diff --git a/lib/NGCP/Panel/Controller/API/ProfilePackages.pm b/lib/NGCP/Panel/Controller/API/ProfilePackages.pm index 1224dbb30d..115488303c 100644 --- a/lib/NGCP/Panel/Controller/API/ProfilePackages.pm +++ b/lib/NGCP/Panel/Controller/API/ProfilePackages.pm @@ -89,7 +89,7 @@ sub relation{ } __PACKAGE__->set_config({ - allowed_roles => [qw/admin reseller/], + allowed_roles => [qw/admin reseller ccareadmin ccare/], }); sub GET :Allow { @@ -139,6 +139,11 @@ sub POST :Allow { my $guard = $c->model('DB')->txn_scope_guard; { + if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") { + $self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role"); + last; + } + my $schema = $c->model('DB'); my $resource = $self->get_valid_post_data( c => $c, diff --git a/lib/NGCP/Panel/Controller/API/ProfilePackagesItem.pm b/lib/NGCP/Panel/Controller/API/ProfilePackagesItem.pm index 4e7dec4752..cc60e31c79 100644 --- a/lib/NGCP/Panel/Controller/API/ProfilePackagesItem.pm +++ b/lib/NGCP/Panel/Controller/API/ProfilePackagesItem.pm @@ -36,8 +36,8 @@ sub journal_query_params { __PACKAGE__->set_config({ allowed_roles => { - Default => [qw/admin reseller/], - Journal => [qw/admin reseller/], + Default => [qw/admin reseller ccareadmin ccare/], + Journal => [qw/admin reseller ccareadmin ccare/], } }); @@ -68,6 +68,11 @@ sub PATCH :Allow { my ($self, $c, $id) = @_; my $guard = $c->model('DB')->txn_scope_guard; { + if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") { + $self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role"); + last; + } + my $preference = $self->require_preference($c); last unless $preference; @@ -114,6 +119,11 @@ sub PUT :Allow { my ($self, $c, $id) = @_; my $guard = $c->model('DB')->txn_scope_guard; { + if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") { + $self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role"); + last; + } + my $preference = $self->require_preference($c); last unless $preference; @@ -157,6 +167,11 @@ sub DELETE :Allow { my ($self, $c, $id) = @_; my $guard = $c->model('DB')->txn_scope_guard; { + if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") { + $self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role"); + last; + } + last unless $self->valid_id($c, $id); my $package = $self->item_by_id($c, $id); last unless $self->resource_exists($c, profilepackage => $package); diff --git a/lib/NGCP/Panel/Form/Expand.pm b/lib/NGCP/Panel/Form/Expand.pm index 324cbad88f..cd3baec9f6 100644 --- a/lib/NGCP/Panel/Form/Expand.pm +++ b/lib/NGCP/Panel/Form/Expand.pm @@ -22,7 +22,7 @@ has_field 'contact_id' => ( element_attr => { expand => { class => 'NGCP::Panel::Role::API::CustomerContacts', - allowed_roles => [qw(admin reseller)], + allowed_roles => [qw(admin reseller ccareadmin ccare)], }, }, ); @@ -62,7 +62,7 @@ has_field 'profile_id' => ( element_attr => { expand => { class => 'NGCP::Panel::Role::API::SubscriberProfiles', - allowed_roles => [qw(admin reseller)], + allowed_roles => [qw(admin reseller ccareadmin ccare)], }, }, ); @@ -72,7 +72,7 @@ has_field 'profile_set_id' => ( element_attr => { expand => { class => 'NGCP::Panel::Role::API::SubscriberProfileSets', - allowed_roles => [qw(admin reseller)], + allowed_roles => [qw(admin reseller ccareadmin ccare)], }, }, ); @@ -103,7 +103,17 @@ has_field 'package_after_id' => ( element_attr => { expand => { class => 'NGCP::Panel::Role::API::ProfilePackages', - allowed_roles => [qw(admin reseller)], + allowed_roles => [qw(admin reseller ccareadmin ccare)], + }, + }, +); + +has_field 'profile_package_id' => ( + type => 'PosInteger', + element_attr => { + expand => { + class => 'NGCP::Panel::Role::API::ProfilePackages', + allowed_roles => [qw(admin reseller ccareadmin ccare)], }, }, ); @@ -113,7 +123,7 @@ has_field 'package_before_id' => ( element_attr => { expand => { class => 'NGCP::Panel::Role::API::ProfilePackages', - allowed_roles => [qw(admin reseller)], + allowed_roles => [qw(admin reseller ccareadmin ccare)], }, }, ); @@ -168,4 +178,56 @@ has_field 'voucher_id' => ( }, ); +has_field 'pbx_group_ids' => ( + type => 'PosInteger', + element_attr => { + expand => { + class => 'NGCP::Panel::Role::API::Subscribers', + remove_fields => [qw(password webpassword _password _webpassword)], + allowed_roles => [qw(admin reseller ccareadmin ccare subscriberadmin subscriber)], + }, + }, +); + +has_field 'pbx_groupmember_ids' => ( + type => 'PosInteger', + element_attr => { + expand => { + class => 'NGCP::Panel::Role::API::Subscribers', + remove_fields => [qw(password webpassword _password _webpassword)], + allowed_roles => [qw(admin reseller ccareadmin ccare subscriberadmin subscriber)], + }, + }, +); + +has_field 'invoice_email_template_id' => ( + type => 'PosInteger', + element_attr => { + expand => { + class => 'NGCP::Panel::Role::API::EmailTemplates', + allowed_roles => [qw(admin reseller ccareadmin ccare)], + }, + }, +); + +has_field 'passreset_email_template_id' => ( + type => 'PosInteger', + element_attr => { + expand => { + class => 'NGCP::Panel::Role::API::EmailTemplates', + allowed_roles => [qw(admin reseller ccareadmin ccare)], + }, + }, +); + +has_field 'invoice_template_id' => ( + type => 'PosInteger', + element_attr => { + expand => { + class => 'NGCP::Panel::Role::API::InvoiceTemplates', + allowed_roles => [qw(admin reseller ccareadmin ccare)], + }, + }, +); + 1;