seg_yinzy
/
myems
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added access control to rule in api and admin

pull/95/MERGE
13621160019@163.com 2021-12-10 17:58:42 +08:00
parent 806554923f
commit d3519bf39c
5 changed files with 101 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
admin/app/controllers/fdd/rule/rule.controller.js
View File

@ -1,6 +1,14 @@
'use strict'; 'use strict';
app.controller('RuleController', function($scope, $uibModal, $translate, RuleService, toaster, SweetAlert) { app.controller('RuleController', function(
$scope,
$window,
$uibModal,
$translate,
RuleService,
toaster,
SweetAlert) {
$scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user"));
$scope.initExpression = [{ $scope.initExpression = [{
"sample_object_id": 1, "sample_object_id": 1,
@ -13,7 +21,8 @@ app.controller('RuleController', function($scope, $uibModal, $translate, RuleSer
$scope.initMessageTemplate = 'This a sample template. Use %s for substitution. You can use multiple %s s in the template.'; $scope.initMessageTemplate = 'This a sample template. Use %s for substitution. You can use multiple %s s in the template.';
$scope.getAllRules = function() { $scope.getAllRules = function() {
RuleService.getAllRules(function (response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
RuleService.getAllRules(headers, function (response) {
if (angular.isDefined(response.status) && response.status === 200) { if (angular.isDefined(response.status) && response.status === 200) {
$scope.rules = response.data; $scope.rules = response.data;
} else { } else {
@ -40,7 +49,8 @@ app.controller('RuleController', function($scope, $uibModal, $translate, RuleSer
} }
}); });
modalInstance.result.then(function(rule) { modalInstance.result.then(function(rule) {
RuleService.addRule(rule, function (response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
RuleService.addRule(rule, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 201) { if (angular.isDefined(response.status) && response.status === 201) {
toaster.pop({ toaster.pop({
type: "success", type: "success",
@ -79,7 +89,8 @@ app.controller('RuleController', function($scope, $uibModal, $translate, RuleSer
}); });
modalInstance.result.then(function(modifiedRule) { modalInstance.result.then(function(modifiedRule) {
RuleService.editRule(modifiedRule, function (response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
RuleService.editRule(modifiedRule, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 200) { if (angular.isDefined(response.status) && response.status === 200) {
toaster.pop({ toaster.pop({
type: "success", type: "success",
@ -117,7 +128,8 @@ app.controller('RuleController', function($scope, $uibModal, $translate, RuleSer
}, },
function(isConfirm) { function(isConfirm) {
if (isConfirm) { if (isConfirm) {
RuleService.deleteRule(rule, function (response) { let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
RuleService.deleteRule(rule, headers, function (response) {
if (angular.isDefined(response.status) && response.status === 204) { if (angular.isDefined(response.status) && response.status === 204) {
toaster.pop({ toaster.pop({
type: "success", type: "success",

24
admin/app/services/fdd/rule.service.js
View File

@ -1,48 +1,48 @@
'use strict'; 'use strict';
app.factory('RuleService', function($http) { app.factory('RuleService', function($http) {
return { return {
getAllRules:function(callback){ getAllRules:function(headers, callback){
$http.get(getAPI()+'rules') $http.get(getAPI()+'rules', {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
callback(response); callback(response);
}); });
}, },
searchRules: function(query, callback) { searchRules: function(query, headers, callback) {
$http.get(getAPI()+'rules', { params: { q: query } }) $http.get(getAPI()+'rules', { params: { q: query } }, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
callback(response); callback(response);
}); });
}, },
addRule: function(rule, callback) { addRule: function(rule, headers, callback) {
$http.post(getAPI()+'rules',{data:rule}) $http.post(getAPI()+'rules', {data:rule}, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
callback(response); callback(response);
}); });
}, },
editRule: function(rule, callback) { editRule: function(rule, headers, callback) {
$http.put(getAPI()+'rules/'+rule.id,{data:rule}) $http.put(getAPI()+'rules/'+rule.id,{data:rule}, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
callback(response); callback(response);
}); });
}, },
deleteRule: function(rule, callback) { deleteRule: function(rule, headers, callback) {
$http.delete(getAPI()+'rules/'+rule.id) $http.delete(getAPI()+'rules/'+rule.id, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {
callback(response); callback(response);
}); });
}, },
getRule: function(id, callback) { getRule: function(id, headers, callback) {
$http.get(getAPI()+'rules/'+id) $http.get(getAPI()+'rules/'+id, {headers})
.then(function (response) { .then(function (response) {
callback(response); callback(response);
}, function (response) { }, function (response) {

