Browse Source

REPORT-61846 数据连接越权漏洞修复

new-design
Henry.Wang 3 years ago
parent
commit
a2f3e8bc4a
  1. 16
      designer-base/src/main/java/com/fr/design/mainframe/JTemplate.java

16
designer-base/src/main/java/com/fr/design/mainframe/JTemplate.java

@ -12,6 +12,7 @@ import com.fr.base.theme.ThemedTemplate;
import com.fr.base.vcs.DesignerMode; import com.fr.base.vcs.DesignerMode;
import com.fr.base.theme.TemplateTheme; import com.fr.base.theme.TemplateTheme;
import com.fr.base.theme.TemplateThemeConfig; import com.fr.base.theme.TemplateThemeConfig;
import com.fr.decision.config.FSConfig;
import com.fr.design.DesignModelAdapter; import com.fr.design.DesignModelAdapter;
import com.fr.design.DesignState; import com.fr.design.DesignState;
import com.fr.design.DesignerEnvManager; import com.fr.design.DesignerEnvManager;
@ -1592,8 +1593,7 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
} }
private boolean saveRealFile() throws Exception { private boolean saveRealFile() throws Exception {
JTemplateAuthorityChecker jTemplateAuthorityChecker = new JTemplateAuthorityChecker(this); if (checkJTemplateAuthority()) {
if (jTemplateAuthorityChecker.isAuthority()) {
FILE editingFILE = this.getEditingFILE(); FILE editingFILE = this.getEditingFILE();
if (editingFILE == null || editingFILE instanceof MemFILE) { if (editingFILE == null || editingFILE instanceof MemFILE) {
return false; return false;
@ -1601,6 +1601,18 @@ public abstract class JTemplate<T extends BaseBook, U extends BaseUndoState<?>>
export(); export();
this.editingFILE = editingFILE; this.editingFILE = editingFILE;
return true; return true;
} else {
return false;
}
}
private boolean checkJTemplateAuthority() {
if (!FSConfig.getInstance().getAuthorizeAttr().isDataConnectionAuthority()) {
return true;
}
JTemplateAuthorityChecker jTemplateAuthorityChecker = new JTemplateAuthorityChecker(this);
if (jTemplateAuthorityChecker.isAuthority()) {
return true;
} else { } else {
jTemplateAuthorityChecker.showAuthorityFailPromptDialog(); jTemplateAuthorityChecker.showAuthorityFailPromptDialog();
return false; return false;

Loading…
Cancel
Save