From 1306ba53c6c258e6c7aee86c6c3351fe9cda5566 Mon Sep 17 00:00:00 2001 From: Andreas Granig Date: Fri, 8 Aug 2014 21:36:58 +0200 Subject: [PATCH] MT#8561 API: filter write ops for r/o users --- .../Panel/Controller/API/ApplyRewrites.pm | 2 +- .../Panel/Controller/API/AutoAttendants.pm | 2 +- .../Controller/API/AutoAttendantsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/BillingFees.pm | 2 +- .../Panel/Controller/API/BillingFeesItem.pm | 2 +- .../Panel/Controller/API/BillingProfiles.pm | 2 +- .../Controller/API/BillingProfilesItem.pm | 2 +- lib/NGCP/Panel/Controller/API/BillingZones.pm | 2 +- .../Panel/Controller/API/BillingZonesItem.pm | 2 +- lib/NGCP/Panel/Controller/API/CCMapEntries.pm | 2 +- .../Panel/Controller/API/CCMapEntriesItem.pm | 2 +- .../Panel/Controller/API/CFDestinationSets.pm | 2 +- .../Controller/API/CFDestinationSetsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/CFMappings.pm | 2 +- .../Panel/Controller/API/CFMappingsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/CFTimeSets.pm | 2 +- .../Panel/Controller/API/CFTimeSetsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/CallControls.pm | 2 +- lib/NGCP/Panel/Controller/API/CallForwards.pm | 2 +- .../Panel/Controller/API/CallForwardsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/Calls.pm | 2 +- lib/NGCP/Panel/Controller/API/CallsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/Contracts.pm | 2 +- .../Panel/Controller/API/ContractsItem.pm | 2 +- .../Panel/Controller/API/CustomerContacts.pm | 2 +- .../Controller/API/CustomerContactsItem.pm | 2 +- .../Controller/API/CustomerPreferenceDefs.pm | 2 +- .../Controller/API/CustomerPreferences.pm | 2 +- .../Controller/API/CustomerPreferencesItem.pm | 2 +- .../Panel/Controller/API/CustomerZoneCosts.pm | 2 +- .../Controller/API/CustomerZoneCostsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/Customers.pm | 2 +- .../Panel/Controller/API/CustomersItem.pm | 2 +- .../Controller/API/DomainPreferenceDefs.pm | 2 +- .../Panel/Controller/API/DomainPreferences.pm | 2 +- .../Controller/API/DomainPreferencesItem.pm | 2 +- lib/NGCP/Panel/Controller/API/Domains.pm | 2 +- lib/NGCP/Panel/Controller/API/DomainsItem.pm | 2 +- .../Panel/Controller/API/EmailTemplates.pm | 2 +- .../Controller/API/EmailTemplatesItem.pm | 2 +- .../Panel/Controller/API/FaxserverSettings.pm | 2 +- .../Controller/API/FaxserverSettingsItem.pm | 2 +- .../Panel/Controller/API/InvoiceTemplates.pm | 2 +- .../Controller/API/InvoiceTemplatesItem.pm | 2 +- lib/NGCP/Panel/Controller/API/Invoices.pm | 2 +- lib/NGCP/Panel/Controller/API/InvoicesItem.pm | 2 +- lib/NGCP/Panel/Controller/API/NcosLevels.pm | 2 +- .../Panel/Controller/API/NcosLevelsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/NcosPatterns.pm | 2 +- .../Panel/Controller/API/NcosPatternsItem.pm | 2 +- .../Controller/API/PbxDeviceConfigFiles.pm | 2 +- .../API/PbxDeviceConfigFilesItem.pm | 2 +- .../Panel/Controller/API/PbxDeviceConfigs.pm | 2 +- .../Controller/API/PbxDeviceConfigsItem.pm | 2 +- .../API/PbxDeviceFirmwareBinaries.pm | 2 +- .../API/PbxDeviceFirmwareBinariesItem.pm | 2 +- .../Controller/API/PbxDeviceFirmwares.pm | 2 +- .../Controller/API/PbxDeviceFirmwaresItem.pm | 2 +- .../Panel/Controller/API/PbxDeviceModels.pm | 2 +- .../Controller/API/PbxDeviceModelsItem.pm | 2 +- .../Panel/Controller/API/PbxDeviceProfiles.pm | 2 +- .../Controller/API/PbxDeviceProfilesItem.pm | 2 +- lib/NGCP/Panel/Controller/API/PbxDevices.pm | 2 +- .../Panel/Controller/API/PbxDevicesItem.pm | 2 +- lib/NGCP/Panel/Controller/API/Reminders.pm | 2 +- .../Panel/Controller/API/RemindersItem.pm | 2 +- lib/NGCP/Panel/Controller/API/Resellers.pm | 2 +- .../Panel/Controller/API/ResellersItem.pm | 2 +- .../Panel/Controller/API/RewriteRuleSets.pm | 2 +- .../Controller/API/RewriteRuleSetsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/RewriteRules.pm | 2 +- .../Panel/Controller/API/RewriteRulesItem.pm | 2 +- lib/NGCP/Panel/Controller/API/Root.pm | 24 ++++++++++++++++--- .../Controller/API/SoundFileRecordings.pm | 2 +- .../Controller/API/SoundFileRecordingsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/SoundFiles.pm | 2 +- .../Panel/Controller/API/SoundFilesItem.pm | 2 +- lib/NGCP/Panel/Controller/API/SoundHandles.pm | 2 +- .../Panel/Controller/API/SoundHandlesItem.pm | 2 +- lib/NGCP/Panel/Controller/API/SoundSets.pm | 2 +- .../Panel/Controller/API/SoundSetsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/SpeedDials.pm | 2 +- .../Panel/Controller/API/SpeedDialsItem.pm | 2 +- .../API/SubscriberPreferenceDefs.pm | 2 +- .../Controller/API/SubscriberPreferences.pm | 2 +- .../API/SubscriberPreferencesItem.pm | 2 +- .../Controller/API/SubscriberProfileSets.pm | 2 +- .../API/SubscriberProfileSetsItem.pm | 2 +- .../Controller/API/SubscriberProfiles.pm | 2 +- .../Controller/API/SubscriberProfilesItem.pm | 2 +- .../Controller/API/SubscriberRegistrations.pm | 2 +- .../API/SubscriberRegistrationsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/Subscribers.pm | 2 +- .../Panel/Controller/API/SubscribersItem.pm | 2 +- .../Panel/Controller/API/SystemContacts.pm | 2 +- .../Controller/API/SystemContactsItem.pm | 2 +- .../Panel/Controller/API/TrustedSources.pm | 2 +- .../Controller/API/TrustedSourcesItem.pm | 2 +- .../Controller/API/VoicemailRecordings.pm | 2 +- .../Controller/API/VoicemailRecordingsItem.pm | 2 +- .../Panel/Controller/API/VoicemailSettings.pm | 2 +- .../Controller/API/VoicemailSettingsItem.pm | 2 +- lib/NGCP/Panel/Controller/API/Voicemails.pm | 2 +- .../Panel/Controller/API/VoicemailsItem.pm | 2 +- lib/NGCP/Panel/Controller/Root.pm | 22 ++++++++++++++++- lib/NGCP/Panel/Role/API.pm | 17 ++++++++++++- 106 files changed, 161 insertions(+), 108 deletions(-) diff --git a/lib/NGCP/Panel/Controller/API/ApplyRewrites.pm b/lib/NGCP/Panel/Controller/API/ApplyRewrites.pm index ee90b698f5..c8af5490d8 100644 --- a/lib/NGCP/Panel/Controller/API/ApplyRewrites.pm +++ b/lib/NGCP/Panel/Controller/API/ApplyRewrites.pm @@ -59,7 +59,7 @@ sub auto :Private { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/AutoAttendants.pm b/lib/NGCP/Panel/Controller/API/AutoAttendants.pm index 147145e6b1..2c8e960ad5 100644 --- a/lib/NGCP/Panel/Controller/API/AutoAttendants.pm +++ b/lib/NGCP/Panel/Controller/API/AutoAttendants.pm @@ -117,7 +117,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/AutoAttendantsItem.pm b/lib/NGCP/Panel/Controller/API/AutoAttendantsItem.pm index 50c2bc9f16..49f5662070 100644 --- a/lib/NGCP/Panel/Controller/API/AutoAttendantsItem.pm +++ b/lib/NGCP/Panel/Controller/API/AutoAttendantsItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/BillingFees.pm b/lib/NGCP/Panel/Controller/API/BillingFees.pm index fefb24e52a..53843cdc0a 100644 --- a/lib/NGCP/Panel/Controller/API/BillingFees.pm +++ b/lib/NGCP/Panel/Controller/API/BillingFees.pm @@ -129,7 +129,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/BillingFeesItem.pm b/lib/NGCP/Panel/Controller/API/BillingFeesItem.pm index a1def77309..46bc283b9a 100644 --- a/lib/NGCP/Panel/Controller/API/BillingFeesItem.pm +++ b/lib/NGCP/Panel/Controller/API/BillingFeesItem.pm @@ -73,7 +73,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/BillingProfiles.pm b/lib/NGCP/Panel/Controller/API/BillingProfiles.pm index 3d34d04913..c6bc729278 100644 --- a/lib/NGCP/Panel/Controller/API/BillingProfiles.pm +++ b/lib/NGCP/Panel/Controller/API/BillingProfiles.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/BillingProfilesItem.pm b/lib/NGCP/Panel/Controller/API/BillingProfilesItem.pm index 529a8138b7..e80e90d33e 100644 --- a/lib/NGCP/Panel/Controller/API/BillingProfilesItem.pm +++ b/lib/NGCP/Panel/Controller/API/BillingProfilesItem.pm @@ -73,7 +73,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/BillingZones.pm b/lib/NGCP/Panel/Controller/API/BillingZones.pm index 38db3ea0c5..906270d6a5 100644 --- a/lib/NGCP/Panel/Controller/API/BillingZones.pm +++ b/lib/NGCP/Panel/Controller/API/BillingZones.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/BillingZonesItem.pm b/lib/NGCP/Panel/Controller/API/BillingZonesItem.pm index a4cc688c5f..e119905b36 100644 --- a/lib/NGCP/Panel/Controller/API/BillingZonesItem.pm +++ b/lib/NGCP/Panel/Controller/API/BillingZonesItem.pm @@ -73,7 +73,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/CCMapEntries.pm b/lib/NGCP/Panel/Controller/API/CCMapEntries.pm index fe204d179c..c63141897d 100644 --- a/lib/NGCP/Panel/Controller/API/CCMapEntries.pm +++ b/lib/NGCP/Panel/Controller/API/CCMapEntries.pm @@ -117,7 +117,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CCMapEntriesItem.pm b/lib/NGCP/Panel/Controller/API/CCMapEntriesItem.pm index ce235fe8bc..8b96ff1640 100644 --- a/lib/NGCP/Panel/Controller/API/CCMapEntriesItem.pm +++ b/lib/NGCP/Panel/Controller/API/CCMapEntriesItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/CFDestinationSets.pm b/lib/NGCP/Panel/Controller/API/CFDestinationSets.pm index b682081a67..5502e448b3 100644 --- a/lib/NGCP/Panel/Controller/API/CFDestinationSets.pm +++ b/lib/NGCP/Panel/Controller/API/CFDestinationSets.pm @@ -139,7 +139,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CFDestinationSetsItem.pm b/lib/NGCP/Panel/Controller/API/CFDestinationSetsItem.pm index a925081ab2..27ad8adb2a 100644 --- a/lib/NGCP/Panel/Controller/API/CFDestinationSetsItem.pm +++ b/lib/NGCP/Panel/Controller/API/CFDestinationSetsItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/CFMappings.pm b/lib/NGCP/Panel/Controller/API/CFMappings.pm index 9fd853c96a..24cc20df2f 100644 --- a/lib/NGCP/Panel/Controller/API/CFMappings.pm +++ b/lib/NGCP/Panel/Controller/API/CFMappings.pm @@ -129,7 +129,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CFMappingsItem.pm b/lib/NGCP/Panel/Controller/API/CFMappingsItem.pm index b3728fdcc5..99696c5ec3 100644 --- a/lib/NGCP/Panel/Controller/API/CFMappingsItem.pm +++ b/lib/NGCP/Panel/Controller/API/CFMappingsItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/CFTimeSets.pm b/lib/NGCP/Panel/Controller/API/CFTimeSets.pm index 524ee51e08..9d8fcad446 100644 --- a/lib/NGCP/Panel/Controller/API/CFTimeSets.pm +++ b/lib/NGCP/Panel/Controller/API/CFTimeSets.pm @@ -139,7 +139,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CFTimeSetsItem.pm b/lib/NGCP/Panel/Controller/API/CFTimeSetsItem.pm index 6023dc46fe..14ce2da8ab 100644 --- a/lib/NGCP/Panel/Controller/API/CFTimeSetsItem.pm +++ b/lib/NGCP/Panel/Controller/API/CFTimeSetsItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/CallControls.pm b/lib/NGCP/Panel/Controller/API/CallControls.pm index 642e80f32e..fec9ed9ff3 100644 --- a/lib/NGCP/Panel/Controller/API/CallControls.pm +++ b/lib/NGCP/Panel/Controller/API/CallControls.pm @@ -62,7 +62,7 @@ sub auto :Private { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CallForwards.pm b/lib/NGCP/Panel/Controller/API/CallForwards.pm index 1ca32a68e6..eb5b62521b 100644 --- a/lib/NGCP/Panel/Controller/API/CallForwards.pm +++ b/lib/NGCP/Panel/Controller/API/CallForwards.pm @@ -133,7 +133,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CallForwardsItem.pm b/lib/NGCP/Panel/Controller/API/CallForwardsItem.pm index 8171a0938f..5766910d58 100644 --- a/lib/NGCP/Panel/Controller/API/CallForwardsItem.pm +++ b/lib/NGCP/Panel/Controller/API/CallForwardsItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/Calls.pm b/lib/NGCP/Panel/Controller/API/Calls.pm index 7c9cdef202..a8749776fe 100644 --- a/lib/NGCP/Panel/Controller/API/Calls.pm +++ b/lib/NGCP/Panel/Controller/API/Calls.pm @@ -150,7 +150,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CallsItem.pm b/lib/NGCP/Panel/Controller/API/CallsItem.pm index a8b0793c43..a2e52ac1fb 100644 --- a/lib/NGCP/Panel/Controller/API/CallsItem.pm +++ b/lib/NGCP/Panel/Controller/API/CallsItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/Contracts.pm b/lib/NGCP/Panel/Controller/API/Contracts.pm index 5ea23cde1e..5d58c133fb 100644 --- a/lib/NGCP/Panel/Controller/API/Contracts.pm +++ b/lib/NGCP/Panel/Controller/API/Contracts.pm @@ -138,7 +138,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/ContractsItem.pm b/lib/NGCP/Panel/Controller/API/ContractsItem.pm index 547022d6e2..f1bd7d7eb6 100644 --- a/lib/NGCP/Panel/Controller/API/ContractsItem.pm +++ b/lib/NGCP/Panel/Controller/API/ContractsItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/CustomerContacts.pm b/lib/NGCP/Panel/Controller/API/CustomerContacts.pm index cf38a3c944..e4bf20986b 100644 --- a/lib/NGCP/Panel/Controller/API/CustomerContacts.pm +++ b/lib/NGCP/Panel/Controller/API/CustomerContacts.pm @@ -136,7 +136,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CustomerContactsItem.pm b/lib/NGCP/Panel/Controller/API/CustomerContactsItem.pm index 8102aa5abc..e90b3f9065 100644 --- a/lib/NGCP/Panel/Controller/API/CustomerContactsItem.pm +++ b/lib/NGCP/Panel/Controller/API/CustomerContactsItem.pm @@ -73,7 +73,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/CustomerPreferenceDefs.pm b/lib/NGCP/Panel/Controller/API/CustomerPreferenceDefs.pm index ecae353fef..6bb8b115b4 100644 --- a/lib/NGCP/Panel/Controller/API/CustomerPreferenceDefs.pm +++ b/lib/NGCP/Panel/Controller/API/CustomerPreferenceDefs.pm @@ -111,7 +111,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CustomerPreferences.pm b/lib/NGCP/Panel/Controller/API/CustomerPreferences.pm index 98b919cf91..30b4573ac9 100644 --- a/lib/NGCP/Panel/Controller/API/CustomerPreferences.pm +++ b/lib/NGCP/Panel/Controller/API/CustomerPreferences.pm @@ -106,7 +106,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CustomerPreferencesItem.pm b/lib/NGCP/Panel/Controller/API/CustomerPreferencesItem.pm index e46e324c34..5b89308523 100644 --- a/lib/NGCP/Panel/Controller/API/CustomerPreferencesItem.pm +++ b/lib/NGCP/Panel/Controller/API/CustomerPreferencesItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/CustomerZoneCosts.pm b/lib/NGCP/Panel/Controller/API/CustomerZoneCosts.pm index fb19751bfe..9bf80338de 100644 --- a/lib/NGCP/Panel/Controller/API/CustomerZoneCosts.pm +++ b/lib/NGCP/Panel/Controller/API/CustomerZoneCosts.pm @@ -143,7 +143,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CustomerZoneCostsItem.pm b/lib/NGCP/Panel/Controller/API/CustomerZoneCostsItem.pm index 9b4678dc8a..01e32f620b 100644 --- a/lib/NGCP/Panel/Controller/API/CustomerZoneCostsItem.pm +++ b/lib/NGCP/Panel/Controller/API/CustomerZoneCostsItem.pm @@ -76,7 +76,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/Customers.pm b/lib/NGCP/Panel/Controller/API/Customers.pm index 1caad3d2bf..8552bfbcf0 100644 --- a/lib/NGCP/Panel/Controller/API/Customers.pm +++ b/lib/NGCP/Panel/Controller/API/Customers.pm @@ -158,7 +158,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/CustomersItem.pm b/lib/NGCP/Panel/Controller/API/CustomersItem.pm index 243787faab..a770b8887d 100644 --- a/lib/NGCP/Panel/Controller/API/CustomersItem.pm +++ b/lib/NGCP/Panel/Controller/API/CustomersItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/DomainPreferenceDefs.pm b/lib/NGCP/Panel/Controller/API/DomainPreferenceDefs.pm index a89c30cd9a..7ab3ccaf9c 100644 --- a/lib/NGCP/Panel/Controller/API/DomainPreferenceDefs.pm +++ b/lib/NGCP/Panel/Controller/API/DomainPreferenceDefs.pm @@ -111,7 +111,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/DomainPreferences.pm b/lib/NGCP/Panel/Controller/API/DomainPreferences.pm index 96f0732d19..2cad4ae61a 100644 --- a/lib/NGCP/Panel/Controller/API/DomainPreferences.pm +++ b/lib/NGCP/Panel/Controller/API/DomainPreferences.pm @@ -106,7 +106,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/DomainPreferencesItem.pm b/lib/NGCP/Panel/Controller/API/DomainPreferencesItem.pm index c3e3400577..35903e0891 100644 --- a/lib/NGCP/Panel/Controller/API/DomainPreferencesItem.pm +++ b/lib/NGCP/Panel/Controller/API/DomainPreferencesItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/Domains.pm b/lib/NGCP/Panel/Controller/API/Domains.pm index 72ab7f60e0..4071dfb3c2 100644 --- a/lib/NGCP/Panel/Controller/API/Domains.pm +++ b/lib/NGCP/Panel/Controller/API/Domains.pm @@ -140,7 +140,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/DomainsItem.pm b/lib/NGCP/Panel/Controller/API/DomainsItem.pm index 655a2208aa..598ab00a6b 100644 --- a/lib/NGCP/Panel/Controller/API/DomainsItem.pm +++ b/lib/NGCP/Panel/Controller/API/DomainsItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/EmailTemplates.pm b/lib/NGCP/Panel/Controller/API/EmailTemplates.pm index 98258250ab..32d636a10b 100644 --- a/lib/NGCP/Panel/Controller/API/EmailTemplates.pm +++ b/lib/NGCP/Panel/Controller/API/EmailTemplates.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/EmailTemplatesItem.pm b/lib/NGCP/Panel/Controller/API/EmailTemplatesItem.pm index c7c8e17826..55ad162b3e 100644 --- a/lib/NGCP/Panel/Controller/API/EmailTemplatesItem.pm +++ b/lib/NGCP/Panel/Controller/API/EmailTemplatesItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/FaxserverSettings.pm b/lib/NGCP/Panel/Controller/API/FaxserverSettings.pm index e789547fcc..7b9b30f47c 100644 --- a/lib/NGCP/Panel/Controller/API/FaxserverSettings.pm +++ b/lib/NGCP/Panel/Controller/API/FaxserverSettings.pm @@ -149,7 +149,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/FaxserverSettingsItem.pm b/lib/NGCP/Panel/Controller/API/FaxserverSettingsItem.pm index 647db18e02..f3f3b67b41 100644 --- a/lib/NGCP/Panel/Controller/API/FaxserverSettingsItem.pm +++ b/lib/NGCP/Panel/Controller/API/FaxserverSettingsItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/InvoiceTemplates.pm b/lib/NGCP/Panel/Controller/API/InvoiceTemplates.pm index a2baa04663..eab3ae5536 100644 --- a/lib/NGCP/Panel/Controller/API/InvoiceTemplates.pm +++ b/lib/NGCP/Panel/Controller/API/InvoiceTemplates.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/InvoiceTemplatesItem.pm b/lib/NGCP/Panel/Controller/API/InvoiceTemplatesItem.pm index 555f0a2944..e67e7a12e4 100644 --- a/lib/NGCP/Panel/Controller/API/InvoiceTemplatesItem.pm +++ b/lib/NGCP/Panel/Controller/API/InvoiceTemplatesItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/Invoices.pm b/lib/NGCP/Panel/Controller/API/Invoices.pm index 9a8f38c011..afae4ebd20 100644 --- a/lib/NGCP/Panel/Controller/API/Invoices.pm +++ b/lib/NGCP/Panel/Controller/API/Invoices.pm @@ -171,7 +171,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/InvoicesItem.pm b/lib/NGCP/Panel/Controller/API/InvoicesItem.pm index f97448afcf..2e7e5fc1a6 100644 --- a/lib/NGCP/Panel/Controller/API/InvoicesItem.pm +++ b/lib/NGCP/Panel/Controller/API/InvoicesItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/NcosLevels.pm b/lib/NGCP/Panel/Controller/API/NcosLevels.pm index 88c5ee92e6..c1ddf04071 100644 --- a/lib/NGCP/Panel/Controller/API/NcosLevels.pm +++ b/lib/NGCP/Panel/Controller/API/NcosLevels.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/NcosLevelsItem.pm b/lib/NGCP/Panel/Controller/API/NcosLevelsItem.pm index e4a863b121..3f0d7ff3b4 100644 --- a/lib/NGCP/Panel/Controller/API/NcosLevelsItem.pm +++ b/lib/NGCP/Panel/Controller/API/NcosLevelsItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/NcosPatterns.pm b/lib/NGCP/Panel/Controller/API/NcosPatterns.pm index 8096dc3c27..a0ea6f8476 100644 --- a/lib/NGCP/Panel/Controller/API/NcosPatterns.pm +++ b/lib/NGCP/Panel/Controller/API/NcosPatterns.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/NcosPatternsItem.pm b/lib/NGCP/Panel/Controller/API/NcosPatternsItem.pm index d4b60e86be..e8d88ab2ba 100644 --- a/lib/NGCP/Panel/Controller/API/NcosPatternsItem.pm +++ b/lib/NGCP/Panel/Controller/API/NcosPatternsItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFiles.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFiles.pm index bc76d7f88e..07bd580637 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFiles.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFiles.pm @@ -60,7 +60,7 @@ sub auto :Private { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFilesItem.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFilesItem.pm index d77b7e8b5f..992ca6c89e 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFilesItem.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFilesItem.pm @@ -66,7 +66,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigs.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigs.pm index e0b0097d90..44add4776f 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigs.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigs.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigsItem.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigsItem.pm index a7a1d8cdbf..434920c371 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigsItem.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigsItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinaries.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinaries.pm index e4513377e9..4457e2d1d6 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinaries.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinaries.pm @@ -60,7 +60,7 @@ sub auto :Private { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinariesItem.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinariesItem.pm index 5f4ee05811..71de883091 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinariesItem.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinariesItem.pm @@ -66,7 +66,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwares.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwares.pm index 5a7ea82ba4..04558509b9 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwares.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwares.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwaresItem.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwaresItem.pm index 9887e66519..62564fea9a 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwaresItem.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwaresItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceModels.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceModels.pm index 51fd714644..b7fa9f6413 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceModels.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceModels.pm @@ -182,7 +182,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceModelsItem.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceModelsItem.pm index be2cfb7350..fac6f3e21f 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceModelsItem.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceModelsItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceProfiles.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceProfiles.pm index a8806f54b0..0c218ebdab 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceProfiles.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceProfiles.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/PbxDeviceProfilesItem.pm b/lib/NGCP/Panel/Controller/API/PbxDeviceProfilesItem.pm index ba32b1268f..e0b8564f08 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDeviceProfilesItem.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDeviceProfilesItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/PbxDevices.pm b/lib/NGCP/Panel/Controller/API/PbxDevices.pm index d1cd17a09a..1e0267f8ae 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDevices.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDevices.pm @@ -147,7 +147,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/PbxDevicesItem.pm b/lib/NGCP/Panel/Controller/API/PbxDevicesItem.pm index 15a375b4e7..c791d31397 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDevicesItem.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDevicesItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/Reminders.pm b/lib/NGCP/Panel/Controller/API/Reminders.pm index d22aa7bbb0..fc1732f4ae 100644 --- a/lib/NGCP/Panel/Controller/API/Reminders.pm +++ b/lib/NGCP/Panel/Controller/API/Reminders.pm @@ -129,7 +129,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/RemindersItem.pm b/lib/NGCP/Panel/Controller/API/RemindersItem.pm index 25aab40788..4c8b7c95e7 100644 --- a/lib/NGCP/Panel/Controller/API/RemindersItem.pm +++ b/lib/NGCP/Panel/Controller/API/RemindersItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/Resellers.pm b/lib/NGCP/Panel/Controller/API/Resellers.pm index cfe27a6f75..7e4b7cbc15 100644 --- a/lib/NGCP/Panel/Controller/API/Resellers.pm +++ b/lib/NGCP/Panel/Controller/API/Resellers.