diff --git a/admin/app/controllers/users/privilege/privilege.controller.js b/admin/app/controllers/users/privilege/privilege.controller.js index 80b2c094..cd2df729 100644 --- a/admin/app/controllers/users/privilege/privilege.controller.js +++ b/admin/app/controllers/users/privilege/privilege.controller.js @@ -1,11 +1,14 @@ 'use strict'; -app.controller('PrivilegeController', function ($scope, +app.controller('PrivilegeController', function ( + $scope, + $window, $uibModal, PrivilegeService, toaster, $translate, SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllPrivileges = function () { PrivilegeService.getAllPrivileges(function (response) { if (angular.isDefined(response.status) && response.status === 200) { @@ -31,7 +34,8 @@ app.controller('PrivilegeController', function ($scope, } }); modalInstance.result.then(function (privilege) { - PrivilegeService.addPrivilege(privilege, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + PrivilegeService.addPrivilege(privilege, headers, function (response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -70,7 +74,8 @@ app.controller('PrivilegeController', function ($scope, }); modalInstance.result.then(function (modifiedPrivilege) { - PrivilegeService.editPrivilege(modifiedPrivilege, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + PrivilegeService.editPrivilege(modifiedPrivilege, headers, function (response) { if (angular.isDefined(response.status) && response.status === 200) { toaster.pop({ type: "success", @@ -107,7 +112,8 @@ app.controller('PrivilegeController', function ($scope, }, function (isConfirm) { if (isConfirm) { - PrivilegeService.deletePrivilege(privilege, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + PrivilegeService.deletePrivilege(privilege, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/users/privilege/privilege.service.js b/admin/app/services/users/privilege/privilege.service.js index 04402b9a..53ac75d5 100644 --- a/admin/app/services/users/privilege/privilege.service.js +++ b/admin/app/services/users/privilege/privilege.service.js @@ -9,24 +9,24 @@ app.factory('PrivilegeService', function($http) { callback(response); }); }, - addPrivilege: function(privilege, callback) { - $http.post(getAPI()+'privileges',{data:privilege}) + addPrivilege: function(privilege, headers, callback) { + $http.post(getAPI()+'privileges', {data:privilege}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editPrivilege: function(privilege, callback) { - $http.put(getAPI()+'privileges/'+privilege.id,{data:privilege}) + editPrivilege: function(privilege, headers, callback) { + $http.put(getAPI()+'privileges/'+privilege.id, {data:privilege}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deletePrivilege: function(privilege, callback) { - $http.delete(getAPI()+'privileges/'+privilege.id) + deletePrivilege: function(privilege, headers, callback) { + $http.delete(getAPI()+'privileges/'+privilege.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index e97d0f14..2b93ff88 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -4345,19 +4345,32 @@ "name": "PUT Update Privilege Data", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "46a767c678fc3d1bcacda116c639ebac77dd1a8407956a0f244a7900dc9c9bf88bb0c8be668d4962bb98f0108ebfeda603a4a6cd0c2031c6a9e864d8052e279e", + "type": "text", + "description": "Login to get a valid token" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"privilege 1\", \"data\":\"{\\\"spaces\\\":[1, 3]}\"}}" }, "url": { - "raw": "{{base_url}}/privileges/2", + "raw": "{{base_url}}/privileges/1", "host": [ "{{base_url}}" ], "path": [ "privileges", - "2" + "1" ] } }, @@ -4367,25 +4380,51 @@ "name": "DELETE Privilege", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "46a767c678fc3d1bcacda116c639ebac77dd1a8407956a0f244a7900dc9c9bf88bb0c8be668d4962bb98f0108ebfeda603a4a6cd0c2031c6a9e864d8052e279e", + "type": "text", + "description": "Login to get a valid token" + } + ], "url": { - "raw": "{{base_url}}/privileges/2", + "raw": "{{base_url}}/privileges/1", "host": [ "{{base_url}}" ], "path": [ "privileges", - "2" + "1" ] } }, "response": [] }, { - "name": "Create Privilege", + "name": "POST Create Privilege", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4", + "type": "text", + "description": "Any