KAZOO-1729: Fix Cannot create sub account with service plan/limits wh…

…en masquerading
2600hz · Jan 26, 2015 · 388f9ca · 388f9ca
1 parent 2f2f2fd
commit 388f9ca
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 26 deletions.
diff --git a/applications/crossbar/src/modules/cb_service_plans.erl b/applications/crossbar/src/modules/cb_service_plans.erl
@@ -12,7 +12,7 @@
 -export([init/0
          ,allowed_methods/0, allowed_methods/1, allowed_methods/2
          ,resource_exists/0, resource_exists/1, resource_exists/2
-         ,content_types_provided/1 ,content_types_provided/2
+         ,content_types_provided/1 ,content_types_provided/2, content_types_provided/3
          ,validate/1, validate/2, validate/3
          ,post/2
          ,delete/2
@@ -127,12 +127,12 @@ validate(Context, ?AVAILABLE) ->
       ,fun normalize_view_results/2
      );
 validate(Context, ?SYNCHRONIZATION) ->
-    case is_reseller(Context) of
+    case is_allowed(Context) of
         {'ok', _} -> cb_context:set_resp_status(Context, 'success');
         'false' -> cb_context:add_system_error('forbidden', Context)
     end;
 validate(Context, ?RECONCILIATION) ->
-    case is_reseller(Context) of
+    case is_allowed(Context) of
         {'ok', _} -> cb_context:set_resp_status(Context, 'success');
         'false' -> cb_context:add_system_error('forbidden', Context)
     end;
@@ -212,13 +212,20 @@ apply_fun(F, S) -> F(S).
 %%--------------------------------------------------------------------
 -spec content_types_provided(cb_context:context()) -> cb_context:context().
 -spec content_types_provided(cb_context:context(), ne_binary()) -> cb_context:context().
+-spec content_types_provided(cb_context:context(), ne_binary(), ne_binary()) -> cb_context:context().
 content_types_provided(Context) ->
     CTPs = [{'to_json', ?JSON_CONTENT_TYPES}
             ,{'to_csv', ?CSV_CONTENT_TYPES}
            ],
     cb_context:add_content_types_provided(Context, CTPs).
 
-content_types_provided(Context, ?CURRENT) ->
+content_types_provided(Context, _) ->
+    CTPs = [{'to_json', ?JSON_CONTENT_TYPES}
+            ,{'to_csv', ?CSV_CONTENT_TYPES}
+           ],
+    cb_context:add_content_types_provided(Context, CTPs).
+
+content_types_provided(Context, ?AVAILABLE, _) ->
     CTPs = [{'to_json', ?JSON_CONTENT_TYPES}
             ,{'to_csv', ?CSV_CONTENT_TYPES}
            ],
@@ -241,10 +248,11 @@ normalize_view_results(JObj, Acc) ->
 %% Check if you have the permission to update or delete service plans
 %% @end
 %%--------------------------------------------------------------------
--spec is_reseller(cb_context:context()) -> {'ok', ne_binary()} | 'false'.
-is_reseller(Context) ->
+-spec is_allowed(cb_context:context()) -> {'ok', ne_binary()} | 'false'.
+is_allowed(Context) ->
     ResellerId = wh_services:find_reseller_id(cb_context:account_id(Context)),
-    cb_context:auth_account_id(Context) =:= ResellerId andalso {'ok', ResellerId}.
+    AuthAccountId = cb_context:auth_account_id(Context),
+    (AuthAccountId =:= ResellerId orelse wh_util:is_system_admin(AuthAccountId)) andalso {'ok', ResellerId}.
 
 %%--------------------------------------------------------------------
 %% @private
@@ -254,7 +262,7 @@ is_reseller(Context) ->
 %%--------------------------------------------------------------------
 -spec maybe_allow_change(cb_context:context(), path_token()) -> cb_context:context().
 maybe_allow_change(Context, PlanId) ->
-    case is_reseller(Context) of
+    case is_allowed(Context) of
         {'ok', ResellerId} ->
             check_plan_id(Context, PlanId, ResellerId);
         'false' ->

diff --git a/applications/crossbar/src/modules_v2/cb_limits_v2.erl b/applications/crossbar/src/modules_v2/cb_limits_v2.erl
@@ -74,10 +74,7 @@ process_billing(Context, [{<<"limits">>, _}|_], ?HTTP_GET) ->
     Context;
 process_billing(Context, [{<<"limits">>, _}|_], _Verb) ->
     AccountId = cb_context:account_id(Context),
-    AuthAccountId = cb_context:auth_account_id(Context),
-    try wh_services:allow_updates(AccountId)
-             andalso authd_account_allowed_updates(AccountId, AuthAccountId)
-    of
+    try wh_services:allow_updates(AccountId) andalso is_allowed(Context) of
         'true' -> Context;
         'false' ->
             Message = <<"Please contact your phone provider to add limits.">>,
@@ -88,20 +85,11 @@ process_billing(Context, [{<<"limits">>, _}|_], _Verb) ->
     end;
 process_billing(Context, _Nouns, _Verb) -> Context.
 
--spec authd_account_allowed_updates(ne_binary(), ne_binary()) -> boolean().
-authd_account_allowed_updates(AccountId, AuthAccountId) ->
-    {'ok', MasterAccount} = whapps_util:get_master_account_id(),
-    case wh_services:find_reseller_id(AccountId) of
-        AuthAccountId ->
-            lager:debug("allowing reseller to update limits"),
-            'true';
-        MasterAccount ->
-            lager:debug("allowing direct account to update limits"),
-            'true';
-        _Else ->
-            lager:debug("sub-accounts of non-master resellers must contact the reseller to change their limits"),
-            'false'
-    end.
+-spec is_allowed(cb_context:context()) -> boolean().
+is_allowed(Context) ->
+    ResellerId = wh_services:find_reseller_id(cb_context:account_id(Context)),
+    AuthAccountId = cb_context:auth_account_id(Context),
+    (AuthAccountId =:= ResellerId orelse wh_util:is_system_admin(AuthAccountId)).
 
 %%--------------------------------------------------------------------
 %% @private