fix hhyo#50

kjiLupin · Apr 28, 2019 · d08a6d5 · d08a6d5
1 parent 5fc4b83
commit d08a6d5
Showing 1 changed file with 16 additions and 16 deletions.
diff --git a/sql/query.py b/sql/query.py
@@ -66,14 +66,15 @@ def query_audit_call_back(workflow_id, workflow_status):
 def query_priv_check(user, instance_name, db_name, sql_content, limit_num):
     result = {'status': 0, 'msg': 'ok', 'data': {'priv_check': 1, 'limit_num': 0}}
     instance = Instance.objects.get(instance_name=instance_name)
+    table_ref = None  # 查询语句涉及的表信息
     # 检查用户是否有该数据库/表的查询权限
     if user.is_superuser:
         user_limit_num = int(SysConfig().get('admin_query_limit', 5000))
         limit_num = int(user_limit_num) if int(limit_num) == 0 else min(int(limit_num), int(user_limit_num))
         result['data']['limit_num'] = limit_num
         return result
 
-    # 查看表结构和执行计划，inception会报错，故单独处理，explain直接跳过不做校验
+    # 查看表结构的语句，inception语法树解析会报错，故单独处理，explain直接跳过不做校验
     elif re.match(r"^show\s+create\s+table", sql_content.lower()):
         tb_name = re.sub('^show\s+create\s+table', '', sql_content, count=1, flags=0).strip()
         # 先判断是否有整库权限
@@ -114,21 +115,20 @@ def query_priv_check(user, instance_name, db_name, sql_content, limit_num):
                         return result
 
         # 获取表数据报错，检查配置文件是否允许继续执行，并进行库权限校验
-
-    table_ref = None
-    # 校验库权限，防止inception的语法树打印错误时连库权限也未做校验
-    privileges = QueryPrivileges.objects.filter(user_name=user.username, instance_name=instance_name,
-                                                db_name=db_name,
-                                                valid_date__gte=datetime.datetime.now(),
-                                                is_deleted=0)
-    if len(privileges) == 0:
-        result['status'] = 1
-        result['msg'] = '你无' + db_name + '数据库的查询权限！请先到查询权限管理进行申请'
-        return result
-    if SysConfig().get('query_check'):
-        return table_ref_result
-    else:
-        result['data']['priv_check'] = 2
+        else:
+            # 校验库权限，防止inception的语法树打印错误时连库权限也未做校验
+            privileges = QueryPrivileges.objects.filter(user_name=user.username, instance_name=instance_name,
+                                                        db_name=db_name,
+                                                        valid_date__gte=datetime.datetime.now(),
+                                                        is_deleted=0)
+            if len(privileges) == 0:
+                result['status'] = 1
+                result['msg'] = '你无' + db_name + '数据库的查询权限！请先到查询权限管理进行申请'
+                return result
+            if SysConfig().get('query_check'):
+                return table_ref_result
+            else:
+                result['data']['priv_check'] = 2
 
     # 获取查询涉及表的最小limit限制
     if table_ref: