* add recursive expand support, so it's possbile now to do
nested expands as "expand=contract.reseller".
* comma separated fields support is preserved and with the enhanced
expand "expand=contract.reseller,customer.billing_profile" it enables
expanding "contract" with nested "reseller", as well as
"customer" with nested "billing_profile".
Change-Id: Ie82f5118dc13e57a0397566295644452f29bccde
* "subscriber" role can now retrieve own autoattendant data. This is needed for the CSC interface.
Change-Id: Id10b302205fe458d5793ae8f7bd9201233f9a0d4
* Admins with is_system and is_superuser are able to see the items for all roles.
* Admin is able to see own journal.
Change-Id: I3e5d459b08ff7ef218220f1ae11974351121c489
provisioning templates with their dynamic forms
can be executed by a entityitem POST request, ie.
POST /api/provicioningtemplates/<reseller>/<template>
or
POST /api/provisioningtemplates/<readonly template>
Change-Id: I77f6c9d42e1afdb49635d3f11e4d73bcf6269605
* vmnotify() now accepts cli and uuid arguments
* API handling of voicemails is now improved to:
- send a notify if the item's INBOX/Old has been changed
- correctly process DELETE to send vmnotify after the
item's removal
Change-Id: Ic00ae825cf091bce273e55aa37cd0a7ac80d8b0f
* non-existing hal resource key was used in the debugging string
causing the item operations, such as PATCH to produce 500 error
Change-Id: I9e53dcf8b4b21385b9b1b877d87319023222f620
* domains do not use billing.domain_resellers table anymore
but instead the new domains.reseller_id field. That is
to remove the unneeded many<>many relation through the
additional table where the actual logic only supports
one(reseller) to many(domains) relation
Change-Id: I1b681543baf1901f19e10c2f6210e4cf6eeb8fbe
* switch to 'populate' instead of using
'insert' for each destinations, sources,
times, bnumbers, mappings and CF preferences
* add API->check_patch_op_add_only - to check if
the patch contains only "add" operations
* improve /api/cfmappings, if all PATCH operations
are "add" then the existing records are not
fetched and not recreated, enabling very new mapping
inserts
Change-Id: I0b4e71565c11771026dbbc000aa57b2a613409fa
the /api/provisionintemplates rail provides the
operations to create, edit and delete "provisioning
templates" know from the "batch provisioning" feature
of admin panel.
these templates can also be defined in config.yml,
while it is however only possible to edit templates
stored in the database.
executing a template and/or uploading a .csv for bulk
execution will be available in a separate part.
Change-Id: If8627327270edfce5bca1be3b1f777c1bd44e90f
* webpassword is not correctly removed based
on length, and remain visible when in plain-text
or empty (unset)
* config->security->password_(sip|web)_expose_subadmin
now only affects subscribers under the same customer
that are not this subscriber admin
Change-Id: I329e0f1ad97dd513a33e3652ed03b4a43a95ed04
* password field is virtual and needs to be transformed
into saltedpass, restored the removed logic that does that
in process_form_resource()
Change-Id: I8baabbef2bdb46db850e12b6e0c638ca5c3deddf
* 'webpassword' field is now also validated for invalid
(non-ascii) characters
* Fix multiple APP input field validation erros to comma joined.
* Adjust 'webpassword' field validation errors to have better
readability when there are multiple validation errors
Change-Id: I21536f97a4da78cc5192a3abd8cd5adef1b819ec
* 'administrative' field is read only for susbcriberadmin
role and that caused it to be removed from the final
update 'resource', setting it to 0 if not existed.
now the 'administrative' field is only changed in the database
if it's defined in the 'resource'.
Change-Id: I50738a77052c2163b19b2a42293c7a00e2780bc3
* PATCH: password fields are not removed when
resource is created for apply_patch(), they
are removed under the same condititions later
when hal is generated, that is to ensure that
admin users without the 'show_passwords' flag
as well as subscribers will not run into situation
when they use PATCH and cannot apply it for
"path": "/password" or/and "path": "/webpassword",
as they were removed before apply_patch()
* rework encrypted webpassword detection.
webpasword is detected as encrypted if its length
is 54 or 56 and it contains at least one '$' char,
there is a chance for false positive detection when
a user provides with a plain-text password with the
same pattern but it's very unlikely, as well as
since mr8.5 webpasswords are expected to be encrypted,
and moreover worth case scenario is that the
plain-text password will not be returned to the user
Change-Id: I8ea739cbf728b2134f3ce00cee29da42ab3fb4a3
* add API functionality to request additional data
and expand fields in GET methods
* syntax:
- /api/resource/?expand=all - expands all expandable fields
e.g.: customer_id field is expanded and customer internally
is queried and returned under "customer" => {...}
(the returned data is identical to what /api/customers/id
would return)
- /api/resource/?expand=reseller_id,customer_id - expands
only reseller_id and customer_id fields, if they are expandable
- /api/resource/?expand=reseller_id,invalidfield_id -
returns the data and expands only fields that are expandable
(reseller_id in this case) but if it finds either unknown
fields or non-expandable fields, changes HTTP status code
to "409 Conflict"
* adapt all API endpoints to support dynamic expand fields expanding
functionality, however the actual expand for them requires modifying
the form fields in the following format:
has_field 'contact_id' => (
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::CustomerContacts',
id_field => 'contact_id',
alias => 'contact',
fetch => 0,
},
},
);
- class - represents the class that should be used by the logic
to fetch the relevant data
- id_field - which field from the resource needs to be expanded,
it should be the "id" field (subscriber_id, domain_id, etc.)
- alias - (optional), under which key the fetched data is stored.
the field name is used as the key if the option is omitted.
- fetch - (optional), if the returned data is under
$data->{contract_id} then it will be fetched from there and
stored under the key (field name or alias), otherwise the whole
retreived data is stored under the key (field name or alias)
* adapt /api/autoattendants to use the new approach (old one was expand=1)
* currently supported endpoints with expand:
- admins
- autoattendants
- domains
- customers
- customercontacts
- resellers
- subscribers
Change-Id: Iac53409dad944ed4794039a48dc3a9f6dce25bc1
* Login CSC v2 button is shown on the subscriber's master
data page if www_admin.http_csc.csc_js_enable == 1 or 2
* When the login is triggered an auth token
is generated internally followed by a redirect to
CSC as /?a=auth_token
* move generate_auth_token() into Utils/Auth
* improve generate_auth_token() arguments support
* add /api/authtokens error handling
Change-Id: Idd65400bf8ce6ce48979c736f6a199fb567ffaa4
* unify the logic and use uuid in /api/cfdestinationsets and
/api/cfmappings if the subscriber's primary number is empty
Change-Id: Ibdb7e2a2bcd33165be5ec1d92c4f1df24f59405a
* the endpoint will receive "type" (expires|onetime)
and "expires" (positive integer representing seconds)
* type will define the expiray method for the token;
onetime: the token expires as soon as it's used, or
after "expires" seconds if not used
expires: the token can be used multiple times until
it expires according to the "expires" param value
* login_jwt endpoint for generating the JWT token for
subscribers has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* admin_login_jwt endpoint for generating the JWT token
for admins has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* login_jwt and amin_login_jwt will respond with 403
"Forbidden" if the token role stored in Redis does
not match the role of the user that generated it
* /api/authtokens is hidden from documentation for now
Change-Id: I4eb76c2b08f2e24774fa84ba0ccf7412ce8670e8
* give access to subscribers roles to see,
create and update own registrations
* subscriberadmins can manage all registrations
of subscribers under same customer
Change-Id: I643121da901b0ed99fc718106a1632da4e1e1936
* implement support for 'expand' param which,
when used with the api call, will modify
the response to contain the subscriber object
Change-Id: Id25dc0bb258bc777d698e043ea8ddc785e12f68a
- a validate logic is added for 'page' and 'rows'
query parameters and if either of them equals 0
then 400 Bad Request error is returned
Change-Id: Ida850c5d942e51a6328f5df01b8e28d55c32cc56
* ccare role was ommited because of a typo
when fetching the result set for customer
preferences; changing ccareadmin to ccare
in the reseller condition fixes the issue
Change-Id: Id387953901295b772c6d57e9a925cff85847ad68
* it will return user's username, role
and a structure where information about
the user's permitted operations on all
api endpoints and permitted operations
on the fields of that entity can be found
Change-Id: I11d2f5b60d24ca7b70ffc6dcf8ea94f9a3a221d1
* add color pickers and store the hex code of the colors
inside the branding table in panel UI
* implement /api/resellerbrandings endpoint, where all things
related to reseller branding can be managed; the branding
logo will still be retrieved using /api/resellerrandinglogos
Change-Id: Ib7ed364811acf67ffd62252d9799a0af8b91e9bc
* Forbid non-master admin to change own is_master,
read_only, and is_acitve flags; we have this logic
in old UI already in place
Change-Id: I81ab266d942e32dfb560ba488e9fd471ebc923f4
* Add subscriber roles to MailToFaxSettingsItem
and allow them to only access their settings
* Don't return the 'active' field on subsciber
requests; instead, return 403 if mail2fax is
not active
Change-Id: I773df0c21fcba29f9e7b5172160178ff99482964
* create /api/resellerbrandinglogos/ endpoint
which will return the reseller's branding logo
* the endpoint can be used directly with /{reseller_id}
or with /?subscriber_id={subscriber_id} to get
the logo of subscriber's customer contact reseller
Change-Id: I5db19e208ae21cf7c685d46aa77b5032c26554de
* Due to DB unique name constraint, enpoint was
returning 500 on duplicate source sets
* Proper 422 is now returned
Change-Id: I883fbe71aa77364645467941206ea6b272523c03
* Limit subscriber's extension to a predefined
customer extension range preference (both AP and api)
Change-Id: I0b6ac5c24b3838f07cc561e7ee6b7cfabe69385e
* When a customer is terminated all != terminated
subscribers are set to terminated using the common
Utils::Subscriber::terminate() call, so it's on
par when each subscriber is selectively terminated.
