From 603351c2d5364f5a95010ca237d806c6f6caed22 Mon Sep 17 00:00:00 2001
From: Flaviu Mates <fmates@sipwise.com>
Date: Mon, 8 Jul 2019 12:21:39 +0300
Subject: [PATCH] TT#59024 - Disable web_password and sip password fields 
    for administrators with disabled 'show_passwords'

	 * Add check in master data edit form to disable
	   web_password and sip password fields.
	 * Add check for api GET to not show passwords

Change-Id: Icf95cddc07982a698c893661b529e7542002ec60
---
 lib/NGCP/Panel/Form/Customer/PbxSubscriber.pm | 4 ++--
 lib/NGCP/Panel/Form/SubscriberEdit.pm         | 7 +++++++
 lib/NGCP/Panel/Role/API/Subscribers.pm        | 5 +++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/lib/NGCP/Panel/Form/Customer/PbxSubscriber.pm b/lib/NGCP/Panel/Form/Customer/PbxSubscriber.pm
index e16bd04437..1cf103116f 100644
--- a/lib/NGCP/Panel/Form/Customer/PbxSubscriber.pm
+++ b/lib/NGCP/Panel/Form/Customer/PbxSubscriber.pm
@@ -242,11 +242,11 @@ sub update_fields {
         );
     }
 
-    if($c->config->{security}->{password_sip_autogenerate}) {
+    if($c->config->{security}->{password_sip_autogenerate} || !$c->user->show_passwords) {
         $self->field('password')->inactive(1);
         $self->field('password')->required(0);
     }
-    if($c->config->{security}->{password_web_autogenerate}) {
+    if($c->config->{security}->{password_web_autogenerate} || !$c->user->show_passwords) {
         $self->field('webpassword')->inactive(1);
         $self->field('webpassword')->required(0);
     }
diff --git a/lib/NGCP/Panel/Form/SubscriberEdit.pm b/lib/NGCP/Panel/Form/SubscriberEdit.pm
index 87a5f7167e..040b8acb5c 100644
--- a/lib/NGCP/Panel/Form/SubscriberEdit.pm
+++ b/lib/NGCP/Panel/Form/SubscriberEdit.pm
@@ -188,6 +188,13 @@ sub update_fields {
             $c->uri_for_action('/subscriberprofile/profile_ajax', [$set_id])->as_string
         );
     }
+
+    if(!$c->user->show_passwords) {
+        $self->field('webpassword')->inactive(1);
+        $self->field('webpassword')->required(0);
+        $self->field('password')->inactive(1);
+        $self->field('password')->required(0);
+    }
 }
 
 sub validate_password {
diff --git a/lib/NGCP/Panel/Role/API/Subscribers.pm b/lib/NGCP/Panel/Role/API/Subscribers.pm
index cebe7a5433..5f676e59ab 100644
--- a/lib/NGCP/Panel/Role/API/Subscribers.pm
+++ b/lib/NGCP/Panel/Role/API/Subscribers.pm
@@ -148,6 +148,11 @@ sub resource_from_item {
         }else{
             $resource{lock} = undef;
         }
+        unless ($c->user->show_passwords) {
+            foreach my $k(qw/password webpassword/) {
+                delete $resource{$k};
+            }
+        }
     } else {
         if (!$self->subscriberadmin_write_access($c)) {
             # fields we never want to see