From ac736caa0065e601022a1cdebb3ef72d50329aee Mon Sep 17 00:00:00 2001 From: Andreas Granig Date: Fri, 13 Jun 2014 16:56:15 +0200 Subject: [PATCH] MT#7495 Allow subadmin to configure contract prefs --- lib/NGCP/Panel/Controller/Customer.pm | 5 +++++ share/templates/widgets/subscriber_cf_overview.tt | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/NGCP/Panel/Controller/Customer.pm b/lib/NGCP/Panel/Controller/Customer.pm index 4daff976c9..56c960e35a 100644 --- a/lib/NGCP/Panel/Controller/Customer.pm +++ b/lib/NGCP/Panel/Controller/Customer.pm @@ -1314,6 +1314,10 @@ sub preferences_base :Chained('base') :PathPart('preferences') :CaptureArgs(1) { $c->stash->{preference_meta} = $c->model('DB') ->resultset('voip_preferences') ->single({id => $pref_id}); + if($c->user->roles eq 'subscriberadmin' && !$c->stash->{preference_meta}->expose_to_customer) { + $c->log->error("invalid access to pref_id '$pref_id' by provisioning subscriber id '".$c->user->id."'"); + $c->detach('/denied_page'); + } $c->stash->{preference} = $c->model('DB') ->resultset('voip_contract_preferences') @@ -1376,6 +1380,7 @@ sub load_preference_list :Private { NGCP::Panel::Utils::Preferences::load_preference_list( c => $c, pref_values => \%pref_values, contract_pref => 1, + customer_view => ($c->user->roles eq 'subscriberadmin' ? 1 : 0), ); } diff --git a/share/templates/widgets/subscriber_cf_overview.tt b/share/templates/widgets/subscriber_cf_overview.tt index b7f149a675..56eb05cf74 100644 --- a/share/templates/widgets/subscriber_cf_overview.tt +++ b/share/templates/widgets/subscriber_cf_overview.tt @@ -31,7 +31,7 @@
- [% c.loc('Configure Subscriber Settings') %] + [% c.loc('Configure Preferences') %]