added access control to text message in api and admin

admin/app/controllers/fdd/textmessage/textmessage.controller.js

@@ -1,8 +1,14 @@
 'use strict';
 
-app.controller('TextMessageController', function($scope,$timeout,$translate,
-	TextMessageAnalysisService,SweetAlert,toaster) {
-
+app.controller('TextMessageController', function(
+    $scope,
+    $window,
+    $timeout,
+    $translate,
+	TextMessageAnalysisService,
+	SweetAlert,
+	toaster) {
+	$scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user"));
     $scope.$on('handleBroadcastTextMessageOptionChanged', function (event, data) {
         if (angular.isDefined(data.load)) {
             $scope.tabledata = [];
@@ -32,7 +38,8 @@ app.controller('TextMessageController', function($scope,$timeout,$translate,
 			},
 			function(isConfirm) {
 				if (isConfirm) {
-					TextMessageAnalysisService.deleteTextMessage(textmessage, function (response) {
+			        let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
+					TextMessageAnalysisService.deleteTextMessage(textmessage, headers, function (response) {
 						if (angular.isDefined(response.status) && response.status === 204) {
                             toaster.pop({
                                 type: "success",
@@ -52,7 +59,7 @@ app.controller('TextMessageController', function($scope,$timeout,$translate,
 						}
 					});
 				}
-			});
+			}
+		);
 	};
-
 });

admin/app/controllers/fdd/textmessage/textmessageoption.controller.js

@@ -1,7 +1,11 @@
 'use strict';
 
-app.controller('TextMessageOptionController', function($scope, $timeout,
+app.controller('TextMessageOptionController', function(
+    $scope,
+    $window,
+    $timeout,
 	TextMessageAnalysisService) {
+	$scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user"));
 	$scope.daterange = {
 		startDate: moment().subtract(7,'days'),
 		endDate: moment()
@@ -37,8 +41,8 @@ app.controller('TextMessageOptionController', function($scope, $timeout,
 			load: true,
 			period:$scope.currentPeriod
 		});
-
-		TextMessageAnalysisService.getAnalysisResult(query, function (response) {
+        let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
+		TextMessageAnalysisService.getAnalysisResult(query, headers, function (response) {
 			if (angular.isDefined(response.status) && response.status === 200) {
 				$scope.$emit('handleEmitTextMessageOptionChanged', response.data);
 			}

admin/app/services/fdd/textmessageanalysis.service.js

@@ -2,10 +2,8 @@
 app.factory('TextMessageAnalysisService', function($http) {
     return {
 
-        getAnalysisResult: function(query, callback) {
-            var base="textmessages";
-            var url=base+"/from/"+query.datestart+"/to/"+query.dateend;
-            $http.get(getAPI()+url)
+        getAnalysisResult: function(query, headers, callback) {
+            $http.get(getAPI()+"textmessages"+"/from/"+query.datestart+"/to/"+query.dateend, {headers})
             .then(function (response) {
                 callback(response);
             }, function (response) {
@@ -13,8 +11,8 @@ app.factory('TextMessageAnalysisService', function($http) {
             });
         },
 
-        deleteTextMessage: function(textmessage, callback) {
-            $http.delete(getAPI()+'textmessages/'+textmessage.id)
+        deleteTextMessage: function(textmessage, headers, callback) {
+            $http.delete(getAPI()+'textmessages/'+textmessage.id, {headers})
             .then(function (response) {
                 callback(response);
             }, function (response) {

myems-api/MyEMS.postman_collection.json

@@ -7377,21 +7377,34 @@
 					"name": "Text Message",
 					"item": [
 						{
-							"name": "GET Text Messages from Startdate to Enddate",
+							"name": "GET Text Messages by Date Range",
 							"request": {
 								"method": "GET",
-								"header": [],
+								"header": [
+									{
+										"key": "User-UUID",
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"type": "text",
+										"description": "Any admin users' UUID"
+									},
+									{
+										"key": "Token",
+										"value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714",
+										"type": "text",
+										"description": "Login to get a valid token"
+									}
+								],
 								"url": {
-									"raw": "{{base_url}}/textmessages/from/2020-04-01/to/2020-05-01",
+									"raw": "{{base_url}}/textmessages/from/2021-12-01/to/2021-12-31",
 									"host": [
 										"{{base_url}}"
 									],
 									"path": [
 										"textmessages",
 										"from",
-										"2020-04-01",
+										"2021-12-01",
 										"to",
-										"2020-05-01"
+										"2021-12-31"
 									],
 									"query": [
 										{
@@ -7408,7 +7421,20 @@
 							"name": "GET an Text Message by ID",
 							"request": {
 								"method": "GET",
-								"header": [],
+								"header": [
+									{
+										"key": "User-UUID",
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"type": "text",
+										"description": "Any admin users' UUID"
+									},
+									{
+										"key": "Token",
+										"value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714",
+										"type": "text",
+										"description": "Login to get a valid token"
+									}
+								],
 								"url": {
 									"raw": "{{base_url}}/textmessages/1",
 									"host": [
@@ -7426,7 +7452,20 @@
 							"name": "POST Create New Text Message TODO",
 							"request": {
 								"method": "POST",
-								"header": [],
+								"header": [
+									{
+										"key": "User-UUID",
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"type": "text",
+										"description": "Any admin users' UUID"
+									},
+									{
+										"key": "Token",
+										"value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714",
+										"type": "text",
+										"description": "Login to get a valid token"
+									}
+								],
 								"url": {
 									"raw": "{{base_url}}/textmessages",
 									"host": [
@@ -7443,7 +7482,20 @@
 							"name": "PUT Update an Text Message TODO",
 							"request": {
 								"method": "PUT",
-								"header": [],
+								"header": [
+									{
+										"key": "User-UUID",
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"type": "text",
+										"description": "Any admin users' UUID"
+									},
+									{
+										"key": "Token",
+										"value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714",
+										"type": "text",
+										"description": "Login to get a valid token"
+									}
+								],
 								"url": {
 									"raw": "{{base_url}}/textmessages/1",
 									"host": [
@@ -7461,7 +7513,20 @@
 							"name": "DELETE an Text Message by ID",
 							"request": {
 								"method": "DELETE",
-								"header": [],
+								"header": [
+									{
+										"key": "User-UUID",
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"type": "text",
+										"description": "Any admin users' UUID"
+									},
+									{
+										"key": "Token",
+										"value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714",
+										"type": "text",
+										"description": "Login to get a valid token"
+									}
+								],
 								"url": {
 									"raw": "{{base_url}}/textmessages/2",
 									"host": [

myems-api/README.md

@@ -1953,11 +1953,11 @@ Result in JSON
 | acknowledge_code| string  | Recipient reply with Acknowledge code to acknowledge |
 | status        | string    | Status ('new', 'sent', 'acknowledged', 'timeout'| 
 ```bash
-curl -i -X GET {{base_url}}/textmessages/{id}
+curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/textmessages/{id}
 ```
-*   GET Text Messages from Startdate to Enddate
+*   GET Text Messages by Date Range
 ```bash
-curl -i -X GET {{base_url}}/textmessages/from/{startdate}/to/{enddate}
+curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/textmessages/from/{startdate}/to/{enddate}
 ```
 *   DELETE Text Message by ID
 ```bash

myems-api/core/textmessage.py

@@ -3,7 +3,7 @@ import json
 import mysql.connector
 import config
 from datetime import datetime, timedelta, timezone
-from core.useractivity import user_logger
+from core.useractivity import user_logger, access_control
 
 
 class TextMessageCollection:
@@ -18,6 +18,7 @@ class TextMessageCollection:
 
     @staticmethod
     def on_get(req, resp, startdate, enddate):
+        access_control(req)
         try:
             start_datetime_local = datetime.strptime(startdate, '%Y-%m-%d')
         except Exception:
@@ -97,6 +98,7 @@ class TextMessageItem:
 
     @staticmethod
     def on_get(req, resp, id_):
+        access_control(req)
         if not id_.isdigit() or int(id_) <= 0:
             raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
                                    description='API.INVALID_TEXT_MESSAGE_ID')
@@ -145,6 +147,7 @@ class TextMessageItem:
     @staticmethod
     @user_logger
     def on_delete(req, resp, id_):
+        access_control(req)
         if not id_.isdigit() or int(id_) <= 0:
             raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
                                    description='API.INVALID_TEXT_MESSAGE_ID')