diff --git a/admin/app/controllers/fdd/emailmessage/emailmessage.controller.js b/admin/app/controllers/fdd/emailmessage/emailmessage.controller.js index 6ffeeedc..d7130749 100644 --- a/admin/app/controllers/fdd/emailmessage/emailmessage.controller.js +++ b/admin/app/controllers/fdd/emailmessage/emailmessage.controller.js @@ -1,9 +1,14 @@ 'use strict'; -app.controller('EmailMessageController', function($scope, $timeout,$translate, +app.controller('EmailMessageController', function( + $scope, + $window, + $timeout, + $translate, EmailMessageAnalysisService, - toaster, SweetAlert) { - + toaster, + SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.$on('handleBroadcastEmailMessageOptionChanged', function (event, data) { if (angular.isDefined(data.load)) { $scope.tabledata = []; @@ -34,7 +39,8 @@ app.controller('EmailMessageController', function($scope, $timeout,$translate, }, function(isConfirm) { if (isConfirm) { - EmailMessageAnalysisService.deleteEmailMessage(emailmessage, function(response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EmailMessageAnalysisService.deleteEmailMessage(emailmessage, headers, function(response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", @@ -50,11 +56,11 @@ app.controller('EmailMessageController', function($scope, $timeout,$translate, body: $translate.instant(response.data.description), showCloseButton: true, }); - } }); } - }); + } + ); }; }); \ No newline at end of file diff --git a/admin/app/controllers/fdd/emailmessage/emailmessageoption.controller.js b/admin/app/controllers/fdd/emailmessage/emailmessageoption.controller.js index 69eb0b6a..06195354 100644 --- a/admin/app/controllers/fdd/emailmessage/emailmessageoption.controller.js +++ b/admin/app/controllers/fdd/emailmessage/emailmessageoption.controller.js @@ -1,7 +1,11 @@ 'use strict'; -app.controller('EmailMessageOptionController', function($scope, $timeout, +app.controller('EmailMessageOptionController', function( + $scope, + $window, + $timeout, EmailMessageAnalysisService) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.daterange = { startDate: moment().subtract(7,'days'), endDate: moment() @@ -18,17 +22,15 @@ app.controller('EmailMessageOptionController', function($scope, $timeout, applyLabel: "OK", cancelLabel: "Cancel", }, - eventHandlers:{ 'apply.daterangepicker':function(ev,picker){ //$scope.execute(); } } - }; $scope.execute = function() { - var datestart,dateend; + var datestart, dateend; var query = { datestart: $scope.daterange.startDate.format().slice(0, 10), dateend: $scope.daterange.endDate.format().slice(0, 10) @@ -37,8 +39,8 @@ app.controller('EmailMessageOptionController', function($scope, $timeout, load: true, period:$scope.currentPeriod }); - - EmailMessageAnalysisService.getAnalysisResult(query, function(response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EmailMessageAnalysisService.getAnalysisResult(query, headers, function(response) { if (angular.isDefined(response.status) && response.status === 200) { $scope.$emit('handleEmitEmailMessageOptionChanged', response.data); } diff --git a/admin/app/services/fdd/emailmessageanalysis.service.js b/admin/app/services/fdd/emailmessageanalysis.service.js index a9512c89..be596a7a 100644 --- a/admin/app/services/fdd/emailmessageanalysis.service.js +++ b/admin/app/services/fdd/emailmessageanalysis.service.js @@ -2,10 +2,8 @@ app.factory('EmailMessageAnalysisService', function($http) { return { - getAnalysisResult: function(query,callback) { - var base="emailmessages"; - var url=base+"/from/"+query.datestart+"/to/"+query.dateend; - $http.get(getAPI()+url) + getAnalysisResult: function(query, headers, callback) { + $http.get(getAPI()+"emailmessages"+"/from/"+query.datestart+"/to/"+query.dateend, {headers}) .then(function (response) { callback(response); }, function (response) { @@ -13,8 +11,8 @@ app.factory('EmailMessageAnalysisService', function($http) { }); }, - deleteEmailMessage: function(emailmessage, callback) { - $http.delete(getAPI()+'emailmessages/'+emailmessage.id) + deleteEmailMessage: function(emailmessage, headers, callback) { + $http.delete(getAPI()+'emailmessages/'+emailmessage.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index 404a52d1..0c4770b9 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -1816,21 +1816,34 @@ "name": "Email Message", "item": [ { - "name": "GET Email Messages from Startdate to Enddate", + "name": "GET Email Messages by Date Range", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "592641a558bc1724c4b75bd80d7d37b9b6a441b9b2231e3a5b2843b1f1e4f6864608ca97c4db00c94012b3406bf0c45cf231b789d2f551c1d420aa4de09f75cd", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { - "raw": "{{base_url}}/emailmessages/from/2020-04-01/to/2020-05-01", + "raw": "{{base_url}}/emailmessages/from/2021-12-01/to/2021-12-31", "host": [ "{{base_url}}" ], "path": [ "emailmessages", "from", - "2020-04-01", + "2021-12-01", "to", - "2020-05-01" + "2021-12-31" ], "query": [ { @@ -1847,7 +1860,20 @@ "name": "GET an Email Message by ID", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "592641a558bc1724c4b75bd80d7d37b9b6a441b9b2231e3a5b2843b1f1e4f6864608ca97c4db00c94012b3406bf0c45cf231b789d2f551c1d420aa4de09f75cd", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/emailmessages/1", "host": [ @@ -1865,7 +1891,20 @@ "name": "POST Create New Email Message TODO", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "592641a558bc1724c4b75bd80d7d37b9b6a441b9b2231e3a5b2843b1f1e4f6864608ca97c4db00c94012b3406bf0c45cf231b789d2f551c1d420aa4de09f75cd", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/emailmessages", "host": [ @@ -1882,7 +1921,20 @@ "name": "PUT Update an Email Message TODO", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "592641a558bc1724c4b75bd80d7d37b9b6a441b9b2231e3a5b2843b1f1e4f6864608ca97c4db00c94012b3406bf0c45cf231b789d2f551c1d420aa4de09f75cd", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "" } @@ -1893,7 +1945,20 @@ "name": "DELETE an Email Message by ID", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "592641a558bc1724c4b75bd80d7d37b9b6a441b9b2231e3a5b2843b1f1e4f6864608ca97c4db00c94012b3406bf0c45cf231b789d2f551c1d420aa4de09f75cd", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/emailmessages/2", "host": [ @@ -4651,12 +4716,14 @@ { "key": "User-UUID", "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", - "type": "text" + "type": "text", + "description": "Any admin users' UUID" }, { "key": "Token", "value": "e713a4845a2f936eef1dca4314e7fad875b898854c56b4c5176d219f5ee19a0831d2ee67c63b17c2f2a49474d090cccb024f98a797d96571bc61027cbe1995af", - "type": "text" + "type": "text", + "description": "Login to get a valid token" } ], "body": { @@ -4683,12 +4750,14 @@ { "key": "User-UUID", "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", - "type": "text" + "type": "text", + "description": "Any admin users' UUID" }, { "key": "Token", "value": "e713a4845a2f936eef1dca4314e7fad875b898854c56b4c5176d219f5ee19a0831d2ee67c63b17c2f2a49474d090cccb024f98a797d96571bc61027cbe1995af", - "type": "text" + "type": "text", + "description": "Login to get a valid token" } ], "body": { @@ -4716,12 +4785,14 @@ { "key": "User-UUID", "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", - "type": "text" + "type": "text", + "description": "Any admin users' UUID" }, { "key": "Token", "value": "e713a4845a2f936eef1dca4314e7fad875b898854c56b4c5176d219f5ee19a0831d2ee67c63b17c2f2a49474d090cccb024f98a797d96571bc61027cbe1995af", - "type": "text" + "type": "text", + "description": "Login to get a valid token" } ], "url": { @@ -4745,12 +4816,14 @@ { "key": "User-UUID", "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", - "type": "text" + "type": "text", + "description": "Any admin users' UUID" }, { "key": "Token", "value": "e713a4845a2f936eef1dca4314e7fad875b898854c56b4c5176d219f5ee19a0831d2ee67c63b17c2f2a49474d090cccb024f98a797d96571bc61027cbe1995af", - "type": "text" + "type": "text", + "description": "Login to get a valid token" } ], "body": { @@ -4798,12 +4871,14 @@ { "key": "User-UUID", "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", - "type": "text" + "type": "text", + "description": "Any admin users' UUID" }, { "key": "Token", "value": "e713a4845a2f936eef1dca4314e7fad875b898854c56b4c5176d219f5ee19a0831d2ee67c63b17c2f2a49474d090cccb024f98a797d96571bc61027cbe1995af", - "type": "text" + "type": "text", + "description": "Login to get a valid token" } ], "url": { diff --git a/myems-api/README.md b/myems-api/README.md index 73700050..e405e268 100644 --- a/myems-api/README.md +++ b/myems-api/README.md @@ -504,11 +504,11 @@ Result in JSON | status | string | Status ('new', 'sent', 'timeout' | ```bash -curl -i -X GET {{base_url}}/emailmessages/{id} +curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/emailmessages/{id} ``` -* GET Email Messages from Startdate to Enddate +* GET Email Messages by Date Range ```bash -curl -i -X GET {{base_url}}/emailmessages/from/{startdate}/to/{enddate} +curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/emailmessages/from/{startdate}/to/{enddate} ``` * DELETE an Email Message by ID ```bash diff --git a/myems-api/core/emailmessage.py b/myems-api/core/emailmessage.py index 0068462f..318f39aa 100644 --- a/myems-api/core/emailmessage.py +++ b/myems-api/core/emailmessage.py @@ -3,7 +3,7 @@ import json import mysql.connector import config from datetime import datetime, timedelta, timezone -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class EmailMessageCollection: @@ -18,6 +18,7 @@ class EmailMessageCollection: @staticmethod def on_get(req, resp, startdate, enddate): + access_control(req) try: start_datetime_local = datetime.strptime(startdate, '%Y-%m-%d') except Exception: @@ -100,6 +101,7 @@ class EmailMessageItem: @staticmethod def on_get(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_EMAIL_MESSAGE_ID') @@ -149,6 +151,7 @@ class EmailMessageItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_EMAIL_MESSAGE_ID')