* expose_to_subscriber is a new preferences flag that
indicates that the preference can be read/modified by
'subscriber' role
* expose_to_customer now only does the same as expose_to_subscriber
but for 'subscriberadmin' role
* get_usr_preference() not expects $params{$c} to be passed as an argument
* fix update_voicemail_number() behaviour, it correctly updates number
for subscribers of a subscriberadmin as well as no longer fails
with an error if echo_voicemail_number or cli are not available
(not set or not visible)
Change-Id: I95fade92efb541146e9e56ba4f517af79fa71b5a
* :id is now the brainding's id instead of reseller_id.
That was rather a bug and now fixed and consistent with
the rest of the endpoints.
Change-Id: I794e577499050a95ed68c21af3f963f9f8e9c274
* add described query_params 'subscriber_id', 'reseller_id' so they are
avaialable on the doc
* remove search by param from Role::ResellerBrandingLogos::_item_rs()
* fix Role::ResellerBrandingLogos::_item_rs() queries
* Controller::API::ResellerBrandingLogos*
- now always returns the binary data containing the logo and with
the Content-Type header
- change NOT_FOUND message to indicate that the ResellerBrandingLogo
is either not found or does not have image/image_type
* do not log response queries
* fix allowed_role to be: admin, reseller, subsscriberadmin
Change-Id: Iaadb47fb2d72886a8d9244a523d5914500a4dd20
* subscriberadmin is now able to fetch cfdestinationsets of other subsribers
that belong to the customer
Change-Id: I212f0e31a8e77caa6f681f227771e0b11efb5f62
* subscriberadmin is now able to fetch cfsourcesets of other subsribers
that belong to the customer
Change-Id: I95217587430c52cd7078e1604ffec549ae2dd6b5
* subscriberadmin is now able to fetch cfbnumbersets of other subsribers
that belong to the customer
Change-Id: Ib92c161f320257ba2d6614e10d9eaf03247e7014
* subscriberadmin can now see all other customer's subscribers
call forwards as well as per subscriber_id
Change-Id: I4bdaf3390667fc7208fa6dbde9292b8ba911667f
the search field of admin-panel datatables was tuned/configured
over time to allow fastest possible search, "as-you-type".
for large tabels it eg. will only include indexed columns, which
never was transparent to the users.
the UI will now display tooltip texts with detailed hints about
included columns, wildcard support, etc.
Change-Id: I737732a55003d50068236bb0150a2f47d06deaf5
* "alias_numbers" array when the resource is prepared is
created directly from the resultset, avoiding 'foreach' loops and
conditions.
This improves performance on ~8000 voip_numbers from ~35 seconds
to ~3 seconds.
* is_devid is now always present in the "alias_numbers" object,
and it's =0 if there is no related entry in
provisioning.voip_dbaliases
Change-Id: Ia05b26208f3fec3a9b2203aafe9b4c09b98ca44d
* when a new subscriber is created via POST, if the associated customer
has at least one default contract_sound_set, it is correctly assigned
to the subscriber as the "contract_sound_set" preference.
the logic is now inline with the UI behaviour
Change-Id: Ifeb86faf6718648b29e6391bd16752766358ed0f
We need to trace sending mails to be able to track down
possibly not sent mails, see e.g. MT#31936.
Use quotesensitive to not leak from/to information into logs,
but handle this properly to ensure we're GDPR safe.
Change-Id: I4d09d073e12b1dd61053956252b59ad06a29d59d
* when customer_id query param is specified as customer_id=null
or customer_id=NULL it now correctly fetches soundsets that
do not have customer_id assigned to them
Change-Id: I8de3d9615c133c2abd3eb2b5f4fea8de5b652417
When the "Ignore domain" billing profile option is set, billing
fees will be matched against the 'destination_user_in' CDR field
(Instead of 'destination_user_in@destination_domain').
As a consequence, NGCP services such as vsc, conference, voicebox,
fax2mail cannot longer be charged by defining domain-based fee
entries (e.g. \.local$, @vsc\.local$, @conference\.local$,
@voicebox\.local$ and @fax2mail\.local$). Hence, these services
need to be matched differently when "Ignore domain" is set, if an
operator wants to charge for those services separately.
Only fax2mail calls has not predefined prefix that distinguishes it.
In order to normalize that and fix this issue the panel will create
and save in DB the CD destination for fax2mail with a new prefix:
'fax='.
Change-Id: I926909e46828b43e476c75f2b3e0c51e20a2a5b6
when ignore_auth_realm is "yes", it should no longer
be required to provide the domain part for subscriber
logins.
Change-Id: I346f94278c9b0d9a598858c24d797b03217123d4
Partially reverted commit 7f59aedb4 because it will scale the
asterisk voicemail greating messages rate to 16kHz where asterisk
supports only 8kHz.
Change-Id: I90ad14fc2ae37a9baf168a61e5454b285432fee9
we were sending this command:
> host:deactivate('NGCP::Panel::Model::DB::domains=HASH(0x55955564e6c8)')
Change-Id: I63271b05ee12d0ff3767b5d9376aec22352cb4d5
* the same key is now expanded only once to use the same
data ref otherwise expand like
contract_id.contact_id,contract_id.billing_profile_id
makes it so that 2nd contract_id would overwrite the already
existing (expanded) contract_id
Change-Id: I6cab67c2f549e9165dbf2cfd2f4b84daef503dd8
* expand=all now expands by the all resource keys instead
of the current form fields, that is to reflect keys that
are created manually in the response such as reseller_id
or domain_id
* ccare roles now correctly support /api/domains
Change-Id: I9951bfd97b76186def4dc799c72da44425faea4a
* ccare roles now have read-only access to profile packages, this
is needed for working with a customer
* enable expand for ccareadmin and ccare roles for the following:
- contact_id
- profile_id
- profile_set_id
- package_before_id
- package_after_id
* add expand support for admin,reseller,ccareadmin,ccare roles
- profile_package_id
- invoice_email_template_id
- passreset_email_template_id
- invoice_template_id
Change-Id: I926304363048e659af67d596dce93be29b3e67af
* ccareadmin and ccare roles are now able to correctly
fetch the list of billing profiles as well as request one by :id
Change-Id: Ie5f9203b1aa9de9f7ed870caa2ea06ba262c9bfd
* sample rate was downscaled to 8k by sox for all sound files,
it's now set to 16k for better audio quality
Change-Id: I7447e08ed90147ec98e110419cc4c068b8299848
Remove 'serial' from the label and description of
'cloud_pbx_hunt_timeout' as this preference can now also
be used for parallel groups.
Change-Id: Ieeeb382a027990ed8fc90aae6893e526019f40fd
* it is possible to expand arrays of ids now
* add expand support for pbx_group_ids
* add expand support for pxb_groupmember_ids
* remove _password and _webpassword internally prepared fields
from expands by subscriber_id, pbx_group_ids, pbx_groupmember_ids
Change-Id: I7651aae4c58d98943e82d1eda6b24d260ff2480a
* if $resource does not have reseller_id then the user's one
is used to write into the journal entry
Change-Id: I33ab6fe6271bd6be156b247c830eecea6e2f63ea
* "Header Manipulations" UI is now hidden for CE
* /api/headerrulesets is now hidden for CE
* /api/headerrules is now hidden for CE
* /api/headerruleconditions is now hidden for CE
* /api/headerruleactions is now hidden for CE
Change-Id: I717b9d3cdf693f01e32f81086b69aafce4f3113a
* templates now rely on c.config.general.ngcp_type and hide
the Phonebook feature everywhere if ngcp_type is CE
* introduce "allowed_ngcp_types" config for Controller::API::*
that is an array, and when specified, only the ngcp_type
roles are allowed, otherwise if not specified all ngcp types
allowed (default)
* Controller::API::Root:
- filter controllers from the documentation rendedring
that have allowed_ngcp_type config
specified and do not match the current ngcp type
* Role::API Role::Entities*
- new method check_allowed_ngcp_types()
- check_allowed_ngcp_types() is now called in Entities and
EntitiesItem auto() and denies to 404 Path not found if
the ngcp type does not match
* "Phonebook" UI is now hidden for CE
* /api/phonebookentries is now hidden for CE
Change-Id: I41d4b2f87121f281472be3775b862333923fe37f
* the attributes fields list in field_list() {} was rendered
without the field name, causing internal issues in HTML::FormHandler
Change-Id: Ic4c7a0454135b2bf394a0fb8c4291a0fadd06df6
* session->rpc is not in use anymore and had $parts there which
was a leftover from the inew billing cleanup and moving $session
into the Controller/API/SMS
Change-Id: I6d9612cd3f3cbc57fe1b7df6584ad779dca64288
SMS prepaid billing using libinewrate is not supported anymore
* remove init_prepaid_billing, perform_prepaid_billing,
cancel_prepaid_billing functions
* /api/sms POST is now self sufficient and use $session
internally and does not call *_prepaid_billing functions,
nor rely on them
Change-Id: I483f27ce82c7e0a039ce1f3f44c24bd9db75dfec
in order to expose a pref "<current pref attribute>" in the rest-api
under it's "<old pref attribute>" name, a preference "renaming"
transformation can now be specified like this:
www_admin:
...
preference_in_transformations:
...
<old pref attribute>: <current pref attribute>
preference_out_transformations:
...
<current pref attribute>: <old pref attribute>
Change-Id: I17ad7d4f880d5760329465d60134df1c06f8fd08
* customer_id filter is now possible, which behaves the same as the
existing contract_id. This is to add consistency as filtering by
customer_id is available in other endpoints
Change-Id: I1577d06133f9629c363940a4e8d2fb8012336e21
* peer server preferences such as rewrite_rule_set, header_rule_set,
contract_sound_set, sound_set do not include reseller_id
anymore when set for a peer server as peerings are platform wide
Change-Id: I4276767649bc5f2f35aba3eacd0f566b960cf647
These are shared files across all PRO/Carrier nodes, but at the time
they were introduced we did not have the concept of a shared-files
subdirectory. All other such shared files have been moved over time to
that subdirectory, but this was still remaining behind. Let's move it
now for consistency, and so that its purpose is more clear.
Change-Id: I05762d66c352b8ebee34ae93d952d9ffd58910fb
* rtcengine related logic and apps is now removed
* remove /api/rtcapps endpoint
* remove /api/rtcnetworks endpoint
* remove rtcengine relations from resellers such as
enable_rtc flags
* remove rtcengine related API tests
* remove rtcengine and comx related libraries
* remove csc webphone ui app
* remove webrtc related selenium tests
* remove rtcengine flags from /api/capabilities
Change-Id: I83a4b0457fac2e0df23d267f8dbc82841dfb3001
* target selection for chained routes in BillingNetworks is now
performed based on the account that $c->stash->{close_target}
can be already set, and it's used if defined instead of the
explicit target
* add NGCP::Panel::Utils::Navigation::select_back_target()
* NGCP::Panel::Utils::Navigation::back_or() now uses internally
select_back_target()
Change-Id: If6ca47a776896db48955a04f544731dc87c59aa1
* the endpoint now contains additional fields starting with prefix
current_* that represent the current aggregated value that is
used for the preferences and also
current_fraud_interval_source
current_fraud_daily_source
that represent the used source for the current_ values
(billing_profie or customer)
customer - if the fraud limit is set on the customer level and > 0
billing_profile - if fraud limit is not set on the customer level
Change-Id: I074285e3464420a14f65695c40c8b8008a241a8d
* Role::API::Contracts add item_by_id() that calls contract_by_id()
* Utils::ProfilePackages::catchup_contract_balances return if
$contract object is undef
* Form::Topup::Log::contract_id expands into Role::API::Customers
instead of Role::API::Contracts
Change-Id: Id4fc67b8ea1e91f350d0172aafc2b722f34e61f3
* the password reset via API now uses webusername instead of
wrongly used username to fetch the subscriber
Change-Id: Ib2ed042382963f13d73619acd48a588f3874c25b
* Utils::Subscriber::update_subscriber_numbers() fix
an error when $current_primary_number is undefined
* t/api-rest: remove devid_alias from the tests as the field
is deprecated and no longer in use
Change-Id: I6e472398a7a393cd83de5818157629338388ec8e
* the current condition for primary number removal for PUT/PATCH is if
the primary number exists and specified in the data as
primary_number => undef. The condition failed as the 'primary_number'
key was explicitly created regardless of the original user data input,
resulting in a false primary_number => undef.
Change-Id: I17651046627f5c48696c3f1d17da5aa49452fe9a
for deployments that expose panel/csc via a proxy,
the auto-generated base url printed in emails can
be unreachable. we therefore introduce the option
to explicitly specify a base url to use.
it will support an sprintf pattern with individual
params for eg.:
- protocol scheme
- domain part
- port
- base url path
Change-Id: I6a9ca23126c669d249ef7f3e092cae0161235ebe
* primary and alias numbers are now validated that they
do not belong to another subscriber
* aliases are now validated that they are not already set as the
primary number
* reduce amount of related sql queries
Change-Id: I4397bbdc4bc9001b7feeef22cb8f85ee0b6ce8ff
* prepare_resource() use prefetch 'attribute' to address
scenarios with high amount of preferences per subscriber
Change-Id: I7a32ff9953ccf9a3cc7e482639c6bd3cdb28eb0f
We need to properly handle transport picking for the SIP peerings:
- in case a non-default 'outbound_socket' is set for the peering,
give a precedence to the transport used for it ;
- in case a default 'outbound_socket' is set for the peering,
use a transport protocol configured for this SIP peering ;
The idea is quite simple, and meets our current requirements.
Change-Id: I98d55b090f04642442d83da83d441aca0f000dec
* Call forwardings related internal usr preferences are now
distinct per call forward type (maximum 1 record per call
forward type, if at least one forwarding for this type exists).
This change is meant to address the issue when there are >1000
call forwardings per subscriber, which leads to performance
issues. Other components (kamailio) only uses this preference
as a boolean to check if there are call forwardings at all per
type, therefore, more than one preference, per type, per subscriber
is not needed.
Change-Id: Iffa475700a74f56eff67400ce9b57092018a14a0
The ngcp-collective-check now produces a more semantic JSON key. This
should allow to produce more organized problems reporting on the
panels, and will allow to remove the old messy keys.
Change-Id: I302eb7927adf70e33a88ef231b477fc7111c4371
* show the correct error message when a peer_auth preferences are
modified for a disabled peering server
Change-Id: Ibd710d142066c9622932992c8a60ec0d7f7674e1
so far the invoice contained outgoing calls only.
this change introduces the "call direction" mode
for invoice templates, to configure invoices with
either
- outgoing calls only
- incoming calls only
- both outgoing and incoming calls
Change-Id: I3a9d4e3dbb83de63cc2bfab5f1c55714fe487c25
* The succesful password recovering redirects to https://<host>/ which is translated to /#/login on CSC page.
Change-Id: If4e7ae510396e3852319c7e5c9d4915fdd214e95
* Contract default sound set - subscriber propagation for cases:
- New customer sound set is created as default.
- Customer sound set is changed to default.
- New subscriber creation - setting contract default sound set id.
* The mentioned cases were implemented for both UI and API.
Change-Id: Ia4733c972ae388d3457d0336e3f85b85eec6e9a2
The 'Calculated fields' label is displayed when creating a new
Batch Provisioning template on Admin Panel. This field has a
selector which offers the 'Javascript' and 'Perl' options. The
label may be confusing, since the options are programming languages
(rather than 'calculated' fields) that can be used on provisioning
templates.
Hence, it is more suitable to change the 'Calculated fields' label
to just the 'Language' label. This will also be in concordance with
the JSON property 'lang' (short word for "Language") that can be used
at API level to set the programming language.
Change-Id: Ie944e446bbab845fee644f698023ac1eacf0e866
* /login_jwt now accepts "jwt" key with an existing valid JWT as the
value
* upon successful authentication with the token a new token with
prolonged expiration time is issued for the authenticated user
and returned in the JSON response
* add "expires" value in the JSON response that contains a timestamp
integer when the issued token expires
* fix encode_json() calls formatting
* most of JWT related error messages are now appear in the log as INFO
instead of ERROR as they are not related to the system errors
Change-Id: Ie8e04534c8819dc756b3c64ebc4432ce442a1d31
* 'location' field is now optional, if not filled it it will always
default to an empty string instead of null. This is required for the
new mode 'forward' that has no use for this field. If the field
is empty in any other mode like 'add' or 'replace', the entry
will be skiped by the logic.
Change-Id: Ia964c3bb272c9772c51b836ac2418ee4cd7b7f42
WHAT: This fix allows the options: (a) Voicemail greeting "temp", and (b) Voicemail greeting "greet" to be displayed within Subscriber Preferences -> "Voicemail and Voicebox" on Admin Panel (Perl-based). Hence, an Admin can load 'greet' and 'temp' prompts via Admin Panel, similarly as 'unavail' and 'busy' options.
WHY: 'greet' and 'temp' options were added to be managed via API, but they were not available on Admin Panel.
Change-Id: Ie2d18f4d9a8e8369f3bbcb8593848ce6ee4b7d32
* Users with "system" role can change all items accross the system including the password changing for other users.
* Login "system" has persistant "system" role.
* "system" login name is restricted for the user input.
Change-Id: Ibaecba35a86f71fa8895ce9d9feab8e768b65d14
* Fetch recording_metakeys caller/callee for the certain record id(call).
* Add caller/callee fields to the resource and form.
* Frefetching recording_metakeys for the call recording.
Change-Id: I767ea32e19edfd7cbbc74956200343f680fdb2b4
this fix addresses regression reported by dominik:
* $resource{_password}/{_webpassword} cannot be set before the
form validation as they are effectively removed by it,
causing /api/susbcribers returning no passwords at
all for 'subscriber' roles
* Having them after the patch makes no sense either as next
resource_from_item call will effectively remove them again (in PATCH)
(cherry picked from commit 5e9066c4fb)
Change-Id: I88c9ec40843f1e9a6983952b96c0b0e70fbb1bb1
* An attempt to change own role, login, flags
(except for can_reset_password) now returns
403 Forbidden, User cannot modify own permissions
* POST checks if the admin has necessarry permissions
to create another admin
* PUT/PATCH changing own role is now forbidden
* PUT/PATCH changing other's admin role now checks permissions
* DELETE checks role permissions
Change-Id: I990609985ae9cab6213cf47f5f5c8afba2efdda3
* check $c->state for cases when it does not exist
(admin user creation)
* return undef instead 0 in the default field method
Change-Id: I3aa69ebc0f5ec5a590c113379bdf0a5a94e35747
This reverts commit 5e9066c4fb.
This implementation breaks:
* $resource{_password}/{_webpassword} cannot be set before the
form validation as they are effectively removed by it,
causing /api/susbcribers returning no passwords at
all for 'subscriber' roles
* Having them after the patch makes no sense either as next
resource_from_item call will effectively remove them again (in PATCH)
Change-Id: I0e8389e8ab34ad72f1b87a684daba77f1030f8ba
* admin users with is_master = 0, cannot see other admin users
(this includes system users) and brings the is_master flag
to the common behaviour
* ccareadmin, ccare users can now access te UI Admins page
as well as /api/admins but they are limited to see/manage
only themselves
* admin users cannot see system users (UI/API)
* reseller users cannot see system/admin users (UI/API)
* admin users cannot modify their own role and flags except for:
email, password, can_reset_password (UI/API)
* UI edit form now does not render fields that are not meant to be
modified by a user (exception: "login")
Change-Id: I82e1946437fd2ec4651abd24074470c695a40582
- Optional "role" parameter is added for POST PUT PATCH.
If "role" is provided then the passed flags are ignored and are applied internally by the server according to the provided role.
If "role" is not provided then the former flags based approach is applied.
Change-Id: Ib6e591ff6dc50122e0ec49a348153ca820fc2e03
* role_id field is set to optional as the API uses the
form and there is no support for the role_id there yet
Change-Id: Ib663b4d9d0501eca2310a7e95733c2166c9872eb
- Add Role column on /administrator table
- Add Role dropdown input on /administrator/:id/edit
- Add Role dropdown input on /administrator/create
- Implements logic to resolve flags and role id params:
1. role_id is passed(create/edit) then flags will be overrided according to the concrete role.
2. role_id is not passed(create/edit) then flags will be checked to determine role id according to the concrete flags pattern:
Role | Flags
----------- ---------------------------------
system | is_system = 1,
admin | is_superuser = 1
reseller | is_superuser = 0
ccareadmin | is_ccare = 1, is_superuser = 1
ccare | is_ccare = 1, is_superuser = 0
lintercept | lintercept = 1
Change-Id: Ia923a47f664a162d78a06efcc006f84dcd08701d
* soft_expand=1 in API requests when coped with the expand
query parameter tells the API to ignore possible expand
conflicts (such as field mismatch or a permission issue),
returning 200 OK instead of 409 Conflict
Change-Id: Ib798aabddb1b4d66fc9708acbf713037696ad600
a multitude of issues popped after introducing bcrypted
webpasswords in the database. most recently the PATCH /api/susbcribers
rail was reported to reset the webpassword unintentionally.
subscriber login fails afterwards, which is a severe issue.
the bugs are adressed by this refactorings. the change also
introduces a global variable
$NGCP::Panel::Utils::Auth::ENCRYPT_SUBSCRIBER_WEBPASSWORDS
to control encrypting webpasswords. it is still enabled as of now,
but it's worth to consider disabling it. there other ways to have
a "cost" for an authentication request, eg. adding a simple
sleep(1sec).
Change-Id: I2d47d54a2d83568546ffdd2b211337a5f56be3a2
* when a domain is provisionined in prosody and there is
no connection to the host/port, the error is ignored and ok
response is returned instead. Prosody does not have a persistent
database and rather loads vhosts from kamailio.domain on startup
and if it is down during domain creation/removal where will be
no discrepancies when it starts. The new error checking behaviour
benefits the CARRIER setups where a proxy host is still in xmlhosts
but is not available (powered off) or prosody is not running there
for some reason.
Change-Id: Idaaaf2b31985873db9228958b60ff14fca5d1bf6
by default, re-rating CDRs of prepaid customers will
not update the contract balances.
in that case the total values on invoice PDFs become
out of sync with the zone details list.
Change-Id: Iba78b6386140012bb087235997880e8c28cc0972
* NGCP::Panel::Utils::UserRole::_field_to_name now supports
both hash and object to parse the roles from
* NGCP::Panel::Utils::UserRole::resolve_role_id returns undef
if no roles has been passed or there are no entries for the
role in the database
* Fix NGCP::Panel::Utils::Journals to correctly fetch and set
$journal{$role_id}
* Adjust api-journals.t, remove tx_id, user_id, role_id from
checks
Change-Id: Ieff23bd4291f3b88ba92bbfc2b00b57f66bf76e1
- role_id is taken from billing.acl_roles and written into the billing.admins table when a new admin user is created/updated via UI/API. This is the first step towards the role based admin user handling.
Change-Id: I0804379cbbcab174cebbb292397a39cb3ea01a31
follow up on TT#147151 (fast loading/paging/searching panel
datatables), which broke restapi tests.
Change-Id: I799cb9087b9405c71dec4c690e7a7bab5dfdbdde
* decode utf8 on multipart/form-data request
since we encode the json for this content
type, and the fax body gets double encoded
and ends up wrong
Change-Id: I50d10879e5fe1ba99141e76d311641fcd5d568a1
* when field expand is requested and the field has "null" value
(profile_id,profile_set_id), the field is considered as correct
instead of returning 409 Conflict
Change-Id: I2dfa918a0b99bff75429baa3e94a734fcb8c17e2
* allowed_roles in the expand defintion restrict the field
only to the roles in the allowed list, otherwise the field
is not expanded.
Change-Id: Ib6f776388457327f2fa85e71deb9591022cee2da
* add dictionary support for fields that are expanded
if encountered in all endpoints, with a possibility
to override it, if defined on the endpoint's field
level
* move expand definitions from form fields into the
Expand dictionary
* simplify the expand usage, it now operates only with the
<x>_id fields that are returned and visible in the response
(e.g. if reseller_id is returned, then ?expand=reseller_id),
the returned expand object name is <expand_field_name>_expand
the, so in case of ?expand=reseller_id, the returned object
will be reseller_id_expand
* adapt Role/SystemContacts to work correctly with the expand
functionality
* expanded fields are returned as <expanded_field_name>_expand
Change-Id: I4cab44ede9b40c70a95bbcedc81f58dd1f4e3b67
* Fix for language solving for API requests. Changed the sequence of language choosing:
1. Request parameter "lang" for API and UI.
2. Cookie value "ngcp_panel_lang" for UI only.
3. User agent/browser language for API and UI.
Change-Id: Id5d814deead22eb7e2908fdc742b0c8474314d49
* restore the removed product table join in
get_contract_rs() as get_contract_rs() and product.class are used
in many places in the code that have their own filters by
product.class
Fixes: 133bd43df TT#147151 fast loading/paging/searching panel datatables
Change-Id: I56e20f240ccc08cf1c9a25947f67990691425549
query refactoring an rowcount clipping for UI datatables
that are slow when using millions of subscribers:
contacts
customers
contracts
subscribers
billing profiles
billing networks
billing profile packages
Change-Id: Ia50e3aa52684772548569b6908f0cbc08395a5a7
* add recursive expand support, so it's possbile now to do
nested expands as "expand=contract.reseller".
* comma separated fields support is preserved and with the enhanced
expand "expand=contract.reseller,customer.billing_profile" it enables
expanding "contract" with nested "reseller", as well as
"customer" with nested "billing_profile".
Change-Id: Ie82f5118dc13e57a0397566295644452f29bccde
* "subscriber" role can now retrieve own autoattendant data. This is needed for the CSC interface.
Change-Id: Id10b302205fe458d5793ae8f7bd9201233f9a0d4
* Admins with is_system and is_superuser are able to see the items for all roles.
* Admin is able to see own journal.
Change-Id: I3e5d459b08ff7ef218220f1ae11974351121c489
the POST /api/provicioningtemplates/<reseller>/<template>
request will accept text/csv content type to provision
many susbcribers at once.
Change-Id: I59079ba8f2bacc0ce2b1367d2bd1a7251cf4763c
provisioning templates with their dynamic forms
can be executed by a entityitem POST request, ie.
POST /api/provicioningtemplates/<reseller>/<template>
or
POST /api/provisioningtemplates/<readonly template>
Change-Id: I77f6c9d42e1afdb49635d3f11e4d73bcf6269605
* vmnotify() now accepts cli and uuid arguments
* API handling of voicemails is now improved to:
- send a notify if the item's INBOX/Old has been changed
- correctly process DELETE to send vmnotify after the
item's removal
Change-Id: Ic00ae825cf091bce273e55aa37cd0a7ac80d8b0f
* improve select from voicemail_spool to avoid
sequental scan with like '%..'
* select now fetches all messages count
* add old messages count support
* old/new messages are reported as 0 if not returned
from voicemail_spool
Change-Id: I11ac1a407e8d22fe828a17cda55aa3298c6e6f02
* non-existing hal resource key was used in the debugging string
causing the item operations, such as PATCH to produce 500 error
Change-Id: I9e53dcf8b4b21385b9b1b877d87319023222f620
* domains do not use billing.domain_resellers table anymore
but instead the new domains.reseller_id field. That is
to remove the unneeded many<>many relation through the
additional table where the actual logic only supports
one(reseller) to many(domains) relation
Change-Id: I1b681543baf1901f19e10c2f6210e4cf6eeb8fbe
* move to_log() and data_to_str() methods to the parent
VendorREST module
* rename send_request() to send_http_request()
* use common send_http_request method for HTTP requests
dispatching
* improve logging
* improve error handling
Change-Id: I403aa8053e4abfaf6992b62809f15ab72e3a06fc
the form used for the /api/ncoslnpcarriers rail
uses the same technique to expose a JSON field
"carrier_id" for the table column "lnp_provider_id",
also found in the /api/lnpnumbers rail implementation.
it however did not work until now, because the
fieldname in the render_list did not match.
Change-Id: I45dca22bab73e16b538de7ea1d540aa1383fb56d
Otherwise PBX devices config geenration failed with error:
> 500 - error creating template:
> error processing template, type=undef,
> info='Can't use string ("") as a HASH ref while "strict refs"
> in use at /usr/share/perl5/NGCP/Panel/Template/Plugin/DeviceConfig.pm line 50. '
It happens because no preferences access defined for 'bootstrap' PBX
access (port 1445), they are available for 'config' access only (port 1444).
Change-Id: Id2c1478678265144b8ddb83504a0d3c9cec16563
* switch to 'populate' instead of using
'insert' for each destinations, sources,
times, bnumbers, mappings and CF preferences
* add API->check_patch_op_add_only - to check if
the patch contains only "add" operations
* improve /api/cfmappings, if all PATCH operations
are "add" then the existing records are not
fetched and not recreated, enabling very new mapping
inserts
Change-Id: I0b4e71565c11771026dbbc000aa57b2a613409fa
The latest version of the 'ul.add' RPC command of Kamailio
has 11 parameters instead of 9, we have to fix that.
Change-Id: Ic70bde77eada095ddf127e18f3ef7e5b3d91478f
the /api/provisionintemplates rail provides the
operations to create, edit and delete "provisioning
templates" know from the "batch provisioning" feature
of admin panel.
these templates can also be defined in config.yml,
while it is however only possible to edit templates
stored in the database.
executing a template and/or uploading a .csv for bulk
execution will be available in a separate part.
Change-Id: If8627327270edfce5bca1be3b1f777c1bd44e90f
the G2k/LIMA implementation seems to have our error
messages hardcoded in their logic. it stareted to
fail since we added logline obfuscation, which was
also added to response messages in this place.
Change-Id: I36c2a74ed17db7013e692d7cbdccf0dbd44e814e
The ngcp-panel v1 codebase uses 'back=' GET parameters to record
all the navigation path and store it into the session array:
'$c->session->{redirect_targets}'.
On switch from v1 to v2 using the link 'GO TO NEW ADMIN PANEL',
the function 'login_to_v2' is not using the concept of 'back=' GET param,
but ngcp-panel still receives and stores the last value with 'empty' path:
> $VAR1 = bless( do{\(my $o = 'https://x.x.x.x:1443/')}, 'URI::https' );
> $VAR2 = bless( do{\(my $o = 'https://x.x.x.x:1443/subscriber/155/details')}, 'URI::https' );
> $VAR3 = bless( do{\(my $o = 'https://x.x.x.x:1443/subscriber')}, 'URI::https' );
> $VAR4 = bless( do{\(my $o = 'https://x.x.x.x:1443/dashboard')}, 'URI::https' );
The navigation above is a recorded browsing path on v1 (in a reverse order):
- login to ngcp-panel (dashboard page is opened),
- open 'Subscribers'
- open details for some subscriber with id 155
- open subscriber preferences
- click on link 'GO TO NEW ADMIN PANEL'.
As a result user is still located on the same page "Preferences",
but not on v1 but v2 interface. The empty value is inserted into
the array '$c->session->{redirect_targets}' (which is wrong).
The empty path 'https://x.x.x.x:1443/' brakes v2 navigation
for v1 'Back' button inside iframe.
It causes loading of iframe inside iframe,
which happens on v2 due to list of redirections:
- clicking on v1 button 'back' inside v2 iframe requests https://x.x.x.x:1443/back
- it triggers navigation to the top element array 'https://x.x.x.x:1443/' which is wrong/corrupted.
- loading '/' cause 302 redirect to '/v2/' (as 'v2' is a default UI for mr10.0+)
- loading '/v2/' inside iframe cause the issue with 'v2' content inside 'v2' iframe.
This is a commit to prevent inserting an empty 'back_uri' into
the session array '$c->session->{redirect_targets}'.
Change-Id: I69df4320fa8cde4d23a7d9dd18ffb5eb06ee8df1
The modern browsers (except Safari) supports 'Sec-Fetch-Dest':
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
In theory we can remove the current 'framed session' storage completely,
but Safari will not be supported. Let's expand the current logic to provide
extra protection here to backport the commit to mr9.5+.
Change-Id: I9c070f77f427c81581f4d9ceeb1a57b274d77819
* kamailio.sems_registrations now uses
kamailio.lcr_gw.id -> peer_host_id
kamailio.subscriber.id -> subscriber_id
for foreign keys consistency withing the same database
Change-Id: I4722729fdee07eb2a153473e85d64faa46eedca5
* webpassword is not correctly removed based
on length, and remain visible when in plain-text
or empty (unset)
* config->security->password_(sip|web)_expose_subadmin
now only affects subscribers under the same customer
that are not this subscriber admin
Change-Id: I329e0f1ad97dd513a33e3652ed03b4a43a95ed04
We need to de-register all subsequent peering hosts located under
the peering group being deleted.
Change-Id: I50bc25932e59d6b918f65c6525f2631cb9868fe4
We need to add an improvement, which fulfills the work of the
registration mechanism for SIP peerings.
Not only do we add here a registration tirggering for peerings,
but also a 'type' is introduced, which is mostly needed for XMLRPC
commands being sent towards SEMS, to let it understand to whom the $sid is related to.
Plus a list of improvements:
- de-register peering host on deletion ;
- de-register peering host on disable / register of peering host on enable ;
Change-Id: I035dfadf6709acb4d106a70f6124f024e719044f
Throw descriptive error for attempt to create Customer with Template
that does not belong to Contact’s Reseller. Cover the case when the
Template belongs to System Contact (with no Reseller).
Error example:
'subscriber_email_template_id' with value '1' does not belong to
Reseller '1' that is assigned to Customer's Contact '1'
Change-Id: Iffcef0339afc4490ecba81d4667cbb9225766af4
fee matching works in 2 attempts:
1. try to find a fee matching <user@domain>
2. if none found, try to find a fee matching <user>
the billing_profile record will get a new field
"ignore_domain". if set to "1", step#1 above
should be skipped.
Change-Id: I7f0a8f1dd8d5699ad4e2b8242c68fb9f75fc1bff
* password field is virtual and needs to be transformed
into saltedpass, restored the removed logic that does that
in process_form_resource()
Change-Id: I8baabbef2bdb46db850e12b6e0c638ca5c3deddf
A feature request to have an opportunity to add a default action slot,
in case a caller hangs on the AA and doesn't pick anything.
Main change is related to sql structure of 'provisioning.voip_pbx_autoattendants' table,
which now has 'voip_pbx_autoattendants.choice' as VARCHAR(16) instead of TINYINT.
Also adding a label 'default' for the drop-down menu.
Change-Id: I6382a68c8258094a2bf2bf9c71407092860f5e4d
The value of "interval_free_time" preference is specified in seconds.
To avoid confusion, use the term "free calling time" rather than "free
minutes" in tooltips.
Change-Id: Ia4bd507e4a2281723fd2168a34b2178bf404f867
* 'webpassword' field is now also validated for invalid
(non-ascii) characters
* Fix multiple APP input field validation erros to comma joined.
* Adjust 'webpassword' field validation errors to have better
readability when there are multiple validation errors
Change-Id: I21536f97a4da78cc5192a3abd8cd5adef1b819ec
* webpassword field was unconditionally deleted
in API GET and DELETE methods, it now relies
on resource_from_item for the common approach
Change-Id: I703158fd2022b49a49470db28cb22f37e613f841
* 'administrative' field is read only for susbcriberadmin
role and that caused it to be removed from the final
update 'resource', setting it to 0 if not existed.
now the 'administrative' field is only changed in the database
if it's defined in the 'resource'.
Change-Id: I50738a77052c2163b19b2a42293c7a00e2780bc3
* PATCH: password fields are not removed when
resource is created for apply_patch(), they
are removed under the same condititions later
when hal is generated, that is to ensure that
admin users without the 'show_passwords' flag
as well as subscribers will not run into situation
when they use PATCH and cannot apply it for
"path": "/password" or/and "path": "/webpassword",
as they were removed before apply_patch()
* rework encrypted webpassword detection.
webpasword is detected as encrypted if its length
is 54 or 56 and it contains at least one '$' char,
there is a chance for false positive detection when
a user provides with a plain-text password with the
same pattern but it's very unlikely, as well as
since mr8.5 webpasswords are expected to be encrypted,
and moreover worth case scenario is that the
plain-text password will not be returned to the user
Change-Id: I8ea739cbf728b2134f3ce00cee29da42ab3fb4a3
* add API functionality to request additional data
and expand fields in GET methods
* syntax:
- /api/resource/?expand=all - expands all expandable fields
e.g.: customer_id field is expanded and customer internally
is queried and returned under "customer" => {...}
(the returned data is identical to what /api/customers/id
would return)
- /api/resource/?expand=reseller_id,customer_id - expands
only reseller_id and customer_id fields, if they are expandable
- /api/resource/?expand=reseller_id,invalidfield_id -
returns the data and expands only fields that are expandable
(reseller_id in this case) but if it finds either unknown
fields or non-expandable fields, changes HTTP status code
to "409 Conflict"
* adapt all API endpoints to support dynamic expand fields expanding
functionality, however the actual expand for them requires modifying
the form fields in the following format:
has_field 'contact_id' => (
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::CustomerContacts',
id_field => 'contact_id',
alias => 'contact',
fetch => 0,
},
},
);
- class - represents the class that should be used by the logic
to fetch the relevant data
- id_field - which field from the resource needs to be expanded,
it should be the "id" field (subscriber_id, domain_id, etc.)
- alias - (optional), under which key the fetched data is stored.
the field name is used as the key if the option is omitted.
- fetch - (optional), if the returned data is under
$data->{contract_id} then it will be fetched from there and
stored under the key (field name or alias), otherwise the whole
retreived data is stored under the key (field name or alias)
* adapt /api/autoattendants to use the new approach (old one was expand=1)
* currently supported endpoints with expand:
- admins
- autoattendants
- domains
- customers
- customercontacts
- resellers
- subscribers
Change-Id: Iac53409dad944ed4794039a48dc3a9f6dce25bc1
* Login CSC v2 button is shown on the subscriber's master
data page if www_admin.http_csc.csc_js_enable == 1 or 2
* When the login is triggered an auth token
is generated internally followed by a redirect to
CSC as /?a=auth_token
* move generate_auth_token() into Utils/Auth
* improve generate_auth_token() arguments support
* add /api/authtokens error handling
Change-Id: Idd65400bf8ce6ce48979c736f6a199fb567ffaa4
It is much more usable to see the debug information as URLs:
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path: /
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path: /subscriber
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path: /subscriber/ajax
Instead of Catalyst oriented way:
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path:
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path: subscriber
> Jul 22 08:24:53 sp1 ngcp-panel: DEBUG: *** New GET request on path: subscriber/ajax
Change-Id: I38699152e232c5f5aa2ef218db9bf61c692bbf33
It was close to impossible to read ngcp-panel debug log due to:
* missing clear marker of the start reuqest processing, use '***' once only
* some personal markers (like '+++++++') have been removed as they have no
meaning for other developers. Let's remove the personal markers and work to
make the panel debug log well readable for all developers.
Change-Id: I69faff3ab2258fc156e88c7b8da0edfef14c3e6e
* /login_jwt is now the only endpoint to issue JWT tokens
* JWT token admin/subscriber is provided based on the
NGCP_REALM/NGCP_API_REALM fcgi env values
(e.g.: https://localhost:1443/login_jwt = admin JWT token and
https://localhost/login_jwt = subscriber JWT token)
* Authorization: Bearer a= prefix is deprecated
* Clients cannot use subscriber JWT token to access admin
NGCP_API_REALM https://localhost:1443/api/...
and vice-versa
Change-Id: I46edf4c7aaf7bb835dc4ac6b7535aa2d6b5ac136
Add strings that were collected by fixed ngcp_panel_dump_db_strings.pl
from Forms into i18n source file messages.pot.
Change-Id: I92157059b48bdfab94405b674f9a7300c5a9a91d
Fix ngcp_panel_dump_db_strings.pl to load Forms modules properly.
Make modules not to fail when they are called without ctx context.
Change-Id: I695978b1831068f37198bce9f6a5b9e406d79ede
* the extra packing of the secret key during encode/decode
conflicts with the API v2 implementation
* move JWT "typ" from the payload to the header
Change-Id: Ica5822d810d6eaf7b3ae017f7037f25637b6f861
* unify the logic and use uuid in /api/cfdestinationsets and
/api/cfmappings if the subscriber's primary number is empty
Change-Id: Ibdb7e2a2bcd33165be5ec1d92c4f1df24f59405a
* the endpoint will receive "type" (expires|onetime)
and "expires" (positive integer representing seconds)
* type will define the expiray method for the token;
onetime: the token expires as soon as it's used, or
after "expires" seconds if not used
expires: the token can be used multiple times until
it expires according to the "expires" param value
* login_jwt endpoint for generating the JWT token for
subscribers has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* admin_login_jwt endpoint for generating the JWT token
for admins has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* login_jwt and amin_login_jwt will respond with 403
"Forbidden" if the token role stored in Redis does
not match the role of the user that generated it
* /api/authtokens is hidden from documentation for now
Change-Id: I4eb76c2b08f2e24774fa84ba0ccf7412ce8670e8
* add additional centralised checks for inactive and read_only users.
* use_userdata_from_session=0 now for all auth realms to cause the data
re-fetched from the database, to avoid scenarios when a user is set
as inactive or read_only and UI keeps using the cached data.
the change only affects cookie and JWT subscriber based sessions
as in all other cases, the auth data is fetched from the storage regardless.
* add is_active=1 flag for the internal 'system' role, as otherwise
access would be permanently denied for it.
* default 403 error for denied api requests is changed to "Forbidden"
instead of "Forbidden path".
Change-Id: I1d6d3c765ca8e017e11845c1f5260243a3963c3b
Otherwise v1 session (cookies-based) is not created and v2 CSC
cannot load v1 "iframe" content. Also it was impossible to switch
between v1 and v2 CSC.
Change-Id: Iab3fac6e8da6e5a2e81a0626a3db6faa3e011396
* add quotation with ~ for square brackets ([])
comming from the database, as it is needed for I18N
Change-Id: Ia1253e90d47858a930a4a9569c2d27993a0cd4bc
* 'umploadtmp' option is now defined in Panel->config
and taken from ngcp_panel.conf otherwise falls back to /tmp
Change-Id: I836f2d7dd346bd1853c513dacd2ab5caffbcdf3e
* /api/callists "type" field now contains the same call type
value as it is in the database, for flexibility so that
customers can implement their own logic around it, as well as
filtering by the query parameter "type" works as expected.
* For history: in /api/callists in case of direction "in", the type
was replaced with type=call regardless of the what was in the database
Change-Id: I1174b34747fe1b739cd6bfc050911c58c4b0964a
* sip_lcr_reload is now called after "commit" in all API endpoints,
to correctly reflect updated DB changes. It was correct in
/api/peeringrules POST but not correct in DELETE, as well as
also not correct in /api/peeringservers and /api/peeringgroups
* sip_domain_reload does not check if the domain is successfully
reload in kamailio proxy as is logic is redundant, it fails
however if domain reload XMLRPC request failed on any available
proxy servers. Another reason is by default tcp_conn_wq_max
in kamailio-proxy is 32KB by default and that causes an impact
when domain.dump XMLRPC is used on very large domain sets (600+),
as well as sip_domain_reload has improved performance with the removed
XMLRPC domain.dump body parsing.
Change-Id: I17c5718198b06b1ce78b2654f3d7c3bd2830f60b
* restore password field in prepare_resource after
it was deleted in resource_from_item for admins
without show_passwords flag
* the password is restored only in case it's missing
from resource and it's present in DB
Change-Id: I390fb8fb94f4546734cb899c741dc90e439df068
* xmlrpc lcr.reload request is now sent after the transaction
is committed, otherwise the reload operation is performed without
the newly added changes in the peering rules
Change-Id: I728605a8d277b00d02a3f864c84f172306f7b090
* upon pressing the button, a new session object
with selected subscriber's details will be inserted
in Redis, and also a new ngcp-panel_subscriber
cookie will be created containing the session id
of the previously created session object; then
the user will be redirected to CSC v1 address
where the selected subscriber will be authenticated
based on the cookie and Redis info
* the new button will be available for admin,
reseller, ccare and ccareadmin roles
Change-Id: I03952efe4abe18e61884859c466d700a7885ead4
* /api/platforminfo does not have its own endpoint file
and therefore, does not appear in the rendered documentation.
it only supports GET method and renders the template file.
the endpoint is designed to provide with the prerendered JSON
data containing the current platform configuration.
* /api/platforminfo supports both authenticated and anonymous
requests, where based on that, the template provides with
the corresponding info withing the current scope.
Change-Id: Idc8138595eda2c14e7f8dc7ed97cc50039fd1adc
* the new filter params works as follows:
* if start_time is provided, recordings
with start time greater than provided value
are displayed
* if end_time is provided, recordings
with end time less than provided value
are displayed
Change-Id: Ie9cfb88141506581e2b724d4502b88091f9c7a02
* when a target host times out, instead of generating an error,
the host is skipped, this is due to the fact that some proxy
hosts can be disabled but still present in the xmlhosts table
* introduce new code in $ret = distpach(...), -1 indicates that
the host was skipped because of the timeout.
Change-Id: I0f7b5c64124c6481a142c1821a88ab9c3a652bd1
* new Plugin Catalyst/Plugin/NGCP/RealmCookie.pm
that extends Catalyst::Plugin::Session::State::Cookie
and overloads methods responsible for cookie_name creation.
It uses NGCP_REALM fastcgi header to append it to the cookie name.
Empty cookie with name "appprefix"_session is suppressed on Session
pre-setup.
* Base cookie_name is now set to 'ngcp-panel'
Change-Id: I6b4c10c5e1728d0dd7a6398bf5191925d5b904f6
* Replace wrong usage of 'reseller_id' filter
for missed templates resultsedl use 'id'
instead, because the query is made directly
on resellers table
Change-Id: I85bdcda79168979c8b1bb0503ab7bba91c5f8a78
* give access to subscribers roles to see,
create and update own registrations
* subscriberadmins can manage all registrations
of subscribers under same customer
Change-Id: I643121da901b0ed99fc718106a1632da4e1e1936
* Previous commit for full scan pagination
removed pagination for subscriber_id filter
which was anyway not working properly in
some corner cases
* Introduced usage of Data::Page which correctly
paginates through the results
Change-Id: Ic1c98c090b9e92362ab1f2d9b0de0c39660d9e20
The fix has been created by Gerhard Jungwirth three years ago for
branch 'mr5.5' and was not merged into branch 'master'.
It is a follow up master commit to address customer ticket TT#82306.
The cherry-pick has been done AS IS, with one small trivial resolution:
> + my $is_pbx_customer = $c->stash->{billing_mapping}->product->class eq "pbxaccount";
> my $base_number;
>
> ++<<<<<<< HEAD
> + if($subscriber->contract->product->class eq "pbxaccount") {
> ++=======
> + if($is_pbx_customer) {
> ++>>>>>>> 239d4a385... TT#44168 create additional form for subadmin non-pbx subscriber edit
Change-Id: Ie242c4ad44fc21319cdaa29dcca423fe241aab20
(cherry picked from commit 239d4a3859)
Add the missing 25% of French translations in i18n fr.po file.
The translation and proofreading were done by Alconost (Chawki
Benzehra).
Change-Id: I8078eef0dd0118716801114855ab3ede23c981d7
Unwrap wrapped lines in existing i18n PO translation files to prepare
them for new unwrapped versions from Crowdin. To promise consistent
format the normalization was done by 'script/extract_i18n.sh'.
Change-Id: I9ec8394c83fa6bfde25fdaa9ab1b5d94f2512fa9
Remove location file name duplicates repeated inside the same context
line.
Bring the new "u-Law" version of 'transcode_PCMU' voip_preferences
attribute.
Change-Id: Ibf16e5090f79ccf9a6ce3cb3bd171f22f7d07899
* it's now possible to filter reselelers by their status
(active, terminated), the default return of all resellers
has not changed.
Change-Id: I6e1f2b6745ac6c3c4a012fe261ee5db810084be3
If user is typing URL directly in the browser window,
the request has no 'referer' header and we should reset the 'framed'
session state to prevent corrupted 'framed=1' output which confuses
endusers a lot.
Change-Id: I8f381daec80dfd95fab6ecbaecfa66438f5d53f0
* PeeringRules.pm is back to the old model for
consistency and to be backward compatible
* it contains the duplicate check fix
Change-Id: I2253f0e740bea7115efb7d1f072ec73498f20040
* PeeeringRules.pm now uses the Entities approach
for fine transaction control that fixes the POST operations
Change-Id: Ieb666d3009393404e04171966adc0912f55a8a4f
Kirill Solomko
Rene Krenn
Michael Prokop
Daniel Grotti
Marco Capetta
Sipwise Jenkins Builder
Victor Seva
Fabricio Santolin da Silva
Antoine Lingat
Alexander Lutay
Guillem Jover
Oleksandr Duts
Javier Rodriguez
Donat Zenichev
Flaviu Mates
Victor Tsvetov
Gerhard Jungwirth