TT#103401 Allow subscriber access to /api/mailtofaxsettings/{id}

* Add subscriber roles to MailToFaxSettingsItem
	    and allow them to only access their settings
	  * Don't return the 'active' field on subsciber
	    requests; instead, return 403 if mail2fax is
	    not active

Change-Id: I773df0c21fcba29f9e7b5172160178ff99482964

lib/NGCP/Panel/Controller/API/MailToFaxSettingsItem.pm

@@ -37,8 +37,8 @@ sub journal_query_params {
 
 __PACKAGE__->set_config({
     allowed_roles => {
-        Default => [qw/admin reseller ccareadmin ccare/],
-        Journal => [qw/admin reseller ccareadmin ccare/],
+        Default => [qw/admin reseller ccareadmin ccare subscriber subscriberadmin/],
+        Journal => [qw/admin reseller ccareadmin ccare subscriber subscriberadmin/],
     }
 });
 
@@ -50,6 +50,7 @@ sub GET :Allow {
         last unless $self->resource_exists($c, mailtofaxsettings => $subs);
 
         my $hal = $self->hal_from_item($c, $subs);
+        last unless $hal;
 
         my $response = HTTP::Response->new(HTTP_OK, undef, HTTP::Headers->new(
             (map { # XXX Data::HAL must be able to generate links with multiple relations
@@ -81,7 +82,9 @@ sub PATCH :Allow {
 
         my $item = $self->item_by_id($c, $id);
         last unless $self->resource_exists($c, mailtofaxsettings => $item);
-        my $old_resource = $self->hal_from_item($c, $item)->resource;
+        my $old_hal = $self->hal_from_item($c, $item);
+        last unless $old_hal;
+        my $old_resource = $old_hal->resource;
         my $resource = $self->apply_patch($c, $old_resource, $json);
         last unless $resource;
 

lib/NGCP/Panel/Role/API/MailToFaxSettings.pm

@@ -38,6 +38,11 @@ sub hal_from_item {
         };
     }
 
+    if ($mtf_preference->active == 0 && ($c->user->roles eq 'subscriber' || $c->user->roles eq 'subscriberadmin')) {
+        $self->error($c, HTTP_FORBIDDEN, "Forbidden!");
+        return;
+    }
+
     my %resource = (
             $mtf_preference ? $mtf_preference->get_inflated_columns : (),
             subscriber_id => $item->id,
@@ -80,7 +85,7 @@ sub hal_from_item {
         resource => \%resource,
         run => 0,
     );
-
+    $self->post_process_hal_resource($c, $item, \%resource, $form);
     $hal->resource(\%resource);
     return $hal;
 }
@@ -100,6 +105,10 @@ sub _item_rs {
         }, {
             join => { 'contract' => 'contact' },
         });
+    } elsif ($c->user->roles eq 'subscriber' || $c->user->roles eq 'subscriberadmin') {
+        $item_rs = $item_rs->search({
+            'provisioning_voip_subscriber.id' => $c->user->id,
+        });
     }
 
     return $item_rs;
@@ -128,6 +137,14 @@ sub update_item {
         resource => $resource,
         run => 1,
     );
+    if ($c->user->roles eq 'subscriber' || $c->user->roles eq 'subscriberadmin') {
+        #subscriber's can't change the 'active' field
+        $resource->{active} = $prov_subs->voip_mail_to_fax_preference->active;
+        if ($prov_subs->voip_mail_to_fax_preference->active == 0) {
+            $self->error($c, HTTP_FORBIDDEN, "Forbidden!");
+            return;
+        }
+    }
 
     if (! exists $resource->{secret_renew_notify} ) {
         $resource->{secret_renew_notify} = [];
@@ -171,5 +188,11 @@ sub update_item {
     return $item;
 }
 
+sub post_process_hal_resource {
+    my ($self, $c, $item, $resource, $form) = @_;
+    delete $resource->{active} if ($c->user->roles eq 'subscriber' || $c->user->roles eq 'subscriberadmin');
+    return $resource;
+}
+
 1;
 # vim: set tabstop=4 expandtab: