ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Rene Krenn	8820b4530d	MT#53706 exclude /api/otpsecret from apidocs Change-Id: I9e1f4923f728846783a4ab313a0f9b1ef284aa03	1 month ago
Rene Krenn	b0b646db5b	MT#53706 wire OTP secret validation - api, jwt Change-Id: I7f0205323811196eb0e319fcb2c888cf8a314f81	2 months ago
Kirill Solomko	d5fd8679fe	MT#62093 return 403 Banned for banned users * add banned user redirect for API requests * Urils/Auth move Redis composed keys into functions to increase consistency and avoid typos. Change-Id: I7a6f9b340ac53ffc2ee921410852e36a49587941	3 months ago
Kirill Solomko	9d021be65a	MT#59979 add license control * UI and API parts are now under license control * new Util::License::get_license($c, $name) - fetches license status by name (1 if enabled, and also if /proc/ngcp/check if 'ok') * add Catalyst::Plugins::NGCP::License with license($name) to fetch valid license by name from anywhere using $c->license('pbx') or from the templates using c.license('pbx'). It internally uses Util::License::get_license($c, $name) * License::get_license_status($c) now requires $c as first argument as well logs license status check errors. * new ActionRoles::License that enables usage of :Does(License) RequiresLicense('pbx') LicenseDetachTo('/denied_page') in the Controller chains * Add license control for UI elements and return 403 Forbidden if a resource is covered by licenses and the license is not active * Hide UI elements if a license is not active * API/Entities/Entities new $c->set_config key: - per endpoint: $c->set_config({ required_licenses => [qw/pbx device_provisioning/] } - or per method: $c->set_config({ required_licenses => { POST => [qw/pbx device_provisioning/] } } } * In case if an API endpoint does not have a license: 403 Forbidden "Invalid license" reply is returned. * Add license based restrictions to API endpoints * /api documentation: - completely hide endpoints that do not have an active license - hide only methods that does not have an active license Change-Id: Iba45fc5068b02306a617fed7b5405f2210574b61	9 months ago
Kirill Solomko	10a88cf669	MT#58964 /api/platforminfo add license_meta * new Utils::License::get_license_meta($c) to fetch license meta ({} by default) that contains license related metadata such as current and max amount of subcsribers and license valid until date. currently the following data is fetched from /proc/ngcp check current_calls current_pbx_groups current_pbx_subscribers current_registered_subscribers current_subscribers license_valid_until max_calls max_pbx_groups max_pbx_subscribers max_registered_subscribers max_subscribers valid * Controller::API::Root platforminfo now also returns license_meta Change-Id: I323cdfd646335a408e0150ecd69ad950fa0461ab	10 months ago
Kirill Solomko	522fd97020	MT#58964 /api/platforminfo add licenses info * NGCP::Utils::License new function get_licenses() that reads /proc/ngcp/flags/ and returns all files with content 1. * api/platforminfo.tt template now calls a stashed callback (coderef) that decodes provided json file, includes licenses and returns encoded the json back. * ngcp-panel.service changes # Files + directories not directly associated are made invisible in the /proc/ file system # ProcSubset=pid # Disabled: MT#58964, to be able to read /proc/ngcp/flags/ # Processes owned by other users are hidden from /proc/ # ProtectProc=invisible # Disabled: MT#58964, to be able to read /proc/ngcp/flags/ Change-Id: I84b6707a918e3f4f271e32b9353f320753c5ae68	10 months ago
Kirill Solomko	91f1dcf37e	MT#59478 /api/ root error handling * clear errors in Controller::API::Root::end so that they are not interfere with generated ones * API::error(): add $c->stash->{is_api_error_response} = 1 to track it in log_response() * API::log_response(): distinguish and correctly correct errors for cases when is_api_response == 1 and also when there were $c->error('error') calls in the code, to log them correctly in both cases Change-Id: Id922b8219832c1b99815d9d608309035b9b25cff	1 year ago
Kirill Solomko	706b472465	MT#58430 fix allowed_ngcp_types in API GET * allowed_ngcp_types check is now correct in the Controller:API::Root::GET * also fix allowed roles check Change-Id: I2446d7377d2a1ef152560bfb2799bb9debd0f34b	2 years ago
Kirill Solomko	09b589738d	TT#182101 Phonebook feature is hidden for CE * templates now rely on c.config.general.ngcp_type and hide the Phonebook feature everywhere if ngcp_type is CE * introduce "allowed_ngcp_types" config for Controller::API::* that is an array, and when specified, only the ngcp_type roles are allowed, otherwise if not specified all ngcp types allowed (default) * Controller::API::Root: - filter controllers from the documentation rendedring that have allowed_ngcp_type config specified and do not match the current ngcp type * Role::API Role::Entities* - new method check_allowed_ngcp_types() - check_allowed_ngcp_types() is now called in Entities and EntitiesItem auto() and denies to 404 Path not found if the ngcp type does not match * "Phonebook" UI is now hidden for CE * /api/phonebookentries is now hidden for CE Change-Id: I41d4b2f87121f281472be3775b862333923fe37f	3 years ago
Flaviu Mates	9b422ddabf	TT#126601 Implement /api/authtokens endpoint * the endpoint will receive "type" (expires\|onetime) and "expires" (positive integer representing seconds) * type will define the expiray method for the token; onetime: the token expires as soon as it's used, or after "expires" seconds if not used expires: the token can be used multiple times until it expires according to the "expires" param value * login_jwt endpoint for generating the JWT token for subscribers has been enhanced to accept the "token" param, containing the token generated using the /api/authtokens endpoint * admin_login_jwt endpoint for generating the JWT token for admins has been enhanced to accept the "token" param, containing the token generated using the /api/authtokens endpoint * login_jwt and amin_login_jwt will respond with 403 "Forbidden" if the token role stored in Redis does not match the role of the user that generated it * /api/authtokens is hidden from documentation for now Change-Id: I4eb76c2b08f2e24774fa84ba0ccf7412ce8670e8	4 years ago
Kirill Solomko	85c7d7c071	TT#123550 add /api/platforminfo virtual endpoint * /api/platforminfo does not have its own endpoint file and therefore, does not appear in the rendered documentation. it only supports GET method and renders the template file. the endpoint is designed to provide with the prerendered JSON data containing the current platform configuration. * /api/platforminfo supports both authenticated and anonymous requests, where based on that, the template provides with the corresponding info withing the current scope. Change-Id: Idc8138595eda2c14e7f8dc7ed97cc50039fd1adc	4 years ago
Flaviu Mates	116d092cbe	TT#84337 - Add check for existence of allowed roles variable * this is needed in order to prevent error when requesting api documentation * add 'type' and 'domain' to field list in form to show up in api documentation Change-Id: I210ce214523a2c27f84098e630cbfeb5de227848	5 years ago
Kirill Solomko	7862a87639	TT#76111 add lintercept role * new c.users.role 'lintercept', that set to when an admin user has enabled 'lawful_intercept' flag * only Administrator page /api/admins and /api/interceptions are available for the role * 'lintercept' role can only see own user and only change password and email Change-Id: Iadcb022a124afbd77b224e734026f380af0170e8	5 years ago
Flaviu Mates	a87b41ce23	TT#69423 - Implement yaml support for API swagger * Add yaml format response when accessing '/api/?swagger=yml' Change-Id: I2dae15ae8de9424020d11bc9682ef51350e3fdab	6 years ago
Kirill Solomko	ce664263b2	TT#65101 add ccareadmin ccare roles * ccareadmin and ccare roles have full access to Customers, Subscribers and their preferences/settings, and read-only access to BillingProfiles,InvoceTemplates, EmailTemplates * ccare role is restricted to the related reseller Change-Id: I6cf7d3adf912f0fa98d1ef5c02abea2f4331ec4b	6 years ago
Rene Krenn	78a134ef15	TT#46955 reseller preferences Change-Id: I42afc5d33827e121e6551d01d9a1bd477d89137a	6 years ago
Irina Peshinskaya	72c771ec87	Revert "TT#45960 Disable timesets API for 7.0" This reverts commit `048b0f7720`. Change-Id: Ib6c006507e3ec1ee5350af6138a803c9a4ca0e31	7 years ago
Irina Peshinskaya	048b0f7720	TT#45960 Disable timesets API for 7.0 (cherry picked from commit 8a24127eed023b65f02cbb66c23c0e7466a37b48) (cherry picked from commit `21490e59ee`) Change-Id: I3525c6819a71433d90cf400ffeeb76f3b196777a	7 years ago
Irina Peshinskaya	7c13308271	TT#47024 Use config to document allowed Accept header values Change-Id: If4c064d36ac0fadc97f5dd193bdafe619494e4e4	7 years ago
Irina Peshinskaya	a225d6935a	TT#45458 Rename Faxe to Fax in swagger api doc Change-Id: I816ddff36d0615b3bea53c74e8ab7013a61052e3	7 years ago
Gerhard Jungwirth	bfafe384c1	TT#44116 make swaggerui default and enable destruction protection the "Try it out" button is disabled for the operations: PUT, PATCH, DELETE, POST and therefore only enabled for GET unless the special request param is used. Change-Id: Iee8338c18e3e8053d6349a20315a7ef3c2f203d5	7 years ago
Gerhard Jungwirth	41fa667878	TT#32555 swaggerui layout Change-Id: Id1b5b8bd30450b50afaba2f8f4e695a4c6ea1148	7 years ago
Gerhard Jungwirth	d02a4416b0	TT#43268 swagger/OpenAPI document nested fields Change-Id: I1aadd84b9494b7bb2fda765bb16f82234c864688	7 years ago
Gerhard Jungwirth	f860a3d186	TT#38811 API documentation show nested fields plus fix/improve some forms Change-Id: Ibdecee0e77acfa57d7cb234b9781f98011fc75ad	7 years ago
Gerhard Jungwirth	a97cbbab0d	TT#37205 bnumber cf in API: /api/callforwards plus reorganize the Form to reduce code duplication Change-Id: I361fccb7b717649ebd439992d79856c97413feeb	7 years ago
Irina Peshinskaya	17642b79bf	TT#39360 Adapt conversations order_by_cols to absent fax col Change-Id: I315ce38f5dea4a985f97945096341c36f96a6d70	7 years ago
Irina Peshinskaya	cc6cf3b067	TT#37375 Allow additional "order by" columns specifications Change-Id: Id37c305b2abeba87bd5ba25f97399888411eeab3	7 years ago
Irina Peshinskaya	17a788718d	TT#36402 Add field device preferences API Change-Id: I2ddcc58808f8bf370279c228a755a276372a0a88	7 years ago
Alexander Lutay	79ae3c0106	TT#29620 Clean TAP test warning: Module does not end with '1;' The only two files left with such warning: * lib/NGCP/Panel/Field/URI.pm * t/lib/Selenium/Remote/Driver/Extensions.pm While they need some special Perl magic to be fixed. Change-Id: I23553bbffd5bfb38b222733bdeb3937945eabf3e	7 years ago
Irina Peshinskaya	2b8ae95170	TT#28460 Remove unused libraries require Catalyst::ActionRole::ACL; require Catalyst::ActionRole::CheckTrailingSlash; require NGCP::Panel::Role::HTTPMethods; require Catalyst::ActionRole::RequireSSL; Change-Id: I3880fcb10067810d5e2de10a0c14bf6b15e34710	7 years ago
Irina Peshinskaya	bfee03fa2d	TT#28460 Format: parentheses Change-Id: Ib55575165d565e4c90000816fda4bc3580c04e4f	7 years ago
Irina Peshinskaya	75d6edbcd9	TT#28460 Format: add line between subs in API controllers Change-Id: I67f11fef716941dc965dffd4e8fbb1a211791bbf	7 years ago
Gerhard Jungwirth	c7021aa568	TT#28827 implement initial OpenAPI documentation formerly known as swagger already working: collection GET/POST, item GET Change-Id: Icd6ba3f60fd51fb948a957801a963d134fe6e127	7 years ago
Gerhard Jungwirth	8783787e64	TT#23853 make api doc json output deterministic for better comparison Change-Id: I47192ea58d7dff098880315e208a6b93222036cc	8 years ago
Andreas Granig	a52558b411	TT#22422 Implement capabilities endpoint Used to fetch whether pbx, faxserver, rtcengine etc is enabled. * Fix rtcengine reseller creation: - Refuse to create reseller if rtcengine part fails - Use proper auto-generated rtcengine values (pass, domain) to not fail on reseller names which are not forming valid hostnames. * Implement /api/admins/id to support testing - add test - fix creating admins with overly long login - fix various ACL bugs handling /api/admins/ - fix creating /api/admincerts/ as r/o user * Fix test framework - use proper client cert when switching API user Change-Id: I602fdd8181c0b3f23e76e3eab0df90a1ff9e986f (cherry picked from commit 0d376bd8b59db65296090d26f2c84d704129beef)	8 years ago
Rene Krenn	94c9b92d1e	TT#20322 TT#20344 basic /api/conversations + basic calls rs added + basic voicemails rs added + basic sms rs added + basic faxes rs added + calls+voicemails union-compatible + sms union-compatible + make call list suppressions work + add Tie::IxHash dependency + fax union-compatible + xmpp/sipwise_mam union-compatible + separate "timestamp" column for sorting + support explicity order-by column definitions + order by "timestamp" working + order by "type" working + "subscriber_id" filter parameter + "customer_id" filter parameter + "type" filter parameter + timestamp "from" filter parameter + timestamp "to" filter parameter + "direction" filter parameter + preliminary json fields: id, timestamp, type + cleanups for preliminary commit. Change-Id: I7697635079b49bf2724731dee1c78e1801146b94	8 years ago
Andreas Granig	be3219237b	TT#18754 Fix jsonifying of query params in api-root Change-Id: Ic805d8b5d3cb108c35a62c2894f38096f1a2e7e8	8 years ago
Andreas Granig	abe78df430	TT#18754 Implement json response for api-root When requested with an "Accept: application/json" header, return the response in json format instead of xhtml. Change-Id: Iba4135d8013fd200af426f2eb3d67b97282c034b	8 years ago
Rene Krenn	72d9c10650	TT#13973 fix http method override the factory Catalyst::ActionRole::HTTPMethods action role is set for any action, and in race with our own NGCP::Panel::Role::HTTPMethods. the testcase could have been misleading ever since, as it uses DELETE /api/customers, which was present when implemting the method override initially, but dropped on the road to 4.5. the issue is resolved by overriding Catalyst::Controller::gather_default_action_roles. until the class hierachy refactoring is completed, only consistent way is to add the override to each api controller. the action_roles config attribute can therefore be removed. using Plack::Middleware::MethodOverride as an alternative from upstream has the drawback to work only with POST. but a required usecase is to also support translation DELETE requests to PATCH. Change-Id: I204ba59869a8327bdd5db8a867fbbb061d1c9e7c	8 years ago
Irina Peshinskaya	5a80eb6b55	TT#8950 Decorate readonly fields in the api doc Change-Id: I5425f9280e576a16bd972a9a9f539f0f28ff3c0e	8 years ago
Gerhard Jungwirth	893943d2fc	TT#4334 adapt api documentation for subadmin Change-Id: I447c62903578a53c700b199f4e6ccbc7ea0585b9	8 years ago
Gerhard Jungwirth	ea210ba37e	MT#17173 small inconsistencies in Entities modules * map regex fixed * get_form may return an array with the exceptions now * use get_item_id consistently * use warnings and strict Change-Id: I9f356814ecf4b51613d3aee3782a6b3b91f04cad	9 years ago
Irina Peshinskaya	ad62a1a5a1	MT#17173 Mass collections tests Change-Id: I377cfec13a7f18dc6e1688cd3b57dbc4d11210ad (cherry picked from commit 8d18584276558e3fed70c1043850e42d102139f9)	9 years ago
Irina Peshinskaya	d7f19af44b	TT#2452 Implement device profile preferences web and api interface Change-Id: I1a87fe5d93c4798f4bebc9fa04c028f6618a1480	9 years ago
Irina Peshinskaya	03acd88a1a	TT#2452 Implement device preferences web and api interface Change-Id: I72a548203d66e74b2907e44d98ee4f72ae15731a	9 years ago
Gerhard Jungwirth	b34a7df2e1	MT#21193 use Sipwise::Base in api modules which implies, among others, strict and warnings. these should never be omitted and are one of the most frequent complaints of perlcritic currently. as a result TryCatch can be removed (imported by Sipwise::Base). also, "no Moose" is removed (has no effect). Change-Id: I901b6a9f0f6d426f62b73e68f2c5ad6365c1eeef	9 years ago
Rene Krenn	3e57109750	MT#19419 custom action role to support http method override Change-Id: I2d9fbf1f4feca76b91bdf73d4184ea707cc04e78	9 years ago
Guillem Jover	0632585eba	MT#18443 Use parent instead of base module Switch from the discouraged base module to the light-weight parent module. Also remove some surrounding BEGIN blocks from 'use parent' which are completely unnecessary. Change-Id: I3a669e8024f098819be45030ca9d1afa8756105c	9 years ago
Irina Peshinskaya	b0be8e2aac	MT#17495 Fix API doc for subscriber - no customer_id for update Change-Id: I9f60a476d33a992ec8d31db75ed4bcf98207bcdb	9 years ago
Irina Peshinskaya	0272c297b8	MT#17173 Remove Moose Roles from API Conflicts: lib/NGCP/Panel/Controller/API/MetaConfigDefs.pm lib/NGCP/Panel/Controller/API/Root.pm Change-Id: I25597baebbec6e2436b15776da17bd6d1bfef838	9 years ago

1 2

90 Commits (master)