ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Rene Krenn	5e9066c4fb	TT#151751 refactor persisting subscriber webpassword a multitude of issues popped after introducing bcrypted webpasswords in the database. most recently the PATCH /api/susbcribers rail was reported to reset the webpassword unintentionally. subscriber login fails afterwards, which is a severe issue. the bugs are adressed by this refactorings. the change also introduces a global variable $NGCP::Panel::Utils::Auth::ENCRYPT_SUBSCRIBER_WEBPASSWORDS to control encrypting webpasswords. it is still enabled as of now, but it's worth to consider disabling it. there other ways to have a "cost" for an authentication request, eg. adding a simple sleep(1sec). Change-Id: I2d47d54a2d83568546ffdd2b211337a5f56be3a2	3 years ago
Oleksandr Duts	e58cb2cc39	TT#149456 Admins introduce role_id flag - role_id is taken from billing.acl_roles and written into the billing.admins table when a new admin user is created/updated via UI/API. This is the first step towards the role based admin user handling. Change-Id: I0804379cbbcab174cebbb292397a39cb3ea01a31	3 years ago
Rene Krenn	d786af1591	TT#147151 finish refactoring of avoiding JOIN billing.product follow up on TT#147151 (fast loading/paging/searching panel datatables), which broke restapi tests. Change-Id: I799cb9087b9405c71dec4c690e7a7bab5dfdbdde	4 years ago
Flaviu Mates	fe09f80224	TT#86652 Fix utf8 fax body encoding * decode utf8 on multipart/form-data request since we encode the json for this content type, and the fax body gets double encoded and ends up wrong Change-Id: I50d10879e5fe1ba99141e76d311641fcd5d568a1	4 years ago
Oleksandr Duts	a65d00c3a8	TT#139800 Enable subscriber access to /api/autoattendants/:id * "subscriber" role can now retrieve own autoattendant data. This is needed for the CSC interface. Change-Id: Id10b302205fe458d5793ae8f7bd9201233f9a0d4	4 years ago
Oleksandr Duts	e058a15958	TT#139351 enable DELETE method in /api/invoicetemplates/:id Change-Id: I3be4c4cee36d459da03b883f38d2b6442dbc304b	4 years ago
Oleksandr Duts	8017805589	TT#124802 GET /api/admins/:id/journal - fixing * Admins with is_system and is_superuser are able to see the items for all roles. * Admin is able to see own journal. Change-Id: I3e5d459b08ff7ef218220f1ae11974351121c489	4 years ago
Rene Krenn	e73dd3ea27	TT#132650 api .csv upload for provisioningtemplates the POST /api/provicioningtemplates/<reseller>/<template> request will accept text/csv content type to provision many susbcribers at once. Change-Id: I59079ba8f2bacc0ce2b1367d2bd1a7251cf4763c	4 years ago
Kirill Solomko	e4cfb19a38	TT#139550 fix vmnotify play/delete * fix vmnotify play from the UI regression * fix vmnotify DELETE API method * fix vmnotify DELETE UI method Change-Id: Id1224eb425c75be9325b707311ed3d0ac82ef2b7	4 years ago
Rene Krenn	4c47920f2e	TT#132650 run provisioningtemplate from api provisioning templates with their dynamic forms can be executed by a entityitem POST request, ie. POST /api/provicioningtemplates/<reseller>/<template> or POST /api/provisioningtemplates/<readonly template> Change-Id: I77f6c9d42e1afdb49635d3f11e4d73bcf6269605	4 years ago
Kirill Solomko	b199ad3e1e	TT#139550 improve vmnotify behaviour * vmnotify() now accepts cli and uuid arguments * API handling of voicemails is now improved to: - send a notify if the item's INBOX/Old has been changed - correctly process DELETE to send vmnotify after the item's removal Change-Id: Ic00ae825cf091bce273e55aa37cd0a7ac80d8b0f	4 years ago
Kirill Solomko	da4278daa3	TT#145300 Adjust domains reseller_id handling * domains do not use billing.domain_resellers table anymore but instead the new domains.reseller_id field. That is to remove the unneeded many<>many relation through the additional table where the actual logic only supports one(reseller) to many(domains) relation Change-Id: I1b681543baf1901f19e10c2f6210e4cf6eeb8fbe	4 years ago
Flaviu Mates	9bb622a2bc	TT#117153 Improve /api/cfmappings performance * switch to 'populate' instead of using 'insert' for each destinations, sources, times, bnumbers, mappings and CF preferences * add API->check_patch_op_add_only - to check if the patch contains only "add" operations * improve /api/cfmappings, if all PATCH operations are "add" then the existing records are not fetched and not recreated, enabling very new mapping inserts Change-Id: I0b4e71565c11771026dbbc000aa57b2a613409fa	4 years ago
Rene Krenn	b6e696621b	TT#132650 /api/provisioning_templates CRUD rail the /api/provisionintemplates rail provides the operations to create, edit and delete "provisioning templates" know from the "batch provisioning" feature of admin panel. these templates can also be defined in config.yml, while it is however only possible to edit templates stored in the database. executing a template and/or uploading a .csv for bulk execution will be available in a separate part. Change-Id: If8627327270edfce5bca1be3b1f777c1bd44e90f	4 years ago
Victor Tsvetov	3cb71e4ceb	TT#130456 API Customers POST: show error if system template Throw descriptive error for attempt to create Customer with Template that does not belong to Contact’s Reseller. Cover the case when the Template belongs to System Contact (with no Reseller). Error example: 'subscriber_email_template_id' with value '1' does not belong to Reseller '1' that is assigned to Customer's Contact '1' Change-Id: Iffcef0339afc4490ecba81d4667cbb9225766af4	4 years ago
Kirill Solomko	02f3f6b3a1	TT#133800 fix webpassword field removal * webpassword field was unconditionally deleted in API GET and DELETE methods, it now relies on resource_from_item for the common approach Change-Id: I703158fd2022b49a49470db28cb22f37e613f841	4 years ago
Kirill Solomko	c50b49db96	TT#133800 fix password fields behaviour in API * PATCH: password fields are not removed when resource is created for apply_patch(), they are removed under the same condititions later when hal is generated, that is to ensure that admin users without the 'show_passwords' flag as well as subscribers will not run into situation when they use PATCH and cannot apply it for "path": "/password" or/and "path": "/webpassword", as they were removed before apply_patch() * rework encrypted webpassword detection. webpasword is detected as encrypted if its length is 54 or 56 and it contains at least one '$' char, there is a chance for false positive detection when a user provides with a plain-text password with the same pattern but it's very unlikely, as well as since mr8.5 webpasswords are expected to be encrypted, and moreover worth case scenario is that the plain-text password will not be returned to the user Change-Id: I8ea739cbf728b2134f3ce00cee29da42ab3fb4a3	4 years ago
Flaviu Mates	b4bc1f2a71	TT#133053 Fix 500 error on /api/authtokens * fix typo 'users' to 'user' and 'role' to 'roles' which were causing the Internal Server Error Change-Id: I3cabadafe34d66a429038dcd2c5b0de797cc6ef1	4 years ago
Kirill Solomko	1cdae0b1e0	TT#125902 add Login CSC v2 support * Login CSC v2 button is shown on the subscriber's master data page if www_admin.http_csc.csc_js_enable == 1 or 2 * When the login is triggered an auth token is generated internally followed by a redirect to CSC as /?a=auth_token * move generate_auth_token() into Utils/Auth * improve generate_auth_token() arguments support * add /api/authtokens error handling Change-Id: Idd65400bf8ce6ce48979c736f6a199fb567ffaa4	4 years ago
Flaviu Mates	9b422ddabf	TT#126601 Implement /api/authtokens endpoint * the endpoint will receive "type" (expires\|onetime) and "expires" (positive integer representing seconds) * type will define the expiray method for the token; onetime: the token expires as soon as it's used, or after "expires" seconds if not used expires: the token can be used multiple times until it expires according to the "expires" param value * login_jwt endpoint for generating the JWT token for subscribers has been enhanced to accept the "token" param, containing the token generated using the /api/authtokens endpoint * admin_login_jwt endpoint for generating the JWT token for admins has been enhanced to accept the "token" param, containing the token generated using the /api/authtokens endpoint * login_jwt and amin_login_jwt will respond with 403 "Forbidden" if the token role stored in Redis does not match the role of the user that generated it * /api/authtokens is hidden from documentation for now Change-Id: I4eb76c2b08f2e24774fa84ba0ccf7412ce8670e8	4 years ago
Flaviu Mates	c1752e7e82	TT#128552 Add filtering by name for /api/billingprofiles Change-Id: I8b62b4b7ad4aec3d0538fb84a3b73e451fcb1db1	4 years ago
Kirill Solomko	d17c4be4a5	TT#121250 improve sip_lcr_reload and sip_domain_reload * sip_lcr_reload is now called after "commit" in all API endpoints, to correctly reflect updated DB changes. It was correct in /api/peeringrules POST but not correct in DELETE, as well as also not correct in /api/peeringservers and /api/peeringgroups * sip_domain_reload does not check if the domain is successfully reload in kamailio proxy as is logic is redundant, it fails however if domain reload XMLRPC request failed on any available proxy servers. Another reason is by default tcp_conn_wq_max in kamailio-proxy is 32KB by default and that causes an impact when domain.dump XMLRPC is used on very large domain sets (600+), as well as sip_domain_reload has improved performance with the removed XMLRPC domain.dump body parsing. Change-Id: I17c5718198b06b1ce78b2654f3d7c3bd2830f60b	4 years ago
Flaviu Mates	a840fc5224	TT#125850 Add filtering by 'type' for /api/contracts Change-Id: Ibc1f1fe4558472523d949cdea30815a08637e138	4 years ago
Kirill Solomko	102e494708	TT#121250 /api/peeringrules fix lcr.reload * xmlrpc lcr.reload request is now sent after the transaction is committed, otherwise the reload operation is performed without the newly added changes in the peering rules Change-Id: I728605a8d277b00d02a3f864c84f172306f7b090	4 years ago
Kirill Solomko	85c7d7c071	TT#123550 add /api/platforminfo virtual endpoint * /api/platforminfo does not have its own endpoint file and therefore, does not appear in the rendered documentation. it only supports GET method and renders the template file. the endpoint is designed to provide with the prerendered JSON data containing the current platform configuration. * /api/platforminfo supports both authenticated and anonymous requests, where based on that, the template provides with the corresponding info withing the current scope. Change-Id: Idc8138595eda2c14e7f8dc7ed97cc50039fd1adc	4 years ago
Flaviu Mates	43abaeee4d	TT#119464 Add start_time and end_time filter params to callrecordings * the new filter params works as follows: * if start_time is provided, recordings with start time greater than provided value are displayed * if end_time is provided, recordings with end time less than provided value are displayed Change-Id: Ie9cfb88141506581e2b724d4502b88091f9c7a02	4 years ago
Flaviu Mates	f4cb6933b4	TT#119550 Allow subscribers to manage their registrations * give access to subscribers roles to see, create and update own registrations * subscriberadmins can manage all registrations of subscribers under same customer Change-Id: I643121da901b0ed99fc718106a1632da4e1e1936	4 years ago
Flaviu Mates	35d9c3598a	TT#122001 Allow subscribers to access /api/subscriberprofiles * subscribers are now allowed to fetch their own subscriber profile, they can't modify them Change-Id: Iabf1244020d0f453257993cf24d4c9036a125397	4 years ago
Kirill Solomko	1e06df3fdf	TT#114304 /api/resellers?status support multi values * /api/resellers 'status' query parameter now supports comma separated multi values e.g.: status=active,locked Change-Id: I16b7499079a7ac7b2070910141ba12fada52bbb4	4 years ago
Kirill Solomko	0484c0d15f	TT#114304 add status query param to /api/resellers * it's now possible to filter reselelers by their status (active, terminated), the default return of all resellers has not changed. Change-Id: I6e1f2b6745ac6c3c4a012fe261ee5db810084be3	4 years ago
Kirill Solomko	3e207aa27b	TT#121250 /api/peeringrules use old model * PeeringRules.pm is back to the old model for consistency and to be backward compatible * it contains the duplicate check fix Change-Id: I2253f0e740bea7115efb7d1f072ec73498f20040	4 years ago
Kirill Solomko	ba82a55171	TT#121250 fix /api/peeringrules * PeeeringRules.pm now uses the Entities approach for fine transaction control that fixes the POST operations Change-Id: Ieb666d3009393404e04171966adc0912f55a8a4f	4 years ago
