seg_yinzy
/
myems
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added access control to text message in api and admin

pull/90/head
13621160019@163.com 2021-12-04 20:48:56 +08:00
parent 3e536d503e
commit 65565a5351
6 changed files with 105 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
admin/app/controllers/fdd/textmessage/textmessage.controller.js
View File

@ -1,8 +1,14 @@
'use strict'; 'use strict';
app.controller('TextMessageController', function($scope,$timeout,$translate, app.controller('TextMessageController', function(
TextMessageAnalysisService,SweetAlert,toaster) { $scope,
$window,
$timeout,
$translate,
TextMessageAnalysisService,
SweetAlert,
toaster) {
$scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user"));
$scope.$on('handleBroadcastTextMessageOptionChanged', function (event, data) { $scope.$on('handleBroadcastTextMessageOptionChanged', function (event, data) {
if (angular.isDefined(data.load)) { if (angular.isDefined(data.load)) {
$scope.tabledata = []; $scope.tabledata = [];
@ -32,7 +38,8 @@ app.controller('TextMessageController', function($scope,$timeout,$translate,
}, },
function(isConfirm) { function(isConfirm) {
if (isConfirm) { if (isConfirm) {
TextMessageAnalysisService.deleteTextMessage(textmessage, function (response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
TextMessageAnalysisService.deleteTextMessage(textmessage, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 204) { if (angular.isDefined(response.status) && response.status === 204) {
toaster.pop({ toaster.pop({
type: "success", type: "success",
@ -52,7 +59,7 @@ app.controller('TextMessageController', function($scope,$timeout,$translate,
} }
}); });
} }
}); }
);
}; };
}); });

10
admin/app/controllers/fdd/textmessage/textmessageoption.controller.js
View File

@ -1,7 +1,11 @@
'use strict'; 'use strict';
app.controller('TextMessageOptionController', function($scope, $timeout, app.controller('TextMessageOptionController', function(
$scope,
$window,
$timeout,
TextMessageAnalysisService) { TextMessageAnalysisService) {
$scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user"));
$scope.daterange = { $scope.daterange = {
startDate: moment().subtract(7,'days'), startDate: moment().subtract(7,'days'),
endDate: moment() endDate: moment()
@ -37,8 +41,8 @@ app.controller('TextMessageOptionController', function($scope, $timeout,
load: true, load: true,
period:$scope.currentPeriod period:$scope.currentPeriod
}); });
let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
TextMessageAnalysisService.getAnalysisResult(query, function (response) { TextMessageAnalysisService.getAnalysisResult(query, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 200) { if (angular.isDefined(response.status) && response.status === 200) {
$scope.$emit('handleEmitTextMessageOptionChanged', response.data); $scope.$emit('handleEmitTextMessageOptionChanged', response.data);
} }

10
admin/app/services/fdd/textmessageanalysis.service.js
View File

@ -2,10 +2,8 @@
app.factory('TextMessageAnalysisService', function($http) { app.factory('TextMessageAnalysisService', function($http) {
return { return {
getAnalysisResult: function(query, callback) { getAnalysisResult: function(query, headers, callback) {
var base="textmessages"; $http.get(getAPI()+"textmessages"+"/from/"+query.datestart+"/to/"+query.dateend, {headers})
var url=base+"/from/"+query.datestart+"/to/"+query.dateend;
$http.get(getAPI()+url)
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
@ -13,8 +11,8 @@ app.factory('TextMessageAnalysisService', function($http) {
}); });
}, },
deleteTextMessage: function(textmessage, callback) { deleteTextMessage: function(textmessage, headers, callback) {
$http.delete(getAPI()+'textmessages/'+textmessage.id) $http.delete(getAPI()+'textmessages/'+textmessage.id, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {

83
myems-api/MyEMS.postman_collection.json
View File

@ -7377,21 +7377,34 @@
"name": "Text Message", "name": "Text Message",
"item": [ "item": [
{ {
"name": "GET Text Messages from Startdate to Enddate", "name": "GET Text Messages by Date Range",
"request": { "request": {
"method": "GET", "method": "GET",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text",
"description": "Any admin users' UUID"
},
{
"key": "Token",
"value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714",
"type": "text",
"description": "Login to get a valid token"
}
],
"url": { "url": {
"raw": "{{base_url}}/textmessages/from/2020-04-01/to/2020-05-01", "raw": "{{base_url}}/textmessages/from/2021-12-01/to/2021-12-31",
"host": [ "host": [
"{{base_url}}" "{{base_url}}"
], ],
"path": [ "path": [
"textmessages", "textmessages",
"from", "from",
"2020-04-01", "2021-12-01",
"to", "to",
"2020-05-01" "2021-12-31"
], ],
"query": [ "query": [
{ {
@ -7408,7 +7421,20 @@
"name": "GET an Text Message by ID", "name": "GET an Text Message by ID",
"request": { "request": {
"method": "GET", "method": "GET",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text",
"description": "Any admin users' UUID"
},
{
"key": "Token",
"value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714",
"type": "text",
"description": "Login to get a valid token"
}
],
"url": { "url": {
"raw": "{{base_url}}/textmessages/1", "raw": "{{base_url}}/textmessages/1",
"host": [ "host": [
@ -7426,7 +7452,20 @@
"name": "POST Create New Text Message TODO", "name": "POST Create New Text Message TODO",
"request": { "request": {
"method": "POST", "method": "POST",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text",
"description": "Any admin users' UUID"
},
{
"key": "Token",
"value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714",
"type": "text",
"description": "Login to get a valid token"
}
],
"url": { "url": {
"raw": "{{base_url}}/textmessages", "raw": "{{base_url}}/textmessages",
"host": [ "host": [
@ -7443,7 +7482,20 @@
"name": "PUT Update an Text Message TODO", "name": "PUT Update an Text Message TODO",
"request": { "request": {
"method": "PUT", "method": "PUT",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text",
"description": "Any admin users' UUID"
},
{
"key": "Token",
"value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714",
"type": "text",
"description": "Login to get a valid token"
}
],
"url": { "url": {
"raw": "{{base_url}}/textmessages/1", "raw": "{{base_url}}/textmessages/1",
"host": [ "host": [
@ -7461,7 +7513,20 @@
"name": "DELETE an Text Message by ID", "name": "DELETE an Text Message by ID",
"request": { "request": {
"method": "DELETE", "method": "DELETE",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text",
"description": "Any admin users' UUID"
},
{
"key": "Token",
"value": "c6f5fa938c0e228d06e1f3adb3ef1eac319e1167e6ff0cb7fd5d928e83da5764ddb66e29204e0f4e6aa407ded3702b15be67a435c4825dc722b6047010398714",
"type": "text",
"description": "Login to get a valid token"
}
],
"url": { "url": {
"raw": "{{base_url}}/textmessages/2", "raw": "{{base_url}}/textmessages/2",
"host": [ "host": [

6
myems-api/README.md
View File

@ -1953,11 +1953,11 @@ Result in JSON
| acknowledge_code| string | Recipient reply with Acknowledge code to acknowledge | | acknowledge_code| string | Recipient reply with Acknowledge code to acknowledge |
| status | string | Status ('new', 'sent', 'acknowledged', 'timeout'| | status | string | Status ('new', 'sent', 'acknowledged', 'timeout'|
```bash ```bash
curl -i -X GET {{base_url}}/textmessages/{id} curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/textmessages/{id}
``` ```
* GET Text Messages from Startdate to Enddate * GET Text Messages by Date Range
```bash ```bash
curl -i -X GET {{base_url}}/textmessages/from/{startdate}/to/{enddate} curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/textmessages/from/{startdate}/to/{enddate}
``` ```
* DELETE Text Message by ID * DELETE Text Message by ID
```bash ```bash

5
myems-api/core/textmessage.py
View File

@ -3,7 +3,7 @@ import json
import mysql.connector import mysql.connector
import config import config
from datetime import datetime, timedelta, timezone from datetime import datetime, timedelta, timezone
from core.useractivity import user_logger from core.useractivity import user_logger, access_control
class TextMessageCollection: class TextMessageCollection:
@ -18,6 +18,7 @@ class TextMessageCollection:
@staticmethod @staticmethod
def on_get(req, resp, startdate, enddate): def on_get(req, resp, startdate, enddate):
access_control(req)
try: try:
start_datetime_local = datetime.strptime(startdate, '%Y-%m-%d') start_datetime_local = datetime.strptime(startdate, '%Y-%m-%d')
except Exception: except Exception:
@ -97,6 +98,7 @@ class TextMessageItem:
@staticmethod @staticmethod
def on_get(req, resp, id_): def on_get(req, resp, id_):
access_control(req)
if not id_.isdigit() or int(id_) <= 0: if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_TEXT_MESSAGE_ID') description='API.INVALID_TEXT_MESSAGE_ID')
@ -145,6 +147,7 @@ class TextMessageItem:
@staticmethod @staticmethod
@user_logger @user_logger
def on_delete(req, resp, id_): def on_delete(req, resp, id_):
access_control(req)
if not id_.isdigit() or int(id_) <= 0: if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_TEXT_MESSAGE_ID') description='API.INVALID_TEXT_MESSAGE_ID')