admin, reseller ACL roles for domains

12 years ago · 605eb563ad
parent 817f62d586
commit 605eb563ad
3 changed files with 32 additions and 11 deletions
--- a/lib/NGCP/Panel.pm
+++ b/lib/NGCP/Panel.pm
@ -117,6 +117,7 @@ __PACKAGE__->config(
                class => 'DBIx::Class',
                user_model => 'billing::admins',
                id_field => 'id',
+                store_user_class => 'NGCP::Panel::AuthenticationStore::RoleFromRealm',
            }
        },
        admin => {
@ -130,6 +131,7 @@ __PACKAGE__->config(
                class => 'DBIx::Class',
                user_model => 'billing::admins',
                id_field => 'id',
+                store_user_class => 'NGCP::Panel::AuthenticationStore::RoleFromRealm',
            }
        }
    }
--- a/lib/NGCP/Panel/AuthenticationStore/RoleFromRealm.pm
+++ b/lib/NGCP/Panel/AuthenticationStore/RoleFromRealm.pm
@ -0,0 +1,8 @@
+package NGCP::Panel::AuthenticationStore::RoleFromRealm;
+use Sipwise::Base;
+extends 'Catalyst::Authentication::Store::DBIx::Class::User';
+
+sub roles {
+    my ($self) = @_;
+    return $self->auth_realm;
+}
--- a/lib/NGCP/Panel/Controller/Domain.pm
+++ b/lib/NGCP/Panel/Controller/Domain.pm
@ -6,18 +6,21 @@ BEGIN { extends 'Catalyst::Controller'; }

 use NGCP::Panel::Form::Domain;

-sub dom_list :Chained('/') :PathPart('domain') :CaptureArgs(0) :Args(0) {
+sub dom_list :Chained('/') :PathPart('domain') :CaptureArgs(0) :Args(0)
+  :Does(ACL) :ACLDetachTo(/denied_page) :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;

    $c->stash(has_edit => 0);
    $c->stash(template => 'domain/list.tt');
 }

-sub root :Chained('dom_list') :PathPart('') :Args(0) {
+sub root :Chained('dom_list') :PathPart('') :Args(0)
+  :Does(ACL) :ACLDetachTo(/denied_page) :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;
 }

-sub create :Chained('dom_list') :PathPart('create') :Args(0) {
+sub create :Chained('dom_list') :PathPart('create') :Args(0)
+  :Does(ACL) :ACLDetachTo(/denied_page) :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;

    my $form = NGCP::Panel::Form::Domain->new;
@ -45,7 +48,8 @@ sub create :Chained('dom_list') :PathPart('create') :Args(0) {
    $c->stash(form => $form);
 }

-sub base :Chained('/domain/dom_list') :PathPart('') :CaptureArgs(1) :Args(0) {
+sub base :Chained('/domain/dom_list') :PathPart('') :CaptureArgs(1) :Args(0)
+  :Does(ACL) :ACLDetachTo(/denied_page) :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c, $domain_id) = @_;

    unless($domain_id && $domain_id->is_integer) {
@ -64,7 +68,8 @@ sub base :Chained('/domain/dom_list') :PathPart('') :CaptureArgs(1) :Args(0) {
    $c->stash(domain_result => $res);
 }

-sub edit :Chained('base') :PathPart('edit') :Args(0) {
+sub edit :Chained('base') :PathPart('edit') :Args(0)
+  :Does(ACL) :ACLDetachTo(/denied_page) :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;

    my $posted = ($c->request->method eq 'POST');
@ -90,7 +95,8 @@ sub edit :Chained('base') :PathPart('edit') :Args(0) {
    $c->stash(edit_flag => 1);
 }

-sub delete :Chained('base') :PathPart('delete') :Args(0) {
+sub delete :Chained('base') :PathPart('delete') :Args(0)
+  :Does(ACL) :ACLDetachTo(/denied_page) :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;
    
    unless ( defined($c->stash->{'domain_result'}) ) {
@ -112,7 +118,8 @@ sub delete :Chained('base') :PathPart('delete') :Args(0) {
    $c->response->redirect($c->uri_for());
 }

-sub ajax :Chained('dom_list') :PathPart('ajax') :Args(0) {
+sub ajax :Chained('dom_list') :PathPart('ajax') :Args(0)
+  :Does(ACL) :ACLDetachTo(/denied_page) :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;
    
    my $resultset = $c->model('billing')->resultset('domains');
@ -124,7 +131,8 @@ sub ajax :Chained('dom_list') :PathPart('ajax') :Args(0) {
    $c->detach( $c->view("JSON") );
 }

-sub preferences :Chained('base') :PathPart('preferences') :Args(0) {
+sub preferences :Chained('base') :PathPart('preferences') :Args(0)
+  :Does(ACL) :ACLDetachTo(/denied_page) :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;
    
    my $domain_name = $c->stash->{domain}->{domain};
@ -137,7 +145,8 @@ sub preferences :Chained('base') :PathPart('preferences') :Args(0) {
    $c->stash(template => 'domain/preferences.tt');
 }

-sub preferences_base :Chained('base') :PathPart('preferences') :CaptureArgs(1) :Args(0) {
+sub preferences_base :Chained('base') :PathPart('preferences') :CaptureArgs(1) :Args(0)
+  :Does(ACL) :ACLDetachTo(/denied_page) :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c, $pref_id) = @_;

    $self->load_preference_list($c);
@ -161,7 +170,8 @@ sub preferences_base :Chained('base') :PathPart('preferences') :CaptureArgs(1) :
    $c->stash(template => 'domain/preferences.tt');
 }

-sub preferences_edit :Chained('preferences_base') :PathPart('edit') :Args(0) {
+sub preferences_edit :Chained('preferences_base') :PathPart('edit') :Args(0)
+  :Does(ACL) :ACLDetachTo(/denied_page) :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;
   
    $c->stash(edit_preference => 1);
@ -175,7 +185,8 @@ sub preferences_edit :Chained('preferences_base') :PathPart('edit') :Args(0) {
    );
 }

-sub load_preference_list : Private {
+sub load_preference_list : Private
+  :Does(ACL) :ACLDetachTo(/denied_page) :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;
    
    my $dom_pref_values = $c->model('provisioning')