diff --git a/admin/app/controllers/fdd/textmessage/textmessage.controller.js b/admin/app/controllers/fdd/textmessage/textmessage.controller.js index 4a0ee551..f46cf8a1 100644 --- a/admin/app/controllers/fdd/textmessage/textmessage.controller.js +++ b/admin/app/controllers/fdd/textmessage/textmessage.controller.js @@ -1,8 +1,14 @@ 'use strict'; -app.controller('TextMessageController', function($scope,$timeout,$translate, - TextMessageAnalysisService,SweetAlert,toaster) { - +app.controller('TextMessageController', function( + $scope, + $window, + $timeout, + $translate, + TextMessageAnalysisService, + SweetAlert, + toaster) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.$on('handleBroadcastTextMessageOptionChanged', function (event, data) { if (angular.isDefined(data.load)) { $scope.tabledata = []; @@ -32,7 +38,8 @@ app.controller('TextMessageController', function($scope,$timeout,$translate, }, function(isConfirm) { if (isConfirm) { - TextMessageAnalysisService.deleteTextMessage(textmessage, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + TextMessageAnalysisService.deleteTextMessage(textmessage, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", @@ -52,7 +59,7 @@ app.controller('TextMessageController', function($scope,$timeout,$translate, } }); } - }); + } + ); }; - }); diff --git a/admin/app/controllers/fdd/textmessage/textmessageoption.controller.js b/admin/app/controllers/fdd/textmessage/textmessageoption.controller.js index 2d9873c1..44b5eef7 100644 --- a/admin/app/controllers/fdd/textmessage/textmessageoption.controller.js +++ b/admin/app/controllers/fdd/textmessage/textmessageoption.controller.js @@ -1,7 +1,11 @@ 'use strict'; -app.controller('TextMessageOptionController', function($scope, $timeout, +app.controller('TextMessageOptionController', function( + $scope, + $window, + $timeout, TextMessageAnalysisService) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.daterange = { startDate: moment().subtract(7,'days'), endDate: moment() @@ -37,8 +41,8 @@ app.controller('TextMessageOptionController', function($scope, $timeout, load: true, period:$scope.currentPeriod }); - - TextMessageAnalysisService.getAnalysisResult(query, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + TextMessageAnalysisService.getAnalysisResult(query, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { $scope.$emit('handleEmitTextMessageOptionChanged', response.data); } diff --git a/admin/app/services/fdd/textmessageanalysis.service.js b/admin/app/services/fdd/textmessageanalysis.service.js index 81ccdc22..dbe2d8d9 100644 --- a/admin/app/services/fdd/textmessageanalysis.service.js +++ b/admin/app/services/fdd/textmessageanalysis.service.js @@ -2,10 +2,8 @@ app.factory('TextMessageAnalysisService', function($http) { return { - getAnalysisResult: function(query, callback) { - var base="textmessages"; - var url=base+"/from/"+query.datestart+"/to/"+query.dateend; - $http.get(getAPI()+url) + getAnalysisResult: function(query, headers, callback) { + $http.get(getAPI()+"textmessages"+"/from/"+query.datestart+"/to/"+query.dateend, {headers}) .then(function (response) { callback(response); }, function (response) { @@ -13,8 +11,8 @@ app.factory('TextMessageAnalysisService', function($http) { }); }, - deleteTextMessage: function(textmessage, callback) { - $http.delete(getAPI()+'textmessages/'+textmessage.id) + deleteTextMessage: function(textmessage, headers, callback) { + $http.delete(getAPI()+'textmessages/'+textmessage.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index 0c4770b9..8e909fff 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -7377,21 +7377,34 @@ "name": "Text Message", "item": [ { - "name": "GET Text Messages from Startdate to Enddate", + "name": "GET Text Messages by Date Range", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { - "raw": "{{base_url}}/textmessages/from/2020-04-01/to/2020-05-01", + "raw": "{{base_url}}/textmessages/from/2021-12-01/to/2021-12-31", "host": [ "{{base_url}}" ], "path": [ "textmessages", "from", - "2020-04-01", + "2021-12-01", "to", - "2020-05-01" + "2021-12-31" ], "query": [ { @@ -7408,7 +7421,20 @@ "name": "GET an Text Message by ID", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/textmessages/1", "host": [ @@ -7426,7 +7452,20 @@ "name": "POST Create New Text Message TODO", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/textmessages", "host": [ @@ -7443,7 +7482,20 @@ "name": "PUT Update an Text Message TODO", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/textmessages/1", "host": [ @@ -7461,7 +7513,20 @@ "name": "DELETE an Text Message by ID", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/textmessages/2", "host": [ diff --git a/myems-api/README.md b/myems-api/README.md index e405e268..c6937a04 100644 --- a/myems-api/README.md +++ b/myems-api/README.md @@ -1953,11 +1953,11 @@ Result in JSON | acknowledge_code| string | Recipient reply with Acknowledge code to acknowledge | | status | string | Status ('new', 'sent', 'acknowledged', 'timeout'| ```bash -curl -i -X GET {{base_url}}/textmessages/{id} +curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/textmessages/{id} ``` -* GET Text Messages from Startdate to Enddate +* GET Text Messages by Date Range ```bash -curl -i -X GET {{base_url}}/textmessages/from/{startdate}/to/{enddate} +curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/textmessages/from/{startdate}/to/{enddate} ``` * DELETE Text Message by ID ```bash diff --git a/myems-api/core/textmessage.py b/myems-api/core/textmessage.py index 04d989fc..8f3679c1 100644 --- a/myems-api/core/textmessage.py +++ b/myems-api/core/textmessage.py @@ -3,7 +3,7 @@ import json import mysql.connector import config from datetime import datetime, timedelta, timezone -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class TextMessageCollection: @@ -18,6 +18,7 @@ class TextMessageCollection: @staticmethod def on_get(req, resp, startdate, enddate): + access_control(req) try: start_datetime_local = datetime.strptime(startdate, '%Y-%m-%d') except Exception: @@ -97,6 +98,7 @@ class TextMessageItem: @staticmethod def on_get(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_TEXT_MESSAGE_ID') @@ -145,6 +147,7 @@ class TextMessageItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_TEXT_MESSAGE_ID')