From 938798943c54b0fc20b9a558bb002bea21d7e4f4 Mon Sep 17 00:00:00 2001
From: Gerhard Jungwirth <gjungwirth@sipwise.com>
Date: Fri, 25 Oct 2013 13:51:39 +0200
Subject: [PATCH] MT#4667 validate contact on contract create

On one hand, dont allow (peering,reseller)-contracts to
be created with a wrong contact (which has a reseller id).
On the other hand, dont preselect wrong contacts in the first
place (from created_objects)
---
 lib/NGCP/Panel/Controller/Contract.pm | 31 +++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/lib/NGCP/Panel/Controller/Contract.pm b/lib/NGCP/Panel/Controller/Contract.pm
index caa4329058..bb1d4d97c1 100644
--- a/lib/NGCP/Panel/Controller/Contract.pm
+++ b/lib/NGCP/Panel/Controller/Contract.pm
@@ -249,6 +249,9 @@ sub peering_create :Chained('peering_list') :PathPart('create') :Args(0) {
     my $posted = ($c->request->method eq 'POST');
     my $params = {};
     $params = $params->merge($c->session->{created_objects});
+    unless ($self->is_valid_noreseller_contact($c, $params->{contact}{id})) {
+        delete $params->{contact};
+    }
     my $form = NGCP::Panel::Form::Contract::PeeringReseller->new;
     $form->process(
         posted => $posted,
@@ -284,6 +287,12 @@ sub peering_create :Chained('peering_list') :PathPart('create') :Args(0) {
                     profile => $billing_profile,
                     contract => $contract,
                 );
+
+                if (defined $contract->contact->reseller_id) {
+                    my $contact_id = $contract->contact->id;
+                    die( ["Cannot use this contact (#$contact_id) for peering contracts.", "showdetails"] );
+                }
+
                 $c->session->{created_objects}->{contract} = { id => $contract->id };
                 delete $c->session->{created_objects}->{contact};
                 delete $c->session->{created_objects}->{billing_profile};
@@ -360,6 +369,9 @@ sub reseller_create :Chained('reseller_list') :PathPart('create') :Args(0) {
     my $posted = ($c->request->method eq 'POST');
     my $params = {};
     $params = $params->merge($c->session->{created_objects});
+    unless ($self->is_valid_noreseller_contact($c, $params->{contact}{id})) {
+        delete $params->{contact};
+    }
     my $form = NGCP::Panel::Form::Contract::PeeringReseller->new;
     $form->process(
         posted => $posted,
@@ -395,6 +407,12 @@ sub reseller_create :Chained('reseller_list') :PathPart('create') :Args(0) {
                     profile => $billing_profile,
                     contract => $contract,
                 );
+
+                if (defined $contract->contact->reseller_id) {
+                    my $contact_id = $contract->contact->id;
+                    die( ["Cannot use this contact (#$contact_id) for reseller contracts.", "showdetails"] );
+                }
+
                 $c->session->{created_objects}->{contract} = { id => $contract->id };
                 delete $c->session->{created_objects}->{contact};
                 delete $c->session->{created_objects}->{billing_profile};
@@ -415,6 +433,19 @@ sub reseller_create :Chained('reseller_list') :PathPart('create') :Args(0) {
     $c->stash(form => $form);
 }
 
+sub is_valid_noreseller_contact {
+    my ($self, $c, $contact_id) = @_;
+    my $contact = $c->model('DB')->resultset('contacts')->search_rs({
+        'id' => $contact_id,
+        'reseller_id' => undef,
+        })->first;
+    if( $contact ) {
+        return 1;
+    } else {
+        return 0;
+    }
+}
+
 __PACKAGE__->meta->make_immutable;
 
 1;