TT#149456 Admins introduce role_id flag

- role_id is taken from billing.acl_roles and written into the billing.admins table when a new admin user is created/updated via UI/API. This is the first step towards the role based admin user handling. Change-Id: I0804379cbbcab174cebbb292397a39cb3ea01a31
4 years ago · e58cb2cc39
parent 9d61b7b06f
commit e58cb2cc39
4 changed files with 57 additions and 0 deletions
--- a/lib/NGCP/Panel/Controller/API/Admins.pm
+++ b/lib/NGCP/Panel/Controller/API/Admins.pm
@ -1,5 +1,6 @@
 package NGCP::Panel::Controller::API::Admins;
 use NGCP::Panel::Utils::Generic qw(:all);
+use NGCP::Panel::Utils::UserRole;

 use Sipwise::Base;

@ -46,6 +47,7 @@ sub create_item {
    }
    my $item;
    try {
+        $resource->{role_id} = NGCP::Panel::Utils::UserRole::resolve_role_id($c, $resource);
        $item = $c->model('DB')->resultset('admins')->create($resource);
    } catch($e) {
        $c->log->error("failed to create admin: $e");
--- a/lib/NGCP/Panel/Controller/Administrator.pm
+++ b/lib/NGCP/Panel/Controller/Administrator.pm
@ -8,6 +8,7 @@ use HTTP::Headers qw();
 use NGCP::Panel::Utils::Message;
 use NGCP::Panel::Utils::Navigation;
 use NGCP::Panel::Utils::Auth;
+use NGCP::Panel::Utils::UserRole;

 sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(lintercept) {
    my ($self, $c) = @_;
@ -130,6 +131,7 @@ sub create :Chained('list_admin') :PathPart('create') :Args(0) :AllowedRole(admi
            }
            $form->values->{md5pass} = undef;
            $form->values->{saltedpass} = NGCP::Panel::Utils::Auth::generate_salted_hash(delete $form->values->{password});
+            $form->values->{role_id} = NGCP::Panel::Utils::UserRole::resolve_role_id($c, $form->values);
            $c->stash->{admins}->create($form->values);
            delete $c->session->{created_objects}->{reseller};
            NGCP::Panel::Utils::Message::info(
@ -239,6 +241,8 @@ sub edit :Chained('base') :PathPart('edit') :Args(0) {
                delete $form->values->{reseller_id};
            }

+            $form->values->{role_id} = NGCP::Panel::Utils::UserRole::resolve_role_id($c, $form->values);
+
            $c->stash->{administrator}->update($form->values);
            delete $c->session->{created_objects}->{reseller};
            NGCP::Panel::Utils::Message::info(
--- a/lib/NGCP/Panel/Role/API/Admins.pm
+++ b/lib/NGCP/Panel/Role/API/Admins.pm
@ -11,6 +11,7 @@ use HTTP::Status qw(:constants);

 use NGCP::Panel::Utils::DateTime;
 use NGCP::Panel::Utils::Auth;
+use NGCP::Panel::Utils::UserRole;

 sub item_name{
    return 'admin';
@ -166,6 +167,9 @@ sub update_item {
        $resource = $old_resource;
        $resource->{is_active} = $active;
    }
+
+    $resource->{role_id} = NGCP::Panel::Utils::UserRole::resolve_role_id($c, $resource);
+
    $item->update($resource);

    return $item;
--- a/lib/NGCP/Panel/Utils/UserRole.pm
+++ b/lib/NGCP/Panel/Utils/UserRole.pm
@ -0,0 +1,47 @@
+package NGCP::Panel::Utils::UserRole;
+
+use Sipwise::Base;
+
+sub _flags_to_name {
+    my (%flags) = @_;
+
+    # "system" - is_system = 1,
+    # "admin" - is_superuser = 1
+    # "reseller" - is_superuser = 0
+    # "ccareadmin" - is_ccare = 1, is_superuser = 1
+    # "ccare" = is_ccare = 1, is_superuser = 0
+    # "lawful_intercept" - lintercept = 1
+
+    if ($flags{is_system}) {
+        return 'system';
+    }
+
+    if ($flags{lawful_intercept}) {
+        return 'lintercept'
+    }
+
+    if ($flags{is_superuser}) {
+        if ($flags{is_ccare}) {
+            return 'ccareadmin';
+        }
+        return 'admin';
+    }
+
+    if ($flags{is_ccare}) {
+        return 'ccare';
+    }
+
+    return 'reseller';
+}
+
+
+sub resolve_role_id {
+    my ($c, $params) = @_;
+
+    my $role_name = &_flags_to_name(%$params);
+    my $role = $c->model('DB')->resultset('acl_roles')->search({role => $role_name})->first;
+
+    return $role->id;
+}
+
+1;