diff --git a/lib/NGCP/Panel/Controller/Administrator.pm b/lib/NGCP/Panel/Controller/Administrator.pm index 7479a5b3e3..21d35e801c 100644 --- a/lib/NGCP/Panel/Controller/Administrator.pm +++ b/lib/NGCP/Panel/Controller/Administrator.pm @@ -36,6 +36,10 @@ sub ajax :Chained('list_admin') :PathPart('ajax') :Args(0) { sub create :Chained('list_admin') :PathPart('create') :Args(0) { my ($self, $c) = @_; + + $c->detach('/denied_page') + unless($c->user->{is_master}); + my $form = NGCP::Panel::Form::Administrator->new; $form->process( posted => $c->request->method eq 'POST', @@ -49,6 +53,8 @@ sub create :Chained('list_admin') :PathPart('create') :Args(0) { back_uri => $c->uri_for('create') ); if ($form->validated) { + # TODO: check if reseller, and if so, auto-set contract; + # also, only show admins within reseller_id if reseller try { delete $form->params->{save}; $form->params->{md5pass} = md5_hex($form->params->{md5pass}); diff --git a/lib/NGCP/Panel/Controller/Login.pm b/lib/NGCP/Panel/Controller/Login.pm index d6279f139c..3e4242826e 100644 --- a/lib/NGCP/Panel/Controller/Login.pm +++ b/lib/NGCP/Panel/Controller/Login.pm @@ -42,7 +42,7 @@ sub index :Path Form { my $user = $form->field('username')->value; my $pass = $form->field('password')->value; $c->log->debug("*** Login::index user=$user, pass=$pass, realm=$realm"); - my $res; + my $res; my @roles = (); if($realm eq 'admin') { $res = $c->authenticate( { diff --git a/lib/NGCP/Panel/Controller/Root.pm b/lib/NGCP/Panel/Controller/Root.pm index ded69ee53e..ff380a0602 100644 --- a/lib/NGCP/Panel/Controller/Root.pm +++ b/lib/NGCP/Panel/Controller/Root.pm @@ -218,6 +218,14 @@ sub error_page :Private { $c->response->status(404); } +sub denied_page :Private { + my ($self,$c) = @_; + + $c->log->info('Access to path denied: ' . $c->request->path ); + $c->stash(template => 'denied_page.tt'); + $c->response->status(403); +} + __PACKAGE__->meta->make_immutable; 1; diff --git a/lib/NGCP/Panel/Widget/Plugin/AdminBillingOverview.pm b/lib/NGCP/Panel/Widget/Plugin/AdminBillingOverview.pm index 766cd0b1aa..7801193d25 100644 --- a/lib/NGCP/Panel/Widget/Plugin/AdminBillingOverview.pm +++ b/lib/NGCP/Panel/Widget/Plugin/AdminBillingOverview.pm @@ -29,9 +29,10 @@ around handle => sub { sub filter { my ($self, $c, $type) = @_; + use Data::Printer; p $c->user; return $self if( $type eq $self->type && - $c->check_user_roles(qw/administrator/) && + $c->user_in_realm('admin') && ref $c->controller eq 'NGCP::Panel::Controller::Dashboard' ); return; diff --git a/lib/NGCP/Panel/Widget/Plugin/AdminPeeringOverview.pm b/lib/NGCP/Panel/Widget/Plugin/AdminPeeringOverview.pm index 3033d61372..699de5fbdd 100644 --- a/lib/NGCP/Panel/Widget/Plugin/AdminPeeringOverview.pm +++ b/lib/NGCP/Panel/Widget/Plugin/AdminPeeringOverview.pm @@ -31,7 +31,7 @@ sub filter { return $self if( $type eq $self->type && - $c->check_user_roles(qw/administrator/) && + $c->user_in_realm('admin') && ref $c->controller eq 'NGCP::Panel::Controller::Dashboard' ); return; diff --git a/lib/NGCP/Panel/Widget/Plugin/AdminResellerOverview.pm b/lib/NGCP/Panel/Widget/Plugin/AdminResellerOverview.pm index 2670666e81..8e14541b50 100644 --- a/lib/NGCP/Panel/Widget/Plugin/AdminResellerOverview.pm +++ b/lib/NGCP/Panel/Widget/Plugin/AdminResellerOverview.pm @@ -31,7 +31,7 @@ sub filter { return $self if( $type eq $self->type && - $c->check_user_roles(qw/administrator/) && + $c->user_in_realm('admin') && ref $c->controller eq 'NGCP::Panel::Controller::Dashboard' ); return; diff --git a/lib/NGCP/Panel/Widget/Plugin/AdminSystemOverview.pm b/lib/NGCP/Panel/Widget/Plugin/AdminSystemOverview.pm index c46b12c713..04acade9f1 100644 --- a/lib/NGCP/Panel/Widget/Plugin/AdminSystemOverview.pm +++ b/lib/NGCP/Panel/Widget/Plugin/AdminSystemOverview.pm @@ -31,7 +31,7 @@ sub filter { return $self if( $type eq $self->type && - $c->check_user_roles(qw/administrator/) && + $c->user_in_realm('admin') && ref $c->controller eq 'NGCP::Panel::Controller::Dashboard' ); return; diff --git a/lib/NGCP/Panel/Widget/Plugin/AdminTopMenuSettings.pm b/lib/NGCP/Panel/Widget/Plugin/AdminTopMenuSettings.pm index 54325d8669..44cdc2c692 100644 --- a/lib/NGCP/Panel/Widget/Plugin/AdminTopMenuSettings.pm +++ b/lib/NGCP/Panel/Widget/Plugin/AdminTopMenuSettings.pm @@ -23,7 +23,7 @@ sub filter { return $self if( $type eq $self->type && - $c->check_user_roles(qw/administrator/) + $c->user_in_realm('admin') ); return; } diff --git a/lib/NGCP/Panel/Widget/Plugin/ResellerDomainOverview.pm b/lib/NGCP/Panel/Widget/Plugin/ResellerDomainOverview.pm index f76edf7ba9..1674bfc962 100644 --- a/lib/NGCP/Panel/Widget/Plugin/ResellerDomainOverview.pm +++ b/lib/NGCP/Panel/Widget/Plugin/ResellerDomainOverview.pm @@ -31,7 +31,7 @@ sub filter { return $self if( $type eq $self->type && - $c->check_user_roles(qw/reseller/) && + $c->user_in_realm('reseller') && ref $c->controller eq 'NGCP::Panel::Controller::Dashboard' ); return; diff --git a/share/templates/denied_page.tt b/share/templates/denied_page.tt new file mode 100644 index 0000000000..a6b75f2b56 --- /dev/null +++ b/share/templates/denied_page.tt @@ -0,0 +1,37 @@ +
+ +
+ +
+ +

Oops!

+ +

[% c.response.status %] Denied

+ +
+ Sorry, an error has occured, requested operation denied! + +
+ +
+ + +   + Back + + + + +   + Contact Support + + +
+ +
+ + +
+ +
+