sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#65101 enhance ccare roles support

Browse Source 
* ccare roles now have read-only access to profile packages, this
  is needed for working with a customer
* enable expand for ccareadmin and ccare roles for the following:
  - contact_id
  - profile_id
  - profile_set_id
  - package_before_id
  - package_after_id
* add expand support for admin,reseller,ccareadmin,ccare roles
  - profile_package_id
  - invoice_email_template_id
  - passreset_email_template_id
  - invoice_template_id

Change-Id: I926304363048e659af67d596dce93be29b3e67af
(cherry picked from commit 57a8cefd2c)
mr10.5.4
Kirill Solomko 3 years ago
parent f71ac0b690
commit 334a881245
3 changed files with 90 additions and 8 deletions
Show Stats Download Patch File Download Diff File

7
lib/NGCP/Panel/Controller/API/ProfilePackages.pm
Unescape View File

@ -89,7 +89,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {
@ -139,6 +139,11 @@ sub POST :Allow {
my $guard = $c->model('DB')->txn_scope_guard;
{
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
last;
}
my $schema = $c->model('DB');
my $resource = $self->get_valid_post_data(
c => $c,

19
lib/NGCP/Panel/Controller/API/ProfilePackagesItem.pm
Unescape View File

@ -36,8 +36,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});
@ -68,6 +68,11 @@ sub PATCH :Allow {
my ($self, $c, $id) = @_;
my $guard = $c->model('DB')->txn_scope_guard;
{
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
last;
}
my $preference = $self->require_preference($c);
last unless $preference;
@ -114,6 +119,11 @@ sub PUT :Allow {
my ($self, $c, $id) = @_;
my $guard = $c->model('DB')->txn_scope_guard;
{
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
last;
}
my $preference = $self->require_preference($c);
last unless $preference;
@ -157,6 +167,11 @@ sub DELETE :Allow {
my ($self, $c, $id) = @_;
my $guard = $c->model('DB')->txn_scope_guard;
{
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
last;
}
last unless $self->valid_id($c, $id);
my $package = $self->item_by_id($c, $id);
last unless $self->resource_exists($c, profilepackage => $package);

72
lib/NGCP/Panel/Form/Expand.pm
Unescape View File

@ -22,7 +22,7 @@ has_field 'contact_id' => (
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::CustomerContacts',
allowed_roles => [qw(admin reseller)],
allowed_roles => [qw(admin reseller ccareadmin ccare)],
},
},
);
@ -62,7 +62,7 @@ has_field 'profile_id' => (
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::SubscriberProfiles',
allowed_roles => [qw(admin reseller)],
allowed_roles => [qw(admin reseller ccareadmin ccare)],
},
},
);
@ -72,7 +72,7 @@ has_field 'profile_set_id' => (
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::SubscriberProfileSets',
allowed_roles => [qw(admin reseller)],
allowed_roles => [qw(admin reseller ccareadmin ccare)],
},
},
);
@ -103,7 +103,17 @@ has_field 'package_after_id' => (
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::ProfilePackages',
allowed_roles => [qw(admin reseller)],
allowed_roles => [qw(admin reseller ccareadmin ccare)],
},
},
);
has_field 'profile_package_id' => (
type => 'PosInteger',
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::ProfilePackages',
allowed_roles => [qw(admin reseller ccareadmin ccare)],
},
},
);
@ -113,7 +123,7 @@ has_field 'package_before_id' => (
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::ProfilePackages',
allowed_roles => [qw(admin reseller)],
allowed_roles => [qw(admin reseller ccareadmin ccare)],
},
},
);
@ -168,4 +178,56 @@ has_field 'voucher_id' => (
},
);
has_field 'pbx_group_ids' => (
type => 'PosInteger',
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::Subscribers',
remove_fields => [qw(password webpassword _password _webpassword)],
allowed_roles => [qw(admin reseller ccareadmin ccare subscriberadmin subscriber)],
},
},
);
has_field 'pbx_groupmember_ids' => (
type => 'PosInteger',
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::Subscribers',
remove_fields => [qw(password webpassword _password _webpassword)],
allowed_roles => [qw(admin reseller ccareadmin ccare subscriberadmin subscriber)],
},
},
);
has_field 'invoice_email_template_id' => (
type => 'PosInteger',
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::EmailTemplates',
allowed_roles => [qw(admin reseller ccareadmin ccare)],
},
},
);
has_field 'passreset_email_template_id' => (
type => 'PosInteger',
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::EmailTemplates',
allowed_roles => [qw(admin reseller ccareadmin ccare)],
},
},
);
has_field 'invoice_template_id' => (
type => 'PosInteger',
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::InvoiceTemplates',
allowed_roles => [qw(admin reseller ccareadmin ccare)],
},
},
);
1;

Write Preview
Loading…
Cancel
Save