Merge branch '20220919' into 'master'

20220919

See merge request huang/thingsboard3.3.2!132

@@ -74,7 +74,7 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
 
     //Thingskit function
     public static final String CODE_BASED_LOGIN_ENTRY_POINT = "/api/yt/auth/code/login";
-    public static final String[] YT_NOT_AUTH_API = new String[]{"/api/yt/auth/code/login","/api/yt/third/bind","/api/yt/third/login/*","/api/yt/third/login/id/*", "/api/yt/third/authorize","/api/yt/platform/get","/api/yt/platform/app", "/api/yt/noauth/**"};
+    public static final String[] YT_NOT_AUTH_API = new String[]{"/api/yt/auth/code/login","/api/yt/third/bind","/api/yt/third/login/*","/api/yt/third/login/id/*", "/api/yt/third/authorize","/api/yt/platform/get","/api/yt/app_design/get", "/api/yt/noauth/**"};
 
     public static final String PUBLIC_LOGIN_ENTRY_POINT = "/api/auth/login/public";
     public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";

@@ -90,7 +90,7 @@ import static org.thingsboard.server.controller.ControllerConstants.UUID_WIKI_LI
 public class UserController extends BaseController {
 
     public static final String USER_ID = "userId";
-    public static final String YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION = "You don't have permission to perform this operation!";
+    public static final String YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION = "您没有执行该操作的权限!";
     public static final String ACTIVATE_URL_PATTERN = "%s/api/noauth/activate?activateToken=%s";
 
     @Value("${security.user_token_access_enabled}")

@@ -7,6 +7,7 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.yunteng.dto.SysAppDesignDTO;
 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
 import org.thingsboard.server.controller.BaseController;
@@ -28,7 +29,12 @@ public class YtAppDesignController extends BaseController {
   @GetMapping("get")
   @ApiOperation("查询详情")
   public ResponseEntity<SysAppDesignDTO> get() throws ThingsboardException {
-    return ResponseEntity.ok(sysAppDesignService.get(getCurrentUser().getCurrentTenantId()));
+    String tenantId = EntityId.NULL_UUID.toString();
+    try {
+      tenantId = getCurrentUser().getCurrentTenantId();
+    } catch (ThingsboardException e) {
+    }
+    return ResponseEntity.ok(sysAppDesignService.get(tenantId));
   }
 
   @PutMapping("update")

@@ -99,6 +99,7 @@ public class YtConfigurationCenterController extends BaseController {
 
   @GetMapping("/get_configuration_info/{id}")
   @ApiOperation("获取组态信息")
+  @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:configuration:center:get_configuration_info:get'})")
   public ResponseEntity<ConfigurationContentInfoDTO> getConfigurationInfos(
       @PathVariable("id") String id) throws ThingsboardException {
     return ResponseEntity.ok(

@@ -27,7 +27,6 @@ public class YtConfigurationContentController extends BaseController {
 
   @PostMapping
   @ApiOperation("新增")
-  @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:content:post'})")
   public ResponseEntity<ConfigurationContentDTO> save(
       @Validated({AddGroup.class}) @RequestBody ConfigurationContentDTO configurationContentDTO)
       throws ThingsboardException {
@@ -38,7 +37,6 @@ public class YtConfigurationContentController extends BaseController {
 
   @PutMapping
   @ApiOperation("修改")
-  @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:content:update'})")
   public ResponseEntity<ConfigurationContentInfoDTO> update(
       @Validated({UpdateGroup.class}) @RequestBody ConfigurationContentInfoDTO contentReqDTO)
       throws ThingsboardException {
@@ -53,7 +51,6 @@ public class YtConfigurationContentController extends BaseController {
 
   @DeleteMapping
   @ApiOperation("删除")
-  @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:content:delete'})")
   public ResponseEntity<Boolean> delete(
       @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
       throws ThingsboardException {

@@ -35,7 +35,6 @@ public class YtConfigurationNodeController extends BaseController {
 
     @PostMapping
     @ApiOperation("保存节点数据源并刷新节点的交互和动效信息")
-    @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:post'})")
     public ResponseEntity<ConfigurationNodeStateDTO> saveNode(
             @Validated({AddGroup.class}) @RequestBody ConfigurationNodeStateDTO nodeDTO)
             throws ThingsboardException {
@@ -74,7 +73,6 @@ public class YtConfigurationNodeController extends BaseController {
 
