权限 参数校验

src/main/java/com/scbfkj/uni/api/LogAop.java

@@ -189,6 +189,41 @@ public class LogAop {
                     }
                 }
             }
+
+            if (Objects.nonNull(body) && uri.startsWith("/openApi")) {
+                List<Map<String, Object>> permission = (List<Map<String, Object>>) securityService.permission().get("returnData");
+                if (Objects.nonNull(permission)) {
+                    Optional finalServiceid = serviceid;
+                    Optional<Map<String, Object>> any = permission.stream().filter(it -> Objects.equals(it.get("serviceid"), finalServiceid.get())).findAny();
+                    if (any.isPresent()) {
+                        Map<String, Object> data = any.get();
+                        Object filterset = data.get("filterset");
+                        if (Objects.nonNull(filterset) && !filterset.toString().trim().isEmpty()) {
+                            try {
+                                List list = DataFormatUtil.objectMapper.readValue(filterset.toString(), List.class);
+                                body.put("filterLines", list);
+                            } catch (JsonProcessingException e) {
+                                throw new RuntimeException(e);
+                            }
+                        }
+                        Object selectcolumnlist = data.get("selectcolumnlist");
+                        if (Objects.nonNull(selectcolumnlist) && !selectcolumnlist.toString().trim().isEmpty()) {
+                            List list = DataFormatUtil.objectMapper.readValue(selectcolumnlist.toString(), List.class);
+                            body.put("filterColumns", list);
+                        }
+                    }
+                }
+                Map<String, Object> userInfo = RequestUtil.getUserInfo();
+                if (Objects.nonNull(userInfo)) {
+                    Object usergroupid = userInfo.get("usergroupid");
+
+//                超级管理员
+                    if (Objects.nonNull(usergroupid) && Objects.equals("0", usergroupid.toString())) {
+                        body.put("filterColumns", Collections.singletonList("*"));
+                    }
+                }
+            }
+
             returnData = (ResponseEntity<Map<String, Object>>) joinPoint.proceed(args);
 
         } catch (Throwable e) {

src/main/java/com/scbfkj/uni/library/script/DatabaseScriptUtil.java

@@ -14,10 +14,19 @@ import java.util.stream.Collectors;
 
 public class DatabaseScriptUtil {
 
+    private static final List<String> events = new ArrayList<>();
     private static final Pattern regExpression = Pattern.compile("(?<=《)([^》]+)?(?=》)");//提取书名号变量的正则表达式
     private static final Map<String, List<String>> sqlStrVarList = new HashMap<>();//SQL语句的书名号变量列表
     public static Map<String, String> sqlStrNewSQL = new HashMap<>();//SQL语句更换书名号变量后的可执行SQL
 
+    static {
+        events.add("0");
+        events.add("1");
+        events.add("2");
+        events.add("3");
+        events.add("6");
+        events.add("7");
+    }
 
     public static String getFilterLinesWhereSql(List<Map<String, Object>> filterLines) {
         if (Objects.isNull(filterLines)) filterLines = new ArrayList<>();
@@ -107,26 +116,37 @@ public class DatabaseScriptUtil {
 
 
     public static Map<String, Object> execBySql(String datasourceId, String expression, Map<String, Object> args) throws Exception {
+        Object event = args.get("event");
+        Pageable pageable = pageable(args);
+
+
+        if (Objects.isNull(event) || !StringUtils.hasText(event.toString())) {
+            throw new RuntimeException("执行编号不能为空");
+        }
+
+        event = event.toString().trim();
+
+        if (!event.equals("0")) {
+            throw new RuntimeException("执行编号只能是 ：0");
+        }
         List<Map<String, Object>> dataContent = DataFormatUtil.toList(args.get("datacontent")).stream().map(it -> ((Map<String, Object>) it)).toList();
         Object filterColumnsTemp = args.get("filterColumns");
         List<String> filterColumns = null;
         if (Objects.nonNull(filterColumnsTemp))
-            filterColumns = DataFormatUtil.toList(filterColumnsTemp).stream().map(it -> it.toString()).toList();
+            filterColumns = DataFormatUtil.toList(filterColumnsTemp).stream().map(Object::toString).toList();
         Object filterLinesTemp = args.get("filterLines");
         List<Map<String, Object>> filterLines = null;
         if (Objects.nonNull(filterLinesTemp))
             filterLines = DataFormatUtil.toList(filterLinesTemp).stream().map(it -> ((Map<String, Object>) it)).toList();
-        Object event = args.get("event");
-        Pageable pageable = pageable(args);
 
 
-        if (Objects.isNull(event) || !StringUtils.hasText(event.toString())) {
-            throw new RuntimeException("执行编号不能为空");
-        }
-        event = event.toString();
-
         if (Objects.isNull(filterColumns)) filterColumns = new ArrayList<>();
 
+        if (filterColumns.isEmpty()) {
+//            没有列权限直接返回空数据
+            return UniReturnUtil.success(new ArrayList<>());
+        }
+
         String filterLineWhereStr = getFilterLinesWhereSql(filterLines);
 
         String connectionStr = datasourceId;
@@ -163,9 +183,7 @@ public class DatabaseScriptUtil {
             whereStr = " %s and  %s".formatted(whereStr.trim().isEmpty() ? " 1=1 " : whereStr, Objects.isNull(filterLineWhereStr) ? " 1=1 " : filterLineWhereStr);
             String sql = expression.replaceAll("《whereStr》", " " + whereStr);
 
-            if (!filterColumns.isEmpty()) {
-                sql = "select %s from (%s) as T".formatted(String.join(",", filterColumns), sql);
-            }
+            sql = "select %s from (%s) as T".formatted(String.join(",", filterColumns), sql);
 
             if (pageable != null && !sql.contains(" limit ")) {
                 sql = "%s limit %d,%d ".formatted(sql, pageable.page * pageable.pageSize, pageable.pageSize);
@@ -198,6 +216,26 @@ public class DatabaseScriptUtil {
     }
 
     public static Map<String, Object> execByTableName(String datasourceId, String table, Map<String, Object> args) throws Exception {
+
+
+        if (Objects.isNull(table) || table.trim().contains(" ")) {
+            throw new RuntimeException("表名不合法: 表名不能为空");
+        }
+        String tableName = table;
+        Object event = args.get("event");
+        Pageable pageable = pageable(args);
+
+
+        if (Objects.isNull(event) || !StringUtils.hasText(event.toString())) {
+            throw new RuntimeException("执行编号不能为空");
+        }
+
+        event = event.toString().trim();
+
+        if (!events.contains(event)) {
+
+            throw new RuntimeException("执行编号只能是 ：0,1,2,3,6,7");
+        }
         List<Map<String, Object>> dataContent = DataFormatUtil.toList(args.get("datacontent")).stream().map(it -> ((Map<String, Object>) it)).toList();
         Object filterColumnsTemp = args.get("filterColumns");
         List<String> filterColumns = null;
@@ -207,14 +245,8 @@ public class DatabaseScriptUtil {
         List<Map<String, Object>> filterLines = null;
         if (Objects.nonNull(filterLinesTemp))
             filterLines = DataFormatUtil.toList(filterLinesTemp).stream().map(it -> ((Map<String, Object>) it)).toList();
-        Object event = args.get("event");
-        Pageable pageable = pageable(args);
 
 
-        if (Objects.isNull(event) || !StringUtils.hasText(event.toString())) {
-            throw new RuntimeException("执行编号不能为空");
-        }
-        event = event.toString();
         String expression = table;
 
         if (Objects.isNull(filterColumns)) filterColumns = new ArrayList<>();
@@ -232,6 +264,11 @@ public class DatabaseScriptUtil {
 
