added access control to meter

2021-11-23 11:08:29 +08:00 · 2021-11-23 11:08:29 +08:00 · 365a0a903c
parent c7660d844f
commit 365a0a903c
3 changed files with 16 additions and 10 deletions
--- a/admin/app/controllers/settings/meter/meter.controller.js
+++ b/admin/app/controllers/settings/meter/meter.controller.js
@ -130,6 +130,7 @@ app.controller('MeterController', function($scope,  $translate, $uibModal, Meter
 			}
 		});
 		modalInstance.result.then(function(meter) {
+			let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
 			meter.energy_category_id = meter.energy_category.id;
 			meter.cost_center_id = meter.cost_center.id;
 			if(angular.isDefined(meter.energy_item)) {
@ -142,7 +143,7 @@ app.controller('MeterController', function($scope,  $translate, $uibModal, Meter
 			} else {
 				meter.master_meter_id = undefined;
 			}
-			MeterService.addMeter(meter, function (response) {
+			MeterService.addMeter(meter, headers, function (response) {
 				if (angular.isDefined(response.status) && response.status === 201) {
 					toaster.pop({
 						type: "success",
@ -186,6 +187,7 @@ app.controller('MeterController', function($scope,  $translate, $uibModal, Meter
 		});

 		modalInstance.result.then(function(modifiedMeter) {
+			let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
 			modifiedMeter.energy_category_id = modifiedMeter.energy_category.id;
 			modifiedMeter.cost_center_id = modifiedMeter.cost_center.id;
 			if (modifiedMeter.energy_item != null && modifiedMeter.energy_item.id != null ) {
@ -198,7 +200,7 @@ app.controller('MeterController', function($scope,  $translate, $uibModal, Meter
 			} else {
 				modifiedMeter.master_meter_id = undefined;
 			}
-			MeterService.editMeter(modifiedMeter, function (response) {
+			MeterService.editMeter(modifiedMeter, headers,function (response) {
 				if (angular.isDefined(response.status) && response.status === 200) {
 					toaster.pop({
 						type: "success",
@ -236,7 +238,8 @@ app.controller('MeterController', function($scope,  $translate, $uibModal, Meter
 			},
 			function(isConfirm) {
 				if (isConfirm) {
-					MeterService.deleteMeter(meter, function (response) {
+					let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
+					MeterService.deleteMeter(meter, headers, function (response) {
 						if (angular.isDefined(response.status) && response.status === 204) {
 							toaster.pop({
 								type: "success",
--- a/admin/app/services/settings/meter/meter.service.js
+++ b/admin/app/services/settings/meter/meter.service.js
@ -25,24 +25,24 @@ app.factory('MeterService', function($http) {
                callback(response);
            });
        },
-        addMeter: function(meter, callback) {
-            $http.post(getAPI()+'meters',{data:meter})
+        addMeter: function(meter, headers, callback) {
+            $http.post(getAPI()+'meters',{data:meter}, {headers})
            .then(function (response) {
                callback(response);
            }, function (response) {
                callback(response);
            });
        },
-        editMeter: function(meter, callback) {
-            $http.put(getAPI()+'meters/'+meter.id,{data:meter})
+        editMeter: function(meter, headers, callback) {
+            $http.put(getAPI()+'meters/'+meter.id,{data:meter}, {headers})
            .then(function (response) {
                callback(response);
            }, function (response) {
                callback(response);
            });
        },
-        deleteMeter: function(meter, callback) {
-            $http.delete(getAPI()+'meters/'+meter.id)
+        deleteMeter: function(meter, headers, callback) {
+            $http.delete(getAPI()+'meters/'+meter.id, {headers})
            .then(function (response) {
                callback(response);
            }, function (response) {
--- a/myems-api/core/meter.py
+++ b/myems-api/core/meter.py
@ -3,7 +3,7 @@ import simplejson as json
 import mysql.connector
 import config
 import uuid
-from core.useractivity import user_logger
+from core.useractivity import user_logger, access_control


 class MeterCollection:
@ -105,6 +105,7 @@ class MeterCollection:
    @user_logger
    def on_post(req, resp):
        """Handles POST requests"""
+        access_control(req)
        try:
            raw_json = req.stream.read().decode('utf-8')
        except Exception as ex:
@ -373,6 +374,7 @@ class MeterItem:
    @staticmethod
    @user_logger
    def on_delete(req, resp, id_):
+        access_control(req)
        if not id_.isdigit() or int(id_) <= 0:
            raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
                                   description='API.INVALID_METER_ID')
@ -550,6 +552,7 @@ class MeterItem:
    @user_logger
    def on_put(req, resp, id_):
        """Handles PUT requests"""
+        access_control(req)
        try:
            raw_json = req.stream.read().decode('utf-8')
        except Exception as ex: