Allow subscriberadmin to access sub-subscribers.

12 years ago · 1af065d864
parent f2b57291ba
commit 1af065d864
4 changed files with 30 additions and 7 deletions
--- a/lib/NGCP/Panel/Controller/Customer.pm
+++ b/lib/NGCP/Panel/Controller/Customer.pm
@ -31,7 +31,7 @@ Catalyst Controller.

 =cut

-sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
+sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(subscriberadmin) {
    my ($self, $c) = @_;
    $c->log->debug(__PACKAGE__ . '::auto');
    NGCP::Panel::Utils::Navigation::check_redirect_chain(c => $c);
@ -56,7 +56,7 @@ sub list_customer :Chained('/') :PathPart('customer') :CaptureArgs(0) {
    );
 }

-sub root :Chained('list_customer') :PathPart('') :Args(0) {
+sub root :Chained('list_customer') :PathPart('') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;
 }

@ -71,12 +71,20 @@ sub base :Chained('list_customer') :PathPart('') :CaptureArgs(1) {

    my $contract = $c->model('DB')->resultset('contracts')
        ->search('me.id' => $contract_id);
-    unless($c->user->is_superuser) {
+    if($c->user->roles eq 'reseller') {
        $contract = $contract->search({
            'contact.reseller_id' => $c->user->reseller_id,
        }, {
            join => 'contact',
        });
+    } elsif($c->user->roles eq 'subscriberadmin') {
+        $contract = $contract->search({
+            'me.id' => $c->user->account_id,
+        });
+        unless($contract->count) {
+            $c->log->error("unauthorized access of subscriber uuid '".$c->user->uuid."' to contract id '$contract_id'");
+            $c->detach('/denied_page');
+        }
    }

    my $stime = NGCP::Panel::Utils::DateTime::current_local()->truncate(to => 'month');
--- a/lib/NGCP/Panel/Controller/Subscriber.pm
+++ b/lib/NGCP/Panel/Controller/Subscriber.pm
@ -75,7 +75,7 @@ sub sub_list :Chained('/') :PathPart('subscriber') :CaptureArgs(0) {
        },{
            join => { 'contract' => 'contact'},
        });
-    } elsif($c->user->roles eq 'subscriber' || $c->user->roles eq 'subscriberadmin') {
+    } elsif($c->user->roles eq 'subscriber') {
        $c->stash->{subscribers_rs} = $c->stash->{subscribers_rs}->search({
            'username' => $c->user->username
        },{
@ -88,6 +88,12 @@ sub sub_list :Chained('/') :PathPart('subscriber') :CaptureArgs(0) {
                join => 'domain'
            });
        }
+    } elsif($c->user->roles eq 'subscriberadmin') {
+        $c->stash->{subscribers_rs} = $c->stash->{subscribers_rs}->search({
+            'contract.id' => $c->user->account_id,
+        },{
+            join => { 'contract' => 'contact'},
+        });
    }

    $c->stash->{dt_columns} = NGCP::Panel::Utils::Datatables::set_columns($c, [
--- a/share/templates/customer/details.tt
+++ b/share/templates/customer/details.tt
@ -14,7 +14,7 @@
    <span>
        <a class="btn btn-primary btn-large" href="[% c.uri_for('/back') %]"><i class="icon-arrow-left"></i> Back</a>
    </span>
-    [% UNLESS c.user.read_only -%]
+    [% IF !c.user.read_only && (c.user.roles == 'admin' || c.user.roles == 'reseller') -%]
    <span>
        <a class="btn btn-primary btn-large" href="[% c.uri_for_action('/contract/edit', [ contract.id ]) %]"><i class="icon-edit"></i> Edit</a>
    </span>
@ -63,6 +63,7 @@
    </div>
    [% END -%]

+    [% IF c.user.roles == 'admin' || c.user.roles == 'reseller' %]
    <div class="accordion-group">
        <div class="accordion-heading">
            <a class="accordion-toggle" data-toggle="collapse" data-parent="#customer_details" href="#collapse_contact">Contact Details</a>
@ -144,6 +145,7 @@
            </div>
        </div>
    </div>
+    [% END -%]

    <div class="accordion-group">
        <div class="accordion-heading">
@ -327,6 +329,7 @@
        </div>
    </div>

+    [% IF c.user.roles == 'admin' || c.user.roles == 'reseller' %]
    <div class="accordion-group">
        <div class="accordion-heading">
            <a class="accordion-toggle" data-toggle="collapse" data-parent="#customer_details" href="#collapse_fraud">Fraud Limits</a>
@ -407,6 +410,7 @@
            </div>
        </div>
    </div>
+    [% END -%]
 </div>

 [% IF create_flag == 1 -%]
--- a/share/templates/subscriber/master.tt
+++ b/share/templates/subscriber/master.tt
@ -24,6 +24,7 @@
 <div class="ngcp-separator"></div>

 <div class="accordion" id="subscriber_data">
+    [% IF c.user.roles == 'admin' || c.user.roles == 'reseller' %]
    <div class="accordion-group">
        <div class="accordion-heading">
            <a class="accordion-toggle" data-toggle="collapse" data-parent="#subscriber_data" href="#collapse_master">Master Data</a>
@ -87,8 +88,12 @@
            </div>
        </div>
    </div>
+    [% END -%]

-[% IF c.user.call_data -%]
+    [% IF 
+        ((c.user.roles == 'admin' || c.user.roles == 'reseller') && c.user.call_data) ||
+        c.user.roles == 'subscriberadmin'
+    -%]
    <div class="accordion-group">
        <div class="accordion-heading">
            <a class="accordion-toggle" data-toggle="collapse" data-parent="#subscriber_data" href="#collapse_calls">Call History</a>
@ -108,7 +113,7 @@
            </div>
        </div>
    </div>
-[% END -%]
+    [% END -%]


    <div class="accordion-group">