1. 链接权限
1.1. 链接权限说明
在链接上设置用于控制被授权用户所能看到的数据范围
1.1.1. 链接权限的定义
链接权限结构说明
| 字段 | 类型 | 描述 |
|---|---|---|
| id | LONG | 权限条目的 id |
| title | STRING | 权限条目的标题 |
| type | STRING | 规则类型,分为:ROW(行规则),COLUMN(列规则) |
| connectionId | LONG | 权限条目所属的链接id |
| priority | STRING | 权限条目的权限级别 |
| nodeType | STRING | 权限条目作用的节点类型 |
| path | STRING数组 | 权限条目作用的具体路径 |
| options | OBJECT | 权限条目的配置信息 |
| options.filter | OBJECT | 权限条目的过滤条件相关信息 |
| options.filter.where | HE 数组 | 行过滤条件 |
| options.filter.excludeColumns | HE 数组 | 列过滤条件 |
| options.filter.filterType | STRING | 过滤条件类型 |
priority值说明
| 字段值 | 描述 |
|---|---|
| LS | 表示用户仅可见权限条目作用节点的名称,如:用户只能看到链接下某些表的名称或某个目录下所有表的名称。但是对表的结构和数据一律不可见 |
| SC | 表示用户可见权限条目作用的某张表或某个目录下所有表的结构信息(表头) |
| RO | 表示用户可见权限条目作用的某张表或某个目录下所有表的结构信息和具体数据 |
| RW | 表示用户对权限条目作用的某张表或某个目录下所有表拥有完整权限,包括对表结构和数据的可见以及可以将表作为数据集成的输出目的地 |
权限级别关系:RW>RO>SC>LS
nodeType值说明
| 字段值 | 描述 |
|---|---|
| PATH | 表示对权限条目作用于链接中的某个目录,用户对该目录下的所有表持有特定权限 |
| TABLE | 表示对权限条目作用于链接中的某张表,用户对该表持有特定权限,当对权限条目作用于表并且权限为RO时,owner可添加针对该表的行过滤条件 |
| CONNECTION | 表示权限条目作用于整个链接,其效果与之前版本的协作类似,被对权限条目包含的用户/用户组对整个链接下的所有资源持有特定权限 |
多条权限条目间的关系
多条权限条目作用于同一个表时,规则间为"或"关系。用户被多条规则选中时,看到的是多条权限条目的并集过滤后的数据
1.2. 接口说明
1.2.1. 新增权限条目
请求URL
POST /api/v1/connections/{connectionId}/auths
请求参数
URL 参数
无
Request Body 参数
| 字段 | 类型 | 是否必须 | 描述 |
|---|---|---|---|
| title | STRING | 是 | 权限条目的标题 |
| connectionId | NUMBER | 是 | 权限条目所属的链接id |
| type | STRING | 是 | 规则类型,可选值:ROW(行权限) & COLUMN(列权限) |
| priority | STRING | 是 | 权限条目的权限级别,type为COlUMN时固定为LS |
| nodeType | STRING | 是 | 权限条目作用的节点类型 |
| path | STRING数组 | nodeType不是CONNECTION时必须 | 权限条目作用的具体路径 |
| options.filter.where | HE数组 | 否 | 行过滤条件 |
| options.filter.excludeColumns | HE数组 | 否 | 列过滤条件 |
| users | OBJECT数组 | 否 | 权限条目所选用户 |
| organizations | OBJECT数组 | 否 | 权限条目所选用户组 |
| org | OBJECT数组 | 否 | 权限条目所选组织架构 |
| tenants | OBJECT数组 | 否 | 权限条目所选租户(行权限仅在priority为RO时有效) |
返回对象的格式说明
| 字段 | 类型 | 说明 |
|---|---|---|
| version | STRING | 当前系统版本哈希值 |
| data | OBJECT | 见笔记结构说明 |
接口示例1(新增行权限)
- 请求
POST /api/v1/connections/{connectionId}/auths{ "title": "规则1", "connectionId": 1, "type": "ROW", "nodeType": "TABLE", "priority": "RO", "path": [ "public", "A_IVT_MOVIE" ], "users": [ { "id": 1 }, { "id": 2 } ], "organizations": [ { "id": 1 }, { "id": 2 } ], "org": [ { "id": 1 }, { "id": 2 } ], "tenants": [ { "id": 10001 }, { "id": 10002 } ], "options": { "filter": { "columns": [], "where": [ { "kind": "function", "op": "and", "args": [ { "kind": "function", "op": "<", "args": [ { "kind": "field", "op": "id", "type": "number" }, { "kind": "constant", "op": 5, "type": "number" } ] } ] } ] } } }{ "version": "4.6-SNAPSHOT@@git.commit.id.abbrev@#null", "code": 0, "msg": "success", "data": { "id": 1, "title": "规则1", "type" : "ROW", "connectionId": 8, "priority": "RO", "nodeType": "TABLE", "path": [ "public", "A_IVT_MOVIE" ], "options": { "filter": { "columns": [], "where": [ { "kind": "function", "op": "and", "args": [ { "kind": "function", "op": "<", "args": [ { "kind": "field", "op": "id", "type": "number" }, { "kind": "constant", "op": 5, "type": "number" } ] } ] } ], "filterType": "CONNECTION" } }, "createdBy": 1, "createdAt": "2020-05-28 12:21:31", "updatedBy": 1, "updatedAt": "2020-05-28 14:26:11", "visible": true, "users": [ { "id": 1 }, { "id": 2 } ], "organizations": [ { "id": 1 }, { "id": 2 } ], "org": [ { "id": 1 }, { "id": 2 } ], "tenants": [ { "id": 10001 }, { "id": 10002 } ], "editable": true, "delete": false } }
接口示例2(新增列权限)
- 请求
POST /api/v1/connections/{connectionId}/auths{ "title": "规则1", "connectionId": 1, "type": "COLUMN", "nodeType": "TABLE", "priority": "LS", "path": [ "public", "A_IVT_MOVIE" ], "users": [ { "id": 1 }, { "id": 2 } ], "organizations": [ { "id": 1 }, { "id": 2 } ], "org": [ { "id": 1 }, { "id": 2 } ], "tenants": [ { "id": 10001 }, { "id": 10002 } ], "options": { "filter": { "excludeColumns": [ { "fieldName": "id" }, { "fieldName": "name" } ] } } }{ "version": "4.6-SNAPSHOT@@git.commit.id.abbrev@#null", "code": 0, "msg": "success", "data": { "id": 1, "title": "规则1", "type": "COLUMN", "connectionId": 8, "priority": "LS", "nodeType": "TABLE", "path": [ "public", "A_IVT_MOVIE" ], "options": { "filter": { "excludeColumns": [ { "fieldName": "id" }, { "fieldName": "name" } ], "where": [], "filterType": "CONNECTION" } }, "createdBy": 1, "createdAt": "2020-05-28 12:21:31", "updatedBy": 1, "updatedAt": "2020-05-28 14:26:11", "visible": true, "users": [ { "id": 1 }, { "id": 2 } ], "organizations": [ { "id": 1 }, { "id": 2 } ], "org": [ { "id": 1 }, { "id": 2 } ], "tenants": [ { "id": 10001 }, { "id": 10002 } ], "editable": true, "delete": false } }
1.2.2. 更新权限条目
请求URL
PUT /api/v1/connections/{connectionId}/auths/{authId}
请求参数
URL 参数
无
Request Body 参数
| 字段 | 类型 | 是否必须 | 描述 |
|---|---|---|---|
| title | STRING | 是 | 权限条目的标题 |
| connectionId | NUMBER | 是 | 权限条目所属的链接id |
| type | STRING | 是 | 规则类型,可选值:ROW(行权限) & COLUMN(列权限) |
| priority | STRING | 是 | 权限条目的权限级别,type为COlUMN时固定为LS |
| nodeType | STRING | 是 | 权限条目作用的节点类型 |
| path | STRING数组 | nodeType不是CONNECTION时必须 | 权限条目作用的具体路径 |
| options.filter.where | HE数组 | 否 | 行过滤条件 |
| options.filter.excludeColumns | HE数组 | 否 | 列过滤条件 |
| users | OBJECT数组 | 否 | 权限条目所选用户 |
| organizations | OBJECT数组 | 否 | 权限条目所选用户组 |
