TT#4324 voicemail permissions for subadmin

* /api/voicemailgreetings/
* /api/voicemailrecordings/
* /api/voicemails/
* /api/voicemailsettings/

Change-Id: I3d8974b5d6ae821b03bd8d4a005cec91083eb327

lib/NGCP/Panel/Controller/API/VoicemailGreetings.pm

@@ -11,6 +11,10 @@ sub allowed_methods{
     return [qw/OPTIONS HEAD GET POST/];
 }
 
+sub allowed_roles {
+    return qw/admin reseller subscriberadmin/;
+}
+
 sub api_description {
     return 'Defines the voicemail greetings. A GET on an item with Accept "audio/x-wav" returns the binary blob of the greeting.';
 };

lib/NGCP/Panel/Controller/API/VoicemailGreetingsItem.pm

@@ -10,6 +10,10 @@ sub allowed_methods{
     return [qw/GET OPTIONS HEAD PUT DELETE/];
 }
 
+sub allowed_roles {
+    return qw/admin reseller subscriberadmin/;
+}
+
 sub _set_config{
     my ($self, $method) = @_;
     $method //='';

lib/NGCP/Panel/Controller/API/VoicemailRecordings.pm

@@ -41,7 +41,7 @@ __PACKAGE__->config(
     action => {
         map { $_ => {
             ACLDetachTo => '/api/root/invalid_user',
-            AllowedRole => [qw/admin reseller/],
+            AllowedRole => [qw/admin reseller subscriberadmin/],
             Args => 0,
             Does => [qw(ACL CheckTrailingSlash RequireSSL)],
             Method => $_,

lib/NGCP/Panel/Controller/API/VoicemailRecordingsItem.pm

@@ -34,7 +34,7 @@ __PACKAGE__->config(
     action => {
         map { $_ => {
             ACLDetachTo => '/api/root/invalid_user',
-            AllowedRole => [qw/admin reseller/],
+            AllowedRole => [qw/admin reseller subscriberadmin/],
             Args => 1,
             Does => [qw(ACL RequireSSL)],
             Method => $_,
@@ -49,6 +49,7 @@ sub auto :Private {
 
     $self->set_body($c);
     $self->log_request($c);
+    return 1;
 }
 
 sub GET :Allow {
@@ -89,6 +90,7 @@ sub end : Private {
     my ($self, $c) = @_;
 
     #$self->log_response($c);
+    return;
 }
 
 

lib/NGCP/Panel/Controller/API/VoicemailSettings.pm

@@ -61,7 +61,7 @@ __PACKAGE__->config(
     action => {
         map { $_ => {
             ACLDetachTo => '/api/root/invalid_user',
-            AllowedRole => [qw/admin reseller/],
+            AllowedRole => [qw/admin reseller subscriberadmin/],
             Args => 0,
             Does => [qw(ACL CheckTrailingSlash RequireSSL)],
             Method => $_,

lib/NGCP/Panel/Controller/API/VoicemailSettingsItem.pm

@@ -39,7 +39,7 @@ __PACKAGE__->config(
     action => {
         (map { $_ => {
             ACLDetachTo => '/api/root/invalid_user',
-            AllowedRole => [qw/admin reseller/],
+            AllowedRole => [qw/admin reseller subscriberadmin/],
             Args => 1,
             Does => [qw(ACL RequireSSL)],
             Method => $_,
@@ -47,7 +47,7 @@ __PACKAGE__->config(
         } } @{ __PACKAGE__->allowed_methods }),
         @{ __PACKAGE__->get_journal_action_config(__PACKAGE__->resource_name,{
             ACLDetachTo => '/api/root/invalid_user',
-            AllowedRole => [qw/admin reseller/],
+            AllowedRole => [qw/admin reseller subscriberadmin/],
             Does => [qw(ACL RequireSSL)],
         }) }
     },
@@ -59,6 +59,7 @@ sub auto :Private {
 
     $self->set_body($c);
     $self->log_request($c);
+    return 1;
 }
 
 sub GET :Allow {
@@ -72,9 +73,8 @@ sub GET :Allow {
 
         my $response = HTTP::Response->new(HTTP_OK, undef, HTTP::Headers->new(
             (map { # XXX Data::HAL must be able to generate links with multiple relations
-                s|rel="(http://purl.org/sipwise/ngcp-api/#rel-resellers)"|rel="item $1"|;
-                s/rel=self/rel="item self"/;
-                $_
+                s|rel="(http://purl.org/sipwise/ngcp-api/#rel-\w+)"|rel="item $1"|r =~
+                s/rel=self/rel="item self"/r;
             } $hal->http_headers),
         ), $hal->as_json);
         $c->response->headers($response->headers);

lib/NGCP/Panel/Controller/API/Voicemails.pm

@@ -70,7 +70,7 @@ __PACKAGE__->config(
     action => {
         map { $_ => {
             ACLDetachTo => '/api/root/invalid_user',
-            AllowedRole => [qw/admin reseller/],
+            AllowedRole => [qw/admin reseller subscriberadmin/],
             Args => 0,
             Does => [qw(ACL CheckTrailingSlash RequireSSL)],
             Method => $_,

lib/NGCP/Panel/Controller/API/VoicemailsItem.pm

@@ -35,7 +35,7 @@ __PACKAGE__->config(
     action => {
         map { $_ => {
             ACLDetachTo => '/api/root/invalid_user',
-            AllowedRole => [qw/admin reseller/],
+            AllowedRole => [qw/admin reseller subscriberadmin/],
             Args => 1,
             Does => [qw(ACL RequireSSL)],
             Method => $_,
@@ -63,9 +63,8 @@ sub GET :Allow {
 
