From b4ef15ded25f06194e5d02af928c769d48ee3693 Mon Sep 17 00:00:00 2001 From: Andreas Granig Date: Tue, 29 Apr 2014 15:05:23 +0200 Subject: [PATCH] MT#6693 Deny resellers edit attribs of subprofiles Only basic information (name, default profile) can be changed if profile_sets.reseller_edit is set to 0 in the panel config. --- .../Panel/Controller/SubscriberProfile.pm | 25 +++++++++++++++++ .../Panel/Form/SubscriberProfile/Profile.pm | 1 + ngcp_panel.conf | 4 +++ share/templates/subprofile/profile_list.tt | 27 ++++++++++++------- share/templates/subprofile/set_list.tt | 24 ++++++++++------- 5 files changed, 63 insertions(+), 18 deletions(-) diff --git a/lib/NGCP/Panel/Controller/SubscriberProfile.pm b/lib/NGCP/Panel/Controller/SubscriberProfile.pm index dc292a01e1..7dee3eea39 100644 --- a/lib/NGCP/Panel/Controller/SubscriberProfile.pm +++ b/lib/NGCP/Panel/Controller/SubscriberProfile.pm @@ -92,6 +92,9 @@ sub set_base :Chained('set_list') :PathPart('') :CaptureArgs(1) { sub set_create :Chained('set_list') :PathPart('create') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) { my ($self, $c) = @_; + $c->detach('/denied_page') + if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}); + my $posted = ($c->request->method eq 'POST'); my $params = {}; $params = $params->merge($c->session->{created_objects}); @@ -147,6 +150,9 @@ sub set_create :Chained('set_list') :PathPart('create') :Args(0) :Does(ACL) :ACL sub set_edit :Chained('set_base') :PathPart('edit') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) { my ($self, $c) = @_; + $c->detach('/denied_page') + if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}); + my $set = $c->stash->{set}; my $posted = ($c->request->method eq 'POST'); my $params = { $set->get_inflated_columns }; @@ -203,6 +209,9 @@ sub set_edit :Chained('set_base') :PathPart('edit') :Does(ACL) :ACLDetachTo('/de sub set_delete :Chained('set_base') :PathPart('delete') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) { my ($self, $c) = @_; + + $c->detach('/denied_page') + if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}); try { my $schema = $c->model('DB'); @@ -230,6 +239,9 @@ sub set_delete :Chained('set_base') :PathPart('delete') :Does(ACL) :ACLDetachTo( sub set_clone :Chained('set_base') :PathPart('clone') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) { my ($self, $c) = @_; + $c->detach('/denied_page') + if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}); + my $posted = ($c->request->method eq 'POST'); my $params = { $c->stash->{set}->get_inflated_columns }; $params->{reseller}{id} = delete $params->{reseller_id}; @@ -353,6 +365,9 @@ sub profile_base :Chained('profile_list') :PathPart('') :CaptureArgs(1) :Does(AC sub profile_create :Chained('profile_list') :PathPart('create') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) { my ($self, $c) = @_; + $c->detach('/denied_page') + if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}); + my $posted = ($c->request->method eq 'POST'); my $params = {}; $params = $params->merge($c->session->{created_objects}); @@ -454,6 +469,10 @@ sub profile_edit :Chained('profile_base') :PathPart('edit') :Does(ACL) :ACLDetac # no previous default profile, make this one default $form->values->{set_default} = 1; } + if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}) { + # only allow generic fields to be updated + delete $form->values->{attribute}; + } $profile->update($form->values); @@ -516,6 +535,9 @@ sub profile_edit :Chained('profile_base') :PathPart('edit') :Does(ACL) :ACLDetac sub profile_delete :Chained('profile_base') :PathPart('delete') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) { my ($self, $c) = @_; + + $c->detach('/denied_page') + if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}); try { my $schema = $c->model('DB'); @@ -550,6 +572,9 @@ sub profile_delete :Chained('profile_base') :PathPart('delete') :Does(ACL) :ACLD sub profile_clone :Chained('profile_base') :PathPart('clone') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) { my ($self, $c) = @_; + $c->detach('/denied_page') + if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}); + my $posted = ($c->request->method eq 'POST'); my $params = { $c->stash->{profile}->get_inflated_columns }; $params = $params->merge($c->session->{created_objects}); diff --git a/lib/NGCP/Panel/Form/SubscriberProfile/Profile.pm b/lib/NGCP/Panel/Form/SubscriberProfile/Profile.pm index a8868293e8..d62d839c49 100644 --- a/lib/NGCP/Panel/Form/SubscriberProfile/Profile.pm +++ b/lib/NGCP/Panel/Form/SubscriberProfile/Profile.pm @@ -93,6 +93,7 @@ sub field_list { # title => [$pref->description], # checked => 'checked', }, + disabled => $c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit} ? 1 : 0, }; } diff --git a/ngcp_panel.conf b/ngcp_panel.conf index 72cc6e096c..b0e9089374 100644 --- a/ngcp_panel.conf +++ b/ngcp_panel.conf @@ -83,6 +83,10 @@ log4perl.appender.Default.layout.ConversionPattern=%d{ISO8601} [%p] [%F +%L] %m{ password_web_expose_subadmin 0 + + reseller_edit 1 + + lb_int 127.0.0.1:5060 lb_ext 1.2.3.4:5060 diff --git a/share/templates/subprofile/profile_list.tt b/share/templates/subprofile/profile_list.tt index c3d2ff7deb..34787413b3 100644 --- a/share/templates/subprofile/profile_list.tt +++ b/share/templates/subprofile/profile_list.tt @@ -17,15 +17,24 @@ END; UNLESS c.user.read_only; - helper.dt_buttons = [ - { name = c.loc('Edit'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/edit", class = 'btn-small btn-primary', icon = 'icon-edit' }, - { name = c.loc('Delete'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/delete", class = 'btn-small btn-secondary', icon = 'icon-trash' }, - { name = c.loc('Clone'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/clone", class = 'btn-small btn-tertiary', icon = 'icon-retweet' }, - ]; - helper.top_buttons = [ - { name = c.loc('Profile Sets'), uri = c.uri_for('/subscriberprofile'), icon = 'icon-list' }, - { name = c.loc('Create Subscriber Profile'), uri = c.uri_for_action('/subscriberprofile/profile_create', c.req.captures), icon = 'icon-star' }, - ]; + UNLESS c.user.roles == "reseller" && !c.config.profile_sets.reseller_edit; + helper.dt_buttons = [ + { name = c.loc('Edit'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/edit", class = 'btn-small btn-primary', icon = 'icon-edit' }, + { name = c.loc('Delete'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/delete", class = 'btn-small btn-secondary', icon = 'icon-trash' }, + { name = c.loc('Clone'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/clone", class = 'btn-small btn-tertiary', icon = 'icon-retweet' }, + ]; + helper.top_buttons = [ + { name = c.loc('Profile Sets'), uri = c.uri_for('/subscriberprofile'), icon = 'icon-list' }, + { name = c.loc('Create Subscriber Profile'), uri = c.uri_for_action('/subscriberprofile/profile_create', c.req.captures), icon = 'icon-star' }, + ]; + ELSE; + helper.dt_buttons = [ + { name = c.loc('Edit'), uri = "/subscriberprofile/" _ set.id _ "/profile/'+full.id+'/edit", class = 'btn-small btn-primary', icon = 'icon-edit' }, + ]; + helper.top_buttons = [ + { name = c.loc('Profile Sets'), uri = c.uri_for('/subscriberprofile'), icon = 'icon-list' }, + ]; + END; ELSE; helper.top_buttons = [ { name = c.loc('Profile Sets'), uri = c.uri_for('/subscriberprofile'), icon = 'icon-list' }, diff --git a/share/templates/subprofile/set_list.tt b/share/templates/subprofile/set_list.tt index 534dfa7b5f..b5278bddb0 100644 --- a/share/templates/subprofile/set_list.tt +++ b/share/templates/subprofile/set_list.tt @@ -17,15 +17,21 @@ END; UNLESS c.user.read_only; - helper.dt_buttons = [ - { name = c.loc('Edit'), uri = "/subscriberprofile/'+full.id+'/edit", class = 'btn-small btn-primary', icon = 'icon-edit' }, - { name = c.loc('Delete'), uri = "/subscriberprofile/'+full.id+'/delete", class = 'btn-small btn-secondary', icon = 'icon-trash' }, - { name = c.loc('Clone'), uri = "/subscriberprofile/'+full.id+'/clone", class = 'btn-small btn-tertiary', icon = 'icon-retweet' }, - { name = c.loc('Profiles'), uri = "/subscriberprofile/'+full.id+'/profile", class = 'btn-small btn-primary', icon = 'icon-list' }, - ]; - helper.top_buttons = [ - { name = c.loc('Create Subscriber Profile Set'), uri = c.uri_for_action('/subscriberprofile/set_create'), icon = 'icon-star' }, - ]; + UNLESS c.user.roles == "reseller" && !c.config.profile_sets.reseller_edit; + helper.dt_buttons = [ + { name = c.loc('Edit'), uri = "/subscriberprofile/'+full.id+'/edit", class = 'btn-small btn-primary', icon = 'icon-edit' }, + { name = c.loc('Delete'), uri = "/subscriberprofile/'+full.id+'/delete", class = 'btn-small btn-secondary', icon = 'icon-trash' }, + { name = c.loc('Clone'), uri = "/subscriberprofile/'+full.id+'/clone", class = 'btn-small btn-tertiary', icon = 'icon-retweet' }, + { name = c.loc('Profiles'), uri = "/subscriberprofile/'+full.id+'/profile", class = 'btn-small btn-primary', icon = 'icon-list' }, + ]; + helper.top_buttons = [ + { name = c.loc('Create Subscriber Profile Set'), uri = c.uri_for_action('/subscriberprofile/set_create'), icon = 'icon-star' }, + ]; + ELSE; + helper.dt_buttons = [ + { name = c.loc('Profiles'), uri = "/subscriberprofile/'+full.id+'/profile", class = 'btn-small btn-primary', icon = 'icon-list' }, + ]; + END; END; PROCESS 'helpers/datatables.tt';