From 6f471946b3ae36061cb595ba0657a5b43e7bfd5d Mon Sep 17 00:00:00 2001
From: Mark Wells <mark@freeside.biz>
Date: Tue, 12 Jan 2016 22:07:17 -0800
Subject: [PATCH] allow svc_acct password field to be disabled, #39528, fixing
 fallout from #29354 and #32456

---
 FS/FS/Password_Mixin.pm              |  2 +-
 FS/FS/svc_acct.pm                    |  2 +-
 httemplate/edit/process/svc_acct.cgi | 31 ++++++++++++++++++++++---------
 httemplate/edit/process/svc_dsl.html | 15 ++++++++++++++-
 httemplate/view/svc_acct/basics.html | 19 +++++++++++++------
 5 files changed, 51 insertions(+), 18 deletions(-)

diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm
index eb1db81e8..ee038db5a 100644
--- a/FS/FS/Password_Mixin.pm
+++ b/FS/FS/Password_Mixin.pm
@@ -37,7 +37,7 @@ message on failure, an empty string on success.
 This MUST NOT be called from check(). It should be called by the office UI,
 self-service ClientAPI, or other I<user-interactive> code that processes a
 password change, and only if the user has taken some action with the intent
-of changing the password.
+of setting the password.
 
 =cut
 
diff --git a/FS/FS/svc_acct.pm b/FS/FS/svc_acct.pm
index 203150f7c..af152a82e 100644
--- a/FS/FS/svc_acct.pm
+++ b/FS/FS/svc_acct.pm
@@ -318,7 +318,7 @@ sub table_info {
                          disable_inventory => 1,
                        },
         '_password' => { label => 'Password',
-                         required => 1
+          #required => 1
                        },
         'gid'       => {
                          label    => 'GID',
diff --git a/httemplate/edit/process/svc_acct.cgi b/httemplate/edit/process/svc_acct.cgi
index 17a035cdb..d81eaecb9 100755
--- a/httemplate/edit/process/svc_acct.cgi
+++ b/httemplate/edit/process/svc_acct.cgi
@@ -76,17 +76,30 @@ if ( $cgi->param('captcha_response') ) {
   }
 }
 
-$new->_password($old->_password) if $old;
-if (     $cgi->param('clear_password') eq '*HIDDEN*'
-      || $cgi->param('clear_password') =~ /^\(.* encrypted\)$/ ) {
-  die "fatal: no previous account to recall hidden password from!" unless $old;
+# check whether the password is set as "fixed" in the service def. if so,
+# ignore the password that was submitted and use the fixed value.
+
+my $psc = $part_svc->part_svc_column('_password');
+if ( $psc->columnflag eq 'F' ) {
+
+  $new->set('_password', $psc->columnvalue);
+
 } else {
-  my $newpass = $cgi->param('clear_password');
-  if ( !$old or ! $old->check_password($newpass) ) {
-    # then the password is being changed
-    $error ||= $new->is_password_allowed($newpass)
-           ||  $new->set_password($newpass);
+
+  $new->_password($old->_password) if $old;
+  if (     $cgi->param('clear_password') eq '*HIDDEN*'
+        || $cgi->param('clear_password') =~ /^\(.* encrypted\)$/ ) {
+    die "fatal: no previous account to recall hidden password from!"
+      unless $old;
+  } else {
+    my $newpass = $cgi->param('clear_password');
+    if ( !$old or ! $old->check_password($newpass) ) {
+      # then the password is being changed
+      $error ||= $new->is_password_allowed($newpass)
+             ||  $new->set_password($newpass);
+    }
   }
+
 }
 
 if ( ! $error ) {
diff --git a/httemplate/edit/process/svc_dsl.html b/httemplate/edit/process/svc_dsl.html
index 889366e07..436ca766b 100644
--- a/httemplate/edit/process/svc_dsl.html
+++ b/httemplate/edit/process/svc_dsl.html
@@ -12,8 +12,21 @@ my $precheck_callback = sub {
   my $cgi = shift;
   my $svcnum = $cgi->param('svcnum');
   my $error = '';
+  my $old;
+  my $part_svc;
+
   if ( $svcnum ) {
-    my $old = FS::svc_dsl->by_key($svcnum);
+    $old = FS::svc_dsl->by_key($svcnum);
+    $part_svc = $old->part_svc;
+  } else {
+    my $svcpart = $cgi->param('svcpart') or die "svcpart required";
+    $part_svc = FS::part_svc->by_key($svcpart);
+  }
+  my $psc = $part_svc->part_svc_column('password');
+  if ( $psc->columnflag eq 'F' ) {
+    # enforce it here and skip password validation
+    $cgi->param('password', $psc->columnvalue;
+  } else {
     my $newpass = $cgi->param('password');
     if ( $old and $newpass ne $old->password ) {
       $error ||= $old->is_password_allowed($newpass);
diff --git a/httemplate/view/svc_acct/basics.html b/httemplate/view/svc_acct/basics.html
index 441c20add..1b7d56b23 100644
--- a/httemplate/view/svc_acct/basics.html
+++ b/httemplate/view/svc_acct/basics.html
@@ -33,22 +33,29 @@
 %   $password = '';
 %   $show_pw .= '<I>('. mt('hidden') .')</I>';
 % }
+% my $psc = $part_svc->part_svc_column('_password');
+% if ( $psc->columnflag eq 'F' and $psc->columnvalue eq '' ) {
+%   # show nothing
+% } else {
 <TR>
   <TD ALIGN="right"><% mt('Password') %></TD>
   <TD STYLE="background-color: #ffffff; white-space: nowrap">
   <% $show_pw %>
-% my $curuser = $FS::CurrentUser::CurrentUser;
-% if ( $curuser->access_right('Provision customer service') or
-%     ($curuser->access_right('Edit password') and
-%      ! $part_svc->restrict_edit_password) )
-% {
+%   my $curuser = $FS::CurrentUser::CurrentUser;
+%   if ( $curuser->access_right('Provision customer service') or
+%       ($curuser->access_right('Edit password') and
+%       ! $part_svc->restrict_edit_password)
+%        and $psc->columnflag ne 'F'
+%      )
+%   {
   <& /elements/change_password.html,
       'svc_acct'    => $svc_acct,
       'curr_value'  => $password,
   &>
-% }
+%   }
   </TD>
 </TR>
+% }
 
 % if ( $conf->exists('security_phrase') ) {
   <& /view/elements/tr.html, label=>mt('Security phrase'), value=>$svc_acct->sec_phrase &>
-- 
2.11.0