diff --git a/admin/app/controllers/settings/meter/offlinemeterfile.controller.js b/admin/app/controllers/settings/meter/offlinemeterfile.controller.js index 59d2ad20..ad2a4b70 100644 --- a/admin/app/controllers/settings/meter/offlinemeterfile.controller.js +++ b/admin/app/controllers/settings/meter/offlinemeterfile.controller.js @@ -12,7 +12,8 @@ app.controller('OfflineMeterFileController', function( $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllOfflineMeterFiles = function() { - OfflineMeterFileService.getAllOfflineMeterFiles(function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + OfflineMeterFileService.getAllOfflineMeterFiles(headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { $scope.offlinemeterfiles = response.data; } else { @@ -54,7 +55,8 @@ app.controller('OfflineMeterFileController', function( }; $scope.restoreOfflineMeterFile = function (offlinemeterfile) { - OfflineMeterFileService.restoreOfflineMeterFile(offlinemeterfile, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + OfflineMeterFileService.restoreOfflineMeterFile(offlinemeterfile, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -88,7 +90,8 @@ app.controller('OfflineMeterFileController', function( }, function(isConfirm) { if (isConfirm) { - OfflineMeterFileService.deleteOfflineMeterFile(offlinemeterfile, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + OfflineMeterFileService.deleteOfflineMeterFile(offlinemeterfile, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/settings/costcenter/costfile.service.js b/admin/app/services/settings/costcenter/costfile.service.js index aab82f44..d73ae4c3 100644 --- a/admin/app/services/settings/costcenter/costfile.service.js +++ b/admin/app/services/settings/costcenter/costfile.service.js @@ -9,7 +9,6 @@ app.factory('CostFileService', function($http) { callback(response); }); }, - addCostFile: function(costfile, headers, callback) { $http.post(getAPI()+'costfiles', {data:costfile}, {headers}) .then(function (response) { diff --git a/admin/app/services/settings/knowledgefile/knowledgefile.service.js b/admin/app/services/settings/knowledgefile/knowledgefile.service.js index 617c0be7..1cba2d3a 100644 --- a/admin/app/services/settings/knowledgefile/knowledgefile.service.js +++ b/admin/app/services/settings/knowledgefile/knowledgefile.service.js @@ -9,7 +9,7 @@ app.factory('KnowledgeFileService', function ($http) { callback(response); }); }, - + addKnowledgeFile: function (knowledgefile, headers, callback) { $http.post(getAPI() + 'knowledgefiles', {data: knowledgefile}, {headers}) .then(function (response) { diff --git a/admin/app/services/settings/meter/offlinemeterfile.service.js b/admin/app/services/settings/meter/offlinemeterfile.service.js index fa1ef937..009da89f 100644 --- a/admin/app/services/settings/meter/offlinemeterfile.service.js +++ b/admin/app/services/settings/meter/offlinemeterfile.service.js @@ -1,56 +1,48 @@ 'use strict'; app.factory('OfflineMeterFileService', function($http) { return { - getAllOfflineMeterFiles:function(callback){ - $http.get(getAPI()+'offlinemeterfiles') + getAllOfflineMeterFiles:function(headers, callback){ + $http.get(getAPI()+'offlinemeterfiles', {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - searchOfflineMeterFiles: function(query, callback) { - $http.get(getAPI()+'offlinemeterfiles', { params: { q: query } }) + searchOfflineMeterFiles: function(query, headers, callback) { + $http.get(getAPI()+'offlinemeterfiles', { params: { q: query } }, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - addOfflineMeterFile: function(offlinemeterfile, callback) { - $http.post(getAPI()+'offlinemeterfiles',{data:offlinemeterfile}) + addOfflineMeterFile: function(offlinemeterfile, headers, callback) { + $http.post(getAPI()+'offlinemeterfiles', {data:offlinemeterfile}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editOfflineMeterFile: function(offlinemeterfile, callback) { - $http.put(getAPI()+'offlinemeterfiles/'+offlinemeterfile.id,{data:offlinemeterfile}) - .then(function (response) { - callback(response); - }, function (response) { - callback(response); - }); - }, - restoreOfflineMeterFile: function (offlinemeterfile, callback) { - $http.get(getAPI() + 'offlinemeterfiles/' + offlinemeterfile.id + '/restore') + restoreOfflineMeterFile: function (offlinemeterfile, headers, callback) { + $http.get(getAPI() + 'offlinemeterfiles/' + offlinemeterfile.id + '/restore', {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteOfflineMeterFile: function(offlinemeterfile, callback) { - $http.delete(getAPI()+'offlinemeterfiles/'+offlinemeterfile.id) + deleteOfflineMeterFile: function(offlinemeterfile, headers, callback) { + $http.delete(getAPI()+'offlinemeterfiles/' + offlinemeterfile.id, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - getOfflineMeterFile: function(id, callback) { - $http.get(getAPI()+'offlinemeterfiles/'+id) + getOfflineMeterFile: function(id, headers, callback) { + $http.get(getAPI()+'offlinemeterfiles/' + id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/admin/views/settings/knowledgefile/knowledgefile.html b/admin/views/settings/knowledgefile/knowledgefile.html index 01c1fbdc..d2aae1e9 100644 --- a/admin/views/settings/knowledgefile/knowledgefile.html +++ b/admin/views/settings/knowledgefile/knowledgefile.html @@ -5,8 +5,7 @@
-
+
diff --git a/admin/views/settings/meter/meter.html b/admin/views/settings/meter/meter.html index 6c8de40d..c0b5ebcd 100644 --- a/admin/views/settings/meter/meter.html +++ b/admin/views/settings/meter/meter.html @@ -290,8 +290,7 @@
-
+
diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index 29f522f1..1b76dd97 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -2880,12 +2880,14 @@ { "key": "User_UUID", "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", - "type": "text" + "type": "text", + "description": "Any admin users' UUID" }, { "key": "Token", "value": "d2506282920bd7f1fb5db68605324bd7b8c6c305d84dcd43d43edfba6908136c4e468eca553c72f0211b2ad44fedb71c2f5c901816e5de828fa21cfb88a2552e", - "type": "text" + "type": "text", + "description": "Login to get a valid token" } ], "body": { @@ -3518,7 +3520,20 @@ "name": "GET All Offline Meter Files", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "d2506282920bd7f1fb5db68605324bd7b8c6c305d84dcd43d43edfba6908136c4e468eca553c72f0211b2ad44fedb71c2f5c901816e5de828fa21cfb88a2552e", + "description": "Login to get a valid token", + "type": "text" + } + ], "url": { "raw": "{{base_url}}/offlinemeterfiles", "host": [ @@ -3535,7 +3550,20 @@ "name": "GET a Offline Meter File by ID", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "d2506282920bd7f1fb5db68605324bd7b8c6c305d84dcd43d43edfba6908136c4e468eca553c72f0211b2ad44fedb71c2f5c901816e5de828fa21cfb88a2552e", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/offlinemeterfiles/1", "host": [ @@ -3591,7 +3619,20 @@ "name": "DELETE a Offline Meter File by ID", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "d2506282920bd7f1fb5db68605324bd7b8c6c305d84dcd43d43edfba6908136c4e468eca553c72f0211b2ad44fedb71c2f5c901816e5de828fa21cfb88a2552e", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/offlinemeterfiles/1", "host": [ @@ -3609,7 +3650,20 @@ "name": "Rstore an Offline Meter File by ID", "request": { "method": "GET", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "d2506282920bd7f1fb5db68605324bd7b8c6c305d84dcd43d43edfba6908136c4e468eca553c72f0211b2ad44fedb71c2f5c901816e5de828fa21cfb88a2552e", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { "raw": "{{base_url}}/offlinemeterfiles/1/restore", "host": [ diff --git a/myems-api/core/offlinemeterfile.py b/myems-api/core/offlinemeterfile.py index d6456829..bd4b7ebe 100644 --- a/myems-api/core/offlinemeterfile.py +++ b/myems-api/core/offlinemeterfile.py @@ -5,7 +5,7 @@ import config import uuid from datetime import datetime, timezone, timedelta import os -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class OfflineMeterFileCollection: @@ -20,6 +20,7 @@ class OfflineMeterFileCollection: @staticmethod def on_get(req, resp): + access_control(req) cnx = mysql.connector.connect(**config.myems_historical_db) cursor = cnx.cursor() @@ -52,6 +53,7 @@ class OfflineMeterFileCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: upload = req.get_param('file') # Read upload file as binary @@ -159,6 +161,7 @@ class OfflineMeterFileItem: @staticmethod def on_get(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', @@ -194,6 +197,7 @@ class OfflineMeterFileItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_OFFLINE_METER_FILE_ID') @@ -244,6 +248,7 @@ class OfflineMeterFileRestore: @staticmethod def on_get(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_OFFLINE_METER_FILE_ID')