数据安全分页

2 months ago · 7b5dd1a347
2 changed files with 37 additions and 1 deletions
--- a/vue-fastapi-backend/module_admin/entity/vo/metasecurity_vo.py
+++ b/vue-fastapi-backend/module_admin/entity/vo/metasecurity_vo.py
@ -89,6 +89,9 @@ class MetaSecurityApiModel(BaseModel):
    username: Optional[str] = Field(default=None, description='用户名称')
    password: Optional[str] = Field(default=None, description='用户密码')
    sqlStr: Optional[str] = Field(default=None, description='sql')
+    isPage: Optional[bool] = Field(default=False, description='是否分页')
+    pageNum: Optional[int] = Field(default=1, description='sql')
+    pageSize: Optional[int] = Field(default=10, description='sql')

    @NotBlank(field_name='username', message='用户名称不能为空')
    @Size(field_name='username', min_length=0, max_length=100, message='用户名称长度不能超过100个字符')
--- a/vue-fastapi-backend/module_admin/service/metasecurity_service.py
+++ b/vue-fastapi-backend/module_admin/service/metasecurity_service.py
@ -326,6 +326,8 @@ class MetaSecurityService:
        # 返回最终的结果字典
        ctrSqlDict = await generate_sql(tablesRowCol,table_columns)
        oldStrSql= page_object.sqlStr
+        if page_object.isPage:
+            oldStrSql=generate_pagination_sql(page_object,dsDataResource["type"])
        #7.根据行列配置控制原始sql
        newStrSql =await replace_table_with_subquery(ctrSqlDict,oldStrSql)
        #8.执行结果
@ -652,3 +654,34 @@ async def test_connection(db_content):
            await connection.scalar("SELECT 1")
    except Exception as e:
        raise Exception("数据源连接失败") from e
+def generate_pagination_sql(page_object: MetaSecurityApiModel, db_type: str) -> str:
+    """
+    生成带分页的 SQL 语句
+
+    :param page_object: 包含分页参数的对象
+    :param db_type: 数据库类型（大写字符串）
+    :return: 带分页的 SQL 语句
+    """
+    page_num = page_object.pageNum or 1  # 当前页码，默认为 1
+    page_size = page_object.pageSize or 10  # 每页大小，默认为 10
+    offset = (page_num - 1) * page_size  # 计算偏移量（跳过的行数）
+    oldStrSql = page_object.sqlStr  # 获取原始 SQL 语句
+
+    db_type = db_type.upper()  # 确保数据库类型为大写
+
+    if db_type == "MYSQL" or db_type == "POSTGRESQL":
+        newStrSql = f"{oldStrSql} LIMIT {page_size} OFFSET {offset}"
+    elif db_type == "SQLSERVER":
+        newStrSql = f"{oldStrSql} ORDER BY id OFFSET {offset} ROWS FETCH NEXT {page_size} ROWS ONLY"
+    elif db_type == "ORACLE":
+        newStrSql = f"""
+        SELECT * FROM (
+            SELECT a.*, ROWNUM rnum FROM (
+                {oldStrSql} ORDER BY id
+            ) a WHERE ROWNUM <= {offset + page_size}
+        ) WHERE rnum > {offset}
+        """
+    else:
+        raise ValueError(f"不支持的数据库类型: {db_type}")
+
+    return newStrSql