From 2ef9dc16b5285076e75058e3be86c8207d9541c5 Mon Sep 17 00:00:00 2001 From: Andreas Granig Date: Tue, 26 Nov 2013 16:09:11 +0100 Subject: [PATCH] MT#4565 Fix read-only permissions. Properly deny write ops for read-only admins and resellers. --- lib/NGCP/Panel/Controller/Subscriber.pm | 68 +++++++++++++++++++++++ share/templates/helpers/pref_table.tt | 2 + share/templates/subscriber/master.tt | 15 ++++- share/templates/subscriber/preferences.tt | 32 +++++++++++ 4 files changed, 116 insertions(+), 1 deletion(-) diff --git a/lib/NGCP/Panel/Controller/Subscriber.pm b/lib/NGCP/Panel/Controller/Subscriber.pm index c841e6bad5..a0329b6453 100644 --- a/lib/NGCP/Panel/Controller/Subscriber.pm +++ b/lib/NGCP/Panel/Controller/Subscriber.pm @@ -409,6 +409,9 @@ sub preferences_base :Chained('base') :PathPart('preferences') :CaptureArgs(1) { sub preferences_edit :Chained('preferences_base') :PathPart('edit') :Args(0) { my ($self, $c) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + $c->stash(edit_preference => 1); my @enums = $c->stash->{preference_meta} @@ -433,6 +436,9 @@ sub preferences_edit :Chained('preferences_base') :PathPart('edit') :Args(0) { sub preferences_callforward :Chained('base') :PathPart('preferences/callforward') :Args(1) { my ($self, $c, $cf_type) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $cf_desc; given($cf_type) { when("cfu") { $cf_desc = "Call Forward Unconditional" } @@ -694,6 +700,9 @@ sub preferences_callforward :Chained('base') :PathPart('preferences/callforward' sub preferences_callforward_advanced :Chained('base') :PathPart('preferences/callforward') :Args(2) { my ($self, $c, $cf_type, $advanced) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + # TODO bail out of $advanced ne "advanced" if(defined $advanced && $advanced eq 'advanced') { $advanced = 1; @@ -847,6 +856,9 @@ sub preferences_callforward_advanced :Chained('base') :PathPart('preferences/cal sub preferences_callforward_destinationset :Chained('base') :PathPart('preferences/destinationset') :Args(1) { my ($self, $c, $cf_type) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber; my @sets; @@ -879,6 +891,9 @@ sub preferences_callforward_destinationset :Chained('base') :PathPart('preferenc sub preferences_callforward_destinationset_create :Chained('base') :PathPart('preferences/destinationset/create') :Args(1) { my ($self, $c, $cf_type) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber; if($c->config->{features}->{cloudpbx}) { @@ -987,6 +1002,9 @@ sub preferences_callforward_destinationset_create :Chained('base') :PathPart('pr sub preferences_callforward_destinationset_base :Chained('base') :PathPart('preferences/destinationset') :CaptureArgs(1) { my ($self, $c, $set_id) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + $c->stash(destination_set => $c->stash->{subscriber} ->provisioning_voip_subscriber ->voip_cf_destination_sets @@ -1203,6 +1221,9 @@ sub preferences_callforward_destinationset_delete :Chained('preferences_callforw sub preferences_callforward_timeset :Chained('base') :PathPart('preferences/timeset') :Args(1) { my ($self, $c, $cf_type) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber; my @sets; @@ -1234,6 +1255,9 @@ sub preferences_callforward_timeset :Chained('base') :PathPart('preferences/time sub preferences_callforward_timeset_create :Chained('base') :PathPart('preferences/timeset/create') :Args(1) { my ($self, $c, $cf_type) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber; my $form = NGCP::Panel::Form::TimeSet->new; @@ -1303,6 +1327,9 @@ sub preferences_callforward_timeset_create :Chained('base') :PathPart('preferenc sub preferences_callforward_timeset_base :Chained('base') :PathPart('preferences/timeset') :CaptureArgs(1) { my ($self, $c, $set_id) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + $c->stash(time_set => $c->stash->{subscriber} ->provisioning_voip_subscriber ->voip_cf_time_sets @@ -1438,6 +1465,9 @@ sub preferences_callforward_timeset_delete :Chained('preferences_callforward_tim sub preferences_callforward_delete :Chained('base') :PathPart('preferences/callforward/delete') :Args(1) { my ($self, $c, $cf_type) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + try { my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber; $prov_subscriber->voip_cf_mappings->search({ type => $cf_type }) @@ -1592,6 +1622,10 @@ sub reglist :Chained('master') :PathPart('regdevices') :Args(0) { sub edit_master :Chained('master') :PathPart('edit') :Args(0) { my ($self, $c) = @_; + + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $subscriber = $c->stash->{subscriber}; my $prov_subscriber = $subscriber->provisioning_voip_subscriber; @@ -1796,6 +1830,9 @@ sub edit_master :Chained('master') :PathPart('edit') :Args(0) { sub edit_voicebox :Chained('base') :PathPart('preferences/voicebox/edit') :Args(1) { my ($self, $c, $attribute) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $form; my $posted = ($c->request->method eq 'POST'); my $vm_user = $c->stash->{subscriber}->provisioning_voip_subscriber->voicemail_user; @@ -1898,6 +1935,9 @@ sub edit_voicebox :Chained('base') :PathPart('preferences/voicebox/edit') :Args( sub edit_fax :Chained('base') :PathPart('preferences/fax/edit') :Args(1) { my ($self, $c, $attribute) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $form; my $posted = ($c->request->method eq 'POST'); my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber; @@ -2041,6 +2081,9 @@ sub edit_fax :Chained('base') :PathPart('preferences/fax/edit') :Args(1) { sub edit_reminder :Chained('base') :PathPart('preferences/reminder/edit') { my ($self, $c, $attribute) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $posted = ($c->request->method eq 'POST'); my $reminder = $c->stash->{subscriber}->provisioning_voip_subscriber->voip_reminder; my $params = {}; @@ -2218,6 +2261,9 @@ sub play_voicemail :Chained('voicemail') :PathPart('play') :Args(0) { sub delete_voicemail :Chained('voicemail') :PathPart('delete') :Args(0) { my ($self, $c) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + try { $c->stash->{voicemail}->delete; $c->flash(messages => [{type => 'success', text => 'Successfully deleted voicemail'}]); @@ -2259,6 +2305,10 @@ sub registered :Chained('master') :PathPart('registered') :CaptureArgs(1) { sub delete_registered :Chained('registered') :PathPart('delete') :Args(0) { my ($self, $c) = @_; + + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $ret; try { @@ -2425,6 +2475,9 @@ sub trusted_base :Chained('base') :PathPart('preferences/trusted') :CaptureArgs( sub edit_trusted :Chained('trusted_base') :PathPart('edit') { my ($self, $c) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $posted = ($c->request->method eq 'POST'); my $trusted = $c->stash->{trusted}; my $params = {}; @@ -2479,6 +2532,9 @@ sub edit_trusted :Chained('trusted_base') :PathPart('edit') { sub delete_trusted :Chained('trusted_base') :PathPart('delete') :Args(0) { my ($self, $c) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + try { $c->stash->{trusted}->delete; $c->flash(messages => [{type => 'success', text => 'Successfully deleted trusted source'}]); @@ -2580,6 +2636,9 @@ sub speeddial :Chained('base') :PathPart('preferences/speeddial') :CaptureArgs(1 sub delete_speeddial :Chained('speeddial') :PathPart('delete') :Args(0) { my ($self, $c) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + try { $c->stash->{speeddial}->delete; $c->flash(messages => [{type => 'success', text => 'Successfully deleted speed dial slot'}]); @@ -2597,6 +2656,9 @@ sub delete_speeddial :Chained('speeddial') :PathPart('delete') :Args(0) { sub edit_speeddial :Chained('speeddial') :PathPart('edit') :Args(0) { my ($self, $c) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $posted = ($c->request->method eq 'POST'); my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber; my $slots = $prov_subscriber->voip_speed_dials; @@ -2680,6 +2742,9 @@ sub autoattendant :Chained('base') :PathPart('preferences/autoattendant') :Captu sub delete_autoattendant :Chained('autoattendant') :PathPart('delete') :Args(0) { my ($self, $c) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + try { $c->stash->{autoattendant}->delete; $c->flash(messages => [{type => 'success', text => 'Successfully deleted auto attendant slot'}]); @@ -2697,6 +2762,9 @@ sub delete_autoattendant :Chained('autoattendant') :PathPart('delete') :Args(0) sub edit_autoattendant :Chained('base') :PathPart('preferences/speeddial/edit') :Args(0) { my ($self, $c) = @_; + $c->detach('/denied_page') + if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only); + my $posted = ($c->request->method eq 'POST'); my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber; my $slots = $prov_subscriber->voip_pbx_autoattendants; diff --git a/share/templates/helpers/pref_table.tt b/share/templates/helpers/pref_table.tt index 7ca5f2b2eb..c0f487362b 100644 --- a/share/templates/helpers/pref_table.tt +++ b/share/templates/helpers/pref_table.tt @@ -133,7 +133,9 @@
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
diff --git a/share/templates/subscriber/master.tt b/share/templates/subscriber/master.tt index 843930f185..b48ec8677f 100644 --- a/share/templates/subscriber/master.tt +++ b/share/templates/subscriber/master.tt @@ -33,7 +33,9 @@
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
@@ -135,10 +137,17 @@ helper.form_object = form; helper.ajax_uri = c.uri_for_action('/subscriber/ajax_voicemails', [c.req.captures.0]); + + IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1; + helper.dt_buttons = [ + { name = 'Play', uri = "details/voicemail/'+full.id+'/play", class = 'btn-small btn-tertiary', icon = 'icon-play' }, + ]; + ELSE; helper.dt_buttons = [ { name = 'Play', uri = "details/voicemail/'+full.id+'/play", class = 'btn-small btn-tertiary', icon = 'icon-play' }, { name = 'Delete', uri = "details/voicemail/'+full.id+'/delete", class = 'btn-small btn-secondary', icon = 'icon-trash' }, ]; + END; PROCESS 'helpers/datatables.tt'; @@ -155,7 +164,9 @@
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Create Permanent Registration + [% END -%] [% helper.name = 'Registered Devices'; #helper.column_sort = 'origtime'; @@ -167,9 +178,11 @@ helper.form_object = form; helper.ajax_uri = c.uri_for_action('/subscriber/ajax_registered', [c.req.captures.0]); + IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1; helper.dt_buttons = [ { name = 'Delete', uri = "details/registered/'+full.id+'/delete", class = 'btn-small btn-secondary', icon = 'icon-trash' }, ]; + END; PROCESS 'helpers/datatables.tt'; @@ -178,7 +191,7 @@
-[% IF c.config.features.callflow -%] +[% IF c.config.features.callflow && c.user.call_data -%]
Captured Dialogs diff --git a/share/templates/subscriber/preferences.tt b/share/templates/subscriber/preferences.tt index 2297d879c1..8763d69c9e 100644 --- a/share/templates/subscriber/preferences.tt +++ b/share/templates/subscriber/preferences.tt @@ -118,10 +118,12 @@
@@ -158,7 +160,9 @@ @@ -170,7 +174,9 @@ @@ -182,7 +188,9 @@ @@ -194,7 +202,9 @@ @@ -235,7 +245,9 @@ @@ -247,7 +259,9 @@ @@ -259,7 +273,9 @@ @@ -271,7 +287,9 @@ @@ -283,7 +301,9 @@ @@ -297,7 +317,9 @@ @@ -318,7 +340,9 @@
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit Slots + [% END -%] [% helper.messages = ''; helper.name = 'Autoattendant'; @@ -345,7 +369,9 @@
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Create Slot + [% END -%] [% helper.messages = ''; helper.name = 'Speeddial'; @@ -390,7 +416,9 @@
@@ -410,7 +438,9 @@
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Create + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit [% IF cf_destinations.${cf.type}.size -%] Delete [% END -%] + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit + [% END -%]
@@ -437,8 +467,10 @@
+ [% IF (c.user.roles == "admin" || c.user.roles == "reseller") && c.user.read_only != 1 -%] Edit Delete + [% END -%]