     @PostMapping("datasource")
     @ApiOperation("编辑数据源")
-    @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:datasource:post'})")
     public ResponseEntity<ConfigurationDatasourceDTO> saveDatasource(
             @Validated({AddGroup.class}) @RequestBody ConfigurationDatasourceDTO datasourceDTO)
             throws ThingsboardException {
@@ -85,7 +83,6 @@ public class YtConfigurationNodeController extends BaseController {
 
     @PostMapping("event")
     @ApiOperation("编辑数据交互")
-    @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:event:post'})")
     public ResponseEntity<ConfigurationEventDTO> saveEvent(
             @Validated({AddGroup.class}) @RequestBody ConfigurationEventDTO eventDTO)
             throws ThingsboardException {
@@ -96,7 +93,6 @@ public class YtConfigurationNodeController extends BaseController {
 
     @PostMapping("act")
     @ApiOperation("编辑动画效果")
-    @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:act:post'})")
     public ResponseEntity<ConfigurationActDTO> saveAct(
             @Validated({AddGroup.class}) @RequestBody ConfigurationActDTO actDTO)
             throws ThingsboardException {
@@ -108,7 +104,6 @@ public class YtConfigurationNodeController extends BaseController {
 
     @DeleteMapping("datasource")
     @ApiOperation("删除数据源")
-    @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:datasource:delete'})")
     public ResponseEntity<Boolean> deleteDatasource(@RequestBody ConfigurationDatasourceDTO deleteDTO)
             throws ThingsboardException {
         deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -117,7 +112,6 @@ public class YtConfigurationNodeController extends BaseController {
 
     @DeleteMapping("event")
     @ApiOperation("删除数据交互")
-    @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:event:delete'})")
     public ResponseEntity<Boolean> deleteEvent( @RequestBody ConfigurationEventDTO deleteDTO)
             throws ThingsboardException {
         deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -125,7 +119,6 @@ public class YtConfigurationNodeController extends BaseController {
     }
     @DeleteMapping("act")
     @ApiOperation("删除动画效果")
-    @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:act:delete'})")
     public ResponseEntity<Boolean> deleteAct( @RequestBody ConfigurationActDTO deleteDTO)
             throws ThingsboardException {
         deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());

@@ -73,14 +73,14 @@ public class YtNoticeController extends BaseController {
     }
 
     @DeleteMapping("delete")
-    @PreAuthorize("@check.checkPermissions({},{'api:yt:notice:delete:delete'})")
+    @PreAuthorize("@check.checkPermissions({},{'api:yt:notice:delete'})")
     @ApiOperation("批量删除")
     public void delete(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
         sysNoticeService.delete(deleteDTO.getIds(), getCurrentUser().getCurrentTenantId());
     }
 
     @PostMapping("save")
-    @PreAuthorize("@check.checkPermissions({},{'api:yt:notice:post'})")
+    @PreAuthorize("@check.checkPermissions({},{'api:yt:notice:save:post'})")
     @ApiOperation("保存草稿")
     public ResponseEntity<SysNoticeDTO> save(@Validated(AddGroup.class) @RequestBody SysNoticeDTO sysNoticeDTO) throws ThingsboardException {
         sysNoticeDTO.setStatus(FastIotConstants.DraftStatus.DRAFT);

@@ -104,6 +104,7 @@ public class ThingsboardErrorResponseHandler extends ResponseEntityExceptionHand
     public void handle(HttpServletRequest request, HttpServletResponse response,
                        AccessDeniedException accessDeniedException) throws IOException,
             ServletException {
+        response.setCharacterEncoding("utf-8");
         if (!response.isCommitted()) {
             response.setContentType(MediaType.APPLICATION_JSON_VALUE);
             response.setStatus(HttpStatus.FORBIDDEN.value());
@@ -168,11 +169,13 @@ public class ThingsboardErrorResponseHandler extends ResponseEntityExceptionHand
         ThingsboardErrorCode errorCode = thingsboardException.getErrorCode();
         HttpStatus status = errorCodeToStatus(errorCode);
         response.setStatus(status.value());
+        response.setCharacterEncoding("utf-8");
         mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of(thingsboardException.getMessage(), errorCode, status));
     }
 
     private void handleRateLimitException(HttpServletResponse response, TbRateLimitsException exception) throws IOException {
         response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
+        response.setCharacterEncoding("utf-8");
         String message = "Too many requests for current " + exception.getEntityType().name().toLowerCase() + "!";
         mapper.writeValue(response.getWriter(),
                 ThingsboardErrorResponse.of(message,
@@ -181,11 +184,13 @@ public class ThingsboardErrorResponseHandler extends ResponseEntityExceptionHand
 
     private void handleSubscriptionException(ThingsboardException subscriptionException, HttpServletResponse response) throws IOException {
         response.setStatus(HttpStatus.FORBIDDEN.value());
+        response.setCharacterEncoding("utf-8");
         mapper.writeValue(response.getWriter(),
                 (new ObjectMapper()).readValue(((HttpClientErrorException) subscriptionException.getCause()).getResponseBodyAsByteArray(), Object.class));
     }
 
     private void handleAccessDeniedException(HttpServletResponse response) throws IOException {
+        response.setCharacterEncoding("utf-8");
         response.setStatus(HttpStatus.FORBIDDEN.value());
         mapper.writeValue(response.getWriter(),
                 ThingsboardErrorResponse.of(ErrorMessage.NOT_HAVE_PERMISSION.getMessage(),
@@ -195,6 +200,7 @@ public class ThingsboardErrorResponseHandler extends ResponseEntityExceptionHand
 
     private void handleAuthenticationException(AuthenticationException authenticationException, HttpServletResponse response) throws IOException {
         response.setStatus(HttpStatus.UNAUTHORIZED.value());
+        response.setCharacterEncoding("utf-8");
         if (authenticationException instanceof BadCredentialsException || authenticationException instanceof UsernameNotFoundException) {
             mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of(ErrorMessage.USERNAME_PASSWORD_INCORRECT.getMessage(), ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
         } else if (authenticationException instanceof DisabledException) {

@@ -34,7 +34,7 @@ import static org.thingsboard.server.dao.service.Validator.validateId;
 public class DefaultAccessControlService implements AccessControlService {
 
     private static final String INCORRECT_TENANT_ID = "Incorrect tenantId ";
-    private static final String YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION = "You don't have permission to perform this operation!";
+    private static final String YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION = "您没有执行该操作的权限!!";
 
     private final Map<Authority, Permissions> authorityPermissions = new HashMap<>();
 

@@ -15,9 +15,9 @@ public enum ErrorMessage {
   NOT_HAVE_PERMISSION(403006, "您没有执行该操作的权限!"),
   ACCOUNT_IS_NOT_ACTIVE(401000,"用户账号未激活或初始密码未修改"),
   USERNAME_PASSWORD_INCORRECT(401001, "用户名或密码错误"),
-  TOKEN_EXPIRED(401002, "token已过期"),
+  TOKEN_EXPIRED(401002, "token已过期，请重新登录"),
   NONE_TENANT_ASSET(401003, "非当前租户资产"),
-  AUTHENTICATION_FAILED_ACCOUNT_EXPIRED(401003, "账号已过期"),
+  AUTHENTICATION_FAILED_ACCOUNT_EXPIRED(401003, "账号已过期，请联系你的管理员"),
   BAD_PARAMETER(400000, "查询参数无效"),
   INVALID_PARAMETER(400001, "无效参数"),
   TOO_MANY_REQUEST(429001, "请求过多"),

@@ -64,7 +64,7 @@ public class YtNoticeServiceImpl implements YtNoticeService {
 
         QueryWrapper<AlarmProfile> profileQueryWrapper = new QueryWrapper<AlarmProfile>();
         profileQueryWrapper.lambda()
-                .eq(AlarmProfile::getId, profileId).eq(AlarmProfile::getStatus, StatusEnum.ENABLE.ordinal());
+                .eq(AlarmProfile::getId, profileId).eq(AlarmProfile::getStatus, StatusEnum.ENABLE.getIndex());
         AlarmProfile alarmProfile = alarmProfileMapper.selectOne(profileQueryWrapper);