From 2920cfc494c2811ca7879d6ecaa353d216c9f69d Mon Sep 17 00:00:00 2001 From: Mark Wells Date: Wed, 27 Feb 2013 12:47:34 -0800 Subject: [PATCH] "Edit password" ACL, #21178, part 2 --- FS/FS/AccessRight.pm | 1 + FS/FS/Schema.pm | 4 +++- FS/FS/access_right.pm | 4 +++- FS/FS/part_svc.pm | 10 +++++++++- httemplate/browse/part_svc.cgi | 15 +++++++++++---- httemplate/edit/part_svc.cgi | 16 +++++++++++++++- httemplate/edit/process/cust_svc.cgi | 2 +- httemplate/edit/svc_acct.cgi | 18 +++--------------- httemplate/misc/process/change-password.html | 7 ++++++- httemplate/view/elements/svc_Common.html | 2 +- httemplate/view/elements/svc_edit_link.html | 9 +++++++-- httemplate/view/svc_acct.cgi | 9 ++++++--- httemplate/view/svc_acct/basics.html | 26 ++++++++++++++++++++------ 13 files changed, 86 insertions(+), 37 deletions(-) diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm index 50fb0e3cb..a60d033d6 100644 --- a/FS/FS/AccessRight.pm +++ b/FS/FS/AccessRight.pm @@ -162,6 +162,7 @@ tie my %rights, 'Tie::IxHash', 'Recharge customer service', #NEW 'Unprovision customer service', 'Change customer service', #NEWNEW + 'Edit password', 'Edit usage', #NEW 'Edit home dir', #NEW 'Edit www config', #NEW diff --git a/FS/FS/Schema.pm b/FS/FS/Schema.pm index 774dcd239..eff4878fd 100644 --- a/FS/FS/Schema.pm +++ b/FS/FS/Schema.pm @@ -2112,7 +2112,8 @@ sub tables_hashref { 'preserve', 'char', 'NULL', 1, '', '', 'selfservice_access', 'varchar', 'NULL', $char_d, '', '', 'classnum', 'int', 'NULL', '', '', '', - ], + 'restrict_edit_password','char', 'NULL', 1, '', '', +], 'primary_key' => 'svcpart', 'unique' => [], 'index' => [ [ 'disabled' ] ], @@ -2260,6 +2261,7 @@ sub tables_hashref { 'cgp_sendmdnmode', 'varchar', 'NULL', $char_d, '', '',#SendMDNMode #mail #XXX RPOP settings + # ], 'primary_key' => 'svcnum', #'unique' => [ [ 'username', 'domsvc' ] ], diff --git a/FS/FS/access_right.pm b/FS/FS/access_right.pm index 0c61896b9..0e8bf45a9 100644 --- a/FS/FS/access_right.pm +++ b/FS/FS/access_right.pm @@ -228,7 +228,9 @@ sub _upgrade_data { # class method 'Usage: Call Detail Records (CDRs)', 'Usage: Unrateable CDRs', ], - ; + 'Provision customer service' => [ 'Edit password' ], + +; foreach my $old_acl ( keys %onetime ) { diff --git a/FS/FS/part_svc.pm b/FS/FS/part_svc.pm index c47177171..6ca48894a 100644 --- a/FS/FS/part_svc.pm +++ b/FS/FS/part_svc.pm @@ -58,6 +58,13 @@ L, and L, among others. =item preserve - Preserve after cancellation, empty or 'Y' +=item selfservice_access - Access allowed to the service via self-service: +empty for full access, "readonly" for read-only, "hidden" to hide it entirely + +=item restrict_edit_password - Require the "Provision customer service" access +right to change the password field, rather than just "Edit password". Only +relevant to svc_acct for now. + =back =head1 METHODS @@ -391,7 +398,8 @@ sub check { || $self->ut_enum('preserve', [ '', 'Y' ] ) || $self->ut_enum('selfservice_access', [ '', 'hidden', 'readonly' ] ) || $self->ut_foreign_keyn('classnum', 'part_svc_class', 'classnum' ) - ; + || $self->ut_enum('restrict_edit_password', [ '', 'Y' ] ) +; return $error if $error; my @fields = eval { fields( $self->svcdb ) }; #might die diff --git a/httemplate/browse/part_svc.cgi b/httemplate/browse/part_svc.cgi index a8f4a7c84..f941ae586 100755 --- a/httemplate/browse/part_svc.cgi +++ b/httemplate/browse/part_svc.cgi @@ -82,6 +82,7 @@ function part_export_areyousure(href) { % } % @dfields ; % my $rowspan = scalar(@fields) || 1; +% $rowspan++ if $part_svc->restrict_edit_password; % my $url = "${p}edit/part_svc.cgi?". $part_svc->svcpart; % % if ( $bgcolor eq $bgcolor1 ) { @@ -183,15 +184,21 @@ function part_export_areyousure(href) { % } else { <% $value %> -% } +% } % $n1=""; -% } -% +% } #foreach $field +% if ( $part_svc->restrict_edit_password ) { + + + <% emt('Password editing restricted.') %> + + +% } -% } +% } #foreach $part_svc diff --git a/httemplate/edit/part_svc.cgi b/httemplate/edit/part_svc.cgi index 007c24629..8a84b208a 100755 --- a/httemplate/edit/part_svc.cgi +++ b/httemplate/edit/part_svc.cgi @@ -407,6 +407,20 @@ % % } #foreach my $field (@fields) { % +% if ( $layer eq 'svc_acct' ) { +% # eww, more ugly special-caseyness +% $html .= +% ''. +% emt('Require "Provision" access right to edit password'). +% ''. +% 'restrict_edit_password ? ' CHECKED' : ''). +% '>'; +% } else { +% $html .= +% ''; +% } +% % $part_svc->svcpart('') if $clone; #undone % $html .= ""; % @@ -414,7 +428,7 @@ % $layer, #form name % [ qw(svc svcpart classnum selfservice_access % disabled preserve -% exportnum), +% exportnum restrict_edit_password), % @fields ], % 'process/part_svc.cgi', % $p.'browse/part_svc.cgi', diff --git a/httemplate/edit/process/cust_svc.cgi b/httemplate/edit/process/cust_svc.cgi index e22cbb201..7cb1d6d8f 100644 --- a/httemplate/edit/process/cust_svc.cgi +++ b/httemplate/edit/process/cust_svc.cgi @@ -6,7 +6,7 @@ %} <%init> -die 'access deined' +die 'access denied' unless $FS::CurrentUser::CurrentUser->access_right('Change customer service'); my $svcnum = $cgi->param('svcnum'); diff --git a/httemplate/edit/svc_acct.cgi b/httemplate/edit/svc_acct.cgi index c1f74551d..627791ba7 100755 --- a/httemplate/edit/svc_acct.cgi +++ b/httemplate/edit/svc_acct.cgi @@ -9,19 +9,6 @@
% } - -
@@ -57,10 +44,11 @@ function randomPass() { %if ( $part_svc->part_svc_column('_password')->columnflag ne 'F' ) { +% #XXX eventually should require "Edit Password" ACL <% mt('Password') |h %> - MAXLENGTH=<% $pmax %>> - + MAXLENGTH=<% $pmax %>> + <& /elements/random_pass.html, 'clear_password' &> %}else{ diff --git a/httemplate/misc/process/change-password.html b/httemplate/misc/process/change-password.html index 7005439cc..7cab9c4e3 100644 --- a/httemplate/misc/process/change-password.html +++ b/httemplate/misc/process/change-password.html @@ -1,11 +1,16 @@ <%init> my $curuser = $FS::CurrentUser::CurrentUser; -die "access denied" unless $curuser->access_right('Edit password'); $cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum"; my $svcnum = $1; my $svc_acct = FS::svc_acct->by_key($svcnum) or die "svc_acct $svcnum not found"; +my $part_svc = $svc_acct->part_svc; +die "access denied" unless ( + $curuser->access_right('Provision customer service') or + ( $curuser->access_right('Edit password') and + ! $part_svc->restrict_edit_password ) + ); my $error = $svc_acct->set_password($cgi->param('password')) || $svc_acct->replace; diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html index f7c685c28..46b9c28fa 100644 --- a/httemplate/view/elements/svc_Common.html +++ b/httemplate/view/elements/svc_Common.html @@ -52,7 +52,7 @@ function areyousure(href) { <% mt('Service #') |h %><% $svcnum %> % my $url = $opt{'edit_url'} || $p. 'edit/'. $opt{'table'}. '.cgi?'; -| <& /view/elements/svc_edit_link.html, 'svc' => $svc_x, 'edit_url' => $url &> +<& /view/elements/svc_edit_link.html, 'svc' => $svc_x, 'edit_url' => $url &>
