MT#59979 add license control

* UI and API parts are now under license control * new Util::License::get_license($c, $name) - fetches license status by name (1 if enabled, and also if /proc/ngcp/check if 'ok') * add Catalyst::Plugins::NGCP::License with license($name) to fetch valid license by name from anywhere using $c->license('pbx') or from the templates using c.license('pbx'). It internally uses Util::License::get_license($c, $name) * License::get_license_status($c) now requires $c as first argument as well logs license status check errors. * new ActionRoles::License that enables usage of :Does(License) RequiresLicense('pbx') LicenseDetachTo('/denied_page') in the Controller chains * Add license control for UI elements and return 403 Forbidden if a resource is covered by licenses and the license is not active * Hide UI elements if a license is not active * API/Entities/Entities new $c->set_config key: - per endpoint: $c->set_config({ required_licenses => [qw/pbx device_provisioning/] } - or per method: $c->set_config({ required_licenses => { POST => [qw/pbx device_provisioning/] } } } * In case if an API endpoint does not have a license: 403 Forbidden "Invalid license" reply is returned. * Add license based restrictions to API endpoints * /api documentation: - completely hide endpoints that do not have an active license - hide only methods that does not have an active license Change-Id: Iba45fc5068b02306a617fed7b5405f2210574b61
2 years ago · 9d021be65a
parent 9c103302c8
commit 9d021be65a
137 changed files with 537 additions and 119 deletions
--- a/lib/Catalyst/Plugin/NGCP/License.pm
+++ b/lib/Catalyst/Plugin/NGCP/License.pm
@ -0,0 +1,33 @@
+package Catalyst::Plugin::NGCP::License;
+use warnings;
+use strict;
+use MRO::Compat;
+
+use NGCP::Panel::Utils::Generic qw();
+
+sub licenses {
+    return NGCP::Panel::Utils::License::get_licenses(@_);
+}
+
+sub license {
+    return NGCP::Panel::Utils::License::get_license(@_);
+}
+
+sub license_meta {
+    return NGCP::Panel::Utils::License::get_license_meta(@_);
+}
+
+sub license_max_pbx_groups {
+    return NGCP::Panel::Utils::License::get_max_pbx_groups(@_);
+}
+
+sub license_max_subscribers {
+    return NGCP::Panel::Utils::License::get_max_subscribers(@_);
+}
+
+sub license_max_pbx_subscribers {
+    return NGCP::Panel::Utils::License::get_max_pbx_subscribers(@_);
+}
+
+1;
+
--- a/lib/NGCP/Panel.pm
+++ b/lib/NGCP/Panel.pm
@ -29,6 +29,7 @@ use Catalyst qw/
    NGCP::EscapeSensitiveValue
    NGCP::EscapeJs
    NGCP::EscapeURI
+    NGCP::License
    I18N
 /;
 use Log::Log4perl::Catalyst qw();
--- a/lib/NGCP/Panel/ActionRole/License.pm
+++ b/lib/NGCP/Panel/ActionRole/License.pm
@ -0,0 +1,93 @@
+package NGCP::Panel::ActionRole::License;
+use Moose::Role;
+use namespace::autoclean;
+
+sub BUILD { }
+
+after BUILD => sub {
+    my $class = shift;
+    my ($args) = @_;
+
+    my $attr = $args->{attributes};
+
+    unless (exists $attr->{RequiresLicense} || exists $attr->{AllowedLicense}) {
+        Catalyst::Exception->throw(
+            "Action '$args->{reverse}' requires at least one RequiresLicense or AllowedLicense attribute");
+    }
+    unless (exists $attr->{LicenseDetachTo} && $attr->{LicenseDetachTo}) {
+        Catalyst::Exception->throw(
+            "Action '$args->{reverse}' requires the LicenseDetachTo(<action>) attribute");
+    }
+
+};
+
+around execute => sub {
+    my $orig = shift;
+    my $self = shift;
+    my ($controller, $c) = @_;
+
+    if ($self->check_license($c)) {
+        return $self->$orig(@_);
+    }
+
+    my $denied = $self->attributes->{ACLDetachTo}[0];
+
+    $c->detach($denied);
+};
+
+sub check_license {
+    my ($self, $c) = @_;
+
+    my $required = $self->attributes->{RequiresLicense};
+    my $allowed = $self->attributes->{AllowedLicense};
+
+    if ($required && $allowed) {
+        for my $license (@$required) {
+            return unless $c->license($license);
+        }
+        for my $license (@$allowed) {
+            return 1 if $c->license($license);
+        }
+        return;
+    }
+    elsif ($required) {
+        for my $license (@$required) {
+            return unless $c->license($license);
+        }
+        return 1;
+    }
+    elsif ($allowed) {
+        for my $license (@$allowed) {
+            return 1 if $c->license($license);
+        }
+        return;
+    }
+
+    return;
+}
+
+1;
+
+__END__
+=pod
+
+=head1 NAME
+
+NGCP::Panel::ActionRole::License
+
+=head1 DESCRIPTION
+
+A helper to check NGCP License info
+
+=head1 AUTHOR
+
+Sipwise Development Team <support@sipwise.com>
+
+=head1 LICENSE
+
+This library is free software. You can redistribute it and/or modify
+it under the same terms as Perl itself.
+
+=cut
+# vim: set tabstop=4 expandtab:
+
--- a/lib/NGCP/Panel/Controller/API/BalanceIntervals.pm
+++ b/lib/NGCP/Panel/Controller/API/BalanceIntervals.pm
@ -82,6 +82,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller ccareadmin ccare/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/BalanceIntervalsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/BalanceIntervalsItem.pm
@ -56,6 +56,7 @@ sub query_params {

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller ccareadmin ccare/],
+    required_licenses => [qw/billing/],
    action_add    => {
        item_base => {
            Chained => '/',
--- a/lib/NGCP/Panel/Controller/API/BillingFees.pm
+++ b/lib/NGCP/Panel/Controller/API/BillingFees.pm
@ -61,6 +61,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub auto :Private {
--- a/lib/NGCP/Panel/Controller/API/BillingFeesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/BillingFeesItem.pm
@ -31,6 +31,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/BillingNetworks.pm
+++ b/lib/NGCP/Panel/Controller/API/BillingNetworks.pm
@ -70,6 +70,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/BillingNetworksItem.pm
+++ b/lib/NGCP/Panel/Controller/API/BillingNetworksItem.pm
@ -43,7 +43,8 @@ __PACKAGE__->set_config({
    allowed_roles => {
        Default => [qw/admin reseller/],
        Journal => [qw/admin reseller/],
-    }
+    },
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/BillingProfiles.pm
+++ b/lib/NGCP/Panel/Controller/API/BillingProfiles.pm
@ -62,6 +62,9 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller ccareadmin ccare/],
+    required_licenses => {
+        POST => [qw/billing/],
+    }
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/BillingProfilesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/BillingProfilesItem.pm
@ -40,7 +40,8 @@ __PACKAGE__->set_config({
    allowed_roles => {
        Default => [qw/admin reseller ccareadmin ccare/],
        Journal => [qw/admin reseller ccareadmin ccare/],
-    }
+    },
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/BillingZones.pm
+++ b/lib/NGCP/Panel/Controller/API/BillingZones.pm
@ -55,6 +55,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/BillingZonesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/BillingZonesItem.pm
@ -38,7 +38,8 @@ __PACKAGE__->set_config({
    allowed_roles => {
        Default => [qw/admin reseller/],
        Journal => [qw/admin reseller/],
-    }
+    },
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/CallRecordingFiles.pm
+++ b/lib/NGCP/Panel/Controller/API/CallRecordingFiles.pm
@ -34,6 +34,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/call_recording/],
 });

 1;
--- a/lib/NGCP/Panel/Controller/API/CallRecordingFilesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/CallRecordingFilesItem.pm
@ -29,6 +29,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/call_recording/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/CallRecordingStreams.pm
+++ b/lib/NGCP/Panel/Controller/API/CallRecordingStreams.pm
@ -67,6 +67,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/call_recording/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/CallRecordingStreamsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/CallRecordingStreamsItem.pm
@ -30,6 +30,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/call_recording/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/CallRecordings.pm
+++ b/lib/NGCP/Panel/Controller/API/CallRecordings.pm
@ -7,6 +7,7 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::CallRecordings

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/call_recording/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/CallRecordingsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/CallRecordingsItem.pm
@ -10,6 +10,7 @@ use HTTP::Status qw(:constants);

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/call_recording/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/CustomerBalances.pm
+++ b/lib/NGCP/Panel/Controller/API/CustomerBalances.pm
@ -112,6 +112,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller ccareadmin ccare/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/CustomerBalancesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/CustomerBalancesItem.pm
@ -39,7 +39,8 @@ __PACKAGE__->set_config({
    allowed_roles => {
        Default => [qw/admin reseller ccareadmin ccare/],
        Journal => [qw/admin reseller ccareadmin ccare/],
-    }
+    },
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/CustomerPhonebookEntries.pm
+++ b/lib/NGCP/Panel/Controller/API/CustomerPhonebookEntries.pm
@ -15,6 +15,7 @@ __PACKAGE__->set_config({
    },
    allowed_roles   => [qw/admin reseller subscriberadmin/],
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/phonebook/],
 });

 sub allowed_methods {
--- a/lib/NGCP/Panel/Controller/API/CustomerPhonebookEntriesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/CustomerPhonebookEntriesItem.pm
@ -8,6 +8,7 @@ use parent qw/NGCP::Panel::Role::EntitiesItem NGCP::Panel::Role::API::CustomerPh
 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin/],
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/phonebook/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/CustomerZoneCosts.pm
+++ b/lib/NGCP/Panel/Controller/API/CustomerZoneCosts.pm
@ -65,6 +65,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/CustomerZoneCostsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/CustomerZoneCostsItem.pm
@ -34,6 +34,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/FaxRecordings.pm
+++ b/lib/NGCP/Panel/Controller/API/FaxRecordings.pm
@ -34,6 +34,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/fax/],
 });

 1;
--- a/lib/NGCP/Panel/Controller/API/FaxRecordingsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/FaxRecordingsItem.pm
@ -34,6 +34,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/fax/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/Faxes.pm
+++ b/lib/NGCP/Panel/Controller/API/Faxes.pm
@ -15,6 +15,7 @@ use NGCP::Panel::Utils::Fax;

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/fax/],
    dont_validate_hal => 1,
    no_item_created   => 1,
    backward_allow_empty_upload => 1,
--- a/lib/NGCP/Panel/Controller/API/FaxesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/FaxesItem.pm
@ -7,6 +7,7 @@ use parent qw/NGCP::Panel::Role::EntitiesItem NGCP::Panel::Role::API::Faxes/;

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/fax/],
    dont_validate_hal => 1,
 });

--- a/lib/NGCP/Panel/Controller/API/FaxserverSettings.pm
+++ b/lib/NGCP/Panel/Controller/API/FaxserverSettings.pm
@ -7,6 +7,7 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::FaxserverSetti

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller ccareadmin ccare subscriber subscriberadmin/],
+    required_licenses => [qw/fax/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/FaxserverSettingsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/FaxserverSettingsItem.pm
@ -14,6 +14,7 @@ __PACKAGE__->set_config({
        Default => [qw/admin reseller ccareadmin ccare subscriber subscriberadmin/],
        Journal => [qw/admin reseller ccareadmin ccare subscriber subscriberadmin/],
    },
+    required_licenses => [qw/fax/],
    PATCH => { ops => [qw/add replace remove copy/] },
 });

--- a/lib/NGCP/Panel/Controller/API/HeaderRuleActions.pm
+++ b/lib/NGCP/Panel/Controller/API/HeaderRuleActions.pm
@ -10,6 +10,7 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::HeaderRuleActi
 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/header_manipulation/],
 });

 sub allowed_methods {
--- a/lib/NGCP/Panel/Controller/API/HeaderRuleActionsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/HeaderRuleActionsItem.pm
@ -13,6 +13,7 @@ __PACKAGE__->set_config({
        Journal => [qw/admin reseller/],
    },
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/header_manipulation/],
    PATCH => { ops => [qw/add replace remove copy/] },
 });

--- a/lib/NGCP/Panel/Controller/API/HeaderRuleConditions.pm
+++ b/lib/NGCP/Panel/Controller/API/HeaderRuleConditions.pm
@ -10,6 +10,7 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::HeaderRuleCond
 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/header_manipulation/],
 });

 sub allowed_methods {
--- a/lib/NGCP/Panel/Controller/API/HeaderRuleConditionsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/HeaderRuleConditionsItem.pm
@ -13,6 +13,7 @@ __PACKAGE__->set_config({
        Journal => [qw/admin reseller/],
    },
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/header_manipulation/],
    PATCH => { ops => [qw/add replace remove copy/] },
 });

--- a/lib/NGCP/Panel/Controller/API/HeaderRuleSets.pm
+++ b/lib/NGCP/Panel/Controller/API/HeaderRuleSets.pm
@ -9,6 +9,7 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::HeaderRuleSets
 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/header_manipulation/],
 });

 sub allowed_methods {
--- a/lib/NGCP/Panel/Controller/API/HeaderRuleSetsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/HeaderRuleSetsItem.pm
@ -13,6 +13,7 @@ __PACKAGE__->set_config({
        Journal => [qw/admin reseller/],
    },
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/header_manipulation/],
    PATCH => { ops => [qw/add replace remove copy/] },
 });

--- a/lib/NGCP/Panel/Controller/API/HeaderRules.pm
+++ b/lib/NGCP/Panel/Controller/API/HeaderRules.pm
@ -10,6 +10,7 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::HeaderRules/;
 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/header_manipulation/],
 });

 sub allowed_methods {
--- a/lib/NGCP/Panel/Controller/API/HeaderRulesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/HeaderRulesItem.pm
@ -13,6 +13,7 @@ __PACKAGE__->set_config({
        Journal => [qw/admin reseller/],
    },
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/header_manipulation/],
    PATCH => { ops => [qw/add replace remove copy/] },
 });

--- a/lib/NGCP/Panel/Controller/API/InvoiceTemplates.pm
+++ b/lib/NGCP/Panel/Controller/API/InvoiceTemplates.pm
@ -55,6 +55,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller ccareadmin ccare/],
+    required_licenses => [qw/invoice/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/InvoiceTemplatesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/InvoiceTemplatesItem.pm
@ -31,6 +31,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller ccareadmin ccare/],
+    required_licenses => [qw/invoice/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/Invoices.pm
+++ b/lib/NGCP/Panel/Controller/API/Invoices.pm
@ -6,7 +6,9 @@ use HTTP::Status qw(:constants);

 use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::Invoices/;

-__PACKAGE__->set_config();
+__PACKAGE__->set_config({
+    required_licenses => [qw/invoice/],
+});

 sub allowed_methods{
    return [qw/GET POST OPTIONS HEAD/];
--- a/lib/NGCP/Panel/Controller/API/InvoicesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/InvoicesItem.pm
@ -6,6 +6,7 @@ use NGCP::Panel::Utils::Generic qw(:all);
 use parent qw/NGCP::Panel::Role::EntitiesItem NGCP::Panel::Role::API::Invoices/;

 __PACKAGE__->set_config({
+    required_licenses => [qw/invoice/],
    log_response => 0,
    GET => {
        #first element of array is default, if no accept header was received.
--- a/lib/NGCP/Panel/Controller/API/MailToFaxSettings.pm
+++ b/lib/NGCP/Panel/Controller/API/MailToFaxSettings.pm
@ -72,6 +72,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
+    required_licenses => [qw/fax/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/MailToFaxSettingsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/MailToFaxSettingsItem.pm
@ -39,7 +39,8 @@ __PACKAGE__->set_config({
    allowed_roles => {
        Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
        Journal => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
-    }
+    },
+    required_licenses => [qw/fax/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFiles.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFiles.pm
@ -39,6 +39,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub auto :Private {
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFilesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigFilesItem.pm
@ -31,6 +31,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigs.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigs.pm
@ -72,6 +72,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceConfigsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceConfigsItem.pm
@ -31,6 +31,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinaries.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinaries.pm
@ -39,6 +39,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub auto :Private {
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinariesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwareBinariesItem.pm
@ -32,6 +32,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwares.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwares.pm
@ -73,6 +73,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwaresItem.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceFirmwaresItem.pm
@ -31,6 +31,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceModelImages.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceModelImages.pm
@ -5,7 +5,9 @@ use NGCP::Panel::Utils::Generic qw(:all);

 use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::PbxDeviceModelImages NGCP::Panel::Role::API::PbxDeviceModels/;

-__PACKAGE__->set_config();
+__PACKAGE__->set_config({
+    required_licenses => [qw/pbx device_provisioning/],
+});

 sub config_allowed_roles {
    return [qw/admin reseller subscriberadmin subscriber/];
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceModelImagesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceModelImagesItem.pm
@ -13,6 +13,7 @@ __PACKAGE__->set_config({
    },
    log_response  => 0,
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceModels.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceModels.pm
@ -19,7 +19,8 @@ __PACKAGE__->set_config({
    allowed_roles => {
        'Default' => [qw/admin reseller subscriberadmin subscriber/],
        'POST'    => [qw/admin reseller/],
-    }
+    },
+    required_licenses => [qw/pbx device_provisioning/],
 });

 # curl -v -X POST --user $USER --insecure -F front_image=@sandbox/spa504g-front.png -F mac_image=@sandbox/spa504g-back.png -F front_thumbnail=@sandbox/spa504g-front-small.png -F json='{"reseller_id":1, "vendor":"Cisco", "model":"SPA999", "linerange":[{"name": "Phone Keys", "can_private":true, "can_shared":true, "can_blf":true, "can_speeddial":true, "can_forward":true, "can_transfer":true, "keys":[{"labelpos":"top", "x":5110, "y":5120},{"labelpos":"top", "x":5310, "y":5320}]}]}' https://localhost:4443/api/pbxdevicemodels/
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceModelsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceModelsItem.pm
@ -14,7 +14,8 @@ __PACKAGE__->set_config({
        'Default' => [qw/admin reseller subscriberadmin subscriber/],
        'PUT'     => [qw/admin reseller/],
        'PATCH'   => [qw/admin reseller/],
-    }
+    },
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/PbxDevicePreferenceDefs.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDevicePreferenceDefs.pm
@ -13,6 +13,7 @@ sub allowed_methods{
 __PACKAGE__->set_config({
    preferences_group => 'dev_pref',
    allowed_roles    => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 1;
--- a/lib/NGCP/Panel/Controller/API/PbxDevicePreferences.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDevicePreferences.pm
@ -8,6 +8,7 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::Preferences/;

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/PbxDevicePreferencesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDevicePreferencesItem.pm
@ -10,7 +10,8 @@ __PACKAGE__->set_config({
    allowed_roles => {
        Default => [qw/admin reseller/],
        Journal => [qw/admin reseller/],
-    }
+    },
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceProfilePreferenceDefs.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceProfilePreferenceDefs.pm
@ -13,6 +13,7 @@ sub allowed_methods{
 __PACKAGE__->set_config({
    preferences_group => 'devprof_pref',
    allowed_roles    => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 1;
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceProfilePreferences.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceProfilePreferences.pm
@ -7,6 +7,7 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::Preferences/;

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceProfilePreferencesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceProfilePreferencesItem.pm
@ -10,7 +10,8 @@ __PACKAGE__->set_config({
    allowed_roles => {
        Default => [qw/admin reseller/],
        Journal => [qw/admin reseller/],
-    }
+    },
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceProfiles.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceProfiles.pm
@ -50,6 +50,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/PbxDeviceProfilesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDeviceProfilesItem.pm
@ -34,6 +34,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/PbxDevices.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDevices.pm
@ -104,6 +104,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/PbxDevicesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxDevicesItem.pm
@ -34,6 +34,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/PbxFieldDevicePreferenceDefs.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxFieldDevicePreferenceDefs.pm
@ -13,6 +13,7 @@ sub allowed_methods{
 __PACKAGE__->set_config({
    preferences_group => 'fielddev_pref',
    allowed_roles    => [qw/admin reseller/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 1;
--- a/lib/NGCP/Panel/Controller/API/PbxFieldDevicePreferences.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxFieldDevicePreferences.pm
@ -7,6 +7,7 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::Preferences/;

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin/],
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/PbxFieldDevicePreferencesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/PbxFieldDevicePreferencesItem.pm
@ -10,7 +10,8 @@ __PACKAGE__->set_config({
    allowed_roles => {
        Default => [qw/admin reseller subscriberadmin/],
        Journal => [qw/admin reseller/],
-    }
+    },
+    required_licenses => [qw/pbx device_provisioning/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/ProfilePackages.pm
+++ b/lib/NGCP/Panel/Controller/API/ProfilePackages.pm
@ -84,6 +84,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller ccareadmin ccare/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/ProfilePackagesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/ProfilePackagesItem.pm
@ -38,7 +38,8 @@ __PACKAGE__->set_config({
    allowed_roles => {
        Default => [qw/admin reseller ccareadmin ccare/],
        Journal => [qw/admin reseller ccareadmin ccare/],
-    }
+    },
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/ProvisioningTemplates.pm
+++ b/lib/NGCP/Panel/Controller/API/ProvisioningTemplates.pm
@ -54,6 +54,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller ccareadmin ccare/],
+    required_licenses => [qw/batch_provisioning/],
 });

 sub create_item {
--- a/lib/NGCP/Panel/Controller/API/ProvisioningTemplatesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/ProvisioningTemplatesItem.pm
@ -42,6 +42,7 @@ sub get_journal_methods{
 }