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/ResellersItem.pm b/lib/NGCP/Panel/Controller/API/ResellersItem.pm index f82705c9b7..de527023fc 100644 --- a/lib/NGCP/Panel/Controller/API/ResellersItem.pm +++ b/lib/NGCP/Panel/Controller/API/ResellersItem.pm @@ -73,7 +73,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/RewriteRuleSets.pm b/lib/NGCP/Panel/Controller/API/RewriteRuleSets.pm index dd1270d0b4..eb17bc22cc 100644 --- a/lib/NGCP/Panel/Controller/API/RewriteRuleSets.pm +++ b/lib/NGCP/Panel/Controller/API/RewriteRuleSets.pm @@ -147,7 +147,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/RewriteRuleSetsItem.pm b/lib/NGCP/Panel/Controller/API/RewriteRuleSetsItem.pm index 6677e9b17a..0cb263e675 100644 --- a/lib/NGCP/Panel/Controller/API/RewriteRuleSetsItem.pm +++ b/lib/NGCP/Panel/Controller/API/RewriteRuleSetsItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/RewriteRules.pm b/lib/NGCP/Panel/Controller/API/RewriteRules.pm index 349d552134..816da9362a 100644 --- a/lib/NGCP/Panel/Controller/API/RewriteRules.pm +++ b/lib/NGCP/Panel/Controller/API/RewriteRules.pm @@ -136,7 +136,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/RewriteRulesItem.pm b/lib/NGCP/Panel/Controller/API/RewriteRulesItem.pm index 6b505f7243..5b3e56f869 100644 --- a/lib/NGCP/Panel/Controller/API/RewriteRulesItem.pm +++ b/lib/NGCP/Panel/Controller/API/RewriteRulesItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/Root.pm b/lib/NGCP/Panel/Controller/API/Root.pm index c3e2de1983..2545a6b5ff 100644 --- a/lib/NGCP/Panel/Controller/API/Root.pm +++ b/lib/NGCP/Panel/Controller/API/Root.pm @@ -69,8 +69,26 @@ sub GET : Allow { if($full_mod->can('query_params')) { $query_params = $full_mod->query_params; } - my $actions = [ keys %{ $full_mod->config->{action} } ]; - my $item_actions = $full_item_mod->can('config') ? [ keys %{ $full_item_mod->config->{action} } ] : []; + my $actions = []; + if($c->user->read_only) { + foreach my $m(keys %{ $full_mod->config->{action} }) { + next unless $m ~~ [qw/GET HEAD OPTIONS/]; + push @{ $actions }, $m; + } + } else { + $actions = [ keys %{ $full_mod->config->{action} } ]; + } + my $item_actions = []; + if($full_item_mod->can('config')) { + if($c->user->read_only) { + foreach my $m(keys %{ $full_item_mod->config->{action} }) { + next unless $m ~~ [qw/GET HEAD OPTIONS/]; + push @{ $item_actions }, $m; + } + } else { + $item_actions = [ keys %{ $full_item_mod->config->{action} } ]; + } + } my $form = $full_mod->get_form($c); @@ -118,7 +136,7 @@ sub HEAD : Allow { sub OPTIONS : Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), $self->collections_link_headers, diff --git a/lib/NGCP/Panel/Controller/API/SoundFileRecordings.pm b/lib/NGCP/Panel/Controller/API/SoundFileRecordings.pm index 80bbb2cb90..6de818d2b6 100644 --- a/lib/NGCP/Panel/Controller/API/SoundFileRecordings.pm +++ b/lib/NGCP/Panel/Controller/API/SoundFileRecordings.pm @@ -60,7 +60,7 @@ sub auto :Private { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SoundFileRecordingsItem.pm b/lib/NGCP/Panel/Controller/API/SoundFileRecordingsItem.pm index 057c524b29..901772204a 100644 --- a/lib/NGCP/Panel/Controller/API/SoundFileRecordingsItem.pm +++ b/lib/NGCP/Panel/Controller/API/SoundFileRecordingsItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/SoundFiles.pm b/lib/NGCP/Panel/Controller/API/SoundFiles.pm index 74637e63bc..644bfc484d 100644 --- a/lib/NGCP/Panel/Controller/API/SoundFiles.pm +++ b/lib/NGCP/Panel/Controller/API/SoundFiles.pm @@ -127,7 +127,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SoundFilesItem.pm b/lib/NGCP/Panel/Controller/API/SoundFilesItem.pm index ac4fe724a1..63bd30906e 100644 --- a/lib/NGCP/Panel/Controller/API/SoundFilesItem.pm +++ b/lib/NGCP/Panel/Controller/API/SoundFilesItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/SoundHandles.pm b/lib/NGCP/Panel/Controller/API/SoundHandles.pm index ed030cdbd3..340b94fc16 100644 --- a/lib/NGCP/Panel/Controller/API/SoundHandles.pm +++ b/lib/NGCP/Panel/Controller/API/SoundHandles.pm @@ -127,7 +127,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SoundHandlesItem.pm b/lib/NGCP/Panel/Controller/API/SoundHandlesItem.pm index e93da18775..2201c8195f 100644 --- a/lib/NGCP/Panel/Controller/API/SoundHandlesItem.pm +++ b/lib/NGCP/Panel/Controller/API/SoundHandlesItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/SoundSets.pm b/lib/NGCP/Panel/Controller/API/SoundSets.pm index 99526a1085..90b540d6ec 100644 --- a/lib/NGCP/Panel/Controller/API/SoundSets.pm +++ b/lib/NGCP/Panel/Controller/API/SoundSets.pm @@ -147,7 +147,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SoundSetsItem.pm b/lib/NGCP/Panel/Controller/API/SoundSetsItem.pm index 0512cebfb8..32961d2a22 100644 --- a/lib/NGCP/Panel/Controller/API/SoundSetsItem.pm +++ b/lib/NGCP/Panel/Controller/API/SoundSetsItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/SpeedDials.pm b/lib/NGCP/Panel/Controller/API/SpeedDials.pm index 9d90a70ec6..06133f4170 100644 --- a/lib/NGCP/Panel/Controller/API/SpeedDials.pm +++ b/lib/NGCP/Panel/Controller/API/SpeedDials.pm @@ -131,7 +131,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SpeedDialsItem.pm b/lib/NGCP/Panel/Controller/API/SpeedDialsItem.pm index 6ff3d3337f..22ac130834 100644 --- a/lib/NGCP/Panel/Controller/API/SpeedDialsItem.pm +++ b/lib/NGCP/Panel/Controller/API/SpeedDialsItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/SubscriberPreferenceDefs.pm b/lib/NGCP/Panel/Controller/API/SubscriberPreferenceDefs.pm index 65b67dbeca..28481c7ff0 100644 --- a/lib/NGCP/Panel/Controller/API/SubscriberPreferenceDefs.pm +++ b/lib/NGCP/Panel/Controller/API/SubscriberPreferenceDefs.pm @@ -111,7 +111,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SubscriberPreferences.pm b/lib/NGCP/Panel/Controller/API/SubscriberPreferences.pm index ca2bed3ae3..9d70a0d320 100644 --- a/lib/NGCP/Panel/Controller/API/SubscriberPreferences.pm +++ b/lib/NGCP/Panel/Controller/API/SubscriberPreferences.pm @@ -107,7 +107,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SubscriberPreferencesItem.pm b/lib/NGCP/Panel/Controller/API/SubscriberPreferencesItem.pm index a353ef2484..6268bae2f0 100644 --- a/lib/NGCP/Panel/Controller/API/SubscriberPreferencesItem.pm +++ b/lib/NGCP/Panel/Controller/API/SubscriberPreferencesItem.pm @@ -75,7 +75,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/SubscriberProfileSets.pm b/lib/NGCP/Panel/Controller/API/SubscriberProfileSets.pm index 9447c39786..1d6c8c1f5e 100644 --- a/lib/NGCP/Panel/Controller/API/SubscriberProfileSets.pm +++ b/lib/NGCP/Panel/Controller/API/SubscriberProfileSets.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SubscriberProfileSetsItem.pm b/lib/NGCP/Panel/Controller/API/SubscriberProfileSetsItem.pm index 252e8242da..59d09f0e27 100644 --- a/lib/NGCP/Panel/Controller/API/SubscriberProfileSetsItem.pm +++ b/lib/NGCP/Panel/Controller/API/SubscriberProfileSetsItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/SubscriberProfiles.pm b/lib/NGCP/Panel/Controller/API/SubscriberProfiles.pm index dc8c8413a7..5974a6f7bf 100644 --- a/lib/NGCP/Panel/Controller/API/SubscriberProfiles.pm +++ b/lib/NGCP/Panel/Controller/API/SubscriberProfiles.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm b/lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm index 9368d189f1..8fe1fe519e 100644 --- a/lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm +++ b/lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/SubscriberRegistrations.pm b/lib/NGCP/Panel/Controller/API/SubscriberRegistrations.pm index 00ae82527e..5def521316 100644 --- a/lib/NGCP/Panel/Controller/API/SubscriberRegistrations.pm +++ b/lib/NGCP/Panel/Controller/API/SubscriberRegistrations.pm @@ -135,7 +135,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SubscriberRegistrationsItem.pm b/lib/NGCP/Panel/Controller/API/SubscriberRegistrationsItem.pm index 7905391ce7..64482311d9 100644 --- a/lib/NGCP/Panel/Controller/API/SubscriberRegistrationsItem.pm +++ b/lib/NGCP/Panel/Controller/API/SubscriberRegistrationsItem.pm @@ -76,7 +76,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/Subscribers.pm b/lib/NGCP/Panel/Controller/API/Subscribers.pm index b3f487597a..430771ac9b 100644 --- a/lib/NGCP/Panel/Controller/API/Subscribers.pm +++ b/lib/NGCP/Panel/Controller/API/Subscribers.pm @@ -223,7 +223,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SubscribersItem.pm b/lib/NGCP/Panel/Controller/API/SubscribersItem.pm index 037121e3b0..3ded9e6ac3 100644 --- a/lib/NGCP/Panel/Controller/API/SubscribersItem.pm +++ b/lib/NGCP/Panel/Controller/API/SubscribersItem.pm @@ -77,7 +77,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/SystemContacts.pm b/lib/NGCP/Panel/Controller/API/SystemContacts.pm index f62790730c..62925fcd35 100644 --- a/lib/NGCP/Panel/Controller/API/SystemContacts.pm +++ b/lib/NGCP/Panel/Controller/API/SystemContacts.pm @@ -125,7 +125,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/SystemContactsItem.pm b/lib/NGCP/Panel/Controller/API/SystemContactsItem.pm index f6c9235661..3a2426b276 100644 --- a/lib/NGCP/Panel/Controller/API/SystemContactsItem.pm +++ b/lib/NGCP/Panel/Controller/API/SystemContactsItem.pm @@ -73,7 +73,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/TrustedSources.pm b/lib/NGCP/Panel/Controller/API/TrustedSources.pm index 0dde45c665..0ceb162c06 100644 --- a/lib/NGCP/Panel/Controller/API/TrustedSources.pm +++ b/lib/NGCP/Panel/Controller/API/TrustedSources.pm @@ -129,7 +129,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/TrustedSourcesItem.pm