From bb1b419c6da72704f9e79d8ec564d6d5435b1b80 Mon Sep 17 00:00:00 2001 From: Gerhard Jungwirth Date: Wed, 12 Apr 2017 16:20:50 +0200 Subject: [PATCH] TT#4336 api pbxdevices for subscriberadmin Change-Id: Ife0647ea77bd304b0db169f86fe0785856094506 --- lib/NGCP/Panel/Controller/API/PbxDevices.pm | 10 +++++++++- lib/NGCP/Panel/Controller/API/PbxDevicesItem.pm | 2 +- lib/NGCP/Panel/Role/API/PbxDevices.pm | 16 ++++++++++++++-- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/lib/NGCP/Panel/Controller/API/PbxDevices.pm b/lib/NGCP/Panel/Controller/API/PbxDevices.pm index 383f2c4500..f4213b0b40 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDevices.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDevices.pm @@ -79,7 +79,7 @@ __PACKAGE__->config( action => { map { $_ => { ACLDetachTo => '/api/root/invalid_user', - AllowedRole => [qw/admin reseller/], + AllowedRole => [qw/admin reseller subscriberadmin/], Args => 0, Does => [qw(ACL CheckTrailingSlash RequireSSL)], Method => $_, @@ -181,6 +181,10 @@ sub POST :Allow { ); last unless $resource; + if ($c->user->roles eq 'subscriberadmin') { + $resource->{customer_id} = $c->user->account_id; + } + my $form = $self->get_form($c); last unless $self->validate_form( c => $c, @@ -226,6 +230,10 @@ sub POST :Allow { } my $b_subs = $schema->resultset('voip_subscribers')->find($line->{subscriber_id}); my $p_subs = $b_subs ? $b_subs->provisioning_voip_subscriber : undef; + unless ($b_subs && $b_subs->contract_id == $customer->id) { + $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Invalid 'subscriber_id. Subscriber doesn't exist or doesn't belong to this customer."); + return; + } unless ($p_subs) { $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Invalid 'subscriber_id'. Could not find subscriber."); return; diff --git a/lib/NGCP/Panel/Controller/API/PbxDevicesItem.pm b/lib/NGCP/Panel/Controller/API/PbxDevicesItem.pm index 7d4a657a96..1b0a949115 100644 --- a/lib/NGCP/Panel/Controller/API/PbxDevicesItem.pm +++ b/lib/NGCP/Panel/Controller/API/PbxDevicesItem.pm @@ -37,7 +37,7 @@ __PACKAGE__->config( action => { map { $_ => { ACLDetachTo => '/api/root/invalid_user', - AllowedRole => [qw/admin reseller/], + AllowedRole => [qw/admin reseller subscriberadmin/], Args => 1, Does => [qw(ACL RequireSSL)], Method => $_, diff --git a/lib/NGCP/Panel/Role/API/PbxDevices.pm b/lib/NGCP/Panel/Role/API/PbxDevices.pm index f86aa721eb..93a4be4468 100644 --- a/lib/NGCP/Panel/Role/API/PbxDevices.pm +++ b/lib/NGCP/Panel/Role/API/PbxDevices.pm @@ -85,13 +85,17 @@ sub _item_rs { my ($self, $c) = @_; my $item_rs = $c->model('DB')->resultset('autoprov_field_devices'); - if($c->user->roles eq "admin") { + if ($c->user->roles eq "admin") { } elsif ($c->user->roles eq "reseller") { $item_rs = $item_rs->search({ 'device.reseller_id' => $c->user->reseller_id },{ 'join' => { 'profile' => { 'config' => 'device' } }, }); + } elsif ($c->user->roles eq "subscriberadmin") { + $item_rs = $item_rs->search({ + 'me.contract_id' => $c->user->account_id, + }); } return $item_rs; } @@ -109,6 +113,10 @@ sub update_item { delete $resource->{id}; my $schema = $c->model('DB'); + if ($c->user->roles eq 'subscriberadmin') { + $resource->{customer_id} = $c->user->account_id; + } + return unless $self->validate_form( c => $c, form => $form, @@ -125,7 +133,7 @@ sub update_item { id => $resource->{customer_id}, status => { '!=' => 'terminated' }, }); - if($c->user->roles eq "admin") { + if ($c->user->roles eq "admin") { } elsif($c->user->roles eq "reseller") { $customer_rs = $customer_rs->search({ 'contact.reseller_id' => $c->user->reseller_id, @@ -157,6 +165,10 @@ sub update_item { } my $b_subs = $schema->resultset('voip_subscribers')->find($line->{subscriber_id}); my $p_subs = $b_subs ? $b_subs->provisioning_voip_subscriber : undef; + unless ($b_subs && $b_subs->contract_id == $customer->id) { + $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Invalid 'subscriber_id. Subscriber doesn't exist or doesn't belong to this customer."); + return; + } unless ($p_subs) { $self->error($c, HTTP_UNPROCESSABLE_ENTITY, "Invalid 'subscriber_id'. Could not find subscriber."); return;