TT#23569 Fix interception ACLs

* Make sure resellers with interception rights can query both
  collections and items
* Make sure we only query the reseller specific interceptions
  when accessing API as reseller

Change-Id: I3010f899cbbd1a7a4f60025d95f09f013cc07c03
(cherry picked from commit eb09639458)

lib/NGCP/Panel/Controller/API/Interceptions.pm

@@ -66,7 +66,7 @@ __PACKAGE__->config(
     action => {
         map { $_ => {
             ACLDetachTo => '/api/root/invalid_user',
-            AllowedRole => [qw/admin/],
+            AllowedRole => [qw/admin reseller/],
             Args => 0,
             Does => [qw(ACL CheckTrailingSlash RequireSSL)],
             Method => $_,

lib/NGCP/Panel/Controller/API/InterceptionsItem.pm

@@ -51,7 +51,12 @@ sub auto :Private {
     my ($self, $c) = @_;
 
     $self->set_body($c);
-    $self->log_request($c);
+    #$self->log_request($c);
+
+    unless($c->user->lawful_intercept) {
+        $self->error($c, HTTP_FORBIDDEN, "Accessing user has no LI privileges.");
+        return;
+    }
 }
 
 sub GET :Allow {

lib/NGCP/Panel/Role/API/Interceptions.pm

@@ -15,6 +15,11 @@ sub _item_rs {
     my $item_rs = $c->model('InterceptDB')->resultset('voip_intercept')->search({
         deleted => 0,
     });
+    if($c->user->roles eq "reseller") {
+        $item_rs = $item_rs->search({
+            reseller_id => $c->user->reseller_id,
+        });
+    }
     return $item_rs;
 }