diff --git a/lib/NGCP/Panel/Controller/API/Faxes.pm b/lib/NGCP/Panel/Controller/API/Faxes.pm index c163e53eda..da40488a7e 100644 --- a/lib/NGCP/Panel/Controller/API/Faxes.pm +++ b/lib/NGCP/Panel/Controller/API/Faxes.pm @@ -15,6 +15,15 @@ use NGCP::Panel::Utils::API::Subscribers; use NGCP::Panel::Utils::Fax; use Encode qw( encode_utf8 ); +use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::Faxes/; + +__PACKAGE__->set_config({ + allowed_roles => [qw/admin reseller subscriberadmin subscriber/], + GET => { + ContentType => ['multipart/form-data'], + } +}); + sub allowed_methods{ return [qw/GET POST OPTIONS HEAD/]; } @@ -23,12 +32,6 @@ sub api_description { return 'Defines the meta information like duration, sender etc for fax recordings. The actual recordings can be fetched via the FaxRecordings relation. NOTE: There is no Location header in the POST method response, as creation is asynchronous.'; }; -#sub properties { -# return { -# asynchronous => 1, -# }; -#} - sub query_params { return [ { @@ -85,27 +88,6 @@ sub query_params { ]; } -use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::Faxes/; - -sub resource_name{ - return 'faxes'; -} - -sub dispatch_path{ - return '/api/faxes/'; -} - -sub relation{ - return 'http://purl.org/sipwise/ngcp-api/#rel-faxes'; -} - -__PACKAGE__->set_config({ - allowed_roles => [qw/admin reseller/], - GET => { - ContentType => ['multipart/form-data'], - } -}); - sub GET :Allow { my ($self, $c) = @_; my $page = $c->request->params->{page} // 1; @@ -179,7 +161,7 @@ sub POST :Allow { my $billing_subscriber = NGCP::Panel::Utils::API::Subscribers::get_active_subscriber($self, $c, $resource->{subscriber_id}); unless($billing_subscriber) { $c->log->error("invalid subscriber id $$resource{subscriber_id} for fax send"); - $self->error($c, HTTP_NOT_FOUND, "Fax subscriber not found."); + $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Fax subscriber not found."); last; } my $prov_subscriber = $billing_subscriber->provisioning_voip_subscriber; diff --git a/lib/NGCP/Panel/Controller/API/FaxesItem.pm b/lib/NGCP/Panel/Controller/API/FaxesItem.pm index 21904a3286..ea38afabf0 100644 --- a/lib/NGCP/Panel/Controller/API/FaxesItem.pm +++ b/lib/NGCP/Panel/Controller/API/FaxesItem.pm @@ -31,7 +31,7 @@ sub relation{ } __PACKAGE__->set_config({ - allowed_roles => [qw/admin reseller/], + allowed_roles => [qw/admin reseller subscriberadmin subscriber/], }); sub GET :Allow { diff --git a/lib/NGCP/Panel/Role/API/Faxes.pm b/lib/NGCP/Panel/Role/API/Faxes.pm index 2a63a82853..2045129ee9 100644 --- a/lib/NGCP/Panel/Role/API/Faxes.pm +++ b/lib/NGCP/Panel/Role/API/Faxes.pm @@ -14,6 +14,10 @@ use DateTime::Format::Strptime; use NGCP::Panel::Utils::Subscriber; use NGCP::Panel::Utils::Fax; +sub resource_name{ + return 'faxes'; +} + sub _item_rs { my ($self, $c) = @_; @@ -29,6 +33,16 @@ sub _item_rs { },{ join => { provisioning_voip_subscriber => { voip_subscriber => { contract => 'contact' } } } }); + } elsif ($c->user->roles eq "subscriberadmin") { + $item_rs = $item_rs->search_rs({ + 'contract.id' => $c->user->account_id, + },{ + join => { provisioning_voip_subscriber => { voip_subscriber => { contract => 'contact' } } } + }); + } elsif ($c->user->roles eq "subscriber") { + $item_rs = $item_rs->search_rs({ + 'voip_subscriber.uuid' => $c->user->uuid, + }); } return $item_rs; } diff --git a/lib/NGCP/Panel/Utils/API/Subscribers.pm b/lib/NGCP/Panel/Utils/API/Subscribers.pm index d205794e8c..66b6702ea4 100644 --- a/lib/NGCP/Panel/Utils/API/Subscribers.pm +++ b/lib/NGCP/Panel/Utils/API/Subscribers.pm @@ -18,6 +18,16 @@ sub get_active_subscriber{ },{ join => { contract => 'contact' }, }); + } elsif($c->user->roles eq "subscriberadmin") { + $sub_rs = $sub_rs->search({ + 'contract.id' => $c->user->account_id, + },{ + join => { 'contract' }, + }); + } elsif($c->user->roles eq "subscriber") { + $sub_rs = $sub_rs->search({ + 'me.uuid' => $c->user->uuid, + }); } my $sub = $sub_rs->first; unless($sub && $sub->provisioning_voip_subscriber) { diff --git a/t/api-rest/api-faxes.t b/t/api-rest/api-faxes.t index 504478c395..ed21cb0aaf 100644 --- a/t/api-rest/api-faxes.t +++ b/t/api-rest/api-faxes.t @@ -52,7 +52,6 @@ if( !$remote_config->{config}->{features}->{faxserver} ){ $test_machine->DATA_ITEM_STORE($fake_data->process('faxes')); $test_machine->form_data_item(); - set_faxes_preferences($test_machine->DATA_ITEM->{json}->{subscriber_id}); $test_machine->resource_fill_file($test_machine->DATA_ITEM->{faxfile}->[0]); @@ -63,6 +62,44 @@ if( !$remote_config->{config}->{features}->{faxserver} ){ $test_machine->DATA_ITEM->{json}->{data}="äöüß"; $test_machine->form_data_item(); $test_machine->check_create_correct( 1 ); + + #we will create other customer's subscriber + diag("create subscriber of other customer"); + my $fake_data_other_customer = Test::FakeData->new(keep_db_data => 1); + $fake_data_other_customer->{data}->{customers}->{data}->{external_id} = 'not_default_one_cust'; + my $subscriber_other_customer = $fake_data_other_customer->create('subscribers')->[0]; + set_faxes_preferences($subscriber_other_customer->{content}->{id}); + diag("login as subscriber of other customer"); + $test_machine->set_subscriber_credentials($subscriber_other_customer->{content}); + $test_machine->runas('subscriber'); + + $fake_data->{data}->{subscribers}->{data}->{administrative} = 1; + my $subscriberadmin = $fake_data->create('subscribers')->[0]; + set_faxes_preferences($subscriberadmin->{content}->{id}); + $test_machine->set_subscriber_credentials($subscriberadmin->{content}); + $test_machine->runas('subscriber'); + diag("\n\n\nSUBSCRIBERADMIN ".$subscriberadmin->{content}->{id}.":"); + + $test_machine->DATA_ITEM->{json}->{subscriber_id} = $subscriber_other_customer->{content}->{id}; + $test_machine->form_data_item(); + my($res,$content) = $test_machine->check_item_post(); + $test_machine->http_code_msg(422, "Check that we cant send a fax in a name of other customers subscriber",$res,$content); + diag("check that we can create as a subscriberadmin role"); + $test_machine->check_create_correct( 1, sub { $_[0]->{json}->{subscriber_id} = $subscriberadmin->{content}->{id};} ); + + + $fake_data->{data}->{subscribers}->{data}->{administrative} = 0; + my $subscriber = $fake_data->create('subscribers')->[0]; + set_faxes_preferences($subscriber->{content}->{id}); + $test_machine->set_subscriber_credentials($subscriber->{content}); + $test_machine->runas('subscriber'); + diag("\n\n\nSUBSCRIBER ".$subscriber->{content}->{id}.":"); + + ($res,$content) = $test_machine->check_item_post(); + $test_machine->http_code_msg(422, "Check that we cant send a fax in a name of other customers subscriber",$res,$content); + diag("check that we can create as a subscriber role"); + $test_machine->check_create_correct( 1, sub { $_[0]->{json}->{subscriber_id} = $subscriber->{content}->{id};} ); + } $test_machine->check_bundle(); diff --git a/t/lib/Test/FakeData.pm b/t/lib/Test/FakeData.pm index 1086da6a4e..24c1a09897 100644 --- a/t/lib/Test/FakeData.pm +++ b/t/lib/Test/FakeData.pm @@ -72,6 +72,11 @@ has 'use_data_callbacks' => ( isa => 'Bool', default => sub { 0 }, ); +has 'keep_db_data' => ( + is => 'rw', + isa => 'Bool', + default => sub { 0 }, +); has 'FLAVOUR' => ( is => 'rw', isa => 'Str', @@ -627,7 +632,9 @@ sub load_collection_data{ $self->load_data_from_script($collection_name); } if(! ( $self->collection_id_exists($collection_name) ) ){ - $self->clear_db(undef,undef,[$collection_name]); + if(! ( $self->keep_db_data ) ){ + $self->clear_db(undef,undef,[$collection_name]); + } $self->load_db(undef,[$collection_name]); } }