seg_yinzy
/
myems
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added access control to POST/PUT/DELETE of storetype in api

pull/80/head
13621160019@163.com 2021-11-17 13:32:23 +08:00
parent 9d17baff1c
commit cda9381ec1
2 changed files with 41 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
myems-api/MyEMS.postman_collection.json
View File

@ -5610,7 +5610,18 @@
"name": "POST Create New Store Type", "name": "POST Create New Store Type",
"request": { "request": {
"method": "POST", "method": "POST",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text"
},
{
"key": "Token",
"value": "1fa30152c96bac9fca99954f063b6e65bb40bfc602e4b5db3dc243577811d5bc71a5ebd0aeb732b15925d1b76fea32ec069e00ba395ce637a6e6ddc8e75cf882",
"type": "text"
}
],
"body": { "body": {
"mode": "raw", "mode": "raw",
"raw": "{\"data\":{\"name\": \"Car\", \"description\":\"汽车\", \"simplified_code\":\"CA\"}}" "raw": "{\"data\":{\"name\": \"Car\", \"description\":\"汽车\", \"simplified_code\":\"CA\"}}"
@ -5631,7 +5642,18 @@
"name": "PUT Update a Store Type", "name": "PUT Update a Store Type",
"request": { "request": {
"method": "PUT", "method": "PUT",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text"
},
{
"key": "Token",
"value": "1fa30152c96bac9fca99954f063b6e65bb40bfc602e4b5db3dc243577811d5bc71a5ebd0aeb732b15925d1b76fea32ec069e00ba395ce637a6e6ddc8e75cf882",
"type": "text"
}
],
"body": { "body": {
"mode": "raw", "mode": "raw",
"raw": "{\"data\":{\"name\": \"Auto\", \"description\":\"汽车\", \"simplified_code\":\"AT\"}}" "raw": "{\"data\":{\"name\": \"Auto\", \"description\":\"汽车\", \"simplified_code\":\"AT\"}}"
@ -5653,7 +5675,18 @@
"name": "DELETE a Store Type by ID", "name": "DELETE a Store Type by ID",
"request": { "request": {
"method": "DELETE", "method": "DELETE",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text"
},
{
"key": "Token",
"value": "1fa30152c96bac9fca99954f063b6e65bb40bfc602e4b5db3dc243577811d5bc71a5ebd0aeb732b15925d1b76fea32ec069e00ba395ce637a6e6ddc8e75cf882",
"type": "text"
}
],
"url": { "url": {
"raw": "{{base_url}}/storetypes/4", "raw": "{{base_url}}/storetypes/4",
"host": [ "host": [

6
myems-api/core/storetype.py
View File

@ -3,7 +3,7 @@ import simplejson as json
import mysql.connector import mysql.connector
import config import config
import uuid import uuid
from core.useractivity import user_logger from core.useractivity import user_logger, access_control
class StoreTypeCollection: class StoreTypeCollection:
@ -42,6 +42,7 @@ class StoreTypeCollection:
@user_logger @user_logger
def on_post(req, resp): def on_post(req, resp):
"""Handles POST requests""" """Handles POST requests"""
access_control(req)
try: try:
raw_json = req.stream.read().decode('utf-8') raw_json = req.stream.read().decode('utf-8')
except Exception as ex: except Exception as ex:
@ -150,6 +151,8 @@ class StoreTypeItem:
@staticmethod @staticmethod
@user_logger @user_logger
def on_delete(req, resp, id_): def on_delete(req, resp, id_):
"""Handles DELETE requests"""
access_control(req)
if not id_.isdigit() or int(id_) <= 0: if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_STORE_TYPE_ID') description='API.INVALID_STORE_TYPE_ID')
@ -188,6 +191,7 @@ class StoreTypeItem:
@user_logger @user_logger
def on_put(req, resp, id_): def on_put(req, resp, id_):
"""Handles PUT requests""" """Handles PUT requests"""
access_control(req)
try: try:
raw_json = req.stream.read().decode('utf-8') raw_json = req.stream.read().decode('utf-8')
except Exception as ex: except Exception as ex: