MT#6195 API rwr: Give proper reseller access

see also MT#6479
11 years ago · 21a5d7ee37
parent 861e38b649
commit 21a5d7ee37
4 changed files with 32 additions and 8 deletions
--- a/lib/NGCP/Panel/Controller/API/RewriteRuleSets.pm
+++ b/lib/NGCP/Panel/Controller/API/RewriteRuleSets.pm
@ -173,11 +173,17 @@ sub POST :Allow {
        );
        last unless $resource;

-        unless(defined $resource->{reseller_id}) {
+        my $reseller_id;
+        if($c->user->roles eq "admin") {
            try {
-                $resource->{reseller_id} = $c->user->contract->contact->reseller_id;
-            }
+                $reseller_id = $resource->{reseller_id}
+                     || $c->user->contract->contact->reseller_id;
+             }
+        } elsif($c->user->roles eq "reseller") {
+            $reseller_id = $c->user->reseller_id;
        }
+        $resource->{reseller_id} = $reseller_id;
+
        my $reseller = $c->model('DB')->resultset('resellers')->find($resource->{reseller_id});
        unless($reseller) {
            $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Invalid 'reseller_id', doesn't exist.");
--- a/lib/NGCP/Panel/Controller/API/RewriteRules.pm
+++ b/lib/NGCP/Panel/Controller/API/RewriteRules.pm
@ -177,7 +177,16 @@ sub POST :Allow {
            $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Required: 'set_id'");
            last;
        }
-        my $ruleset = $schema->resultset('voip_rewrite_rule_sets')->find($set_id);
+
+        my $reseller_id;
+        if($c->user->roles eq "reseller") {
+            $reseller_id = $c->user->reseller_id;
+        }
+
+        my $ruleset = $schema->resultset('voip_rewrite_rule_sets')->find({
+                id => $set_id,
+                ($reseller_id ? (reseller_id => $reseller_id) : ()),
+            });
        unless($ruleset) {
            $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Invalid 'set_id'.");
            last;
--- a/lib/NGCP/Panel/Role/API/RewriteRuleSets.pm
+++ b/lib/NGCP/Panel/Role/API/RewriteRuleSets.pm
@ -82,8 +82,9 @@ sub item_rs {
    if($type eq "rulesets") {
        if($c->user->roles eq "admin") {
            $item_rs = $c->model('DB')->resultset('voip_rewrite_rule_sets');
-        } else {
-            return;
+        } elsif($c->user->roles eq "reseller") {
+            $item_rs = $c->model('DB')->resultset('voip_rewrite_rule_sets')
+                ->search_rs({reseller_id => $c->user->reseller_id});
        }
    } else {
        die "You should not reach this";
@ -103,6 +104,10 @@ sub update_item {

    delete $resource->{id};

+    if($c->user->roles eq "reseller") {
+        $resource->{reseller_id} = $old_resource->{reseller_id}; # prohibit change
+    }
+
    if($old_resource->{reseller_id} != $resource->{reseller_id}) {
        my $reseller = $c->model('DB')->resultset('resellers')
            ->find($resource->{reseller_id});
--- a/lib/NGCP/Panel/Role/API/RewriteRules.pm
+++ b/lib/NGCP/Panel/Role/API/RewriteRules.pm
@ -62,8 +62,12 @@ sub item_rs {
    if($type eq "rules") {
        if($c->user->roles eq "admin") {
            $item_rs = $c->model('DB')->resultset('voip_rewrite_rules');
-        } else {
-            return;
+        } elsif ($c->user->roles eq "reseller") {
+            $item_rs = $c->model('DB')->resultset('voip_rewrite_rules')->search_rs({
+                    'ruleset.reseller_id' => $c->user->reseller_id,
+                },{
+                    join => 'ruleset'
+                });
        }
    } else {
        die "You should not reach this";