feat: bi exec 支持code执行

2023-06-30 16:15:04 +08:00 · 2023-06-30 16:15:04 +08:00 · f62344509f
parent 73ade42f8d
commit f62344509f
1 changed files with 35 additions and 0 deletions
--- a/apps/bi/views.py
+++ b/apps/bi/views.py
@ -11,6 +11,7 @@ from django.core.cache import cache
 from apps.utils.sql import execute_raw_sql, format_sqldata
 from apps.bi.services import check_sql_safe, format_json_with_placeholders
 from rest_framework.exceptions import ParseError
+from rest_framework.generics import get_object_or_404
 # Create your views here.

 class DatasetViewSet(CustomModelViewSet):
@ -20,9 +21,43 @@ class DatasetViewSet(CustomModelViewSet):
    update_serializer_class = DatasetCreateUpdateSerializer
    search_fields = ['name', 'code']
    
+    def get_object(self):
+        """
+        Returns the object the view is displaying.
+
+        You may want to override this if you need to provide non-standard
+        queryset lookups.  Eg if objects are referenced using multiple
+        keyword arguments in the url conf.
+        """
+        queryset = self.filter_queryset(self.get_queryset())
+
+        # Perform the lookup filtering.
+        lookup_url_kwarg = self.lookup_url_kwarg or self.lookup_field
+
+        assert lookup_url_kwarg in self.kwargs, (
+            'Expected view %s to be called with a URL keyword argument '
+            'named "%s". Fix your URL conf, or set the `.lookup_field` '
+            'attribute on the view correctly.' %
+            (self.__class__.__name__, lookup_url_kwarg)
+        )
+
+        filter_kwargs = {self.lookup_field: self.kwargs[lookup_url_kwarg]}
+        try:
+            obj = get_object_or_404(queryset, **filter_kwargs)
+        except:
+            filter_kwargs = {'code': self.kwargs[lookup_url_kwarg]}
+            obj = get_object_or_404(queryset, **filter_kwargs)
+
+        # May raise a permission denied
+        self.check_object_permissions(self.request, obj)
+
+        return obj
+    
    @action(methods=['post'], detail=True, perms_map={'post': 'dataset.exec'}, serializer_class=DataExecSerializer, cache_seconds=0)
    def exec(self, request, pk=None):
        """执行sql查询
+
+        执行sql查询支持code
        """
        dt = self.get_object()
        rdata = DatasetSerializer(instance=dt).data