seg_yinzy
/
myems
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added access control to cost file

pull/80/head
13621160019@163.com 2021-11-18 22:51:01 +08:00
parent f396564bc2
commit 2245dee31e
4 changed files with 94 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
admin/app/controllers/settings/costcenter/costfile.controller.js
View File

@ -1,18 +1,19 @@
'use strict';
app.controller('CostFileController', function (
$scope,
$scope,
$window,
$translate,
$interval,
CostFileService,
toaster,
$translate,
$interval,
CostFileService,
toaster,
SweetAlert) {
$scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user"));
$scope.getAllCostFiles = function () {
CostFileService.getAllCostFiles(function (response) {
let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
CostFileService.getAllCostFiles(headers, function (response) {
if (angular.isDefined(response.status) && response.status === 200) {
$scope.costfiles = response.data;
} else {
@ -53,7 +54,8 @@ app.controller('CostFileController', function (
};
$scope.restoreCostFile = function (costfile) {
CostFileService.restoreCostFile(costfile, function (response) {
let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
CostFileService.restoreCostFile(costfile, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 200) {
toaster.pop({
type: "success",
@ -87,7 +89,8 @@ app.controller('CostFileController', function (
},
function (isConfirm) {
if (isConfirm) {
CostFileService.deleteCostFile(costfile, function (response) {
let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
CostFileService.deleteCostFile(costfile, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 204) {
toaster.pop({
type: "success",

38
admin/app/services/settings/costcenter/costfile.service.js
View File

@ -1,38 +1,38 @@
'use strict';
app.factory('CostFileService', function($http) {
return {
getAllCostFiles:function(callback){
$http.get(getAPI()+'costfiles')
app.factory('CostFileService', function($http) {
return {
getAllCostFiles:function(headers, callback){
$http.get(getAPI()+'costfiles', {headers})
.then(function (response) {
callback(response);
}, function (response) {
callback(response);
});
},
addCostFile: function(costfile, callback) {
$http.post(getAPI()+'costfiles',{data:costfile})
.then(function (response) {
callback(response);
}, function (response) {
callback(response);
});
},
restoreCostFile: function (costfile, callback) {
$http.get(getAPI() + 'costfiles/' + costfile.id + '/restore')
addCostFile: function(costfile, headers, callback) {
$http.post(getAPI()+'costfiles', {data:costfile}, {headers})
.then(function (response) {
callback(response);
}, function (response) {
callback(response);
});
},
deleteCostFile: function(costfile, callback) {
$http.delete(getAPI()+'costfiles/'+costfile.id)
restoreCostFile: function (costfile, headers, callback) {
$http.get(getAPI() + 'costfiles/' + costfile.id + '/restore', {headers})
.then(function (response) {
callback(response);
}, function (response) {
callback(response);
});
});
},
deleteCostFile: function(costfile, headers, callback) {
$http.delete(getAPI()+'costfiles/' + costfile.id, {headers})
.then(function (response) {
callback(response);
}, function (response) {
callback(response);
});
}
};
});
});

64
myems-api/MyEMS.postman_collection.json
View File

@ -853,7 +853,20 @@
"name": "GET All Cost Files",
"request": {
"method": "GET",
"header": [],
"header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"description": "Any admin users' UUID",
"type": "text"
},
{
"key": "Token",
"value": "6ab593bb7e48f22da551572b444b2095b02f7fd717681215c16866b18846c9e0c7c9a10b612d26e262d2100223197a3804daec0ace179623dcb3d3e0a3213dbe",
"description": "Login to get a valid token",
"type": "text"
}
],
"url": {
"raw": "{{base_url}}/costfiles",
"host": [
@ -870,7 +883,20 @@
"name": "GET a Cost File by ID",
"request": {
"method": "GET",
"header": [],
"header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"description": "Any admin users' UUID",
"type": "text"
},
{
"key": "Token",
"value": "6ab593bb7e48f22da551572b444b2095b02f7fd717681215c16866b18846c9e0c7c9a10b612d26e262d2100223197a3804daec0ace179623dcb3d3e0a3213dbe",
"description": "Login to get a valid token",
"type": "text"
}
],
"url": {
"raw": "{{base_url}}/costfiles/1",
"host": [
@ -926,7 +952,20 @@
"name": "DELETE a Cost File by ID",
"request": {
"method": "DELETE",
"header": [],
"header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"description": "Any admin users' UUID",
"type": "text"
},
{
"key": "Token",
"value": "6ab593bb7e48f22da551572b444b2095b02f7fd717681215c16866b18846c9e0c7c9a10b612d26e262d2100223197a3804daec0ace179623dcb3d3e0a3213dbe",
"description": "Login to get a valid token",
"type": "text"
}
],
"url": {
"raw": "{{base_url}}/costfiles/1",
"host": [
@ -944,15 +983,28 @@
"name": "Rstore a Cost File by ID",
"request": {
"method": "GET",
"header": [],
"header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"description": "Any admin users' UUID",
"type": "text"
},
{
"key": "Token",
"value": "6ab593bb7e48f22da551572b444b2095b02f7fd717681215c16866b18846c9e0c7c9a10b612d26e262d2100223197a3804daec0ace179623dcb3d3e0a3213dbe",
"description": "Login to get a valid token",
"type": "text"
}
],
"url": {
"raw": "{{base_url}}/costfiles/1/restore",
"raw": "{{base_url}}/costfiles/20/restore",
"host": [
"{{base_url}}"
],
"path": [
"costfiles",
"1",
"20",
"restore"
]
}

7
myems-api/core/costfile.py
View File

@ -5,7 +5,7 @@ import config
import uuid
from datetime import datetime, timezone, timedelta
import os
from core.useractivity import user_logger
from core.useractivity import user_logger, access_control
class CostFileCollection:
@ -20,6 +20,7 @@ class CostFileCollection:
@staticmethod
def on_get(req, resp):
access_control(req)
cnx = mysql.connector.connect(**config.myems_historical_db)
cursor = cnx.cursor()
@ -52,6 +53,7 @@ class CostFileCollection:
@user_logger
def on_post(req, resp):
"""Handles POST requests"""
access_control(req)
try:
upload = req.get_param('file')
# Read upload file as binary
@ -157,6 +159,7 @@ class CostFileItem:
@staticmethod
def on_get(req, resp, id_):
access_control(req)
if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400,
title='API.BAD_REQUEST',
@ -191,6 +194,7 @@ class CostFileItem:
@staticmethod
@user_logger
def on_delete(req, resp, id_):
access_control(req)
if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_COST_FILE_ID')
@ -241,6 +245,7 @@ class CostFileRestore:
@staticmethod
def on_get(req, resp, id_):
access_control(req)
if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_COST_FILE_ID')