Flaviu Mates	b13e487732	TT#118600 Fix /api/callrecordingstreams filter by recording_id * change 'call' to 'me.call' to avoid ambigous usage in SQL query, since 'call' is a column in other joined tables Change-Id: I3fb52aa7c42687b6be377e51f50779dd92f61ebe	4 years ago
Flaviu Mates	cece861d1e	TT#113513 Handle duplicate billingprofiles in API * Add handling of mysql duplicate billingprofile errors for reseller_id-handle and reseller_id-name combinations Change-Id: Ife81d723f4208202311ca8cf3c3a12e7bf4827a2	4 years ago
Flaviu Mates	bbc5468fa2	TT#108854 Implement /api/userinfo endpoint * it will return user's username, role and a structure where information about the user's permitted operations on all api endpoints and permitted operations on the fields of that entity can be found Change-Id: I11d2f5b60d24ca7b70ffc6dcf8ea94f9a3a221d1	4 years ago
Flaviu Mates	8bc9a3974c	TT#108162 Reseller branding primary and secondary colors * add color pickers and store the hex code of the colors inside the branding table in panel UI * implement /api/resellerbrandings endpoint, where all things related to reseller branding can be managed; the branding logo will still be retrieved using /api/resellerrandinglogos Change-Id: Ib7ed364811acf67ffd62252d9799a0af8b91e9bc	4 years ago
Alexander Lutay	6c86122c37	TT#113251 Create journal 'update' records for 'admins' REST API Change-Id: I6867a3e23e9e9c7e04ebb900e8eaf608f49732da	4 years ago
Flaviu Mates	0d0a2faf90	TT#100761 Allow subscribers to access /api/applyrewrites * Give subscribers permissions to apply rewrites but only for their own subscriber id Change-Id: I6fdb449190169802ba8d3ed71effb41c60b00125	4 years ago
Rene Krenn	92455d8566	TT#107051 enable "add" for PATCH /billingprofiles/x Change-Id: Ifc9e54987eacd5f4b09e15c8866c25e6537619d3	4 years ago
Rene Krenn	00f0614ef9	TT#107051 fix PATCH /billingprofiles/x - peaktimes Change-Id: I3d074976f15618d84cfd8ee4694a0fd4250fe091	4 years ago
Rene Krenn	be92558686	TT#105954 /api/invoices: accept 'application/pdf' type Change-Id: I5b01d2f627a17bdb527de0f92cf14de0d505aa0e	4 years ago
Kirill Solomko	88d91b8349	TT#106003 fix /api/peeringrules transaction control Change-Id: Ic00ad3e4a0f97808ec94b5b36e1b1e909fb00e07	4 years ago
Flaviu Mates	551c8b39f9	TT#103401 Allow subscriber access to /api/mailtofaxsettings/{id} * Add subscriber roles to MailToFaxSettingsItem and allow them to only access their settings * Don't return the 'active' field on subsciber requests; instead, return 403 if mail2fax is not active Change-Id: I773df0c21fcba29f9e7b5172160178ff99482964	4 years ago
Kirill Solomko	35316221bf	TT#101300 /api/subscriberlocationmappings fix search by subscriber_id Change-Id: Ib2bd10d6537bf3267ee17a4fba16b25100748997	4 years ago
Rene Krenn	c2b5602183	TT#103450 enable lintercept role for interceptions PUT/DELETE Change-Id: Ie03a9a7dce7778a580a80a354364dddbd21996f9	4 years ago
Flaviu Mates	c8049ea387	TT#101108 - Fix condition when reseller has no logo Change-Id: I1c6213ae039dce2bba8fc80b4212ce78e2165c92	4 years ago
Flaviu Mates	733f4ac68f	TT#101108 Expose panel branding logo via API * create /api/resellerbrandinglogos/ endpoint which will return the reseller's branding logo * the endpoint can be used directly with /{reseller_id} or with /?subscriber_id={subscriber_id} to get the logo of subscriber's customer contact reseller Change-Id: I5db19e208ae21cf7c685d46aa77b5032c26554de	4 years ago
Flaviu Mates	e03533c8eb	TT#101100 Fix /api/pbxdevices 500 error introduced with TT#96803 * Filtering by subscriber properties introduced a join which confused the use of 'profile_id' for devices Change-Id: I5e8fbdc0a83076b95183dbdb757921c8112e9e00	4 years ago
Flaviu Mates	ded942b740	TT#96502 Introduce duplicate check for /api/cfsourcesets * Due to DB unique name constraint, enpoint was returning 500 on duplicate source sets * Proper 422 is now returned Change-Id: I883fbe71aa77364645467941206ea6b272523c03	5 years ago
Kirill Solomko	96ce7b1143	TT#101300 remove devid_alias field * dbaliases->devid_alias field is no longer in use and available via the UI/API Change-Id: I3ec1a82ef76822595aa37e94ec002d11a0cce58c	5 years ago

1 2 3 4 5 ...

678 Commits (5e9066c4fba8b4e9802a11cb3b4be79702a87100)