From 06a4b5956e03b958afc27ab33a2897292ced3d1a Mon Sep 17 00:00:00 2001
From: littleniannian <jarviscrick@outlook.com>
Date: Fri, 27 Jun 2025 19:31:20 +0800
Subject: [PATCH 1/2] fix(permission): add project permission check in
 middleware

---
 sqle/api/middleware/permission.go |  2 +-
 sqle/dms/permission.go            | 20 +++++++++++++++-----
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/sqle/api/middleware/permission.go b/sqle/api/middleware/permission.go
index b66fed4c87..b024bae38c 100644
--- a/sqle/api/middleware/permission.go
+++ b/sqle/api/middleware/permission.go
@@ -47,7 +47,7 @@ func OpProjectAllowed() echo.MiddlewareFunc {
 				return echo.NewHTTPError(http.StatusForbidden)
 			}
 
-			if up.CanOpProject() {
+			if up.CanOpProject() || up.HasProjectPermission() {
 				return next(c)
 			}
 
diff --git a/sqle/dms/permission.go b/sqle/dms/permission.go
index 8f0e412936..566b105899 100644
--- a/sqle/dms/permission.go
+++ b/sqle/dms/permission.go
@@ -97,13 +97,23 @@ func (p *UserPermission) HasOnePermission(opPermissionType v1.OpPermissionType)
 	return false
 }
 
-func (p *UserPermission) GetOnePermission(opPermissionType v1.OpPermissionType) *v1.OpPermissionItem {
-	for i := range p.opPermissionItem {
-		if p.opPermissionItem[i].OpPermissionType == opPermissionType {
-			return &p.opPermissionItem[i]
+func (p *UserPermission) HasProjectPermission() bool {
+	for _, userOpPermission := range p.opPermissionItem {
+		if userOpPermission.OpPermissionType == v1.OpPermissionTypeAuthDBServiceData ||
+			userOpPermission.OpPermissionType == v1.OpPermissionManageProjectDataSource ||
+			userOpPermission.OpPermissionType == v1.OpPermissionManageAuditRuleTemplate ||
+			userOpPermission.OpPermissionType == v1.OpPermissionManageApprovalTemplate ||
+			userOpPermission.OpPermissionType == v1.OpPermissionManageMember ||
+			userOpPermission.OpPermissionType == v1.OpPermissionPushRule ||
+			userOpPermission.OpPermissionType == v1.OpPermissionMangeAuditSQLWhiteList ||
+			userOpPermission.OpPermissionType == v1.OpPermissionManageSQLMangeWhiteList ||
+			userOpPermission.OpPermissionType == v1.OpPermissionManageRoleMange ||
+			userOpPermission.OpPermissionType == v1.OpPermissionDesensitization ||
+			userOpPermission.OpPermissionType == v1.OpPermissionTypeProjectAdmin {
+			return true
 		}
 	}
-	return nil
+	return false
 }
 
 func (p *UserPermission) IsProjectAdmin() bool {

From 826b15572638760b7bbd5423a6f8e843133c15d0 Mon Sep 17 00:00:00 2001
From: littleniannian <jarviscrick@outlook.com>
Date: Fri, 27 Jun 2025 19:42:57 +0800
Subject: [PATCH 2/2] fix: add method GetOnePermission

---
 sqle/dms/permission.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/sqle/dms/permission.go b/sqle/dms/permission.go
index 566b105899..31d1a5ed86 100644
--- a/sqle/dms/permission.go
+++ b/sqle/dms/permission.go
@@ -97,6 +97,15 @@ func (p *UserPermission) HasOnePermission(opPermissionType v1.OpPermissionType)
 	return false
 }
 
+func (p *UserPermission) GetOnePermission(opPermissionType v1.OpPermissionType) *v1.OpPermissionItem {
+	for i := range p.opPermissionItem {
+		if p.opPermissionItem[i].OpPermissionType == opPermissionType {
+			return &p.opPermissionItem[i]
+		}
+	}
+	return nil
+}
+
 func (p *UserPermission) HasProjectPermission() bool {
 	for _, userOpPermission := range p.opPermissionItem {
 		if userOpPermission.OpPermissionType == v1.OpPermissionTypeAuthDBServiceData ||