 //            查询
         if (Objects.equals("0", event)) {
+
+            if (filterColumns.isEmpty()) {
+//                列权限为空直接返回空数据
+                return UniReturnUtil.success(new ArrayList<>());
+            }
             Map<String, Object> argMap = Objects.isNull(args) || args.isEmpty() ? new HashMap<>() : dataContent.get(0);
 
             Object filter = argMap.getOrDefault("filter", argMap);
@@ -286,13 +323,60 @@ public class DatabaseScriptUtil {
                 }
             }
 
-            if (!filterColumns.isEmpty()) {
-                expression = "select %s from (%s) as T".formatted(String.join(",", filterColumns), expression);
-            }
+
+            expression = "select %s from (%s) as T".formatted(String.join(",", filterColumns), expression);
             if (pageable != null) {
                 expression = "%s limit %d,%d ".formatted(expression, pageable.page * pageable.pageSize, pageable.pageSize);
             }
             List<Map<String, Object>> result = DataBase.queryBatch(connectionStr, expression, values);
+
+//            查询关联项
+
+            List<Map<String, Object>> tableJoins = DataBase.query(Config.getCenterConnectionStr(), """
+                                        select id, sourcetable, targettable, sourcejoincolumn, targetjoincolumn, targetshowcolumns, datasourceid
+                    from tablejoin where sourcetable=?""", tableName);
+            if (!tableJoins.isEmpty()) {
+                for (Map<String, Object> tableJoin : tableJoins) {
+                    Object targettable = tableJoin.get("targettable");
+                    String sourcejoincolumn = tableJoin.get("sourcejoincolumn").toString();
+                    String targetjoincolumn = tableJoin.get("targetjoincolumn").toString();
+                    String targetshowcolumns = tableJoin.get("targetshowcolumns").toString();
+
+                    String[] split = targetshowcolumns.split(",");
+                    Map<String, String> showColumns = new HashMap<>();
+                    for (String string : split) {
+                        if (string.contains(" as ")) {
+                            String[] split1 = string.split(" as ");
+                            showColumns.put(split1[0], split1[1]);
+                        } else {
+                            showColumns.put(string, string);
+                        }
+                    }
+                    Object joinConnectionDatasourceId = tableJoin.get("datasourceid");
+
+                    String joinTableConnectionStr = connectionStr;
+                    if (Objects.nonNull(joinConnectionDatasourceId)) {
+                        joinTableConnectionStr = queryConnectionStr(joinConnectionDatasourceId.toString());
+                    }
+
+
+                    List<Map<String, Object>> targetDatas = DataBase.query(joinTableConnectionStr, "select * from %s".formatted(targettable));
+
+                    result.forEach(data -> targetDatas
+                            .stream()
+                            .filter(targetData -> Objects
+                                    .equals(data
+                                            .get(sourcejoincolumn), targetData.get(targetjoincolumn)))
+                            .findAny()
+                            .ifPresent(targetData -> {
+                                for (Map.Entry<String, String> stringStringEntry : showColumns.entrySet()) {
+                                    data.put(stringStringEntry.getValue(), targetData.get(stringStringEntry.getKey()));
+                                }
+                            })
+                    );
+                }
+            }
+
             return UniReturnUtil.success(result);
 //                更新或新增
         } else if (Objects.equals("6", event)) {

src/main/java/com/scbfkj/uni/service/SecurityService.java

@@ -488,7 +488,6 @@ public class SecurityService {
                            selected,
                            charttype,
                           triggerserviceid,
-                           null as serviceid,
                            null as insetcolumnlist,
                            null as updatecolumnlist,
                            null as selectcolumnlist,
@@ -546,7 +545,6 @@ public class SecurityService {
                            t3.selected,
                           t3.triggerserviceid,
                           t3.charttype,
-                           t1.serviceid,
                            insetcolumnlist,
                            updatecolumnlist,
                            selectcolumnlist,