From 42031a1627c6766ef2fcb76c4b2db82144da369d Mon Sep 17 00:00:00 2001
From: Andreas Granig <agranig@sipwise.com>
Date: Mon, 5 May 2014 14:51:46 +0200
Subject: [PATCH] MT#6913 API: prevent reseller profile deletion.

Reject if reseller_edit is disabled in config.
---
 lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm | 6 ++++++
 ngcp_panel.conf                                         | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm b/lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm
index 963b07209b..9368d189f1 100644
--- a/lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm
@@ -169,6 +169,12 @@ sub PUT :Allow {
 sub DELETE :Allow {
     my ($self, $c, $id) = @_;
 
+    if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}) {
+        $c->log->error("profile deletion by reseller forbidden via config");
+        $self->error($c, HTTP_FORBIDDEN, "Subscriber profile deletion forbidden for resellers.");
+        return;
+    }
+
     my $guard = $c->model('DB')->txn_scope_guard;
     {
         my $item = $self->item_by_id($c, $id);
diff --git a/ngcp_panel.conf b/ngcp_panel.conf
index 71809ff623..2f41db58b9 100644
--- a/ngcp_panel.conf
+++ b/ngcp_panel.conf
@@ -84,7 +84,7 @@ log4perl.appender.Default.layout.ConversionPattern=%d{ISO8601} [%p] [%F +%L] %m{
 </security>
 
 <profile_sets>
-  reseller_edit	0
+  reseller_edit	1
 </profile_sets>
 
 <callflow>