seg_yinzy
/
myems
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added access control to email server

pull/80/head
13621160019@163.com 2021-11-17 22:58:24 +08:00
parent cda9381ec1
commit 9937d0d051
4 changed files with 33 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
admin/app/controllers/settings/emailserver/emailserver.controller.js
View File

@ -1,10 +1,16 @@
'use strict'; 'use strict';
app.controller('EmailServerController', function($scope, $translate,$uibModal, EmailServerService,toaster,SweetAlert) { app.controller('EmailServerController', function($scope,
$window,
$translate,
$uibModal,
EmailServerService,
toaster,
SweetAlert) {
$scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user"));
$scope.getAllEmailServers = function() { $scope.getAllEmailServers = function() {
EmailServerService.getAllEmailServers(function (response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
EmailServerService.getAllEmailServers(headers, function (response) {
if (angular.isDefined(response.status) && response.status === 200) { if (angular.isDefined(response.status) && response.status === 200) {
$scope.emailservers = response.data; $scope.emailservers = response.data;
} else { } else {
@ -28,7 +34,8 @@ app.controller('EmailServerController', function($scope, $translate,$uibModal, E
} }
}); });
modalInstance.result.then(function(emailserver) { modalInstance.result.then(function(emailserver) {
EmailServerService.addEmailServer(emailserver, function (response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
EmailServerService.addEmailServer(emailserver, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 201) { if (angular.isDefined(response.status) && response.status === 201) {
toaster.pop({ toaster.pop({
type: "success", type: "success",
@ -67,7 +74,8 @@ app.controller('EmailServerController', function($scope, $translate,$uibModal, E
}); });
modalInstance.result.then(function (modifiedEmailServer) { modalInstance.result.then(function (modifiedEmailServer) {
EmailServerService.editEmailServer(modifiedEmailServer,function (response){ let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
EmailServerService.editEmailServer(modifiedEmailServer, headers, function (response){
if(angular.isDefined(response.status) && response.status === 200){ if(angular.isDefined(response.status) && response.status === 200){
toaster.pop({ toaster.pop({
type: "success", type: "success",
@ -103,7 +111,8 @@ app.controller('EmailServerController', function($scope, $translate,$uibModal, E
closeOnCancel: true }, closeOnCancel: true },
function (isConfirm) { function (isConfirm) {
if (isConfirm) { if (isConfirm) {
EmailServerService.deleteEmailServer(emailserver, function (response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
EmailServerService.deleteEmailServer(emailserver, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 204) { if (angular.isDefined(response.status) && response.status === 204) {
toaster.pop({ toaster.pop({
type: "success", type: "success",

1
admin/app/controllers/users/user/user.controller.js
View File

@ -8,7 +8,6 @@ app.controller('UserController', function ($scope,
toaster, toaster,
$translate, $translate,
SweetAlert) { SweetAlert) {
$scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user"));
$scope.getAllUsers = function () { $scope.getAllUsers = function () {
let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };

20
admin/app/services/settings/emailserver/emailserver.service.js
View File

@ -1,8 +1,8 @@
'use strict'; 'use strict';
app.factory('EmailServerService', function($http) { app.factory('EmailServerService', function($http) {
return { return {
getAllEmailServers:function(callback){ getAllEmailServers:function(headers, callback){
$http.get(getAPI()+'emailservers') $http.get(getAPI()+'emailservers', {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
@ -17,32 +17,32 @@ app.factory('EmailServerService', function($http) {
callback(response); callback(response);
}); });
}, },
addEmailServer: function(emailserver, callback) { addEmailServer: function(emailserver, headers, callback) {
$http.post(getAPI()+'emailservers',{data:emailserver}) $http.post(getAPI()+'emailservers', {data:emailserver}, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
callback(response); callback(response);
}); });
}, },
editEmailServer: function(emailserver, callback) { editEmailServer: function(emailserver, headers, callback) {
$http.put(getAPI()+'emailservers/'+emailserver.id,{data:emailserver}) $http.put(getAPI()+'emailservers/' + emailserver.id, {data:emailserver}, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
callback(response); callback(response);
}); });
}, },
deleteEmailServer: function(emailserver, callback) { deleteEmailServer: function(emailserver, headers, callback) {
$http.delete(getAPI()+'emailservers/'+emailserver.id) $http.delete(getAPI()+'emailservers/' + emailserver.id, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
callback(response); callback(response);
}); });
}, },
getEmailServer: function(id, callback) { getEmailServer: function(emailserver, headers, callback) {
$http.get(getAPI()+'emailservers/'+id) $http.get(getAPI()+'emailservers/' + emailserver.id, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {

8
myems-api/core/emailserver.py
View File

@ -4,7 +4,7 @@ import mysql.connector
import config import config
import base64 import base64
import re import re
from core.useractivity import user_logger from core.useractivity import user_logger, access_control
class EmailServerCollection: class EmailServerCollection:
@ -19,6 +19,7 @@ class EmailServerCollection:
@staticmethod @staticmethod
def on_get(req, resp): def on_get(req, resp):
access_control(req)
cnx = mysql.connector.connect(**config.myems_fdd_db) cnx = mysql.connector.connect(**config.myems_fdd_db)
cursor = cnx.cursor() cursor = cnx.cursor()
@ -48,6 +49,7 @@ class EmailServerCollection:
@user_logger @user_logger
def on_post(req, resp): def on_post(req, resp):
"""Handles POST requests""" """Handles POST requests"""
access_control(req)
try: try:
raw_json = req.stream.read().decode('utf-8') raw_json = req.stream.read().decode('utf-8')
except Exception as ex: except Exception as ex:
@ -150,6 +152,7 @@ class EmailServerItem:
@staticmethod @staticmethod
def on_get(req, resp, id_): def on_get(req, resp, id_):
access_control(req)
if not id_.isdigit() or int(id_) <= 0: if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, '400 Bad Request') raise falcon.HTTPError(falcon.HTTP_400, '400 Bad Request')
@ -179,6 +182,8 @@ class EmailServerItem:
@staticmethod @staticmethod
@user_logger @user_logger
def on_delete(req, resp, id_): def on_delete(req, resp, id_):
"""Handles DELETE requests"""
access_control(req)
if not id_.isdigit() or int(id_) <= 0: if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_EMAIL_SERVER_ID') description='API.INVALID_EMAIL_SERVER_ID')
@ -207,6 +212,7 @@ class EmailServerItem:
@user_logger @user_logger
def on_put(req, resp, id_): def on_put(req, resp, id_):
"""Handles PUT requests""" """Handles PUT requests"""
access_control(req)
try: try:
raw_json = req.stream.read().decode('utf-8') raw_json = req.stream.read().decode('utf-8')
except Exception as ex: except Exception as ex: