From 35518554ec2ab5eca8d2261b2073a0af75836c07 Mon Sep 17 00:00:00 2001
From: Flaviu Mates <fmates@sipwise.com>
Date: Fri, 5 Jun 2020 09:06:47 +0200
Subject: [PATCH] Revert "TT#76111 - Hide LI Admins from NGCP Panel"

This reverts commit ec674132df5aff52f66d17617c0b6b203387d57d.

Reason for revert: Feature was partially backported and lawful intercept admins were deleted from databse. Feature needs redesign.

Change-Id: I500e66f3bd3b4a0c29fa05e1113568d3776eacf9
---
 lib/NGCP/Panel/Controller/Administrator.pm | 22 ++++++++++------------
 lib/NGCP/Panel/Form/Administrator/Admin.pm |  6 ++++--
 lib/NGCP/Panel/Role/API/Admins.pm          | 16 +++-------------
 3 files changed, 17 insertions(+), 27 deletions(-)

diff --git a/lib/NGCP/Panel/Controller/Administrator.pm b/lib/NGCP/Panel/Controller/Administrator.pm
index a3646af517..56d88aa10b 100644
--- a/lib/NGCP/Panel/Controller/Administrator.pm
+++ b/lib/NGCP/Panel/Controller/Administrator.pm
@@ -20,9 +20,8 @@ sub list_admin :PathPart('administrator') :Chained('/') :CaptureArgs(0) {
     my ($self, $c) = @_;
 
     my $dispatch_to = '_admin_resultset_' . $c->user->roles;
-    my $is_li_admin = $c->user->lawful_intercept;
     $c->stash(
-        admins => $self->$dispatch_to($c, $is_li_admin),
+        admins => $self->$dispatch_to($c),
         template => 'administrator/list.tt',
     );
     my $cols = [
@@ -43,23 +42,23 @@ sub list_admin :PathPart('administrator') :Chained('/') :CaptureArgs(0) {
         { name => "billing_data", title => $c->loc("Show Billing Info") },
         { name => "can_reset_password", title => $c->loc("Can Reset Password") },
     );
+    if($c->user->is_superuser) {
+        @{ $cols } =  (@{ $cols },  { name => "lawful_intercept", title => $c->loc("Lawful Intercept") });
+    }
     $c->stash->{admin_dt_columns} = NGCP::Panel::Utils::Datatables::set_columns($c, $cols);
     $c->stash->{special_admin_login} = NGCP::Panel::Utils::Auth::get_special_admin_login();
     return;
 }
 
 sub _admin_resultset_admin {
-    my ($self, $c, $is_li_admin) = @_;
-    my $condition = $is_li_admin ? {'me.id' => $c->user->id} : {lawful_intercept => 0};
-    return $c->model('DB')->resultset('admins')->search($condition);
+    my ($self, $c) = @_;
+    return $c->model('DB')->resultset('admins');
 }
 
 sub _admin_resultset_reseller {
-    my ($self, $c, $is_li_admin) = @_;
-    my $condition = $is_li_admin ? {'me.id' => $c->user->id} : {lawful_intercept => 0};
+    my ($self, $c) = @_;
     return $c->model('DB')->resultset('admins')->search({
         reseller_id => $c->user->reseller_id,
-        %$condition
     });
 }
 
@@ -149,8 +148,8 @@ sub base :Chained('list_admin') :PathPart('') :CaptureArgs(1) {
         );
         NGCP::Panel::Utils::Navigation::back_or($c, $c->uri_for('/administrator'));
     }
-    $c->stash(administrator => $c->stash->{admins}->find({id => $administrator_id}));
-    if(!$c->stash->{administrator} || ($c->stash->{administrator} && $c->stash->{administrator}->lawful_intercept && $administrator_id != $c->user->id)) {
+    $c->stash(administrator => $c->stash->{admins}->find($administrator_id));
+    unless($c->stash->{administrator}) {
         NGCP::Panel::Utils::Message::error(
             c => $c,
             desc  => $c->loc('Administrator not found'),
@@ -181,8 +180,7 @@ sub edit :Chained('base') :PathPart('edit') :Args(0) {
         posted => $posted,
         params => $c->request->params,
         item => $params,
-        inactive => $c->stash->{administrator}->id != $c->user->id ? ['password']  :
-                    $c->user->lawful_intercept ? ['login', 'is_superuser', 'is_ccare', 'is_master', 'is_active', 'read_only', 'show_passwords', 'call_data', 'billing_data', 'can_reset_password'] : [],
+        inactive => $c->stash->{administrator}->id != $c->user->id ? ['password']  : [],
     );
     NGCP::Panel::Utils::Navigation::check_form_buttons(
         c => $c,
diff --git a/lib/NGCP/Panel/Form/Administrator/Admin.pm b/lib/NGCP/Panel/Form/Administrator/Admin.pm
index 3b4c409ff7..0ba0b8a0af 100644
--- a/lib/NGCP/Panel/Form/Administrator/Admin.pm
+++ b/lib/NGCP/Panel/Form/Administrator/Admin.pm
@@ -5,7 +5,9 @@ extends 'NGCP::Panel::Form::Administrator::Reseller';
 
 use NGCP::Panel::Utils::Auth;
 
-has_field 'is_superuser' => (type => 'Boolean',);
+for (qw(is_superuser lawful_intercept)) {
+    has_field $_ => (type => 'Boolean',);
+}
 has_field 'reseller' => (
     type => '+NGCP::Panel::Field::Reseller',
     label => 'Reseller',
@@ -15,7 +17,7 @@ has_block 'fields' => (
     tag => 'div',
     class => [qw(modal-body)],
     render_list => [qw(
-        reseller login password email is_superuser is_master is_ccare is_active read_only show_passwords call_data billing_data can_reset_password
+        reseller login password email is_superuser is_master is_ccare is_active read_only show_passwords call_data billing_data lawful_intercept can_reset_password
     )],
 );
 
diff --git a/lib/NGCP/Panel/Role/API/Admins.pm b/lib/NGCP/Panel/Role/API/Admins.pm
index 7d55b4f241..2ed1d4b79b 100644
--- a/lib/NGCP/Panel/Role/API/Admins.pm
+++ b/lib/NGCP/Panel/Role/API/Admins.pm
@@ -32,22 +32,18 @@ sub _item_rs {
     my ($self, $c) = @_;
 
     my $item_rs = $c->model('DB')->resultset('admins');
-    my $condition = $c->user->lawful_intercept ? {'me.id' => $c->user->id} : {lawful_intercept => 0};
     if($c->user->roles eq "reseller") {
         $item_rs = $item_rs->search({
-            reseller_id => $c->user->reseller_id,
-            %$condition
+            reseller_id => $c->user->reseller_id
         });
     }
 
     if($c->user->is_master || $c->user->is_superuser) {
-        # return all (or all of reseller) admins except lawful intercept admin
-        $item_rs = $item_rs->search($condition);
+        # return all (or all of reseller) admins
     } else {
         # otherwise, only return the own admin if master is not set
         $item_rs = $item_rs->search({
             id => $c->user->id,
-            %$condition
         });
     }
     return $item_rs;
@@ -83,7 +79,7 @@ sub process_form_resource{
         $resource->{md5pass} = undef;
         $resource->{saltedpass} = NGCP::Panel::Utils::Auth::generate_salted_hash($pass);
     }
-    foreach my $f(qw/billing_data call_data is_active is_master is_superuser is_ccare read_only show_passwords/) {
+    foreach my $f(qw/billing_data call_data is_active is_master is_superuser is_ccare lawful_intercept read_only show_passwords/) {
         $resource->{$f} = (ref $resource->{$f} eq 'JSON::true' || ( defined $resource->{$f} && ( $resource->{$f} eq 'true' || $resource->{$f} eq '1' ) ) ) ? 1 : 0;
     }
     return $resource;
@@ -150,12 +146,6 @@ sub update_item {
         $resource = $old_resource;
         $resource->{is_active} = $active;
     }
-
-    if ($c->user->lawful_intercept) {
-        #allow LI admins to only change password and email
-        delete @$resource{qw/billing_data call_data can_reset_password is_active is_ccare is_master is_superuser login read_only show_passwords/};
-    }
-
     $item->update($resource);
 
     return $item;