added access control to POST/PUT/DELETE of storetype in api

2021-11-17 13:32:23 +08:00 · 2021-11-17 13:32:23 +08:00 · cda9381ec1
parent 9d17baff1c
commit cda9381ec1
2 changed files with 41 additions and 4 deletions
--- a/myems-api/MyEMS.postman_collection.json
+++ b/myems-api/MyEMS.postman_collection.json
@ -5610,7 +5610,18 @@
 							"name": "POST Create New Store Type",
 							"request": {
 								"method": "POST",
-								"header": [],
+								"header": [
+									{
+										"key": "User-UUID",
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"type": "text"
+									},
+									{
+										"key": "Token",
+										"value": "1fa30152c96bac9fca99954f063b6e65bb40bfc602e4b5db3dc243577811d5bc71a5ebd0aeb732b15925d1b76fea32ec069e00ba395ce637a6e6ddc8e75cf882",
+										"type": "text"
+									}
+								],
 								"body": {
 									"mode": "raw",
 									"raw": "{\"data\":{\"name\": \"Car\", \"description\":\"汽车\", \"simplified_code\":\"CA\"}}"
@ -5631,7 +5642,18 @@
 							"name": "PUT Update a Store Type",
 							"request": {
 								"method": "PUT",
-								"header": [],
+								"header": [
+									{
+										"key": "User-UUID",
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"type": "text"
+									},
+									{
+										"key": "Token",
+										"value": "1fa30152c96bac9fca99954f063b6e65bb40bfc602e4b5db3dc243577811d5bc71a5ebd0aeb732b15925d1b76fea32ec069e00ba395ce637a6e6ddc8e75cf882",
+										"type": "text"
+									}
+								],
 								"body": {
 									"mode": "raw",
 									"raw": "{\"data\":{\"name\": \"Auto\", \"description\":\"汽车\", \"simplified_code\":\"AT\"}}"
@ -5653,7 +5675,18 @@
 							"name": "DELETE a Store Type by ID",
 							"request": {
 								"method": "DELETE",
-								"header": [],
+								"header": [
+									{
+										"key": "User-UUID",
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"type": "text"
+									},
+									{
+										"key": "Token",
+										"value": "1fa30152c96bac9fca99954f063b6e65bb40bfc602e4b5db3dc243577811d5bc71a5ebd0aeb732b15925d1b76fea32ec069e00ba395ce637a6e6ddc8e75cf882",
+										"type": "text"
+									}
+								],
 								"url": {
 									"raw": "{{base_url}}/storetypes/4",
 									"host": [
--- a/myems-api/core/storetype.py
+++ b/myems-api/core/storetype.py
@ -3,7 +3,7 @@ import simplejson as json
 import mysql.connector
 import config
 import uuid
-from core.useractivity import user_logger
+from core.useractivity import user_logger, access_control


 class StoreTypeCollection:
@ -42,6 +42,7 @@ class StoreTypeCollection:
    @user_logger
    def on_post(req, resp):
        """Handles POST requests"""
+        access_control(req)
        try:
            raw_json = req.stream.read().decode('utf-8')
        except Exception as ex:
@ -150,6 +151,8 @@ class StoreTypeItem:
    @staticmethod
    @user_logger
    def on_delete(req, resp, id_):
+        """Handles DELETE requests"""
+        access_control(req)
        if not id_.isdigit() or int(id_) <= 0:
            raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
                                   description='API.INVALID_STORE_TYPE_ID')
@ -188,6 +191,7 @@ class StoreTypeItem:
    @user_logger
    def on_put(req, resp, id_):
        """Handles PUT requests"""
+        access_control(req)
        try:
            raw_json = req.stream.read().decode('utf-8')
        except Exception as ex: