options to limit access to full customer list, #15928

8 files changed, 220 insertions, 0 deletions

diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm
index 1bfae03ad..b164948f2 100644
--- a/FS/FS/AccessRight.pm
+++ b/FS/FS/AccessRight.pm
@@ -253,6 +253,7 @@ tie my %rights, 'Tie::IxHash',
   ###
   'Reporting/listing rights' => [
     'List customers',
+    'List all customers',
     'List zip codes', #NEW
     'List invoices',
     'List packages',
@@ -266,6 +267,8 @@ tie my %rights, 'Tie::IxHash',
     { rightname=> 'List inventory', global=>1 },
     { rightname=>'View email logs', global=>1 },
 
+    'Download report data',
+
     #{ rightname => 'List customers of all agents', global=>1 },
   ],
   
diff --git a/FS/FS/Conf.pm b/FS/FS/Conf.pm
index 344dc2aee..4a4f92c8a 100644
--- a/FS/FS/Conf.pm
+++ b/FS/FS/Conf.pm
@@ -1572,6 +1572,13 @@ and customer address. Include units.',
   },
 
   {
+    'key'         => 'disable_maxselect',
+    'section'     => 'UI',
+    'description' => 'Prevent changing the number of records per page.',
+    'type'        => 'checkbox',
+  },
+
+  {
     'key'         => 'session-start',
     'section'     => 'session',
     'description' => 'If defined, the command which is executed on the Freeside machine when a session begins.  The contents of the file are treated as a double-quoted perl string, with the following variables available: <code>$ip</code>, <code>$nasip</code> and <code>$nasfqdn</code>, which are the IP address of the starting session, and the IP address and fully-qualified domain name of the NAS this session is on.',
diff --git a/FS/FS/Schema.pm b/FS/FS/Schema.pm
index ef7a24445..fdf29e0a0 100644
--- a/FS/FS/Schema.pm
+++ b/FS/FS/Schema.pm
@@ -3604,6 +3604,19 @@ sub tables_hashref {
       'index'  => [],
     },
 
+    'upgrade_journal' => {
+      'columns' => [
+        'upgradenum', 'serial', '', '', '', '',
+        '_date', 'int', '', '', '', '',
+        'upgrade', 'varchar', '', $char_d, '', '',
+        'status', 'varchar', '', $char_d, '', '',
+        'statustext', 'varchar', 'NULL', $char_d, '', '',
+      ],
+      'primary_key' => 'upgradenum',
+      'unique' => [ [ 'upgradenum' ] ],
+      'index' => [ [ 'upgrade' ] ],
+    },
+
     %{ tables_hashref_torrus() },
 
     # tables of ours for doing torrus virtual port combining
diff --git a/FS/FS/Upgrade.pm b/FS/FS/Upgrade.pm
index 8f66c66b5..aabc4e72f 100644
--- a/FS/FS/Upgrade.pm
+++ b/FS/FS/Upgrade.pm
@@ -7,6 +7,7 @@ use Tie::IxHash;
 use FS::UID qw( dbh driver_name );
 use FS::Conf;
 use FS::Record qw(qsearchs qsearch str2time_sql);
+use FS::upgrade_journal;
 
 use FS::svc_domain;
 $FS::svc_domain::whois_hack = 1;
diff --git a/FS/FS/access_right.pm b/FS/FS/access_right.pm
index ef8cc6cd8..d2a39aac8 100644
--- a/FS/FS/access_right.pm
+++ b/FS/FS/access_right.pm
@@ -180,6 +180,44 @@ sub _upgrade_data { # class method
 
   }
 
+  my @all_groups = qsearch('access_group', {});
+
+  ### ACL_list_all_customers
+  if ( !FS::upgrade_journal->is_done('ACL_list_all_customers') ) {
+
+    # grant "List all customers" to all users who have "List customers"
+    for my $group (@all_groups) {
+      if ( $group->access_right('List customers') ) {
+        my $access_right = FS::access_right->new( {
+            'righttype'   => 'FS::access_group',
+            'rightobjnum' => $group->groupnum,
+            'rightname'   => 'List all customers',
+        } );
+        my $error = $access_right->insert;
+        die $error if $error;
+      }
+    }
+    
+    FS::upgrade_journal->set_done('ACL_list_all_customers');
+  }
+
+  ### ACL_download_report_data
+  if ( !FS::upgrade_journal->is_done('ACL_download_report_data') ) {
+
+    # grant to everyone
+    for my $group (@all_groups) {
+      my $access_right = FS::access_right->new( {
+          'righttype'   => 'FS::access_group',
+          'rightobjnum' => $group->groupnum,
+          'rightname'   => 'Download report data',
+      } );
+      my $error = $access_right->insert;
+      die $error if $error;
+    }
+
+    FS::upgrade_journal->set_done('ACL_download_report_data');
+  }
+
   '';
 
 }
diff --git a/FS/FS/upgrade_journal.pm b/FS/FS/upgrade_journal.pm
new file mode 100644
index 000000000..8f6d121a3
--- /dev/null
+++ b/FS/FS/upgrade_journal.pm
@@ -0,0 +1,151 @@
+package FS::upgrade_journal;
+
+use strict;
+use base qw( FS::Record );
+use FS::Record qw( qsearch qsearchs );
+
+=head1 NAME
+
+FS::upgrade_journal - Object methods for upgrade_journal records
+
+=head1 SYNOPSIS
+
+  use FS::upgrade_journal;
+
+  $record = new FS::upgrade_journal \%hash;
+  $record = new FS::upgrade_journal { 'column' => 'value' };
+
+  $error = $record->insert;
+
+  # Typical use case
+  my $upgrade = 'rename_all_customers_to_Bob';
+  if ( ! FS::upgrade_journal->is_done($upgrade) ) {
+    ... # do the upgrade, then, if it succeeds
+    FS::upgrade_journal->set_done($upgrade);
+  }
+
+=head1 DESCRIPTION
+
+An FS::upgrade_journal object records an upgrade procedure that was run 
+on the database.  FS::upgrade_journal inherits from FS::Record.  The 
+following fields are currently supported:
+
+=over 4
+
+=item upgradenum - primary key
+
+=item _date - unix timestamp when the upgrade was run
+
+=item upgrade - string identifier for the upgrade procedure; must match /^\w+$/
+
+=item status - either 'done' or 'failed'
+
+=item statustext - any other message that needs to be recorded
+
+=back
+
+=head1 METHODS
+
+=over 4
+
+=item new HASHREF
+
+Creates a new upgrade record.  To add it to the database, see L<"insert">.
+
+Note that this stores the hash reference, not a distinct copy of the hash it
+points to.  You can ask the object for a copy with the I<hash> method.
+
+=cut
+
+# the new method can be inherited from FS::Record, if a table method is defined
+
+sub table { 'upgrade_journal'; }
+
+=item insert
+
+Adds this record to the database.  If there is an error, returns the error,
+otherwise returns false.
+
+=cut
+
+# the insert method can be inherited from FS::Record
+
+sub delete  { die "upgrade_journal records can't be deleted" }
+sub replace { die "upgrade_journal records can't be modified" }
+
+=item check
+
+Checks all fields to make sure this is a valid example.  If there is
+an error, returns the error, otherwise returns false.  Called by the insert
+and replace methods.
+
+=cut
+
+# the check method should currently be supplied - FS::Record contains some
+# data checking routines
+
+sub check {
+  my $self = shift;
+
+  if ( !$self->_date ) {
+    $self->_date(time);
+  }
+
+  my $error = 
+    $self->ut_numbern('upgradenum')
+    || $self->ut_number('_date')
+    || $self->ut_alpha('upgrade')
+    || $self->ut_text('status')
+    || $self->ut_textn('statustext')
+  ;
+  return $error if $error;
+
+  $self->SUPER::check;
+}
+
+=back
+
+=head1 CLASS METHODS
+
+=over 4
+
+=item is_done UPGRADE
+
+Returns the upgrade entry with identifier UPGRADE and status 'done', if 
+there is one.  This is an easy way to check whether an upgrade has been done.
+
+=cut
+
+sub is_done {
+  my ($class, $upgrade) = @_;
+  qsearch('upgrade_journal', { 'status' => 'done', 'upgrade' => $upgrade })
+}
+
+=item set_done UPGRADE
+
+Creates and inserts an upgrade entry with the current time, status 'done', 
+and identifier UPGRADE.  Dies on error.
+
+=cut
+
+sub set_done {
+  my ($class, $upgrade) = @_;
+  my $new = $class->new({ 'status' => 'done', 'upgrade' => $upgrade });
+  my $error = $new->insert;
+  die $error if $error;
+  $new;
+}
+
+
+=head1 BUGS
+
+Despite how it looks, this is not currently suitable for use as a mutex.
+
+=head1 SEE ALSO
+
+L<FS::Record>, schema.html from the base documentation.
+
+=cut
+
+1;
+
diff --git a/FS/MANIFEST b/FS/MANIFEST
index 49d27b437..0a0580412 100644
--- a/FS/MANIFEST
+++ b/FS/MANIFEST
@@ -630,3 +630,5 @@ FS/tower_sector.pm
 t/tower_sector.t
 FS/h_svc_cert.pm
 t/h_svc_cert.t
+FS/upgrade_journal.pm
+FS/upgrade_journal.t
diff --git a/FS/t/upgrade_journal.t b/FS/t/upgrade_journal.t
new file mode 100644
index 000000000..0822effc5
--- /dev/null
+++ b/FS/t/upgrade_journal.t
@@ -0,0 +1,5 @@
+BEGIN { $| = 1; print "1..1\n" }
+END {print "not ok 1\n" unless $loaded;}
+use FS::upgrade_journal;
+$loaded=1;
+print "ok 1\n";