projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
a5e611f
)
"Edit password" ACL, #21178, part 2
author
Mark Wells
<mark@freeside.biz>
Wed, 27 Feb 2013 20:47:34 +0000
(12:47 -0800)
committer
Mark Wells
<mark@freeside.biz>
Wed, 27 Feb 2013 20:47:34 +0000
(12:47 -0800)
13 files changed:
FS/FS/AccessRight.pm
patch
|
blob
|
history
FS/FS/Schema.pm
patch
|
blob
|
history
FS/FS/access_right.pm
patch
|
blob
|
history
FS/FS/part_svc.pm
patch
|
blob
|
history
httemplate/browse/part_svc.cgi
patch
|
blob
|
history
httemplate/edit/part_svc.cgi
patch
|
blob
|
history
httemplate/edit/process/cust_svc.cgi
patch
|
blob
|
history
httemplate/edit/svc_acct.cgi
patch
|
blob
|
history
httemplate/misc/process/change-password.html
patch
|
blob
|
history
httemplate/view/elements/svc_Common.html
patch
|
blob
|
history
httemplate/view/elements/svc_edit_link.html
patch
|
blob
|
history
httemplate/view/svc_acct.cgi
patch
|
blob
|
history
httemplate/view/svc_acct/basics.html
patch
|
blob
|
history
diff --git
a/FS/FS/AccessRight.pm
b/FS/FS/AccessRight.pm
index
50fb0e3
..
a60d033
100644
(file)
--- a/
FS/FS/AccessRight.pm
+++ b/
FS/FS/AccessRight.pm
@@
-162,6
+162,7
@@
tie my %rights, 'Tie::IxHash',
'Recharge customer service', #NEW
'Unprovision customer service',
'Change customer service', #NEWNEW
'Recharge customer service', #NEW
'Unprovision customer service',
'Change customer service', #NEWNEW
+ 'Edit password',
'Edit usage', #NEW
'Edit home dir', #NEW
'Edit www config', #NEW
'Edit usage', #NEW
'Edit home dir', #NEW
'Edit www config', #NEW
diff --git
a/FS/FS/Schema.pm
b/FS/FS/Schema.pm
index
774dcd2
..
eff4878
100644
(file)
--- a/
FS/FS/Schema.pm
+++ b/
FS/FS/Schema.pm
@@
-2112,7
+2112,8
@@
sub tables_hashref {
'preserve', 'char', 'NULL', 1, '', '',
'selfservice_access', 'varchar', 'NULL', $char_d, '', '',
'classnum', 'int', 'NULL', '', '', '',
'preserve', 'char', 'NULL', 1, '', '',
'selfservice_access', 'varchar', 'NULL', $char_d, '', '',
'classnum', 'int', 'NULL', '', '', '',
- ],
+ 'restrict_edit_password','char', 'NULL', 1, '', '',
+],
'primary_key' => 'svcpart',
'unique' => [],
'index' => [ [ 'disabled' ] ],
'primary_key' => 'svcpart',
'unique' => [],
'index' => [ [ 'disabled' ] ],
@@
-2260,6
+2261,7
@@
sub tables_hashref {
'cgp_sendmdnmode', 'varchar', 'NULL', $char_d, '', '',#SendMDNMode
#mail
#XXX RPOP settings
'cgp_sendmdnmode', 'varchar', 'NULL', $char_d, '', '',#SendMDNMode
#mail
#XXX RPOP settings
+ #
],
'primary_key' => 'svcnum',
#'unique' => [ [ 'username', 'domsvc' ] ],
],
'primary_key' => 'svcnum',
#'unique' => [ [ 'username', 'domsvc' ] ],
diff --git
a/FS/FS/access_right.pm
b/FS/FS/access_right.pm
index
0c61896
..
0e8bf45
100644
(file)
--- a/
FS/FS/access_right.pm
+++ b/
FS/FS/access_right.pm
@@
-228,7
+228,9
@@
sub _upgrade_data { # class method
'Usage: Call Detail Records (CDRs)',
'Usage: Unrateable CDRs',
],
'Usage: Call Detail Records (CDRs)',
'Usage: Unrateable CDRs',
],
- ;
+ 'Provision customer service' => [ 'Edit password' ],
+
+;
foreach my $old_acl ( keys %onetime ) {
foreach my $old_acl ( keys %onetime ) {
diff --git
a/FS/FS/part_svc.pm
b/FS/FS/part_svc.pm
index
c471771
..
6ca4889
100644
(file)
--- a/
FS/FS/part_svc.pm
+++ b/
FS/FS/part_svc.pm
@@
-58,6
+58,13
@@
L<FS::svc_domain>, and L<FS::svc_forward>, among others.
=item preserve - Preserve after cancellation, empty or 'Y'
=item preserve - Preserve after cancellation, empty or 'Y'
+=item selfservice_access - Access allowed to the service via self-service:
+empty for full access, "readonly" for read-only, "hidden" to hide it entirely
+
+=item restrict_edit_password - Require the "Provision customer service" access
+right to change the password field, rather than just "Edit password". Only
+relevant to svc_acct for now.
+
=back
=head1 METHODS
=back
=head1 METHODS
@@
-391,7
+398,8
@@
sub check {
|| $self->ut_enum('preserve', [ '', 'Y' ] )
|| $self->ut_enum('selfservice_access', [ '', 'hidden', 'readonly' ] )
|| $self->ut_foreign_keyn('classnum', 'part_svc_class', 'classnum' )
|| $self->ut_enum('preserve', [ '', 'Y' ] )
|| $self->ut_enum('selfservice_access', [ '', 'hidden', 'readonly' ] )
|| $self->ut_foreign_keyn('classnum', 'part_svc_class', 'classnum' )
- ;
+ || $self->ut_enum('restrict_edit_password', [ '', 'Y' ] )
+;
return $error if $error;
my @fields = eval { fields( $self->svcdb ) }; #might die
return $error if $error;
my @fields = eval { fields( $self->svcdb ) }; #might die
diff --git
a/httemplate/browse/part_svc.cgi
b/httemplate/browse/part_svc.cgi
index
a8f4a7c
..
f941ae5
100755
(executable)
--- a/
httemplate/browse/part_svc.cgi
+++ b/
httemplate/browse/part_svc.cgi
@@
-82,6
+82,7
@@
function part_export_areyousure(href) {
% }
% @dfields ;
% my $rowspan = scalar(@fields) || 1;
% }
% @dfields ;
% my $rowspan = scalar(@fields) || 1;
+% $rowspan++ if $part_svc->restrict_edit_password;
% my $url = "${p}edit/part_svc.cgi?". $part_svc->svcpart;
%
% if ( $bgcolor eq $bgcolor1 ) {
% my $url = "${p}edit/part_svc.cgi?". $part_svc->svcpart;
%
% if ( $bgcolor eq $bgcolor1 ) {
@@
-183,15
+184,21
@@
function part_export_areyousure(href) {
% } else {
<% $value %>
% } else {
<% $value %>
-% }
+% }
</TD>
% $n1="</TR><TR>";
</TD>
% $n1="</TR><TR>";
-% }
-%
+% } #foreach $field
+% if ( $part_svc->restrict_edit_password ) {
+ <TR>
+ <TD CLASS="grid" BGCOLOR="<% $bgcolor %>" COLSPAN=4 ALIGN="left">
+ <B><% emt('Password editing restricted.') %></B>
+ </TD>
+ </TR>
+% }
</TR>
</TR>
-% }
+% }
#foreach $part_svc
</TABLE>
</BODY>
</TABLE>
</BODY>
diff --git
a/httemplate/edit/part_svc.cgi
b/httemplate/edit/part_svc.cgi
index
007c246
..
8a84b20
100755
(executable)
--- a/
httemplate/edit/part_svc.cgi
+++ b/
httemplate/edit/part_svc.cgi
@@
-407,6
+407,20
@@
%
% } #foreach my $field (@fields) {
%
%
% } #foreach my $field (@fields) {
%
+% if ( $layer eq 'svc_acct' ) {
+% # eww, more ugly special-caseyness
+% $html .=
+% '<TR><TD COLSPAN=3 ALIGN="right">'.
+% emt('Require "Provision" access right to edit password').
