diff --git a/admin/app/controllers/settings/distributionsystem/distributioncircuit.controller.js b/admin/app/controllers/settings/distributionsystem/distributioncircuit.controller.js index 7f21a276..526c5413 100644 --- a/admin/app/controllers/settings/distributionsystem/distributioncircuit.controller.js +++ b/admin/app/controllers/settings/distributionsystem/distributioncircuit.controller.js @@ -1,10 +1,18 @@ 'use strict'; -app.controller('DistributionCircuitController', function($scope, $translate, $uibModal, DistributionSystemService, DistributionCircuitService, toaster,SweetAlert) { +app.controller('DistributionCircuitController', function( + $scope, + $window, + $translate, + $uibModal, + DistributionSystemService, + DistributionCircuitService, + toaster, + SweetAlert) { $scope.distributionsystems = []; $scope.distributioncircuits = []; $scope.currentDistributionSystem = null; - + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllDistributionSystems = function() { DistributionSystemService.getAllDistributionSystems(function (response) { if (angular.isDefined(response.status) && response.status === 200) { @@ -48,7 +56,8 @@ app.controller('DistributionCircuitController', function($scope, $translate, $ui }); modalInstance.result.then(function(distributioncircuit) { distributioncircuit.distribution_system_id = $scope.currentDistributionSystem.id; - DistributionCircuitService.addDistributionCircuit(distributioncircuit, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + DistributionCircuitService.addDistributionCircuit(distributioncircuit, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -88,7 +97,8 @@ app.controller('DistributionCircuitController', function($scope, $translate, $ui modalInstance.result.then(function(modifiedDistributionCircuit) { modifiedDistributionCircuit.distribution_system_id = $scope.currentDistributionSystem.id; - DistributionCircuitService.editDistributionCircuit(modifiedDistributionCircuit, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + DistributionCircuitService.editDistributionCircuit(modifiedDistributionCircuit, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -126,7 +136,8 @@ app.controller('DistributionCircuitController', function($scope, $translate, $ui }, function(isConfirm) { if (isConfirm) { - DistributionCircuitService.deleteDistributionCircuit(distributioncircuit.id, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + DistributionCircuitService.deleteDistributionCircuit(distributioncircuit.id, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/controllers/settings/distributionsystem/distributioncircuitpoint.controller.js b/admin/app/controllers/settings/distributionsystem/distributioncircuitpoint.controller.js index b7a63720..c97b7fd1 100644 --- a/admin/app/controllers/settings/distributionsystem/distributioncircuitpoint.controller.js +++ b/admin/app/controllers/settings/distributionsystem/distributioncircuitpoint.controller.js @@ -80,7 +80,8 @@ app.controller('DistributionCircuitPointController', function ( $scope.pairPoint = function (dragEl, dropEl) { var pointid = angular.element('#' + dragEl).scope().point.id; var distributioncircuitid = $scope.currentDistributionCircuit.id; - DistributionCircuitPointService.addPair(distributioncircuitid, pointid, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + DistributionCircuitPointService.addPair(distributioncircuitid, pointid, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -106,7 +107,8 @@ app.controller('DistributionCircuitPointController', function ( } var distributioncircuitpointid = angular.element('#' + dragEl).scope().distributioncircuitpoint.id; var distributioncircuitid = $scope.currentDistributionCircuit.id; - DistributionCircuitPointService.deletePair(distributioncircuitid, distributioncircuitpointid, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + DistributionCircuitPointService.deletePair(distributioncircuitid, distributioncircuitpointid, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/controllers/settings/distributionsystem/distributionsystem.controller.js b/admin/app/controllers/settings/distributionsystem/distributionsystem.controller.js index 57c8f4fd..d87e8265 100644 --- a/admin/app/controllers/settings/distributionsystem/distributionsystem.controller.js +++ b/admin/app/controllers/settings/distributionsystem/distributionsystem.controller.js @@ -1,7 +1,14 @@ 'use strict'; -app.controller('DistributionSystemController', function($scope, $translate, $uibModal, DistributionSystemService, toaster,SweetAlert) { - +app.controller('DistributionSystemController', function( + $scope, + $window, + $translate, + $uibModal, + DistributionSystemService, + toaster, + SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllDistributionSystems = function() { DistributionSystemService.getAllDistributionSystems(function(response) { if (angular.isDefined(response.status) && response.status === 200) { @@ -19,7 +26,8 @@ app.controller('DistributionSystemController', function($scope, $translate, $uib windowClass: "animated fadeIn", }); modalInstance.result.then(function(distributionsystem) { - DistributionSystemService.addDistributionSystem(distributionsystem, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + DistributionSystemService.addDistributionSystem(distributionsystem, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -58,7 +66,8 @@ app.controller('DistributionSystemController', function($scope, $translate, $uib }); modalInstance.result.then(function(modifiedDistributionSystem) { - DistributionSystemService.editDistributionSystem(modifiedDistributionSystem, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + DistributionSystemService.editDistributionSystem(modifiedDistributionSystem, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -95,7 +104,8 @@ app.controller('DistributionSystemController', function($scope, $translate, $uib closeOnCancel: true }, function (isConfirm) { if (isConfirm) { - DistributionSystemService.deleteDistributionSystem(distributionsystem, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + DistributionSystemService.deleteDistributionSystem(distributionsystem, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/settings/distributionsystem/distributioncircuit.service.js b/admin/app/services/settings/distributionsystem/distributioncircuit.service.js index ff4be381..1c7914de 100644 --- a/admin/app/services/settings/distributionsystem/distributioncircuit.service.js +++ b/admin/app/services/settings/distributionsystem/distributioncircuit.service.js @@ -17,16 +17,16 @@ app.factory('DistributionCircuitService', function($http) { callback(response); }); }, - addDistributionCircuit: function(distributioncircuit,callback) { - $http.post(getAPI()+'/distributioncircuits',{data:distributioncircuit}) + addDistributionCircuit: function(distributioncircuit, headers, callback) { + $http.post(getAPI()+'/distributioncircuits',{data:distributioncircuit}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editDistributionCircuit: function(distributioncircuit,callback) { - $http.put(getAPI()+'/distributioncircuits/'+distributioncircuit.id,{data:distributioncircuit}) + editDistributionCircuit: function(distributioncircuit, headers, callback) { + $http.put(getAPI()+'/distributioncircuits/'+distributioncircuit.id,{data:distributioncircuit}, {headers}) .then(function (response) { callback(response); }, function (response) { @@ -34,8 +34,8 @@ app.factory('DistributionCircuitService', function($http) { }); }, - deleteDistributionCircuit: function(distributioncircuitID, callback) { - $http.delete(getAPI()+'/distributioncircuits/'+distributioncircuitID) + deleteDistributionCircuit: function(distributioncircuitID, headers, callback) { + $http.delete(getAPI()+'/distributioncircuits/'+distributioncircuitID, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/admin/app/services/settings/distributionsystem/distributioncircuitpoint.service.js b/admin/app/services/settings/distributionsystem/distributioncircuitpoint.service.js index c2ca6420..ab56348c 100644 --- a/admin/app/services/settings/distributionsystem/distributioncircuitpoint.service.js +++ b/admin/app/services/settings/distributionsystem/distributioncircuitpoint.service.js @@ -1,8 +1,8 @@ 'use strict'; app.factory('DistributionCircuitPointService', function($http) { return { - addPair: function(distributioncircuitID,pointID,callback) { - $http.post(getAPI()+'distributioncircuits/'+distributioncircuitID+'/points',{data:{'point_id':pointID}}) + addPair: function(distributioncircuitID,pointID, headers, callback) { + $http.post(getAPI()+'distributioncircuits/'+distributioncircuitID+'/points',{data:{'point_id':pointID}}, {headers}) .then(function (response) { callback(response); }, function (response) { @@ -10,8 +10,8 @@ app.factory('DistributionCircuitPointService', function($http) { }); }, - deletePair: function(distributioncircuitID,pointID, callback) { - $http.delete(getAPI()+'distributioncircuits/'+distributioncircuitID+'/points/'+pointID) + deletePair: function(distributioncircuitID,pointID, headers, callback) { + $http.delete(getAPI()+'distributioncircuits/'+distributioncircuitID+'/points/'+pointID, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/admin/app/services/settings/distributionsystem/distributionsystem.service.js b/admin/app/services/settings/distributionsystem/distributionsystem.service.js index 358cf58a..19ba3b99 100644 --- a/admin/app/services/settings/distributionsystem/distributionsystem.service.js +++ b/admin/app/services/settings/distributionsystem/distributionsystem.service.js @@ -17,24 +17,24 @@ app.factory('DistributionSystemService', function($http) { callback(response); }); }, - addDistributionSystem: function(distributionsystem, callback) { - $http.post(getAPI()+'distributionsystems',{data:distributionsystem}) + addDistributionSystem: function(distributionsystem, headers, callback) { + $http.post(getAPI()+'distributionsystems',{data:distributionsystem}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editDistributionSystem: function(distributionsystem, callback) { - $http.put(getAPI()+'distributionsystems/'+distributionsystem.id,{data:distributionsystem}) + editDistributionSystem: function(distributionsystem, headers, callback) { + $http.put(getAPI()+'distributionsystems/'+distributionsystem.id,{data:distributionsystem}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteDistributionSystem: function(distributionsystem, callback) { - $http.delete(getAPI()+'distributionsystems/'+distributionsystem.id) + deleteDistributionSystem: function(distributionsystem, headers, callback) { + $http.delete(getAPI()+'distributionsystems/'+distributionsystem.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/core/distributioncircuit.py b/myems-api/core/distributioncircuit.py index e4ac8d7d..d6bd8f6a 100644 --- a/myems-api/core/distributioncircuit.py +++ b/myems-api/core/distributioncircuit.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class DistributionCircuitCollection: @@ -63,6 +63,7 @@ class DistributionCircuitCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -232,6 +233,7 @@ class DistributionCircuitItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_DISTRIBUTION_CIRCUIT_ID') @@ -264,6 +266,7 @@ class DistributionCircuitItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -440,6 +443,7 @@ class DistributionCircuitPointCollection: @user_logger def on_post(req, resp, id_): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -507,6 +511,7 @@ class DistributionCircuitPointItem: @staticmethod @user_logger def on_delete(req, resp, id_, pid): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_DISTRIBUTION_CIRCUIT_ID') diff --git a/myems-api/core/distributionsystem.py b/myems-api/core/distributionsystem.py index d1385da8..f0dce86e 100644 --- a/myems-api/core/distributionsystem.py +++ b/myems-api/core/distributionsystem.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class DistributionSystemCollection: @@ -47,6 +47,7 @@ class DistributionSystemCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -146,6 +147,7 @@ class DistributionSystemItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_DISTRIBUTION_SYSTEM_ID') @@ -186,6 +188,7 @@ class DistributionSystemItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: