sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#76111 - Hide LI Admins from NGCP Panel

Browse Source 
* LI Admins are no longer visible in NGCP Panel;
	   they will be managed via config.yml; creation,
	   deletion, email update ar all handled when
           adding/removing/updating a LI admin in config.yml
	 * LI Admins can only change their password and
	   email via Panel UI and API

Change-Id: Idec849e52962b2d5c4cb2a4365cf8c90414c0431
changes/30/40130/5
Flaviu Mates 6 years ago
parent 080b2ac877
commit ec674132df
3 changed files with 27 additions and 17 deletions
Show Stats Download Patch File Download Diff File

22
lib/NGCP/Panel/Controller/Administrator.pm
Unescape View File

@ -20,8 +20,9 @@ sub list_admin :PathPart('administrator') :Chained('/') :CaptureArgs(0) {
my ($self, $c) = @_;
my $dispatch_to = '_admin_resultset_' . $c->user->roles;
my $is_li_admin = $c->user->lawful_intercept;
$c->stash(
admins => $self->$dispatch_to($c),
admins => $self->$dispatch_to($c, $is_li_admin),
template => 'administrator/list.tt',
);
my $cols = [
@ -42,23 +43,23 @@ sub list_admin :PathPart('administrator') :Chained('/') :CaptureArgs(0) {
{ name => "billing_data", title => $c->loc("Show Billing Info") },
{ name => "can_reset_password", title => $c->loc("Can Reset Password") },
);
if($c->user->is_superuser) {
@{ $cols } = (@{ $cols }, { name => "lawful_intercept", title => $c->loc("Lawful Intercept") });
}
$c->stash->{admin_dt_columns} = NGCP::Panel::Utils::Datatables::set_columns($c, $cols);
$c->stash->{special_admin_login} = NGCP::Panel::Utils::Auth::get_special_admin_login();
return;
}
sub _admin_resultset_admin {
my ($self, $c) = @_;
return $c->model('DB')->resultset('admins');
my ($self, $c, $is_li_admin) = @_;
my $condition = $is_li_admin ? {'me.id' => $c->user->id} : {lawful_intercept => 0};
return $c->model('DB')->resultset('admins')->search($condition);
}
sub _admin_resultset_reseller {
my ($self, $c) = @_;
my ($self, $c, $is_li_admin) = @_;
my $condition = $is_li_admin ? {'me.id' => $c->user->id} : {lawful_intercept => 0};
return $c->model('DB')->resultset('admins')->search({
reseller_id => $c->user->reseller_id,
%$condition
});
}
@ -148,8 +149,8 @@ sub base :Chained('list_admin') :PathPart('') :CaptureArgs(1) {
);
NGCP::Panel::Utils::Navigation::back_or($c, $c->uri_for('/administrator'));
}
$c->stash(administrator => $c->stash->{admins}->find($administrator_id));
unless($c->stash->{administrator}) {
$c->stash(administrator => $c->stash->{admins}->find({id => $administrator_id}));
if(!$c->stash->{administrator} || ($c->stash->{administrator} && $c->stash->{administrator}->lawful_intercept && $administrator_id != $c->user->id)) {
NGCP::Panel::Utils::Message::error(
c => $c,
desc => $c->loc('Administrator not found'),
@ -180,7 +181,8 @@ sub edit :Chained('base') :PathPart('edit') :Args(0) {
posted => $posted,
params => $c->request->params,
item => $params,
inactive => $c->stash->{administrator}->id != $c->user->id ? ['password'] : [],
inactive => $c->stash->{administrator}->id != $c->user->id ? ['password'] :
$c->user->lawful_intercept ? ['login', 'is_superuser', 'is_ccare', 'is_master', 'is_active', 'read_only', 'show_passwords', 'call_data', 'billing_data', 'can_reset_password'] : [],
);
NGCP::Panel::Utils::Navigation::check_form_buttons(
c => $c,

6
lib/NGCP/Panel/Form/Administrator/Admin.pm
Unescape View File

@ -5,9 +5,7 @@ extends 'NGCP::Panel::Form::Administrator::Reseller';
use NGCP::Panel::Utils::Auth;
for (qw(is_superuser lawful_intercept)) {
has_field $_ => (type => 'Boolean',);
}
has_field 'is_superuser' => (type => 'Boolean',);
has_field 'reseller' => (
type => '+NGCP::Panel::Field::Reseller',
label => 'Reseller',
@ -17,7 +15,7 @@ has_block 'fields' => (
tag => 'div',
class => [qw(modal-body)],
render_list => [qw(
reseller login password email is_superuser is_master is_ccare is_active read_only show_passwords call_data billing_data lawful_intercept can_reset_password
reseller login password email is_superuser is_master is_ccare is_active read_only show_passwords call_data billing_data can_reset_password
)],
);

16
lib/NGCP/Panel/Role/API/Admins.pm
Unescape View File

@ -32,18 +32,22 @@ sub _item_rs {
my ($self, $c) = @_;
my $item_rs = $c->model('DB')->resultset('admins');
my $condition = $c->user->lawful_intercept ? {'me.id' => $c->user->id} : {lawful_intercept => 0};
if($c->user->roles eq "reseller") {
$item_rs = $item_rs->search({
reseller_id => $c->user->reseller_id
reseller_id => $c->user->reseller_id,
%$condition
});
}
if($c->user->is_master || $c->user->is_superuser) {
# return all (or all of reseller) admins
# return all (or all of reseller) admins except lawful intercept admin
$item_rs = $item_rs->search($condition);
} else {
# otherwise, only return the own admin if master is not set
$item_rs = $item_rs->search({
id => $c->user->id,
%$condition
});
}
return $item_rs;
@ -79,7 +83,7 @@ sub process_form_resource{
$resource->{md5pass} = undef;
$resource->{saltedpass} = NGCP::Panel::Utils::Auth::generate_salted_hash($pass);
}
foreach my $f(qw/billing_data call_data is_active is_master is_superuser is_ccare lawful_intercept read_only show_passwords/) {
foreach my $f(qw/billing_data call_data is_active is_master is_superuser is_ccare read_only show_passwords/) {
$resource->{$f} = (ref $resource->{$f} eq 'JSON::true' || ( defined $resource->{$f} && ( $resource->{$f} eq 'true' || $resource->{$f} eq '1' ) ) ) ? 1 : 0;
}
return $resource;
@ -146,6 +150,12 @@ sub update_item {
$resource = $old_resource;
$resource->{is_active} = $active;
}
if ($c->user->lawful_intercept) {
#allow LI admins to only change password and email
delete @$resource{qw/billing_data call_data can_reset_password is_active is_ccare is_master is_superuser login read_only show_passwords/};
}
$item->update($resource);
return $item;

Write Preview
Loading…
Cancel
Save