bugfix: share api bug fix

tianlu-root · tianlu-root · commit 763734b7ea68 · 2022-03-31T13:07:25.000+08:00
diff --git a/server/src/main/java/datart/server/service/impl/ShareServiceImpl.java b/server/src/main/java/datart/server/service/impl/ShareServiceImpl.java
@@ -203,7 +203,8 @@ public ShareVizDetail getShareViz(ShareToken shareToken) {
 
     @Override
     public Dataframe execute(ShareToken shareToken, ViewExecuteParam executeParam) throws Exception {
-        validateExecutePermission(shareToken.getAuthorizedToken(), executeParam);
+        ShareAuthorizedToken shareAuthorizedToken = validateExecutePermission(shareToken.getAuthorizedToken(), executeParam);
+        getSecurityManager().runAs(shareAuthorizedToken.getPermissionBy());
         return dataProviderService.execute(executeParam, false);
     }
 
@@ -332,14 +333,15 @@ public boolean update(BaseUpdateParam updateParam) {
         return 1 == shareMapper.updateByPrimaryKey(update);
     }
 
-    private void validateExecutePermission(String authorizedToken, ViewExecuteParam executeParam) {
+    private ShareAuthorizedToken validateExecutePermission(String authorizedToken, ViewExecuteParam executeParam) {
         if (StringUtils.isBlank(authorizedToken)) {
             Exceptions.tr(PermissionDeniedException.class, "message.provider.execute.permission.denied");
         }
         ShareAuthorizedToken shareAuthorizedToken = AESUtil.decrypt(authorizedToken, Application.getTokenSecret(), ShareAuthorizedToken.class);
         if (!ResourceType.VIEW.equals(shareAuthorizedToken.getVizType()) || !shareAuthorizedToken.getVizId().equals(executeParam.getViewId())) {
             Exceptions.tr(PermissionDeniedException.class, "message.provider.execute.permission.denied");
         }
+        return shareAuthorizedToken;
     }
 
     private void validateExpiration(ShareAuthorizedToken share) {

Original file line number	Diff line number	Diff line change
`@@ -203,7 +203,8 @@ public ShareVizDetail getShareViz(ShareToken shareToken) {`
`203`	`203`
`204`	`204`	`@Override`
`205`	`205`	`public Dataframe execute(ShareToken shareToken, ViewExecuteParam executeParam) throws Exception {`
`206`		`- validateExecutePermission(shareToken.getAuthorizedToken(), executeParam);`
	`206`	`+ ShareAuthorizedToken shareAuthorizedToken = validateExecutePermission(shareToken.getAuthorizedToken(), executeParam);`
	`207`	`+ getSecurityManager().runAs(shareAuthorizedToken.getPermissionBy());`
`207`	`208`	`return dataProviderService.execute(executeParam, false);`
`208`	`209`	`}`
`209`	`210`
`@@ -332,14 +333,15 @@ public boolean update(BaseUpdateParam updateParam) {`
`332`	`333`	`return 1 == shareMapper.updateByPrimaryKey(update);`
`333`	`334`	`}`
`334`	`335`
`335`		`- private void validateExecutePermission(String authorizedToken, ViewExecuteParam executeParam) {`
	`336`	`+ private ShareAuthorizedToken validateExecutePermission(String authorizedToken, ViewExecuteParam executeParam) {`
`336`	`337`	`if (StringUtils.isBlank(authorizedToken)) {`
`337`	`338`	`Exceptions.tr(PermissionDeniedException.class, "message.provider.execute.permission.denied");`
`338`	`339`	`}`
`339`	`340`	`ShareAuthorizedToken shareAuthorizedToken = AESUtil.decrypt(authorizedToken, Application.getTokenSecret(), ShareAuthorizedToken.class);`
`340`	`341`	`if (!ResourceType.VIEW.equals(shareAuthorizedToken.getVizType()) \|\| !shareAuthorizedToken.getVizId().equals(executeParam.getViewId())) {`
`341`	`342`	`Exceptions.tr(PermissionDeniedException.class, "message.provider.execute.permission.denied");`
`342`	`343`	`}`
	`344`	`+ return shareAuthorizedToken;`
`343`	`345`	`}`
`344`	`346`
`345`	`347`	`private void validateExpiration(ShareAuthorizedToken share) {`