sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MT#6913 API: prevent reseller profile deletion.

Browse Source 
Reject if reseller_edit is disabled in config.
ipeshinskaya/InvoiceTemplate5
Andreas Granig 12 years ago
parent f30518384b
commit 42031a1627
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File

6
lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm
Unescape View File

@ -169,6 +169,12 @@ sub PUT :Allow {
sub DELETE :Allow { sub DELETE :Allow {
my ($self, $c, $id) = @_; my ($self, $c, $id) = @_;
if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}) {
$c->log->error("profile deletion by reseller forbidden via config");
$self->error($c, HTTP_FORBIDDEN, "Subscriber profile deletion forbidden for resellers.");
return;
}
my $guard = $c->model('DB')->txn_scope_guard; my $guard = $c->model('DB')->txn_scope_guard;
{ {
my $item = $self->item_by_id($c, $id); my $item = $self->item_by_id($c, $id);

2
ngcp_panel.conf
Unescape View File

@ -84,7 +84,7 @@ log4perl.appender.Default.layout.ConversionPattern=%d{ISO8601} [%p] [%F +%L] %m{
</security> </security>
<profile_sets> <profile_sets>
reseller_edit 0 reseller_edit 1
</profile_sets> </profile_sets>
<callflow> <callflow>

Write Preview
Loading…
Cancel
Save