From dfec9a8fc0c6221ffa8f1ac1df8cc128b36f2376 Mon Sep 17 00:00:00 2001
From: "13621160019@163.com" <13621160019@163.com>
Date: Mon, 29 Nov 2021 17:46:14 +0800
Subject: [PATCH] added access_control to menu in api and admin

---
 .../settings/menu/menu.controller.js          |  8 ++++-
 myems-api/MyEMS.postman_collection.json       | 16 ++++++----
 myems-api/README.md                           | 32 +++++++++----------
 web/README.md                                 | 10 +++---
 4 files changed, 37 insertions(+), 29 deletions(-)

diff --git a/admin/app/controllers/settings/menu/menu.controller.js b/admin/app/controllers/settings/menu/menu.controller.js
index 31689cdd..03400cfd 100644
--- a/admin/app/controllers/settings/menu/menu.controller.js
+++ b/admin/app/controllers/settings/menu/menu.controller.js
@@ -1,6 +1,12 @@
 'use strict';
 
-app.controller('MenuController', function ($scope, $window, $uibModal, MenuService, toaster, $translate) {
+app.controller('MenuController', function (
+    $scope,
+    $window,
+    $uibModal,
+    MenuService,
+    toaster,
+    $translate) {
 	$scope.menus = [];
 	$scope.currentMenu = {};
 	$scope.currentMenuChildren = [];
diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json
index 51ba6bc6..df8ee26b 100644
--- a/myems-api/MyEMS.postman_collection.json
+++ b/myems-api/MyEMS.postman_collection.json
@@ -1,6 +1,6 @@
 {
 	"info": {
-		"_postman_id": "27f47263-6e8e-4d74-93a9-0ee9b56eccfc",
+		"_postman_id": "1a6c20d8-4d7a-49a1-a5e9-3d4261ba0505",
 		"name": "MyEMS",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
 	},
@@ -3217,13 +3217,15 @@
 								"header": [
 									{
 										"key": "User-UUID",
-										"value": "816be1f0-cf59-4aa4-bf81-a0e90577d416",
-										"type": "text"
+										"value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4",
+										"type": "text",
+										"description": "Any admin users' UUID"
 									},
 									{
 										"key": "Token",
-										"value": "fc037979da169499d2c84d9ff838ae2599f1934b2e43872a8dc9da033f4d5811a0ca711595a576dcd6b340ffc3d8a8824630cf04b4e67331a6a82e8ec2dfd155",
-										"type": "text"
+										"value": "9217343d83a59d87cd7d28949d039cbea8b05c219a40ef1d71fe8db6ceebedf5bb7eadf34792c31bc6dccda27e9d5d932ae6e4da444dddbfe1e1fad14a1f5384",
+										"type": "text",
+										"description": "Login to get a valid token"
 									}
 								],
 								"body": {
@@ -3231,13 +3233,13 @@
 									"raw": "{\"data\":{\"is_hidden\":true}}"
 								},
 								"url": {
-									"raw": "{{base_url}}/menus/1",
+									"raw": "{{base_url}}/menus/100",
 									"host": [
 										"{{base_url}}"
 									],
 									"path": [
 										"menus",
-										"1"
+										"100"
 									]
 								}
 							},
diff --git a/myems-api/README.md b/myems-api/README.md
index b8c163dc..afea25e8 100644
--- a/myems-api/README.md
+++ b/myems-api/README.md
@@ -352,7 +352,7 @@ curl -i -X DELETE {{base_url}}/costfiles/{id}
 *   POST Upload a Cost File
   (call users login API to get 'User-UUID' and 'Token')
 ```bash
-curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: 02f93023a39c98e1d1bc9f5197a83dfc5ddc0d48"  -H "Content-Type: application/TBD" -X POST -d 'file: (binary)' {{base_url}}/costfiles
+curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN"  -H "Content-Type: application/TBD" -X POST -d 'file: (binary)' {{base_url}}/costfiles
 ```
 *   GET Restore a Cost File by ID from database to disk
 ```bash
@@ -982,7 +982,7 @@ curl -i -X DELETE {{base_url}}/knowledgefiles/{id}
 *   POST Upload a Knowledge File
     (call users login API to get 'User-UUID' and 'Token')
 ```bash
-curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: 02f93023a39c98e1d1bc9f5197a83dfc5ddc0d48" -H "Content-Type: application/TBD" -X POST -d 'file: (binary)' {{base_url}}/knowledgefiles
+curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -H "Content-Type: application/TBD" -X POST -d 'file: (binary)' {{base_url}}/knowledgefiles
 ```
 *   GET Restore a Knowledge File by id from database to disk
 ```bash
@@ -1010,7 +1010,7 @@ curl -i -X GET {{base_url}}/menus
 ```
 *   PUT Update a Menu
 ```bash
-curl -i -H "Content-Type: application/json" -X PUT -d '{"data":{"is_hidden": false}}' {{base_url}}/menus/{id}
+curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X PUT -d '{"data":{"is_hidden": false}}' {{base_url}}/menus/{id}
 ```
 *   Get All Menus for Web UI
 ```bash
@@ -1053,11 +1053,11 @@ curl -i -X DELETE {{base_url}}/meters/{id}
 ```
 *   POST Create a Meter
 ```bash
-curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: 073b43c05dadd89b833c0595b81c49cb9c1a54ca52b024b301a001720e52c5bf3b95951d5c54766de1028d20301cbd2bb6ec3fb62f9e14d9658cbf3811fe6c93" -X POST -d '{"data":{"name":"PM20", "energy_category_id":1, "hourly_low_limit":0.000, "hourly_high_limit":999.999, "is_counted":true, "cost_center_id":1, "energy_item_id":1, "master_meter_id":1, "description":"空调用电"}}' {{base_url}}/meters
+curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X POST -d '{"data":{"name":"PM20", "energy_category_id":1, "hourly_low_limit":0.000, "hourly_high_limit":999.999, "is_counted":true, "cost_center_id":1, "energy_item_id":1, "master_meter_id":1, "description":"空调用电"}}' {{base_url}}/meters
 ```
 *   PUT Update a Meter
 ```bash
-curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: 073b43c05dadd89b833c0595b81c49cb9c1a54ca52b024b301a001720e52c5bf3b95951d5c54766de1028d20301cbd2bb6ec3fb62f9e14d9658cbf3811fe6c93" -X PUT -d '{"data":{"name":"PM20", "energy_category_id":1, "hourly_low_limit":0.000, "hourly_high_limit":999.999, "is_counted":true, "cost_center_id":1, "energy_item_id":1, "master_meter_id":1, "description":"空调用电"}}' {{base_url}}/meters/{id}
+curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X PUT -d '{"data":{"name":"PM20", "energy_category_id":1, "hourly_low_limit":0.000, "hourly_high_limit":999.999, "is_counted":true, "cost_center_id":1, "energy_item_id":1, "master_meter_id":1, "description":"空调用电"}}' {{base_url}}/meters/{id}
 ```
 *   GET All Submeters of Meter by ID
 ```bash
@@ -1069,11 +1069,11 @@ curl -i -X GET {{base_url}}/meters/{id}/points
 ```
 *   POST Meter Point Relation
 ```bash
-curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: 073b43c05dadd89b833c0595b81c49cb9c1a54ca52b024b301a001720e52c5bf3b95951d5c54766de1028d20301cbd2bb6ec3fb62f9e14d9658cbf3811fe6c93" -X POST -d '{"data":{"point_id":"3"}}' {{base_url}}/meters/{id}/points
+curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X POST -d '{"data":{"point_id":"3"}}' {{base_url}}/meters/{id}/points
 ```
 *   DELETE Meter Point Relation
 ```bash
-curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: 073b43c05dadd89b833c0595b81c49cb9c1a54ca52b024b301a001720e52c5bf3b95951d5c54766de1028d20301cbd2bb6ec3fb62f9e14d9658cbf3811fe6c93" -X DELETE {{base_url}}/meters/{id}/points/{pid}
+curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X DELETE {{base_url}}/meters/{id}/points/{pid}
 ```
 
 ### Notification
@@ -1097,19 +1097,19 @@ Result
 
 *   GET All Notifications
 ```bash
-curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: 02f93023a39c98e1d1bc9f5197a83dfc5ddc0d48" -X GET {{base_url}}/notifications?startdatetime={startdatetime}&enddatetime={enddatetime}&status={status}
+curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/notifications?startdatetime={startdatetime}&enddatetime={enddatetime}&status={status}
 ```
 *   DELETE Notification by ID
 ```bash
-curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: 02f93023a39c98e1d1bc9f5197a83dfc5ddc0d48" -X DELETE {{base_url}}/notifications/{id}
+curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X DELETE {{base_url}}/notifications/{id}
 ```
 *   PUT Update a Notification
 ```bash
-curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: 02f93023a39c98e1d1bc9f5197a83dfc5ddc0d48" -H "Content-Type: application/json" -X PUT -d '{"data":{"status":"read"}}' {{base_url}}/notifications/{id}
+curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -H "Content-Type: application/json" -X PUT -d '{"data":{"status":"read"}}' {{base_url}}/notifications/{id}
 ```
 *   DELETE Notification
 ```bash
-curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: 02f93023a39c98e1d1bc9f5197a83dfc5ddc0d48" -X DELETE {{base_url}}/notifications/{id}
+curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X DELETE {{base_url}}/notifications/{id}
 ```
 
 ### Offline Meter
@@ -1178,7 +1178,7 @@ curl -i -X DELETE {{base_url}}/offlinemeterfiles/{id}
 *   POST Upload an Offline Meter File
     (call users login API to get 'User-UUID' and 'Token')
 ```bash
-curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: 02f93023a39c98e1d1bc9f5197a83dfc5ddc0d48"  -H "Content-Type: application/TBD" -X POST -d 'file: (binary)' {{base_url}}/offlinemeterfiles
+curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN"  -H "Content-Type: application/TBD" -X POST -d 'file: (binary)' {{base_url}}/offlinemeterfiles
 ```
 *   GET Restore an Offline Meter File by ID from database to disk
 ```bash
@@ -1604,7 +1604,7 @@ curl -i -X DELETE {{base_url}}/spaces/{id}/virtualmeters/{mid}
 ```
 *   GET Space Tree of User
 ```bash
-curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: a6e52af82e5b4168ae03b1c5fd8fa31b2ab3a338" -X GET {{base_url}}/spaces/tree
+curl -i -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X GET {{base_url}}/spaces/tree
 ```
 
 ### Store
@@ -2009,15 +2009,15 @@ curl -i -H "Content-Type: application/json" -X PUT -d '{"data":{"email":"johnson
 ```
 *   PUT User Logout
 ```bash
-curl -i -H "Content-Type: application/json" -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: a6e52af82e5b4168ae03b1c5fd8fa31b2ab3a338" -X PUT  {{base_url}}/users/logout
+curl -i -H "Content-Type: application/json" -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X PUT  {{base_url}}/users/logout
 ```
 *   PUT User change password
 ```bash
-curl -i -H "Content-Type: application/json" -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: a6e52af82e5b4168ae03b1c5fd8fa31b2ab3a338" -X PUT -d '{"data":{"old_password":"Password1", "new_password":"Password2"}}' {{base_url}}/users/changepassword
+curl -i -H "Content-Type: application/json" -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X PUT -d '{"data":{"old_password":"Password1", "new_password":"Password2"}}' {{base_url}}/users/changepassword
 ```
 *   PUT User reset other user's password by administrator
 ```bash
-curl -i -H "Content-Type: application/json" -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: a6e52af82e5b4168ae03b1c5fd8fa31b2ab3a338" -X PUT -d '{"data":{"name":"johnson","password":"NewPassword1"}}'  {{base_url}}/users/resetpassword
+curl -i -H "Content-Type: application/json" -H "User-UUID: 793f1bb4-6e25-4242-8cdc-2f662b25484f" -H "Token: GET-TOKEN-AFTER-LOGIN" -X PUT -d '{"data":{"name":"johnson","password":"NewPassword1"}}'  {{base_url}}/users/resetpassword
 ```
 
