Add logic for verifying connection permissions

chat2db-server/chat2db-server-domain/chat2db-server-domain-core/src/main/java/ai/chat2db/server/domain/core/impl/DataSourceAccessBusinessServiceImpl.java

@@ -0,0 +1,65 @@
+package ai.chat2db.server.domain.core.impl;
+
+import ai.chat2db.server.domain.api.enums.AccessObjectTypeEnum;
+import ai.chat2db.server.domain.api.enums.RoleCodeEnum;
+import ai.chat2db.server.domain.api.param.datasource.access.DataSourceAccessPageQueryParam;
+import ai.chat2db.server.domain.api.service.DataSourceAccessBusinessService;
+import ai.chat2db.server.domain.api.service.DataSourceAccessService;
+import ai.chat2db.server.domain.repository.mapper.DataSourceAccessCustomMapper;
+import ai.chat2db.server.tools.base.wrapper.result.ActionResult;
+import ai.chat2db.server.tools.common.exception.PermissionDeniedBusinessException;
+import ai.chat2db.server.tools.common.model.LoginUser;
+import ai.chat2db.server.tools.common.util.ContextUtils;
+import jakarta.annotation.Resource;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+/**
+ * Data Source Access
+ *
+ * @author Jiaju Zhuang
+ */
+@Slf4j
+@Service
+public class DataSourceAccessBusinessServiceImpl implements DataSourceAccessBusinessService {
+
+    @Resource
+    private DataSourceAccessService dataSourceAccessService;
+    @Resource
+    private DataSourceAccessCustomMapper dataSourceAccessCustomMapper;
+
+    @Override
+    public ActionResult checkPermission(Long dataSourceId) {
+        LoginUser loginUser = ContextUtils.getLoginUser();
+        // Representative is desktop mode
+        if (RoleCodeEnum.DESKTOP.getDefaultUserId().equals(loginUser.getId())) {
+            if (RoleCodeEnum.DESKTOP.getDefaultUserId().equals(dataSourceId)) {
+                return ActionResult.isSuccess();
+            } else {
+                throw new PermissionDeniedBusinessException();
+            }
+        }
+
+        // Administrators can edit anything
+        if (loginUser.getAdmin()) {
+            return ActionResult.isSuccess();
+        }
+
+        // Verify if user have permission
+        DataSourceAccessPageQueryParam dataSourceAccessPageQueryParam = new DataSourceAccessPageQueryParam();
+        dataSourceAccessPageQueryParam.setDataSourceId(dataSourceId);
+        dataSourceAccessPageQueryParam.setAccessObjectType(AccessObjectTypeEnum.USER.getCode());
+        dataSourceAccessPageQueryParam.setAccessObjectId(loginUser.getId());
+        dataSourceAccessPageQueryParam.queryOne();
+        if (dataSourceAccessService.pageQuery(dataSourceAccessPageQueryParam, null).hasData()) {
+            return ActionResult.isSuccess();
+        }
+
+        // Verify if the team has permission
+        if (dataSourceAccessCustomMapper.checkTeamPermission(dataSourceId, loginUser.getId()) != null) {
+            return ActionResult.isSuccess();
+
+        }
+        throw new PermissionDeniedBusinessException();
+    }
+}

chat2db-server/chat2db-server-domain/chat2db-server-domain-core/src/main/java/ai/chat2db/server/domain/core/impl/DataSourceServiceImpl.java

@@ -117,7 +117,7 @@ public class DataSourceServiceImpl implements DataSourceService {
     @Override
     public ActionResult updateWithPermission(DataSourceUpdateParam param) {
         DataSource dataSource = queryExistent(param.getId()).getData();
-        PermissionUtils.checkPermission(dataSource.getUserId());
+        PermissionUtils.checkOperationPermission(dataSource.getUserId());
 
         DataSourceDO dataSourceDO = dataSourceConverter.param2do(param);
         dataSourceDO.setGmtModified(LocalDateTime.now());
@@ -129,7 +129,7 @@ public class DataSourceServiceImpl implements DataSourceService {
     public ActionResult deleteWithPermission(Long id) {
 
         DataSource dataSource = queryExistent(id).getData();
-        PermissionUtils.checkPermission(dataSource.getUserId());
+        PermissionUtils.checkOperationPermission(dataSource.getUserId());
 
         dataSourceMapper.deleteById(id);
         return ActionResult.isSuccess();
@@ -153,7 +153,7 @@ public class DataSourceServiceImpl implements DataSourceService {
     @Override
     public DataResult<Long> copyByIdWithPermission(Long id) {
         DataSource dataSource = queryExistent(id).getData();
-        PermissionUtils.checkPermission(dataSource.getUserId());
+        PermissionUtils.checkOperationPermission(dataSource.getUserId());
 
         DataSourceDO dataSourceDO = dataSourceMapper.selectById(id);
         dataSourceDO.setId(null);

chat2db-server/chat2db-server-domain/chat2db-server-domain-core/src/main/java/ai/chat2db/server/domain/core/util/PermissionUtils.java

@@ -17,7 +17,7 @@ public class PermissionUtils {
      *
      * @param createUserId The creator of the current content
      */
-    public static void checkPermission(Long createUserId) {
+    public static void checkOperationPermission(Long createUserId) {
         LoginUser loginUser = ContextUtils.getLoginUser();
         // Representative is desktop mode
         if (RoleCodeEnum.DESKTOP.getDefaultUserId().equals(loginUser.getId())) {
@@ -36,4 +36,24 @@ public class PermissionUtils {
             throw new PermissionDeniedBusinessException();
         }
     }
+
+    /**
+     * 校验是否有查询权限
+     *
+     * @param createUserId
+     * @return
+     */
+    public static boolean checkBaseQueryPermission(Long createUserId) {
+        LoginUser loginUser = ContextUtils.getLoginUser();
+        // Representative is desktop mode
+        if (RoleCodeEnum.DESKTOP.getDefaultUserId().equals(loginUser.getId())) {
+            if (RoleCodeEnum.DESKTOP.getDefaultUserId().equals(createUserId)) {
+                return true;
+            } else {
+                throw new PermissionDeniedBusinessException();
+            }
+        }
+        // Administrators can edit anything
+        return loginUser.getAdmin();
+    }
 }