69
myems-api/MyEMS.postman_collection.json
View File

@ -5100,7 +5100,18 @@
"name": "GET All Rules", "name": "GET All Rules",
"request": { "request": {
"method": "GET", "method": "GET",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text"
},
{
"key": "Token",
"value": "2ac29271a9c58218ba88928dd13bccb3662f2b320152cc5ef52f76f2c2450f48c12bad4fbd4c7b03bd35686c70909894e5e3637b67198108f3e403d4a6ca8f55",
"type": "text"
}
],
"url": { "url": {
"raw": "{{base_url}}/rules", "raw": "{{base_url}}/rules",
"host": [ "host": [
@ -5117,7 +5128,18 @@
"name": "GET a Rule by ID ", "name": "GET a Rule by ID ",
"request": { "request": {
"method": "GET", "method": "GET",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text"
},
{
"key": "Token",
"value": "2ac29271a9c58218ba88928dd13bccb3662f2b320152cc5ef52f76f2c2450f48c12bad4fbd4c7b03bd35686c70909894e5e3637b67198108f3e403d4a6ca8f55",
"type": "text"
}
],
"url": { "url": {
"raw": "{{base_url}}/rules/1", "raw": "{{base_url}}/rules/1",
"host": [ "host": [
@ -5135,7 +5157,18 @@
"name": "POST Create New Rule", "name": "POST Create New Rule",
"request": { "request": {
"method": "POST", "method": "POST",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text"
},
{
"key": "Token",
"value": "2ac29271a9c58218ba88928dd13bccb3662f2b320152cc5ef52f76f2c2450f48c12bad4fbd4c7b03bd35686c70909894e5e3637b67198108f3e403d4a6ca8f55",
"type": "text"
}
],
"body": { "body": {
"mode": "raw", "mode": "raw",
"raw": "{\"data\":{\"name\":\"Space Energy Consumption Over Limit\", \"fdd_code\":\"SPACE01\", \"category\":\"SPACE\", \"priority\":\"HIGH\", \"channel\":\"WEB\", \"expression\":\"{\\\"space_id\\\":1, \\\"high_limit\\\":1000.000}\", \"message_template\":\"%s截止到目前电耗%s超标%s。\", \"is_enabled\":true}}" "raw": "{\"data\":{\"name\":\"Space Energy Consumption Over Limit\", \"fdd_code\":\"SPACE01\", \"category\":\"SPACE\", \"priority\":\"HIGH\", \"channel\":\"WEB\", \"expression\":\"{\\\"space_id\\\":1, \\\"high_limit\\\":1000.000}\", \"message_template\":\"%s截止到目前电耗%s超标%s。\", \"is_enabled\":true}}"
@ -5156,19 +5189,30 @@
"name": "PUT Update a Rule", "name": "PUT Update a Rule",
"request": { "request": {
"method": "PUT", "method": "PUT",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text"
},
{
"key": "Token",
"value": "2ac29271a9c58218ba88928dd13bccb3662f2b320152cc5ef52f76f2c2450f48c12bad4fbd4c7b03bd35686c70909894e5e3637b67198108f3e403d4a6ca8f55",
"type": "text"
}
],
"body": { "body": {
"mode": "raw", "mode": "raw",
"raw": "{\"data\":{\"name\":\"Space Energy Consumption Over Limit\", \"fdd_code\":\"SPACE01\", \"category\":\"SPACE\", \"priority\":\"HIGH\", \"channel\":\"WEB\", \"expression\":\"{\\\"space_id\\\":1, \\\"high_limit\\\":1000.000}\", \"message_template\":\"%s截止到目前电耗%s超标%s。\", \"is_enabled\":true}}" "raw": "{\"data\":{\"name\":\"Space Energy Consumption Over Limit\", \"fdd_code\":\"SPACE01\", \"category\":\"SPACE\", \"priority\":\"HIGH\", \"channel\":\"WEB\", \"expression\":\"{\\\"space_id\\\":1, \\\"high_limit\\\":1000.000}\", \"message_template\":\"%s截止到目前电耗%s超标%s。\", \"is_enabled\":true}}"
}, },
"url": { "url": {
"raw": "{{base_url}}/rules/1", "raw": "{{base_url}}/rules/2",
"host": [ "host": [
"{{base_url}}" "{{base_url}}"
], ],
"path": [ "path": [
"rules", "rules",
"1" "2"
] ]
} }
}, },
@ -5178,7 +5222,18 @@
"name": "DELETE a Rule by ID", "name": "DELETE a Rule by ID",
"request": { "request": {
"method": "DELETE", "method": "DELETE",
"header": [], "header": [
{
"key": "User-UUID",
"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
"type": "text"
},
{
"key": "Token",
"value": "2ac29271a9c58218ba88928dd13bccb3662f2b320152cc5ef52f76f2c2450f48c12bad4fbd4c7b03bd35686c70909894e5e3637b67198108f3e403d4a6ca8f55",
"type": "text"
}
],
"url": { "url": {
"raw": "{{base_url}}/rules/2", "raw": "{{base_url}}/rules/2",
"host": [ "host": [