 ### Virtual Meter
diff --git a/web/README.md b/web/README.md
index 4ea41edb..dab37692 100644
--- a/web/README.md
+++ b/web/README.md
@@ -55,7 +55,7 @@ In this section, you will install myems-web on Docker.
 * Check and change the config file if necessary:
 ```bash
 cd myems/web
-sudo nano src/config.js
+nano src/config.js
 ```
 
 * replace ~~127.0.0.1:8000~~ in nginx.conf with actual **HOST** ip and port of myems-api
@@ -66,11 +66,11 @@ nano nginx.conf
 
 * Download all the necessary dependencies into the node_modules directory.
 ```bash
-sudo npm i --unsafe-perm=true --allow-root --legacy-peer-deps
+npm i --unsafe-perm=true --allow-root --legacy-peer-deps
 ```
 * Build for production with NPM
 ```bash
-sudo npm run build
+npm run build
 ```
 * Build a Docker image
 ```bash
@@ -91,14 +91,14 @@ docker run -d -p 80:80 --restart always --name myems-web myems/myems-web
 --name		Assign a name to the container
 
 
-### Option 2: Install myems-web on NGINX Server
+### Option 2: Install myems-web on Server with NGINX
 
 *   Install NGINX  Server
 refer to http://nginx.org/en/docs/install.html
 
 *   Configure NGINX
 ```bash
-sudo nano /etc/nginx/nginx.conf
+nano /etc/nginx/nginx.conf
 ```
 In the 'http' section, add some directives:
 ```