From 667b73c17f61c239b761da3bad4f1218bd5de775 Mon Sep 17 00:00:00 2001 From: longchangwen Date: Thu, 18 Feb 2021 10:40:04 +0800 Subject: [PATCH] Don't filter out Visualis-share URLs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 普通分享页特殊处理,可以不需要登录(不影响授权分享页,授权分享依旧需要登录) --- .../CurrentUserMethodArgumentResolver.java | 11 +++++++++-- .../edp/davinci/service/impl/ShareServiceImpl.java | 12 ++++++------ 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/server/src/main/java/edp/davinci/core/inteceptor/CurrentUserMethodArgumentResolver.java b/server/src/main/java/edp/davinci/core/inteceptor/CurrentUserMethodArgumentResolver.java index 087520607..d2129a02d 100644 --- a/server/src/main/java/edp/davinci/core/inteceptor/CurrentUserMethodArgumentResolver.java +++ b/server/src/main/java/edp/davinci/core/inteceptor/CurrentUserMethodArgumentResolver.java @@ -52,12 +52,19 @@ public boolean supportsParameter(MethodParameter parameter) { @Override public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) { + HttpServletRequest httpServletRequest = webRequest.getNativeRequest(HttpServletRequest.class); try { - return (User)userMapper.selectByUsername(SecurityFilter.getLoginUsername(webRequest.getNativeRequest(HttpServletRequest.class))); + return (User)userMapper.selectByUsername(SecurityFilter.getLoginUsername(httpServletRequest)); }catch (Throwable e){ log.error("Failed to get user:",e); - throw e; + // 普通分享页特殊处理,可以不需要登录(不影响授权分享页,授权分享依旧需要登录) + if (httpServletRequest != null && httpServletRequest.getRequestURI().contains("/share/")) { + log.warn("Fallback to share page User handler for {}", httpServletRequest.getRequestURI()); + return (User) webRequest.getAttribute(Consts.CURRENT_USER, RequestAttributes.SCOPE_REQUEST); + }else { + throw e; + } } } } \ No newline at end of file diff --git a/server/src/main/java/edp/davinci/service/impl/ShareServiceImpl.java b/server/src/main/java/edp/davinci/service/impl/ShareServiceImpl.java index 05786cc8c..ed456dfbd 100644 --- a/server/src/main/java/edp/davinci/service/impl/ShareServiceImpl.java +++ b/server/src/main/java/edp/davinci/service/impl/ShareServiceImpl.java @@ -181,7 +181,7 @@ public ShareWidget getShareWidget(String token, User user) throws NotFoundExcept } if (!StringUtils.isEmpty(shareInfo.getSharedUserName())) { - if (!shareInfo.getSharedUserName().equals(user.getUsername())) { + if (user == null || !shareInfo.getSharedUserName().equals(user.getUsername())) { throw new ForbiddenExecption("ERROR Permission denied"); } } @@ -216,7 +216,7 @@ public ShareDisplay getShareDisplay(String token, User user) throws NotFoundExce Display display = displayMapper.getById(displayId); if (!StringUtils.isEmpty(shareInfo.getSharedUserName())) { - if (!shareInfo.getSharedUserName().equals(user.getUsername())) { + if (user == null || !shareInfo.getSharedUserName().equals(user.getUsername())) { throw new ForbiddenExecption("ERROR Permission denied"); } } @@ -293,7 +293,7 @@ public ShareDashboard getShareDashboard(String token, User user) throws NotFound } if (!StringUtils.isEmpty(shareInfo.getSharedUserName())) { - if (!shareInfo.getSharedUserName().equals(user.getUsername())) { + if (user == null || !shareInfo.getSharedUserName().equals(user.getUsername())) { throw new ForbiddenExecption("ERROR Permission denied"); } } @@ -341,7 +341,7 @@ public Paginate> getShareData(String token, ViewExecuteParam } if (!StringUtils.isEmpty(shareInfo.getSharedUserName())) { - if (!shareInfo.getSharedUserName().equals(user.getUsername())) { + if (user == null || !shareInfo.getSharedUserName().equals(user.getUsername())) { throw new ForbiddenExecption("ERROR Permission denied"); } } @@ -433,7 +433,7 @@ public String generationShareDataCsv(ViewExecuteParam executeParam, User user, S } if (!StringUtils.isEmpty(shareInfo.getSharedUserName())) { - if (!shareInfo.getSharedUserName().equals(user.getUsername())) { + if (user == null || !shareInfo.getSharedUserName().equals(user.getUsername())) { throw new ForbiddenExecption("ERROR Permission denied"); } } @@ -496,7 +496,7 @@ public ResultMap getDistinctValue(String token, Long viewId, DistinctParam param } if (!StringUtils.isEmpty(shareInfo.getSharedUserName())) { - if (!shareInfo.getSharedUserName().equals(user.getUsername())) { + if (user == null || !shareInfo.getSharedUserName().equals(user.getUsername())) { resultFail(user, request, HttpCodeEnum.FORBIDDEN).message("ERROR Permission denied"); } }