seg_yinzy
/
myems
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added access control to knowledge file

pull/80/head
13621160019@163.com 2021-11-19 22:10:59 +08:00
parent 2245dee31e
commit d15fef3b52
6 changed files with 54 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
admin/app/controllers/settings/costcenter/costfile.controller.js
View File

@ -26,8 +26,7 @@ app.controller('CostFileController', function (
url: getAPI() + 'costfiles', url: getAPI() + 'costfiles',
acceptedFiles: '.xlsx', acceptedFiles: '.xlsx',
dictDefaultMessage: 'Click(or Drop) to add files', dictDefaultMessage: 'Click(or Drop) to add files',
maxFilesize: '100', maxFilesize: '100'
headers: { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }
}; };
$scope.dzCallbacks = { $scope.dzCallbacks = {
@ -47,7 +46,7 @@ app.controller('CostFileController', function (
toaster.pop({ toaster.pop({
type: "error", type: "error",
title: $translate.instant("TOASTER.ERROR_ADD_BODY", {template: file.name}), title: $translate.instant("TOASTER.ERROR_ADD_BODY", {template: file.name}),
body: $translate.instant(response.data.description), body: $translate.instant(xhr),
showCloseButton: true, showCloseButton: true,
}); });
} }

8
admin/app/controllers/settings/knowledgefile/knowledgefile.controller.js
View File

@ -46,13 +46,14 @@ app.controller('KnowledgeFileController', function (
toaster.pop({ toaster.pop({
type: "error", type: "error",
title: $translate.instant("TOASTER.ERROR_ADD_BODY", {template: file.name}), title: $translate.instant("TOASTER.ERROR_ADD_BODY", {template: file.name}),
body: $translate.instant(response.data.description), body: $translate.instant(xhr),
showCloseButton: true, showCloseButton: true,
}); });
} }
}; };
$scope.restoreKnowledgeFile = function (knowledgefile) { $scope.restoreKnowledgeFile = function (knowledgefile) {
KnowledgeFileService.restoreKnowledgeFile(knowledgefile, function (response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
KnowledgeFileService.restoreKnowledgeFile(knowledgefile, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 200) { if (angular.isDefined(response.status) && response.status === 200) {
toaster.pop({ toaster.pop({
type: "success", type: "success",
@ -86,7 +87,8 @@ app.controller('KnowledgeFileController', function (
}, },
function (isConfirm) { function (isConfirm) {
if (isConfirm) { if (isConfirm) {
KnowledgeFileService.deleteKnowledgeFile(knowledgefile, function (response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
KnowledgeFileService.deleteKnowledgeFile(knowledgefile, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 204) { if (angular.isDefined(response.status) && response.status === 204) {
toaster.pop({ toaster.pop({
type: "success", type: "success",

2
admin/app/controllers/settings/meter/offlinemeterfile.controller.js
View File

@ -47,7 +47,7 @@ app.controller('OfflineMeterFileController', function(
toaster.pop({ toaster.pop({
type: "error", type: "error",
title: $translate.instant("TOASTER.ERROR_ADD_BODY", {template: file.name}), title: $translate.instant("TOASTER.ERROR_ADD_BODY", {template: file.name}),
body: $translate.instant(response.data.description), body: $translate.instant(xhr),
showCloseButton: true, showCloseButton: true,
}); });
} }

12
admin/app/services/settings/knowledgefile/knowledgefile.service.js
View File

@ -10,8 +10,8 @@ app.factory('KnowledgeFileService', function ($http) {
}); });
}, },
addKnowledgeFile: function (knowledgefile, callback) { addKnowledgeFile: function (knowledgefile, headers, callback) {
$http.post(getAPI() + 'knowledgefiles', { data: knowledgefile }) $http.post(getAPI() + 'knowledgefiles', {data: knowledgefile}, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
@ -19,8 +19,8 @@ app.factory('KnowledgeFileService', function ($http) {
}); });
}, },
restoreKnowledgeFile: function (knowledgefile, callback) { restoreKnowledgeFile: function (knowledgefile, headers, callback) {
$http.get(getAPI() + 'knowledgefiles/' + knowledgefile.id + '/restore') $http.get(getAPI() + 'knowledgefiles/' + knowledgefile.id + '/restore', {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
@ -28,8 +28,8 @@ app.factory('KnowledgeFileService', function ($http) {
}); });
}, },
deleteKnowledgeFile: function (knowledgefile, callback) { deleteKnowledgeFile: function (knowledgefile, headers, callback) {
$http.delete(getAPI() + 'knowledgefiles/' + knowledgefile.id) $http.delete(getAPI() + 'knowledgefiles/' + knowledgefile.id, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {

42
myems-api/MyEMS.postman_collection.json
View File

@ -1,6 +1,6 @@
{ {
"info": { "info": {
"_postman_id": "6678a44a-20bd-4ef2-9a9f-3c47421936c2", "_postman_id": "188bbc28-1018-45ae-bdc8-c0b465102f5f",
"name": "MyEMS", "name": "MyEMS",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
}, },
@ -588,7 +588,9 @@
"request": { "request": {
"method": "GET", "method": "GET",
"header": [], "header": [],
"url": null "url": {
"raw": ""
}
}, },
"response": [] "response": []
} }
@ -2882,7 +2884,7 @@
}, },
{ {
"key": "Token", "key": "Token",
"value": "7b0f565da5320ad3f641145923a12ab22d94835b", "value": "d2506282920bd7f1fb5db68605324bd7b8c6c305d84dcd43d43edfba6908136c4e468eca553c72f0211b2ad44fedb71c2f5c901816e5de828fa21cfb88a2552e",
"type": "text" "type": "text"
} }
], ],
@ -2912,14 +2914,27 @@
"name": "DELETE a Knowledge File by ID", "name": "DELETE a Knowledge File by ID",
"request": { "request": {
"method": "DELETE", "method": "DELETE",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"description": "Any admin users' UUID",
"type": "text"
},
{
"key": "Token",
"value": "d2506282920bd7f1fb5db68605324bd7b8c6c305d84dcd43d43edfba6908136c4e468eca553c72f0211b2ad44fedb71c2f5c901816e5de828fa21cfb88a2552e",
"description": "Login to get a valid token",
"type": "text"
}
],
"url": { "url": {
"raw": "{{base_url}}/helpfiles/1", "raw": "{{base_url}}/knowledgefiles/1",
"host": [ "host": [
"{{base_url}}" "{{base_url}}"
], ],
"path": [ "path": [
"helpfiles", "knowledgefiles",
"1" "1"
] ]
} }
@ -2930,7 +2945,20 @@
"name": "Rstore a Knowledge File by ID", "name": "Rstore a Knowledge File by ID",
"request": { "request": {
"method": "GET", "method": "GET",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"description": "Any admin users' UUID",
"type": "text"
},
{
"key": "Token",
"value": "d2506282920bd7f1fb5db68605324bd7b8c6c305d84dcd43d43edfba6908136c4e468eca553c72f0211b2ad44fedb71c2f5c901816e5de828fa21cfb88a2552e",
"description": "Login to get a valid token",
"type": "text"
}
],
"url": { "url": {
"raw": "{{base_url}}/knowledgefiles/1/restore", "raw": "{{base_url}}/knowledgefiles/1/restore",
"host": [ "host": [

7
myems-api/core/knowledgefile.py
View File

@ -7,7 +7,7 @@ from datetime import datetime, timezone, timedelta
import os import os
import base64 import base64
import sys import sys
from core.useractivity import user_logger from core.useractivity import user_logger, access_control
class KnowledgeFileCollection: class KnowledgeFileCollection:
@ -76,7 +76,7 @@ class KnowledgeFileCollection:
@user_logger @user_logger
def on_post(req, resp): def on_post(req, resp):
"""Handles POST requests""" """Handles POST requests"""
access_control(req)
try: try:
upload = req.get_param('file') upload = req.get_param('file')
# Read upload file as binary # Read upload file as binary
@ -234,6 +234,8 @@ class KnowledgeFileItem:
@staticmethod @staticmethod
@user_logger @user_logger
def on_delete(req, resp, id_): def on_delete(req, resp, id_):
"""Handles DELETE requests"""
access_control(req)
if not id_.isdigit() or int(id_) <= 0: if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, raise falcon.HTTPError(falcon.HTTP_400,
title='API.BAD_REQUEST', title='API.BAD_REQUEST',
@ -284,6 +286,7 @@ class KnowledgeFileRestore:
@staticmethod @staticmethod
def on_get(req, resp, id_): def on_get(req, resp, id_):
access_control(req)
if not id_.isdigit() or int(id_) <= 0: if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_KNOWLEDGE_FILE_ID') description='API.INVALID_KNOWLEDGE_FILE_ID')