Add simple role handling via realm check.

13 years ago · 97b7f01164
parent 35bade1640
commit 97b7f01164
10 changed files with 59 additions and 7 deletions
--- a/lib/NGCP/Panel/Controller/Administrator.pm
+++ b/lib/NGCP/Panel/Controller/Administrator.pm
@ -36,6 +36,10 @@ sub ajax :Chained('list_admin') :PathPart('ajax') :Args(0) {

 sub create :Chained('list_admin') :PathPart('create') :Args(0) {
    my ($self, $c) = @_;
+
+    $c->detach('/denied_page')
+    	unless($c->user->{is_master});
+
    my $form = NGCP::Panel::Form::Administrator->new;
    $form->process(
        posted => $c->request->method eq 'POST',
@ -49,6 +53,8 @@ sub create :Chained('list_admin') :PathPart('create') :Args(0) {
        back_uri => $c->uri_for('create')
    );
    if ($form->validated) {
+    	# TODO: check if reseller, and if so, auto-set contract;
+	# also, only show admins within reseller_id if reseller
        try {
            delete $form->params->{save};
 	    $form->params->{md5pass} = md5_hex($form->params->{md5pass});
--- a/lib/NGCP/Panel/Controller/Login.pm
+++ b/lib/NGCP/Panel/Controller/Login.pm
@ -42,7 +42,7 @@ sub index :Path Form {
        my $user = $form->field('username')->value;
        my $pass = $form->field('password')->value;
        $c->log->debug("*** Login::index user=$user, pass=$pass, realm=$realm");
-        my $res;
+        my $res; my @roles = ();
        if($realm eq 'admin') {
            $res = $c->authenticate(
                {
--- a/lib/NGCP/Panel/Controller/Root.pm
+++ b/lib/NGCP/Panel/Controller/Root.pm
@ -218,6 +218,14 @@ sub error_page :Private {
    $c->response->status(404);
 }

+sub denied_page :Private {
+    my ($self,$c) = @_;
+    
+    $c->log->info('Access to path denied: ' . $c->request->path );
+    $c->stash(template => 'denied_page.tt');
+    $c->response->status(403);
+}
+
 __PACKAGE__->meta->make_immutable;

 1;
--- a/lib/NGCP/Panel/Widget/Plugin/AdminBillingOverview.pm
+++ b/lib/NGCP/Panel/Widget/Plugin/AdminBillingOverview.pm
@ -29,9 +29,10 @@ around handle => sub {
 sub filter {
    my ($self, $c, $type) = @_;

+    use Data::Printer; p $c->user;
    return $self if(
        $type eq $self->type &&
-        $c->check_user_roles(qw/administrator/) &&
+        $c->user_in_realm('admin') &&
        ref $c->controller eq 'NGCP::Panel::Controller::Dashboard'
    );
    return;
--- a/lib/NGCP/Panel/Widget/Plugin/AdminPeeringOverview.pm
+++ b/lib/NGCP/Panel/Widget/Plugin/AdminPeeringOverview.pm
@ -31,7 +31,7 @@ sub filter {

    return $self if(
        $type eq $self->type &&
-        $c->check_user_roles(qw/administrator/) &&
+        $c->user_in_realm('admin') &&
        ref $c->controller eq 'NGCP::Panel::Controller::Dashboard'
    );
    return;
--- a/lib/NGCP/Panel/Widget/Plugin/AdminResellerOverview.pm
+++ b/lib/NGCP/Panel/Widget/Plugin/AdminResellerOverview.pm
@ -31,7 +31,7 @@ sub filter {

    return $self if(
        $type eq $self->type &&
-        $c->check_user_roles(qw/administrator/) &&
+        $c->user_in_realm('admin') &&
        ref $c->controller eq 'NGCP::Panel::Controller::Dashboard'
    );
    return;
--- a/lib/NGCP/Panel/Widget/Plugin/AdminSystemOverview.pm
+++ b/lib/NGCP/Panel/Widget/Plugin/AdminSystemOverview.pm
@ -31,7 +31,7 @@ sub filter {

    return $self if(
        $type eq $self->type &&
-        $c->check_user_roles(qw/administrator/) &&
+        $c->user_in_realm('admin') &&
        ref $c->controller eq 'NGCP::Panel::Controller::Dashboard'
    );
    return;
--- a/lib/NGCP/Panel/Widget/Plugin/AdminTopMenuSettings.pm
+++ b/lib/NGCP/Panel/Widget/Plugin/AdminTopMenuSettings.pm
@ -23,7 +23,7 @@ sub filter {

    return $self if(
        $type eq $self->type &&
-        $c->check_user_roles(qw/administrator/)
+        $c->user_in_realm('admin')
    );
    return;
 }
--- a/lib/NGCP/Panel/Widget/Plugin/ResellerDomainOverview.pm
+++ b/lib/NGCP/Panel/Widget/Plugin/ResellerDomainOverview.pm
@ -31,7 +31,7 @@ sub filter {

    return $self if(
        $type eq $self->type &&
-        $c->check_user_roles(qw/reseller/) &&
+        $c->user_in_realm('reseller') &&
        ref $c->controller eq 'NGCP::Panel::Controller::Dashboard'
    );
    return;
--- a/share/templates/denied_page.tt
+++ b/share/templates/denied_page.tt
@ -0,0 +1,37 @@
+<div class="row">
+	
+	<div class="span12">
+		
+		<div class="error-container">
+			
+			<h1>Oops!</h1>
+			
+			<h2>[% c.response.status %] Denied</h2>
+			
+			<div class="error-details">
+				Sorry, an error has occured, requested operation denied!
+				
+			</div> <!-- /error-details -->
+			
+			<div class="error-actions">
+				<a href="[% c.uri_for() %]" class="btn btn-large btn-primary">
+					<i class="icon-chevron-left"></i>
+					&nbsp;
+					Back
+				</a>
+				
+				<a href="/" class="btn btn-large">
+					<i class="icon-envelope"></i>
+					&nbsp;
+					Contact Support						
+				</a>
+				
+			</div> <!-- /error-actions -->
+						
+		</div> <!-- /.error-container -->				
+		
+		
+	</div> <!-- /.span12 -->
+	
+</div> <!-- /.row -->		
+