TT#81184 - Add PATCH/PUT endpoints for '/api/admins'

* there is a catch when changing the admin password;
               first of all, according to TT#76110 only own admin
               users can change the password via PUT/PATCH;
               secondly, inside the code, for PATCH to work we need
               a dummy 'password' key on the old resource which has
               been set to the saltedpass; when updating the admin,
               if the password is still equal to saltedpass, no change
               is made to the password

Change-Id: I423ebe13988c58b527db65d666f09b73a483422d

lib/NGCP/Panel/Controller/API/AdminsItem.pm

@@ -9,7 +9,7 @@ use NGCP::Panel::Utils::Auth;
 use HTTP::Status qw(:constants);
 
 sub allowed_methods{
-    return [qw/GET OPTIONS HEAD DELETE/];
+    return [qw/GET OPTIONS HEAD PATCH PUT DELETE/];
 }
 
 sub journal_query_params {
@@ -23,6 +23,42 @@ sub get_journal_methods{
 
 __PACKAGE__->set_config();
 
+sub PATCH :Allow {
+    my ($self, $c, $id) = @_;
+
+    my $guard = $c->model('DB')->txn_scope_guard;
+    {
+        my $preference = $self->require_preference($c);
+        last unless $preference;
+
+        my $json = $self->get_valid_patch_data(
+            c => $c,
+            id => $id,
+            media_type => 'application/json-patch+json',
+        );
+        last unless $json;
+
+        my $item = $self->item_by_id($c, $id);
+        last unless $self->resource_exists($c, admin => $item);
+        my $old_resource = { $item->get_inflated_columns };
+        #use saltedpass so we have a password field for applying patch
+        #we later check in update_item and if the password field is still
+        #the same with saltedpass we don't update the password
+        $old_resource->{password} = $old_resource->{salted_pass};
+        my $resource = $self->apply_patch($c, $old_resource, $json);
+        last unless $resource;
+
+        my $form = $self->get_form($c);
+        $item = $self->update_item($c, $item, $old_resource, $resource, $form);
+        last unless $item;
+
+        $guard->commit;
+
+        $self->return_representation($c, 'item' => $item, 'form' => $form, 'preference' => $preference );
+    }
+    return;
+}
+
 sub delete_item {
     my ($self, $c, $item) = @_;
 
@@ -52,19 +88,6 @@ sub delete_item {
     return 1;
 }
 
-#we do not use update_item for the admins now, as we do not allo PUT and PATCH
-sub update_item_model {
-    my ($self, $c, $item, $old_resource, $resource, $form) = @_;
-
-    if($old_resource->{login} eq NGCP::Panel::Utils::Auth::get_special_admin_login()) {
-        my $active = $resource->{is_active};
-        $resource = $old_resource;
-        $resource->{is_active} = $active;
-    }
-    $item->update($resource);
-    return $item;
-}
-
 1;
 
 # vim: set tabstop=4 expandtab:

lib/NGCP/Panel/Role/API/Admins.pm

@@ -106,5 +106,39 @@ sub check_duplicate{
     return 1;
 }
 
+sub update_item {
+    my ($self, $c, $item, $old_resource, $resource, $form) = @_;
+
+    if($form->field('password')){
+        $form->field('password')->{required} = 0;
+    }
+    $form //= $self->get_form($c);
+    return unless $self->validate_form(
+        c => $c,
+        form => $form,
+        resource => $resource,
+    );
+
+    my $pass = $resource->{password};
+    delete $resource->{password};
+    if(defined $pass && $pass ne $old_resource->{saltedpass}) {
+        unless($c->user->id == $item->id) {
+            $self->error($c, HTTP_FORBIDDEN, "Only own user can change password");
+            return;
+        }
+        $resource->{md5pass} = undef;
+        $resource->{saltedpass} = NGCP::Panel::Utils::Auth::generate_salted_hash($pass);
+    }
+
+    if($old_resource->{login} eq NGCP::Panel::Utils::Auth::get_special_admin_login()) {
+        my $active = $resource->{is_active};
+        $resource = $old_resource;
+        $resource->{is_active} = $active;
+    }
+    $item->update($resource);
+
+    return $item;
+}
+
 1;
 # vim: set tabstop=4 expandtab:

t/api-rest/api-admins-collection.t

@@ -11,7 +11,7 @@ my $test_machine = Test::Collection->new(
     name => 'admins',
 );
 $test_machine->methods->{collection}->{allowed} = {map {$_ => 1} qw(GET HEAD OPTIONS POST)};
-$test_machine->methods->{item}->{allowed}       = {map {$_ => 1} qw(GET HEAD OPTIONS DELETE)};
+$test_machine->methods->{item}->{allowed}       = {map {$_ => 1} qw(GET HEAD OPTIONS PUT PATCH DELETE)};
 
 my $fake_data =  Test::FakeData->new;
 $fake_data->set_data_from_script({