sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#100761 Allow subscribers to access /api/applyrewrites

Browse Source 
* Give subscribers permissions to apply rewrites
	    but only for their own subscriber id

Change-Id: I6fdb449190169802ba8d3ed71effb41c60b00125
mr9.3
Flaviu Mates 4 years ago
parent e3b5ea8860
commit 0d0a2faf90
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File

7
lib/NGCP/Panel/Controller/API/ApplyRewrites.pm
Unescape View File

@ -38,7 +38,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
});
sub POST :Allow {
@ -76,6 +76,11 @@ sub POST :Allow {
$self->error($c, HTTP_NOT_FOUND, "Calling subscriber not found.");
last;
}
if (($c->user->roles eq "subscriber" || $c->user->roles eq "subscriberadmin") && $subscriber->provisioning_voip_subscriber->id != $c->user->id) {
$c->log->error("Insuficient permissions to apply rewrites for subscriber id $$resource{subscriber_id}");
$self->error($c, HTTP_FORBIDDEN, "Insuficient permissions.");
return;
}
my @result;
try {

Write Preview
Loading…
Cancel
Save