MT#4025 Only show customer sound sets for admins.

When in customer details, only show sound sets for customer when logging in as admin/reseller.
13 years ago · e03bd513ba
parent e93c68c58c
commit e03bd513ba
3 changed files with 56 additions and 8 deletions
--- a/lib/NGCP/Panel/Controller/Sound.pm
+++ b/lib/NGCP/Panel/Controller/Sound.pm
@ -37,11 +37,14 @@ sub auto :Private {
        my $contract_select_rs = NGCP::Panel::Utils::Contract::get_contract_rs(c => $c);
        $contract_select_rs = $contract_select_rs->search({ 'me.id' => $contract_id });
        my $product_id = $contract_select_rs->first->get_column('product_id');
-        NGCP::Panel::Utils::Message->error(
-            c => $c,
-            error => "No product for customer contract id $contract_id found",
-            desc  => "No product for this customer contract found.",
-        ) unless($product_id);
+        unless($product_id) {
+            NGCP::Panel::Utils::Message->error(
+                c => $c,
+                error => "No product for customer contract id $contract_id found",
+                desc  => "No product for this customer contract found.",
+            );
+            NGCP::Panel::Utils::Navigation::back_or($c, $c->uri_for('/sound'));
+        }
        my $product = $c->model('DB')->resultset('products')->find({ 
            id => $product_id, class => 'pbxaccount' 
        });
@ -68,6 +71,42 @@ sub sets_list :Chained('/') :PathPart('sound') :CaptureArgs(0) {
    $c->stash(template => 'sound/list.tt');
 }

+sub contract_sets_list :Chained('/') :PathPart('sound/contract') :CaptureArgs(1) {
+    my ( $self, $c, $contract_id ) = @_;
+
+    unless($contract_id && $contract_id->is_int) {
+        NGCP::Panel::Utils::Message->error(
+            c => $c,
+            error => "Invalid contract id $contract_id found",
+            desc  => "Invalid contract id found",
+        );
+        NGCP::Panel::Utils::Navigation::back_or($c, $c->uri_for('/sound'));
+    }
+    if($c->user->roles eq "subscriberadmin" && $c->user->account_id != $contract_id) {
+        NGCP::Panel::Utils::Message->error(
+            c => $c,
+            error => "access violatio, subscriberadmin ".$c->user->uuid." with contract id ".$c->user->account_id." tries to access foreign contract id $contract_id",
+            desc  => "Invalid contract id found",
+        );
+        NGCP::Panel::Utils::Navigation::back_or($c, $c->uri_for('/sound'));
+    }
+    my $contract = $c->model('DB')->resultset('contracts')->find($contract_id);
+    unless($contract) {
+        NGCP::Panel::Utils::Message->error(
+            c => $c,
+            error => "Contract id $contract_id not found",
+            desc  => "Invalid contract id detected",
+        );
+        NGCP::Panel::Utils::Navigation::back_or($c, $c->uri_for('/sound'));
+    }
+
+    NGCP::Panel::Utils::Sounds::stash_soundset_list(
+        c => $c, 
+        contract => $contract,
+    );
+    $c->stash(template => 'sound/list.tt');
+}
+
 sub root :Chained('sets_list') :PathPart('') :Args(0) {
    my ($self, $c) = @_;
 }
@ -80,6 +119,14 @@ sub ajax :Chained('sets_list') :PathPart('ajax') :Args(0) {
    $c->detach( $c->view("JSON") );
 }

+sub contract_ajax :Chained('contract_sets_list') :PathPart('ajax') :Args(0) {
+    my ($self, $c) = @_;
+    
+    my $resultset = $c->stash->{sets_rs};
+    NGCP::Panel::Utils::Datatables::process($c, $resultset, $c->stash->{soundset_dt_columns});
+    $c->detach( $c->view("JSON") );
+}
+
 sub base :Chained('sets_list') :PathPart('') :CaptureArgs(1) {
    my ($self, $c, $set_id) = @_;

--- a/lib/NGCP/Panel/Utils/Sounds.pm
+++ b/lib/NGCP/Panel/Utils/Sounds.pm
@ -55,7 +55,8 @@ sub stash_soundset_list {

    my $sets_rs = $c->model('DB')->resultset('voip_sound_sets');
    if($contract) {
-        $sets_rs = $sets_rs->search({ contract_id => $contract->id });
+        say ">>>>>>>>>>>>>>> we've a contract, limit rs";
+        $sets_rs = $sets_rs->search({ 'me.contract_id' => $contract->id });
    }

    my $dt_fields = [
@ -74,7 +75,7 @@ sub stash_soundset_list {
            { name => 'contract.contact.email', search => 1, title => 'Customer' };
        $sets_rs = $sets_rs->search({ reseller_id => $c->user->reseller_id });
    } elsif($c->user->roles eq "subscriberadmin" && !$contract) {
-        $sets_rs = $sets_rs->search({ contract_id => $c->user->account_id });
+        $sets_rs = $sets_rs->search({ 'me.contract_id' => $c->user->account_id });
    }

    $c->stash->{soundset_dt_columns} = NGCP::Panel::Utils::Datatables::set_columns($c, $dt_fields);
--- a/share/templates/customer/details.tt
+++ b/share/templates/customer/details.tt
@ -310,7 +310,7 @@
 [%
    helper.name = 'Sound Sets';
    helper.dt_columns = soundset_dt_columns;
-    helper.ajax_uri = c.uri_for('/sound/ajax');
+    helper.ajax_uri = c.uri_for_action('/sound/contract_ajax', [ c.req.captures.0 ]);

    UNLESS c.user.read_only;
        helper.dt_buttons = [