admin users' UUID" + }, + { + "key": "Token", + "value": "46a767c678fc3d1bcacda116c639ebac77dd1a8407956a0f244a7900dc9c9bf88bb0c8be668d4962bb98f0108ebfeda603a4a6cd0c2031c6a9e864d8052e279e", + "type": "text", + "description": "Login to get a valid token" + } + ], "body": { "mode": "raw", "raw": "{\"data\": {\"name\": \"privilege 1\", \"data\":\"{\\\"spaces\\\":[1, 3]}\"}}" diff --git a/myems-api/README.md b/myems-api/README.md index 262bdef5..915199ae 100644 --- a/myems-api/README.md +++ b/myems-api/README.md @@ -1229,15 +1229,15 @@ curl -i -X GET {{base_url}}/points ``` * DELETE Point by ID ```bash -curl -i -X DELETE {{base_url}}/points/{id} +curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X DELETE {{base_url}}/points/{id} ``` -* POST Point +* POST Create Point ```bash -curl -i -H "Content-Type: application/json" -X POST -d '{"data":{"name":"ModbusPoint1", "data_source_id":1, "object_type": "ENERGY_VALUE", "units":"kWh", "low_limit":0, "high_limit":999999999, "is_trend":true, "is_virtual":false, "address":"{\"slave_id\":1, \"function_code\":3, \"offset\":1, \"number_of_registers\":2, \"data_format\":\"float\"}", "description":null}}' {{base_url}}/points +curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -H "Content-Type: application/json" -X POST -d '{"data":{"name":"ModbusPoint1", "data_source_id":1, "object_type": "ENERGY_VALUE", "units":"kWh", "low_limit":0, "high_limit":999999999, "is_trend":true, "is_virtual":false, "address":"{\"slave_id\":1, \"function_code\":3, \"offset\":1, \"number_of_registers\":2, \"data_format\":\"float\"}", "description":null}}' {{base_url}}/points ``` -* PUT Point +* PUT Update Point ```bash -curl -i -H "Content-Type: application/json" -X PUT -d '{"data":{"name":"ModbusPoint1", "data_source_id":1, "object_type": "ENERGY_VALUE", "units":"kWh", "low_limit":0, "high_limit":999999999, "is_trend":true, "is_virtual":false, "address":"{\"slave_id\":1, \"function_code\":3, \"offset\":1, \"number_of_registers\":2, \"data_format\":\"float\"}", "description":null}}' {{base_url}}/points/{id} +curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -H "Content-Type: application/json" -X PUT -d '{"data":{"name":"ModbusPoint1", "data_source_id":1, "object_type": "ENERGY_VALUE", "units":"kWh", "low_limit":0, "high_limit":999999999, "is_trend":true, "is_virtual":false, "address":"{\"slave_id\":1, \"function_code\":3, \"offset\":1, \"number_of_registers\":2, \"data_format\":\"float\"}", "description":null}}' {{base_url}}/points/{id} ``` ### Privilege @@ -1251,15 +1251,15 @@ curl -i -X GET {{base_url}}/privileges ``` * DELETE Privilege by ID ```bash -curl -i -X DELETE {{base_url}}/privileges/{id} +curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X DELETE {{base_url}}/privileges/{id} ``` -* POST New Privilege +* POST Create New Privilege ```bash -curl -i -H "Content-Type: application/json" -X POST -d '{"data":{"name":"superusers","data":"{\"spaces\":[1,2,3,5]}"}}' {{base_url}}/privileges +curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X POST -d '{"data":{"name":"superusers","data":"{\"spaces\":[1,2,3,5]}"}}' {{base_url}}/privileges ``` -* PUT Privilege +* PUT Update Privilege ```bash -curl -i -H "Content-Type: application/json" -X PUT -d '{"data":{"name":"superusers", "data":"{\"spaces\":[1, 3]}"}}' {{base_url}}/privileges/{id} +curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X PUT -d '{"data":{"name":"superusers", "data":"{\"spaces\":[1, 3]}"}}' {{base_url}}/privileges/{id} ``` ### Rule diff --git a/myems-api/core/privilege.py b/myems-api/core/privilege.py index f0faa48d..302530e3 100644 --- a/myems-api/core/privilege.py +++ b/myems-api/core/privilege.py @@ -2,7 +2,7 @@ import falcon import simplejson as json import mysql.connector import config -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class PrivilegeCollection: @@ -42,6 +42,7 @@ class PrivilegeCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') new_values = json.loads(raw_json) @@ -101,6 +102,7 @@ class PrivilegeItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_PRIVILEGE_ID') @@ -142,6 +144,7 @@ class PrivilegeItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') new_values = json.loads(raw_json)