seg_yinzy
/
myems
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added access control to energyitem in api and admin

pull/86/head
13621160019@163.com 2021-12-01 22:16:11 +08:00
parent 637f8ce481 8481fa68a5
commit 213f669924
5 changed files with 71 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
admin/app/controllers/settings/category/energyitem.controller.js
View File

@ -1,6 +1,15 @@
'use strict'; 'use strict';
app.controller('EnergyItemController', function($scope, $translate,$uibModal, CategoryService, EnergyItemService, toaster,SweetAlert) { app.controller('EnergyItemController', function(
$scope,
$window,
$translate,
$uibModal,
CategoryService,
EnergyItemService,
toaster,
SweetAlert) {
$scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user"));
$scope.getAllCategories = function() { $scope.getAllCategories = function() {
CategoryService.getAllCategories(function (response) { CategoryService.getAllCategories(function (response) {
if (angular.isDefined(response.status) && response.status === 200) { if (angular.isDefined(response.status) && response.status === 200) {
@ -38,7 +47,8 @@ app.controller('EnergyItemController', function($scope, $translate,$uibModal, Ca
} }
}); });
modalInstance.result.then(function(energyItem) { modalInstance.result.then(function(energyItem) {
EnergyItemService.addEnergyItem(energyItem, function(response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
EnergyItemService.addEnergyItem(energyItem, headers, function(response) {
if (angular.isDefined(response.status) && response.status === 201) { if (angular.isDefined(response.status) && response.status === 201) {
toaster.pop({ toaster.pop({
type: "success", type: "success",
@ -78,7 +88,8 @@ app.controller('EnergyItemController', function($scope, $translate,$uibModal, Ca
}); });
modalInstance.result.then(function (modifiedEnergyItem) { modalInstance.result.then(function (modifiedEnergyItem) {
EnergyItemService.editEnergyItem(modifiedEnergyItem, function (response){ let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
EnergyItemService.editEnergyItem(modifiedEnergyItem, headers, function (response){
if(angular.isDefined(response.status) && response.status === 200){ if(angular.isDefined(response.status) && response.status === 200){
toaster.pop({ toaster.pop({
type: "success", type: "success",
@ -114,7 +125,8 @@ app.controller('EnergyItemController', function($scope, $translate,$uibModal, Ca
closeOnCancel: true }, closeOnCancel: true },
function (isConfirm) { function (isConfirm) {
if (isConfirm) { if (isConfirm) {
EnergyItemService.deleteEnergyItem(energyItem, function (response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
EnergyItemService.deleteEnergyItem(energyItem, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 204) { if (angular.isDefined(response.status) && response.status === 204) {
toaster.pop({ toaster.pop({
type: "success", type: "success",

12
admin/app/services/settings/category/energyitem.service.js
View File

@ -17,24 +17,24 @@ app.factory('EnergyItemService', function($http) {
callback(response); callback(response);
}); });
}, },
addEnergyItem: function(energyItem, callback) { addEnergyItem: function(energyItem, headers, callback) {
$http.post(getAPI()+'energyitems',{data:energyItem}) $http.post(getAPI()+'energyitems',{data:energyItem}, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
callback(response); callback(response);
}); });
}, },
editEnergyItem: function(energyItem, callback) { editEnergyItem: function(energyItem, headers, callback) {
$http.put(getAPI()+'energyitems/'+energyItem.id,{data:energyItem}) $http.put(getAPI()+'energyitems/'+energyItem.id,{data:energyItem}, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
callback(response); callback(response);
}); });
}, },
deleteEnergyItem: function(energyItem, callback) { deleteEnergyItem: function(energyItem, headers, callback) {
$http.delete(getAPI()+'energyitems/'+energyItem.id) $http.delete(getAPI()+'energyitems/'+energyItem.id, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {

45
myems-api/MyEMS.postman_collection.json
View File

@ -2303,7 +2303,20 @@
"name": "POST Create an Energy Item", "name": "POST Create an Energy Item",
"request": { "request": {
"method": "POST", "method": "POST",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4 ",
"description": "Any admin users' UUID",
"type": "text"
},
{
"key": "Token",
"value": "89d8c1a8e6e2a4fc3b7a7eb3964c4e6fc97b5ae216591a986deb43f8a03babcd72ce5ad0c160e3ed4c9550cea29a9a548a261812484f2c7ac9aa039aa33441e2",
"description": "Login to get a valid token",
"type": "text"
}
],
"body": { "body": {
"mode": "raw", "mode": "raw",
"raw": "{\"data\":{\"name\":\"租户用电\",\"energy_category_id\":1}}" "raw": "{\"data\":{\"name\":\"租户用电\",\"energy_category_id\":1}}"
@ -2324,7 +2337,20 @@
"name": "PUT Update an Energy Item", "name": "PUT Update an Energy Item",
"request": { "request": {
"method": "PUT", "method": "PUT",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4 ",
"description": "Any admin users' UUID",
"type": "text"
},
{
"key": "Token",
"value": "89d8c1a8e6e2a4fc3b7a7eb3964c4e6fc97b5ae216591a986deb43f8a03babcd72ce5ad0c160e3ed4c9550cea29a9a548a261812484f2c7ac9aa039aa33441e2",
"description": "Login to get a valid token",
"type": "text"
}
],
"body": { "body": {
"mode": "raw", "mode": "raw",
"raw": "{\"data\":{\"name\":\"空调用\",\"energy_category_id\":1}}" "raw": "{\"data\":{\"name\":\"空调用\",\"energy_category_id\":1}}"
@ -2346,7 +2372,20 @@
"name": "DELETE an Energy Item", "name": "DELETE an Energy Item",
"request": { "request": {
"method": "DELETE", "method": "DELETE",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4 ",
"description": "Any admin users' UUID",
"type": "text"
},
{
"key": "Token",
"value": "89d8c1a8e6e2a4fc3b7a7eb3964c4e6fc97b5ae216591a986deb43f8a03babcd72ce5ad0c160e3ed4c9550cea29a9a548a261812484f2c7ac9aa039aa33441e2",
"description": "Login to get a valid token",
"type": "text"
}
],
"url": { "url": {
"raw": "{{base_url}}/energyitems/4", "raw": "{{base_url}}/energyitems/4",
"host": [ "host": [

6
myems-api/README.md
View File

@ -669,15 +669,15 @@ curl -i -X GET {{base_url}}/energyitems
``` ```
* DELETE an Energy Item by ID * DELETE an Energy Item by ID
```bash ```bash
curl -i -X DELETE {{base_url}}/energyitems/{id} curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X DELETE {{base_url}}/energyitems/{id}
``` ```
* POST Create an Energy Item * POST Create an Energy Item
```bash ```bash
curl -i -H "Content-Type: application/json" -X POST -d '{"data":{"name":"空调用电","energy_category_id":1}}' {{base_url}}/energyitems curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X POST -d '{"data":{"name":"空调用电","energy_category_id":1}}' {{base_url}}/energyitems
``` ```
* PUT Update an Energy Item * PUT Update an Energy Item
```bash ```bash
curl -i -H "Content-Type: application/json" -X PUT -d '{"data":{"name":"动力用电","energy_category_id":1}}' {{base_url}}/energyitems/{id} curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X PUT -d '{"data":{"name":"动力用电","energy_category_id":1}}' {{base_url}}/energyitems/{id}
``` ```
### Equipment ### Equipment

5
myems-api/core/energyitem.py
View File

@ -3,7 +3,7 @@ import simplejson as json
import mysql.connector import mysql.connector
import config import config
import uuid import uuid
from core.useractivity import user_logger from core.useractivity import user_logger, access_control
class EnergyItemCollection: class EnergyItemCollection:
@ -55,6 +55,7 @@ class EnergyItemCollection:
@user_logger @user_logger
def on_post(req, resp): def on_post(req, resp):
"""Handles POST requests""" """Handles POST requests"""
access_control(req)
try: try:
raw_json = req.stream.read().decode('utf-8') raw_json = req.stream.read().decode('utf-8')
except Exception as ex: except Exception as ex:
@ -165,6 +166,7 @@ class EnergyItemItem:
@staticmethod @staticmethod
@user_logger @user_logger
def on_delete(req, resp, id_): def on_delete(req, resp, id_):
access_control(req)
if not id_.isdigit() or int(id_) <= 0: if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_ENERGY_ITEM_ID') description='API.INVALID_ENERGY_ITEM_ID')
@ -225,6 +227,7 @@ class EnergyItemItem:
@user_logger @user_logger
def on_put(req, resp, id_): def on_put(req, resp, id_):
"""Handles PUT requests""" """Handles PUT requests"""
access_control(req)
try: try:
raw_json = req.stream.read().decode('utf-8') raw_json = req.stream.read().decode('utf-8')
except Exception as ex: except Exception as ex: