sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#65101 add ccareadmin ccare roles

Browse Source 
* ccareadmin and ccare roles have full access to
      Customers, Subscribers and their preferences/settings,
      and read-only access to BillingProfiles,InvoceTemplates,
      EmailTemplates
    * ccare role is restricted to the related reseller

Change-Id: I6cf7d3adf912f0fa98d1ef5c02abea2f4331ec4b
changes/28/32728/5
Kirill Solomko 6 years ago
parent 9d6748e2d5
commit ce664263b2
118 changed files with 803 additions and 382 deletions
Show Stats Download Patch File Download Diff File

9
lib/NGCP/Panel/Authentication/Store/RoleFromRealm.pm
Unescape View File

@ -8,8 +8,13 @@ sub roles {
if ($self->auth_realm) {
for my $auth_type (qw/admin_bcrypt admin api_admin_cert api_admin_http api_admin api_admin_bcrypt/) {
if ($auth_type eq $self->auth_realm) {
$self->_user->is_superuser ? return "admin"
: return "reseller";
if ($self->_user->is_ccare) {
$self->_user->is_superuser ? return "ccareadmin"
: return "ccare";
} else {
$self->_user->is_superuser ? return "admin"
: return "reseller";
}
}
}
foreach my $auth_type (qw/subscriber api_subscriber_http api_subscriber_jwt/) { # TODO: simplify this

2
lib/NGCP/Panel/Controller/API/AutoAttendants.pm
Unescape View File

@ -41,7 +41,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/AutoAttendantsItem.pm
Unescape View File

@ -39,8 +39,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriberadmin/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

2
lib/NGCP/Panel/Controller/API/BalanceIntervals.pm
Unescape View File

@ -85,7 +85,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {

2
lib/NGCP/Panel/Controller/API/BalanceIntervalsItem.pm
Unescape View File

@ -55,7 +55,7 @@ sub query_params {
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
action_add => {
item_base => {
Chained => '/',

7
lib/NGCP/Panel/Controller/API/BillingNetworks.pm
Unescape View File

@ -132,9 +132,12 @@ sub POST :Allow {
);
last unless $resource;
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin") {
} elsif ($c->user->roles eq "reseller") {
$resource->{reseller_id} = $c->user->reseller_id;
} elsif ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
last;
}
my $form = $self->get_form($c);

9
lib/NGCP/Panel/Controller/API/BillingProfiles.pm
Unescape View File

@ -62,7 +62,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {
@ -119,9 +119,12 @@ sub POST :Allow {
);
last unless $resource;
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin") {
} elsif ($c->user->roles eq "reseller") {
$resource->{reseller_id} = $c->user->reseller_id;
} elsif ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
last;
} else {
$resource->{reseller_id} = $c->user->contract->contact->reseller_id;
}

19
lib/NGCP/Panel/Controller/API/BillingProfilesItem.pm
Unescape View File

@ -37,8 +37,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});
@ -80,6 +80,11 @@ sub PATCH :Allow {
);
last unless $json;
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
last;
}
my $profile = $self->profile_by_id($c, $id);
last unless $self->resource_exists($c, billingprofile => $profile);
my $old_resource = { $profile->get_inflated_columns };
@ -108,6 +113,11 @@ sub PUT :Allow {
my $preference = $self->require_preference($c);
last unless $preference;
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
last;
}
my $profile = $self->profile_by_id($c, $id);
last unless $self->resource_exists($c, billingprofile => $profile );
my $resource = $self->get_valid_put_data(
@ -136,6 +146,11 @@ sub DELETE :Allow {
my ($self, $c, $id) = @_;
my $guard = $c->model('DB')->txn_scope_guard;
{
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
last;
}
my $billing_profile = $self->item_by_id($c, $id);
last unless $self->resource_exists($c, billingprofile => $billing_profile);
last unless NGCP::Panel::Utils::Reseller::check_reseller_delete_item($c, $billing_profile->reseller_id, sub {

2
lib/NGCP/Panel/Controller/API/CFBNumberSets.pm
Unescape View File

@ -59,7 +59,7 @@ sub documentation_sample {
use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::CFBNumberSets/;
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub create_item {

4
lib/NGCP/Panel/Controller/API/CFBNumberSetsItem.pm
Unescape View File

@ -27,8 +27,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriberadmin subscriber/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
Journal => [qw/admin reseller ccareadmin ccare/],
},
PATCH => { ops => [qw/add replace remove copy/] },
});

2
lib/NGCP/Panel/Controller/API/CFDestinationSets.pm
Unescape View File

@ -64,7 +64,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/CFDestinationSetsItem.pm
Unescape View File

@ -39,8 +39,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriberadmin subscriber/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

2
lib/NGCP/Panel/Controller/API/CFMappings.pm
Unescape View File

@ -57,7 +57,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/CFMappingsItem.pm
Unescape View File

@ -39,8 +39,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriberadmin subscriber/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

2
lib/NGCP/Panel/Controller/API/CFSourceSets.pm
Unescape View File

@ -71,7 +71,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/CFSourceSetsItem.pm
Unescape View File

@ -39,8 +39,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriberadmin subscriber/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

2
lib/NGCP/Panel/Controller/API/CFTimeSets.pm
Unescape View File

@ -64,7 +64,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/CFTimeSetsItem.pm
Unescape View File

@ -39,8 +39,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriberadmin subscriber/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

2
lib/NGCP/Panel/Controller/API/CustomerBalances.pm
Unescape View File

@ -117,7 +117,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/CustomerBalancesItem.pm
Unescape View File

@ -37,8 +37,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

2
lib/NGCP/Panel/Controller/API/CustomerContacts.pm
Unescape View File

@ -61,7 +61,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/CustomerContactsItem.pm
Unescape View File

@ -37,8 +37,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

4
lib/NGCP/Panel/Controller/API/CustomerFraudEvents.pm
Unescape View File

@ -71,7 +71,7 @@ sub relation{
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
1;
1;

2
lib/NGCP/Panel/Controller/API/CustomerFraudEventsItem.pm
Unescape View File

@ -28,7 +28,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
1;

2
lib/NGCP/Panel/Controller/API/CustomerLocations.pm
Unescape View File

@ -63,7 +63,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/CustomerLocationsItem.pm
Unescape View File

@ -40,8 +40,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

2
lib/NGCP/Panel/Controller/API/CustomerPreferenceDefs.pm
Unescape View File

@ -12,7 +12,7 @@ sub allowed_methods{
__PACKAGE__->set_config({
preferences_group => 'contract_pref',
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
1;

2
lib/NGCP/Panel/Controller/API/CustomerPreferences.pm
Unescape View File

@ -9,7 +9,7 @@ sub allowed_methods{
use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::Preferences/;
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub item_name{

4
lib/NGCP/Panel/Controller/API/CustomerPreferencesItem.pm
Unescape View File

@ -8,8 +8,8 @@ use parent qw/NGCP::Panel::Role::EntitiesItem NGCP::Panel::Role::API::Preference
__PACKAGE__->set_config({
PATCH => { ops => [qw/add replace remove copy/] },
allowed_roles => {
Default => [qw/admin reseller/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

2
lib/NGCP/Panel/Controller/API/Customers.pm
Unescape View File

@ -147,7 +147,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/CustomersItem.pm
Unescape View File

@ -42,8 +42,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriberadmin/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

7
lib/NGCP/Panel/Controller/API/Domains.pm
Unescape View File

@ -63,7 +63,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {
@ -113,6 +113,11 @@ sub GET :Allow {
sub POST :Allow {
my ($self, $c) = @_;
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
my $guard = $c->model('DB')->txn_scope_guard;
{
my $resource = $self->get_valid_post_data(

10
lib/NGCP/Panel/Controller/API/EmailTemplates.pm
Unescape View File

@ -60,7 +60,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {
@ -122,9 +122,13 @@ sub POST :Allow {
resource => $resource,
form => $form,
);
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin") {
} elsif ($c->user->roles eq "reseller") {
$resource->{reseller_id} = $c->user->reseller_id;
} elsif ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
last;
}
my $item;

5
lib/NGCP/Panel/Controller/API/EmailTemplatesItem.pm
Unescape View File

@ -90,6 +90,11 @@ sub PUT :Allow {
my ($self, $c, $id) = @_;
my $guard = $c->model('DB')->txn_scope_guard;
{
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
last;
}
my $preference = $self->require_preference($c);
last unless $preference;

2
lib/NGCP/Panel/Controller/API/FaxserverSettings.pm
Unescape View File

@ -6,7 +6,7 @@ use Sipwise::Base;
use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::FaxserverSettings/;
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriber subscriberadmin/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriber subscriberadmin/],
});
sub allowed_methods{

4
lib/NGCP/Panel/Controller/API/FaxserverSettingsItem.pm
Unescape View File

@ -11,8 +11,8 @@ use parent qw/NGCP::Panel::Role::EntitiesItem NGCP::Panel::Role::API::FaxserverS
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriber subscriberadmin/],
Journal => [qw/admin reseller subscriber subscriberadmin/],
Default => [qw/admin reseller ccareadmin ccare subscriber subscriberadmin/],
Journal => [qw/admin reseller ccareadmin ccare subscriber subscriberadmin/],
},
PATCH => { ops => [qw/add replace remove copy/] },
});

2
lib/NGCP/Panel/Controller/API/InvoiceTemplates.pm
Unescape View File

@ -60,7 +60,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {

2
lib/NGCP/Panel/Controller/API/InvoiceTemplatesItem.pm
Unescape View File

@ -30,7 +30,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {

2
lib/NGCP/Panel/Controller/API/MailToFaxSettings.pm
Unescape View File

@ -71,7 +71,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/MailToFaxSettingsItem.pm
Unescape View File

@ -37,8 +37,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

2
lib/NGCP/Panel/Controller/API/ProfilePreferenceDefs.pm
Unescape View File

@ -12,7 +12,7 @@ sub allowed_methods{
__PACKAGE__->set_config({
preferences_group => 'prof_pref',
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
1;

4
lib/NGCP/Panel/Controller/API/RemindersItem.pm
Unescape View File

@ -36,8 +36,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriberadmin subscriber/],
Journal => [qw/admin reseller subscriberadmin subscriber/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
Journal => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
}
});

2
lib/NGCP/Panel/Controller/API/Root.pm
Unescape View File

@ -28,7 +28,7 @@ __PACKAGE__->config(
action => {
map { $_ => {
ACLDetachTo => 'invalid_user',
AllowedRole => [qw/admin reseller subscriberadmin subscriber/],
AllowedRole => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
Args => 0,
Does => [qw(ACL CheckTrailingSlash RequireSSL)],
Method => $_,

2
lib/NGCP/Panel/Controller/API/SpeedDials.pm
Unescape View File

@ -55,7 +55,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/SpeedDialsItem.pm
Unescape View File

@ -39,8 +39,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriberadmin subscriber/],
Journal => [qw/admin reseller subscriberadmin subscriber/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
Journal => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
}
});

2
lib/NGCP/Panel/Controller/API/SubscriberPreferenceDefs.pm
Unescape View File

@ -12,7 +12,7 @@ sub allowed_methods{
__PACKAGE__->set_config({
preferences_group => 'usr_pref',
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
1;

2
lib/NGCP/Panel/Controller/API/SubscriberPreferences.pm
Unescape View File

@ -16,7 +16,7 @@ use NGCP::Panel::Utils::DateTime;
use NGCP::Panel::Utils::ProfilePackages qw();
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub allowed_methods{

4
lib/NGCP/Panel/Controller/API/SubscriberPreferencesItem.pm
Unescape View File

@ -17,8 +17,8 @@ use NGCP::Panel::Utils::ProfilePackages qw();
__PACKAGE__->set_config({
PATCH => { ops => [qw/add replace remove copy/] },
allowed_roles => {
Default => [qw/admin reseller subscriberadmin subscriber/],
Journal => [qw/admin reseller subscriberadmin subscriber/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
Journal => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
}
});

7
lib/NGCP/Panel/Controller/API/SubscriberProfileSets.pm
Unescape View File

@ -60,7 +60,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {
@ -110,6 +110,11 @@ sub GET :Allow {
sub POST :Allow {
my ($self, $c) = @_;
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}) {
$c->log->error("profile set creation by reseller forbidden via config");
$self->error($c, HTTP_FORBIDDEN, "Subscriber profile set creation forbidden for resellers.");

17
lib/NGCP/Panel/Controller/API/SubscriberProfileSetsItem.pm
Unescape View File

@ -36,7 +36,7 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare/],
Journal => [qw/admin reseller/],
}
});
@ -66,6 +66,11 @@ sub GET :Allow {
sub PATCH :Allow {
my ($self, $c, $id) = @_;
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}) {
$c->log->error("profile set modification by reseller forbidden via config");
$self->error($c, HTTP_FORBIDDEN, "Subscriber profile set modification forbidden for resellers.");
@ -107,6 +112,11 @@ sub PATCH :Allow {
sub PUT :Allow {
my ($self, $c, $id) = @_;
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}) {
$c->log->error("profile set modification by reseller forbidden via config");
$self->error($c, HTTP_FORBIDDEN, "Subscriber profile set modification forbidden for resellers.");
@ -144,6 +154,11 @@ sub PUT :Allow {
sub DELETE :Allow {
my ($self, $c, $id) = @_;
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}) {
$c->log->error("profile set deletion by reseller forbidden via config");
$self->error($c, HTTP_FORBIDDEN, "Subscriber profile set deletion forbidden for resellers.");

7
lib/NGCP/Panel/Controller/API/SubscriberProfiles.pm
Unescape View File

@ -60,7 +60,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {
@ -108,6 +108,11 @@ sub GET :Allow {
sub POST :Allow {
my ($self, $c) = @_;
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}) {
$c->log->error("profile creation by reseller forbidden via config");
$self->error($c, HTTP_FORBIDDEN, "Subscriber profile creation forbidden for resellers.");

19
lib/NGCP/Panel/Controller/API/SubscriberProfilesItem.pm
Unescape View File

@ -36,8 +36,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});
@ -67,6 +67,11 @@ sub PATCH :Allow {
my ($self, $c, $id) = @_;
my $guard = $c->model('DB')->txn_scope_guard;
{
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
my $preference = $self->require_preference($c);
last unless $preference;
@ -103,6 +108,11 @@ sub PUT :Allow {
my ($self, $c, $id) = @_;
my $guard = $c->model('DB')->txn_scope_guard;
{
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
my $preference = $self->require_preference($c);
last unless $preference;
@ -131,6 +141,11 @@ sub PUT :Allow {
sub DELETE :Allow {
my ($self, $c, $id) = @_;
if ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
if($c->user->roles eq "reseller" && !$c->config->{profile_sets}->{reseller_edit}) {
$c->log->error("profile deletion by reseller forbidden via config");
$self->error($c, HTTP_FORBIDDEN, "Subscriber profile deletion forbidden for resellers.");

2
lib/NGCP/Panel/Controller/API/SubscriberRegistrations.pm
Unescape View File

@ -82,7 +82,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {

2
lib/NGCP/Panel/Controller/API/SubscriberRegistrationsItem.pm
Unescape View File

@ -30,7 +30,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {

2
lib/NGCP/Panel/Controller/API/Subscribers.pm
Unescape View File

@ -18,7 +18,7 @@ use NGCP::Panel::Utils::Events qw();
use UUID;
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub allowed_methods{

4
lib/NGCP/Panel/Controller/API/SubscribersItem.pm
Unescape View File

@ -23,8 +23,8 @@ use parent qw/NGCP::Panel::Role::EntitiesItem NGCP::Panel::Role::API::Subscriber
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriberadmin subscriber/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

2
lib/NGCP/Panel/Controller/API/TrustedSources.pm
Unescape View File

@ -54,7 +54,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller/],
allowed_roles => [qw/admin reseller ccareadmin ccare/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/TrustedSourcesItem.pm
Unescape View File

@ -36,8 +36,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller/],
Journal => [qw/admin reseller/],
Default => [qw/admin reseller ccareadmin ccare/],
Journal => [qw/admin reseller ccareadmin ccare/],
}
});

2
lib/NGCP/Panel/Controller/API/VoicemailGreetings.pm
Unescape View File

@ -17,7 +17,7 @@ sub allowed_methods{
}
sub config_allowed_roles {
return [qw/admin reseller subscriberadmin subscriber/];
return [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/];
}
sub api_description {

2
lib/NGCP/Panel/Controller/API/VoicemailGreetingsItem.pm
Unescape View File

@ -18,7 +18,7 @@ __PACKAGE__->set_config({
#'application/json' is first one and thus is default, if no accept header was received.
'ReturnContentType' => ['application/json', 'audio/x-wav', 'audio/mpeg', 'audio/ogg'],#,
},
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub allowed_methods{

2
lib/NGCP/Panel/Controller/API/VoicemailSettings.pm
Unescape View File

@ -53,7 +53,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub GET :Allow {

4
lib/NGCP/Panel/Controller/API/VoicemailSettingsItem.pm
Unescape View File

@ -36,8 +36,8 @@ sub journal_query_params {
__PACKAGE__->set_config({
allowed_roles => {
Default => [qw/admin reseller subscriberadmin subscriber/],
Journal => [qw/admin reseller subscriberadmin subscriber/],
Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
Journal => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
}
});

2
lib/NGCP/Panel/Controller/API/Voicemails.pm
Unescape View File

@ -70,7 +70,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub GET :Allow {

2
lib/NGCP/Panel/Controller/API/VoicemailsItem.pm
Unescape View File

@ -31,7 +31,7 @@ sub relation{
}
__PACKAGE__->set_config({
allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
});
sub GET :Allow {

5
lib/NGCP/Panel/Controller/Administrator.pm
Unescape View File

@ -33,6 +33,7 @@ sub list_admin :PathPart('administrator') :Chained('/') :CaptureArgs(0) {
@{ $cols } = (@{ $cols },
{ name => "login", search => 1, title => $c->loc("Login") },
{ name => "is_master", title => $c->loc("Master") },
{ name => "is_ccare", title => $c->loc("Customer Care") },
{ name => "is_active", title => $c->loc("Active") },
{ name => "read_only", title => $c->loc("Read Only") },
{ name => "show_passwords", title => $c->loc("Show Passwords") },
@ -374,7 +375,7 @@ sub toggle_openvpn :Chained('list_admin') :PathPart('openvpn/toggle') :Args(1) {
unless ($set_active eq 'confirm') {
my ($message, $error) = NGCP::Panel::Utils::Admin::toggle_openvpn($c, $set_active);
if ( $message ) {
if ( $message ) {
NGCP::Panel::Utils::Message::info(
c => $c,
desc => $c->loc($message),
@ -383,7 +384,7 @@ sub toggle_openvpn :Chained('list_admin') :PathPart('openvpn/toggle') :Args(1) {
flash => 0,
);
}
if ( $error ) {
if ( $error ) {
NGCP::Panel::Utils::Message::error(
c => $c,
error => $error,

19
lib/NGCP/Panel/Controller/Billing.pm
Unescape View File

@ -14,17 +14,18 @@ use NGCP::Panel::Utils::Datatables;
use NGCP::Panel::Utils::DateTime;
use NGCP::Panel::Utils::Billing;
sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub auto :Private {
my ($self, $c) = @_;
$c->log->debug(__PACKAGE__ . '::auto');
NGCP::Panel::Utils::Navigation::check_redirect_chain(c => $c);
return 1;
}
sub profile_list :Chained('/') :PathPart('billing') :CaptureArgs(0) {
sub profile_list :Chained('/') :PathPart('billing') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ( $self, $c ) = @_;
my $dispatch_to = '_profile_resultset_' . $c->user->roles;
my $dispatch_role = $c->user->roles =~ /admin$/ ? 'admin' : 'reseller';
my $dispatch_to = '_profile_resultset_' . $dispatch_role;
my $profiles_rs = $self->$dispatch_to($c);
$c->stash(profiles_rs => $profiles_rs);
$c->stash->{profile_dt_columns} = NGCP::Panel::Utils::Datatables::set_columns($c, [
@ -38,6 +39,10 @@ sub profile_list :Chained('/') :PathPart('billing') :CaptureArgs(0) {
$c->stash(template => 'billing/list.tt');
}
sub profile_list_restricted :Chained('profile_list') :PathPart('') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
my ($self, $c) = @_;
}
sub _profile_resultset_admin {
my ($self, $c) = @_;
my $rs = $c->model('DB')->resultset('billing_profiles')->search({
@ -94,7 +99,7 @@ sub ajax_filter_reseller :Chained('profile_list') :PathPart('ajax/filter_reselle
$c->detach( $c->view("JSON") );
}
sub base :Chained('profile_list') :PathPart('') :CaptureArgs(1) {
sub base :Chained('profile_list_restricted') :PathPart('') :CaptureArgs(1) {
my ($self, $c, $profile_id) = @_;
unless($profile_id && is_int($profile_id)) {
@ -201,10 +206,11 @@ sub process_edit :Private {
$c->stash( 'form' => $form );
}
sub create :Chained('profile_list') :PathPart('create') :Args(0) {
sub create :Chained('profile_list_restricted') :PathPart('create') :Args(0) {
my ($self, $c, $no_reseller) = @_;
$c->forward('process_create', [$no_reseller, 0 ]);
}
sub duplicate :Chained('base') :PathPart('duplicate') {
my ($self, $c, $no_reseller) = @_;
my $posted = ($c->request->method eq 'POST');
@ -289,7 +295,7 @@ sub process_create :Private {
$c->stash(form => $form);
}
sub create_without_reseller :Chained('profile_list') :PathPart('create/noreseller') :Args(0) {
sub create_without_reseller :Chained('profile_list_restricted') :PathPart('create/noreseller') :Args(0) {
my ($self, $c) = @_;
$self->create($c, 1);
@ -1130,4 +1136,3 @@ it under the same terms as Perl itself.
=cut
# vim: set tabstop=4 expandtab:

4
lib/NGCP/Panel/Controller/Contact.pm
Unescape View File

@ -17,7 +17,7 @@ sub auto :Private {
return 1;
}
sub list_contact :Chained('/') :PathPart('contact') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub list_contact :Chained('/') :PathPart('contact') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
my $contacts = $c->model('DB')->resultset('contacts')->search({
@ -332,7 +332,7 @@ sub ajax_list_contacts{
}
sub countries_ajax :Chained('/') :PathPart('contact/country/ajax') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub countries_ajax :Chained('/') :PathPart('contact/country/ajax') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
my $from = $c->request->params->{iDisplayStart} // 0;

8
lib/NGCP/Panel/Controller/Customer.pm
Unescape View File

@ -33,7 +33,7 @@ Catalyst Controller.
=cut
sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(subscriberadmin) {
sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) :AllowedRole(subscriberadmin) {
my ($self, $c) = @_;
$c->log->debug(__PACKAGE__ . '::auto');
NGCP::Panel::Utils::Navigation::check_redirect_chain(c => $c);
@ -73,7 +73,7 @@ sub list_customer :Chained('/') :PathPart('customer') :CaptureArgs(0) {
);
}
sub root :Chained('list_customer') :PathPart('') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub root :Chained('list_customer') :PathPart('') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
}
@ -283,7 +283,7 @@ sub base :Chained('list_customer') :PathPart('') :CaptureArgs(1) {
'me.id' => $contract_id,
},undef);
if($c->user->roles eq 'reseller') {
if ($c->user->roles eq 'reseller' || $c->user->roles eq 'ccare') {
$contract_rs = $contract_rs->search({
'contact.reseller_id' => $c->user->reseller_id,
}, {
@ -503,7 +503,7 @@ sub base :Chained('list_customer') :PathPart('') :CaptureArgs(1) {
$c->stash(phonebook => $contract_first->phonebook );
}
sub base_restricted :Chained('base') :PathPart('') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub base_restricted :Chained('base') :PathPart('') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
}

22
lib/NGCP/Panel/Controller/EmailTemplate.pm
Unescape View File

@ -10,7 +10,7 @@ use NGCP::Panel::Utils::Email;
use NGCP::Panel::Utils::Message;
use JSON qw/encode_json decode_json/;
sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub auto :Private {
my ($self, $c) = @_;
$c->log->debug(__PACKAGE__ . '::auto');
NGCP::Panel::Utils::Navigation::check_redirect_chain(c => $c);
@ -19,7 +19,7 @@ sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRol
}
sub tmpl_list :Chained('/') :PathPart('emailtemplate') :CaptureArgs(0) {
sub tmpl_list :Chained('/') :PathPart('emailtemplate') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ( $self, $c ) = @_;
my $tmpl_rs = $c->model('DB')->resultset('email_templates');
@ -31,9 +31,9 @@ sub tmpl_list :Chained('/') :PathPart('emailtemplate') :CaptureArgs(0) {
{ name => 'subject', search => 1, title => $c->loc('Subject') },
]);
#select r.id as reseller_id,r.name as reseller_name, etd.id as email_template_id, etd.name as email_template_name from resellers r
#select r.id as reseller_id,r.name as reseller_name, etd.id as email_template_id, etd.name as email_template_name from resellers r
#join email_templates etd on etd.reseller_id is null
#left join email_templates et on et.name=etd.name and et.reseller_id=r.id
#left join email_templates et on et.name=etd.name and et.reseller_id=r.id
#where et.id is null order by r.id,etd.id;
my $tmpl_missed_rs = $c->model('DB')->resultset('resellers')->search_rs({
'et.id' => undef,
@ -88,6 +88,10 @@ sub tmpl_list :Chained('/') :PathPart('emailtemplate') :CaptureArgs(0) {
$c->stash(template => 'emailtemplate/list.tt');
}
sub tmpl_list_restricted :Chained('tmpl_list') :PathPart('') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
my ($self, $c) = @_;
}
sub tmpl_root :Chained('tmpl_list') :PathPart('') :Args(0) {
my ($self, $c) = @_;
}
@ -142,7 +146,7 @@ sub tmpl_ajax_missed :Chained('tmpl_list') :PathPart('ajax/missed') :Args(0) {
$c->detach( $c->view("JSON") );
}
sub tmpl_create :Chained('tmpl_list') :PathPart('create') :Args(0) {
sub tmpl_create :Chained('tmpl_list_restricted') :PathPart('create') :Args(0) {
my ($self, $c) = @_;
my $posted = ($c->request->method eq 'POST');
@ -176,13 +180,13 @@ sub tmpl_create :Chained('tmpl_list') :PathPart('create') :Args(0) {
);
}
sub tmpl_sync :Chained('tmpl_list') :PathPart('sync') :Args(0) {
sub tmpl_sync :Chained('tmpl_list_restricted') :PathPart('sync') :Args(0) {
my ($self, $c) = @_;
my $posted = ($c->request->method eq 'POST');
my $form = NGCP::Panel::Form::get("NGCP::Panel::Form::EmailTemplate::Sync", $c);
my $params = { id => encode_json([map { $_->id } $c->stash->{tmpl_missed_rs}->all]) };
$form->process(
posted => $posted,
params => $c->request->params,
@ -227,7 +231,7 @@ sub tmpl_sync :Chained('tmpl_list') :PathPart('sync') :Args(0) {
);
}
sub tmpl_base :Chained('tmpl_list') :PathPart('') :CaptureArgs(1) {
sub tmpl_base :Chained('tmpl_list_restricted') :PathPart('') :CaptureArgs(1) {
my ($self, $c, $tmpl_id) = @_;
$c->detach('/denied_page')
@ -317,7 +321,7 @@ sub tmpl_edit :Chained('tmpl_base') :PathPart('edit') {
);
}
sub tmpl_copy :Chained('tmpl_list') :PathPart('copy'): Args(1) {
sub tmpl_copy :Chained('tmpl_list_restricted') :PathPart('copy'): Args(1) {
my ($self, $c, $tmpl_id) = @_;
$c->detach('/denied_page')

