KAZOO-4938: move is_superduper_admin from cb_modules_util to cb_context

2600hz · Sep 1, 2016 · 252c7f3 · 252c7f3
1 parent 3b51fb6
commit 252c7f3
Show file tree

Hide file tree

Showing 16 changed files with 52 additions and 51 deletions.
diff --git a/applications/crossbar/src/cb_context.erl b/applications/crossbar/src/cb_context.erl
@@ -25,6 +25,8 @@
 
         ,is_authenticated/1
 
+        ,is_superduper_admin/1
+
          %% Getters / Setters
         ,setters/2
         ,new/0
@@ -188,6 +190,33 @@ account_doc(Context) ->
 is_authenticated(#cb_context{auth_doc='undefined'}) -> 'false';
 is_authenticated(#cb_context{}) -> 'true'.
 
+%%--------------------------------------------------------------------
+%% @public
+%% @doc
+%% Returns true if the request contains a system admin module.
+%% @end
+%%--------------------------------------------------------------------
+-spec is_superduper_admin(api_ne_binary() | cb_context:context()) -> boolean().
+is_superduper_admin('undefined') -> 'false';
+is_superduper_admin(AccountId=?NE_BINARY) ->
+    lager:debug("checking for superduper admin: ~s", [AccountId]),
+    case kz_account:fetch(AccountId) of
+        {'ok', JObj} ->
+            case kz_account:is_superduper_admin(JObj) of
+                'true' ->
+                    lager:debug("the requestor is a superduper admin"),
+                    'true';
+                'false' ->
+                    lager:debug("the requestor is not a superduper admin"),
+                    'false'
+            end;
+        {'error', _E} ->
+            lager:debug("not authorizing, error during lookup: ~p", [_E]),
+            'false'
+    end;
+is_superduper_admin(Context) ->
+    is_superduper_admin(auth_account_id(Context)).
+
 auth_token_type(#cb_context{auth_token_type=AuthTokenType}) -> AuthTokenType.
 auth_token(#cb_context{auth_token=AuthToken}) -> AuthToken.
 auth_doc(#cb_context{auth_doc=AuthDoc}) -> AuthDoc.

diff --git a/applications/crossbar/src/modules/cb_accounts.erl b/applications/crossbar/src/modules/cb_accounts.erl
@@ -200,12 +200,12 @@ validate_account_path(Context, AccountId, ?SIBLINGS, ?HTTP_GET) ->
 validate_account_path(Context, AccountId, ?PARENTS, ?HTTP_GET) ->
     load_parents(AccountId, prepare_context('undefined', Context));
 validate_account_path(Context, AccountId, ?RESELLER, ?HTTP_PUT) ->
-    case cb_modules_util:is_superduper_admin(Context) of
+    case cb_context:is_superduper_admin(Context) of
         'true' -> load_account(AccountId, prepare_context(AccountId, Context));
         'false' -> cb_context:add_system_error('forbidden', Context)
     end;
 validate_account_path(Context, AccountId, ?RESELLER, ?HTTP_DELETE) ->
-    case cb_modules_util:is_superduper_admin(Context) of
+    case cb_context:is_superduper_admin(Context) of
         'true' -> load_account(AccountId, prepare_context(AccountId, Context));
         'false' -> cb_context:add_system_error('forbidden', Context)
     end;

diff --git a/applications/crossbar/src/modules/cb_alerts.erl b/applications/crossbar/src/modules/cb_alerts.erl
@@ -120,7 +120,7 @@ delete(Context, _) ->
 validate_alerts(Context, ?HTTP_GET) ->
     summary(Context);
 validate_alerts(Context, ?HTTP_PUT) ->
-    case cb_modules_util:is_superduper_admin(Context) of
+    case cb_context:is_superduper_admin(Context) of
         'true' -> create(Context);
         'false' ->
             cb_context:add_system_error('forbidden', Context)

diff --git a/applications/crossbar/src/modules/cb_ledgers.erl b/applications/crossbar/src/modules/cb_ledgers.erl
@@ -117,7 +117,7 @@ authorize_request(Context, _, ?HTTP_GET) ->
 -spec authorize_create(cb_context:context()) -> boolean().
 authorize_create(Context) ->
     IsAuthenticated = cb_context:is_authenticated(Context),
-    IsSuperDuperAdmin = cb_modules_util:is_superduper_admin(Context),
+    IsSuperDuperAdmin = cb_context:is_superduper_admin(Context),
     IsReseller = cb_context:reseller_id(Context) =:= cb_context:auth_account_id(Context),
     case IsAuthenticated
         andalso (IsSuperDuperAdmin

diff --git a/applications/crossbar/src/modules/cb_media.erl b/applications/crossbar/src/modules/cb_media.erl
@@ -134,7 +134,7 @@ authorize_media(_Context, [{<<"media">>, [?LANGUAGES, _Language]}], 'undefined')
 
 authorize_media(Context, [{<<"media">>, _}|_], 'undefined') ->
     IsAuthenticated = cb_context:is_authenticated(Context),
-    IsSuperDuperAdmin = cb_modules_util:is_superduper_admin(Context),
+    IsSuperDuperAdmin = cb_context:is_superduper_admin(Context),
     IsReqVerbGet = cb_context:req_verb(Context) =:= ?HTTP_GET,
     case IsAuthenticated
         andalso (IsSuperDuperAdmin

diff --git a/applications/crossbar/src/modules/cb_modules_util.erl b/applications/crossbar/src/modules/cb_modules_util.erl
@@ -12,7 +12,6 @@
         ,update_mwi/2
         ,get_devices_owned_by/2
         ,maybe_originate_quickcall/1
-        ,is_superduper_admin/1
 
         ,attachment_name/2
         ,parse_media_type/1
@@ -427,33 +426,6 @@ get_cid_number(Context, Default) ->
         CIDNumber -> kz_util:uri_decode(CIDNumber)
     end.
 
-%%--------------------------------------------------------------------
-%% @private
-%% @doc
-%% Returns true if the request contains a system admin module.
-%% @end
-%%--------------------------------------------------------------------
--spec is_superduper_admin(api_binary() | cb_context:context()) -> boolean().
-is_superduper_admin('undefined') -> 'false';
-is_superduper_admin(<<_/binary>> = AccountId) ->
-    lager:debug("checking for superduper admin: ~s", [AccountId]),
-    case kz_account:fetch(AccountId) of
-        {'ok', JObj} ->
-            case kz_account:is_superduper_admin(JObj) of
-                'true' ->
-                    lager:debug("the requestor is a superduper admin"),
-                    'true';
-                'false' ->
-                    lager:debug("the requestor is not a superduper admin"),
-                    'false'
-            end;
-        {'error', _E} ->
-            lager:debug("not authorizing, error during lookup: ~p", [_E]),
-            'false'
-    end;
-is_superduper_admin(Context) ->
-    is_superduper_admin(cb_context:auth_account_id(Context)).
-
 %%--------------------------------------------------------------------
 %% @private
 %% @doc

diff --git a/applications/crossbar/src/modules/cb_port_requests.erl b/applications/crossbar/src/modules/cb_port_requests.erl
@@ -831,7 +831,7 @@ private_comment_filter(Comment, Acc) ->
 
 -spec filter_private_comments(cb_context:context(), kz_json:object()) -> kz_json:object().
 filter_private_comments(Context, JObj) ->
-    case cb_modules_util:is_superduper_admin(Context) of
+    case cb_context:is_superduper_admin(Context) of
         'false' -> run_comment_filter(JObj);
         'true'  -> JObj
     end.
@@ -989,7 +989,7 @@ can_update_port_request(_Context, ?PORT_UNCONFIRMED) ->
 can_update_port_request(_Context, ?PORT_REJECTED) ->
     'true';
 can_update_port_request(Context, _) ->
-    cb_modules_util:is_superduper_admin(cb_context:auth_account_id(Context)).
+    cb_context:is_superduper_admin(cb_context:auth_account_id(Context)).
 
 %%--------------------------------------------------------------------
 %% @private

diff --git a/applications/crossbar/src/modules/cb_registrations.erl b/applications/crossbar/src/modules/cb_registrations.erl
@@ -97,7 +97,7 @@ authorize(_, _) -> 'false'.
 
 -spec authorize_admin(cb_context:context(), req_nouns()) -> boolean().
 authorize_admin(Context, [{<<"registrations">>, [?COUNT_PATH_TOKEN]}]) ->
-    cb_modules_util:is_superduper_admin(Context).
+    cb_context:is_superduper_admin(Context).
 
 %%--------------------------------------------------------------------
 %% @public

diff --git a/applications/crossbar/src/modules/cb_resource_selectors.erl b/applications/crossbar/src/modules/cb_resource_selectors.erl
@@ -85,7 +85,7 @@ authorize(_Context, _Nouns) ->
                                    'true' |
                                    {'halt', cb_context:context()}.
 maybe_authorize_admin(Context) ->
-    case cb_modules_util:is_superduper_admin(Context) of
+    case cb_context:is_superduper_admin(Context) of
         'true' ->
             lager:debug("authz the request for global resources"),
             'true';

diff --git a/applications/crossbar/src/modules/cb_resources.erl b/applications/crossbar/src/modules/cb_resources.erl
@@ -103,7 +103,7 @@ authorize(_Context, _Nouns) ->
                                    'true' |
                                    {'halt', cb_context:context()}.
 maybe_authorize_admin(Context) ->
-    case cb_modules_util:is_superduper_admin(Context) of
+    case cb_context:is_superduper_admin(Context) of
         'true' ->
             lager:debug("authz the request for global resources"),
             'true';

diff --git a/applications/crossbar/src/modules/cb_simple_authz.erl b/applications/crossbar/src/modules/cb_simple_authz.erl
@@ -42,13 +42,13 @@ authorize(Context) ->
     authorize(Context, cb_context:req_verb(Context), cb_context:req_nouns(Context)).
 
 authorize(Context, Verb, [{?KZ_ACCOUNTS_DB, []}]) ->
-    cb_modules_util:is_superduper_admin(Context)
+    cb_context:is_superduper_admin(Context)
         orelse Verb =:= ?HTTP_PUT;
 authorize(_Context, ?HTTP_GET, [{<<"global_provisioner_templates">>,_}|_]) ->
     'true';
 authorize(Context, Verb, _Nouns) ->
     AuthAccountId = cb_context:auth_account_id(Context),
-    IsSysAdmin = cb_modules_util:is_superduper_admin(AuthAccountId),
+    IsSysAdmin = cb_context:is_superduper_admin(AuthAccountId),
     case (not should_ignore(Context)
           andalso (allowed_if_sys_admin_mod(IsSysAdmin, Context)
                    andalso account_is_descendant(IsSysAdmin, Context)

diff --git a/applications/crossbar/src/modules/cb_sup.erl b/applications/crossbar/src/modules/cb_sup.erl
@@ -140,13 +140,13 @@ authorize(_Context) ->
     'false'.
 
 authorize(Context, _Module) ->
-    cb_modules_util:is_superduper_admin(Context).
+    cb_context:is_superduper_admin(Context).
 
 authorize(Context, _Module, _Function) ->
-    cb_modules_util:is_superduper_admin(Context).
+    cb_context:is_superduper_admin(Context).
 
 authorize(Context, _Module, _Function, _Args) ->
-    cb_modules_util:is_superduper_admin(Context).
+    cb_context:is_superduper_admin(Context).
 
 %%--------------------------------------------------------------------
 %% @public

diff --git a/applications/crossbar/src/modules/cb_system_configs.erl b/applications/crossbar/src/modules/cb_system_configs.erl
@@ -56,9 +56,9 @@ init() ->
 -spec authorize(cb_context:context()) -> boolean().
 -spec authorize(cb_context:context(), path_token()) -> boolean().
 -spec authorize(cb_context:context(), path_token(), path_token()) -> boolean().
-authorize(Context) -> cb_modules_util:is_superduper_admin(Context).
-authorize(Context, _Id) -> cb_modules_util:is_superduper_admin(Context).
-authorize(Context, _Id, _Node) -> cb_modules_util:is_superduper_admin(Context).
+authorize(Context) -> cb_context:is_superduper_admin(Context).
+authorize(Context, _Id) -> cb_context:is_superduper_admin(Context).
+authorize(Context, _Id, _Node) -> cb_context:is_superduper_admin(Context).
 
 %%--------------------------------------------------------------------
 %% @public

diff --git a/applications/crossbar/src/modules/cb_transactions.erl b/applications/crossbar/src/modules/cb_transactions.erl
@@ -356,7 +356,7 @@ validate_credit(Context) ->
     Amount = kz_json:get_float_value(<<"amount">>, cb_context:req_data(Context)),
     {'ok', MasterAccountId} = kapps_util:get_master_account_id(),
 
-    case cb_modules_util:is_superduper_admin(Context) of
+    case cb_context:is_superduper_admin(Context) of
         'true' -> validate_credit(Context, Amount);
         'false' ->
             case kz_services:is_reseller(cb_context:auth_account_id(Context))
@@ -392,7 +392,7 @@ validate_credit(Context, _) ->
 validate_debit(Context) ->
     Amount = kz_json:get_float_value(<<"amount">>, cb_context:req_data(Context)),
 
-    case cb_modules_util:is_superduper_admin(Context) of
+    case cb_context:is_superduper_admin(Context) of
         'true' -> validate_debit(Context, Amount);
         'false' ->
             case kz_services:is_reseller(cb_context:auth_account_id(Context)) of

diff --git a/applications/crossbar/src/modules/cb_whitelabel.erl b/applications/crossbar/src/modules/cb_whitelabel.erl
@@ -133,7 +133,7 @@ authorize(Context) ->
 -spec authorize(cb_context:context(), req_nouns(), http_method()) -> boolean().
 authorize(Context, [{<<"whitelabel">>, [?DOMAINS_REQ]}], ?HTTP_POST) ->
     %% /{VERSION}/whitelabel/domains retricted to sys-admin account
-    cb_modules_util:is_superduper_admin(Context);
+    cb_context:is_superduper_admin(Context);
 authorize(_Context, [{<<"whitelabel">>, [_]}], ?HTTP_GET) ->
     'true';
 authorize(_Context, [{<<"whitelabel">>, [_ | [?LOGO_REQ]]}], ?HTTP_GET) ->

diff --git a/applications/crossbar/src/modules_v2/cb_devices_v2.erl b/applications/crossbar/src/modules_v2/cb_devices_v2.erl
@@ -376,7 +376,7 @@ error_mdn_undefined(Context) ->
 check_mdn_changed('undefined', Context) ->
     check_mdn_taken('undefined', Context);
 check_mdn_changed(DeviceId, Context) ->
-    IsSuperAdmin = cb_modules_util:is_superduper_admin(Context),
+    IsSuperAdmin = cb_context:is_superduper_admin(Context),
     case has_mdn_changed(Context) of
         'true' when IsSuperAdmin ->
             Context1 = cb_context:store(Context, 'remove_mobile_mdn', 'true'),
@@ -578,7 +578,7 @@ check_device_type_change('undefined', Context) ->
     check_device_schema('undefined', Context);
 check_device_type_change(DeviceId, Context) ->
     NewDeviceType = kz_device:device_type(cb_context:req_data(Context)),
-    IsSuperAdmin = cb_modules_util:is_superduper_admin(Context),
+    IsSuperAdmin = cb_context:is_superduper_admin(Context),
     OldDeviceType = kz_device:device_type(cb_context:fetch(Context, 'db_doc')),
     case {NewDeviceType, OldDeviceType} of
         {Same, Same} -> check_device_schema(DeviceId, Context);