TT#124802 GET /api/admins/:id/journal - fixing

* Admins with is_system and is_superuser are able to see the items for all roles. * Admin is able to see own journal. Change-Id: I3e5d459b08ff7ef218220f1ae11974351121c489
4 years ago · 8017805589
parent e73dd3ea27
commit 8017805589
4 changed files with 31 additions and 22 deletions
--- a/lib/NGCP/Panel/Controller/API/AdminsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/AdminsItem.pm
@ -18,11 +18,15 @@ sub journal_query_params {
 }

 sub get_journal_methods{
-    return [qw/handle_item_base_journal handle_journals_get handle_journalsitem_get handle_journals_options handle_journalsitem_options handle_journals_head handle_journalsitem_head/];
-}   
+    return [qw/handle_item_base_journal handle_journals_get handle_journalsitem_get
+        handle_journals_options handle_journalsitem_options handle_journals_head handle_journalsitem_head/];
+}

 __PACKAGE__->set_config({
-    allowed_roles => [qw/admin reseller lintercept ccareadmin ccare/],
+    allowed_roles => {
+        Default => [qw/admin reseller lintercept ccareadmin ccare/],
+        Journal => [qw/admin reseller lintercept ccareadmin ccare/],
+    }
 });

 sub PATCH :Allow {
@ -88,7 +92,7 @@ sub delete_item {
        my $self = shift;
        my ($c) = @_;
        return $self->hal_from_item($c, $item); });
-    
+
    $item->delete;
    return 1;
 }
--- a/lib/NGCP/Panel/Role/API/Admins.pm
+++ b/lib/NGCP/Panel/Role/API/Admins.pm
@ -32,27 +32,30 @@ sub _item_rs {
    my ($self, $c) = @_;

    my $item_rs = $c->model('DB')->resultset('admins');
-    if($c->user->roles eq "reseller") {
-        $item_rs = $item_rs->search({
+
+    if ($c->user->is_system || $c->user->is_superuser) {
+        return $item_rs;
+    }
+
+    my %search = ();
+
+    if ($c->user->roles eq "reseller") {
+        %search = (
            reseller_id => $c->user->reseller_id,
            is_system => 0
-        });
+        );
    }

-    if($c->user->is_system) {
-        # return all (or all of reseller) admins
-    } elsif ($c->user->roles ne 'lintercept' && ($c->user->is_master || $c->user->is_superuser)) {
-        $item_rs = $item_rs->search({
+    if ($c->user->roles ne 'lintercept' && $c->user->is_master) {
+        %search = (%search,
            lawful_intercept => 0,
-            is_system => 0
-        });
+            is_system        => 0);
    } else {
        # otherwise, only return the own admin if master is not set
-        $item_rs = $item_rs->search({
-            id => $c->user->id,
-        });
+        %search = (%search, id => $c->user->id);
    }
-    return $item_rs;
+
+    return $item_rs->search(\%search);
 }

 sub get_form {
--- a/lib/NGCP/Panel/Utils/Generic.pm
+++ b/lib/NGCP/Panel/Utils/Generic.pm
@ -24,10 +24,7 @@ my $MIME_TYPES = {

 sub is_int {
    my $val = shift;
-    if($val =~ /^[+-]?[0-9]+$/) {
-        return 1;
-    }
-    return;
+    return defined $val && $val =~ /^[+-]?\d+\z/;
 }

 sub is_integer {
--- a/lib/NGCP/Panel/Utils/Journal.pm
+++ b/lib/NGCP/Panel/Utils/Journal.pm
@ -219,7 +219,12 @@ sub get_api_journal_query_params {

 sub handle_api_item_base_journal {
    my ($controller,$c,$id) = @_;
-    $c->stash->{item_id_journal} = $id;
+
+    if ($c->user->id == $id || $c->user->is_system || $c->user->is_superuser) {
+        $c->stash->{item_id_journal} = $id;
+        return;
+    }
+
    return;
 }