From 9304225419495c1ce034c52f71104098ed699afd Mon Sep 17 00:00:00 2001 From: tianlinzhong <673359306@qq.com> Date: Mon, 29 Nov 2021 18:48:29 +0800 Subject: [PATCH] contact of access_control --- .../settings/contact/contact.controller.js | 13 +++-- .../settings/contact/contact.service.js | 12 ++--- myems-api/MyEMS.postman_collection.json | 47 +++++++++++++++++-- myems-api/README.md | 10 ++-- myems-api/core/contact.py | 5 +- 5 files changed, 66 insertions(+), 21 deletions(-) diff --git a/admin/app/controllers/settings/contact/contact.controller.js b/admin/app/controllers/settings/contact/contact.controller.js index 02aa61ac..89d5a05a 100644 --- a/admin/app/controllers/settings/contact/contact.controller.js +++ b/admin/app/controllers/settings/contact/contact.controller.js @@ -1,8 +1,8 @@ 'use strict'; -app.controller('ContactController', function($scope, $translate,$uibModal, ContactService,toaster,SweetAlert) { - +app.controller('ContactController', function($scope, $window, $translate,$uibModal, ContactService,toaster,SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllContacts = function() { ContactService.getAllContacts(function (response) { if (angular.isDefined(response.status) && response.status === 200) { @@ -28,7 +28,8 @@ app.controller('ContactController', function($scope, $translate,$uibModal, Conta } }); modalInstance.result.then(function(contact) { - ContactService.addContact(contact, function(response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + ContactService.addContact(contact, headers, function(response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -67,7 +68,8 @@ app.controller('ContactController', function($scope, $translate,$uibModal, Conta }); modalInstance.result.then(function (modifiedContact) { - ContactService.editContact(modifiedContact, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + ContactService.editContact(modifiedContact, headers, function (response) { if(angular.isDefined(response.status) && response.status === 200){ toaster.pop({ type: "success", @@ -103,7 +105,8 @@ app.controller('ContactController', function($scope, $translate,$uibModal, Conta closeOnCancel: true }, function (isConfirm) { if (isConfirm) { - ContactService.deleteContact(contact, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + ContactService.deleteContact(contact, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/settings/contact/contact.service.js b/admin/app/services/settings/contact/contact.service.js index 19b47c98..437540e0 100644 --- a/admin/app/services/settings/contact/contact.service.js +++ b/admin/app/services/settings/contact/contact.service.js @@ -17,24 +17,24 @@ app.factory('ContactService', function($http) { callback(response); }); }, - addContact: function(contact, callback) { - $http.post(getAPI()+'contacts',{data:contact}) + addContact: function(contact, headers, callback) { + $http.post(getAPI()+'contacts',{data:contact}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editContact: function(contact, callback) { - $http.put(getAPI()+'contacts/'+contact.id,{data:contact}) + editContact: function(contact, headers, callback) { + $http.put(getAPI()+'contacts/'+contact.id,{data:contact}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteContact: function(contact, callback) { - $http.delete(getAPI()+'contacts/'+contact.id) + deleteContact: function(contact, headers, callback) { + $http.delete(getAPI()+'contacts/'+contact.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index df8ee26b..4192a101 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "1a6c20d8-4d7a-49a1-a5e9-3d4261ba0505", + "_postman_id": "92712647-82fc-4cf2-acae-25fb13badd9e", "name": "MyEMS", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, @@ -634,7 +634,20 @@ "name": "POST Create New Contact", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "e3e753d078585ff791e8a899ad4bf3cc3673912061d5b6ab5119ed3ac713895ae1fc5f90f8d4a7942b1b139774b4db82e6702593b9a453a82982fdae47edac34", + "description": "Login to get a valid token", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"albert\", \"email\":\"albert@myems.io\", \"phone\":\"+8613888888888\", \"description\":\"contact description\"}}" @@ -655,7 +668,20 @@ "name": "PUT Update a Contact", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "e3e753d078585ff791e8a899ad4bf3cc3673912061d5b6ab5119ed3ac713895ae1fc5f90f8d4a7942b1b139774b4db82e6702593b9a453a82982fdae47edac34", + "description": "Login to get a valid token", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"albert\", \"email\":\"albert@myems.io\", \"phone\":\"+8613888888899\", \"description\":\"contact description\"}}" @@ -677,7 +703,20 @@ "name": "DELETE a Contact by ID", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "e3e753d078585ff791e8a899ad4bf3cc3673912061d5b6ab5119ed3ac713895ae1fc5f90f8d4a7942b1b139774b4db82e6702593b9a453a82982fdae47edac34", + "description": "Login to get a valid token", + "type": "text" + } + ], "url": { "raw": "{{base_url}}/contacts/2", "host": [ diff --git a/myems-api/README.md b/myems-api/README.md index afea25e8..2d2a2374 100644 --- a/myems-api/README.md +++ b/myems-api/README.md @@ -269,15 +269,15 @@ curl -i -X GET {{base_url}}/contacts ``` * DELETE Contact by ID ```bash -curl -i -X DELETE {{base_url}}/contacts/{id} +curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X DELETE {{base_url}}/contacts/{id} ``` * POST Create a New Contact ```bash -curl -i -H "Content-Type: application/json" -X POST -d '{"data":{"name":"albert", "email":"albert@myems.io", "phone":"+8613888888888", "description":"contact description"}}' {{base_url}}/contacts +curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X POST -d '{"data":{"name":"albert", "email":"albert@myems.io", "phone":"+8613888888888", "description":"contact description"}}' {{base_url}}/contacts ``` * PUT Update a Contact ```bash -curl -i -H "Content-Type: application/json" -X PUT -d '{"data":{"name":"albert", "email":"albert@myems.io", "phone":"+8613888888899", "description":"contact description"}}' {{base_url}}/contacts/{id} +curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X PUT -d '{"data":{"name":"albert", "email":"albert@myems.io", "phone":"+8613888888899", "description":"contact description"}}' {{base_url}}/contacts/{id} ``` ### Cost Center @@ -2402,9 +2402,9 @@ curl -i -X GET {{base_url}}/reports/virtualmetercost?virtualmeterid=1&periodtype ## References [1]. http://myems.io - + [2]. https://falconframework.org/ - + [3]. https://github.com/lwcolton/falcon-cors [4]. https://github.com/yohanboniface/falcon-multipart diff --git a/myems-api/core/contact.py b/myems-api/core/contact.py index 5a10a0d3..ef5dfd90 100644 --- a/myems-api/core/contact.py +++ b/myems-api/core/contact.py @@ -4,7 +4,7 @@ import mysql.connector import config import uuid import re -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class ContactCollection: @@ -48,6 +48,7 @@ class ContactCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -160,6 +161,7 @@ class ContactItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_CONTACT_ID') @@ -236,6 +238,7 @@ class ContactItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: