From 3cb71e4ceb5697dfaac8ac492b37dc07b95de1bc Mon Sep 17 00:00:00 2001
From: Victor Tsvetov <vtsvetov@sipwise.com>
Date: Sat, 21 Aug 2021 12:43:49 +0300
Subject: [PATCH] TT#130456 API Customers POST: show error if system template
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Throw descriptive error for attempt to create Customer with Template
that does not belong to Contact’s Reseller. Cover the case when the
Template belongs to System Contact (with no Reseller).

Error example:
'subscriber_email_template_id' with value '1' does not belong to
Reseller '1' that is assigned to Customer's Contact '1'

Change-Id: Iffcef0339afc4490ecba81d4667cbb9225766af4
---
 lib/NGCP/Panel/Controller/API/Customers.pm | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/NGCP/Panel/Controller/API/Customers.pm b/lib/NGCP/Panel/Controller/API/Customers.pm
index 9b23a055f7..35eb899a96 100644
--- a/lib/NGCP/Panel/Controller/API/Customers.pm
+++ b/lib/NGCP/Panel/Controller/API/Customers.pm
@@ -268,13 +268,18 @@ sub POST :Allow {
             $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "The contact_id is not a valid ngcp:customercontacts item, but an ngcp:systemcontacts item");
             last;
         }
+
         #todo: strange: why do we check this after customer creation?
         my $tmplfields = $self->get_template_fields_spec();
         foreach my $field (keys %$tmplfields){
+            next unless $customer->$field();
+
             my $field_table_rel = $tmplfields->{$field}->[1];
-            if($customer->$field() &&
-               $customer->$field_table_rel()->reseller_id != $customer->contact->reseller_id) {
-                $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Invalid '$field', doesn't exist for the reseller assigned to customer contact");
+            unless($customer->$field_table_rel()->reseller_id && 
+                    $customer->$field_table_rel()->reseller_id == $customer->contact->reseller_id) {
+                $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "'$field' with value '" . $customer->$field() 
+                    . "' does not belong to Reseller '" . $customer->contact->reseller_id 
+                    . "' that is assigned to Customer's Contact '$resource->{contact_id}'");
                 return;
             }
         }