Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

没有查询权限时,增加申请链接 #904

Merged
merged 5 commits into from
Oct 14, 2020
Merged

没有查询权限时,增加申请链接 #904

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
dc3a3f6
没有查询权限时,增加申请链接
dongqianzheng Oct 9, 2020
2a43b82
没有查询权限时,增加申请链接
dongqianzheng Oct 9, 2020
d37dee0
没有查询权限时,增加申请链接
dongqianzheng Oct 9, 2020
a42de08
修改测试用例
dongqianzheng Oct 14, 2020
98bce19
Merge branch 'master' into master
dongqianzheng Oct 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion sql/query.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ def query(request):
limit_num = priv_check_info['data']['limit_num']
priv_check = priv_check_info['data']['priv_check']
else:
result['status'] = 1
result['status'] = priv_check_info['status']
result['msg'] = priv_check_info['msg']
return HttpResponse(json.dumps(result), content_type='application/json')
# explain的limit_num设置为0
Expand Down
6 changes: 4 additions & 2 deletions sql/query_privileges.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,8 @@ def query_priv_check(user, instance, db_name, sql_content, limit_num):
# 既无库权限也无表权限则鉴权失败
if not _db_priv(user, instance, table['schema']) and \
not _tb_priv(user, instance, table['schema'], table['name']):
result['status'] = 1
# 没有库表查询权限时的staus为2
result['status'] = 2
hhyo marked this conversation as resolved.
Show resolved Hide resolved
result['msg'] = f"你无{table['schema']}.{table['name']}表的查询权限!请先到查询权限管理进行申请"
return result
# 获取查询涉及库/表权限的最小limit限制,和前端传参作对比,取最小值
Expand All @@ -99,7 +100,8 @@ def query_priv_check(user, instance, db_name, sql_content, limit_num):
# 校验库权限,无库权限直接返回
for db_name in dbs:
if not _db_priv(user, instance, db_name):
result['status'] = 1
# 没有库表查询权限时的staus为2
result['status'] = 2
result['msg'] = f"你无{db_name}数据库的查询权限!请先到查询权限管理进行申请"
return result
# 有所有库权限则获取最小limit值
Expand Down
10 changes: 9 additions & 1 deletion sql/templates/sqlquery.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -835,7 +835,15 @@ <h4 class="modal-title text-danger">收藏语句</h4>
escape: false,
columns: [{
field: 'error',
title: 'Error'
title: 'Error',
formatter: function (value, row, index) {
//staus为2的时候,增加申请链接
if (data.status === 2) {
return value + "<a href=\"/queryapplylist/\">" + "(提交申请)" + "</a>"
} else {
return value
}
}
}],
data: [{
error: data.msg
Expand Down
4 changes: 2 additions & 2 deletions sql/tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -553,7 +553,7 @@ def test_query_priv_check_no_priv(self, __db_priv, __tb_priv, __table_ref):
instance=self.slave, db_name=self.db_name,
sql_content="select * from archery.sql_users;",
limit_num=100)
self.assertDictEqual(r, {'status': 1, 'msg': '你无archery.sql_users表的查询权限!请先到查询权限管理进行申请',
self.assertDictEqual(r, {'status': 2, 'msg': '你无archery.sql_users表的查询权限!请先到查询权限管理进行申请',
'data': {'priv_check': True, 'limit_num': 0}})

@patch('sql.query_privileges._table_ref', return_value=[{'schema': 'archery', 'name': 'sql_users'}])
Expand Down Expand Up @@ -630,7 +630,7 @@ def test_query_priv_check_not_mysql_db_priv_not_exist(self, __db_priv):
limit_num=100)
self.assertDictEqual(r, {'data': {'limit_num': 0, 'priv_check': True},
'msg': '你无archery数据库的查询权限!请先到查询权限管理进行申请',
'status': 1})
'status': 2})


class TestQueryPrivilegesApply(TestCase):
Expand Down