| org | OBJECT数组 | 否 | 权限条目所选组织架构 |
| tenants | OBJECT数组 | 否 | 权限条目所选租户(行权限仅在priority为RO时有效) |
返回对象的格式说明
| 字段 | 类型 | 说明 |
|---|---|---|
| version | STRING | 当前系统版本哈希值 |
| data | OBJECT | 见笔记结构说明 |
接口示例1
- 请求
PUT /api/v1/connections/{connectionId}/auths/{authId}{ "title": "规则1", "connectionId": 1, "id": 1, "type": "ROW", "nodeType": "TABLE", "priority": "RO", "path": [ "public", "A_IVT_MOVIE" ], "users": [ { "id": 1 }, { "id": 2 } ], "organizations": [ { "id": 1 }, { "id": 2 } ], "org": [ { "id": 1 }, { "id": 2 } ], "tenants": [ { "id": 10001 }, { "id": 10002 } ], "options": { "filter": { "columns": [], "where": [ { "kind": "function", "op": "and", "args": [ { "kind": "function", "op": "<", "args": [ { "kind": "field", "op": "id", "type": "number" }, { "kind": "constant", "op": 5, "type": "number" } ] } ] } ] } } }{ "version": "4.6-SNAPSHOT@@git.commit.id.abbrev@#null", "code": 0, "msg": "success", "data": { "id": 1, "title": "规则1", "type" : "ROW", "connectionId": 8, "priority": "RO", "nodeType": "TABLE", "path": [ "public", "A_IVT_MOVIE" ], "options": { "filter": { "columns": [], "where": [ { "kind": "function", "op": "and", "args": [ { "kind": "function", "op": "<", "args": [ { "kind": "field", "op": "id", "type": "number" }, { "kind": "constant", "op": 5, "type": "number" } ] } ] } ], "filterType": "CONNECTION" } }, "createdBy": 1, "createdAt": "2020-05-28 12:21:31", "updatedBy": 1, "updatedAt": "2020-05-28 14:26:11", "visible": true, "users": [ { "id": 1 }, { "id": 2 } ], "organizations": [ { "id": 1 }, { "id": 2 } ], "org": [ { "id": 1 }, { "id": 2 } ], "tenants": [ { "id": 10001 }, { "id": 10002 } ], "editable": true, "delete": false } }
接口示例2(更新列权限)
- 请求
PUT /api/v1/connections/{connectionId}/auths/{authId}{ "title": "规则1", "id": 1 "connectionId": 1, "type": "COLUMN", "nodeType": "TABLE", "priority": "LS", "path": [ "public", "A_IVT_MOVIE" ], "users": [ { "id": 1 }, { "id": 2 } ], "organizations": [ { "id": 1 }, { "id": 2 } ], "org": [ { "id": 1 }, { "id": 2 } ], "tenants": [ { "id": 10001 }, { "id": 10002 } ], "options": { "filter": { "excludeColumns": [ { "fieldName": "code" }, { "fieldName": "name" } ] } } }{ "version": "4.6-SNAPSHOT@@git.commit.id.abbrev@#null", "code": 0, "msg": "success", "data": { "id": 1, "title": "规则1", "type": "COLUMN", "connectionId": 8, "priority": "LS", "nodeType": "TABLE", "path": [ "public", "A_IVT_MOVIE" ], "options": { "filter": { "excludeColumns": [ { "fieldName": "code" }, { "fieldName": "name" } ], "where": [], "filterType": "CONNECTION" } }, "createdBy": 1, "createdAt": "2020-05-28 12:21:31", "updatedBy": 1, "updatedAt": "2020-05-28 14:26:11", "visible": true, "users": [ { "id": 1 }, { "id": 2 } ], "organizations": [ { "id": 1 }, { "id": 2 } ], "org": [ { "id": 1 }, { "id": 2 } ], "tenants": [ { "id": 10001 }, { "id": 10002 } ], "editable": true, "delete": false } }
