(improvement)(headless) database list not return password and update schema.sql (#744)

Co-authored-by: jolunoluo

headless/api/src/main/java/com/tencent/supersonic/headless/api/pojo/request/ViewReq.java

@@ -16,8 +16,6 @@ public class ViewReq extends SchemaItem {
 
     private String alias;
 
-    private String filterSql;
-
     private QueryConfig queryConfig;
 
     private List<String> admins;

headless/server/src/main/java/com/tencent/supersonic/headless/server/persistence/dataobject/ViewDO.java

@@ -35,8 +35,6 @@ public class ViewDO {
 
     private String updatedBy;
 
-    private String filterSql;
-
     private String queryConfig;
 
     private String admin;

headless/server/src/main/java/com/tencent/supersonic/headless/server/rest/DatabaseController.java

@@ -8,7 +8,6 @@ import com.tencent.supersonic.headless.api.pojo.response.DatabaseResp;
 import com.tencent.supersonic.headless.api.pojo.response.SemanticQueryResp;
 import com.tencent.supersonic.headless.server.pojo.DatabaseParameter;
 import com.tencent.supersonic.headless.server.service.DatabaseService;
-import java.util.Map;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -20,6 +19,7 @@ import org.springframework.web.bind.annotation.RestController;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.List;
+import java.util.Map;
 
 @RestController
 @RequestMapping("/api/semantic/database")
@@ -49,8 +49,10 @@ public class DatabaseController {
     }
 
     @GetMapping("/{id}")
-    public DatabaseResp getDatabase(@PathVariable("id") Long id) {
-        return databaseService.getDatabase(id);
+    public DatabaseResp getDatabase(@PathVariable("id") Long id, HttpServletRequest request,
+                                    HttpServletResponse response) {
+        User user = UserHolder.findUser(request, response);
+        return databaseService.getDatabase(id, user);
     }
 
     @GetMapping("/getDatabaseList")

headless/server/src/main/java/com/tencent/supersonic/headless/server/service/DatabaseService.java

@@ -15,6 +15,10 @@ public interface DatabaseService {
 
     SemanticQueryResp executeSql(String sql, Long id, User user);
 
+    DatabaseResp getDatabase(Long id, User user);
+
+    DatabaseResp getDatabase(Long id);
+
     Map<String, List<DatabaseParameter>> getDatabaseParameters();
 
     boolean testConnect(DatabaseReq databaseReq, User user);
@@ -25,8 +29,6 @@ public interface DatabaseService {
 
     void deleteDatabase(Long databaseId);
 
-    DatabaseResp getDatabase(Long id);
-
     SemanticQueryResp getDbNames(Long id);
 
     SemanticQueryResp getTables(Long id, String db);

headless/server/src/main/java/com/tencent/supersonic/headless/server/service/impl/DatabaseServiceImpl.java

@@ -1,6 +1,7 @@
 package com.tencent.supersonic.headless.server.service.impl;
 
 import com.tencent.supersonic.auth.api.authentication.pojo.User;
+import com.tencent.supersonic.common.pojo.exception.InvalidPermissionException;
 import com.tencent.supersonic.headless.api.pojo.request.DatabaseReq;
 import com.tencent.supersonic.headless.api.pojo.response.DatabaseResp;
 import com.tencent.supersonic.headless.api.pojo.response.ModelResp;
@@ -18,15 +19,16 @@ import com.tencent.supersonic.headless.server.pojo.ModelFilter;
 import com.tencent.supersonic.headless.server.service.DatabaseService;
 import com.tencent.supersonic.headless.server.service.ModelService;
 import com.tencent.supersonic.headless.server.utils.DatabaseConverter;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.stream.Collectors;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
 
