From fced11b461ce6a820107a1d662edec13082ea14f Mon Sep 17 00:00:00 2001 From: Andreas Granig Date: Sun, 9 Jun 2013 11:32:26 +0200 Subject: [PATCH] Rework Administrator handling. Use is_superuser as admin indicator. Only show admins, no resellers (will be handled in another view/ctrl). Allow updates without reentering password. Hide internal fields in view. Set sane default values. --- lib/NGCP/Panel/Controller/Administrator.pm | 35 +++++++++++++++------- lib/NGCP/Panel/Controller/Login.pm | 5 ++-- lib/NGCP/Panel/Form/Administrator.pm | 7 +++-- share/templates/administrator/list.tt | 4 +-- share/templates/denied_page.tt | 2 +- 5 files changed, 35 insertions(+), 18 deletions(-) diff --git a/lib/NGCP/Panel/Controller/Administrator.pm b/lib/NGCP/Panel/Controller/Administrator.pm index 21d35e801c..8608eb3e50 100644 --- a/lib/NGCP/Panel/Controller/Administrator.pm +++ b/lib/NGCP/Panel/Controller/Administrator.pm @@ -6,10 +6,14 @@ use NGCP::Panel::Form::Administrator qw(); use NGCP::Panel::Utils qw(); use Digest::MD5 qw(md5_hex); +# TODO: reject any access from non-admins + sub list_admin :PathPart('administrator') :Chained('/') :CaptureArgs(0) { my ($self, $c) = @_; $c->stash( - admins => $c->model('billing')->resultset('admins'), + admins => $c->model('billing') + ->resultset('admins') + ->search_rs(is_superuser => 1), template => 'administrator/list.tt' ); return; @@ -26,8 +30,8 @@ sub ajax :Chained('list_admin') :PathPart('ajax') :Args(0) { $c->forward( '/ajax_process_resultset', [ $admins, - [qw(id reseller_id login is_master is_superuser is_active read_only show_passwords call_data lawful_intercept)], - [ 1, 2 ] + [qw(id login is_master is_active read_only show_passwords call_data lawful_intercept)], + [ 1 ] ] ); $c->detach($c->view('JSON')); @@ -37,8 +41,9 @@ sub ajax :Chained('list_admin') :PathPart('ajax') :Args(0) { sub create :Chained('list_admin') :PathPart('create') :Args(0) { my ($self, $c) = @_; - $c->detach('/denied_page') - unless($c->user->{is_master}); +# use Data::Printer; p $c->user; +# $c->detach('/denied_page') +# unless($c->user->{is_master}); my $form = NGCP::Panel::Form::Administrator->new; $form->process( @@ -53,11 +58,13 @@ sub create :Chained('list_admin') :PathPart('create') :Args(0) { back_uri => $c->uri_for('create') ); if ($form->validated) { - # TODO: check if reseller, and if so, auto-set contract; - # also, only show admins within reseller_id if reseller + # TODO: check if reseller, and if so, auto-set contract; + # also, only show admins within reseller_id if reseller try { delete $form->params->{save}; - $form->params->{md5pass} = md5_hex($form->params->{md5pass}); + $form->params->{is_superuser} = 1; + $form->params->{reseller_id} = 1; + $form->params->{md5pass} = md5_hex($form->params->{md5pass}); $c->model('billing')->resultset('admins')->create($form->params); $c->flash(messages => [{type => 'success', text => 'Administrator created.'}]); $c->response->redirect($c->uri_for); @@ -90,20 +97,24 @@ sub edit :Chained('base') :PathPart('edit') :Args(0) { my $posted = $c->request->method eq 'POST'; my $form = NGCP::Panel::Form::Administrator->new; $c->stash->{administrator}->{'reseller.id'} = delete $c->stash->{administrator}->{reseller_id}; + $form->field('md5pass')->{required} = 0; $form->process( posted => 1, params => $posted ? $c->request->params : $c->stash->{administrator}, action => $c->uri_for($c->stash->{administrator}->{id}, 'edit'), ); + # TODO: if pass is empty, don't update it if ($posted && $form->validated) { try { my $form_values = $form->value; # flatten nested hashref instead of recursive update $form_values->{reseller_id} = delete $form_values->{reseller}{id}; delete $form_values->{reseller}; - if($form_values->{md5pass} and length $form_values->{md5pass}) { - $form_values->{md5pass} = md5_hex($form_values->{md5pass}); - } + if($form_values->{md5pass} and length $form_values->{md5pass}) { + $form_values->{md5pass} = md5_hex($form_values->{md5pass}); + } else { + delete $form_values->{md5pass}; + } $c->stash->{admins}->search_rs({ id => $form_values->{id} })->update($form_values); $c->flash(messages => [{type => 'success', text => 'Administrator changed.'