2
lib/NGCP/Panel/Controller/Invoice.pm
Unescape View File

@ -49,7 +49,7 @@ sub inv_list :Chained('/') :PathPart('invoice') :CaptureArgs(0) :Does(ACL) :ACLD
$c->stash(template => 'invoice/invoice_list.tt');
}
sub customer_inv_list :Chained('/') :PathPart('invoice/customer') :CaptureArgs(1) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(subscriberadmin) {
sub customer_inv_list :Chained('/') :PathPart('invoice/customer') :CaptureArgs(1) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) :AllowedRole(subscriberadmin) {
my ( $self, $c, $contract_id ) = @_;
$c->stash->{inv_dt_columns} = NGCP::Panel::Utils::Datatables::set_columns($c, [

14
lib/NGCP/Panel/Controller/InvoiceTemplate.pm
Unescape View File

@ -17,8 +17,8 @@ sub auto :Private {
return 1;
}
sub template_list :Chained('/') :PathPart('invoicetemplate') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
my ( $self, $c ) = @_;
sub template_list :Chained('/') :PathPart('invoicetemplate') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
$c->stash->{tmpl_rs} = $c->model('DB')->resultset('invoice_templates');
if($c->user->roles eq "admin") {
@ -38,6 +38,10 @@ sub template_list :Chained('/') :PathPart('invoicetemplate') :CaptureArgs(0) :Do
$c->stash(template => 'invoice/template_list.tt');
}
sub template_list_restricted :Chained('template_list') :PathPart('') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
my ($self, $c) = @_;
}
sub root :Chained('template_list') :PathPart('') :Args(0) {
my ($self, $c) = @_;
}
@ -58,7 +62,7 @@ sub reseller_ajax :Chained('template_list') :PathPart('ajax/reseller') :Args(1)
$c->detach( $c->view("JSON") );
}
sub base :Chained('template_list') :PathPart('') :CaptureArgs(1) {
sub base :Chained('template_list_restricted') :PathPart('') :CaptureArgs(1) {
my ($self, $c, $tmpl_id) = @_;
unless($tmpl_id && is_int($tmpl_id)) {
@ -82,7 +86,7 @@ sub base :Chained('template_list') :PathPart('') :CaptureArgs(1) {
$c->stash(tmpl => $res);
}
sub create :Chained('template_list') :PathPart('create') :Args() {
sub create :Chained('template_list_restricted') :PathPart('create') :Args() {
my ($self, $c, $reseller_id) = @_;
if(defined $reseller_id && !is_int($reseller_id)) {
@ -270,7 +274,7 @@ sub edit_content :Chained('base') :PathPart('editcontent') :Args(0) {
$c->stash(template => 'invoice/template.tt');
}
sub messages_ajax :Chained('template_list') :PathPart('messages') :Args(0) {
sub messages_ajax :Chained('template_list_restricted') :PathPart('messages') :Args(0) {
my ($self, $c) = @_;
$c->stash(
messages => $c->flash->{messages},

15
lib/NGCP/Panel/Controller/Network.pm
Unescape View File

@ -10,17 +10,18 @@ use NGCP::Panel::Utils::Message;
use NGCP::Panel::Utils::Navigation;
use NGCP::Panel::Utils::BillingNetworks qw();
sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub auto :Private {
my ($self, $c) = @_;
$c->log->debug(__PACKAGE__ . '::auto');
NGCP::Panel::Utils::Navigation::check_redirect_chain(c => $c);
return 1;
}
sub network_list :Chained('/') :PathPart('network') :CaptureArgs(0) {
sub network_list :Chained('/') :PathPart('network') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
my $dispatch_to = '_network_resultset_' . $c->user->roles;
my $dispatch_role = $c->user->roles =~ /admin$/ ? 'admin' : 'reseller';
my $dispatch_to = '_network_resultset_' . $dispatch_role;
my $network_rs = $self->$dispatch_to($c);
$c->stash->{network_dt_columns} = NGCP::Panel::Utils::Datatables::set_columns($c, [
@ -34,6 +35,10 @@ sub network_list :Chained('/') :PathPart('network') :CaptureArgs(0) {
template => 'network/list.tt');
}
sub network_list_restricted :Chained('network_list') :PathPart('') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
my ($self, $c) = @_;
}
sub _network_resultset_admin {
my ($self, $c) = @_;
return $c->model('DB')->resultset('billing_networks')->search_rs(undef,
@ -68,7 +73,7 @@ sub root :Chained('network_list') :PathPart('') :Args(0) {
my ($self, $c) = @_;
}
sub create :Chained('network_list') :PathPart('create') :Args(0) {
sub create :Chained('network_list_restricted') :PathPart('create') :Args(0) {
my ($self, $c) = @_;
my $posted = ($c->request->method eq 'POST');
@ -130,7 +135,7 @@ sub create :Chained('network_list') :PathPart('create') :Args(0) {
);
}
sub base :Chained('/network/network_list') :PathPart('') :CaptureArgs(1) {
sub base :Chained('/network/network_list_restricted') :PathPart('') :CaptureArgs(1) {
my ($self, $c, $network_id) = @_;
unless($network_id && is_int($network_id)) {

20
lib/NGCP/Panel/Controller/Package.pm
Unescape View File

@ -11,17 +11,18 @@ use NGCP::Panel::Utils::Navigation;
use NGCP::Panel::Utils::ProfilePackages qw();
use NGCP::Panel::Utils::Voucher qw();
sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub auto :Private {
my ($self, $c) = @_;
$c->log->debug(__PACKAGE__ . '::auto');
NGCP::Panel::Utils::Navigation::check_redirect_chain(c => $c);
return 1;
}
sub package_list :Chained('/') :PathPart('package') :CaptureArgs(0) {
sub package_list :Chained('/') :PathPart('package') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
my $dispatch_to = '_package_resultset_' . $c->user->roles;
my $dispatch_role = $c->user->roles =~ /admin$/ ? 'admin' : 'reseller';
my $dispatch_to = '_package_resultset_' . $dispatch_role;
my $package_rs = $self->$dispatch_to($c);
$c->stash->{package_dt_columns} = NGCP::Panel::Utils::Datatables::set_columns($c, [
@ -35,6 +36,10 @@ sub package_list :Chained('/') :PathPart('package') :CaptureArgs(0) {
template => 'package/list.tt');
}
sub package_list_restricted :Chained('package_list') :PathPart('') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
my ($self, $c) = @_;
}
sub _package_resultset_admin {
my ($self, $c) = @_;
return $c->model('DB')->resultset('profile_packages')->search_rs(
@ -69,7 +74,7 @@ sub root :Chained('package_list') :PathPart('') :Args(0) {
my ($self, $c) = @_;
}
sub create :Chained('package_list') :PathPart('create') :Args(0) {
sub create :Chained('package_list_restricted') :PathPart('create') :Args(0) {
my ($self, $c) = @_;
my $posted = ($c->request->method eq 'POST');
@ -137,7 +142,7 @@ sub create :Chained('package_list') :PathPart('create') :Args(0) {
);
}
sub base :Chained('/package/package_list') :PathPart('') :CaptureArgs(1) {
sub base :Chained('/package/package_list_restricted') :PathPart('') :CaptureArgs(1) {
my ($self, $c, $package_id) = @_;
unless($package_id && is_int($package_id)) {
@ -289,10 +294,11 @@ sub ajax_filter_reseller :Chained('package_list') :PathPart('ajax/filter_reselle
}
sub details_base :Chained('/') :PathPart('package') :CaptureArgs(1) {
sub details_base :Chained('/') :PathPart('package') :CaptureArgs(1) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
my ($self, $c, $package_id) = @_;
my $dispatch_to = '_package_resultset_' . $c->user->roles;
my $dispatch_role = $c->user->roles =~ /admin$/ ? 'admin' : 'reseller';
my $dispatch_to = '_package_resultset_' . $dispatch_role;
my $package_rs = $self->$dispatch_to($c);
unless($package_id && is_int($package_id)) {

4
lib/NGCP/Panel/Controller/Product.pm
Unescape View File

@ -7,14 +7,14 @@ use parent 'Catalyst::Controller';
use NGCP::Panel::Form;
sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub auto :Private {
my ($self, $c) = @_;
$c->log->debug(__PACKAGE__ . '::auto');
NGCP::Panel::Utils::Navigation::check_redirect_chain(c => $c);
return 1;
}
sub prod_list :Chained('/') :PathPart('product') :CaptureArgs(0) {
sub prod_list :Chained('/') :PathPart('product') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
my $prod_rs = $c->model('DB')->resultset('products')

16
lib/NGCP/Panel/Controller/Root.pm
Unescape View File

@ -93,6 +93,14 @@ sub auto :Private {
my $uuid = $c->user->uuid;
my $tz_row = $c->model('DB')->resultset('voip_subscriber_timezone')->find({uuid => $uuid});
_set_session_tz_from_row($c, $tz_row, 'subscriber', $uuid);
} elsif ($c->user->roles eq 'ccareadmin') {
my $reseller_id = $c->user->reseller_id;
my $tz_row = $c->model('DB')->resultset('reseller_timezone')->find({reseller_id => $reseller_id});
_set_session_tz_from_row($c, $tz_row, 'admin', $reseller_id);
} elsif($c->user->roles eq 'ccare') {
my $reseller_id = $c->user->reseller_id;
my $tz_row = $c->model('DB')->resultset('reseller_timezone')->find({reseller_id => $reseller_id});
_set_session_tz_from_row($c, $tz_row, 'reseller', $reseller_id);
} else {
# this shouldnt happen
}
@ -298,18 +306,12 @@ sub auto :Private {
# load top menu widgets
my $topmenu_templates = [];
$topmenu_templates = ['widgets/'.$c->user->roles.'_topmenu_settings.tt'];
if ($c->user->roles eq 'admin') {
$topmenu_templates = ['widgets/admin_topmenu_settings.tt'];
if (!$c->stash->{openvpn_info}) {
my $openvpn_info = NGCP::Panel::Utils::Admin::check_openvpn_status($c);
$c->stash(openvpn_info => $openvpn_info);
}
} elsif ($c->user->roles eq 'reseller') {
$topmenu_templates = ['widgets/reseller_topmenu_settings.tt'];
} elsif ($c->user->roles eq 'subscriberadmin') {
$topmenu_templates = ['widgets/subscriberadmin_topmenu_settings.tt'];
} elsif ($c->user->roles eq 'subscriber') {
$topmenu_templates = ['widgets/subscriber_topmenu_settings.tt'];
}
$c->stash(topmenu => $topmenu_templates);

108
lib/NGCP/Panel/Controller/Subscriber.pm
Unescape View File

@ -60,7 +60,7 @@ sub sub_list :Chained('/') :PathPart('subscriber') :CaptureArgs(0) {
$c->stash->{subscribers_rs} = $c->model('DB')->resultset('voip_subscribers')->search({
'me.status' => { '!=' => 'terminated' },
});
if($c->user->roles eq 'reseller') {
if ($c->user->roles eq 'reseller' || $c->user->roles eq 'ccare') {
$c->stash->{subscribers_rs} = $c->stash->{subscribers_rs}->search({
'contact.reseller_id' => $c->user->reseller_id,
},{
@ -101,7 +101,7 @@ sub sub_list :Chained('/') :PathPart('subscriber') :CaptureArgs(0) {
]);
}
sub root :Chained('sub_list') :PathPart('') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub root :Chained('sub_list') :PathPart('') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
}
@ -358,7 +358,7 @@ sub webphone_ajax :Chained('base') :PathPart('webphone/ajax') :Args(0) {
$c->detach( $c->view("JSON") );
}
sub ajax :Chained('sub_list') :PathPart('ajax') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub ajax :Chained('sub_list') :PathPart('ajax') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
my $resultset = $c->stash->{subscribers_rs};
@ -366,7 +366,7 @@ sub ajax :Chained('sub_list') :PathPart('ajax') :Args(0) :Does(ACL) :ACLDetachTo
$c->detach( $c->view("JSON") );
}
sub terminate :Chained('base') :PathPart('terminate') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(subscriberadmin) {
sub terminate :Chained('base') :PathPart('terminate') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) :AllowedRole(subscriberadmin) {
my ($self, $c) = @_;
my $subscriber = $c->stash->{subscriber};
@ -774,7 +774,8 @@ sub preferences_edit :Chained('preferences_base') :PathPart('edit') :Args(0) {
my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if (($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
$c->stash(edit_preference => 1);
@ -842,7 +843,8 @@ sub preferences_callforward :Chained('base') :PathPart('preferences/callforward'
my ($self, $c, $cf_type) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $cf_desc;
SWITCH: for ($cf_type) {
@ -1068,7 +1070,8 @@ sub preferences_callforward_advanced :Chained('base') :PathPart('preferences/cal
my ($self, $c, $cf_type, $advanced) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
# TODO bail out of $advanced ne "advanced"
if(defined $advanced && $advanced eq 'advanced') {
@ -1278,7 +1281,8 @@ sub preferences_callforward_destinationset :Chained('base') :PathPart('preferenc
my ($self, $c, $cf_type) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber;
@ -2594,7 +2598,7 @@ sub master :Chained('base') :PathPart('details') :CaptureArgs(0) {
);
}
sub details :Chained('master') :PathPart('') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole('subscriberadmin') {
sub details :Chained('master') :PathPart('') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) :AllowedRole('subscriberadmin') {
my ($self, $c) = @_;
$self->underrun_catchup($c);
@ -2616,7 +2620,7 @@ sub voicemails :Chained('master') :PathPart('voicemails') :Args(0) {
);
}
sub recordings :Chained('master') :PathPart('recordings') :Args(0) {
sub recordings :Chained('master') :PathPart('recordings') :Args(0) :AllowedRole(admin) :AllowedRole(reseller) {
my ($self, $c) = @_;
$c->stash(
@ -2624,7 +2628,7 @@ sub recordings :Chained('master') :PathPart('recordings') :Args(0) {
);
}
sub calllist_master :Chained('base') :PathPart('calls') :CaptureArgs(0) {
sub calllist_master :Chained('base') :PathPart('calls') :CaptureArgs(0) :AllowedRole(admin) :AllowedRole(reseller) {
my ($self, $c) = @_;
$c->stash->{callid_enc} = $c->req->params->{callid};
@ -2682,11 +2686,12 @@ sub reglist :Chained('master') :PathPart('regdevices') :Args(0) {
);
}
sub edit_master :Chained('master') :PathPart('edit') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(subscriberadmin) {
sub edit_master :Chained('master') :PathPart('edit') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) :AllowedRole(subscriberadmin) {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $subscriber = $c->stash->{subscriber};
my $prov_subscriber = $subscriber->provisioning_voip_subscriber;
@ -2858,7 +2863,8 @@ sub edit_master :Chained('master') :PathPart('edit') :Args(0) :Does(ACL) :ACLDet
);
return;
}
if($c->user->roles eq "admin" || $c->user->roles eq "reseller") {
if ($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$prov_params->{profile_set_id} = $profile_set ? $profile_set->id : undef;
$prov_params->{profile_id} = $profile ? $profile->id : undef;
} else {
@ -3058,7 +3064,7 @@ sub edit_master :Chained('master') :PathPart('edit') :Args(0) :Does(ACL) :ACLDet
}
sub order_pbx_items :Chained('master') :PathPart('orderpbxitems') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) : AllowedRole(reseller) :AllowedRole(subscriberadmin) {
sub order_pbx_items :Chained('master') :PathPart('orderpbxitems') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) : AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) :AllowedRole(subscriberadmin) {
my ($self, $c) = @_;
my $move_id = $c->req->params->{move};
@ -3094,7 +3100,7 @@ sub order_pbx_items :Chained('master') :PathPart('orderpbxitems') :Args(0) :Does
$c->detach( $c->view('TT') );
}
sub aliases_ajax :Chained('master') :PathPart('ordergroups') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(subscriberadmin) {
sub aliases_ajax :Chained('master') :PathPart('ordergroups') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) :AllowedRole(subscriberadmin) {
my ($self, $c) = @_;
my $subscriber = $c->stash->{subscriber};
@ -3141,7 +3147,8 @@ sub webpass :Chained('base') :PathPart('webpass') :Args(0) {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if (($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
$c->stash(
@ -3153,7 +3160,8 @@ sub webpass_edit :Chained('base') :PathPart('webpass/edit') :Args(0) {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $form = NGCP::Panel::Form::get("NGCP::Panel::Form::Subscriber::EditWebpass", $c);
@ -3202,7 +3210,8 @@ sub edit_voicebox :Chained('base') :PathPart('preferences/voicebox/edit') :Args(
my ($self, $c, $attribute, @additions) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $form;
my $posted = ($c->request->method eq 'POST');
@ -3431,7 +3440,8 @@ sub edit_fax :Chained('base') :PathPart('preferences/fax/edit') :Args(1) {
my ($self, $c, $attribute) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $form;
my $posted = ($c->request->method eq 'POST');
@ -3571,7 +3581,8 @@ sub edit_mail_to_fax :Chained('base') :PathPart('preferences/mail_to_fax/edit')
my ($self, $c, $attribute) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $form;
my $posted = ($c->request->method eq 'POST');
@ -3729,7 +3740,8 @@ sub edit_reminder :Chained('base') :PathPart('preferences/reminder/edit') {
my ($self, $c, $attribute) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $posted = ($c->request->method eq 'POST');
my $reminder = $c->stash->{subscriber}->provisioning_voip_subscriber->voip_reminder;
@ -3803,7 +3815,8 @@ sub delete_reminder :Chained('base') :PathPart('preferences/reminder/delete') {
my ($self, $c, $attribute) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $reminder = $c->stash->{subscriber}->provisioning_voip_subscriber->voip_reminder;
if($reminder){
@ -4069,7 +4082,8 @@ sub delete_voicemail :Chained('voicemail') :PathPart('delete') :Args(0) {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
try {
$c->stash->{voicemail}->delete;
@ -4160,7 +4174,8 @@ sub delete_recording :Chained('recording') :PathPart('delete') :Args(0) {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $posted = ($c->request->method eq 'POST');
my $form = NGCP::Panel::Form::get("NGCP::Panel::Form::Subscriber::CallRecordingDelete", $c);
@ -4228,7 +4243,8 @@ sub delete_registered :Chained('registered') :PathPart('delete') :Args(0) {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $ret;
@ -4303,7 +4319,7 @@ sub create_registered :Chained('master') :PathPart('registered/create') :Args(0)
);
}
sub create_trusted :Chained('base') :PathPart('preferences/trusted/create') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub create_trusted :Chained('base') :PathPart('preferences/trusted/create') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
my $posted = ($c->request->method eq 'POST');
@ -4354,7 +4370,7 @@ sub create_trusted :Chained('base') :PathPart('preferences/trusted/create') :Arg
);
}
sub trusted_base :Chained('base') :PathPart('preferences/trusted') :CaptureArgs(1) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub trusted_base :Chained('base') :PathPart('preferences/trusted') :CaptureArgs(1) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c, $trusted_id) = @_;
$c->stash->{trusted} = $c->stash->{subscriber}->provisioning_voip_subscriber
@ -4375,7 +4391,8 @@ sub edit_trusted :Chained('trusted_base') :PathPart('edit') {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $posted = ($c->request->method eq 'POST');
my $trusted = $c->stash->{trusted};
@ -4435,7 +4452,8 @@ sub delete_trusted :Chained('trusted_base') :PathPart('delete') :Args(0) {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
try {
$c->stash->{trusted}->delete;
@ -4457,7 +4475,7 @@ sub delete_trusted :Chained('trusted_base') :PathPart('delete') :Args(0) {
$c->uri_for_action('/subscriber/preferences', [$c->req->captures->[0]]));
}
sub create_upn_rewrite :Chained('base') :PathPart('preferences/upnrewrite/create') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub create_upn_rewrite :Chained('base') :PathPart('preferences/upnrewrite/create') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
my $posted = ($c->request->method eq 'POST');
@ -4511,7 +4529,7 @@ sub create_upn_rewrite :Chained('base') :PathPart('preferences/upnrewrite/create
);
}
sub upn_rewrite_base :Chained('base') :PathPart('preferences/upnrewrite') :CaptureArgs(1) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub upn_rewrite_base :Chained('base') :PathPart('preferences/upnrewrite') :CaptureArgs(1) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c, $rws_id) = @_;
$c->stash->{upn_rws} = $c->stash->{subscriber}->provisioning_voip_subscriber
@ -4532,7 +4550,8 @@ sub edit_upn_rewrite :Chained('upn_rewrite_base') :PathPart('edit') {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $posted = ($c->request->method eq 'POST');
my $upn_rws = $c->stash->{upn_rws};
@ -4592,7 +4611,8 @@ sub delete_upn_rewrite :Chained('upn_rewrite_base') :PathPart('delete') :Args(0)
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
try {
my $upnr_pref_rs = NGCP::Panel::Utils::Preferences::get_usr_preference_rs(
@ -4732,7 +4752,8 @@ sub delete_speeddial :Chained('speeddial') :PathPart('delete') :Args(0) {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
try {
$c->stash->{speeddial}->delete;
@ -4756,7 +4777,8 @@ sub edit_speeddial :Chained('speeddial') :PathPart('edit') :Args(0) {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $posted = ($c->request->method eq 'POST');
my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber;
@ -4847,7 +4869,8 @@ sub delete_autoattendant :Chained('autoattendant') :PathPart('delete') :Args(0)
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
try {
$c->stash->{autoattendant}->delete;
@ -4871,7 +4894,8 @@ sub edit_autoattendant :Chained('base') :PathPart('preferences/speeddial/edit')
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $posted = ($c->request->method eq 'POST');
my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber;
@ -4974,7 +4998,8 @@ sub delete_ccmapping :Chained('ccmappings') :PathPart('delete') :Args(0) {
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
try {
$c->stash->{ccmapping}->delete;
@ -4999,7 +5024,8 @@ sub edit_ccmapping :Chained('base') :PathPart('preferences/ccmappings/edit') :Ar
my ($self, $c) = @_;
$c->detach('/denied_page')
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller") && $c->user->read_only);
if(($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") && $c->user->read_only);
my $posted = ($c->request->method eq 'POST');
my $prov_subscriber = $c->stash->{subscriber}->provisioning_voip_subscriber;
@ -5061,7 +5087,7 @@ sub edit_ccmapping :Chained('base') :PathPart('preferences/ccmappings/edit') :Ar
return;
}
sub callflow_base :Chained('base') :PathPart('callflow') :CaptureArgs(1) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub callflow_base :Chained('base') :PathPart('callflow') :CaptureArgs(1) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c, $callid) = @_;
$c->detach('/denied_page')

