+    DatabaseResp getDatabase(Long id);
+
     Map<String, List<DatabaseParameter>> getDatabaseParameters();
 
     boolean testConnect(DatabaseReq databaseReq, User user);
@@ -25,8 +29,6 @@ public interface DatabaseService {
 
     void deleteDatabase(Long databaseId);
 
-    DatabaseResp getDatabase(Long id);
-
     SemanticQueryResp getDbNames(Long id);
 
     SemanticQueryResp getTables(Long id, String db);
diff --git a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DatabaseServiceImpl.java b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DatabaseServiceImpl.java
index 910633085..1854434d8 100644
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DatabaseServiceImpl.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DatabaseServiceImpl.java
@@ -1,6 +1,7 @@
 package com.tencent.supersonic.headless.server.service.impl;
 
 import com.tencent.supersonic.auth.api.authentication.pojo.User;
+import com.tencent.supersonic.common.pojo.exception.InvalidPermissionException;
 import com.tencent.supersonic.headless.api.pojo.request.DatabaseReq;
 import com.tencent.supersonic.headless.api.pojo.response.DatabaseResp;
 import com.tencent.supersonic.headless.api.pojo.response.ModelResp;
@@ -18,15 +19,16 @@ import com.tencent.supersonic.headless.server.pojo.ModelFilter;
 import com.tencent.supersonic.headless.server.service.DatabaseService;
 import com.tencent.supersonic.headless.server.service.ModelService;
 import com.tencent.supersonic.headless.server.utils.DatabaseConverter;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.stream.Collectors;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
 
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
 
 @Slf4j
 @Service
@@ -58,12 +60,12 @@ public class DatabaseServiceImpl implements DatabaseService {
             database.updatedBy(user.getName());
             DatabaseConverter.convert(database, databaseDO);
             databaseRepository.updateDatabase(databaseDO);
-            return DatabaseConverter.convert(databaseDO);
+            return DatabaseConverter.convertWithPassword(databaseDO);
         }
         database.createdBy(user.getName());
         databaseDO = DatabaseConverter.convert(database);
         databaseRepository.createDatabase(databaseDO);
-        return DatabaseConverter.convert(databaseDO);
+        return DatabaseConverter.convertWithPassword(databaseDO);
     }
 
     @Override
@@ -108,7 +110,19 @@ public class DatabaseServiceImpl implements DatabaseService {
     @Override
     public DatabaseResp getDatabase(Long id) {
         DatabaseDO databaseDO = databaseRepository.getDatabase(id);
-        return DatabaseConverter.convert(databaseDO);
+        return DatabaseConverter.convertWithPassword(databaseDO);
+    }
+
+    @Override
+    public DatabaseResp getDatabase(Long id, User user) {
+        DatabaseResp databaseResp = getDatabase(id);
+        if (!databaseResp.getAdmins().contains(user.getName())
+                && !databaseResp.getViewers().contains(user.getName())
+                && !databaseResp.getCreatedBy().equals(user.getName())) {
+            throw new InvalidPermissionException("您暂无查看该数据库详情的权限, 请联系创建人: "
+                    + databaseResp.getCreatedBy());
+        }
+        return databaseResp;
     }
 
     @Override
diff --git a/headless/server/src/main/java/com/tencent/supersonic/headless/server/utils/DatabaseConverter.java b/headless/server/src/main/java/com/tencent/supersonic/headless/server/utils/DatabaseConverter.java
index 047e30c5d..064880845 100644
--- a/headless/server/src/main/java/com/tencent/supersonic/headless/server/utils/DatabaseConverter.java
+++ b/headless/server/src/main/java/com/tencent/supersonic/headless/server/utils/DatabaseConverter.java
@@ -63,7 +63,6 @@ public class DatabaseConverter {
         BeanUtils.copyProperties(databaseDO, databaseResp);
         ConnectInfo connectInfo = JSONObject.parseObject(databaseDO.getConfig(), ConnectInfo.class);
         databaseResp.setUrl(connectInfo.getUrl());
-        databaseResp.setPassword(connectInfo.getPassword());
         databaseResp.setUsername(connectInfo.getUserName());
         databaseResp.setDatabase(connectInfo.getDatabase());
         if (StringUtils.isNotBlank(databaseDO.getAdmin())) {
@@ -75,4 +74,11 @@ public class DatabaseConverter {
         return databaseResp;
     }
 
+    public static DatabaseResp convertWithPassword(DatabaseDO databaseDO) {
+        DatabaseResp databaseResp = convert(databaseDO);
+        ConnectInfo connectInfo = JSONObject.parseObject(databaseDO.getConfig(), ConnectInfo.class);
+        databaseResp.setPassword(connectInfo.getPassword());
+        return databaseResp;
+    }
+
 }
diff --git a/launchers/standalone/src/main/resources/config.update/sql-update.sql b/launchers/standalone/src/main/resources/config.update/sql-update.sql
index fffd78699..865e3735e 100644
--- a/launchers/standalone/src/main/resources/config.update/sql-update.sql
+++ b/launchers/standalone/src/main/resources/config.update/sql-update.sql
@@ -183,7 +183,10 @@ CREATE TABLE s2_view(
     created_at  datetime,
     created_by  VARCHAR(255),
     updated_at  datetime,
-    updated_by  VARCHAR(255)
+    updated_by  VARCHAR(255),
+    query_config VARCHAR(3000),
+    `admin` varchar(3000) DEFAULT NULL,
+    `admin_org` varchar(3000) DEFAULT NULL
 )ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
 alter table s2_plugin change column model `view` varchar(100);
diff --git a/launchers/standalone/src/main/resources/db/schema-h2.sql b/launchers/standalone/src/main/resources/db/schema-h2.sql
index b9558f453..da180da0e 100644
--- a/launchers/standalone/src/main/resources/db/schema-h2.sql
+++ b/launchers/standalone/src/main/resources/db/schema-h2.sql
@@ -569,7 +569,6 @@ CREATE TABLE IF NOT EXISTS `s2_view` (
     created_by  VARCHAR(255),
     updated_at  TIMESTAMP,
     updated_by  VARCHAR(255),
-    filter_sql VARCHAR(1000),
     query_config VARCHAR(3000),
     `admin` varchar(3000) DEFAULT NULL,
     `admin_org` varchar(3000) DEFAULT NULL
diff --git a/launchers/standalone/src/main/resources/db/schema-mysql.sql b/launchers/standalone/src/main/resources/db/schema-mysql.sql
index 76cc578f2..614d6c9a5 100644
--- a/launchers/standalone/src/main/resources/db/schema-mysql.sql
+++ b/launchers/standalone/src/main/resources/db/schema-mysql.sql
@@ -494,7 +494,6 @@ CREATE TABLE s2_view
     created_by  VARCHAR(255),
     updated_at  datetime,
     updated_by  VARCHAR(255),
-    filter_sql VARCHAR(1000),
     query_config VARCHAR(3000),
     `admin` varchar(3000) DEFAULT NULL,
     `admin_org` varchar(3000) DEFAULT NULL