From a2dfbe8f36355c79ba3bd161053879b9a5d59ae6 Mon Sep 17 00:00:00 2001
From: Oleksandr Duts <oduts@sipwise.com>
Date: Tue, 5 Apr 2022 15:04:38 +0300
Subject: [PATCH] TT#158900 API DELETE admincerts/:id - master-admin for other
 admins

  * Allow to delete admin cetificate of other admins
under master-admin.

Change-Id: I37ffaedce34b3a71d0a04556059059186a5b690d
---
 lib/NGCP/Panel/Controller/API/AdminCertsItem.pm | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/lib/NGCP/Panel/Controller/API/AdminCertsItem.pm b/lib/NGCP/Panel/Controller/API/AdminCertsItem.pm
index 53ff22c000..e9b34c582e 100644
--- a/lib/NGCP/Panel/Controller/API/AdminCertsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/AdminCertsItem.pm
@@ -15,11 +15,18 @@ sub allowed_methods {
 
 sub delete_item {
     my($self, $c, $item, $old_resource, $resource, $form) = @_;
-    unless ($item->id == $c->user->id) {
-        $c->log->error("Administrator can only delete its own certificate.");
-        $self->error($c, HTTP_FORBIDDEN, "Administrator can only delete its own certificate.");
+
+    if (
+        $item->id != $c->user->id &&
+        (
+            !$c->user->is_master ||
+            !NGCP::Panel::Utils::UserRole::has_permission($c, $c->user->acl_role->id, $item->acl_role->id)
+        )
+    ){
+        $self->error($c, HTTP_FORBIDDEN, 'Cannot delete certificate');
         return;
     }
+
     try {
         $item->update({
             ssl_client_m_serial => undef,
@@ -30,6 +37,7 @@ sub delete_item {
         $self->error($c, HTTP_INTERNAL_SERVER_ERROR, "Failed to delete administrator certificate.");
         return;
     }
+
     return 1;
 }