Merge branch 'develop'

admin/app/controllers/settings/contact/contact.controller.js

@@ -1,8 +1,15 @@
 'use strict';
 
-app.controller('ContactController', function($scope, $translate,$uibModal, ContactService,toaster,SweetAlert) {
-
+app.controller('ContactController', function(
+    $scope,
+    $window,
+    $translate,
+    $uibModal,
+    ContactService,
+    toaster,
+    SweetAlert) {
 
+	$scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user"));
 	$scope.getAllContacts = function() {
 		ContactService.getAllContacts(function (response) {
 			if (angular.isDefined(response.status) && response.status === 200) {
@@ -28,7 +35,8 @@ app.controller('ContactController', function($scope, $translate,$uibModal, Conta
 		    }
 		});
 		modalInstance.result.then(function(contact) {
-			ContactService.addContact(contact, function(response) {
+			let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
+			ContactService.addContact(contact, headers, function(response) {
 				if (angular.isDefined(response.status) && response.status === 201) {
 					toaster.pop({
 						type: "success",
@@ -67,7 +75,8 @@ app.controller('ContactController', function($scope, $translate,$uibModal, Conta
 		});
 
 		modalInstance.result.then(function (modifiedContact) {
-	        ContactService.editContact(modifiedContact, function (response) {
+			let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
+	        ContactService.editContact(modifiedContact, headers, function (response) {
 	            if(angular.isDefined(response.status) && response.status === 200){
 					toaster.pop({
 						type: "success",
@@ -103,7 +112,8 @@ app.controller('ContactController', function($scope, $translate,$uibModal, Conta
 		        closeOnCancel: true },
 		    function (isConfirm) {
 		        if (isConfirm) {
-		            ContactService.deleteContact(contact, function (response) {
+					let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token };
+		            ContactService.deleteContact(contact, headers, function (response) {
 		            	if (angular.isDefined(response.status) && response.status === 204) {
                             toaster.pop({
                                 type: "success",

admin/app/services/settings/contact/contact.service.js

@@ -17,24 +17,24 @@ app.factory('ContactService', function($http) {
                 callback(response);
             });
         },
-        addContact: function(contact, callback) {
-            $http.post(getAPI()+'contacts',{data:contact})
+        addContact: function(contact, headers, callback) {
+            $http.post(getAPI()+'contacts',{data:contact}, {headers})
             .then(function (response) {
                 callback(response);
             }, function (response) {
                 callback(response);
             });
         },
-        editContact: function(contact, callback) {
-            $http.put(getAPI()+'contacts/'+contact.id,{data:contact})
+        editContact: function(contact, headers, callback) {
+            $http.put(getAPI()+'contacts/'+contact.id,{data:contact}, {headers})
             .then(function (response) {
                 callback(response);
             }, function (response) {
                 callback(response);
             });
         },
-        deleteContact: function(contact, callback) {
-            $http.delete(getAPI()+'contacts/'+contact.id)
+        deleteContact: function(contact, headers, callback) {
+            $http.delete(getAPI()+'contacts/'+contact.id, {headers})
             .then(function (response) {
                 callback(response);
             }, function (response) {

myems-api/MyEMS.postman_collection.json

@@ -1,6 +1,6 @@
 {
 	"info": {
-		"_postman_id": "1a6c20d8-4d7a-49a1-a5e9-3d4261ba0505",
+		"_postman_id": "98580f5c-106c-4b86-8262-ec3c918608e1",
 		"name": "MyEMS",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
 	},
@@ -625,7 +625,14 @@
 								"method": "GET",
 								"header": [],
 								"url": {
-									"raw": ""
+									"raw": "{{base_url}}/contacts/1",
+									"host": [
+										"{{base_url}}"
+									],
+									"path": [
+										"contacts",
+										"1"
+									]
 								}
 							},
 							"response": []
@@ -634,7 +641,20 @@
 							"name": "POST Create New Contact",
 							"request": {
 								"method": "POST",
-								"header": [],
+								"header": [
+									{
+										"key": "User-UUID",
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"description": "Any admin users' UUID",
+										"type": "text"
+									},
+									{
+										"key": "Token",
+										"value": "835aa13a4bc4af4ca2f47cac03d186bc49c13a30a025e9d983cc52238027f2eb7bd323784ee53a3833109ce1234acf9c8cb6754ba602b84049bb9244e3df6aeb",
+										"description": "Login to get a valid token",
+										"type": "text"
+									}
+								],
 								"body": {
 									"mode": "raw",
 									"raw": "{\"data\":{\"name\":\"albert\", \"email\":\"albert@myems.io\", \"phone\":\"+8613888888888\", \"description\":\"contact description\"}}"
@@ -655,19 +675,32 @@
 							"name": "PUT Update a Contact",
 							"request": {
 								"method": "PUT",
-								"header": [],
+								"header": [
+									{
+										"key": "User-UUID",
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"description": "Any admin users' UUID",
+										"type": "text"
+									},
+									{
+										"key": "Token",
+										"value": "835aa13a4bc4af4ca2f47cac03d186bc49c13a30a025e9d983cc52238027f2eb7bd323784ee53a3833109ce1234acf9c8cb6754ba602b84049bb9244e3df6aeb",
+										"description": "Login to get a valid token",
+										"type": "text"
+									}
+								],
 								"body": {
 									"mode": "raw",
 									"raw": "{\"data\":{\"name\":\"albert\", \"email\":\"albert@myems.io\", \"phone\":\"+8613888888899\", \"description\":\"contact description\"}}"
 								},
 								"url": {
-									"raw": "{{base_url}}/contacts/2",
+									"raw": "{{base_url}}/contacts/3",
 									"host": [
 										"{{base_url}}"
 									],
 									"path": [
 										"contacts",
-										"2"
+										"3"
 									]
 								}
 							},
@@ -677,15 +710,28 @@
 							"name": "DELETE a Contact by ID",
 							"request": {
 								"method": "DELETE",
-								"header": [],
+								"header": [
+									{
+										"key": "User-UUID",
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"description": "Any admin users' UUID",
+										"type": "text"
+									},
+									{
+										"key": "Token",
+										"value": "835aa13a4bc4af4ca2f47cac03d186bc49c13a30a025e9d983cc52238027f2eb7bd323784ee53a3833109ce1234acf9c8cb6754ba602b84049bb9244e3df6aeb",
+										"description": "Login to get a valid token",
+										"type": "text"
+									}
+								],
 								"url": {
-									"raw": "{{base_url}}/contacts/2",
+									"raw": "{{base_url}}/contacts/3",
 									"host": [
 										"{{base_url}}"
 									],
 									"path": [
 										"contacts",
-										"2"
+										"3"
 									]
 								}
 							},

myems-api/README.md

@@ -269,15 +269,15 @@ curl -i -X GET {{base_url}}/contacts
 ```
 *   DELETE Contact by ID
 ```bash
-curl -i -X DELETE {{base_url}}/contacts/{id}
+curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X DELETE {{base_url}}/contacts/{id}
 ```
 *   POST Create a New Contact
 ```bash
-curl -i -H "Content-Type: application/json" -X POST -d '{"data":{"name":"albert", "email":"albert@myems.io", "phone":"+8613888888888", "description":"contact description"}}' {{base_url}}/contacts
+curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X POST -d '{"data":{"name":"albert", "email":"albert@myems.io", "phone":"+8613888888888", "description":"contact description"}}' {{base_url}}/contacts
 ```
 *   PUT Update a Contact
 ```bash
-curl -i -H "Content-Type: application/json" -X PUT -d '{"data":{"name":"albert", "email":"albert@myems.io", "phone":"+8613888888899", "description":"contact description"}}' {{base_url}}/contacts/{id}
+curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X PUT -d '{"data":{"name":"albert", "email":"albert@myems.io", "phone":"+8613888888899", "description":"contact description"}}' {{base_url}}/contacts/{id}
 ```
 
 ### Cost Center
@@ -2402,9 +2402,9 @@ curl -i -X GET {{base_url}}/reports/virtualmetercost?virtualmeterid=1&periodtype
 ## References
 
 [1]. http://myems.io
-  
+
 [2]. https://falconframework.org/
-  
+
 [3]. https://github.com/lwcolton/falcon-cors
 
 [4]. https://github.com/yohanboniface/falcon-multipart

myems-api/core/contact.py

@@ -4,7 +4,7 @@ import mysql.connector
 import config
 import uuid
 import re
-from core.useractivity import user_logger
+from core.useractivity import user_logger, access_control
 
 
 class ContactCollection:
@@ -48,6 +48,7 @@ class ContactCollection:
     @user_logger
     def on_post(req, resp):
         """Handles POST requests"""
+        access_control(req)
         try:
             raw_json = req.stream.read().decode('utf-8')
         except Exception as ex:
@@ -160,6 +161,7 @@ class ContactItem:
     @staticmethod
     @user_logger
     def on_delete(req, resp, id_):
+        access_control(req)
         if not id_.isdigit() or int(id_) <= 0:
             raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST',
                                    description='API.INVALID_CONTACT_ID')
@@ -236,6 +238,7 @@ class ContactItem:
     @user_logger
     def on_put(req, resp, id_):
         """Handles PUT requests"""
+        access_control(req)
         try:
             raw_json = req.stream.read().decode('utf-8')
         except Exception as ex: