diff --git a/admin/app/controllers/settings/costcenter/costcenter.controller.js b/admin/app/controllers/settings/costcenter/costcenter.controller.js index 3dac6dae..3610e611 100644 --- a/admin/app/controllers/settings/costcenter/costcenter.controller.js +++ b/admin/app/controllers/settings/costcenter/costcenter.controller.js @@ -1,7 +1,14 @@ 'use strict'; -app.controller('CostCenterController', function($scope, $translate,$uibModal, CostCenterService,toaster,SweetAlert) { - +app.controller('CostCenterController', function( + $scope, + $window, + $translate, + $uibModal, + CostCenterService, + toaster, + SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllCostCenters = function() { CostCenterService.getAllCostCenters(function (response) { if (angular.isDefined(response.status) && response.status === 200) { @@ -19,7 +26,8 @@ app.controller('CostCenterController', function($scope, $translate,$uibModal, Co windowClass: "animated fadeIn", }); modalInstance.result.then(function(costcenter) { - CostCenterService.addCostCenter(costcenter, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + CostCenterService.addCostCenter(costcenter, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -59,7 +67,8 @@ app.controller('CostCenterController', function($scope, $translate,$uibModal, Co }); modalInstance.result.then(function (modifiedCostCenter) { - CostCenterService.editCostCenter(modifiedCostCenter, function (response){ + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + CostCenterService.editCostCenter(modifiedCostCenter, headers, function (response){ if(angular.isDefined(response.status) && response.status === 200){ toaster.pop({ type: "success", @@ -96,7 +105,8 @@ app.controller('CostCenterController', function($scope, $translate,$uibModal, Co closeOnCancel: true }, function (isConfirm) { if (isConfirm) { - CostCenterService.deleteCostCenter(costcenter, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + CostCenterService.deleteCostCenter(costcenter, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/controllers/settings/costcenter/costcentertariff.controller.js b/admin/app/controllers/settings/costcenter/costcentertariff.controller.js index 242a58f8..67efe1b8 100644 --- a/admin/app/controllers/settings/costcenter/costcentertariff.controller.js +++ b/admin/app/controllers/settings/costcenter/costcentertariff.controller.js @@ -1,11 +1,14 @@ 'use strict'; -app.controller('CostCenterTariffController', function ($scope, $translate, - CostCenterService, - TariffService, - CostCenterTariffService, - toaster) { - +app.controller('CostCenterTariffController', function ( + $scope, + $window, + $translate, + CostCenterService, + TariffService, + CostCenterTariffService, + toaster) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllCostCenters = function () { CostCenterService.getAllCostCenters(function (response) { if (angular.isDefined(response.status) && response.status === 200) { @@ -51,7 +54,8 @@ app.controller('CostCenterTariffController', function ($scope, $translate, $scope.pairTariff = function (dragEl, dropEl) { var tariffid = angular.element('#' + dragEl).scope().tariff.id; var costcenterid = $scope.currentCostCenter.id; - CostCenterTariffService.addPair(costcenterid, tariffid, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + CostCenterTariffService.addPair(costcenterid, tariffid, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -77,7 +81,8 @@ app.controller('CostCenterTariffController', function ($scope, $translate, } var costcentertariffid = angular.element('#' + dragEl).scope().costcentertariff.id; var costcenterid = $scope.currentCostCenter.id; - CostCenterTariffService.deletePair(costcenterid, costcentertariffid, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + CostCenterTariffService.deletePair(costcenterid, costcentertariffid, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/controllers/settings/tariff/tariff.controller.js b/admin/app/controllers/settings/tariff/tariff.controller.js index 2b43c4f5..88ecd84c 100644 --- a/admin/app/controllers/settings/tariff/tariff.controller.js +++ b/admin/app/controllers/settings/tariff/tariff.controller.js @@ -1,7 +1,17 @@ 'use strict'; -app.controller('TariffController', function($scope,$uibModal,$translate, TARIFF_TYPE, PEAK_TYPE, TariffService, CategoryService, toaster, SweetAlert) { - +app.controller('TariffController', function( + $scope, + $window, + $uibModal, + $translate, + TARIFF_TYPE, + PEAK_TYPE, + TariffService, + CategoryService, + toaster, + SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllCategories = function() { CategoryService.getAllCategories(function (response) { if (angular.isDefined(response.status) && response.status === 200) { @@ -42,7 +52,8 @@ app.controller('TariffController', function($scope,$uibModal,$translate, TARIFF_ } }); modalInstance.result.then(function(tariff) { - TariffService.addTariff(tariff, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + TariffService.addTariff(tariff, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -82,7 +93,8 @@ app.controller('TariffController', function($scope,$uibModal,$translate, TARIFF_ }); modalInstance.result.then(function(modifiedTariff) { - TariffService.editTariff(modifiedTariff, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + TariffService.editTariff(modifiedTariff, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -119,7 +131,8 @@ app.controller('TariffController', function($scope,$uibModal,$translate, TARIFF_ }, function(isConfirm) { if (isConfirm) { - TariffService.deleteTariff(tariff, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + TariffService.deleteTariff(tariff, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/settings/costcenter/costcenter.service.js b/admin/app/services/settings/costcenter/costcenter.service.js index 6adc79cf..fc307150 100644 --- a/admin/app/services/settings/costcenter/costcenter.service.js +++ b/admin/app/services/settings/costcenter/costcenter.service.js @@ -17,24 +17,24 @@ app.factory('CostCenterService', function($http) { callback(response); }); }, - addCostCenter: function(costcenter, callback) { - $http.post(getAPI()+'costcenters',{data:costcenter}) + addCostCenter: function(costcenter, headers, callback) { + $http.post(getAPI()+'costcenters',{data:costcenter}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editCostCenter: function(costcenter, callback) { - $http.put(getAPI()+'costcenters/'+costcenter.id,{data:costcenter}) + editCostCenter: function(costcenter, headers, callback) { + $http.put(getAPI()+'costcenters/'+costcenter.id,{data:costcenter}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteCostCenter: function(costcenter, callback) { - $http.delete(getAPI()+'costcenters/'+costcenter.id) + deleteCostCenter: function(costcenter, headers, callback) { + $http.delete(getAPI()+'costcenters/'+costcenter.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/admin/app/services/settings/costcenter/costcentertariff.service.js b/admin/app/services/settings/costcenter/costcentertariff.service.js index 532af9f5..7c121a01 100644 --- a/admin/app/services/settings/costcenter/costcentertariff.service.js +++ b/admin/app/services/settings/costcenter/costcentertariff.service.js @@ -1,8 +1,8 @@ 'use strict'; app.factory('CostCenterTariffService', function($http) { return { - addPair: function(costcenterid,tariffid,callback) { - $http.post(getAPI()+'costcenters/'+costcenterid+'/tariffs',{data:{'tariff_id':tariffid}}) + addPair: function(costcenterid, tariffid, headers, callback ) { + $http.post(getAPI()+'costcenters/'+costcenterid+'/tariffs',{data:{'tariff_id':tariffid}}, {headers}) .then(function (response) { callback(response); }, function (response) { @@ -10,8 +10,8 @@ app.factory('CostCenterTariffService', function($http) { }); }, - deletePair: function(costcenterid,tariffid, callback) { - $http.delete(getAPI()+'costcenters/'+costcenterid+'/tariffs/'+tariffid) + deletePair: function(costcenterid, tariffid, headers, callback) { + $http.delete(getAPI()+'costcenters/'+costcenterid+'/tariffs/'+tariffid, {headers}) .then(function (response) { callback(response); }, function (response) { @@ -19,7 +19,7 @@ app.factory('CostCenterTariffService', function($http) { }); }, getTariffsByCostCenterID: function(id, callback) { - $http.get(getAPI()+'costcenters/'+id+'/tariffs') + $http.get(getAPI()+'costcenters/'+id+'/tariffs') .then(function (response) { callback(response); }, function (response) { diff --git a/admin/app/services/settings/tariff/tariff.service.js b/admin/app/services/settings/tariff/tariff.service.js index ca4be90f..0848f124 100644 --- a/admin/app/services/settings/tariff/tariff.service.js +++ b/admin/app/services/settings/tariff/tariff.service.js @@ -17,24 +17,24 @@ app.factory('TariffService', function($http) { callback(response); }); }, - addTariff: function(tariff, callback) { - $http.post(getAPI()+'tariffs',{data:tariff}) + addTariff: function(tariff, headers, callback) { + $http.post(getAPI()+'tariffs',{data:tariff}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editTariff: function(tariff, callback) { - $http.put(getAPI()+'tariffs/'+tariff.id,{data:tariff}) + editTariff: function(tariff, headers, callback) { + $http.put(getAPI()+'tariffs/'+tariff.id,{data:tariff}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteTariff: function(tariff, callback) { - $http.delete(getAPI()+'tariffs/'+tariff.id) + deleteTariff: function(tariff, headers, callback) { + $http.delete(getAPI()+'tariffs/'+tariff.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/core/costcenter.py b/myems-api/core/costcenter.py index 78b24a13..7a4b93f2 100644 --- a/myems-api/core/costcenter.py +++ b/myems-api/core/costcenter.py @@ -41,6 +41,7 @@ class CostCenterCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') @@ -135,6 +136,7 @@ class CostCenterItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_COST_CENTER_ID') @@ -282,6 +284,7 @@ class CostCenterItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -410,6 +413,7 @@ class CostCenterTariffCollection: @user_logger def on_post(req, resp, id_): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -478,6 +482,7 @@ class CostCenterTariffItem: @staticmethod @user_logger def on_delete(req, resp, id_, tid): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_COST_CENTER_ID') diff --git a/myems-api/core/tariff.py b/myems-api/core/tariff.py index b24b4080..23ec0274 100644 --- a/myems-api/core/tariff.py +++ b/myems-api/core/tariff.py @@ -101,6 +101,7 @@ class TariffCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -311,6 +312,7 @@ class TariffItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_TARIFF_ID') @@ -369,6 +371,7 @@ class TariffItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: