diff --git a/admin/app/controllers/settings/equipment/equipment.controller.js b/admin/app/controllers/settings/equipment/equipment.controller.js index 09145784..8d6fcf60 100644 --- a/admin/app/controllers/settings/equipment/equipment.controller.js +++ b/admin/app/controllers/settings/equipment/equipment.controller.js @@ -1,7 +1,15 @@ 'use strict'; -app.controller('EquipmentController', function($scope, $translate, $uibModal, EquipmentService, CostCenterService, toaster,SweetAlert) { - +app.controller('EquipmentController', function( + $scope, + $window, + $translate, + $uibModal, + EquipmentService, + CostCenterService, + toaster, + SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllEquipments = function() { EquipmentService.getAllEquipments(function (response) { if (angular.isDefined(response.status) && response.status === 200) { @@ -36,7 +44,8 @@ app.controller('EquipmentController', function($scope, $translate, $uibModal, Eq }); modalInstance.result.then(function(equipment) { equipment.cost_center_id = equipment.cost_center.id; - EquipmentService.addEquipment(equipment, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EquipmentService.addEquipment(equipment, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -77,7 +86,8 @@ app.controller('EquipmentController', function($scope, $translate, $uibModal, Eq modalInstance.result.then(function(modifiedEquipment) { modifiedEquipment.cost_center_id = modifiedEquipment.cost_center.id; - EquipmentService.editEquipment(modifiedEquipment, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EquipmentService.editEquipment(modifiedEquipment, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -114,7 +124,8 @@ app.controller('EquipmentController', function($scope, $translate, $uibModal, Eq closeOnCancel: true }, function (isConfirm) { if (isConfirm) { - EquipmentService.deleteEquipment(equipment, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EquipmentService.deleteEquipment(equipment, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/controllers/settings/equipment/equipmentmeter.controller.js b/admin/app/controllers/settings/equipment/equipmentmeter.controller.js index d980d6e4..ca146731 100644 --- a/admin/app/controllers/settings/equipment/equipmentmeter.controller.js +++ b/admin/app/controllers/settings/equipment/equipmentmeter.controller.js @@ -1,6 +1,19 @@ 'use strict'; -app.controller('EquipmentMeterController', function($scope,$timeout,$uibModal, $translate, MeterService, VirtualMeterService, OfflineMeterService, EquipmentMeterService, EquipmentService, toaster,SweetAlert) { +app.controller('EquipmentMeterController', function( + $scope, + $window, + $timeout, + $uibModal, + $translate, + MeterService, + VirtualMeterService, + OfflineMeterService, + EquipmentMeterService, + EquipmentService, + toaster, + SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.currentEquipment = {selected:undefined}; $scope.getAllEquipments = function(id) { @@ -111,7 +124,8 @@ app.controller('EquipmentMeterController', function($scope,$timeout,$uibModal, $ modalInstance.result.then(function (is_output) { var meterid=angular.element('#'+dragEl).scope().meter.id; var equipmentid=$scope.currentEquipment.id; - EquipmentMeterService.addPair(equipmentid, meterid, $scope.currentMeterType, is_output, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EquipmentMeterService.addPair(equipmentid, meterid, $scope.currentMeterType, is_output, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -140,7 +154,8 @@ app.controller('EquipmentMeterController', function($scope,$timeout,$uibModal, $ var equipmentmeterid = angular.element('#' + dragEl).scope().equipmentmeter.id; var equipmentid = $scope.currentEquipment.id; var metertype = angular.element('#' + dragEl).scope().equipmentmeter.metertype; - EquipmentMeterService.deletePair(equipmentid, equipmentmeterid, metertype, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EquipmentMeterService.deletePair(equipmentid, equipmentmeterid, metertype, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/controllers/settings/equipment/equipmentparameter.controller.js b/admin/app/controllers/settings/equipment/equipmentparameter.controller.js index 09a9a133..5012cb64 100644 --- a/admin/app/controllers/settings/equipment/equipmentparameter.controller.js +++ b/admin/app/controllers/settings/equipment/equipmentparameter.controller.js @@ -73,8 +73,8 @@ app.controller('EquipmentParameterController', function( if (equipmentparameter.denominator_meter != null) { equipmentparameter.denominator_meter_uuid = equipmentparameter.denominator_meter.uuid; } - - EquipmentParameterService.addEquipmentParameter(equipmentid, equipmentparameter, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EquipmentParameterService.addEquipmentParameter(equipmentid, equipmentparameter, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -123,7 +123,8 @@ app.controller('EquipmentParameterController', function( if (modifiedEquipmentParameter.denominator_meter != null) { modifiedEquipmentParameter.denominator_meter_uuid = modifiedEquipmentParameter.denominator_meter.uuid; } - EquipmentParameterService.editEquipmentParameter($scope.currentEquipment.id, modifiedEquipmentParameter, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EquipmentParameterService.editEquipmentParameter($scope.currentEquipment.id, modifiedEquipmentParameter, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -160,7 +161,8 @@ app.controller('EquipmentParameterController', function( }, function(isConfirm) { if (isConfirm) { - EquipmentParameterService.deleteEquipmentParameter($scope.currentEquipment.id, equipmentparameter.id, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EquipmentParameterService.deleteEquipmentParameter($scope.currentEquipment.id, equipmentparameter.id, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/settings/equipment/equipment.service.js b/admin/app/services/settings/equipment/equipment.service.js index c90bec6b..cba00419 100644 --- a/admin/app/services/settings/equipment/equipment.service.js +++ b/admin/app/services/settings/equipment/equipment.service.js @@ -17,24 +17,24 @@ app.factory('EquipmentService', function($http) { callback(response); }); }, - addEquipment: function(equipment, callback) { - $http.post(getAPI()+'equipments',{data:equipment}) + addEquipment: function(equipment, headers, callback) { + $http.post(getAPI()+'equipments',{data:equipment}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editEquipment: function(equipment, callback) { - $http.put(getAPI()+'equipments/'+equipment.id,{data:equipment}) + editEquipment: function(equipment, headers, callback) { + $http.put(getAPI()+'equipments/'+equipment.id,{data:equipment}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteEquipment: function(equipment, callback) { - $http.delete(getAPI()+'equipments/'+equipment.id) + deleteEquipment: function(equipment, headers, callback) { + $http.delete(getAPI()+'equipments/'+equipment.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/admin/app/services/settings/equipment/equipmentmeter.service.js b/admin/app/services/settings/equipment/equipmentmeter.service.js index 2b54b38a..253964aa 100644 --- a/admin/app/services/settings/equipment/equipmentmeter.service.js +++ b/admin/app/services/settings/equipment/equipmentmeter.service.js @@ -1,7 +1,7 @@ 'use strict'; app.factory('EquipmentMeterService', function($http) { return { - addPair: function(equipmentID,meterID,metertype,is_output,callback) { + addPair: function(equipmentID, meterID, metertype, is_output, headers, callback) { var meter={}; if(metertype=='meters'){ meter={'meter_id':meterID,is_output:is_output}; @@ -10,7 +10,7 @@ app.factory('EquipmentMeterService', function($http) { }else{ meter={'offline_meter_id':meterID,is_output:is_output}; } - $http.post(getAPI()+'equipments/'+equipmentID+'/'+metertype,{data:meter}) + $http.post(getAPI()+'equipments/'+equipmentID+'/'+metertype,{data:meter}, {headers}) .then(function (response) { callback(response); }, function (response) { @@ -18,8 +18,8 @@ app.factory('EquipmentMeterService', function($http) { }); }, - deletePair: function(equipmentID,meterID,metertype, callback) { - $http.delete(getAPI()+'equipments/'+equipmentID+'/'+metertype+'/'+meterID) + deletePair: function(equipmentID,meterID,metertype, headers, callback) { + $http.delete(getAPI()+'equipments/'+equipmentID+'/'+metertype+'/'+meterID, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/admin/app/services/settings/equipment/equipmentparameter.service.js b/admin/app/services/settings/equipment/equipmentparameter.service.js index c803bc25..e65b79b8 100644 --- a/admin/app/services/settings/equipment/equipmentparameter.service.js +++ b/admin/app/services/settings/equipment/equipmentparameter.service.js @@ -10,16 +10,16 @@ app.factory('EquipmentParameterService', function($http) { callback(response); }); }, - addEquipmentParameter: function(equipmentID, equipmentparameter,callback) { - $http.post(getAPI()+'equipments/'+equipmentID+'/parameters',{data:equipmentparameter}) + addEquipmentParameter: function(equipmentID, equipmentparameter, headers, callback) { + $http.post(getAPI()+'equipments/'+equipmentID+'/parameters',{data:equipmentparameter}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editEquipmentParameter: function(equipmentID,equipmentparameter,callback) { - $http.put(getAPI()+'equipments/'+equipmentID+'/parameters/'+equipmentparameter.id,{data:equipmentparameter}) + editEquipmentParameter: function(equipmentID, equipmentparameter, headers, callback) { + $http.put(getAPI()+'equipments/'+equipmentID+'/parameters/'+equipmentparameter.id,{data:equipmentparameter}, {headers}) .then(function (response) { callback(response); }, function (response) { @@ -27,8 +27,8 @@ app.factory('EquipmentParameterService', function($http) { }); }, - deleteEquipmentParameter: function(equipmentID, parameterID, callback) { - $http.delete(getAPI()+'equipments/'+equipmentID+'/parameters/'+parameterID) + deleteEquipmentParameter: function(equipmentID, parameterID, headers, callback) { + $http.delete(getAPI()+'equipments/'+equipmentID+'/parameters/'+parameterID, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/core/equipment.py b/myems-api/core/equipment.py index cdd2c9cd..ef6877c0 100644 --- a/myems-api/core/equipment.py +++ b/myems-api/core/equipment.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class EquipmentCollection: @@ -62,6 +62,7 @@ class EquipmentCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -205,6 +206,7 @@ class EquipmentItem: @user_logger @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_EQUIPMENT_ID') @@ -293,6 +295,7 @@ class EquipmentItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_EQUIPMENT_ID') @@ -667,6 +670,7 @@ class EquipmentParameterCollection: @user_logger def on_post(req, resp, id_): """Handles POST requests""" + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_EQUIPMENT_ID') @@ -976,6 +980,7 @@ class EquipmentParameterItem: @staticmethod @user_logger def on_delete(req, resp, id_, pid): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_EQUIPMENT_ID') @@ -1024,6 +1029,7 @@ class EquipmentParameterItem: @user_logger def on_put(req, resp, id_, pid): """Handles PUT requests""" + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_EQUIPMENT_ID') @@ -1283,6 +1289,7 @@ class EquipmentMeterCollection: @user_logger def on_post(req, resp, id_): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -1307,6 +1314,7 @@ class EquipmentMeterCollection: description='API.INVALID_IS_OUTPUT_VALUE') is_output = new_values['data']['is_output'] + cnx = mysql.connector.connect(**config.myems_system_db) cnx = mysql.connector.connect(**config.myems_system_db) cursor = cnx.cursor() @@ -1363,6 +1371,7 @@ class EquipmentMeterItem: @staticmethod @user_logger def on_delete(req, resp, id_, mid): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_EQUIPMENT_ID')