Browse Source

REPORT-61846 数据连接越权漏洞修复

new-design
Henry.Wang 3 years ago
parent
commit
a2f3e8bc4a
  1. 26
      designer-base/src/main/java/com/fr/design/mainframe/JTemplate.java

26
designer-base/src/main/java/com/fr/design/mainframe/JTemplate.java

@ -12,6 +12,7 @@ import com.fr.base.theme.ThemedTemplate;
import com.fr.base.vcs.DesignerMode; import com.fr.base.vcs.DesignerMode;
import com.fr.base.theme.TemplateTheme; import com.fr.base.theme.TemplateTheme;
import com.fr.base.theme.TemplateThemeConfig; import com.fr.base.theme.TemplateThemeConfig;
import com.fr.decision.config.FSConfig;
import com.fr.design.DesignModelAdapter; import com.fr.design.DesignModelAdapter;
import com.fr.design.DesignState; import com.fr.design.DesignState;
import com.fr.design.DesignerEnvManager; import com.fr.design.DesignerEnvManager;
@ -1486,16 +1487,16 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
* 设置新引擎后有不支持的功能时设计器中模板的标题需要加上兼容模式或者不支持分页引擎来提示用户 * 设置新引擎后有不支持的功能时设计器中模板的标题需要加上兼容模式或者不支持分页引擎来提示用户
* */ * */
private String compatibilityTip() { private String compatibilityTip() {
if (!CptAndCptxCompatibilityUtil.isEngineXEnable(this.getTarget(), getEditingFILE().getPath())){ if (!CptAndCptxCompatibilityUtil.isEngineXEnable(this.getTarget(), getEditingFILE().getPath())) {
return StringUtils.EMPTY; return StringUtils.EMPTY;
} }
String path = this.getEditingFILE().getPath(); String path = this.getEditingFILE().getPath();
CptxMetadata metadata = CptxFileUtils.getMetadata(path); CptxMetadata metadata = CptxFileUtils.getMetadata(path);
//是否是兼容模式,兼容模式下,设置了新引擎的cpt和cptx的后缀不同 //是否是兼容模式,兼容模式下,设置了新引擎的cpt和cptx的后缀不同
if (metadata != null && metadata.isForceCpt()) { if (metadata != null && metadata.isForceCpt()) {
if (path.endsWith(".cptx")){ if (path.endsWith(".cptx")) {
return InterProviderFactory.getProvider().getLocText("Fine-Plugin_Engine_Compatibility_Mode"); return InterProviderFactory.getProvider().getLocText("Fine-Plugin_Engine_Compatibility_Mode");
} else if (path.endsWith(".cpt")){ } else if (path.endsWith(".cpt")) {
return InterProviderFactory.getProvider().getLocText("Fine-Plugin_Engine_Paging_Engine_Not_Work"); return InterProviderFactory.getProvider().getLocText("Fine-Plugin_Engine_Paging_Engine_Not_Work");
} }
} }
@ -1592,8 +1593,7 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
} }
private boolean saveRealFile() throws Exception { private boolean saveRealFile() throws Exception {
JTemplateAuthorityChecker jTemplateAuthorityChecker = new JTemplateAuthorityChecker(this); if (checkJTemplateAuthority()) {
if (jTemplateAuthorityChecker.isAuthority()) {
FILE editingFILE = this.getEditingFILE(); FILE editingFILE = this.getEditingFILE();
if (editingFILE == null || editingFILE instanceof MemFILE) { if (editingFILE == null || editingFILE instanceof MemFILE) {
return false; return false;
@ -1601,6 +1601,18 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
export(); export();
this.editingFILE = editingFILE; this.editingFILE = editingFILE;
return true; return true;
} else {
return false;
}
}
private boolean checkJTemplateAuthority() {
if (!FSConfig.getInstance().getAuthorizeAttr().isDataConnectionAuthority()) {
return true;
}
JTemplateAuthorityChecker jTemplateAuthorityChecker = new JTemplateAuthorityChecker(this);
if (jTemplateAuthorityChecker.isAuthority()) {
return true;
} else { } else {
jTemplateAuthorityChecker.showAuthorityFailPromptDialog(); jTemplateAuthorityChecker.showAuthorityFailPromptDialog();
return false; return false;
@ -1641,7 +1653,7 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
@Override @Override
public void run() { public void run() {
boolean isChangedFile = !JTemplate.this.saved; boolean isChangedFile = !JTemplate.this.saved;
if (isChangedFile){ if (isChangedFile) {
CptCompileUtil.compile(JTemplate.this); CptCompileUtil.compile(JTemplate.this);
} }
callBackForSave(); callBackForSave();
@ -1708,7 +1720,7 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
* 2.在这三种情况下1.cptx文件另存为cpt文件 2.cptx另存为cptx文件 3.设置了新引擎的cpt文件另存为cpt文件 * 2.在这三种情况下1.cptx文件另存为cpt文件 2.cptx另存为cptx文件 3.设置了新引擎的cpt文件另存为cpt文件
* 因为文件的编译目录改变了需要重新预编译因此设置jTemplate的保存状态为false * 因为文件的编译目录改变了需要重新预编译因此设置jTemplate的保存状态为false
* */ * */
if (CptAndCptxCompatibilityUtil.needRecompile(oldName, this)){ if (CptAndCptxCompatibilityUtil.needRecompile(oldName, this)) {
this.saved = false; this.saved = false;
} }
result = this.saveRealFile(); result = this.saveRealFile();

Loading…
Cancel
Save