From cda9381ec16dc0d10d6e5b30be5896fe71fe0151 Mon Sep 17 00:00:00 2001 From: "13621160019@163.com" <13621160019@163.com> Date: Wed, 17 Nov 2021 13:32:23 +0800 Subject: [PATCH] added access control to POST/PUT/DELETE of storetype in api --- myems-api/MyEMS.postman_collection.json | 39 +++++++++++++++++++++++-- myems-api/core/storetype.py | 6 +++- 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index d91f26c9..8e042dce 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -5610,7 +5610,18 @@ "name": "POST Create New Store Type", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "1fa30152c96bac9fca99954f063b6e65bb40bfc602e4b5db3dc243577811d5bc71a5ebd0aeb732b15925d1b76fea32ec069e00ba395ce637a6e6ddc8e75cf882", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\": \"Car\", \"description\":\"汽车\", \"simplified_code\":\"CA\"}}" @@ -5631,7 +5642,18 @@ "name": "PUT Update a Store Type", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "1fa30152c96bac9fca99954f063b6e65bb40bfc602e4b5db3dc243577811d5bc71a5ebd0aeb732b15925d1b76fea32ec069e00ba395ce637a6e6ddc8e75cf882", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\": \"Auto\", \"description\":\"汽车\", \"simplified_code\":\"AT\"}}" @@ -5653,7 +5675,18 @@ "name": "DELETE a Store Type by ID", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "1fa30152c96bac9fca99954f063b6e65bb40bfc602e4b5db3dc243577811d5bc71a5ebd0aeb732b15925d1b76fea32ec069e00ba395ce637a6e6ddc8e75cf882", + "type": "text" + } + ], "url": { "raw": "{{base_url}}/storetypes/4", "host": [ diff --git a/myems-api/core/storetype.py b/myems-api/core/storetype.py index 42ef51ed..e55edabb 100644 --- a/myems-api/core/storetype.py +++ b/myems-api/core/storetype.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class StoreTypeCollection: @@ -42,6 +42,7 @@ class StoreTypeCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -150,6 +151,8 @@ class StoreTypeItem: @staticmethod @user_logger def on_delete(req, resp, id_): + """Handles DELETE requests""" + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_STORE_TYPE_ID') @@ -188,6 +191,7 @@ class StoreTypeItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: