added access control to energycategory

2021-11-23 11:19:38 +08:00 · 2021-11-23 11:19:38 +08:00 · a8fec3a7dd
parent c7660d844f
commit a8fec3a7dd
3 changed files with 19 additions and 16 deletions
--- a/admin/app/controllers/settings/category/energycategory.controller.js
+++ b/admin/app/controllers/settings/category/energycategory.controller.js
@ -27,7 +27,8 @@ app.controller('EnergyCategoryController', function($scope, $translate,$uibModal
 		    }
 		});
 		modalInstance.result.then(function(category) {
-			CategoryService.addCategory(category, function (response) {
+			let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
+			CategoryService.addCategory(category, headers, function (response) {
 				if (angular.isDefined(response.status) && response.status === 201) {
 					toaster.pop({
 						type: "success",
@ -68,7 +69,8 @@ app.controller('EnergyCategoryController', function($scope, $translate,$uibModal
 		});

 		modalInstance.result.then(function (modifiedCategory) {
-	        CategoryService.editCategory(modifiedCategory, function (response) {
+			let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
+	        CategoryService.editCategory(modifiedCategory, headers, function (response) {
 	            if(angular.isDefined(response.status) && response.status === 200){
 					toaster.pop({
 						type: "success",
@ -106,7 +108,8 @@ app.controller('EnergyCategoryController', function($scope, $translate,$uibModal
 		        closeOnCancel: true },
 		function (isConfirm) {
 			if (isConfirm) {
-				CategoryService.deleteCategory(category, function (response) {
+				let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
+				CategoryService.deleteCategory(category, headers, function (response) {
 					if (angular.isDefined(response.status) && response.status === 204) {
 						toaster.pop({
 							type: "success",
--- a/admin/app/services/settings/category/category.service.js
+++ b/admin/app/services/settings/category/category.service.js
@ -2,47 +2,47 @@
 app.factory('CategoryService', function($http) {  
    return {  
        getAllCategories:function(callback){
-            $http.get(getAPI()+'energycategories') 
+            $http.get(getAPI()+'energycategories')
            .then(function (response) {
                callback(response);
            }, function (response) {
                callback(response);
            });
        },
-        searchCategories: function(query, callback) {  
-            $http.get(getAPI()+'energycategories', { params: { q: query } }) 
+        searchCategories: function(query, headers, callback) {
+            $http.get(getAPI()+'energycategories', { params: { q: query } }, {headers})
            .then(function (response) {
                callback(response);
            }, function (response) {
                callback(response);
            });
        },
-        addCategory: function(category, callback) {  
-            $http.post(getAPI()+'energycategories',{data:category})  
+        addCategory: function(category, headers, callback) {
+            $http.post(getAPI()+'energycategories',{data:category}, {headers})
            .then(function (response) {
                callback(response);
            }, function (response) {
                callback(response);
            });
        },
-        editCategory: function(category, callback) {  
-            $http.put(getAPI()+'energycategories/'+category.id,{data:category}) 
+        editCategory: function(category, headers, callback) {
+            $http.put(getAPI()+'energycategories/'+category.id,{data:category}, {headers})
            .then(function (response) {
                callback(response);
            }, function (response) {
                callback(response);
            });
        },
-        deleteCategory: function(category, callback) {  
-            $http.delete(getAPI()+'energycategories/'+category.id)  
+        deleteCategory: function(category, headers, callback) {
+            $http.delete(getAPI()+'energycategories/'+category.id, {headers})
            .then(function (response) {
                callback(response);
            }, function (response) {
                callback(response);
            });
        },
-        getCategory: function(id, callback) {  
-            $http.get(getAPI()+'energycategories/'+id)  
+        getCategory: function(id, headers, callback) {
+            $http.get(getAPI()+'energycategories/'+id, {headers})
            .then(function (response) {
                callback(response);
            }, function (response) {
--- a/myems-api/core/energycategory.py
+++ b/myems-api/core/energycategory.py
@ -3,7 +3,7 @@ import simplejson as json
 import mysql.connector
 import config
 import uuid
-from core.useractivity import user_logger
+from core.useractivity import user_logger, access_control


 class EnergyCategoryCollection:
@ -42,6 +42,7 @@ class EnergyCategoryCollection:
    @user_logger
    def on_post(req, resp):
        """Handles POST requests"""
+        access_control(req)
        try:
            raw_json = req.stream.read().decode('utf-8')
        except Exception as ex:
@ -304,4 +305,3 @@ class EnergyCategoryItem:
        cursor.close()
        cnx.disconnect()
        resp.status = falcon.HTTP_200
-