MT#6693 Deny resellers edit attribs of subprofiles

Only basic information (name, default profile) can be changed if profile_sets.reseller_edit is set to 0 in the panel config.
12 years ago · b4ef15ded2
parent 76cd2f2a33
commit b4ef15ded2
5 changed files with 63 additions and 18 deletions
--- a/lib/NGCP/Panel/Controller/SubscriberProfile.pm
+++ b/lib/NGCP/Panel/Controller/SubscriberProfile.pm
@ -92,6 +92,9 @@ sub set_base :Chained('set_list') :PathPart('') :CaptureArgs(1) {
 sub set_create :Chained('set_list') :PathPart('create') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;

+    $c->detach('/denied_page')
+        if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit});
+
    my $posted = ($c->request->method eq 'POST');
    my $params = {};
    $params = $params->merge($c->session->{created_objects});
@ -147,6 +150,9 @@ sub set_create :Chained('set_list') :PathPart('create') :Args(0) :Does(ACL) :ACL
 sub set_edit :Chained('set_base') :PathPart('edit') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;

+    $c->detach('/denied_page')
+        if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit});
+
    my $set = $c->stash->{set};
    my $posted = ($c->request->method eq 'POST');
    my $params = { $set->get_inflated_columns };
@ -203,6 +209,9 @@ sub set_edit :Chained('set_base') :PathPart('edit') :Does(ACL) :ACLDetachTo('/de

 sub set_delete :Chained('set_base') :PathPart('delete') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;
+
+    $c->detach('/denied_page')
+        if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit});
    
    try {
        my $schema = $c->model('DB');
@ -230,6 +239,9 @@ sub set_delete :Chained('set_base') :PathPart('delete') :Does(ACL) :ACLDetachTo(
 sub set_clone :Chained('set_base') :PathPart('clone') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;

+    $c->detach('/denied_page')
+        if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit});
+
    my $posted = ($c->request->method eq 'POST');
    my $params = { $c->stash->{set}->get_inflated_columns };
    $params->{reseller}{id} = delete $params->{reseller_id};
@ -353,6 +365,9 @@ sub profile_base :Chained('profile_list') :PathPart('') :CaptureArgs(1) :Does(AC
 sub profile_create :Chained('profile_list') :PathPart('create') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;

+    $c->detach('/denied_page')
+        if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit});
+
    my $posted = ($c->request->method eq 'POST');
    my $params = {};
    $params = $params->merge($c->session->{created_objects});
@ -454,6 +469,10 @@ sub profile_edit :Chained('profile_base') :PathPart('edit') :Does(ACL) :ACLDetac
                  # no previous default profile, make this one default
                  $form->values->{set_default} = 1;
                }
+                if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}) {
+                    # only allow generic fields to be updated
+                    delete $form->values->{attribute};
+                }

                $profile->update($form->values);

@ -516,6 +535,9 @@ sub profile_edit :Chained('profile_base') :PathPart('edit') :Does(ACL) :ACLDetac

 sub profile_delete :Chained('profile_base') :PathPart('delete') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;
+
+    $c->detach('/denied_page')
+        if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit});
    
    try {
        my $schema = $c->model('DB');
@ -550,6 +572,9 @@ sub profile_delete :Chained('profile_base') :PathPart('delete') :Does(ACL) :ACLD
 sub profile_clone :Chained('profile_base') :PathPart('clone') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
    my ($self, $c) = @_;

+    $c->detach('/denied_page')
+        if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit});
+
    my $posted = ($c->request->method eq 'POST');
    my $params = { $c->stash->{profile}->get_inflated_columns };
    $params = $params->merge($c->session->{created_objects});
--- a/lib/NGCP/Panel/Form/SubscriberProfile/Profile.pm
+++ b/lib/NGCP/Panel/Form/SubscriberProfile/Profile.pm
@ -93,6 +93,7 @@ sub field_list {
            #    title => [$pref->description],
            #    checked => 'checked',
            },
+            disabled => $c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit} ? 1 : 0,
        };
    }

--- a/ngcp_panel.conf
+++ b/ngcp_panel.conf
@ -83,6 +83,10 @@ log4perl.appender.Default.layout.ConversionPattern=%d{ISO8601} [%p] [%F +%L] %m{
  password_web_expose_subadmin	0
 </security>

+<profile_sets>
+  reseller_edit	1
+</profile_sets>
+
 <callflow>
  lb_int	127.0.0.1:5060
  lb_ext	1.2.3.4:5060
--- a/share/templates/subprofile/profile_list.tt
+++ b/share/templates/subprofile/profile_list.tt
@ -17,15 +17,24 @@
    END;

    UNLESS c.user.read_only;
-        helper.dt_buttons = [
-            { name = c.loc('Edit'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/edit", class = 'btn-small btn-primary', icon = 'icon-edit' },
-            { name = c.loc('Delete'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/delete", class = 'btn-small btn-secondary', icon = 'icon-trash' },
-            { name = c.loc('Clone'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/clone", class = 'btn-small btn-tertiary', icon = 'icon-retweet' },
-        ];
-        helper.top_buttons = [
-            { name = c.loc('Profile Sets'), uri = c.uri_for('/subscriberprofile'), icon = 'icon-list' },
-            { name = c.loc('Create Subscriber Profile'), uri = c.uri_for_action('/subscriberprofile/profile_create', c.req.captures), icon = 'icon-star' },
-        ];
+        UNLESS c.user.roles == "reseller" && !c.config.profile_sets.reseller_edit;
+            helper.dt_buttons = [
+                { name = c.loc('Edit'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/edit", class = 'btn-small btn-primary', icon = 'icon-edit' },
+                { name = c.loc('Delete'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/delete", class = 'btn-small btn-secondary', icon = 'icon-trash' },
+                { name = c.loc('Clone'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/clone", class = 'btn-small btn-tertiary', icon = 'icon-retweet' },
+            ];
+            helper.top_buttons = [
+                { name = c.loc('Profile Sets'), uri = c.uri_for('/subscriberprofile'), icon = 'icon-list' },
+                { name = c.loc('Create Subscriber Profile'), uri = c.uri_for_action('/subscriberprofile/profile_create', c.req.captures), icon = 'icon-star' },
+            ];
+        ELSE;
+            helper.dt_buttons = [
+                { name = c.loc('Edit'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/edit", class = 'btn-small btn-primary', icon = 'icon-edit' },
+            ];
+            helper.top_buttons = [
+                { name = c.loc('Profile Sets'), uri = c.uri_for('/subscriberprofile'), icon = 'icon-list' },
+            ];
+        END;
    ELSE;
        helper.top_buttons = [
            { name = c.loc('Profile Sets'), uri = c.uri_for('/subscriberprofile'), icon = 'icon-list' },
--- a/share/templates/subprofile/set_list.tt
+++ b/share/templates/subprofile/set_list.tt
@ -17,15 +17,21 @@
    END;

    UNLESS c.user.read_only;
-        helper.dt_buttons = [
-            { name = c.loc('Edit'), uri = "/subscriberprofile/'+full.id+'/edit", class = 'btn-small btn-primary', icon = 'icon-edit' },
-            { name = c.loc('Delete'), uri = "/subscriberprofile/'+full.id+'/delete", class = 'btn-small btn-secondary', icon = 'icon-trash' },
-            { name = c.loc('Clone'), uri = "/subscriberprofile/'+full.id+'/clone", class = 'btn-small btn-tertiary', icon = 'icon-retweet' },
-            { name = c.loc('Profiles'), uri = "/subscriberprofile/'+full.id+'/profile", class = 'btn-small btn-primary', icon = 'icon-list' },
-        ];
-        helper.top_buttons = [
-            { name = c.loc('Create Subscriber Profile Set'), uri = c.uri_for_action('/subscriberprofile/set_create'), icon = 'icon-star' },
-        ];
+        UNLESS c.user.roles == "reseller" && !c.config.profile_sets.reseller_edit;
+            helper.dt_buttons = [
+                { name = c.loc('Edit'), uri = "/subscriberprofile/'+full.id+'/edit", class = 'btn-small btn-primary', icon = 'icon-edit' },
+                { name = c.loc('Delete'), uri = "/subscriberprofile/'+full.id+'/delete", class = 'btn-small btn-secondary', icon = 'icon-trash' },
+                { name = c.loc('Clone'), uri = "/subscriberprofile/'+full.id+'/clone", class = 'btn-small btn-tertiary', icon = 'icon-retweet' },
+                { name = c.loc('Profiles'), uri = "/subscriberprofile/'+full.id+'/profile", class = 'btn-small btn-primary', icon = 'icon-list' },
+            ];
+            helper.top_buttons = [
+                { name = c.loc('Create Subscriber Profile Set'), uri = c.uri_for_action('/subscriberprofile/set_create'), icon = 'icon-star' },
+            ];
+        ELSE;
+            helper.dt_buttons = [
+                { name = c.loc('Profiles'), uri = "/subscriberprofile/'+full.id+'/profile", class = 'btn-small btn-primary', icon = 'icon-list' },
+            ];
+        END;
    END;

    PROCESS 'helpers/datatables.tt';