<% ntable("#cccccc") %><% ntable("#cccccc",2) %> diff --git a/httemplate/view/elements/svc_edit_link.html b/httemplate/view/elements/svc_edit_link.html index d65db0a8f..5438ed266 100644 --- a/httemplate/view/elements/svc_edit_link.html +++ b/httemplate/view/elements/svc_edit_link.html @@ -7,8 +7,12 @@ function areyousure_delete() { window.location.href = '<% $cancel_url %>'; } -<% mt("Edit this [_1]", $label) |h %> | -<% mt('Unprovision this Service') |h %> +% if ( $curuser->access_right('Provision customer service') ) { +| <% mt("Edit this [_1]", $label) |h %> +% } +% if ( $curuser->access_right('Unprovision customer service') ) { +| <% mt('Unprovision this Service') |h %> +% } % } <%init> my %opt = @_; @@ -20,4 +24,5 @@ my $cancel_url = $p . 'misc/unprovision.cgi?' . $svc_x->svcnum; my $cust_svc = $svc_x->cust_svc; # always exists my $cancel_date = $cust_svc->pkg_cancel_date; my ($label) = $cust_svc->label; +my $curuser = $FS::CurrentUser::CurrentUser; diff --git a/httemplate/view/svc_acct.cgi b/httemplate/view/svc_acct.cgi index 199591356..76631baad 100755 --- a/httemplate/view/svc_acct.cgi +++ b/httemplate/view/svc_acct.cgi @@ -37,7 +37,6 @@ &> <% mt('Service #') |h %><% $svcnum %> -| <& /view/elements/svc_edit_link.html, 'svc' => $svc_acct &> <& svc_acct/change_svc.html, 'part_svc' => \@part_svc, @@ -90,8 +89,12 @@ die "access denied" my $addl_from = ' LEFT JOIN cust_svc USING ( svcnum ) '. ' LEFT JOIN cust_pkg USING ( pkgnum ) '. ' LEFT JOIN cust_main USING ( custnum ) '; - -my($query) = $cgi->keywords; +my $query; +if ( $cgi->keywords ) { + ($query) = $cgi->keywords; +} else { + $query = $cgi->param('svcnum'); +} $query =~ /^(\d+)$/; my $svcnum = $1; my $svc_acct = qsearchs({ diff --git a/httemplate/view/svc_acct/basics.html b/httemplate/view/svc_acct/basics.html index 2d9953fcc..04e7bcff8 100644 --- a/httemplate/view/svc_acct/basics.html +++ b/httemplate/view/svc_acct/basics.html @@ -20,7 +20,7 @@ % if ( $password =~ /^\*\w+\* (.*)$/ ) { % $password = $1; % $show_pw .= '('. mt('login disabled') .') '; -% } +% } % if ( ! $password % && $svc_acct->_password_encryption ne 'plain' % && $svc_acct->_password @@ -28,13 +28,27 @@ % { % $show_pw .= '('. uc($svc_acct->_password_encryption). ' '.mt('encrypted').')'; % } elsif ( $conf->exists('showpasswords') ) { -% $show_pw .= '
'. encode_entities($password). '
'; +% $show_pw .= ''. encode_entities($password). ''; % } else { +% $password = ''; % $show_pw .= '('. mt('hidden') .')'; -% } -% $password = ''; -<& /view/elements/tr.html, label=>mt('Password'), value=>$show_pw &> - +% } + + <% mt('Password') %> + + <% $show_pw %> +% my $curuser = $FS::CurrentUser::CurrentUser; +% if ( $curuser->access_right('Provision customer service') or +% ($curuser->access_right('Edit password') and +% ! $part_svc->restrict_edit_password) ) +% { + <& /elements/change_password.html, + 'svc_acct' => $svc_acct, + 'curr_value' => $password, + &> +% } + + % if ( $conf->exists('security_phrase') ) { <& /view/elements/tr.html, label=>mt('Security phrase'), value=>$svc_acct->sec_phrase &> -- 2.11.0