dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for ApiStats security checks

Browse Source
This commit is contained in:
Andrii Shvaika 2020-11-12 09:55:18 +02:00
parent df21ce8043
commit 0dd9450b92
3 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dao/src/main/java/org/thingsboard/server/dao/sql/query/DefaultEntityQueryRepository.java
View File

@ -202,6 +202,9 @@ public class DefaultEntityQueryRepository implements EntityQueryRepository {
" THEN (select additional_info from entity_view where id = entity_id)" +
" END as additional_info";
private static final String SELECT_API_USAGE_STATE = "(select aus.id, aus.created_time, aus.tenant_id, '13814000-1dd2-11b2-8080-808080808080'::uuid as customer_id, " +
"(select title from tenant where id = aus.tenant_id) as name from api_usage_state as aus)";
static {
entityTableMap.put(EntityType.ASSET, "asset");
entityTableMap.put(EntityType.DEVICE, "device");
@ -210,7 +213,7 @@ public class DefaultEntityQueryRepository implements EntityQueryRepository {
entityTableMap.put(EntityType.CUSTOMER, "customer");
entityTableMap.put(EntityType.USER, "tb_user");
entityTableMap.put(EntityType.TENANT, "tenant");
entityTableMap.put(EntityType.API_USAGE_STATE, "api_usage_state");
entityTableMap.put(EntityType.API_USAGE_STATE, SELECT_API_USAGE_STATE);
}
public static EntityType[] RELATION_QUERY_ENTITY_TYPES = new EntityType[]{

2
dao/src/main/java/org/thingsboard/server/dao/sql/query/EntityKeyMapping.java
View File

@ -80,7 +80,7 @@ public class EntityKeyMapping {
public static final List<String> labeledEntityFields = Arrays.asList(CREATED_TIME, ENTITY_TYPE, NAME, TYPE, LABEL, ADDITIONAL_INFO);
public static final List<String> contactBasedEntityFields = Arrays.asList(CREATED_TIME, ENTITY_TYPE, EMAIL, TITLE, COUNTRY, STATE, CITY, ADDRESS, ADDRESS_2, ZIP, PHONE, ADDITIONAL_INFO);
public static final Set<String> apiUsageStateEntityFields = Collections.singleton(CREATED_TIME);
public static final Set<String> apiUsageStateEntityFields = new HashSet<>(Arrays.asList(CREATED_TIME, ENTITY_TYPE, NAME));
public static final Set<String> commonEntityFieldsSet = new HashSet<>(commonEntityFields);
public static final Set<String> relationQueryEntityFieldsSet = new HashSet<>(Arrays.asList(CREATED_TIME, ENTITY_TYPE, NAME, TYPE, LABEL, FIRST_NAME, LAST_NAME, EMAIL, REGION, TITLE, COUNTRY, STATE, CITY, ADDRESS, ADDRESS_2, ZIP, PHONE, ADDITIONAL_INFO));

3
ui-ngx/src/app/core/http/entity.service.ts
View File

@ -630,6 +630,9 @@ export class EntityService {
case EntityType.DASHBOARD:
entityFieldKeys.push(entityFields.title.keyName);
break;
case EntityType.API_USAGE_STATE:
entityFieldKeys.push(entityFields.name.keyName);
break;
}
return query ? entityFieldKeys.filter((entityField) => entityField.toLowerCase().indexOf(query) === 0) : entityFieldKeys;
}