From af5b5d370fc163299fafb43da47257dba44df3f0 Mon Sep 17 00:00:00 2001
From: Irina Peshinskaya <ipeshinskaya@sipwise.com>
Date: Fri, 28 Sep 2018 15:49:13 +0200
Subject: [PATCH] TT#45632 Add checking of configured Accept values

Change-Id: I586cc56e08de2c0ff431eaa7480e01481af90940
---
 lib/NGCP/Panel/Role/API.pm          | 32 +++++++++++++++++++++++++++--
 lib/NGCP/Panel/Role/EntitiesItem.pm | 19 +++++++++++++----
 2 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/lib/NGCP/Panel/Role/API.pm b/lib/NGCP/Panel/Role/API.pm
index 20948270bc..650db801c1 100644
--- a/lib/NGCP/Panel/Role/API.pm
+++ b/lib/NGCP/Panel/Role/API.pm
@@ -1476,13 +1476,41 @@ sub return_csv{
     }
 }
 
+sub check_return_type {
+    my ($self, $c, $requested_type, $allowed_types) = @_;
+    if (!$allowed_types) {
+        my $action_config = $self->get_config('action');
+        $allowed_types = $action_config->{GET}->{ReturnContentType};
+    }
+    #while not strict requirement to the config
+    my $result = 1;
+    if ($allowed_types) {
+        if ( (!ref $allowed_types && $requested_type ne 'binary' && $requested_type ne $allowed_types) 
+            ||
+            ( ref $allowed_types eq 'ARRAY'
+                && !grep {$_ eq $requested_type} @$allowed_types
+            ) 
+        ) {
+            $result = 0;
+        }
+    }
+    if (!$result) {
+        $self->error($c, HTTP_INTERNAL_SERVER_ERROR, "Requested unknown type '$requested_type', supported types: ".((ref $allowed_types eq 'ARRAY')? join (',', @$allowed_types) :  $allowed_types )."." );
+    }
+    return $result;
+}
+
 sub return_requested_type {
-    my ($self, $c, $id, $item) = @_;
+    my ($self, $c, $id, $item, $return_type) = @_;
     try{
+        if($return_type eq 'text/csv') {
+            $self->return_csv($c);
+            return;
+        }
         if (!$self->can('get_item_binary_data')) {
             $self->error($c, HTTP_INTERNAL_SERVER_ERROR, "Method not implemented.");
         }
-        my($data_ref,$mime_type,$filename) = $self->get_item_binary_data($c, $id, $item);
+        my($data_ref,$mime_type,$filename) = $self->get_item_binary_data($c, $id, $item, $return_type);
         $filename  //= $self->item_name.''.$self->get_item_id($c, $item);
         $mime_type //= 'application/octet-stream' ;
 
diff --git a/lib/NGCP/Panel/Role/EntitiesItem.pm b/lib/NGCP/Panel/Role/EntitiesItem.pm
index cc4cb475a2..c128b85f32 100644
--- a/lib/NGCP/Panel/Role/EntitiesItem.pm
+++ b/lib/NGCP/Panel/Role/EntitiesItem.pm
@@ -187,16 +187,27 @@ sub get {
         last unless $item;
         my $header_accept = $c->request->header('Accept');
         my $action_config = $self->get_config('action');
-
+        my $config_allowed_types = $action_config->{GET}->{ReturnContentType};
+        my $apllication_json = 'application/json';
+        #TODO: to method
         if( ( defined $header_accept
                 && ($header_accept !~ m!\bapplication/json\b!)
                 && ($header_accept !~ m#(?<![^\s;,])\*/\*(?![^\s;,])#) # application/json OR */*
             )
-            || ( $action_config->{GET}->{ReturnContentType}
-                && $action_config->{GET}->{ReturnContentType} ne 'application/json'
+            || ( $config_allowed_types
+                && $config_allowed_types ne $apllication_json
+                && !(
+                    ref $config_allowed_types eq 'ARRAY' 
+                    && grep { $_ eq  $apllication_json } @{ $config_allowed_types } 
+                )
             )
         ) {
-            $self->return_requested_type($c,$id,$item);
+            my $return_type = $header_accept;
+            if (!$return_type && !ref $config_allowed_types) {
+                 $return_type = $config_allowed_types;
+            }
+            return unless $self->check_return_type($c, $return_type, $config_allowed_types);
+            $self->return_requested_type($c, $id, $item, $return_type);
             # in case this method is not defined, we should return a reasonable error explaining the Accept Header
             return;
         }