MT#6913 API: prevent reseller profile deletion.

Reject if reseller_edit is disabled in config.

lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm

@@ -169,6 +169,12 @@ sub PUT :Allow {
 sub DELETE :Allow {
     my ($self, $c, $id) = @_;
 
+    if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}) {
+        $c->log->error("profile deletion by reseller forbidden via config");
+        $self->error($c, HTTP_FORBIDDEN, "Subscriber profile deletion forbidden for resellers.");
+        return;
+    }
+
     my $guard = $c->model('DB')->txn_scope_guard;
     {
         my $item = $self->item_by_id($c, $id);

ngcp_panel.conf

@@ -84,7 +84,7 @@ log4perl.appender.Default.layout.ConversionPattern=%d{ISO8601} [%p] [%F +%L] %m{
 </security>
 
 <profile_sets>
-  reseller_edit	0
+  reseller_edit	1
 </profile_sets>
 
 <callflow>