 __PACKAGE__->set_config({
+    required_licenses => [qw/batch_provisioning/],
    action_add  => {
        item_base => {
            Chained => '/',
--- a/lib/NGCP/Panel/Controller/API/ResellerBrandingLogos.pm
+++ b/lib/NGCP/Panel/Controller/API/ResellerBrandingLogos.pm
@ -10,6 +10,9 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::ResellerBrandi
 __PACKAGE__->set_config({
    log_response  => 0,
    allowed_roles => [qw/admin reseller subscriberadmin/],
+    required_licenses => {
+        POST => [qw/reseller/],
+    }
 });

 sub allowed_methods {
--- a/lib/NGCP/Panel/Controller/API/ResellerBrandingLogosItem.pm
+++ b/lib/NGCP/Panel/Controller/API/ResellerBrandingLogosItem.pm
@ -10,6 +10,7 @@ use HTTP::Status qw(:constants);
 __PACKAGE__->set_config({
    log_response  => 0,
    allowed_roles => [qw/admin reseller subscriberadmin/],
+    required_licenses => [qw/reseller/],
 });

 sub allowed_methods {
--- a/lib/NGCP/Panel/Controller/API/ResellerBrandings.pm
+++ b/lib/NGCP/Panel/Controller/API/ResellerBrandings.pm
@ -18,6 +18,9 @@ __PACKAGE__->set_config({
    allowed_roles => {
        'Default' => [qw/admin reseller subscriberadmin subscriber/],
        'POST'    => [qw/admin reseller/],
+    },
+    required_licenses => {
+        POST => [qw/reseller/],
    }
 });

--- a/lib/NGCP/Panel/Controller/API/ResellerBrandingsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/ResellerBrandingsItem.pm
@ -14,7 +14,8 @@ __PACKAGE__->set_config({
        'Default' => [qw/admin reseller subscriberadmin subscriber/],
        'PUT'     => [qw/admin reseller/],
        'PATCH'   => [qw/admin reseller/],
-    }
+    },
+    required_licenses => [qw/reseller/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/ResellerPhonebookEntries.pm
+++ b/lib/NGCP/Panel/Controller/API/ResellerPhonebookEntries.pm
@ -15,6 +15,7 @@ __PACKAGE__->set_config({
    },
    allowed_roles   => [qw/admin reseller/],
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/phonebook/],
 });

 sub allowed_methods {
--- a/lib/NGCP/Panel/Controller/API/ResellerPhonebookEntriesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/ResellerPhonebookEntriesItem.pm
@ -8,6 +8,7 @@ use parent qw/NGCP::Panel::Role::EntitiesItem NGCP::Panel::Role::API::ResellerPh
 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/phonebook/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/ResellerPreferenceDefs.pm
+++ b/lib/NGCP/Panel/Controller/API/ResellerPreferenceDefs.pm
@ -13,6 +13,7 @@ sub allowed_methods{
 __PACKAGE__->set_config({
    preferences_group => 'reseller_pref',
    allowed_roles    => [qw/admin reseller/],
+    required_licenses => [qw/reseller/],
 });

 1;
--- a/lib/NGCP/Panel/Controller/API/ResellerPreferences.pm
+++ b/lib/NGCP/Panel/Controller/API/ResellerPreferences.pm
@ -7,6 +7,7 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::Preferences/;

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/reseller/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/ResellerPreferencesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/ResellerPreferencesItem.pm
@ -8,6 +8,7 @@ use parent qw/NGCP::Panel::Role::EntitiesItem NGCP::Panel::Role::API::Preference
 __PACKAGE__->set_config({
    PATCH => { ops => [qw/add replace remove copy/] },
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/reseller/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/Resellers.pm
+++ b/lib/NGCP/Panel/Controller/API/Resellers.pm
@ -57,6 +57,9 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin/],
+    required_licenses => {
+        POST => [qw/reseller/],
+    }
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/ResellersItem.pm
+++ b/lib/NGCP/Panel/Controller/API/ResellersItem.pm
@ -39,7 +39,8 @@ __PACKAGE__->set_config({
    allowed_roles => {
        Default => [qw/admin/],
        Journal => [qw/admin/],
-    }
+    },
+    required_licenses => [qw/reseller/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/Root.pm
+++ b/lib/NGCP/Panel/Controller/API/Root.pm
@ -13,7 +13,7 @@ use JSON qw(to_json encode_json decode_json);
 use YAML::XS qw/Dump/;
 use Safe::Isa qw($_isa);
 use NGCP::Panel::Utils::API;
-use List::Util qw(none);
+use List::Util qw(none all);
 use parent qw/Catalyst::Controller NGCP::Panel::Role::API/;