1.2.3. 根据ID获取权限条目
请求URL
GET /api/v1/connections/{connectionId}/auths/{authId}
请求参数
URL 参数
无
Request Body 参数
无
返回对象的格式说明
| 字段 | 类型 | 说明 |
|---|---|---|
| version | STRING | 当前系统版本哈希值 |
| data | OBJECT | 见笔记结构说明 |
接口示例1
- 请求
GET /api/v1/connections/{connectionId}/auths/{authId}
返回
{
"version": "3.2-SNAPSHOT@@git.commit.id.abbrev@#null",
"code": 0,
"msg": "success",
"data": {
"id": 1,
"title": "规则1",
"type": "ROW",
"connectionId": 8,
"priority": "RO",
"nodeType": "TABLE",
"path": [
"public",
"A_IVT_MOVIE"
],
"options": {
"filter": {
"columns": [],
"where": [
{
"kind": "function",
"op": "and",
"args": [
{
"kind": "function",
"op": "<",
"args": [
{
"kind": "field",
"op": "id",
"type": "number"
},
{
"kind": "constant",
"op": 5,
"type": "number"
}
]
}
]
}
],
"filterType": "CONNECTION"
}
},
"createdBy": 1,
"createdAt": "2020-05-28 12:21:31",
"updatedBy": 1,
"updatedAt": "2020-05-28 14:26:11",
"visible": true,
"users": [
{
"id": 1
},
{
"id": 2
}
],
"organizations": [
{
"id": 1
},
{
"id": 2
}
],
"editable": true,
"delete": false
}
}
1.2.4. 根据ID删除权限条目
请求URL
DELETE /api/v1/connections/{connectionId}/auths/{authId}
请求参数
URL 参数
无
Request Body 参数
无
返回对象的格式说明
| 字段 | 类型 | 说明 |
|---|---|---|
| version | STRING | 当前系统版本哈希值 |
接口示例1
- 请求
DELETE /api/v1/connections/{connectionId}/auths/{authId}
返回
{
"version": "3.2-SNAPSHOT@@git.commit.id.abbrev@#null",
"code": 0,
"msg": "success"
}
1.2.5. 获取指定路径下的连接权限
请求URL
POST /api/v1/connections/{connectionId}/auths/path
请求参数
URL 参数
无
Request Body 参数
| 字段 | 类型 | 是否必须 | 描述 |
|---|---|---|---|
| path | STRING数组 | 否(为空表示查询CONNECTION级权限) | 权限条目作用的具体路径 |
返回对象的格式说明
| 字段 | 类型 | 说明 |
|---|---|---|
| version | STRING | 当前系统版本哈希值 |
| data | OBJECT | 见笔记结构说明 |
接口示例1
- 请求
POST /api/v1/connections/{connectionId}/auths/path{ "path": [ "public", "A_IVT_MOVIE" ] }{ "version": "3.2-SNAPSHOT@@git.commit.id.abbrev@#null", "code": 0, "msg": "success", "data": [ { "id": 3, "title": "规则2", "type": "ROW", "connectionId": 8, "priority": "LS", "nodeType": "TABLE", "path": [ "public", "A_IVT_MOVIE" ], "options": { "filter": { "columns": [], "where": [] } }, "createdBy": 1, "createdAt": "2020-05-28 14:25:19", "updatedBy": 1, "updatedAt": "2020-05-28 14:25:19", "visible": true, "editable": true, "delete": false }, { "id": 2, "title": "规则1", "connectionId": 8, "type": "ROW", "priority": "RO", "nodeType": "TABLE", "path": [ "public", "A_IVT_MOVIE" ], "options": { "filter": { "columns": [], "where": [ { "op": "and", "args": [ { "op": "<", "args": [ { "op": "id", "kind": "field", "type": "number" }, { "op": 5, "kind": "constant", "type": "number" } ], "kind": "function" } ], "kind": "function" } ], "filterType": "CONNECTION" } }, "createdBy": 1, "createdAt": "2020-05-28 12:21:31", "updatedBy": 1, "updatedAt": "2020-05-28 14:50:31", "visible": true, "users": [ { "id": 2, "name": "test2" } ], "editable": true, "delete": false }, { "id": 5, "title": "规则3", "connectionId": 8, "priority": "LS", "nodeType": "TABLE", "path": [ "public", "A_IVT_MOVIE" ], "options": { "filter": { "columns": [], "where": [] } }, "createdBy": 1, "createdAt": "2020-05-28 14:55:00", "updatedBy": 1, "updatedAt": "2020-05-28 14:55:00", "visible": true, "editable": true, "delete": false } ], "totalHits": 3, "offset": 0 }
1.2.6. 批量添加链接规则
请求URL
POST /api/v1/connections/{connectionId}/auths/batch-add
请求参数
URL 参数
无
Request Body 参数
- 根据paths添加
```json
{
"priority": "RO",
"type": "ROW",
"connnectionId": 3,
"nodeType": "TABLE",
"paths": [
], "type": "ROW", "title": "批量添加", "users": [[ "public", "A_IVT_MOVIE" ], [ "public", "a_ivt_college" ], [ "public", "a_ivt_countries" ], [ "public", "a_ivt_employee" ]
], "organizations": [{ "id": 2 }, { "id": 3 }, { "id": 7 }
], "tenants": [{ "id": 2 }, { "id": 3 }, { "id": 4 }
], "options": {{ "id": 10001 }, { "id": 10002 }, { "id": 10003 }
} }"filter": { "where": [], "excludeColumns": [] }
2. 根据ConnectionAuthDtos添加
```json
{
"connectionAuthDtos": [
{
"priority": "RO",
"connnectionId": 3,
"nodeType": "TABLE",
"path": [
"public",
"A_IVT_MOVIE"
],
"type": "ROW",
"title": "分别添加1",
"users": [
{
"id": 2
}
],
"organizations": [
{
"id": 2
},
{
"id": 3
}
],
"tenants": [
{
"id": 10001
}
],
"options": {
"filter": {
"where": [],
"excludeColumns": []
}
}
},
{
"priority": "RO",
"connnectionId": 3,
"nodeType": "TABLE",
"path": [
"public",
"a_ivt_college"
],
"type": "ROW",
"title": "分别添加2",
"users": [
{
"id": 2
},
{
"id": 3
}
],
"organizations": [
{
"id": 4
},
{
"id": 3
}
],
"tenants": [
{
"id": 10001
},
{
"id": 10003
}
],
"options": {
"filter": {
"where": [],
"excludeColumns": []
}
}
},
{
"priority": "RO",
"connnectionId": 3,
"nodeType": "TABLE",
"path": [
"public",
"A_IVT_MOVIE"
],
"type": "ROW",
"title": "分别添加3",
"users": [
{
"id": 2
},
{
"id": 3
},
{
"id": 7
}
],
"organizations": [
{
"id": 2
},
{
"id": 3
},
{
"id": 4
}
],
"tenants": [
{
"id": 10001
},
{
"id": 10002
},
{
"id": 10003
}
],
"options": {
"filter": {
"where": [],
"excludeColumns": []
}
}
}
]
}
返回对象的格式说明
| 字段 | 类型 | 说明 |
|---|---|---|
| version | STRING | 当前系统版本哈希值 |
| data | OBJECT | 见笔记结构说明 |
接口示例1
- 请求
POST /api/v1/connections/{connectionId}/auths/batch-add{ "priority": "RO", "connnectionId": 3, "nodeType": "TABLE", "paths": [ [ "public", "A_IVT_MOVIE" ], [ "public", "a_ivt_college" ], [ "public", "a_ivt_countries" ], [ "public", "a_ivt_employee" ] ], "type": "ROW", "title": "批量添加", "users": [ { "id": 2 }, { "id": 3 }, { "id": 7 } ], "organizations": [ { "id": 2 }, { "id": 3 }, { "id": 4 } ], "tenants": [ { "id": 10001 }, { "id": 10002 }, { "id": 10003 } ], "options": { "filter": { "where": [], "excludeColumns": [] } } }{ "version": "4.2-SNAPSHOT@@git.commit.id.abbrev@#352dc7c5", "code": 0, "msg": "success", "data": [ { "id": 12, "title": "分别添加1", "connectionId": 3, "priority": "RO", "type": "ROW", "nodeType": "TABLE", "path": [ "public", "A_IVT_MOVIE" ], "options": { "filter": { "excludeColumns": [], "where": [], "ruleType": "ROW" } }, "createdBy": 2, "updatedBy": 2, "visible": true, "users": [ { "id": 2 } ], "organizations": [ { "id": 2 }, { "id": 3 } ], "tenants": [ { "id": 10001 } ] }, { "id": 13, "title": "分别添加2", "connectionId": 3, "priority": "RO", "type": "ROW", "nodeType": "TABLE", "path": [ "public", "a_ivt_college" ], "options": { "filter": { "excludeColumns": [], "where": [], "ruleType": "ROW" } }, "createdBy": 2, "updatedBy": 2, "visible": true, "users": [ { "id": 2 }, { "id": 3 } ], "organizations": [ { "id": 4 }, { "id": 3 } ], "tenants": [ { "id": 10001 }, { "id": 10003 } ] }, { "id": 14, "title": "分别添加3", "connectionId": 3, "priority": "RO", "type": "ROW", "nodeType": "TABLE", "path": [ "public", "A_IVT_MOVIE" ], "options": { "filter": { "excludeColumns": [], "where": [], "ruleType": "ROW" } }, "createdBy": 2, "updatedBy": 2, "visible": true, "users": [ { "id": 2 }, { "id": 3 }, { "id": 7 } ], "organizations": [ { "id": 2 }, { "id": 3 }, { "id": 4 } ], "tenants": [ { "id": 10001 }, { "id": 10002 }, { "id": 10003 } ] } ] }
1.2.7. 获取链接级规则
请求URL
GET /api/v1/connections/{connectionId}/auths/priority-connection
请求参数
URL 参数
无
Request Body 参数
无
返回对象的格式说明
| 字段 | 类型 | 说明 |
|---|---|---|
| version | STRING | 当前系统版本哈希值 |
| data | OBJECT | 见笔记结构说明 |
接口示例1
- 请求
GET /api/v1/connections/{connectionId}/auths/priority-connection
返回
{
"version": "3.2-SNAPSHOT@@git.commit.id.abbrev@#null",
"code": 0,
"msg": "success",
"data": [
{
"id": 6,
"title": "规则1 (1)",
"connectionId": 8,
"priority": "LS",
"nodeType": "CONNECTION",
"options": {},
"createdBy": 1,
"createdAt": "2020-05-28 15:05:40",
"updatedBy": 1,
"updatedAt": "2020-05-28 15:05:40",
"visible": true,
"editable": true,
"delete": false
}
],
"totalHits": 1,
"offset": 0
}