ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Oleksandr Duts	03271187c7	TT#157400 API/UI admins fix authorization for "system" role * Users with "system" role can change all items accross the system including the password changing for other users. * Login "system" has persistant "system" role. * "system" login name is restricted for the user input. Change-Id: Ibaecba35a86f71fa8895ce9d9feab8e768b65d14	3 years ago
Oleksandr Duts	938eef9140	TT#119465 API callrecordings - searchable caller/callee * Fetch recording_metakeys caller/callee for the certain record id(call). * Add caller/callee fields to the resource and form. * Frefetching recording_metakeys for the call recording. Change-Id: I767ea32e19edfd7cbbc74956200343f680fdb2b4	3 years ago
Rene Krenn	d82d93da9d	TT#71950 fix leftover with `35b568dde` Change-Id: If71d07972f56cb1b7cb0bbafdcfd3b68cce6e254	3 years ago
Michael Prokop	35b568dde4	TT#71950 Fix typos * successfuly -> successfully * diplay -> display * recieve -> receive * mathes -> matches * cahnged -> changed * Unprocessible -> Unprocessable * The the -> The * repesent -> represents Change-Id: I123f5b1ec8c11fe01db4e5768bd640c4920d3366	3 years ago
Rene Krenn	599dd0613b	TT#151751 fix plaintext sippassword no longer returned this fix addresses regression reported by dominik: * $resource{_password}/{_webpassword} cannot be set before the form validation as they are effectively removed by it, causing /api/susbcribers returning no passwords at all for 'subscriber' roles * Having them after the patch makes no sense either as next resource_from_item call will effectively remove them again (in PATCH) (cherry picked from commit `5e9066c4fb`) Change-Id: I88c9ec40843f1e9a6983952b96c0b0e70fbb1bb1	3 years ago
Oleksandr Duts	581aa090e7	TT#153501 API: GET phonebookentries - fix subscriber access(422) to own phonebooks * Roles subscriber and subscriberadmin use the user voip subscriber id as a phonebook context. Change-Id: I5f119837b40169aa6d920774b4fc96551875dfc0	4 years ago
Kirill Solomko	f4154b1dbc	TT#154500 tighten /api/admins roles * An attempt to change own role, login, flags (except for can_reset_password) now returns 403 Forbidden, User cannot modify own permissions * POST checks if the admin has necessarry permissions to create another admin * PUT/PATCH changing own role is now forbidden * PUT/PATCH changing other's admin role now checks permissions * DELETE checks role permissions Change-Id: I990609985ae9cab6213cf47f5f5c8afba2efdda3	4 years ago
Kirill Solomko	81ebdb8dcf	Revert "TT#151751 refactor persisting subscriber webpassword" This reverts commit `5e9066c4fb`. This implementation breaks: * $resource{_password}/{_webpassword} cannot be set before the form validation as they are effectively removed by it, causing /api/susbcribers returning no passwords at all for 'subscriber' roles * Having them after the patch makes no sense either as next resource_from_item call will effectively remove them again (in PATCH) Change-Id: I0e8389e8ab34ad72f1b87a684daba77f1030f8ba	4 years ago
Kirill Solomko	e95ed81ca7	TT#154500 improve admin users behaviour * admin users with is_master = 0, cannot see other admin users (this includes system users) and brings the is_master flag to the common behaviour * ccareadmin, ccare users can now access te UI Admins page as well as /api/admins but they are limited to see/manage only themselves * admin users cannot see system users (UI/API) * reseller users cannot see system/admin users (UI/API) * admin users cannot modify their own role and flags except for: email, password, can_reset_password (UI/API) * UI edit form now does not render fields that are not meant to be modified by a user (exception: "login") Change-Id: I82e1946437fd2ec4651abd24074470c695a40582	4 years ago
Oleksandr Duts	9855b6ab45	TT#149461 Enhance /api/admins to accept the role data property - Optional "role" parameter is added for POST PUT PATCH. If "role" is provided then the passed flags are ignored and are applied internally by the server according to the provided role. If "role" is not provided then the former flags based approach is applied. Change-Id: Ib6e591ff6dc50122e0ec49a348153ca820fc2e03	4 years ago
Rene Krenn	5e9066c4fb	TT#151751 refactor persisting subscriber webpassword a multitude of issues popped after introducing bcrypted webpasswords in the database. most recently the PATCH /api/susbcribers rail was reported to reset the webpassword unintentionally. subscriber login fails afterwards, which is a severe issue. the bugs are adressed by this refactorings. the change also introduces a global variable $NGCP::Panel::Utils::Auth::ENCRYPT_SUBSCRIBER_WEBPASSWORDS to control encrypting webpasswords. it is still enabled as of now, but it's worth to consider disabling it. there other ways to have a "cost" for an authentication request, eg. adding a simple sleep(1sec). Change-Id: I2d47d54a2d83568546ffdd2b211337a5f56be3a2	4 years ago
Oleksandr Duts	e58cb2cc39	TT#149456 Admins introduce role_id flag - role_id is taken from billing.acl_roles and written into the billing.admins table when a new admin user is created/updated via UI/API. This is the first step towards the role based admin user handling. Change-Id: I0804379cbbcab174cebbb292397a39cb3ea01a31	4 years ago
Rene Krenn	d786af1591	TT#147151 finish refactoring of avoiding JOIN billing.product follow up on TT#147151 (fast loading/paging/searching panel datatables), which broke restapi tests. Change-Id: I799cb9087b9405c71dec4c690e7a7bab5dfdbdde	4 years ago
Kirill Solomko	8c556bbe36	TT#149459 improve and automate expand functionality * add dictionary support for fields that are expanded if encountered in all endpoints, with a possibility to override it, if defined on the endpoint's field level * move expand definitions from form fields into the Expand dictionary * simplify the expand usage, it now operates only with the <x>_id fields that are returned and visible in the response (e.g. if reseller_id is returned, then ?expand=reseller_id), the returned expand object name is <expand_field_name>_expand the, so in case of ?expand=reseller_id, the returned object will be reseller_id_expand * adapt Role/SystemContacts to work correctly with the expand functionality * expanded fields are returned as <expanded_field_name>_expand Change-Id: I4cab44ede9b40c70a95bbcedc81f58dd1f4e3b67	4 years ago
Rene Krenn	133bd43df4	TT#147151 fast loading/paging/searching panel datatables query refactoring an rowcount clipping for UI datatables that are slow when using millions of subscribers: contacts customers contracts subscribers billing profiles billing networks billing profile packages Change-Id: Ia50e3aa52684772548569b6908f0cbc08395a5a7	4 years ago
Javier Rodriguez	26bccf25d3	TT#146901 adding greet and temp directories into /api/voicemailgreetings for GET method Change-Id: Ib87c8128423416e8542afec500d13ea5dfa6881f	4 years ago
Javier Rodriguez	1b12afb13f	TT#146900 correction for time format via /api/voicemails/ Change-Id: I8f74c24560e1bfc9e7fe77b54d48e26d393e4dc8	4 years ago
Oleksandr Duts	a65d00c3a8	TT#139800 Enable subscriber access to /api/autoattendants/:id * "subscriber" role can now retrieve own autoattendant data. This is needed for the CSC interface. Change-Id: Id10b302205fe458d5793ae8f7bd9201233f9a0d4	4 years ago
Oleksandr Duts	8017805589	TT#124802 GET /api/admins/:id/journal - fixing * Admins with is_system and is_superuser are able to see the items for all roles. * Admin is able to see own journal. Change-Id: I3e5d459b08ff7ef218220f1ae11974351121c489	4 years ago
Rene Krenn	4c47920f2e	TT#132650 run provisioningtemplate from api provisioning templates with their dynamic forms can be executed by a entityitem POST request, ie. POST /api/provicioningtemplates/<reseller>/<template> or POST /api/provisioningtemplates/<readonly template> Change-Id: I77f6c9d42e1afdb49635d3f11e4d73bcf6269605	4 years ago
Kirill Solomko	b199ad3e1e	TT#139550 improve vmnotify behaviour * vmnotify() now accepts cli and uuid arguments * API handling of voicemails is now improved to: - send a notify if the item's INBOX/Old has been changed - correctly process DELETE to send vmnotify after the item's removal Change-Id: Ic00ae825cf091bce273e55aa37cd0a7ac80d8b0f	4 years ago
Kirill Solomko	da4278daa3	TT#145300 Adjust domains reseller_id handling * domains do not use billing.domain_resellers table anymore but instead the new domains.reseller_id field. That is to remove the unneeded many<>many relation through the additional table where the actual logic only supports one(reseller) to many(domains) relation Change-Id: I1b681543baf1901f19e10c2f6210e4cf6eeb8fbe	4 years ago
Flaviu Mates	9bb622a2bc	TT#117153 Improve /api/cfmappings performance * switch to 'populate' instead of using 'insert' for each destinations, sources, times, bnumbers, mappings and CF preferences * add API->check_patch_op_add_only - to check if the patch contains only "add" operations * improve /api/cfmappings, if all PATCH operations are "add" then the existing records are not fetched and not recreated, enabling very new mapping inserts Change-Id: I0b4e71565c11771026dbbc000aa57b2a613409fa	4 years ago
Rene Krenn	b6e696621b	TT#132650 /api/provisioning_templates CRUD rail the /api/provisionintemplates rail provides the operations to create, edit and delete "provisioning templates" know from the "batch provisioning" feature of admin panel. these templates can also be defined in config.yml, while it is however only possible to edit templates stored in the database. executing a template and/or uploading a .csv for bulk execution will be available in a separate part. Change-Id: If8627327270edfce5bca1be3b1f777c1bd44e90f	4 years ago
Kirill Solomko	535c38cd93	TT#133800 fix webpassword, change subadmin expose password * webpassword is not correctly removed based on length, and remain visible when in plain-text or empty (unset) * config->security->password_(sip\|web)_expose_subadmin now only affects subscribers under the same customer that are not this subscriber admin Change-Id: I329e0f1ad97dd513a33e3652ed03b4a43a95ed04	4 years ago
Kirill Solomko	992c9f1e48	TT#129162 Admins fix password field transformation * password field is virtual and needs to be transformed into saltedpass, restored the removed logic that does that in process_form_resource() Change-Id: I8baabbef2bdb46db850e12b6e0c638ca5c3deddf	4 years ago
Kirill Solomko	cc10506b2e	TT#129162 fix subscriber webpassword field validation * 'webpassword' field is now also validated for invalid (non-ascii) characters * Fix multiple APP input field validation erros to comma joined. * Adjust 'webpassword' field validation errors to have better readability when there are multiple validation errors Change-Id: I21536f97a4da78cc5192a3abd8cd5adef1b819ec	4 years ago
Kirill Solomko	3ef167575c	TT#133901 fix administrative flag for subscriberadmin * 'administrative' field is read only for susbcriberadmin role and that caused it to be removed from the final update 'resource', setting it to 0 if not existed. now the 'administrative' field is only changed in the database if it's defined in the 'resource'. Change-Id: I50738a77052c2163b19b2a42293c7a00e2780bc3	4 years ago
Kirill Solomko	c50b49db96	TT#133800 fix password fields behaviour in API * PATCH: password fields are not removed when resource is created for apply_patch(), they are removed under the same condititions later when hal is generated, that is to ensure that admin users without the 'show_passwords' flag as well as subscribers will not run into situation when they use PATCH and cannot apply it for "path": "/password" or/and "path": "/webpassword", as they were removed before apply_patch() * rework encrypted webpassword detection. webpasword is detected as encrypted if its length is 54 or 56 and it contains at least one '$' char, there is a chance for false positive detection when a user provides with a plain-text password with the same pattern but it's very unlikely, as well as since mr8.5 webpasswords are expected to be encrypted, and moreover worth case scenario is that the plain-text password will not be returned to the user Change-Id: I8ea739cbf728b2134f3ce00cee29da42ab3fb4a3	4 years ago
Kirill Solomko	2b144caf2c	TT#128605 implement dynamic fields expand * add API functionality to request additional data and expand fields in GET methods * syntax: - /api/resource/?expand=all - expands all expandable fields e.g.: customer_id field is expanded and customer internally is queried and returned under "customer" => {...} (the returned data is identical to what /api/customers/id would return) - /api/resource/?expand=reseller_id,customer_id - expands only reseller_id and customer_id fields, if they are expandable - /api/resource/?expand=reseller_id,invalidfield_id - returns the data and expands only fields that are expandable (reseller_id in this case) but if it finds either unknown fields or non-expandable fields, changes HTTP status code to "409 Conflict" * adapt all API endpoints to support dynamic expand fields expanding functionality, however the actual expand for them requires modifying the form fields in the following format: has_field 'contact_id' => ( element_attr => { expand => { class => 'NGCP::Panel::Role::API::CustomerContacts', id_field => 'contact_id', alias => 'contact', fetch => 0, }, }, ); - class - represents the class that should be used by the logic to fetch the relevant data - id_field - which field from the resource needs to be expanded, it should be the "id" field (subscriber_id, domain_id, etc.) - alias - (optional), under which key the fetched data is stored. the field name is used as the key if the option is omitted. - fetch - (optional), if the returned data is under $data->{contract_id} then it will be fetched from there and stored under the key (field name or alias), otherwise the whole retreived data is stored under the key (field name or alias) * adapt /api/autoattendants to use the new approach (old one was expand=1) * currently supported endpoints with expand: - admins - autoattendants - domains - customers - customercontacts - resellers - subscribers Change-Id: Iac53409dad944ed4794039a48dc3a9f6dce25bc1	4 years ago
Kirill Solomko	1cdae0b1e0	TT#125902 add Login CSC v2 support * Login CSC v2 button is shown on the subscriber's master data page if www_admin.http_csc.csc_js_enable == 1 or 2 * When the login is triggered an auth token is generated internally followed by a redirect to CSC as /?a=auth_token * move generate_auth_token() into Utils/Auth * improve generate_auth_token() arguments support * add /api/authtokens error handling Change-Id: Idd65400bf8ce6ce48979c736f6a199fb567ffaa4	4 years ago
Kirill Solomko	1dfdad0a8f	TT#130450 use uuid in /api/cfdestinationsets /api/cfmappings * unify the logic and use uuid in /api/cfdestinationsets and /api/cfmappings if the subscriber's primary number is empty Change-Id: Ibdb7e2a2bcd33165be5ec1d92c4f1df24f59405a	4 years ago
Rene Krenn	325903c14d	TT#121500 fix missing mos_data in /api/callists Change-Id: I4e958dd6ec05042c6ee18bbd7ed7186792a6be50	4 years ago
Flaviu Mates	9b422ddabf	TT#126601 Implement /api/authtokens endpoint * the endpoint will receive "type" (expires\|onetime) and "expires" (positive integer representing seconds) * type will define the expiray method for the token; onetime: the token expires as soon as it's used, or after "expires" seconds if not used expires: the token can be used multiple times until it expires according to the "expires" param value * login_jwt endpoint for generating the JWT token for subscribers has been enhanced to accept the "token" param, containing the token generated using the /api/authtokens endpoint * admin_login_jwt endpoint for generating the JWT token for admins has been enhanced to accept the "token" param, containing the token generated using the /api/authtokens endpoint * login_jwt and amin_login_jwt will respond with 403 "Forbidden" if the token role stored in Redis does not match the role of the user that generated it * /api/authtokens is hidden from documentation for now Change-Id: I4eb76c2b08f2e24774fa84ba0ccf7412ce8670e8	4 years ago
Kirill Solomko	d3566d0aa8	TT#127805 remove temp transcoded files * temp files created for transcoding operations are now correctly removed Change-Id: Ie95fccd2ed2a533060e4abc2fa3593c9f951225a	4 years ago
Flaviu Mates	f4cb6933b4	TT#119550 Allow subscribers to manage their registrations * give access to subscribers roles to see, create and update own registrations * subscriberadmins can manage all registrations of subscribers under same customer Change-Id: I643121da901b0ed99fc718106a1632da4e1e1936	4 years ago
Flaviu Mates	35d9c3598a	TT#122001 Allow subscribers to access /api/subscriberprofiles * subscribers are now allowed to fetch their own subscriber profile, they can't modify them Change-Id: Iabf1244020d0f453257993cf24d4c9036a125397	4 years ago
Flaviu Mates	e66a8689ac	TT#119900 Expose slots id in /api/autoattendants Change-Id: I613eca8309cd4f446ca957d6a944cd7e21d87bfb	4 years ago
Flaviu Mates	232cf704c0	TT#119200 Expose subscriber object on /api/autoattendants * implement support for 'expand' param which, when used with the api call, will modify the response to contain the subscriber object Change-Id: Id25dc0bb258bc777d698e043ea8ddc785e12f68a	4 years ago
Flaviu Mates	67ca4d5a00	TT#114703 Use config flags password_(sip\|web)_expose_subadmin in api Change-Id: I289a3683c09c098d52c1ddb5a489c8c2093f9c99	4 years ago
Rene Krenn	a916bd3c4f	TT#116703 prevent entering duplicate alias numbers Change-Id: I3d35f87738bb6d73f62b300e487a113b45223ad1	4 years ago
Flaviu Mates	221572d606	TT#113767 Fix 500 error on /api/customerpreferences * ccare role was ommited because of a typo when fetching the result set for customer preferences; changing ccareadmin to ccare in the reseller condition fixes the issue Change-Id: Id387953901295b772c6d57e9a925cff85847ad68	4 years ago
Flaviu Mates	bbc5468fa2	TT#108854 Implement /api/userinfo endpoint * it will return user's username, role and a structure where information about the user's permitted operations on all api endpoints and permitted operations on the fields of that entity can be found Change-Id: I11d2f5b60d24ca7b70ffc6dcf8ea94f9a3a221d1	4 years ago
Flaviu Mates	8bc9a3974c	TT#108162 Reseller branding primary and secondary colors * add color pickers and store the hex code of the colors inside the branding table in panel UI * implement /api/resellerbrandings endpoint, where all things related to reseller branding can be managed; the branding logo will still be retrieved using /api/resellerrandinglogos Change-Id: Ib7ed364811acf67ffd62252d9799a0af8b91e9bc	4 years ago
Rene Krenn	645231c274	TT#109402 fix PATCHing fraud notification status Change-Id: I04dcef51641102314cfc034222e6696c69f110e8	4 years ago
Rene Krenn	00f0614ef9	TT#107051 fix PATCH /billingprofiles/x - peaktimes Change-Id: I3d074976f15618d84cfd8ee4694a0fd4250fe091	4 years ago
Flaviu Mates	b79d68e865	TT#104760 Fix non-master admin privileges managing in API * Forbid non-master admin to change own is_master, read_only, and is_acitve flags; we have this logic in old UI already in place Change-Id: I81ab266d942e32dfb560ba488e9fd471ebc923f4	5 years ago
Rene Krenn	8238204682	TT#105100 fix update case for webpasswd db encrytion Change-Id: I91de91430434edef744c6b3791749ea81053d1cb	5 years ago
Flaviu Mates	233be55b9f	TT#104174 Add last_secret_key_modify readonly field on /api/mailtofaxsettings Change-Id: I7ebd3b46e0c7e1cbce34e921d0703bcbbdd9f42d	5 years ago
Flaviu Mates	551c8b39f9	TT#103401 Allow subscriber access to /api/mailtofaxsettings/{id} * Add subscriber roles to MailToFaxSettingsItem and allow them to only access their settings * Don't return the 'active' field on subsciber requests; instead, return 403 if mail2fax is not active Change-Id: I773df0c21fcba29f9e7b5172160178ff99482964	5 years ago

1 2 3 4 5 ...

705 Commits (03271187c71cd5297d8a9c2f3520074c84d5a582)