 use NGCP::Panel::Utils::Journal qw();
@ -103,10 +103,20 @@ sub GET : Allow {
            next unless $user_roles{$role};
        }

-        my $allowed_ngcp_types = $full_mod->config->{allowed_ngcp_types} // [];
-        if (@{$allowed_ngcp_types}) {
-            next if none { $_ eq $c->config->{general}{ngcp_type} }
-                @{$allowed_ngcp_types};
+        if ($full_mod->can('config')) {
+            my $allowed_ngcp_types = $full_mod->config->{allowed_ngcp_types} // [];
+            if (@{$allowed_ngcp_types}) {
+                next if none { $_ eq $c->config->{general}{ngcp_type} }
+                    @{$allowed_ngcp_types};
+            }
+
+            my $required_licenses = $full_mod->config->{required_licenses} // undef;
+            if (ref $required_licenses eq 'ARRAY') {
+                if (@{$required_licenses} &&
+                    ! all { $c->license($_) } @{$required_licenses}) {
+                        next;
+                }
+            }
        }

        my $query_params = [];
@ -122,6 +132,21 @@ sub GET : Allow {
        } else {
            $actions = [ sort keys %{ $full_mod->config->{action} } ];
        }
+
+        if ($full_mod->can('config')) {
+            my $required_licenses = $full_mod->config->{required_licenses} // undef;
+            if (ref $required_licenses eq 'HASH') {
+                foreach my $method (qw/GET HEAD OPTIONS POST/) {
+                    if (my $method_licenses = $required_licenses->{$method}) {
+                        if (@{$method_licenses} &&
+                            ! all { $c->license($_) } @{$method_licenses}) {
+                                $actions = [grep { $_ ne $method } @{$actions}];
+                        }
+                    }
+                }
+            }
+        }
+
        my $uri = "/api/$rel/";
        my $item_actions = [];
        my $journal_resource_config = {};
@ -137,6 +162,24 @@ sub GET : Allow {
                    push @{ $item_actions }, $m;
                }
            }
+
+            my $required_licenses = $full_item_mod->config->{required_licenses} // undef;
+            if (ref $required_licenses eq 'ARRAY') {
+                if (@{$required_licenses} &&
+                    ! all { $c->license($_) } @{$required_licenses}) {
+                        $item_actions = [];
+                }
+            } elsif (ref $required_licenses eq 'HASH') {
+                foreach my $method (qw/GET HEAD OPTIONS PUT PATCH DELETE/) {
+                    if (my $method_licenses = $required_licenses->{$method}) {
+                        if (@{$method_licenses} &&
+                            ! all { $c->license($_) } @{$method_licenses}) {
+                                $item_actions = [grep { $_ ne $method } @{$actions}];
+                        }
+                    }
+                }
+            }
+
            if($full_item_mod->can('resource_name')) {
                my @operations = ();
                my $op_config = {};
--- a/lib/NGCP/Panel/Controller/API/SIPCaptures.pm
+++ b/lib/NGCP/Panel/Controller/API/SIPCaptures.pm
@ -9,6 +9,7 @@ use parent qw/NGCP::Panel::Role::Entities NGCP::Panel::Role::API::SIPCaptures/;

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/voisniff-mysql_dump/],
 });


--- a/lib/NGCP/Panel/Controller/API/SIPCapturesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/SIPCapturesItem.pm
@ -16,6 +16,7 @@ use parent qw/NGCP::Panel::Role::EntitiesItem NGCP::Panel::Role::API::SIPCapture

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
+    required_licenses => [qw/voisniff-mysql_dump/],
    log_response => 0,
 });

--- a/lib/NGCP/Panel/Controller/API/SMS.pm
+++ b/lib/NGCP/Panel/Controller/API/SMS.pm
@ -10,7 +10,9 @@ use NGCP::Panel::Utils::Preferences;
 use UUID;


