From 9d17baff1cbc3c354ad7f1647bf92605930fd288 Mon Sep 17 00:00:00 2001 From: "13621160019@163.com" <13621160019@163.com> Date: Tue, 16 Nov 2021 21:42:41 +0800 Subject: [PATCH] added access control to tenanttype POST/PUT/DELETE actions in api --- myems-api/MyEMS.postman_collection.json | 53 +++++++++++++++++++++---- myems-api/core/tenanttype.py | 6 ++- 2 files changed, 51 insertions(+), 8 deletions(-) diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index 888be3c0..d91f26c9 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -6259,7 +6259,20 @@ "name": "POST Create New Tenant Type", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "361834d2ebe57d4e87c6aeb10dc502e70a970c6703f6e125ad91d59a1870df1add3622c0da57a567e0681664cf8c9ba6c8406483f493dbd9d05011ed8310f6fd", + "description": "Login to get a valid token", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\": \"Office1\", \"description\":\"办公\", \"simplified_code\":\"OF1\"}}" @@ -6280,19 +6293,32 @@ "name": "PUT Update a Tenant Type", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "361834d2ebe57d4e87c6aeb10dc502e70a970c6703f6e125ad91d59a1870df1add3622c0da57a567e0681664cf8c9ba6c8406483f493dbd9d05011ed8310f6fd", + "description": "Login to get a valid token", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\": \"Office1\", \"description\":\"办公\", \"simplified_code\":\"OF1\"}}" }, "url": { - "raw": "{{base_url}}/tenanttypes/1", + "raw": "{{base_url}}/tenanttypes/10", "host": [ "{{base_url}}" ], "path": [ "tenanttypes", - "1" + "10" ] } }, @@ -6302,15 +6328,28 @@ "name": "DELETE a Tenant Type by ID", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "361834d2ebe57d4e87c6aeb10dc502e70a970c6703f6e125ad91d59a1870df1add3622c0da57a567e0681664cf8c9ba6c8406483f493dbd9d05011ed8310f6fd", + "description": "Login to get a valid token", + "type": "text" + } + ], "url": { - "raw": "{{base_url}}/tenanttypes/1", + "raw": "{{base_url}}/tenanttypes/10", "host": [ "{{base_url}}" ], "path": [ "tenanttypes", - "1" + "10" ] } }, diff --git a/myems-api/core/tenanttype.py b/myems-api/core/tenanttype.py index 40ac9113..3f47dadf 100644 --- a/myems-api/core/tenanttype.py +++ b/myems-api/core/tenanttype.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class TenantTypeCollection: @@ -42,6 +42,7 @@ class TenantTypeCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -150,6 +151,8 @@ class TenantTypeItem: @staticmethod @user_logger def on_delete(req, resp, id_): + """Handles DELETE requests""" + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_TENANT_TYPE_ID') @@ -188,6 +191,7 @@ class TenantTypeItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: