bugfix: share permission bugfix

Author: tianlu-root

security/src/main/java/datart/security/manager/PermissionDataCache.java

@@ -104,6 +104,7 @@ public void setAuthenticationInfo(SimpleAuthenticationInfo authenticationInfo) {
 
     public void clear() {
         threadScope.clear();
+        requestScope.clear();
     }
 
 }

security/src/main/java/datart/security/manager/RequestScopePermissionDataCache.java

@@ -48,4 +48,11 @@ public Boolean getCachedPermission(Permission permission) {
     public void setPermissionCache(Permission permission, Boolean permitted) {
         permissionCache.put(permission, permitted);
     }
+
+    public void clear() {
+        authorizationInfo = null;
+        authenticationInfo = null;
+        currentOrg = null;
+        permissionCache.clear();
+    }
 }

security/src/main/java/datart/security/manager/shiro/ShiroSecurityManager.java

@@ -69,7 +69,7 @@ public ShiroSecurityManager(MessageResolver messageResolver,
 
     @Override
     public void login(PasswordToken token) throws RuntimeException {
-
+        logoutCurrent();
         User user = userMapper.selectByNameOrEmail(token.getSubject());
         if (user == null) {
             Exceptions.tr(BaseException.class, "login.fail");
@@ -98,6 +98,7 @@ public boolean validateUser(String username, String password) throws AuthExcepti
 
     @Override
     public String login(String jwtToken) throws AuthException {
+        logoutCurrent();
         PasswordToken passwordToken = JwtUtils.toPasswordToken(jwtToken);
         if (!JwtUtils.validTimeout(passwordToken)) {
             Exceptions.tr(AuthException.class, "login.session.timeout");
@@ -118,7 +119,9 @@ public String login(String jwtToken) throws AuthException {
     public void logoutCurrent() {
         permissionDataCache.clear();
         Subject subject = SecurityUtils.getSubject();
-        subject.logout();
+        if (subject != null) {
+            subject.logout();
+        }
     }
 
     @Override
@@ -256,7 +259,7 @@ public void runAs(String userNameOrEmail) {
 
     @Override
     public void releaseRunAs() {
-        SecurityUtils.getSubject().releaseRunAs();
+        logoutCurrent();
     }
 
 

server/src/main/java/datart/server/base/params/ShareAuthorizedToken.java

@@ -27,6 +27,8 @@
 @Data
 public class ShareAuthorizedToken {
 
+    private String createBy;
+
     private String permissionBy;
 
     @NotNull

server/src/main/java/datart/server/config/interceptor/LoginInterceptor.java

@@ -21,7 +21,6 @@
 import datart.core.base.annotations.SkipLogin;
 import datart.core.base.consts.Const;
 import datart.core.base.exception.Exceptions;
-import datart.core.common.MessageResolver;
 import datart.core.common.RequestContext;
 import datart.security.exception.AuthException;
 import datart.security.manager.DatartSecurityManager;
@@ -48,17 +47,26 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
         if (!(handler instanceof HandlerMethod)) {
             return true;
         }
+        Exception loginException = null;
+        String token = request.getHeader(Const.TOKEN);
+        if (token != null) {
+            try {
+                token = securityManager.login(token);
+                response.setHeader(Const.TOKEN, token);
+                return securityManager.isAuthenticated();
+            } catch (Exception e) {
+                loginException = e;
+            }
+        }
         HandlerMethod handlerMethod = (HandlerMethod) handler;
         if (handlerMethod.getMethodAnnotation(SkipLogin.class) != null) {
             return true;
         }
-        String token = request.getHeader(Const.TOKEN);
-        if (token == null) {
-            Exceptions.tr(AuthException.class, "login.not-login");
+        if (loginException != null) {
+            throw loginException;
         }
-        token = securityManager.login(token);
-        response.setHeader(Const.TOKEN, token);
-        return securityManager.isAuthenticated();
+        Exceptions.tr(AuthException.class, "login.not-login");
+        return false;
     }
 
     @Override

server/src/main/java/datart/server/controller/ShareController.java

@@ -58,11 +58,11 @@ public ResponseData<ShareToken> create(@Validated @RequestBody ShareCreateParam
 
     @ApiOperation(value = "update a share")
     @PutMapping(value = "{shareId}")
-    public ResponseData<Boolean> update(
+    public ResponseData<ShareInfo> update(
             @PathVariable String shareId,
             @Validated @RequestBody ShareUpdateParam updateParam) {
         updateParam.setId(shareId);
-        return ResponseData.success(shareService.update(updateParam));
+        return ResponseData.success(shareService.updateShare(updateParam));
     }
 
     @ApiOperation(value = "delete a share")

server/src/main/java/datart/server/service/ShareService.java

@@ -15,6 +15,8 @@ public interface ShareService extends BaseCRUDService<Share, ShareMapperExt> {
 
     ShareToken createShare(String shareUser, ShareCreateParam createParam);
 
+    ShareInfo updateShare(ShareUpdateParam updateParam);
+
     List<ShareInfo> listShare(String vizId);
 
     ShareVizDetail getShareViz(ShareToken shareToken);

server/src/main/java/datart/server/service/impl/ShareServiceImpl.java

@@ -149,6 +149,49 @@ public ShareToken createShare(String shareUser, ShareCreateParam createParam) {
         return shareToken;
     }
 
+    @Override
+    public ShareInfo updateShare(ShareUpdateParam updateParam) {
+        Share retrieve = retrieve(updateParam.getId());
+        requirePermission(retrieve, Const.MANAGE);
+
+        Share update = new Share();
+        BeanUtils.copyProperties(updateParam, update);
+        if (updateParam.getRowPermissionBy() != null) {
+            update.setRowPermissionBy(updateParam.getRowPermissionBy().name());
+        } else {
+            update.setRowPermissionBy(ShareRowPermissionBy.CREATOR.name());
+        }
+        update.setAuthenticationMode(updateParam.getAuthenticationMode().name());
+
+        Set<String> roleIds = new HashSet<>();
+        if (!CollectionUtils.isEmpty(updateParam.getRoles())) {
+            for (String role : updateParam.getRoles()) {
+                roleIds.add('r' + role);
+            }
+        }
+        if (!CollectionUtils.isEmpty(updateParam.getUsers())) {
+            for (String user : updateParam.getUsers()) {
+                Role role = roleService.getPerUserRole(retrieve.getOrgId(), user);
+                roleIds.add('u' + role.getId());
+            }
+        }
+
+        if (ShareAuthenticationMode.CODE.equals(updateParam.getAuthenticationMode())) {
+            update.setAuthenticationCode(SecurityUtils.randomPassword());
+        }
+
+        update.setRoles(JSON.toJSONString(roleIds));
+        update.setUpdateBy(getCurrentUser().getId());
+        update.setUpdateTime(new Date());
+        shareMapper.updateByPrimaryKeySelective(update);
+
+        ShareInfo shareInfo = new ShareInfo();
+        BeanUtils.copyProperties(update, shareInfo);
+        shareInfo.setId(update.getId());
+        shareInfo.setAuthenticationMode(updateParam.getAuthenticationMode());
+        return shareInfo;
+    }
+
     @Override
     public List<ShareInfo> listShare(String vizId) {
         List<Share> shares = shareMapper.selectByViz(vizId);
@@ -246,7 +289,9 @@ public Download download(ShareToken shareToken, String downloadId) {
 
     private ShareVizDetail getVizDetail(ShareAuthorizedToken authorizedToken) {
 
-        getSecurityManager().runAs(authorizedToken.getPermissionBy());
+        User user = userMapperExt.selectByPrimaryKey(authorizedToken.getCreateBy());
+
+        getSecurityManager().runAs(user.getUsername());
 
         ShareVizDetail shareVizDetail = new ShareVizDetail();
 
@@ -304,35 +349,6 @@ private ShareVizDetail getVizDetail(ShareAuthorizedToken authorizedToken) {
         return shareVizDetail;
     }
 
-    @Override
-    public boolean update(BaseUpdateParam updateParam) {
-        Share retrieve = retrieve(updateParam.getId());
-        requirePermission(retrieve, Const.MANAGE);
-
-        ShareUpdateParam shareUpdateParam = (ShareUpdateParam) updateParam;
-        Share update = new Share();
-        BeanUtils.copyProperties(shareUpdateParam, update);
-        update.setRowPermissionBy(shareUpdateParam.getRowPermissionBy().name());
-        update.setAuthenticationMode(shareUpdateParam.getAuthenticationMode().name());
-
-        Set<String> roleIds = new HashSet<>();
-        if (!CollectionUtils.isEmpty(shareUpdateParam.getRoles())) {
-            for (String role : shareUpdateParam.getRoles()) {
-                roleIds.add('r' + role);
-            }
-        }
-        if (!CollectionUtils.isEmpty(shareUpdateParam.getUsers())) {
-            for (String user : shareUpdateParam.getUsers()) {
-                Role role = roleService.getPerUserRole(retrieve.getOrgId(), user);
-                roleIds.add('u' + role.getId());
-            }
-        }
-        update.setRoles(JSON.toJSONString(roleIds));
-        update.setUpdateBy(getCurrentUser().getId());
-        update.setUpdateTime(new Date());
-        return 1 == shareMapper.updateByPrimaryKeySelective(update);
-    }
-
     private ShareAuthorizedToken validateExecutePermission(String authorizedToken, ViewExecuteParam executeParam) {
         if (StringUtils.isBlank(authorizedToken)) {
             Exceptions.tr(PermissionDeniedException.class, "message.provider.execute.permission.denied");
@@ -361,7 +377,6 @@ private void authenticationShare(Share share, ShareToken shareToken) {
                 }
                 break;
             case LOGIN:
-
                 // 验证用户是否存在
                 User user = null;
                 if (StringUtils.isBlank(shareToken.getUsername())) {