-__PACKAGE__->set_config();
+__PACKAGE__->set_config({
+    required_licenses => [qw/sms/],
+});

 sub allowed_methods{
    return [qw/GET POST OPTIONS HEAD/];
--- a/lib/NGCP/Panel/Controller/API/SMSItem.pm
+++ b/lib/NGCP/Panel/Controller/API/SMSItem.pm
@ -6,7 +6,9 @@ use parent qw/NGCP::Panel::Role::EntitiesItem NGCP::Panel::Role::API::SMS/;
 use HTTP::Status qw(:constants);


-__PACKAGE__->set_config();
+__PACKAGE__->set_config({
+    required_licenses => [qw/sms/],
+});

 sub allowed_methods{
    return [qw/GET OPTIONS HEAD/];
--- a/lib/NGCP/Panel/Controller/API/SubscriberPhonebookEntries.pm
+++ b/lib/NGCP/Panel/Controller/API/SubscriberPhonebookEntries.pm
@ -15,6 +15,7 @@ __PACKAGE__->set_config({
    },
    allowed_roles   => [qw/admin reseller subscriberadmin subscriber/],
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/phonebook/],
 });

 sub allowed_methods {
--- a/lib/NGCP/Panel/Controller/API/SubscriberPhonebookEntriesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/SubscriberPhonebookEntriesItem.pm
@ -8,6 +8,7 @@ use parent qw/NGCP::Panel::Role::EntitiesItem NGCP::Panel::Role::API::Subscriber
 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller subscriberadmin subscriber/],
    allowed_ngcp_types => [qw/carrier sppro/],
+    required_licenses => [qw/phonebook/],
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/SubscriberPreferencesItem.pm
+++ b/lib/NGCP/Panel/Controller/API/SubscriberPreferencesItem.pm
@ -19,7 +19,7 @@ __PACKAGE__->set_config({
    allowed_roles => {
        Default => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
        Journal => [qw/admin reseller ccareadmin ccare subscriberadmin subscriber/],
-    }
+    },
 });

 sub allowed_methods{
--- a/lib/NGCP/Panel/Controller/API/TopupCash.pm
+++ b/lib/NGCP/Panel/Controller/API/TopupCash.pm
@ -44,6 +44,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub POST :Allow {
--- a/lib/NGCP/Panel/Controller/API/TopupLogs.pm
+++ b/lib/NGCP/Panel/Controller/API/TopupLogs.pm
@ -167,6 +167,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/TopupLogsItem.pm
+++ b/lib/NGCP/Panel/Controller/API/TopupLogsItem.pm
@ -31,6 +31,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/TopupVouchers.pm
+++ b/lib/NGCP/Panel/Controller/API/TopupVouchers.pm
@ -44,6 +44,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub POST :Allow {
--- a/lib/NGCP/Panel/Controller/API/Vouchers.pm
+++ b/lib/NGCP/Panel/Controller/API/Vouchers.pm
@ -61,6 +61,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/API/VouchersItem.pm
+++ b/lib/NGCP/Panel/Controller/API/VouchersItem.pm
@ -31,6 +31,7 @@ sub relation{

 __PACKAGE__->set_config({
    allowed_roles => [qw/admin reseller/],
+    required_licenses => [qw/billing/],
 });

 sub GET :Allow {
--- a/lib/NGCP/Panel/Controller/BatchProvisioning.pm
+++ b/lib/NGCP/Panel/Controller/BatchProvisioning.pm
@ -13,7 +13,7 @@ use NGCP::Panel::Utils::Generic qw(run_module_method get_module_var);
 use NGCP::Panel::Form::ProvisioningTemplate::Admin qw();
 use NGCP::Panel::Form::ProvisioningTemplate::Reseller qw();

-sub auto :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
+sub auto :Does(License) :RequiresLicense('batch_provisioning') :LicenseDetachTo('/denied_page') :Does(ACL) :ACLDetachTo('/denied_page') :AllowedRole(admin) :AllowedRole(reseller) :AllowedRole(ccareadmin) :AllowedRole(ccare) {
    my ($self, $c) = @_;
    $c->log->debug(__PACKAGE__ . '::auto');
    NGCP::Panel::Utils::Navigation::check_redirect_chain(c => $c);
--- a/Show More
+++ b/Show More