b/lib/NGCP/Panel/Controller/API/TrustedSourcesItem.pm index 16b122c961..12a9381f0d 100644 --- a/lib/NGCP/Panel/Controller/API/TrustedSourcesItem.pm +++ b/lib/NGCP/Panel/Controller/API/TrustedSourcesItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/VoicemailRecordings.pm b/lib/NGCP/Panel/Controller/API/VoicemailRecordings.pm index 75743212ad..f0c10c4fb6 100644 --- a/lib/NGCP/Panel/Controller/API/VoicemailRecordings.pm +++ b/lib/NGCP/Panel/Controller/API/VoicemailRecordings.pm @@ -53,7 +53,7 @@ sub auto :Private { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/VoicemailRecordingsItem.pm b/lib/NGCP/Panel/Controller/API/VoicemailRecordingsItem.pm index b5ae962892..840d7e315e 100644 --- a/lib/NGCP/Panel/Controller/API/VoicemailRecordingsItem.pm +++ b/lib/NGCP/Panel/Controller/API/VoicemailRecordingsItem.pm @@ -64,7 +64,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/VoicemailSettings.pm b/lib/NGCP/Panel/Controller/API/VoicemailSettings.pm index a28b6b33c3..25006c9ad0 100644 --- a/lib/NGCP/Panel/Controller/API/VoicemailSettings.pm +++ b/lib/NGCP/Panel/Controller/API/VoicemailSettings.pm @@ -129,7 +129,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/VoicemailSettingsItem.pm b/lib/NGCP/Panel/Controller/API/VoicemailSettingsItem.pm index eaffebe98b..f4fd94e5ae 100644 --- a/lib/NGCP/Panel/Controller/API/VoicemailSettingsItem.pm +++ b/lib/NGCP/Panel/Controller/API/VoicemailSettingsItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/API/Voicemails.pm b/lib/NGCP/Panel/Controller/API/Voicemails.pm index 21306ca3df..1fd90d5681 100644 --- a/lib/NGCP/Panel/Controller/API/Voicemails.pm +++ b/lib/NGCP/Panel/Controller/API/Voicemails.pm @@ -137,7 +137,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Post => 'application/hal+json; profile=http://purl.org/sipwise/ngcp-api/#rel-'.$self->resource_name, diff --git a/lib/NGCP/Panel/Controller/API/VoicemailsItem.pm b/lib/NGCP/Panel/Controller/API/VoicemailsItem.pm index aa3753de36..3d633cca9f 100644 --- a/lib/NGCP/Panel/Controller/API/VoicemailsItem.pm +++ b/lib/NGCP/Panel/Controller/API/VoicemailsItem.pm @@ -72,7 +72,7 @@ sub HEAD :Allow { sub OPTIONS :Allow { my ($self, $c, $id) = @_; - my $allowed_methods = $self->allowed_methods; + my $allowed_methods = $self->allowed_methods_filtered($c); $c->response->headers(HTTP::Headers->new( Allow => $allowed_methods->join(', '), Accept_Patch => 'application/json-patch+json', diff --git a/lib/NGCP/Panel/Controller/Root.pm b/lib/NGCP/Panel/Controller/Root.pm index 397fdb23d1..768cb00f8f 100644 --- a/lib/NGCP/Panel/Controller/Root.pm +++ b/lib/NGCP/Panel/Controller/Root.pm @@ -80,6 +80,16 @@ sub auto :Private { } else { $c->log->debug("++++++ admin '".$c->user->login."' authenticated via api_admin_cert"); } + if($c->user->read_only && !($c->req->method ~~ [qw/GET HEAD OPTIONS/])) { + $c->log->error("invalid method '".$c->req->method."' for read-only user '".$c->user->login."', rejecting"); + $c->user->logout; + $c->response->status(403); + $c->res->body(JSON::to_json({ + message => "Invalid HTTP method for read-only user", + code => 403, + })); + return; + } return 1; @@ -98,7 +108,16 @@ sub auto :Private { } else { $c->log->debug("++++++ admin '".$c->user->login."' authenticated via api_admin_http"); } - + if($c->user->read_only && !($c->req->method ~~ [qw/GET HEAD OPTIONS/])) { + $c->log->error("invalid method '".$c->req->method."' for read-only user '".$c->user->login."', rejecting"); + $c->user->logout; + $c->response->status(403); + $c->res->body(JSON::to_json({ + message => "Invalid HTTP method for read-only user", + code => 403, + })); + return; + } return 1; } } @@ -134,6 +153,7 @@ sub auto :Private { $c->req->uri->path =~ /create/ || $c->req->uri->path =~ /edit/ || $c->req->uri->path =~ /delete/ + || !($c->req->method ~~ [qw/GET HEAD OPTIONS/]) )) { $c->detach('/denied_page'); } diff --git a/lib/NGCP/Panel/Role/API.pm b/lib/NGCP/Panel/Role/API.pm index c6e57c535c..4ea072bf62 100644 --- a/lib/NGCP/Panel/Role/API.pm +++ b/lib/NGCP/Panel/Role/API.pm @@ -253,13 +253,28 @@ sub require_wellformed_json { return $ret; } +sub allowed_methods_filtered { + my ($self, $c) = @_; + if($c->user->read_only) { + my @methods = (); + foreach my $m(@{ $self->allowed_methods }) { + next unless $m ~~ [qw/GET HEAD OPTIONS/]; + push @methods, $m; + } + return \@methods; + } else { + return $self->allowed_methods; + } +} + sub allowed_methods { my ($self) = @_; my $meta = $self->meta; my @allow; for my $method ($meta->get_method_list) { push @allow, $meta->get_method($method)->name - if $meta->get_method($method)->can('attributes') && 'Allow' ~~ $meta->get_method($method)->attributes; + if $meta->get_method($method)->can('attributes') && + 'Allow' ~~ $meta->get_method($method)->attributes; } return [sort @allow]; }