+% '</TD><TD>'.
+% '<INPUT TYPE="checkbox" NAME="restrict_edit_password" VALUE="Y"'.
+% ($part_svc->restrict_edit_password ? ' CHECKED' : '').
+% '></TD></TR>';
+% } else {
+% $html .=
+% '<INPUT TYPE="hidden" NAME="restrict_edit_password" VALUE="">';
+% }
+%
% $part_svc->svcpart('') if $clone; #undone
% $html .= "</TABLE>";
%
% $part_svc->svcpart('') if $clone; #undone
% $html .= "</TABLE>";
%
@@
-414,7
+428,7
@@
% $layer, #form name
% [ qw(svc svcpart classnum selfservice_access
% disabled preserve
% $layer, #form name
% [ qw(svc svcpart classnum selfservice_access
% disabled preserve
-% exportnum),
+% exportnum
restrict_edit_password
),
% @fields ],
% 'process/part_svc.cgi',
% $p.'browse/part_svc.cgi',
% @fields ],
% 'process/part_svc.cgi',
% $p.'browse/part_svc.cgi',
diff --git
a/httemplate/edit/process/cust_svc.cgi
b/httemplate/edit/process/cust_svc.cgi
index
e22cbb2
..
7cb1d6d
100644
(file)
--- a/
httemplate/edit/process/cust_svc.cgi
+++ b/
httemplate/edit/process/cust_svc.cgi
@@
-6,7
+6,7
@@
%}
<%init>
%}
<%init>
-die 'access de
in
ed'
+die 'access de
ni
ed'
unless $FS::CurrentUser::CurrentUser->access_right('Change customer service');
my $svcnum = $cgi->param('svcnum');
unless $FS::CurrentUser::CurrentUser->access_right('Change customer service');
my $svcnum = $cgi->param('svcnum');
diff --git
a/httemplate/edit/svc_acct.cgi
b/httemplate/edit/svc_acct.cgi
index
c1f7455
..
627791b
100755
(executable)
--- a/
httemplate/edit/svc_acct.cgi
+++ b/
httemplate/edit/svc_acct.cgi
@@
-9,19
+9,6
@@
<BR>
% }
<BR>
% }
-<SCRIPT TYPE="text/javascript">
-function randomPass() {
- var i=0;
- var pw_set='<% join('', 'a'..'z', 'A'..'Z', '0'..'9' ) %>';
- var pass='';
- while(i < 8) {
- i++;
- pass += pw_set.charAt(Math.floor(Math.random() * pw_set.length));
- }
- document.OneTrueForm.clear_password.value = pass;
-}
-</SCRIPT>
-
<FORM NAME="OneTrueForm" ACTION="<% $p1 %>process/svc_acct.cgi" METHOD=POST>
<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>">
<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
<FORM NAME="OneTrueForm" ACTION="<% $p1 %>process/svc_acct.cgi" METHOD=POST>
<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>">
<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
@@
-57,10
+44,11
@@
function randomPass() {
%if ( $part_svc->part_svc_column('_password')->columnflag ne 'F' ) {
<TR>
%if ( $part_svc->part_svc_column('_password')->columnflag ne 'F' ) {
<TR>
+% #XXX eventually should require "Edit Password" ACL
<TD ALIGN="right"><% mt('Password') |h %></TD>
<TD>
<TD ALIGN="right"><% mt('Password') |h %></TD>
<TD>
- <INPUT TYPE="text" NAME="clear_password" VALUE="<% $password %>" SIZE=<% $pmax2 %> MAXLENGTH=<% $pmax %>>
- <
INPUT TYPE="button" VALUE="<% mt('Generate') |h %>" onclick="randomPass();"
>
+ <INPUT TYPE="text"
ID="clear_password"
NAME="clear_password" VALUE="<% $password %>" SIZE=<% $pmax2 %> MAXLENGTH=<% $pmax %>>
+ <
& /elements/random_pass.html, 'clear_password' &
>
</TD>
</TR>
%}else{
</TD>
</TR>
%}else{
diff --git
a/httemplate/misc/process/change-password.html
b/httemplate/misc/process/change-password.html
index
7005439
..
7cab9c4
100644
(file)
--- a/
httemplate/misc/process/change-password.html
+++ b/
httemplate/misc/process/change-password.html
@@
-1,11
+1,16
@@
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
-die "access denied" unless $curuser->access_right('Edit password');
$cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum";
my $svcnum = $1;
my $svc_acct = FS::svc_acct->by_key($svcnum)
or die "svc_acct $svcnum not found";
$cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum";
my $svcnum = $1;
my $svc_acct = FS::svc_acct->by_key($svcnum)
or die "svc_acct $svcnum not found";
+my $part_svc = $svc_acct->part_svc;
+die "access denied" unless (
+ $curuser->access_right('Provision customer service') or
+ ( $curuser->access_right('Edit password') and
+ ! $part_svc->restrict_edit_password )
+ );
my $error = $svc_acct->set_password($cgi->param('password'))
|| $svc_acct->replace;
my $error = $svc_acct->set_password($cgi->param('password'))
|| $svc_acct->replace;
diff --git
a/httemplate/view/elements/svc_Common.html
b/httemplate/view/elements/svc_Common.html
index
f7c685c
..
46b9c28
100644
(file)
--- a/
httemplate/view/elements/svc_Common.html
+++ b/
httemplate/view/elements/svc_Common.html
@@
-52,7
+52,7
@@
function areyousure(href) {
<% mt('Service #') |h %><B><% $svcnum %></B>
% my $url = $opt{'edit_url'} || $p. 'edit/'. $opt{'table'}. '.cgi?';
<% mt('Service #') |h %><B><% $svcnum %></B>
% my $url = $opt{'edit_url'} || $p. 'edit/'. $opt{'table'}. '.cgi?';
-
|
<& /view/elements/svc_edit_link.html, 'svc' => $svc_x, 'edit_url' => $url &>
+<& /view/elements/svc_edit_link.html, 'svc' => $svc_x, 'edit_url' => $url &>
<BR>
<% ntable("#cccccc") %><TR><TD><% ntable("#cccccc",2) %>
<BR>
<% ntable("#cccccc") %><TR><TD><% ntable("#cccccc",2) %>
diff --git
a/httemplate/view/elements/svc_edit_link.html
b/httemplate/view/elements/svc_edit_link.html
index
d65db0a
..
5438ed2
100644
(file)
--- a/
httemplate/view/elements/svc_edit_link.html
+++ b/
httemplate/view/elements/svc_edit_link.html
@@
-7,8
+7,12
@@
function areyousure_delete() {
window.location.href = '<% $cancel_url %>';
}
</SCRIPT>
window.location.href = '<% $cancel_url %>';
}
</SCRIPT>
-<A HREF="<% $edit_url %>"><% mt("Edit this [_1]", $label) |h %></A> |
-<A HREF="javascript:areyousure_delete()"><% mt('Unprovision this Service') |h %></A>
+% if ( $curuser->access_right('Provision customer service') ) {
+| <A HREF="<% $edit_url %>"><% mt("Edit this [_1]", $label) |h %></A>
+% }
+% if ( $curuser->access_right('Unprovision customer service') ) {
+| <A HREF="javascript:areyousure_delete()"><% mt('Unprovision this Service') |h %></A>
+% }
% }
<%init>
my %opt = @_;
% }
<%init>
my %opt = @_;
@@
-20,4
+24,5
@@
my $cancel_url = $p . 'misc/unprovision.cgi?' . $svc_x->svcnum;
my $cust_svc = $svc_x->cust_svc; # always exists
my $cancel_date = $cust_svc->pkg_cancel_date;
my ($label) = $cust_svc->label;
my $cust_svc = $svc_x->cust_svc; # always exists
my $cancel_date = $cust_svc->pkg_cancel_date;
my ($label) = $cust_svc->label;
+my $curuser = $FS::CurrentUser::CurrentUser;
</%init>
</%init>
diff --git
a/httemplate/view/svc_acct.cgi
b/httemplate/view/svc_acct.cgi
index
1995913
..
76631ba
100755
(executable)
--- a/
httemplate/view/svc_acct.cgi
+++ b/
httemplate/view/svc_acct.cgi
@@
-37,7
+37,6
@@
&>
<% mt('Service #') |h %><B><% $svcnum %></B>
&>
<% mt('Service #') |h %><B><% $svcnum %></B>
-|
<& /view/elements/svc_edit_link.html, 'svc' => $svc_acct &>
<& svc_acct/change_svc.html,
'part_svc' => \@part_svc,
<& /view/elements/svc_edit_link.html, 'svc' => $svc_acct &>
<& svc_acct/change_svc.html,
'part_svc' => \@part_svc,
@@
-90,8
+89,12
@@
die "access denied"
my $addl_from = ' LEFT JOIN cust_svc USING ( svcnum ) '.
' LEFT JOIN cust_pkg USING ( pkgnum ) '.
' LEFT JOIN cust_main USING ( custnum ) ';
my $addl_from = ' LEFT JOIN cust_svc USING ( svcnum ) '.
' LEFT JOIN cust_pkg USING ( pkgnum ) '.
' LEFT JOIN cust_main USING ( custnum ) ';
-
-my($query) = $cgi->keywords;
+my $query;
+if ( $cgi->keywords ) {
+ ($query) = $cgi->keywords;
+} else {
+ $query = $cgi->param('svcnum');
+}
$query =~ /^(\d+)$/;
my $svcnum = $1;
my $svc_acct = qsearchs({
$query =~ /^(\d+)$/;
my $svcnum = $1;
my $svc_acct = qsearchs({
diff --git
a/httemplate/view/svc_acct/basics.html
b/httemplate/view/svc_acct/basics.html
index
2d9953f
..
04e7bcf
100644
(file)
--- a/
httemplate/view/svc_acct/basics.html
+++ b/
httemplate/view/svc_acct/basics.html
@@
-20,7
+20,7
@@
% if ( $password =~ /^\*\w+\* (.*)$/ ) {
% $password = $1;
% $show_pw .= '<I>('. mt('login disabled') .')</I> ';
% if ( $password =~ /^\*\w+\* (.*)$/ ) {
% $password = $1;
% $show_pw .= '<I>('. mt('login disabled') .')</I> ';
-% }
+% }
% if ( ! $password
% && $svc_acct->_password_encryption ne 'plain'
% && $svc_acct->_password
% if ( ! $password
% && $svc_acct->_password_encryption ne 'plain'
% && $svc_acct->_password
@@
-28,13
+28,27
@@
% {
% $show_pw .= '<I>('. uc($svc_acct->_password_encryption). ' '.mt('encrypted').')</I>';
% } elsif ( $conf->exists('showpasswords') ) {
% {
% $show_pw .= '<I>('. uc($svc_acct->_password_encryption). ' '.mt('encrypted').')</I>';
% } elsif ( $conf->exists('showpasswords') ) {
-% $show_pw .= '<
PRE
>'. encode_entities($password). '</PRE>';
+% $show_pw .= '<
SPAN
>'. encode_entities($password). '</PRE>';
% } else {
% } else {
+% $password = '';
% $show_pw .= '<I>('. mt('hidden') .')</I>';
% $show_pw .= '<I>('. mt('hidden') .')</I>';
-% }
-% $password = '';
-<& /view/elements/tr.html, label=>mt('Password'), value=>$show_pw &>
-
+% }
+<TR>
+ <TD ALIGN="right"><% mt('Password') %></TD>
+ <TD STYLE="background-color: #ffffff; white-space: nowrap">
+ <% $show_pw %>
+% my $curuser = $FS::CurrentUser::CurrentUser;
+% if ( $curuser->access_right('Provision customer service') or
+% ($curuser->access_right('Edit password') and
+% ! $part_svc->restrict_edit_password) )
+% {
+ <& /elements/change_password.html,
+ 'svc_acct' => $svc_acct,
+ 'curr_value' => $password,
+ &>
+% }
+ </TD>
+</TR>
% if ( $conf->exists('security_phrase') ) {
<& /view/elements/tr.html, label=>mt('Security phrase'), value=>$svc_acct->sec_phrase &>
% if ( $conf->exists('security_phrase') ) {
<& /view/elements/tr.html, label=>mt('Security phrase'), value=>$svc_acct->sec_phrase &>