From 16c7e858fbeb331cc7f17d4495f6a32c92c6ad16 Mon Sep 17 00:00:00 2001 From: Caozhenhui <823914102@qq.com> Date: Tue, 30 Nov 2021 10:00:38 +0800 Subject: [PATCH 1/4] added access control to EnergyItem --- .../settings/category/energyitem.controller.js | 10 +++++++--- .../services/settings/category/energyitem.service.js | 12 ++++++------ myems-api/MyEMS.postman_collection.json | 2 +- myems-api/README.md | 6 +++--- myems-api/core/energyitem.py | 5 ++++- 5 files changed, 21 insertions(+), 14 deletions(-) diff --git a/admin/app/controllers/settings/category/energyitem.controller.js b/admin/app/controllers/settings/category/energyitem.controller.js index e6abad0b..03261570 100644 --- a/admin/app/controllers/settings/category/energyitem.controller.js +++ b/admin/app/controllers/settings/category/energyitem.controller.js @@ -1,6 +1,7 @@ 'use strict'; app.controller('EnergyItemController', function($scope, $translate,$uibModal, CategoryService, EnergyItemService, toaster,SweetAlert) { + $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllCategories = function() { CategoryService.getAllCategories(function (response) { if (angular.isDefined(response.status) && response.status === 200) { @@ -38,7 +39,8 @@ app.controller('EnergyItemController', function($scope, $translate,$uibModal, Ca } }); modalInstance.result.then(function(energyItem) { - EnergyItemService.addEnergyItem(energyItem, function(response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EnergyItemService.addEnergyItem(energyItem, headers, function(response) { if (angular.isDefined(response.status) && response.status === 201) { toaster.pop({ type: "success", @@ -78,7 +80,8 @@ app.controller('EnergyItemController', function($scope, $translate,$uibModal, Ca }); modalInstance.result.then(function (modifiedEnergyItem) { - EnergyItemService.editEnergyItem(modifiedEnergyItem, function (response){ + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EnergyItemService.editEnergyItem(modifiedEnergyItem, headers, function (response){ if(angular.isDefined(response.status) && response.status === 200){ toaster.pop({ type: "success", @@ -114,7 +117,8 @@ app.controller('EnergyItemController', function($scope, $translate,$uibModal, Ca closeOnCancel: true }, function (isConfirm) { if (isConfirm) { - EnergyItemService.deleteEnergyItem(energyItem, function (response) { + let headers = { "User-UUID": $scope.cur_user.uuid, "Token": $scope.cur_user.token }; + EnergyItemService.deleteEnergyItem(energyItem, headers, function (response) { if (angular.isDefined(response.status) && response.status === 204) { toaster.pop({ type: "success", diff --git a/admin/app/services/settings/category/energyitem.service.js b/admin/app/services/settings/category/energyitem.service.js index 503a8542..ee0fff62 100644 --- a/admin/app/services/settings/category/energyitem.service.js +++ b/admin/app/services/settings/category/energyitem.service.js @@ -17,24 +17,24 @@ app.factory('EnergyItemService', function($http) { callback(response); }); }, - addEnergyItem: function(energyItem, callback) { - $http.post(getAPI()+'energyitems',{data:energyItem}) + addEnergyItem: function(energyItem, headers, callback) { + $http.post(getAPI()+'energyitems',{data:energyItem}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - editEnergyItem: function(energyItem, callback) { - $http.put(getAPI()+'energyitems/'+energyItem.id,{data:energyItem}) + editEnergyItem: function(energyItem, headers, callback) { + $http.put(getAPI()+'energyitems/'+energyItem.id,{data:energyItem}, {headers}) .then(function (response) { callback(response); }, function (response) { callback(response); }); }, - deleteEnergyItem: function(energyItem, callback) { - $http.delete(getAPI()+'energyitems/'+energyItem.id) + deleteEnergyItem: function(energyItem, headers, callback) { + $http.delete(getAPI()+'energyitems/'+energyItem.id, {headers}) .then(function (response) { callback(response); }, function (response) { diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index df8ee26b..7f2c217c 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "1a6c20d8-4d7a-49a1-a5e9-3d4261ba0505", + "_postman_id": "36fe4322-48fb-414c-8328-665d2872c2b7", "name": "MyEMS", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, diff --git a/myems-api/README.md b/myems-api/README.md index afea25e8..74f2d05b 100644 --- a/myems-api/README.md +++ b/myems-api/README.md @@ -669,15 +669,15 @@ curl -i -X GET {{base_url}}/energyitems ``` * DELETE an Energy Item by ID ```bash -curl -i -X DELETE {{base_url}}/energyitems/{id} +curl -i -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X DELETE {{base_url}}/energyitems/{id} ``` * POST Create an Energy Item ```bash -curl -i -H "Content-Type: application/json" -X POST -d '{"data":{"name":"空调用电","energy_category_id":1}}' {{base_url}}/energyitems +curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X POST -d '{"data":{"name":"空调用电","energy_category_id":1}}' {{base_url}}/energyitems ``` * PUT Update an Energy Item ```bash -curl -i -H "Content-Type: application/json" -X PUT -d '{"data":{"name":"动力用电","energy_category_id":1}}' {{base_url}}/energyitems/{id} +curl -i -H "Content-Type: application/json" -H "User-UUID: dcdb67d1-6116-4987-916f-6fc6cf2bc0e4" -H "Token: GET-TOKEN-AFTER-LOGIN" -X PUT -d '{"data":{"name":"动力用电","energy_category_id":1}}' {{base_url}}/energyitems/{id} ``` ### Equipment diff --git a/myems-api/core/energyitem.py b/myems-api/core/energyitem.py index f2edffcb..b22b06a2 100644 --- a/myems-api/core/energyitem.py +++ b/myems-api/core/energyitem.py @@ -3,7 +3,7 @@ import simplejson as json import mysql.connector import config import uuid -from core.useractivity import user_logger +from core.useractivity import user_logger, access_control class EnergyItemCollection: @@ -55,6 +55,7 @@ class EnergyItemCollection: @user_logger def on_post(req, resp): """Handles POST requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: @@ -165,6 +166,7 @@ class EnergyItemItem: @staticmethod @user_logger def on_delete(req, resp, id_): + access_control(req) if not id_.isdigit() or int(id_) <= 0: raise falcon.HTTPError(falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_ENERGY_ITEM_ID') @@ -225,6 +227,7 @@ class EnergyItemItem: @user_logger def on_put(req, resp, id_): """Handles PUT requests""" + access_control(req) try: raw_json = req.stream.read().decode('utf-8') except Exception as ex: From 6e5344943998ed6469ff2e5d1250284ef9038cb7 Mon Sep 17 00:00:00 2001 From: Caozhenhui <823914102@qq.com> Date: Tue, 30 Nov 2021 10:07:12 +0800 Subject: [PATCH 2/4] added access control to EnergyItem --- .../app/controllers/settings/category/energyitem.controller.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/app/controllers/settings/category/energyitem.controller.js b/admin/app/controllers/settings/category/energyitem.controller.js index 03261570..439e2db7 100644 --- a/admin/app/controllers/settings/category/energyitem.controller.js +++ b/admin/app/controllers/settings/category/energyitem.controller.js @@ -1,6 +1,6 @@ 'use strict'; -app.controller('EnergyItemController', function($scope, $translate,$uibModal, CategoryService, EnergyItemService, toaster,SweetAlert) { +app.controller('EnergyItemController', function($scope, $window, $translate,$uibModal, CategoryService, EnergyItemService, toaster,SweetAlert) { $scope.cur_user = JSON.parse($window.localStorage.getItem("myems_admin_ui_current_user")); $scope.getAllCategories = function() { CategoryService.getAllCategories(function (response) { From 20db5357b28a7fe80a763017da56a7fb1f175800 Mon Sep 17 00:00:00 2001 From: Caozhenhui <823914102@qq.com> Date: Tue, 30 Nov 2021 10:11:04 +0800 Subject: [PATCH 3/4] modified postman_collection.json --- myems-api/MyEMS.postman_collection.json | 58 +++++++++++++++++++++++-- 1 file changed, 54 insertions(+), 4 deletions(-) diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index 7f2c217c..5b66a321 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -2257,7 +2257,20 @@ "name": "POST Create an Energy Item", "request": { "method": "POST", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4 ", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "89d8c1a8e6e2a4fc3b7a7eb3964c4e6fc97b5ae216591a986deb43f8a03babcd72ce5ad0c160e3ed4c9550cea29a9a548a261812484f2c7ac9aa039aa33441e2", + "description": "Login to get a valid token", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"租户用电\",\"energy_category_id\":1}}" @@ -2278,7 +2291,20 @@ "name": "PUT Update an Energy Item", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4 ", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "89d8c1a8e6e2a4fc3b7a7eb3964c4e6fc97b5ae216591a986deb43f8a03babcd72ce5ad0c160e3ed4c9550cea29a9a548a261812484f2c7ac9aa039aa33441e2", + "description": "Login to get a valid token", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"name\":\"空调用\",\"energy_category_id\":1}}" @@ -2300,7 +2326,20 @@ "name": "DELETE an Energy Item", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "dcdb67d1-6116-4987-916f-6fc6cf2bc0e4 ", + "description": "Any admin users' UUID", + "type": "text" + }, + { + "key": "Token", + "value": "89d8c1a8e6e2a4fc3b7a7eb3964c4e6fc97b5ae216591a986deb43f8a03babcd72ce5ad0c160e3ed4c9550cea29a9a548a261812484f2c7ac9aa039aa33441e2", + "description": "Login to get a valid token", + "type": "text" + } + ], "url": { "raw": "{{base_url}}/energyitems/4", "host": [ @@ -7424,7 +7463,18 @@ "name": "PUT User Login by Email", "request": { "method": "PUT", - "header": [], + "header": [ + { + "key": "User-UUID", + "value": "816be1f0-cf59-4aa4-bf81-a0e90577d416", + "type": "text" + }, + { + "key": "Token", + "value": "89d8c1a8e6e2a4fc3b7a7eb3964c4e6fc97b5ae216591a986deb43f8a03babcd72ce5ad0c160e3ed4c9550cea29a9a548a261812484f2c7ac9aa039aa33441e2", + "type": "text" + } + ], "body": { "mode": "raw", "raw": "{\"data\":{\"email\":\"administrator@myems.io\", \"password\":\"!MyEMS1\"}}" From 8481fa68a5836ceef569c630e3bddb9733eed0c8 Mon Sep 17 00:00:00 2001 From: Caozhenhui <823914102@qq.com> Date: Tue, 30 Nov 2021 10:13:11 +0800 Subject: [PATCH 4/4] modified postman_collection.json --- myems-api/MyEMS.postman_collection.json | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/myems-api/MyEMS.postman_collection.json b/myems-api/MyEMS.postman_collection.json index 5b66a321..090d3d35 100644 --- a/myems-api/MyEMS.postman_collection.json +++ b/myems-api/MyEMS.postman_collection.json @@ -7463,18 +7463,7 @@ "name": "PUT User Login by Email", "request": { "method": "PUT", - "header": [ - { - "key": "User-UUID", - "value": "816be1f0-cf59-4aa4-bf81-a0e90577d416", - "type": "text" - }, - { - "key": "Token", - "value": "89d8c1a8e6e2a4fc3b7a7eb3964c4e6fc97b5ae216591a986deb43f8a03babcd72ce5ad0c160e3ed4c9550cea29a9a548a261812484f2c7ac9aa039aa33441e2", - "type": "text" - } - ], + "header": [], "body": { "mode": "raw", "raw": "{\"data\":{\"email\":\"administrator@myems.io\", \"password\":\"!MyEMS1\"}}"