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
 
 @Slf4j
 @Service
@@ -58,12 +60,12 @@ public class DatabaseServiceImpl implements DatabaseService {
             database.updatedBy(user.getName());
             DatabaseConverter.convert(database, databaseDO);
             databaseRepository.updateDatabase(databaseDO);
-            return DatabaseConverter.convert(databaseDO);
+            return DatabaseConverter.convertWithPassword(databaseDO);
         }
         database.createdBy(user.getName());
         databaseDO = DatabaseConverter.convert(database);
         databaseRepository.createDatabase(databaseDO);
-        return DatabaseConverter.convert(databaseDO);
+        return DatabaseConverter.convertWithPassword(databaseDO);
     }
 
     @Override
@@ -108,7 +110,19 @@ public class DatabaseServiceImpl implements DatabaseService {
     @Override
     public DatabaseResp getDatabase(Long id) {
         DatabaseDO databaseDO = databaseRepository.getDatabase(id);
-        return DatabaseConverter.convert(databaseDO);
+        return DatabaseConverter.convertWithPassword(databaseDO);
+    }
+
+    @Override
+    public DatabaseResp getDatabase(Long id, User user) {
+        DatabaseResp databaseResp = getDatabase(id);
+        if (!databaseResp.getAdmins().contains(user.getName())
+                && !databaseResp.getViewers().contains(user.getName())
+                && !databaseResp.getCreatedBy().equals(user.getName())) {
+            throw new InvalidPermissionException("您暂无查看该数据库详情的权限, 请联系创建人: "
+                    + databaseResp.getCreatedBy());
+        }
+        return databaseResp;
     }
 
     @Override

headless/server/src/main/java/com/tencent/supersonic/headless/server/utils/DatabaseConverter.java

@@ -63,7 +63,6 @@ public class DatabaseConverter {
         BeanUtils.copyProperties(databaseDO, databaseResp);
         ConnectInfo connectInfo = JSONObject.parseObject(databaseDO.getConfig(), ConnectInfo.class);
         databaseResp.setUrl(connectInfo.getUrl());
-        databaseResp.setPassword(connectInfo.getPassword());
         databaseResp.setUsername(connectInfo.getUserName());
         databaseResp.setDatabase(connectInfo.getDatabase());
         if (StringUtils.isNotBlank(databaseDO.getAdmin())) {
@@ -75,4 +74,11 @@ public class DatabaseConverter {
         return databaseResp;
     }
 
+    public static DatabaseResp convertWithPassword(DatabaseDO databaseDO) {
+        DatabaseResp databaseResp = convert(databaseDO);
+        ConnectInfo connectInfo = JSONObject.parseObject(databaseDO.getConfig(), ConnectInfo.class);
+        databaseResp.setPassword(connectInfo.getPassword());
+        return databaseResp;
+    }
+
 }

launchers/standalone/src/main/resources/config.update/sql-update.sql

@@ -183,7 +183,10 @@ CREATE TABLE s2_view(
     created_at  datetime,
     created_by  VARCHAR(255),
     updated_at  datetime,
-    updated_by  VARCHAR(255)
+    updated_by  VARCHAR(255),
+    query_config VARCHAR(3000),
+    `admin` varchar(3000) DEFAULT NULL,
+    `admin_org` varchar(3000) DEFAULT NULL
 )ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 
 alter table s2_plugin change column model `view` varchar(100);

launchers/standalone/src/main/resources/db/schema-h2.sql

@@ -569,7 +569,6 @@ CREATE TABLE IF NOT EXISTS `s2_view` (
     created_by  VARCHAR(255),
     updated_at  TIMESTAMP,
     updated_by  VARCHAR(255),
-    filter_sql VARCHAR(1000),
     query_config VARCHAR(3000),
     `admin` varchar(3000) DEFAULT NULL,
     `admin_org` varchar(3000) DEFAULT NULL

launchers/standalone/src/main/resources/db/schema-mysql.sql

@@ -494,7 +494,6 @@ CREATE TABLE s2_view
     created_by  VARCHAR(255),
     updated_at  datetime,
     updated_by  VARCHAR(255),
-    filter_sql VARCHAR(1000),
     query_config VARCHAR(3000),
     `admin` varchar(3000) DEFAULT NULL,
     `admin_org` varchar(3000) DEFAULT NULL