diff --git a/admin/app/controllers/settings/energyflowdiagram/energyflowdiagram.controller.js b/admin/app/controllers/settings/energyflowdiagram/energyflowdiagram.controller.js index dd8f81fe..5cf69fae 100644 --- a/admin/app/controllers/settings/energyflowdiagram/energyflowdiagram.controller.js +++ b/admin/app/controllers/settings/energyflowdiagram/energyflowdiagram.controller.js @@ -1,7 +1,13 @@ 'use strict'; -app.controller('EnergyFlowDiagramController', function($scope, $translate, $uibModal, EnergyFlowDiagramService, toaster,SweetAlert) { - +app.controller('EnergyFlowDiagramController', function($scope, + $window, + $translate, + $uibModal, + EnergyFlowDiagramService, + toaster, + SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllEnergyFlowDiagrams = function() { EnergyFlowDiagramService.getAllEnergyFlowDiagrams(function (response) { if (angular.isDefined(response.status) && response.status === 200) { @@ -19,7 +25,8 @@ app.controller('EnergyFlowDiagramController', function($scope, $translate, $uibM windowClass: "animated fadeIn", }); modalInstance.result.then(function(energyflowdiagram) { - EnergyFlowDiagramService.addEnergyFlowDiagram(energyflowdiagram, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EnergyFlowDiagramService.addEnergyFlowDiagram(energyflowdiagram, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -58,7 +65,8 @@ app.controller('EnergyFlowDiagramController', function($scope, $translate, $uibM }); modalInstance.result.then(function(modifiedEnergyFlowDiagram) { - EnergyFlowDiagramService.editEnergyFlowDiagram(modifiedEnergyFlowDiagram, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EnergyFlowDiagramService.editEnergyFlowDiagram(modifiedEnergyFlowDiagram, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -95,7 +103,8 @@ app.controller('EnergyFlowDiagramController', function($scope, $translate, $uibM closeOnCancel: true }, function (isConfirm) { if (isConfirm) { - EnergyFlowDiagramService.deleteEnergyFlowDiagram(energyflowdiagram, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EnergyFlowDiagramService.deleteEnergyFlowDiagram(energyflowdiagram, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/settings/energyflowdiagram/energyflowdiagram.service.js b/admin/app/services/settings/energyflowdiagram/energyflowdiagram.service.js index c82b3f22..6180fe60 100644 --- a/admin/app/services/settings/energyflowdiagram/energyflowdiagram.service.js +++ b/admin/app/services/settings/energyflowdiagram/energyflowdiagram.service.js @@ -17,24 +17,24 @@ app.factory('EnergyFlowDiagramService', function($http) { callback(response); }); }, - addEnergyFlowDiagram: function(energyflowdiagram, callback) { - $http.post(getAPI()+'energyflowdiagrams',{data:energyflowdiagram}) + addEnergyFlowDiagram: function(energyflowdiagram, headers, callback) { + $http.post(getAPI()+'energyflowdiagrams',{data:energyflowdiagram}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editEnergyFlowDiagram: function(energyflowdiagram, callback) { - $http.put(getAPI()+'energyflowdiagrams/'+energyflowdiagram.id,{data:energyflowdiagram}) + editEnergyFlowDiagram: function(energyflowdiagram, headers, callback) { + $http.put(getAPI()+'energyflowdiagrams/'+energyflowdiagram.id,{data:energyflowdiagram}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteEnergyFlowDiagram: function(energyflowdiagram, callback) { - $http.delete(getAPI()+'energyflowdiagrams/'+energyflowdiagram.id) + deleteEnergyFlowDiagram: function(energyflowdiagram, headers, callback) { + $http.delete(getAPI()+'energyflowdiagrams/'+energyflowdiagram.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index d17add4c..86ba0b6c 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "98580f5c-106c-4b86-8262-ec3c918608e1", + "_postman_id": "ab4b1f3e-3892-4a0e-801b-4ec90d4592fe", "name": "MyEMS", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, @@ -2030,7 +2030,20 @@ "name": "POST Create an Energy Flow Diagram", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "073b43c05dadd89b833c0595b81c49cb9c1a54ca52b024b301a001720e52c5bf3b95951d5c54766de1028d20301cbd2bb6ec3fb62f9e14d7254cbf3811fe6c93", + "description": "Login to get a valid token", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"MyEMS Energy Flow\"}}" @@ -2051,7 +2064,20 @@ "name": "PUT Update an Energy Flow Diagram", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "073b43c05dadd89b833c0595b81c49cb9c1a54ca52b024b301a001720e52c5bf3b95951d5c54766de1028d20301cbd2bb6ec3fb62f9e14d7254cbf3811fe6c93", + "description": "Login to get a valid token", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"MyEMS Energy Flow Diagram\"}}" @@ -2073,7 +2099,20 @@ "name": "DELETE an Energy Flow Diagram", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "073b43c05dadd89b833c0595b81c49cb9c1a54ca52b024b301a001720e52c5bf3b95951d5c54766de1028d20301cbd2bb6ec3fb62f9e14d7254cbf3811fe6c93", + "description": "Login to get a valid token", + "type": "text" + } + ], "url": { "raw": "{{base_url}}/energyflowdiagrams/2", "host": [ diff --git a/myems-api/README.md b/myems-api/README.md index 2d2a2374..99bcea51 100644 --- a/myems-api/README.md +++ b/myems-api/README.md @@ -604,15 +604,15 @@ curl -i -X GET {{base_url}}/energyflowdiagrams ``` * DELETE an Energy Flow Diagram by ID ```bash -curl -i -X DELETE {{base_url}}/energyflowdiagrams/{id} +curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X DELETE {{base_url}}/energyflowdiagrams/{id} ``` * POST Create an Energy Flow Diagram ```bash -curl -i -H "Content-Type: application/json" -X POST -d '{"data":{"name":"MyEMS Energy Flow"}}' {{base_url}}/energyflowdiagrams +curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X POST -d '{"data":{"name":"MyEMS Energy Flow"}}' {{base_url}}/energyflowdiagrams ``` * PUT Update an Energy Flow Diagram ```bash -curl -i -H "Content-Type: application/json" -X PUT -d '{"data":{"name":"MyEMS Energy Flow Diagram"}}' {{base_url}}/energyflowdiagrams/{id} +curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X PUT -d '{"data":{"name":"MyEMS Energy Flow Diagram"}}' {{base_url}}/energyflowdiagrams/{id} ``` * GET All Nodes of an Energy Flow Diagram by ID ```bash diff --git a/myems-api/core/energyflowdiagram.py b/myems-api/core/energyflowdiagram.py index 82c8c7d5..fa4f9304 100644 --- a/myems-api/core/energyflowdiagram.py +++ b/myems-api/core/energyflowdiagram.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class EnergyFlowDiagramCollection: @@ -124,6 +124,7 @@ class EnergyFlowDiagramCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -285,6 +286,7 @@ class EnergyFlowDiagramItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_ENERGY_FLOW_DIAGRAM_ID') @@ -315,6 +317,7 @@ class EnergyFlowDiagramItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_ENERGY_FLOW_DIAGRAM_ID')