}]); } catch($e) { @@ -178,3 +189,5 @@ Lars Dieckow C<< >> This library is free software. You can redistribute it and/or modify it under the same terms as Perl itself. + +# vim: set tabstop=4 expandtab: diff --git a/lib/NGCP/Panel/Controller/Login.pm b/lib/NGCP/Panel/Controller/Login.pm index d6279f139c..d35d012101 100644 --- a/lib/NGCP/Panel/Controller/Login.pm +++ b/lib/NGCP/Panel/Controller/Login.pm @@ -53,7 +53,7 @@ sub index :Path Form { -and => [ login => $user, is_active => 1, - reseller_id => 1 + is_superuser => 1, ], }], } @@ -69,7 +69,8 @@ sub index :Path Form { -and => [ login => $user, is_active => 1, - reseller_id => { '>' => 1 } + is_superuser => 0, + reseller_id => { '>' => 1 }, ], }], } diff --git a/lib/NGCP/Panel/Form/Administrator.pm b/lib/NGCP/Panel/Form/Administrator.pm index 85c987029c..cf0096dd29 100644 --- a/lib/NGCP/Panel/Form/Administrator.pm +++ b/lib/NGCP/Panel/Form/Administrator.pm @@ -14,7 +14,10 @@ has_field 'reseller' => ( ); has_field 'login' => (type => 'Text', required => 1,); has_field 'md5pass' => (type => 'Password', required => 1, label => 'Password'); -for (qw(is_master is_superuser is_active read_only show_passwords call_data lawful_intercept)) { +for (qw(is_active show_passwords call_data)) { + has_field $_ => (type => 'Boolean', default => 1); +} +for (qw(is_master read_only lawful_intercept)) { has_field $_ => (type => 'Boolean',); } has_field 'save' => (type => 'Submit', element_class => [qw(btn btn-primary)],); @@ -22,7 +25,7 @@ has_block 'fields' => ( tag => 'div', class => [qw(modal-body)], render_list => [qw( - reseller login md5pass is_master is_superuser is_active read_only show_passwords call_data lawful_intercept + login md5pass is_master is_active read_only show_passwords call_data lawful_intercept )], ); has_block 'actions' => (tag => 'div', class => [qw(modal-footer)], render_list => [qw(save)],); diff --git a/share/templates/administrator/list.tt b/share/templates/administrator/list.tt index b6e0f8ba1d..218f2fbaad 100644 --- a/share/templates/administrator/list.tt +++ b/share/templates/administrator/list.tt @@ -3,8 +3,8 @@ helper.name = 'Administrator'; helper.data = admins; helper.messages = messages; - helper.column_titles = [ '#', 'Reseller', 'Login', 'Master', 'Superuser', 'Active', 'Read only', 'Show passwords', 'Call data', 'Lawful intercept' ]; - helper.column_fields = [ 'id', 'reseller_id', 'login', 'is_master', 'is_superuser', 'is_active', 'read_only', 'show_passwords', 'call_data', 'lawful_intercept' ]; + helper.column_titles = [ '#', 'Login', 'Master', 'Active', 'Read only', 'Show passwords', 'Call data', 'Lawful intercept' ]; + helper.column_fields = [ 'id', 'login', 'is_master', 'is_active', 'read_only', 'show_passwords', 'call_data', 'lawful_intercept' ]; helper.close_target = close_target; helper.create_flag = create_flag; diff --git a/share/templates/denied_page.tt b/share/templates/denied_page.tt index a6b75f2b56..198604f2c6 100644 --- a/share/templates/denied_page.tt +++ b/share/templates/denied_page.tt @@ -4,7 +4,7 @@
-

Oops!

+

Nope!

[% c.response.status %] Denied