From 2eaa8df6c6cc22eb727c26d3e221b700d726d7f3 Mon Sep 17 00:00:00 2001 From: Caozhenhui <823914102@qq.com> Date: Fri, 3 Dec 2021 16:36:48 +0800 Subject: [PATCH] added access control to sensor --- .../settings/sensor/sensor.controller.js | 14 +++++++++----- .../settings/sensor/sensorpoint.controller.js | 6 ++++-- .../app/services/settings/sensor/sensor.service.js | 12 ++++++------ .../settings/sensor/sensorpoint.service.js | 4 ++-- myems-api/core/sensor.py | 7 ++++++- 5 files changed, 27 insertions(+), 16 deletions(-) diff --git a/admin/app/controllers/settings/sensor/sensor.controller.js b/admin/app/controllers/settings/sensor/sensor.controller.js index ee242f3f..b4ee268a 100644 --- a/admin/app/controllers/settings/sensor/sensor.controller.js +++ b/admin/app/controllers/settings/sensor/sensor.controller.js @@ -1,7 +1,7 @@ 'use strict'; -app.controller('SensorController', function($scope, $translate, $uibModal, SensorService, toaster, SweetAlert) { - +app.controller('SensorController', function($scope, $window, $translate, $uibModal, SensorService, toaster, SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllSensors = function() { SensorService.getAllSensors(function (response) { if (angular.isDefined(response.status) && response.status === 200) { @@ -27,7 +27,9 @@ app.controller('SensorController', function($scope, $translate, $uibModal, Sens } }); modalInstance.result.then(function(sensor) { - SensorService.addSensor(sensor, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + SensorService.addSensor(sensor, {headers}, + function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -67,7 +69,8 @@ app.controller('SensorController', function($scope, $translate, $uibModal, Sens }); modalInstance.result.then(function(modifiedSensor) { - SensorService.editSensor(modifiedSensor, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + SensorService.editSensor(modifiedSensor, {headers}, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -105,7 +108,8 @@ app.controller('SensorController', function($scope, $translate, $uibModal, Sens }, function(isConfirm) { if (isConfirm) { - SensorService.deleteSensor(sensor, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + SensorService.deleteSensor(sensor, {headers}, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/controllers/settings/sensor/sensorpoint.controller.js b/admin/app/controllers/settings/sensor/sensorpoint.controller.js index c2b6839c..b4c58ee4 100644 --- a/admin/app/controllers/settings/sensor/sensorpoint.controller.js +++ b/admin/app/controllers/settings/sensor/sensorpoint.controller.js @@ -80,7 +80,8 @@ app.controller('SensorPointController', function ( $scope.pairPoint = function (dragEl, dropEl) { var pointid = angular.element('#' + dragEl).scope().point.id; var sensorid = $scope.currentSensor.id; - SensorPointService.addPair(sensorid, pointid, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + SensorPointService.addPair(sensorid, pointid, {headers}, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -106,7 +107,8 @@ app.controller('SensorPointController', function ( } var sensorpointid = angular.element('#' + dragEl).scope().sensorpoint.id; var sensorid = $scope.currentSensor.id; - SensorPointService.deletePair(sensorid, sensorpointid, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + SensorPointService.deletePair(sensorid, sensorpointid, {headers}, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/settings/sensor/sensor.service.js b/admin/app/services/settings/sensor/sensor.service.js index 1282799b..e28b6e59 100644 --- a/admin/app/services/settings/sensor/sensor.service.js +++ b/admin/app/services/settings/sensor/sensor.service.js @@ -17,24 +17,24 @@ app.factory('SensorService', function($http) { callback(response); }); }, - addSensor: function(sensor, callback) { - $http.post(getAPI()+'sensors',{data:sensor}) + addSensor: function(sensor, headers, callback) { + $http.post(getAPI()+'sensors',{data:sensor}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editSensor: function(sensor, callback) { - $http.put(getAPI()+'sensors/'+sensor.id,{data:sensor}) + editSensor: function(sensor, headers, callback) { + $http.put(getAPI()+'sensors/'+sensor.id,{data:sensor}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteSensor: function(sensor, callback) { - $http.delete(getAPI()+'sensors/'+sensor.id) + deleteSensor: function(sensor, headers, callback) { + $http.delete(getAPI()+'sensors/'+sensor.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/admin/app/services/settings/sensor/sensorpoint.service.js b/admin/app/services/settings/sensor/sensorpoint.service.js index d2f614de..c12cd976 100644 --- a/admin/app/services/settings/sensor/sensorpoint.service.js +++ b/admin/app/services/settings/sensor/sensorpoint.service.js @@ -1,7 +1,7 @@ 'use strict'; app.factory('SensorPointService', function($http) { return { - addPair: function(sensorID,pointID,callback) { + addPair: function(sensorID,pointID, headers, callback) { $http.post(getAPI()+'sensors/'+sensorID+'/points',{data:{'point_id':pointID}}) .then(function (response) { callback(response); @@ -10,7 +10,7 @@ app.factory('SensorPointService', function($http) { }); }, - deletePair: function(sensorID,pointID, callback) { + deletePair: function(sensorID,pointID, headers, callback) { $http.delete(getAPI()+'sensors/'+sensorID+'/points/'+pointID) .then(function (response) { callback(response); diff --git a/myems-api/core/sensor.py b/myems-api/core/sensor.py index b8984ed8..9c15b6d3 100644 --- a/myems-api/core/sensor.py +++ b/myems-api/core/sensor.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class SensorCollection: @@ -44,6 +44,7 @@ class SensorCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -133,6 +134,7 @@ class SensorItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_SENSOR_ID') @@ -209,6 +211,7 @@ class SensorItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -320,6 +323,7 @@ class SensorPointCollection: @user_logger def on_post(req, resp, id_): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -387,6 +391,7 @@ class SensorPointItem: @staticmethod @user_logger def on_delete(req, resp, id_, pid): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_SENSOR_ID')