4
myems-api/README.md
View File

@ -1283,11 +1283,11 @@ Result in JSON
| next_run_datetime | float | null, or the next run datetime string in local timezone | | next_run_datetime | float | null, or the next run datetime string in local timezone |
```bash ```bash
curl -i -X GET {{base_url}}/rules/{id} curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/rules/{id}
``` ```
* GET All Rules * GET All Rules
```bash ```bash
curl -i -X GET {{base_url}}/rules curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/rules
``` ```
* DELETE a Rule by ID * DELETE a Rule by ID
```bash ```bash

8
myems-api/core/rule.py
View File

@ -19,6 +19,8 @@ class RuleCollection:
@staticmethod @staticmethod
def on_get(req, resp): def on_get(req, resp):
"""Handles GET requests"""
access_control(req)
cnx = mysql.connector.connect(**config.myems_fdd_db) cnx = mysql.connector.connect(**config.myems_fdd_db)
cursor = cnx.cursor(dictionary=True) cursor = cnx.cursor(dictionary=True)
@ -70,6 +72,7 @@ class RuleCollection:
@user_logger @user_logger
def on_post(req, resp): def on_post(req, resp):
"""Handles POST requests""" """Handles POST requests"""
access_control(req)
try: try:
raw_json = req.stream.read().decode('utf-8') raw_json = req.stream.read().decode('utf-8')
except Exception as ex: except Exception as ex:
@ -194,6 +197,8 @@ class RuleItem:
@staticmethod @staticmethod
def on_get(req, resp, id_): def on_get(req, resp, id_):
"""Handles GET requests"""
access_control(req)
if not id_.isdigit() or int(id_) <= 0: if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_RULE_ID') description='API.INVALID_RULE_ID')
@ -245,6 +250,8 @@ class RuleItem:
@staticmethod @staticmethod
@user_logger @user_logger
def on_delete(req, resp, id_): def on_delete(req, resp, id_):
"""Handles DELETE requests"""
access_control(req)
if not id_.isdigit() or int(id_) <= 0: if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_RULE_ID') description='API.INVALID_RULE_ID')
@ -274,6 +281,7 @@ class RuleItem:
@user_logger @user_logger
def on_put(req, resp, id_): def on_put(req, resp, id_):
"""Handles PUT requests""" """Handles PUT requests"""
access_control(req)
try: try:
raw_json = req.stream.read().decode('utf-8') raw_json = req.stream.read().decode('utf-8')
except Exception as ex: except Exception as ex: