From 566b57843abca0702804c5edc8101428be043191 Mon Sep 17 00:00:00 2001 From: "13621160019@163.com" <13621160019@163.com> Date: Sat, 20 Nov 2021 21:51:38 +0800 Subject: [PATCH] added access control to gateway, datasource and point --- README.md | 2 +- .../datasource/datasource.controller.js | 27 +- .../settings/datasource/point.controller.js | 26 +- .../settings/gateway/gateway.controller.js | 22 +- .../settings/datasource/datasource.service.js | 24 +- .../settings/datasource/point.service.js | 24 +- .../settings/gateway/gateway.service.js | 24 +- myems-api/MyEMS.postman_collection.json | 259 ++++++++++++++++-- myems-api/core/datasource.py | 8 +- myems-api/core/gateway.py | 8 +- myems-api/core/point.py | 2 +- 11 files changed, 346 insertions(+), 80 deletions(-) diff --git a/README.md b/README.md index ade280ec..9d8a0b83 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,7 @@ MyEMS由资深专业团队开发维护,系统代码基于MIT开源软件许可 | REST API | ✔️ | 基于Python开发,提供系统配置、能源报告、Excel导出接口 | | Web UI | ✔️ | 基于React开发,用于能源数据分析 | | Admin UI | ✔️ | 基于Angular开发,用于系统配置管理 | -| 在线社区技术支持 | ✔️ | ✔️ | +| 在线社区技术支持 | ✔️ | | ## MyEMS企业版功能 diff --git a/admin/app/controllers/settings/datasource/datasource.controller.js b/admin/app/controllers/settings/datasource/datasource.controller.js index 732448d8..45e5df29 100644 --- a/admin/app/controllers/settings/datasource/datasource.controller.js +++ b/admin/app/controllers/settings/datasource/datasource.controller.js @@ -1,9 +1,17 @@ 'use strict'; -app.controller('DataSourceController', function($scope, $uibModal, $translate, DataSourceService, GatewayService, toaster, SweetAlert) { - +app.controller('DataSourceController', function($scope, + $window, + $uibModal, + $translate, + DataSourceService, + GatewayService, + toaster, + SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllDataSources = function() { - DataSourceService.getAllDataSources(function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + DataSourceService.getAllDataSources(headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { $scope.datasources = response.data; } else { @@ -13,9 +21,9 @@ app.controller('DataSourceController', function($scope, $uibModal, $translate, D }; - $scope.getAllGateways = function() { - GatewayService.getAllGateways(function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + GatewayService.getAllGateways(headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { $scope.gateways = response.data; } else { @@ -39,8 +47,9 @@ app.controller('DataSourceController', function($scope, $uibModal, $translate, D } }); modalInstance.result.then(function(datasource) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; datasource.gateway_id = datasource.gateway.id; - DataSourceService.addDataSource(datasource, function (response) { + DataSourceService.addDataSource(datasource, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -80,8 +89,9 @@ app.controller('DataSourceController', function($scope, $uibModal, $translate, D }); modalInstance.result.then(function(modifiedDataSource) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; modifiedDataSource.gateway_id = modifiedDataSource.gateway.id; - DataSourceService.editDataSource(modifiedDataSource, function (response) { + DataSourceService.editDataSource(modifiedDataSource, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -118,7 +128,8 @@ app.controller('DataSourceController', function($scope, $uibModal, $translate, D }, function(isConfirm) { if (isConfirm) { - DataSourceService.deleteDataSource(datasource, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + DataSourceService.deleteDataSource(datasource, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/controllers/settings/datasource/point.controller.js b/admin/app/controllers/settings/datasource/point.controller.js index 12ac255f..83ec5913 100644 --- a/admin/app/controllers/settings/datasource/point.controller.js +++ b/admin/app/controllers/settings/datasource/point.controller.js @@ -1,9 +1,17 @@ 'use strict'; -app.controller('PointController', function($scope, $uibModal, $translate, DataSourceService, PointService, toaster, SweetAlert) { - +app.controller('PointController', function($scope, + $window, + $uibModal, + $translate, + DataSourceService, + PointService, + toaster, + SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllDataSources = function() { - DataSourceService.getAllDataSources(function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + DataSourceService.getAllDataSources(headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { $scope.datasources = response.data; if ($scope.datasources.length > 0) { @@ -18,7 +26,8 @@ app.controller('PointController', function($scope, $uibModal, $translate, DataSo }; $scope.getPointsByDataSourceID = function(id) { - PointService.getPointsByDataSourceID(id, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + PointService.getPointsByDataSourceID(id, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { $scope.points = response.data; } else { @@ -45,7 +54,8 @@ app.controller('PointController', function($scope, $uibModal, $translate, DataSo if(point.ratio==""){ point.ratio = undefined; } - PointService.addPoint(point, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + PointService.addPoint(point, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -87,7 +97,8 @@ app.controller('PointController', function($scope, $uibModal, $translate, DataSo if(modifiedPoint.ratio==""){ modifiedPoint.ratio = undefined; } - PointService.editPoint(modifiedPoint, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + PointService.editPoint(modifiedPoint, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -124,7 +135,8 @@ app.controller('PointController', function($scope, $uibModal, $translate, DataSo }, function(isConfirm) { if (isConfirm) { - PointService.deletePoint(point, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + PointService.deletePoint(point, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/controllers/settings/gateway/gateway.controller.js b/admin/app/controllers/settings/gateway/gateway.controller.js index 689613a6..455283da 100644 --- a/admin/app/controllers/settings/gateway/gateway.controller.js +++ b/admin/app/controllers/settings/gateway/gateway.controller.js @@ -1,9 +1,16 @@ 'use strict'; -app.controller('GatewayController', function($scope, $translate, $uibModal, GatewayService, toaster, SweetAlert) { - +app.controller('GatewayController', function($scope, + $window, + $translate, + $uibModal, + GatewayService, + toaster, + SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllGateways = function() { - GatewayService.getAllGateways(function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + GatewayService.getAllGateways(headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { $scope.gateways = response.data; } else { @@ -27,7 +34,8 @@ app.controller('GatewayController', function($scope, $translate, $uibModal, Gat } }); modalInstance.result.then(function(gateway) { - GatewayService.addGateway(gateway, function(response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + GatewayService.addGateway(gateway, headers, function(response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -67,7 +75,8 @@ app.controller('GatewayController', function($scope, $translate, $uibModal, Gat }); modalInstance.result.then(function(modifiedGateway) { - GatewayService.editGateway(modifiedGateway, function(response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + GatewayService.editGateway(modifiedGateway, headers, function(response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -105,7 +114,8 @@ app.controller('GatewayController', function($scope, $translate, $uibModal, Gat }, function(isConfirm) { if (isConfirm) { - GatewayService.deleteGateway(gateway, function(response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + GatewayService.deleteGateway(gateway, headers, function(response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/settings/datasource/datasource.service.js b/admin/app/services/settings/datasource/datasource.service.js index b2a019fb..f33486c0 100644 --- a/admin/app/services/settings/datasource/datasource.service.js +++ b/admin/app/services/settings/datasource/datasource.service.js @@ -1,48 +1,48 @@ 'use strict'; app.factory('DataSourceService', function($http) { return { - getAllDataSources:function(callback){ - $http.get(getAPI()+'datasources') + getAllDataSources:function(headers, callback){ + $http.get(getAPI()+'datasources', {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - searchDataSources: function(query, callback) { - $http.get(getAPI()+'datasources', { params: { q: query } }) + searchDataSources: function(query, headers, callback) { + $http.get(getAPI()+'datasources', { params: { q: query } }, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - addDataSource: function(datasource, callback) { - $http.post(getAPI()+'datasources',{data:datasource}) + addDataSource: function(datasource, headers, callback) { + $http.post(getAPI()+'datasources', {data:datasource}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editDataSource: function(datasource, callback) { - $http.put(getAPI()+'datasources/'+datasource.id,{data:datasource}) + editDataSource: function(datasource, headers, callback) { + $http.put(getAPI()+'datasources/' + datasource.id, {data:datasource}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteDataSource: function(datasource, callback) { - $http.delete(getAPI()+'datasources/'+datasource.id) + deleteDataSource: function(datasource, headers, callback) { + $http.delete(getAPI()+'datasources/' + datasource.id, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - getDataSource: function(id, callback) { - $http.get(getAPI()+'datasources/'+id) + getDataSource: function(id, headers, callback) { + $http.get(getAPI()+'datasources/' + id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/admin/app/services/settings/datasource/point.service.js b/admin/app/services/settings/datasource/point.service.js index 2af1cf1d..cc6225d6 100644 --- a/admin/app/services/settings/datasource/point.service.js +++ b/admin/app/services/settings/datasource/point.service.js @@ -1,48 +1,48 @@ 'use strict'; app.factory('PointService', function($http) { return { - getAllPoints:function(callback){ - $http.get(getAPI()+'points') + getAllPoints:function(headers, callback){ + $http.get(getAPI() + 'points', {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - searchPoints: function(query, callback) { - $http.get(getAPI()+'points', { params: { q: query } }) + searchPoints: function(query, headers, callback) { + $http.get(getAPI()+'points', {params:{q:query}}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - addPoint: function(point, callback) { - $http.post(getAPI()+'points',{data:point}) + addPoint: function(point, headers, callback) { + $http.post(getAPI()+'points', {data:point}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editPoint: function(point, callback) { - $http.put(getAPI()+'points/'+point.id,{data:point}) + editPoint: function(point, headers, callback) { + $http.put(getAPI()+'points/' + point.id, {data:point}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deletePoint: function(point, callback) { - $http.delete(getAPI()+'points/'+point.id) + deletePoint: function(point, headers, callback) { + $http.delete(getAPI() + 'points/' + point.id, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - getPointsByDataSourceID: function(id, callback) { - $http.get(getAPI()+'datasources/'+id+'/points') + getPointsByDataSourceID: function(id, headers, callback) { + $http.get(getAPI() + 'datasources/' + id + '/points', {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/admin/app/services/settings/gateway/gateway.service.js b/admin/app/services/settings/gateway/gateway.service.js index 8abc002d..7b7f5899 100644 --- a/admin/app/services/settings/gateway/gateway.service.js +++ b/admin/app/services/settings/gateway/gateway.service.js @@ -1,48 +1,48 @@ 'use strict'; app.factory('GatewayService', function($http) { return { - getAllGateways:function(callback){ - $http.get(getAPI()+'gateways') + getAllGateways:function(headers, callback){ + $http.get(getAPI() + 'gateways', {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - searchGateways: function(query, callback) { - $http.get(getAPI()+'gateways', { params: { q: query } }) + searchGateways: function(query, headers, callback) { + $http.get(getAPI() + 'gateways', {params:{q:query}}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - addGateway: function(gateway, callback) { - $http.post(getAPI()+'gateways',{data:gateway}) + addGateway: function(gateway, headers, callback) { + $http.post(getAPI() + 'gateways', {data:gateway}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editGateway: function(gateway, callback) { - $http.put(getAPI()+'gateways/'+gateway.id,{data:gateway}) + editGateway: function(gateway, headers, callback) { + $http.put(getAPI() + 'gateways/' + gateway.id, {data:gateway}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteGateway: function(gateway, callback) { - $http.delete(getAPI()+'gateways/'+gateway.id) + deleteGateway: function(gateway, headers, callback) { + $http.delete(getAPI() + 'gateways/' + gateway.id, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - getGateway: function(id, callback) { - $http.get(getAPI()+'gateways/'+id) + getGateway: function(id, headers, callback) { + $http.get(getAPI() + 'gateways/' + id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index 1b76dd97..4a108d31 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -1022,7 +1022,20 @@ "name": "GET All Data Sources", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/datasources", "host": [ @@ -1039,7 +1052,20 @@ "name": "GET Data Source by ID", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/datasources/1", "host": [ @@ -1057,7 +1083,20 @@ "name": "POST Create Data Source", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"Modbus1\", \"gateway_id\": 1, \"protocol\":\"modbus-tcp\", \"connection\":\"{\\\"host\\\":\\\"10.1.2.88\\\", \\\"port\\\":502}\"}}" @@ -1078,15 +1117,28 @@ "name": "DELETE Data Source by ID", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { - "raw": "{{base_url}}/datasources/2", + "raw": "{{base_url}}/datasources/14", "host": [ "{{base_url}}" ], "path": [ "datasources", - "2" + "14" ] } }, @@ -1096,7 +1148,20 @@ "name": "PUT Update Data Source by ID", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"Modbus1\", \"gateway_id\":1, \"protocol\":\"modbus-tcp\", \"connection\":\"{\\\"host\\\":\\\"10.1.2.99\\\", \\\"port\\\":502}\"}}" @@ -1118,7 +1183,20 @@ "name": "GET All Points by Data Source ID", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/datasources/1/points", "host": [ @@ -2721,7 +2799,20 @@ "name": "GET All Gateways", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/gateways", "host": [ @@ -2738,7 +2829,20 @@ "name": "GET Gateway by ID", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/gateways/1", "host": [ @@ -2756,7 +2860,20 @@ "name": "POST Create Gateway", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"MyEMS Gateway 3\"}}" @@ -2777,7 +2894,20 @@ "name": "DELETE Gateway by ID", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/gateways/3", "host": [ @@ -2795,7 +2925,20 @@ "name": "PUT Update Gateway by ID", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"MyEMS Gateway #3\"}}" @@ -2817,7 +2960,20 @@ "name": "GET All Data Sources by Gateway ID", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/gateways/1/datasources", "host": [ @@ -3687,7 +3843,20 @@ "name": "GET All Points", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/points", "host": [ @@ -3704,7 +3873,20 @@ "name": "GET Point by ID", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/points/1", "host": [ @@ -3722,7 +3904,20 @@ "name": "POST Create Point", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"ModbusPoint2\", \"data_source_id\":1, \"object_type\": \"ENERGY_VALUE\", \"units\":\"kWh\", \"high_limit\":999999999, \"low_limit\":0, \"ratio\":1,\"is_trend\":true, \"is_virtual\":false, \"address\":\"{\\\"slave_id\\\":1, \\\"function_code\\\":3, \\\"offset\\\":1, \\\"number_of_registers\\\":2, \\\"data_format\\\":\\\"float\\\"}\", \"description\":null}}" @@ -3743,7 +3938,20 @@ "name": "DELETE Point by ID", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/points/2", "host": [ @@ -3761,7 +3969,20 @@ "name": "PUT Update Point by ID", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "ce8adcab80f37322487df375c3e3923e6febbcfb26d2b654a5814db6874f2b072fb40a85199efa725af7f3aa4f490f9cc833422b793fa85266237dc5278dff9f", + "type": "text", + "description": "Login to get a valid token" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"ModbusPoint1\", \"data_source_id\":1, \"object_type\": \"ENERGY_VALUE\", \"units\":\"kWh\", \"high_limit\":999999999, \"low_limit\":0, \"ratio\":100, \"is_trend\":true, \"is_virtual\":false, \"address\":\"{\\\"slave_id\\\":1, \\\"function_code\\\":3, \\\"offset\\\":1, \\\"number_of_registers\\\":2, \\\"data_format\\\":\\\"float\\\"}\", \"description\":null}}" diff --git a/myems-api/core/datasource.py b/myems-api/core/datasource.py index 250d21e9..e4947412 100644 --- a/myems-api/core/datasource.py +++ b/myems-api/core/datasource.py @@ -4,7 +4,7 @@ import mysql.connector import config import uuid from datetime import datetime, timezone, timedelta -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class DataSourceCollection: @@ -19,6 +19,7 @@ class DataSourceCollection: @staticmethod def on_get(req, resp): + access_control(req) cnx = mysql.connector.connect(**config.myems_system_db) cursor = cnx.cursor(dictionary=True) @@ -71,6 +72,7 @@ class DataSourceCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -171,6 +173,7 @@ class DataSourceItem: @staticmethod def on_get(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_DATA_SOURCE_ID') @@ -225,6 +228,7 @@ class DataSourceItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_DATA_SOURCE_ID') @@ -268,6 +272,7 @@ class DataSourceItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -372,6 +377,7 @@ class DataSourcePointCollection: @staticmethod def on_get(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_DATA_SOURCE_ID') diff --git a/myems-api/core/gateway.py b/myems-api/core/gateway.py index da64fba3..8a0f1638 100644 --- a/myems-api/core/gateway.py +++ b/myems-api/core/gateway.py @@ -4,7 +4,7 @@ import mysql.connector import config import uuid from datetime import datetime, timezone, timedelta -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class GatewayCollection: @@ -19,6 +19,7 @@ class GatewayCollection: @staticmethod def on_get(req, resp): + access_control(req) cnx = mysql.connector.connect(**config.myems_system_db) cursor = cnx.cursor(dictionary=True) @@ -55,6 +56,7 @@ class GatewayCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -107,6 +109,7 @@ class GatewayItem: @staticmethod def on_get(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_GATEWAY_ID') @@ -147,6 +150,7 @@ class GatewayItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_GATEWAY_ID') @@ -187,6 +191,7 @@ class GatewayItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -251,6 +256,7 @@ class GatewayDataSourceCollection: @staticmethod def on_get(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_GATEWAY_ID') diff --git a/myems-api/core/point.py b/myems-api/core/point.py index 30c2d678..dd9c993b 100644 --- a/myems-api/core/point.py +++ b/myems-api/core/point.py @@ -2,7 +2,7 @@ import falcon import simplejson as json import mysql.connector import config -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class PointCollection: