From 3e95f54c09a9ecf4e15c7f5a7e66e8dd5f6a8a97 Mon Sep 17 00:00:00 2001
From: Irina Peshinskaya <ipeshinskaya@sipwise.com>
Date: Thu, 16 Aug 2018 14:43:50 +0200
Subject: [PATCH] TT#40511 Check subscriberadmin edit only own customer
 subscriber

Change-Id: Icede280da9f72172eb19e0bf8bdb2ee22befcfc4
---
 lib/NGCP/Panel/Role/API/Subscribers.pm | 18 ++++++++++++------
 lib/NGCP/Panel/Utils/Subscriber.pm     |  4 +++-
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/lib/NGCP/Panel/Role/API/Subscribers.pm b/lib/NGCP/Panel/Role/API/Subscribers.pm
index ef07736aca..68371c4634 100644
--- a/lib/NGCP/Panel/Role/API/Subscribers.pm
+++ b/lib/NGCP/Panel/Role/API/Subscribers.pm
@@ -590,7 +590,7 @@ sub prepare_resource {
 sub update_item {
     my ($self, $c, $schema, $item, $full_resource, $resource, $form) = @_;
 
-    return unless $self->check_write_access($c);
+    return unless $self->check_write_access($c, $item);
 
     my $subscriber = $item;
     my $customer = $full_resource->{customer};
@@ -644,14 +644,14 @@ sub update_item {
     };
 
     my ($profile_set, $profile);
-    if($resource->{profile_set}{id}) {
+    if ($resource->{profile_set}{id}) {
         my $profile_set_rs = $schema->resultset('voip_subscriber_profile_sets');
         if($c->user->roles eq "admin") {
         } elsif($c->user->roles eq "reseller") {
             $profile_set_rs = $profile_set_rs->search({
                 reseller_id => $c->user->reseller_id,
             });
-        }
+        }#subadmin check
 
         $profile_set = $profile_set_rs->find($resource->{profile_set}{id});
         unless($profile_set) {
@@ -808,7 +808,7 @@ sub update_item {
 }
 
 sub check_write_access {
-    my($self, $c) = @_;
+    my($self, $c, $item) = @_;
     if($c->user->roles eq "admin" || $c->user->roles eq "reseller") {
     } elsif($c->user->roles eq "subscriber"
         || (
@@ -835,8 +835,14 @@ sub check_write_access {
 sub subscriberadmin_write_access {
     my($self,$c) = @_;
     if ($c->user->roles eq "subscriberadmin"
-        && $c->config->{privileges}->{subscriberadmin}->{subscribers}
-        && $c->config->{privileges}->{subscriberadmin}->{subscribers} =~/write/ ) {
+        && (
+                ( $c->config->{privileges}->{subscriberadmin}->{subscribers}
+                    && $c->config->{privileges}->{subscriberadmin}->{subscribers} =~/write/ 
+                )
+            ||  ( $c->config->{features}->{cloudpbx} #user can disable pbx feature after some time of using it
+                    && $c->user->contract->product->class eq 'pbxaccount'
+                )
+            ) ) {
         return 1;
     }
     return 0;
diff --git a/lib/NGCP/Panel/Utils/Subscriber.pm b/lib/NGCP/Panel/Utils/Subscriber.pm
index 0b68119d2b..cad8b4ac9a 100644
--- a/lib/NGCP/Panel/Utils/Subscriber.pm
+++ b/lib/NGCP/Panel/Utils/Subscriber.pm
@@ -228,7 +228,7 @@ sub create_subscriber {
             $profile_set_rs = $profile_set_rs->search({
                 reseller_id => $c->user->reseller_id,
             });
-        }
+        }#subadmin
         $profile_set = $profile_set_rs->find($params->{profile_set}{id});
         unless($profile_set) {
             die("invalid subscriber profile set id '".$params->{profile_set}{id}."' detected");
@@ -464,6 +464,7 @@ sub create_subscriber {
         return $billing_subscriber;
     });
 }
+
 sub update_preferences {
     my (%params) = @_;
     my $c = $params{c};
@@ -718,6 +719,7 @@ sub manage_pbx_groups{
         }
    }
 }
+
 sub get_pbx_group_member_name{
     my %params = @_;
     my $c               = $params{c};