Browse Source

REPORT-61846 数据连接越权漏洞修复

fix-lag
Henry.Wang 3 years ago
parent
commit
61d5afb631
  1. 26
      designer-base/src/main/java/com/fr/design/mainframe/JTemplate.java

26
designer-base/src/main/java/com/fr/design/mainframe/JTemplate.java

@ -12,6 +12,7 @@ import com.fr.base.theme.ThemedTemplate;
import com.fr.base.vcs.DesignerMode;
import com.fr.base.theme.TemplateTheme;
import com.fr.base.theme.TemplateThemeConfig;
import com.fr.decision.config.FSConfig;
import com.fr.design.DesignModelAdapter;
import com.fr.design.DesignState;
import com.fr.design.DesignerEnvManager;
@ -1486,16 +1487,16 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
* 设置新引擎后有不支持的功能时设计器中模板的标题需要加上兼容模式或者不支持分页引擎来提示用户
* */
private String compatibilityTip() {
if (!CptAndCptxCompatibilityUtil.isEngineXEnable(this.getTarget(), getEditingFILE().getPath())){
if (!CptAndCptxCompatibilityUtil.isEngineXEnable(this.getTarget(), getEditingFILE().getPath())) {
return StringUtils.EMPTY;
}
String path = this.getEditingFILE().getPath();
CptxMetadata metadata = CptxFileUtils.getMetadata(path);
//是否是兼容模式,兼容模式下,设置了新引擎的cpt和cptx的后缀不同
if (metadata != null && metadata.isForceCpt()) {
if (path.endsWith(".cptx")){
if (path.endsWith(".cptx")) {
return InterProviderFactory.getProvider().getLocText("Fine-Plugin_Engine_Compatibility_Mode");
} else if (path.endsWith(".cpt")){
} else if (path.endsWith(".cpt")) {
return InterProviderFactory.getProvider().getLocText("Fine-Plugin_Engine_Paging_Engine_Not_Work");
}
}
@ -1592,8 +1593,7 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
}
private boolean saveRealFile() throws Exception {
JTemplateAuthorityChecker jTemplateAuthorityChecker = new JTemplateAuthorityChecker(this);
if (jTemplateAuthorityChecker.isAuthority()) {
if (checkJTemplateAuthority()) {
FILE editingFILE = this.getEditingFILE();
if (editingFILE == null || editingFILE instanceof MemFILE) {
return false;
@ -1601,6 +1601,18 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
export();
this.editingFILE = editingFILE;
return true;
} else {
return false;
}
}
private boolean checkJTemplateAuthority() {
if (!FSConfig.getInstance().getAuthorizeAttr().isDataConnectionAuthority()) {
return true;
}
JTemplateAuthorityChecker jTemplateAuthorityChecker = new JTemplateAuthorityChecker(this);
if (jTemplateAuthorityChecker.isAuthority()) {
return true;
} else {
jTemplateAuthorityChecker.showAuthorityFailPromptDialog();
return false;
@ -1641,7 +1653,7 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
@Override
public void run() {
boolean isChangedFile = !JTemplate.this.saved;
if (isChangedFile){
if (isChangedFile) {
CptCompileUtil.compile(JTemplate.this);
}
callBackForSave();
@ -1708,7 +1720,7 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
* 2.在这三种情况下1.cptx文件另存为cpt文件 2.cptx另存为cptx文件 3.设置了新引擎的cpt文件另存为cpt文件
* 因为文件的编译目录改变了需要重新预编译因此设置jTemplate的保存状态为false
* */
if (CptAndCptxCompatibilityUtil.needRecompile(oldName, this)){
if (CptAndCptxCompatibilityUtil.needRecompile(oldName, this)) {
this.saved = false;
}
result = this.saveRealFile();

Loading…
Cancel
Save