121 lines
2.8 KiB
121 lines
2.8 KiB
package NGCP::Panel::Utils::UserRole;
|
|
|
|
use Sipwise::Base;
|
|
use Scalar::Util qw(blessed);
|
|
|
|
sub _flags_to_name {
|
|
my $params = shift;
|
|
return unless $params && ref $params;
|
|
|
|
my %flags;
|
|
if (blessed($params)) { # object
|
|
map { $flags{$_} = $params->$_ }
|
|
qw(is_system is_superuser is_ccare lawful_intercept);
|
|
} else {
|
|
%flags = %{$params};
|
|
}
|
|
|
|
# "system" - is_system = 1,
|
|
# "admin" - is_superuser = 1
|
|
# "reseller" - is_superuser = 0
|
|
# "ccareadmin" - is_ccare = 1, is_superuser = 1
|
|
# "ccare" = is_ccare = 1, is_superuser = 0
|
|
# "lawful_intercept" - lintercept = 1
|
|
|
|
if ($flags{is_system}) {
|
|
return 'system';
|
|
}
|
|
|
|
if ($flags{lawful_intercept}) {
|
|
return 'lintercept'
|
|
}
|
|
|
|
if ($flags{is_superuser}) {
|
|
if ($flags{is_ccare}) {
|
|
return 'ccareadmin';
|
|
}
|
|
return 'admin';
|
|
}
|
|
|
|
if ($flags{is_ccare}) {
|
|
return 'ccare';
|
|
}
|
|
|
|
return 'reseller';
|
|
}
|
|
|
|
sub name_to_flags {
|
|
my $name = shift;
|
|
|
|
my @flag_names = qw/ is_system is_superuser is_ccare lawful_intercept /;
|
|
my %map = (
|
|
system => [1, 0, 0, 0],
|
|
admin => [0, 1, 0, 0],
|
|
reseller => [0, 0, 0, 0],
|
|
ccareadmin => [0, 1, 1, 0],
|
|
ccare => [0, 0, 1, 0],
|
|
lintercept => [0, 0, 0, 1],
|
|
);
|
|
|
|
return $map{$name} ?
|
|
( map { $flag_names[$_] => $map{$name}->[$_] } 0..$#flag_names ) :
|
|
();
|
|
}
|
|
|
|
sub resolve_role_id {
|
|
my ($c, $params) = @_;
|
|
|
|
my $role_name = _flags_to_name($params) // return;
|
|
my $role = &find_row_by_name($c, $role_name);
|
|
|
|
return $role ? $role->id : undef;
|
|
}
|
|
|
|
sub resolve_flags {
|
|
my ($c, $role_id) = @_;
|
|
|
|
my $role_name = $c->model('DB')->resultset('acl_roles')->search({id => $role_id})->first->role
|
|
|| return ();
|
|
|
|
return &name_to_flags($role_name);
|
|
}
|
|
|
|
sub find_row_by_name {
|
|
my ($c, $name) = @_;
|
|
|
|
return $c->model('DB')->resultset('acl_roles')->find({role => $name});
|
|
}
|
|
|
|
sub find_row_by_id {
|
|
my ($c, $id) = @_;
|
|
|
|
return $c->model('DB')->resultset('acl_roles')->find($id);
|
|
}
|
|
|
|
sub resolve_resource_role {
|
|
my ($c, $resource) = @_;
|
|
|
|
my $role_name = delete $resource->{role};
|
|
if ($role_name) {
|
|
$resource = { %$resource, &name_to_flags($role_name) };
|
|
$resource->{role_id} = &find_row_by_name($c, $role_name)->id;
|
|
} else {
|
|
$resource->{role_id} = &resolve_role_id($c, $resource);
|
|
}
|
|
|
|
return $resource;
|
|
}
|
|
|
|
sub has_permission {
|
|
my ($c, $own_role_id, $to_role_id) = @_;
|
|
return 1 if $own_role_id == -1; # NGCP::API::Client user
|
|
return 0 unless $own_role_id && $to_role_id;
|
|
|
|
return $c->model('DB')->resultset('acl_role_mappings')->search({
|
|
accessor_id => $own_role_id,
|
|
has_access_to_id => $to_role_id,
|
|
})->count() ? 1 : 0;
|
|
}
|
|
|
|
1;
|