From d3519bf39cb7d47887445b0b20685836f1a4b43d Mon Sep 17 00:00:00 2001 From: "13621160019@163.com" <13621160019@163.com> Date: Fri, 10 Dec 2021 17:58:42 +0800 Subject: [PATCH] added access control to rule in api and admin --- .../controllers/fdd/rule/rule.controller.js | 22 ++++-- admin/app/services/fdd/rule.service.js | 24 +++---- myems-api/MyEMS.postman_collection.json | 69 +++++++++++++++++-- myems-api/README.md | 4 +- myems-api/core/rule.py | 8 +++ 5 files changed, 101 insertions(+), 26 deletions(-) diff --git a/admin/app/controllers/fdd/rule/rule.controller.js b/admin/app/controllers/fdd/rule/rule.controller.js index 9719b295..d85c5be8 100644 --- a/admin/app/controllers/fdd/rule/rule.controller.js +++ b/admin/app/controllers/fdd/rule/rule.controller.js @@ -1,6 +1,14 @@ 'use strict'; -app.controller('RuleController', function($scope, $uibModal, $translate, RuleService, toaster, SweetAlert) { +app.controller('RuleController', function( + $scope, + $window, + $uibModal, + $translate, + RuleService, + toaster, + SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.initExpression = [{ "sample_object_id": 1, @@ -13,7 +21,8 @@ app.controller('RuleController', function($scope, $uibModal, $translate, RuleSer $scope.initMessageTemplate = 'This a sample template. Use %s for substitution. You can use multiple %s s in the template.'; $scope.getAllRules = function() { - RuleService.getAllRules(function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + RuleService.getAllRules(headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { $scope.rules = response.data; } else { @@ -40,7 +49,8 @@ app.controller('RuleController', function($scope, $uibModal, $translate, RuleSer } }); modalInstance.result.then(function(rule) { - RuleService.addRule(rule, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + RuleService.addRule(rule, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -79,7 +89,8 @@ app.controller('RuleController', function($scope, $uibModal, $translate, RuleSer }); modalInstance.result.then(function(modifiedRule) { - RuleService.editRule(modifiedRule, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + RuleService.editRule(modifiedRule, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -117,7 +128,8 @@ app.controller('RuleController', function($scope, $uibModal, $translate, RuleSer }, function(isConfirm) { if (isConfirm) { - RuleService.deleteRule(rule, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + RuleService.deleteRule(rule, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/fdd/rule.service.js b/admin/app/services/fdd/rule.service.js index e4c92e65..266b05ae 100644 --- a/admin/app/services/fdd/rule.service.js +++ b/admin/app/services/fdd/rule.service.js @@ -1,48 +1,48 @@ 'use strict'; app.factory('RuleService', function($http) { return { - getAllRules:function(callback){ - $http.get(getAPI()+'rules') + getAllRules:function(headers, callback){ + $http.get(getAPI()+'rules', {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - searchRules: function(query, callback) { - $http.get(getAPI()+'rules', { params: { q: query } }) + searchRules: function(query, headers, callback) { + $http.get(getAPI()+'rules', { params: { q: query } }, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - addRule: function(rule, callback) { - $http.post(getAPI()+'rules',{data:rule}) + addRule: function(rule, headers, callback) { + $http.post(getAPI()+'rules', {data:rule}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editRule: function(rule, callback) { - $http.put(getAPI()+'rules/'+rule.id,{data:rule}) + editRule: function(rule, headers, callback) { + $http.put(getAPI()+'rules/'+rule.id,{data:rule}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteRule: function(rule, callback) { - $http.delete(getAPI()+'rules/'+rule.id) + deleteRule: function(rule, headers, callback) { + $http.delete(getAPI()+'rules/'+rule.id, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - getRule: function(id, callback) { - $http.get(getAPI()+'rules/'+id) + getRule: function(id, headers, callback) { + $http.get(getAPI()+'rules/'+id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index 07e24531..c2514164 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -5100,7 +5100,18 @@ "name": "GET All Rules", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "2ac29271a9c58218ba88928dd13bccb3662f2b320152cc5ef52f76f2c2450f48c12bad4fbd4c7b03bd35686c70909894e5e3637b67198108f3e403d4a6ca8f55", + "type": "text" + } + ], "url": { "raw": "{{base_url}}/rules", "host": [ @@ -5117,7 +5128,18 @@ "name": "GET a Rule by ID ", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "2ac29271a9c58218ba88928dd13bccb3662f2b320152cc5ef52f76f2c2450f48c12bad4fbd4c7b03bd35686c70909894e5e3637b67198108f3e403d4a6ca8f55", + "type": "text" + } + ], "url": { "raw": "{{base_url}}/rules/1", "host": [ @@ -5135,7 +5157,18 @@ "name": "POST Create New Rule", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "2ac29271a9c58218ba88928dd13bccb3662f2b320152cc5ef52f76f2c2450f48c12bad4fbd4c7b03bd35686c70909894e5e3637b67198108f3e403d4a6ca8f55", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"Space Energy Consumption Over Limit\", \"fdd_code\":\"SPACE01\", \"category\":\"SPACE\", \"priority\":\"HIGH\", \"channel\":\"WEB\", \"expression\":\"{\\\"space_id\\\":1, \\\"high_limit\\\":1000.000}\", \"message_template\":\"%s截止到目前电耗%s,超标%s。\", \"is_enabled\":true}}" @@ -5156,19 +5189,30 @@ "name": "PUT Update a Rule", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "2ac29271a9c58218ba88928dd13bccb3662f2b320152cc5ef52f76f2c2450f48c12bad4fbd4c7b03bd35686c70909894e5e3637b67198108f3e403d4a6ca8f55", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"Space Energy Consumption Over Limit\", \"fdd_code\":\"SPACE01\", \"category\":\"SPACE\", \"priority\":\"HIGH\", \"channel\":\"WEB\", \"expression\":\"{\\\"space_id\\\":1, \\\"high_limit\\\":1000.000}\", \"message_template\":\"%s截止到目前电耗%s,超标%s。\", \"is_enabled\":true}}" }, "url": { - "raw": "{{base_url}}/rules/1", + "raw": "{{base_url}}/rules/2", "host": [ "{{base_url}}" ], "path": [ "rules", - "1" + "2" ] } }, @@ -5178,7 +5222,18 @@ "name": "DELETE a Rule by ID", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text" + }, + { + "key": "Token", + "value": "2ac29271a9c58218ba88928dd13bccb3662f2b320152cc5ef52f76f2c2450f48c12bad4fbd4c7b03bd35686c70909894e5e3637b67198108f3e403d4a6ca8f55", + "type": "text" + } + ], "url": { "raw": "{{base_url}}/rules/2", "host": [ diff --git a/myems-api/README.md b/myems-api/README.md index dfe26621..71fdd398 100644 --- a/myems-api/README.md +++ b/myems-api/README.md @@ -1283,11 +1283,11 @@ Result in JSON | next_run_datetime | float | null, or the next run datetime string in local timezone | ```bash -curl -i -X GET {{base_url}}/rules/{id} +curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/rules/{id} ``` * GET All Rules ```bash -curl -i -X GET {{base_url}}/rules +curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/rules ``` * DELETE a Rule by ID ```bash diff --git a/myems-api/core/rule.py b/myems-api/core/rule.py index 60246a9f..3601be71 100644 --- a/myems-api/core/rule.py +++ b/myems-api/core/rule.py @@ -19,6 +19,8 @@ class RuleCollection: @staticmethod def on_get(req, resp): + """Handles GET requests""" + access_control(req) cnx = mysql.connector.connect(**config.myems_fdd_db) cursor = cnx.cursor(dictionary=True) @@ -70,6 +72,7 @@ class RuleCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -194,6 +197,8 @@ class RuleItem: @staticmethod def on_get(req, resp, id_): + """Handles GET requests""" + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_RULE_ID') @@ -245,6 +250,8 @@ class RuleItem: @staticmethod @user_logger def on_delete(req, resp, id_): + """Handles DELETE requests""" + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_RULE_ID') @@ -274,6 +281,7 @@ class RuleItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: