From 21a5d7ee3740c4532b4026fec7df3c1544125968 Mon Sep 17 00:00:00 2001 From: Gerhard Jungwirth Date: Tue, 1 Apr 2014 13:19:17 +0200 Subject: [PATCH] MT#6195 API rwr: Give proper reseller access see also MT#6479 --- lib/NGCP/Panel/Controller/API/RewriteRuleSets.pm | 12 +++++++++--- lib/NGCP/Panel/Controller/API/RewriteRules.pm | 11 ++++++++++- lib/NGCP/Panel/Role/API/RewriteRuleSets.pm | 9 +++++++-- lib/NGCP/Panel/Role/API/RewriteRules.pm | 8 ++++++-- 4 files changed, 32 insertions(+), 8 deletions(-) diff --git a/lib/NGCP/Panel/Controller/API/RewriteRuleSets.pm b/lib/NGCP/Panel/Controller/API/RewriteRuleSets.pm index 8ae455c4a7..e4dac768c6 100644 --- a/lib/NGCP/Panel/Controller/API/RewriteRuleSets.pm +++ b/lib/NGCP/Panel/Controller/API/RewriteRuleSets.pm @@ -173,11 +173,17 @@ sub POST :Allow { ); last unless $resource; - unless(defined $resource->{reseller_id}) { + my $reseller_id; + if($c->user->roles eq "admin") { try { - $resource->{reseller_id} = $c->user->contract->contact->reseller_id; - } + $reseller_id = $resource->{reseller_id} + || $c->user->contract->contact->reseller_id; + } + } elsif($c->user->roles eq "reseller") { + $reseller_id = $c->user->reseller_id; } + $resource->{reseller_id} = $reseller_id; + my $reseller = $c->model('DB')->resultset('resellers')->find($resource->{reseller_id}); unless($reseller) { $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Invalid 'reseller_id', doesn't exist."); diff --git a/lib/NGCP/Panel/Controller/API/RewriteRules.pm b/lib/NGCP/Panel/Controller/API/RewriteRules.pm index 8697cbed53..8e7cf65847 100644 --- a/lib/NGCP/Panel/Controller/API/RewriteRules.pm +++ b/lib/NGCP/Panel/Controller/API/RewriteRules.pm @@ -177,7 +177,16 @@ sub POST :Allow { $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Required: 'set_id'"); last; } - my $ruleset = $schema->resultset('voip_rewrite_rule_sets')->find($set_id); + + my $reseller_id; + if($c->user->roles eq "reseller") { + $reseller_id = $c->user->reseller_id; + } + + my $ruleset = $schema->resultset('voip_rewrite_rule_sets')->find({ + id => $set_id, + ($reseller_id ? (reseller_id => $reseller_id) : ()), + }); unless($ruleset) { $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Invalid 'set_id'."); last; diff --git a/lib/NGCP/Panel/Role/API/RewriteRuleSets.pm b/lib/NGCP/Panel/Role/API/RewriteRuleSets.pm index 751cd186c5..d0a6efda7b 100644 --- a/lib/NGCP/Panel/Role/API/RewriteRuleSets.pm +++ b/lib/NGCP/Panel/Role/API/RewriteRuleSets.pm @@ -82,8 +82,9 @@ sub item_rs { if($type eq "rulesets") { if($c->user->roles eq "admin") { $item_rs = $c->model('DB')->resultset('voip_rewrite_rule_sets'); - } else { - return; + } elsif($c->user->roles eq "reseller") { + $item_rs = $c->model('DB')->resultset('voip_rewrite_rule_sets') + ->search_rs({reseller_id => $c->user->reseller_id}); } } else { die "You should not reach this"; @@ -103,6 +104,10 @@ sub update_item { delete $resource->{id}; + if($c->user->roles eq "reseller") { + $resource->{reseller_id} = $old_resource->{reseller_id}; # prohibit change + } + if($old_resource->{reseller_id} != $resource->{reseller_id}) { my $reseller = $c->model('DB')->resultset('resellers') ->find($resource->{reseller_id}); diff --git a/lib/NGCP/Panel/Role/API/RewriteRules.pm b/lib/NGCP/Panel/Role/API/RewriteRules.pm index ccf99b9fb1..0bcbc6e0aa 100644 --- a/lib/NGCP/Panel/Role/API/RewriteRules.pm +++ b/lib/NGCP/Panel/Role/API/RewriteRules.pm @@ -62,8 +62,12 @@ sub item_rs { if($type eq "rules") { if($c->user->roles eq "admin") { $item_rs = $c->model('DB')->resultset('voip_rewrite_rules'); - } else { - return; + } elsif ($c->user->roles eq "reseller") { + $item_rs = $c->model('DB')->resultset('voip_rewrite_rules')->search_rs({ + 'ruleset.reseller_id' => $c->user->reseller_id, + },{ + join => 'ruleset' + }); } } else { die "You should not reach this";