50
lib/NGCP/Panel/Controller/SubscriberProfile.pm
Unescape View File

@ -10,19 +10,19 @@ use NGCP::Panel::Utils::Message;
use NGCP::Panel::Utils::Navigation;
use NGCP::Panel::Utils::Preferences;
sub auto :Private{
sub auto :Private {
my ($self, $c) = @_;
$c->log->debug(__PACKAGE__ . '::auto');
NGCP::Panel::Utils::Navigation::check_redirect_chain(c => $c);
return 1;
}
sub set_list :Chained('/') :PathPart('subscriberprofile') :CaptureArgs(0) {
my ( $self, $c ) = @_;
sub set_list :Chained('/') :PathPart('subscriberprofile') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
$c->stash->{set_rs} = $c->model('DB')->resultset('voip_subscriber_profile_sets');
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
} elsif($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$c->stash->{set_rs} = $c->stash->{set_rs}->search({
reseller_id => $c->user->reseller_id
});
@ -42,18 +42,22 @@ sub set_list :Chained('/') :PathPart('subscriberprofile') :CaptureArgs(0) {
$c->stash(template => 'subprofile/set_list.tt');
}
sub set_root :Chained('set_list') :PathPart('') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub set_list_restricted :Chained('set_list') :PathPart('') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
my ($self, $c) = @_;
}
sub set_root :Chained('set_list') :PathPart('') :Args(0) {
my ($self, $c) = @_;
}
sub set_ajax :Chained('set_list') :PathPart('ajax') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub set_ajax :Chained('set_list') :PathPart('ajax') :Args(0) {
my ($self, $c) = @_;
my $rs = $c->stash->{set_rs};
NGCP::Panel::Utils::Datatables::process($c, $rs, $c->stash->{set_dt_columns});
$c->detach( $c->view("JSON") );
}
sub set_ajax_reseller :Chained('set_list') :PathPart('ajax/reseller') :Args(1) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub set_ajax_reseller :Chained('set_list') :PathPart('ajax/reseller') :Args(1) {
my ($self, $c, $reseller_id) = @_;
my $rs = $c->stash->{set_rs};
$rs = $rs->search({
@ -63,7 +67,7 @@ sub set_ajax_reseller :Chained('set_list') :PathPart('ajax/reseller') :Args(1) :
$c->detach( $c->view("JSON") );
}
sub set_base :Chained('set_list') :PathPart('') :CaptureArgs(1) {
sub set_base :Chained('set_list_restricted') :PathPart('') :CaptureArgs(1) {
my ($self, $c, $set_id) = @_;
unless($set_id && is_int($set_id)) {
@ -87,7 +91,7 @@ sub set_base :Chained('set_list') :PathPart('') :CaptureArgs(1) {
$c->stash(set => $res);
}
sub set_create :Chained('set_list') :PathPart('create') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub set_create :Chained('set_list_restricted') :PathPart('create') :Args(0) {
my ($self, $c) = @_;
$c->detach('/denied_page')
@ -148,7 +152,7 @@ sub set_create :Chained('set_list') :PathPart('create') :Args(0) :Does(ACL) :ACL
$c->stash(create_flag => 1);
}
sub set_edit :Chained('set_base') :PathPart('edit') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub set_edit :Chained('set_base') :PathPart('edit') {
my ($self, $c) = @_;
$c->detach('/denied_page')
@ -211,7 +215,7 @@ sub set_edit :Chained('set_base') :PathPart('edit') :Does(ACL) :ACLDetachTo('/de
$c->stash(edit_flag => 1);
}
sub set_delete :Chained('set_base') :PathPart('delete') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub set_delete :Chained('set_base') :PathPart('delete') {
my ($self, $c) = @_;
$c->detach('/denied_page')
@ -244,7 +248,7 @@ sub set_delete :Chained('set_base') :PathPart('delete') :Does(ACL) :ACLDetachTo(
NGCP::Panel::Utils::Navigation::back_or($c, $c->uri_for('/subscriberprofile'));
}
sub set_clone :Chained('set_base') :PathPart('clone') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub set_clone :Chained('set_base') :PathPart('clone') {
my ($self, $c) = @_;
$c->detach('/denied_page')
@ -320,8 +324,8 @@ sub set_clone :Chained('set_base') :PathPart('clone') :Does(ACL) :ACLDetachTo('/
}
sub profile_list :Chained('set_base') :PathPart('profile') :CaptureArgs(0) {
my ( $self, $c ) = @_;
sub profile_list :Chained('set_base') :PathPart('profile') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
my ($self, $c) = @_;
$c->stash->{profile_dt_columns} = NGCP::Panel::Utils::Datatables::set_columns($c, [
{ name => 'id', search => 1, title => $c->loc('#') },
@ -334,7 +338,11 @@ sub profile_list :Chained('set_base') :PathPart('profile') :CaptureArgs(0) {
$c->stash(template => 'subprofile/profile_list.tt');
}
sub profile_root :Chained('profile_list') :PathPart('') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub profile_list_restricted :Chained('profile_list') :PathPart('') :CaptureArgs(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
my ($self, $c) = @_;
}
sub profile_root :Chained('profile_list') :PathPart('') :Args(0) {
my ($self, $c) = @_;
}
@ -345,7 +353,7 @@ sub profile_ajax :Chained('profile_list') :PathPart('ajax') :Args(0) {
$c->detach( $c->view("JSON") );
}
sub profile_base :Chained('profile_list') :PathPart('') :CaptureArgs(1) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub profile_base :Chained('profile_list_restricted') :PathPart('') :CaptureArgs(1) {
my ($self, $c, $profile_id) = @_;
unless($profile_id && is_int($profile_id)) {
@ -372,7 +380,7 @@ sub profile_base :Chained('profile_list') :PathPart('') :CaptureArgs(1) :Does(AC
);
}
sub profile_create :Chained('profile_list') :PathPart('create') :Args(0) :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub profile_create :Chained('profile_list_restricted') :PathPart('create') :Args(0) {
my ($self, $c) = @_;
$c->detach('/denied_page')
@ -440,7 +448,7 @@ sub profile_create :Chained('profile_list') :PathPart('create') :Args(0) :Does(A
$c->stash(create_flag => 1);
}
sub profile_edit :Chained('profile_base') :PathPart('edit') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub profile_edit :Chained('profile_base') :PathPart('edit') {
my ($self, $c) = @_;
my $profile = $c->stash->{profile};
@ -577,7 +585,7 @@ sub profile_edit :Chained('profile_base') :PathPart('edit') :Does(ACL) :ACLDetac
$c->stash(edit_flag => 1);
}
sub profile_delete :Chained('profile_base') :PathPart('delete') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub profile_delete :Chained('profile_base') :PathPart('delete') {
my ($self, $c) = @_;
$c->detach('/denied_page')
@ -618,7 +626,7 @@ sub profile_delete :Chained('profile_base') :PathPart('delete') :Does(ACL) :ACLD
NGCP::Panel::Utils::Navigation::back_or($c, $c->uri_for_action('/subscriberprofile/profile_root', [$c->stash->{set}->id]));
}
sub profile_clone :Chained('profile_base') :PathPart('clone') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) {
sub profile_clone :Chained('profile_base') :PathPart('clone') {
my ($self, $c) = @_;
$c->detach('/denied_page')

2
lib/NGCP/Panel/Form/Administrator/Admin.pm
Unescape View File

@ -17,7 +17,7 @@ has_block 'fields' => (
tag => 'div',
class => [qw(modal-body)],
render_list => [qw(
reseller login password is_superuser is_master is_active read_only show_passwords call_data billing_data lawful_intercept
reseller login password is_superuser is_master is_ccare is_active read_only show_passwords call_data billing_data lawful_intercept
)],
);

2
lib/NGCP/Panel/Form/Administrator/Reseller.pm
Unescape View File

@ -14,7 +14,7 @@ has_field 'password' => (type => 'Password', required => 1, label => 'Password')
for (qw(is_active show_passwords call_data billing_data)) {
has_field $_ => (type => 'Boolean', default => 1);
}
for (qw(is_master read_only)) {
for (qw(is_master is_ccare read_only)) {
has_field $_ => (type => 'Boolean',);
}
has_field 'save' => (type => 'Submit', element_class => [qw(btn btn-primary)],);

2
lib/NGCP/Panel/Role/API/Admins.pm
Unescape View File

@ -79,7 +79,7 @@ sub process_form_resource{
$resource->{md5pass} = undef;
$resource->{saltedpass} = NGCP::Panel::Utils::Admin::generate_salted_hash($pass);
}
foreach my $f(qw/billing_data call_data is_active is_master is_superuser lawful_intercept read_only show_passwords/) {
foreach my $f(qw/billing_data call_data is_active is_master is_superuser is_ccare lawful_intercept read_only show_passwords/) {
$resource->{$f} = (ref $resource->{$f} eq 'JSON::true' || ( defined $resource->{$f} && ( $resource->{$f} eq 'true' || $resource->{$f} eq '1' ) ) ) ? 1 : 0;
}
return $resource;

4
lib/NGCP/Panel/Role/API/AutoAttendants.pm
Unescape View File

@ -61,8 +61,8 @@ sub _item_rs {
$item_rs = $c->model('DB')->resultset('voip_subscribers')
->search({ 'me.status' => { '!=' => 'terminated' } },
{join => 'provisioning_voip_subscriber'});
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
} elsif($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({
'contact.reseller_id' => $c->user->reseller_id,
}, {

4
lib/NGCP/Panel/Role/API/BalanceIntervals.pm
Unescape View File

@ -24,8 +24,8 @@ sub _contract_rs {
now => $now,
);
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({
'contact.reseller_id' => $c->user->reseller_id
},{

6
lib/NGCP/Panel/Role/API/CFBNumberSets.pm
Unescape View File

@ -41,9 +41,9 @@ sub _item_rs {
my ($self, $c) = @_;
my $item_rs;
if($c->user->roles eq "admin") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
$item_rs = $c->model('DB')->resultset('voip_cf_bnumber_sets');
} elsif ($c->user->roles eq "reseller") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
my $reseller_id = $c->user->reseller_id;
$item_rs = $c->model('DB')->resultset('voip_cf_bnumber_sets')
->search_rs({
@ -52,7 +52,7 @@ sub _item_rs {
join => {'subscriber' => {'contract' => 'contact'} },
});
# TODO: do we want subscriberadmins to update other subs' entries?
} elsif($c->user->roles eq "subscriberadmin" || $c->user->roles eq "subscriber") {
} elsif ($c->user->roles eq "subscriberadmin" || $c->user->roles eq "subscriber") {
$item_rs = $c->model('DB')->resultset('voip_cf_bnumber_sets')
->search_rs({
'subscriber_id' => $c->user->id,

4
lib/NGCP/Panel/Role/API/CFDestinationSets.pm
Unescape View File

@ -81,9 +81,9 @@ sub _item_rs {
my ($self, $c) = @_;
my $item_rs;
if($c->user->roles eq "admin") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
$item_rs = $c->model('DB')->resultset('voip_cf_destination_sets');
} elsif ($c->user->roles eq "reseller") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
my $reseller_id = $c->user->reseller_id;
$item_rs = $c->model('DB')->resultset('voip_cf_destination_sets')
->search_rs({

3
lib/NGCP/Panel/Role/API/CFMappings.pm
Unescape View File

@ -67,6 +67,7 @@ sub hal_from_item {
my $adm = $c->user->roles eq "admin" || $c->user->roles eq "reseller";
my $hal = Data::HAL->new(
links => [
Data::HAL::Link->new(
@ -106,7 +107,7 @@ sub _item_rs {
{ 'me.status' => { '!=' => 'terminated' } },
{ prefetch => 'provisioning_voip_subscriber',},
);
if($c->user->roles eq "reseller") {
if ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({
'contact.reseller_id' => $c->user->reseller_id,
}, {

4
lib/NGCP/Panel/Role/API/CFSourceSets.pm
Unescape View File

@ -73,9 +73,9 @@ sub _item_rs {
my ($self, $c) = @_;
my $item_rs;
if($c->user->roles eq "admin") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
$item_rs = $c->model('DB')->resultset('voip_cf_source_sets');
} elsif ($c->user->roles eq "reseller") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
my $reseller_id = $c->user->reseller_id;
$item_rs = $c->model('DB')->resultset('voip_cf_source_sets')
->search_rs({

6
lib/NGCP/Panel/Role/API/CFTimeSets.pm
Unescape View File

@ -350,9 +350,9 @@ sub _item_rs {
my ($self, $c) = @_;
my $item_rs;
if($c->user->roles eq "admin") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
$item_rs = $c->model('DB')->resultset('voip_cf_time_sets');
} elsif ($c->user->roles eq "reseller") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
my $reseller_id = $c->user->reseller_id;
$item_rs = $c->model('DB')->resultset('voip_cf_time_sets')
->search_rs({
@ -360,7 +360,7 @@ sub _item_rs {
} , {
join => {'subscriber' => {'contract' => 'contact'} },
});
} elsif($c->user->roles eq "subscriberadmin" || $c->user->roles eq "subscriber") {
} elsif ($c->user->roles eq "subscriberadmin" || $c->user->roles eq "subscriber") {
$item_rs = $c->model('DB')->resultset('voip_cf_time_sets')
->search_rs({
'subscriber_id' => $c->user->id,

2
lib/NGCP/Panel/Role/API/CallForwards.pm
Unescape View File

@ -92,7 +92,7 @@ sub _item_rs {
{ 'me.status' => { '!=' => 'terminated' } },
{ 'prefetch' => { 'provisioning_voip_subscriber' => 'voip_cf_mappings' },},
);
if ($c->user->roles eq "reseller") {
if ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({
'contact.reseller_id' => $c->user->reseller_id,
}, {

4
lib/NGCP/Panel/Role/API/CustomerBalances.pm
Unescape View File

@ -24,8 +24,8 @@ sub _item_rs {
now => $now,
);
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
} elsif($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({
'contact.reseller_id' => $c->user->reseller_id
},{

8
lib/NGCP/Panel/Role/API/CustomerContacts.pm
Unescape View File

@ -18,8 +18,8 @@ sub _item_rs {
reseller_id => { '-not' => undef },
'me.status' => { '!=' => 'terminated' },
});
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({
reseller_id => $c->user->reseller_id,
});
@ -33,9 +33,9 @@ sub _item_rs {
sub get_form {
my ($self, $c) = @_;
if($c->user->roles eq "admin") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
return NGCP::Panel::Form::get("NGCP::Panel::Form::Contact::Admin", $c);
} elsif($c->user->roles eq "reseller") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
return NGCP::Panel::Form::get("NGCP::Panel::Form::Contact::Reseller", $c);
}
}

8
lib/NGCP/Panel/Role/API/CustomerFraudEvents.pm
Unescape View File

@ -16,11 +16,11 @@ sub _item_rs {
my ($self, $c, $id) = @_;
my %cond = ();
if ($c->user->roles eq "admin") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
if (my $reseller_id = $c->request->param('reseller_id')) {
$cond{'contact.reseller_id'} = $reseller_id;
}
} elsif ($c->user->roles eq "reseller") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$cond{'contact.reseller_id'} = $c->user->reseller_id;
}
if (my $contract_id = $c->request->param('contract_id')) {
@ -90,9 +90,9 @@ sub _item_rs {
sub get_form {
my ($self, $c) = @_;
if($c->user->roles eq "admin") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
return NGCP::Panel::Form::get("NGCP::Panel::Form::CustomerFraudEvents::Admin", $c);
} elsif($c->user->roles eq "reseller") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
return NGCP::Panel::Form::get("NGCP::Panel::Form::CustomerFraudEvents::Reseller", $c);
}
}

7
lib/NGCP/Panel/Role/API/Customers.pm
Unescape View File

@ -38,7 +38,8 @@ sub hal_from_customer {
my ($self, $c, $customer, $form, $now) = @_;
my $is_adm = 0;
if($c->user->roles eq "admin" || $c->user->roles eq "reseller") {
if ($c->user->roles eq "admin" || $c->user->roles eq "reseller" ||
$c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$is_adm = 1;
}
@ -86,7 +87,9 @@ sub hal_from_customer {
$customer->subscriber_email_template_id ? (Data::HAL::Link->new(relation => 'ngcp:subscriberemailtemplates', href => sprintf("/api/emailtemplates/%d", $customer->subscriber_email_template_id))) : (),
$customer->passreset_email_template_id ? (Data::HAL::Link->new(relation => 'ngcp:passresetemailtemplates', href => sprintf("/api/emailtemplates/%d", $customer->passreset_email_template_id))) : (),
$customer->invoice_email_template_id ? (Data::HAL::Link->new(relation => 'ngcp:invoiceemailtemplates', href => sprintf("/api/emailtemplates/%d", $customer->invoice_email_template_id))) : (),
Data::HAL::Link->new(relation => 'ngcp:calls', href => sprintf("/api/calls/?customer_id=%d", $customer->id)),
(($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare")
? ()
: Data::HAL::Link->new(relation => 'ngcp:calls', href => sprintf("/api/calls/?customer_id=%d", $customer->id))),
$self->get_journal_relation_link($c, $customer->id),
) : ()),
],

11
lib/NGCP/Panel/Role/API/EmailTemplates.pm
Unescape View File

@ -15,8 +15,8 @@ sub _item_rs {
my ($self, $c) = @_;
my $item_rs = $c->model('DB')->resultset('email_templates');
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({ reseller_id => $c->user->reseller_id },{prefetch=>'reseller'});
}
return $item_rs;
@ -81,9 +81,12 @@ sub update_item {
resource => $resource,
item => $item,
);
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin") {
} elsif ($c->user->roles eq "reseller") {
$resource->{reseller_id} = $c->user->reseller_id;
} elsif ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
my $dup_item = $c->model('DB')->resultset('email_templates')->find({

2
lib/NGCP/Panel/Role/API/FaxserverSettings.pm
Unescape View File

@ -32,7 +32,7 @@ sub _item_rs {
{ 'me.status' => { '!=' => 'terminated' } },
{ prefetch => 'provisioning_voip_subscriber',},
);
if($c->user->roles eq "reseller") {
if($c->user->roles eq "reseller" || $c->user->roles eq "ccareadmin") {
$item_rs = $item_rs->search({
'contact.reseller_id' => $c->user->reseller_id,
}, {

12
lib/NGCP/Panel/Role/API/InvoiceTemplates.pm
Unescape View File

@ -15,8 +15,8 @@ sub _item_rs {
my ($self, $c) = @_;
my $item_rs = $c->model('DB')->resultset('invoice_templates');
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({ reseller_id => $c->user->reseller_id });
}
return $item_rs;
@ -80,9 +80,13 @@ sub update_item {
form => $form,
resource => $resource,
);
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin") {
} elsif ($c->user->roles eq "reseller") {
$resource->{reseller_id} = $c->user->reseller_id;
} elsif ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
my $dup_item = $c->model('DB')->resultset('invoice_templates')->find({

2
lib/NGCP/Panel/Role/API/MailToFaxSettings.pm
Unescape View File

@ -94,7 +94,7 @@ sub _item_rs {
{ 'me.status' => { '!=' => 'terminated' } },
{ prefetch => 'provisioning_voip_subscriber',},
);
if($c->user->roles eq "reseller") {
if ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({
'contact.reseller_id' => $c->user->reseller_id,
}, {

10
lib/NGCP/Panel/Role/API/Preferences.pm
Unescape View File

@ -338,7 +338,7 @@ sub _item_rs {
# we actually return the profile rs here, as we can easily
# go to prof_preferences from there
$item_rs = $c->model('DB')->resultset('voip_subscriber_profiles');
if($c->user->roles eq "reseller") {
if($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({
'profile_set.reseller_id' => $c->user->reseller_id,
},{
@ -346,13 +346,13 @@ sub _item_rs {
});
}
} elsif($type eq "subscribers") {
if($c->user->roles eq "admin") {
if($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
$item_rs = $c->model('DB')->resultset('voip_subscribers')->search({
'me.status' => { '!=' => 'terminated' }
}, {
join => { 'contract' => 'contact' }, #for filters
});
} elsif($c->user->roles eq "reseller") {
} elsif($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $c->model('DB')->resultset('voip_subscribers')->search({
'contact.reseller_id' => $c->user->reseller_id,
'me.status' => { '!=' => 'terminated' },
@ -426,7 +426,7 @@ sub _item_rs {
});
}
} elsif($type eq "contracts") {
if($c->user->roles eq "admin") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
$item_rs = $c->model('DB')->resultset('contracts')->search({
'me.status' => { '!=' => 'terminated' },
'contact.reseller_id' => { '!=' => undef },
@ -434,7 +434,7 @@ sub _item_rs {
},{
join => 'contact',
});
} elsif($c->user->roles eq "reseller") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccareadmin") {
$item_rs = $c->model('DB')->resultset('contracts')->search({
'contact.reseller_id' => $c->user->reseller_id,
'me.status' => { '!=' => 'terminated' },

6
lib/NGCP/Panel/Role/API/Reminders.pm
Unescape View File

@ -16,8 +16,8 @@ sub _item_rs {
my ($self, $c) = @_;
my $item_rs = $c->model('DB')->resultset('voip_reminder');
if ($c->user->roles eq "admin") {
} elsif ($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({
'contact.reseller_id' => $c->user->reseller_id
},{
@ -152,7 +152,7 @@ sub get_subscriber_by_id {
my $sub_rs = $c->model('DB')->resultset('voip_subscribers')->search({
'me.id' => $subscriber_id,
});
if ($c->user->roles eq "reseller") {
if ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$sub_rs = $sub_rs->search({
'contact.reseller_id' => $c->user->reseller_id,
},{

4
lib/NGCP/Panel/Role/API/SpeedDials.pm
Unescape View File

@ -64,8 +64,8 @@ sub _item_rs {
my $item_rs;
$item_rs = $c->model('DB')->resultset('voip_subscribers')
->search({ 'me.status' => { '!=' => 'terminated' } });
if ($c->user->roles eq "admin") {
} elsif ($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin" || $c->user->role eq "ccareadmin") {
} elsif ($c->user->roles eq "reseller" || $c->user->role eq "ccare") {
$item_rs = $item_rs->search({
'contact.reseller_id' => $c->user->reseller_id,
}, {

13
lib/NGCP/Panel/Role/API/SubscriberProfileSets.pm
Unescape View File

@ -15,8 +15,8 @@ sub _item_rs {
my ($self, $c) = @_;
my $item_rs = $c->model('DB')->resultset('voip_subscriber_profile_sets');
if($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
$item_rs = $item_rs->search({ reseller_id => $c->user->reseller_id });
}
return $item_rs;
@ -24,9 +24,9 @@ sub _item_rs {
sub get_form {
my ($self, $c) = @_;
if($c->user->roles eq "admin") {
if ($c->user->roles eq "admin" || $c->user->roles eq "ccareadmin") {
return NGCP::Panel::Form::get("NGCP::Panel::Form::SubscriberProfile::SetAdmin", $c);
} elsif($c->user->roles eq "reseller") {
} elsif ($c->user->roles eq "reseller" || $c->user->roles eq "ccare") {
return NGCP::Panel::Form::get("NGCP::Panel::Form::SubscriberProfile::SetReseller", $c);
}
}
@ -81,9 +81,12 @@ sub update_item {
form => $form,
resource => $resource,
);
if($c->user->roles eq "admin") {
if ($c->user->roles eq "admin") {
} elsif($c->user->roles eq "reseller") {
$resource->{reseller_id} = $c->user->reseller_id;
} elsif ($c->user->roles eq "ccareadmin" || $c->user->roles eq "ccare") {
$self->error($c, HTTP_FORBIDDEN, "Read-only resource for authenticated role");
return;
}
my $dup_item = $c->model('DB')->resultset('voip_subscriber_profile_sets')->find({

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save