         my $response = HTTP::Response->new(HTTP_OK, undef, HTTP::Headers->new(
             (map { # XXX Data::HAL must be able to generate links with multiple relations
-                s|rel="(http://purl.org/sipwise/ngcp-api/#rel-resellers)"|rel="item $1"|;
-                s/rel=self/rel="item self"/;
-                $_
+                s|rel="(http://purl.org/sipwise/ngcp-api/#rel-\w+)"|rel="item $1"|r =~
+                s/rel=self/rel="item self"/r;
             } $hal->http_headers),
         ), $hal->as_json);
         $c->response->headers($response->headers);

lib/NGCP/Panel/Role/API/VoicemailGreetings.pm

@@ -53,6 +53,15 @@ sub _item_rs {
                 }
             } }
         });
+    } elsif ($c->user->roles eq "subscriberadmin") {
+        $item_rs = $item_rs->search_rs({
+            'contract.id' => $c->user->account_id,
+        },{
+            join => { 'mailboxuser' => { 'provisioning_voip_subscriber' =>
+                { 'voip_subscriber' => 'contract' } } },
+        });
+    } elsif ($c->user->roles eq "subscriber") {
+        return;  # forbidden
     }
     return $item_rs;
 }
@@ -147,14 +156,6 @@ sub check_duplicate{
     return 1;
 }
 
-#sub resource_from_item{
-#    my $self shift;
-#    my($c, $item) = @_;
-#    my $res = $self->SUPER::resource_from_item(@_);
-#    $res->{dir} =  NGCP::Panel::Utils::Subscriber::get_subscriber_voicemail_directory(c => $c, subscriber => $c->stash->{checked}->{subscriber}, dir => $resource->{dir} );
-#    return $res;
-#}
-
 
 1;
 # vim: set tabstop=4 expandtab:

lib/NGCP/Panel/Role/API/VoicemailRecordings.pm

@@ -15,13 +15,19 @@ sub _item_rs {
     },{
             join => { mailboxuser => { provisioning_voip_subscriber => 'voip_subscriber' } }
     });
-    if($c->user->roles eq "admin") {
-    } elsif($c->user->roles eq "reseller") {
+    if ($c->user->roles eq "admin") {
+    } elsif ($c->user->roles eq "reseller") {
         $item_rs = $item_rs->search({ 
             'contact.reseller_id' => $c->user->reseller_id 
         },{
             join => { mailboxuser => { provisioning_voip_subscriber => { voip_subscriber => { contract => 'contact' } } } }
         });
+    } elsif ($c->user->roles eq "subscriberadmin") {
+        $item_rs = $item_rs->search({
+            'contract.id' => $c->user->account_id,
+        },{
+            join => { mailboxuser => { provisioning_voip_subscriber => { voip_subscriber => 'contract' } } }
+        });
     }
     return $item_rs;
 }

lib/NGCP/Panel/Role/API/VoicemailSettings.pm

@@ -20,11 +20,17 @@ sub _item_rs {
     }, {
         join => { provisioning_voip_subscriber => { voip_subscriber => { contract => 'contact' } } },
     });
-    if($c->user->roles eq "admin") {
-    } elsif($c->user->roles eq "reseller") {
+    if ($c->user->roles eq "admin") {
+    } elsif ($c->user->roles eq "reseller") {
         $item_rs = $item_rs->search({ 
             'contact.reseller_id' => $c->user->reseller_id,
         });
+    } elsif ($c->user->roles eq "subscriberadmin") {
+        $item_rs = $item_rs->search({
+            'contract.id' => $c->user->account_id,
+        });
+    } elsif ($c->user->roles eq "subscriber") {
+        return;
     }
     return $item_rs;
 }

lib/NGCP/Panel/Role/API/Voicemails.pm

@@ -29,6 +29,14 @@ sub _item_rs {
         },{
             join => { mailboxuser => { provisioning_voip_subscriber => { voip_subscriber => { contract => 'contact' } } } }
         });
+    } elsif ($c->user->roles eq "subscriberadmin") {
+        $item_rs = $item_rs->search({
+            'contract.id' => $c->user->account_id,
+        },{
+            join => { mailboxuser => { provisioning_voip_subscriber => { voip_subscriber => 'contract' } } }
+        });
+    } elsif ($c->user->roles eq "subscriber") {
+        return;  # forbidden
     }
     return $item_rs;
 }

lib/NGCP/Panel/Role/Entities.pm

@@ -24,7 +24,7 @@ sub set_config {
         action => {
             map { $_ => {
                 ACLDetachTo => '/api/root/invalid_user',
-                AllowedRole => [qw/admin reseller/],
+                AllowedRole => [$self->allowed_roles],
                 Args => 0,
                 Does => [qw(ACL CheckTrailingSlash RequireSSL)],
                 Method => $_,
@@ -37,6 +37,10 @@ sub set_config {
     );
 }
 
+sub allowed_roles {
+    return qw/admin reseller/;
+}
+
 sub get_list{
     my ($self, $c) = @_;
     return $self->item_rs($c);

lib/NGCP/Panel/Role/EntitiesItem.pm

@@ -22,7 +22,7 @@ sub set_config {
         action => {
             map { $_ => {
                 ACLDetachTo => '/api/root/invalid_user',
-                AllowedRole => [qw/admin reseller/],
+                AllowedRole => [$self->allowed_roles],
                 Args => 1,
                 Does => [qw(ACL RequireSSL)],
                 Method => $_,
@@ -35,6 +35,10 @@ sub set_config {
     );
 }
 
+sub allowed_roles {
+    return qw/admin reseller/;
+}
+
 sub get {
     my ($self, $c, $id) = @_;
     {