diff --git a/admin/app/controllers/settings/costcenter/costfile.controller.js b/admin/app/controllers/settings/costcenter/costfile.controller.js index 12e3811f..d122cc43 100644 --- a/admin/app/controllers/settings/costcenter/costfile.controller.js +++ b/admin/app/controllers/settings/costcenter/costfile.controller.js @@ -26,8 +26,7 @@ app.controller('CostFileController', function ( url: getAPI() + 'costfiles', acceptedFiles: '.xlsx', dictDefaultMessage: 'Click(or Drop) to add files', - maxFilesize: '100', - headers: { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token } + maxFilesize: '100' }; $scope.dzCallbacks = { @@ -47,7 +46,7 @@ app.controller('CostFileController', function ( toaster.pop({ type: "error", title: $translate.instant("TOASTER.ERROR_ADD_BODY", {template: file.name}), - body: $translate.instant(response.data.description), + body: $translate.instant(xhr), showCloseButton: true, }); } diff --git a/admin/app/controllers/settings/knowledgefile/knowledgefile.controller.js b/admin/app/controllers/settings/knowledgefile/knowledgefile.controller.js index c0f33b50..a0be27ff 100644 --- a/admin/app/controllers/settings/knowledgefile/knowledgefile.controller.js +++ b/admin/app/controllers/settings/knowledgefile/knowledgefile.controller.js @@ -46,13 +46,14 @@ app.controller('KnowledgeFileController', function ( toaster.pop({ type: "error", title: $translate.instant("TOASTER.ERROR_ADD_BODY", {template: file.name}), - body: $translate.instant(response.data.description), + body: $translate.instant(xhr), showCloseButton: true, }); } }; $scope.restoreKnowledgeFile = function (knowledgefile) { - KnowledgeFileService.restoreKnowledgeFile(knowledgefile, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + KnowledgeFileService.restoreKnowledgeFile(knowledgefile, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -86,7 +87,8 @@ app.controller('KnowledgeFileController', function ( }, function (isConfirm) { if (isConfirm) { - KnowledgeFileService.deleteKnowledgeFile(knowledgefile, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + KnowledgeFileService.deleteKnowledgeFile(knowledgefile, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/controllers/settings/meter/offlinemeterfile.controller.js b/admin/app/controllers/settings/meter/offlinemeterfile.controller.js index cb4d8bc1..59d2ad20 100644 --- a/admin/app/controllers/settings/meter/offlinemeterfile.controller.js +++ b/admin/app/controllers/settings/meter/offlinemeterfile.controller.js @@ -47,7 +47,7 @@ app.controller('OfflineMeterFileController', function( toaster.pop({ type: "error", title: $translate.instant("TOASTER.ERROR_ADD_BODY", {template: file.name}), - body: $translate.instant(response.data.description), + body: $translate.instant(xhr), showCloseButton: true, }); } diff --git a/admin/app/services/settings/knowledgefile/knowledgefile.service.js b/admin/app/services/settings/knowledgefile/knowledgefile.service.js index f4086d17..617c0be7 100644 --- a/admin/app/services/settings/knowledgefile/knowledgefile.service.js +++ b/admin/app/services/settings/knowledgefile/knowledgefile.service.js @@ -10,8 +10,8 @@ app.factory('KnowledgeFileService', function ($http) { }); }, - addKnowledgeFile: function (knowledgefile, callback) { - $http.post(getAPI() + 'knowledgefiles', { data: knowledgefile }) + addKnowledgeFile: function (knowledgefile, headers, callback) { + $http.post(getAPI() + 'knowledgefiles', {data: knowledgefile}, {headers}) .then(function (response) { callback(response); }, function (response) { @@ -19,8 +19,8 @@ app.factory('KnowledgeFileService', function ($http) { }); }, - restoreKnowledgeFile: function (knowledgefile, callback) { - $http.get(getAPI() + 'knowledgefiles/' + knowledgefile.id + '/restore') + restoreKnowledgeFile: function (knowledgefile, headers, callback) { + $http.get(getAPI() + 'knowledgefiles/' + knowledgefile.id + '/restore', {headers}) .then(function (response) { callback(response); }, function (response) { @@ -28,8 +28,8 @@ app.factory('KnowledgeFileService', function ($http) { }); }, - deleteKnowledgeFile: function (knowledgefile, callback) { - $http.delete(getAPI() + 'knowledgefiles/' + knowledgefile.id) + deleteKnowledgeFile: function (knowledgefile, headers, callback) { + $http.delete(getAPI() + 'knowledgefiles/' + knowledgefile.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index 84f8347f..29f522f1 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "6678a44a-20bd-4ef2-9a9f-3c47421936c2", + "_postman_id": "188bbc28-1018-45ae-bdc8-c0b465102f5f", "name": "MyEMS", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, @@ -588,7 +588,9 @@ "request": { "method": "GET", "header": [], - "url": null + "url": { + "raw": "" + } }, "response": [] } @@ -2882,7 +2884,7 @@ }, { "key": "Token", - "value": "7b0f565da5320ad3f641145923a12ab22d94835b", + "value": "d2506282920bd7f1fb5db68605324bd7b8c6c305d84dcd43d43edfba6908136c4e468eca553c72f0211b2ad44fedb71c2f5c901816e5de828fa21cfb88a2552e", "type": "text" } ], @@ -2912,14 +2914,27 @@ "name": "DELETE a Knowledge File by ID", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "d2506282920bd7f1fb5db68605324bd7b8c6c305d84dcd43d43edfba6908136c4e468eca553c72f0211b2ad44fedb71c2f5c901816e5de828fa21cfb88a2552e", + "description": "Login to get a valid token", + "type": "text" + } + ], "url": { - "raw": "{{base_url}}/helpfiles/1", + "raw": "{{base_url}}/knowledgefiles/1", "host": [ "{{base_url}}" ], "path": [ - "helpfiles", + "knowledgefiles", "1" ] } @@ -2930,7 +2945,20 @@ "name": "Rstore a Knowledge File by ID", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "d2506282920bd7f1fb5db68605324bd7b8c6c305d84dcd43d43edfba6908136c4e468eca553c72f0211b2ad44fedb71c2f5c901816e5de828fa21cfb88a2552e", + "description": "Login to get a valid token", + "type": "text" + } + ], "url": { "raw": "{{base_url}}/knowledgefiles/1/restore", "host": [ diff --git a/myems-api/core/knowledgefile.py b/myems-api/core/knowledgefile.py index 6b2ce3f5..6caa8180 100644 --- a/myems-api/core/knowledgefile.py +++ b/myems-api/core/knowledgefile.py @@ -7,7 +7,7 @@ from datetime import datetime, timezone, timedelta import os import base64 import sys -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class KnowledgeFileCollection: @@ -76,7 +76,7 @@ class KnowledgeFileCollection: @user_logger def on_post(req, resp): """Handles POST requests""" - + access_control(req) try: upload = req.get_param('file') # Read upload file as binary @@ -234,6 +234,8 @@ class KnowledgeFileItem: @staticmethod @user_logger def on_delete(req, resp, id_): + """Handles DELETE requests""" + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', @@ -284,6 +286,7 @@ class KnowledgeFileRestore: @staticmethod def on_get(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_KNOWLEDGE_FILE_ID')