Change-Id: I77394804194ecdb352560047cc8d5b26e3eabc53
*Introduce pagination in redis scanning; previously
all the registrations where dumped in an array and
then spliced by page/rows; this was causing huge
loading time for big redis DB's hence the timeout
Change-Id: I1409c48b520d8d860cd8c11aea1a543286aa0334
suppress executing "ul.flush" kamailio xmlrpc after
"ul.add" or "ul.rm", as it seems to be another source of timeouts.
Change-Id: I8faf907c4cbfd6adbe3e3645f5c32069df2eb999
* The new endpoint will only accept POSTs
* The request body should have two parameters
called 'new_password' and 'token'
* First, look for the token in redis (for admins),
if not found, look for it in DB (for subscribers),
if neither is found, return
Change-Id: I4163a0d5bd886961317b21aeca20c8ccfdeab0dd
* The new endpoint will only accept POSTs
* The request body should have two parameters
called 'type', 'username' and 'domain'
* 'type' will accept either 'administrator',
in which case only 'username' is needed,
or 'subscriber', in which case 'username'
and 'domain' will be needed
* The regular password reset email will be sent
to either the admin or the subscriber
Change-Id: If1457c8c625a95295e5e93b6637927e3905698d9
* the GET request will show whether an admin
has or has not a certificate
* the DELETE request will remove an admin's
certificate
Change-Id: I2b233a76a4436a4d3a95749410e74aabd9fca531
* Admin with lawful intercept will no longer be able
to have any flags besides 'is_active', 'read_only',
'can_reset_password'
* Remove reseller filter on interceptions since LI
admins should see all interceptions
* Add permissions to /api/admincerts and reseller ajax
for LI admins
Change-Id: Id912424b9bbd3ab3cbbc373ac116fda035f81fd3
* The resource was not having the rewriterules before
patching the json, because they were added only at
the end in the hal resource
Change-Id: I43decadb95b6cf06828969b968c61a4b87062fb6
if there are no more *enabled* CFT left after editing
callforwards (simple/advanced), the ringtimeout has to
be removed.
Change-Id: Idc450b410a3822d787f32229a06d5c1f1438e632
* LI admins wil only be visible to the is_system
administrator.
* It's not possible for an andmin to be both ccare
and LI at the same time
* LI admins can only read/modify themselves
* Non-system admins cannot create/read/modify LI admins
Change-Id: I7b2189a87a5433d270380393d8e5ffec0283d9e5
* new c.users.role 'lintercept', that set to when an admin user has
enabled 'lawful_intercept' flag
* only Administrator page /api/admins and /api/interceptions are available for
the role
* 'lintercept' role can only see own user and only change password
and email
Change-Id: Iadcb022a124afbd77b224e734026f380af0170e8
This reverts commit ec674132df.
Reason for revert: Feature was partially backported and lawful intercept admins were deleted from databse. Feature needs redesign.
Change-Id: I500e66f3bd3b4a0c29fa05e1113568d3776eacf9
* LI Admins are no longer visible in NGCP Panel;
they will be managed via config.yml; creation,
deletion, email update ar all handled when
adding/removing/updating a LI admin in config.yml
* LI Admins can only change their password and
email via Panel UI and API
Change-Id: Idec849e52962b2d5c4cb2a4365cf8c90414c0431
* Introduce endopint '/resetpassword' for asking for
password reset using admin username
* Create form for introducing username
* Create url with unique token pointing to '/recoverpassword'
where admin user can introduce new password and email
said url to admin's email address
* Create form for setting new password
* Store username and unique token in Redis expiring
in 5 minutes to store password reset attempt
and identify it when user accesses url in email
* Limit admin access to be able to only change own password
due to new password reset possibility as requested in
TT#76110
Change-Id: Ie3acb961444398afa5b2fdc85e3ca8ceccf9244a
* there is a catch when changing the admin password;
first of all, according to TT#76110 only own admin
users can change the password via PUT/PATCH;
secondly, inside the code, for PATCH to work we need
a dummy 'password' key on the old resource which has
been set to the saltedpass; when updating the admin,
if the password is still equal to saltedpass, no change
is made to the password
Change-Id: I423ebe13988c58b527db65d666f09b73a483422d
* Introduce posibility to provision source sets,
time sets, b number sets and destination sets
in the same request with defining cf mappings
which include advanced cf setting with multiple
cf rules.
Change-Id: I9d2865c3fbdac0651a287b926a3fb0e190fca814
* Change the way webpassword is handled accross
NGCP Panel UI/API to comply with new password
encryption
* At login, if password is not encrypted with
high cost due to the ngcp-bcrypt-webpassword
script, encrypt it with proper cost
* Accept old password format as well until all
webpasswords are encrypted
Change-Id: Iefa9584a62ab4b7d2a224d10bdd415e9cbb8dfb5
OWNER_VAT_SETTINGS = 1: apply the callist "owner's" VAT settings
(VAT rate and Add VAT Y/N) for each CDR displayed.
OWNER_VAT_SETTINGS = 0: apply the CDR's source/destination
account's VAT settings for each CDR individually.
Change-Id: I08cc88afeb0a0c7cc5592b9542dc9da25bb86286
acquire the billing.contract row lock *before* any
unordered billing.voip_numbers rowlocks by
sub manage_subscriber_numbers().
- "deadlock" waittimeout errors will cease when
creating subscribers concurrently via api
- max_subscribers, is_pilot and other per-contract
constraints will be respected accurately
Change-Id: I73bb7525b327bbb09217b790be9c14cc65ddebcc
* A new endpoint is now available that will
return subscriber's preferences and also
the preferences that the subscriber inherits
from its domain
Change-Id: Iaa29fbe57d520f79ac7051dc8fd151d26df41384
- prevent unneccesary redis "scan"s
- avoid filter/scan (iterating all registrations) by properly
un-aliasing filednames
- ignore any registration of subs that no longer exists
- apply the fixes for ->search(), but also ->find()
Change-Id: I32c89482fc06e76b0369034cd8f3eda24ebbe1bf
* Default to 1 if no 'enabled' param is sent
* Send mapping's 'enabled' value to UI Form
to stop defaulting to 1 when trying to edit
Change-Id: Iec22f878bd87999c85a0cc99eabcda68fd7f2985
* Introduce posibility to provision header rules,
conditions and actions at the same time
using only the /api/headerrules endpoint;
also rules can be modified with PUT/PATCH on
/api/headerrules
Change-Id: I5ef9a85b4bf0f28693d22603cc74f269ea483983
* Introduce posibility to provision source sets,
time sets, b number sets and destination sets
in the same request with defining call forwards.
Change-Id: I8dd426bcf50a605e257af5e62ca404884bfe9c0d
* Introduce posibility to provision rule sets,
rules, condition and actions at the same time
using only the /api/headerrulesets endpoint;
also rules can be modified with PUT/PATCH on
/api/headerrulesets
Change-Id: I8c054f72a2632d45fec76166774521f8c22aea05
* DBIx could not resolve the relation 'rwr_set'
when post processing hal resource because,
if not 'rwr_set_id', parameter is sent, the
field is not set in the DB
* Add error message when sending 'rwr_dp' param
with no 'rwr_set_id' which was causing error
as well
Change-Id: I90c2d5314b9e8a5389cc606bb0be72533614f8d5
* Only allow to assign domains for subscribers
from the same reseller as subscriber's customer
* Change Subscribers.yaml test to retrieve a
domain for testing from the same reseller
as subscriber's customer
Change-Id: I6c7cc7a9874207cfcd63360a6f87e2fd6841011c
* Removed restriction that would cause an error
when trying to get/delete a bannedusers entry
that had a different format than 'user@domain.com'
Change-Id: Ie3a5fa80b888d97bf4a34a8ad9a65514699ef77e
* Added 'received' field in subscriberregistrations
form. Also if it's present in the 'path' field,
it is now fetched from there.
Change-Id: I187ea2a0494b067088e08243488321cb0140ea61
* If a device id is assigned to a field device line, populate the
device_id field for this line to be used in config templates.
* Handle assigned alias id of deviceid_number_id in /api/pbxdevices,
if any.
Change-Id: I455c4cb6e7d96a21977094e9af97ae91bd29fb92
* ccareadmin and ccare roles have full access to
Customers, Subscribers and their preferences/settings,
and read-only access to BillingProfiles,InvoceTemplates,
EmailTemplates
* ccare role is restricted to the related reseller
Change-Id: I6cf7d3adf912f0fa98d1ef5c02abea2f4331ec4b
Javier Rodriguez
Kirill Solomko
Oleksandr Duts
Rene Krenn
Flaviu Mates
Guillem Jover
Andreas Granig
Marco Capetta