From 7b9eac27706b173183d286ac473c82e645fe5468 Mon Sep 17 00:00:00 2001
From: Kirill Solomko <ksolomko@sipwise.com>
Date: Wed, 2 Oct 2019 15:37:19 +0200
Subject: [PATCH] TT#67120 fix domains access for ccareadmin/ccare roles

    * Controller/Domain missed privileges for
      ccareadmin/ccare roles
    * Fix ccareadmin role typo in customer templates
      preventing "Create Susbcriber" button to show up for the role

Change-Id: I05bb520912ad0f1f49a0097d7443081d40aa7426
---
 lib/NGCP/Panel/Controller/Domain.pm | 19 +++++++++++++++----
 share/templates/customer/details.tt |  8 ++++----
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/lib/NGCP/Panel/Controller/Domain.pm b/lib/NGCP/Panel/Controller/Domain.pm
index 776f41aa2b..bedaf94321 100644
--- a/lib/NGCP/Panel/Controller/Domain.pm
+++ b/lib/NGCP/Panel/Controller/Domain.pm
@@ -13,7 +13,7 @@ use NGCP::Panel::Utils::Prosody;
 use NGCP::Panel::Utils::Preferences;
 use NGCP::Panel::Utils::XMLDispatcher;
 
-sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
+sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare)  {
     my ($self, $c) = @_;
     $c->log->debug(__PACKAGE__ . '::auto');
     NGCP::Panel::Utils::Navigation::check_redirect_chain(c => $c);
@@ -23,7 +23,14 @@ sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRol
 sub dom_list :Chained('/') :PathPart('domain') :CaptureArgs(0) {
     my ($self, $c) = @_;
 
-    my $dispatch_to = '_dom_resultset_' . $c->user->roles;
+    my $resultset_role = $c->user->roles;
+    if ($resultset_role eq 'ccareadmin') {
+        $resultset_role = 'admin';
+    } elsif ($resultset_role eq 'ccare') {
+        $resultset_role = 'reseller';
+    }
+
+    my $dispatch_to = '_dom_resultset_' . $resultset_role;
     my $dom_rs = $self->$dispatch_to($c);
 
     $c->stash->{domain_dt_columns} = NGCP::Panel::Utils::Datatables::set_columns($c, [
@@ -36,6 +43,10 @@ sub dom_list :Chained('/') :PathPart('domain') :CaptureArgs(0) {
               template => 'domain/list.tt');
 }
 
+sub dom_list_restricted :Chained('dom_list') :PathPart('') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
+    my ($self, $c) = @_;
+}
+
 sub _dom_resultset_admin {
     my ($self, $c) = @_;
     return $c->model('DB')->resultset('domains');
@@ -55,7 +66,7 @@ sub root :Chained('dom_list') :PathPart('') :Args(0) {
     my ($self, $c) = @_;
 }
 
-sub create :Chained('dom_list') :PathPart('create') :Args() {
+sub create :Chained('dom_list_restricted') :PathPart('create') :Args() {
     my ($self, $c, $reseller_id, $type) = @_;
 
     my $posted = ($c->request->method eq 'POST');
@@ -169,7 +180,7 @@ sub create :Chained('dom_list') :PathPart('create') :Args() {
     );
 }
 
-sub base :Chained('/domain/dom_list') :PathPart('') :CaptureArgs(1) {
+sub base :Chained('/domain/dom_list_restricted') :PathPart('') :CaptureArgs(1) {
     my ($self, $c, $domain_id) = @_;
 
     unless($domain_id && is_int($domain_id)) {
diff --git a/share/templates/customer/details.tt b/share/templates/customer/details.tt
index 9c329cb374..2968a20a87 100644
--- a/share/templates/customer/details.tt
+++ b/share/templates/customer/details.tt
@@ -68,7 +68,7 @@ $(function() {
         <a class="btn btn-primary btn-large" href="[% c.uri_for_action('/customer/preferences', [c.req.captures.0]) %]"><i class="icon-list"></i> [% c.loc('Preferences') %]</a>
     </span>
     [% IF (c.user.roles == 'admin' || c.user.roles == 'reseller' ||
-           c.user.roles == 'ccaradmin' || c.user.roles == 'ccare') && !c.user.read_only -%]
+           c.user.roles == 'ccareadmin' || c.user.roles == 'ccare') && !c.user.read_only -%]
     <span>
         <a class="btn btn-primary btn-large" href="[% c.uri_for_action('/customer/edit', [ contract.id ]) %]"><i class="icon-edit"></i> [% c.loc('Edit') %]</a>
     </span>
@@ -240,7 +240,7 @@ $(function() {
                     </div>
                 [% ELSIF (c.user.roles == "subscriberadmin" && product.class == "pbxaccount") ||
                           c.user.roles == "admin" || c.user.roles == "reseller" ||
-                          c.user.roles == "ccaradmin" || c.user.roles == "ccare" -%]
+                          c.user.roles == "ccareadmin" || c.user.roles == "ccare" -%]
                     <a class="btn btn-large btn-primary" href="[% c.uri_for_action('/customer/subscriber_create', [ c.req.captures.0 ]) %]">
                         <i class="icon-star"></i> [% c.loc('Create Subscriber') %]
                     </a>
@@ -397,7 +397,7 @@ $(function() {
         c.config.features.cloudpbx &&
         product.class == 'pbxaccount' &&
         (c.user.roles == 'admin' || c.user.roles == 'reseller' ||
-         c.user.roles == 'ccaradmin' || c.user.roles == 'ccare' ||
+         c.user.roles == 'ccareadmin' || c.user.roles == 'ccare' ||
          c.user.roles == 'subscriberadmin')
     -%]
     <div class="accordion-group">
@@ -444,7 +444,7 @@ $(function() {
             <div class="accordion-inner">
 
                 [% IF (c.user.roles == 'admin' || c.user.roles == 'reseller' ||
-                       c.user.roles == 'ccaradmin' || c.user.roles == 'ccare') && !c.user.read_only -%]
+                       c.user.roles == 'ccareadmin' || c.user.roles == 'ccare') && !c.user.read_only -%]
                 <span>
                     [% IF c.user.billing_data && c.config.features.voucher -%]
                     <a class="btn btn-primary btn-large" href="[% c.uri_for_action("/customer/topup_voucher", [contract.id]) %]"><i class="icon-repeat"></i> [% c.loc('Top-up Voucher') %]</a>