* timezone names are converted to their links, and if a link
is found (means that the current name is deprecated), it's
validated and stored as the link.
Change-Id: I6348659178400a96eaadd70f79b792c4fa25d7d4
When calling a PATCH or PUT API on a peering group or
outbound rule the reload of the kamailio lcr module was
triggered before the update of the database, thus the
kamailio status was not updated.
Change-Id: I59ed863c85219e62d6f5b5a2af80db8ef952844c
* clear_audio_cache is now invoked also from:
- when a sound file is added (to reflect use_parent/potential child
sets)
- when a parent is changed for a sound set (to reflect current
and potential child sets)
- when a sound set is removed (to reflect potential child sets)
* clear_audio_cache() is reworked
- clear_audio_cache() now calls virtual_child_sound_sets to
fetch all potentially affected child sound sets and also
clears audio cache for them. if the amount of fetched
sound_sets is greater than 10000 then the the whole audio
cache is invalidated
* _clear_audio_cache_service() is reworked
- supports/expects a list of sound sets and sends them
as a string with ':' separator
- if both sound handle and sound sets are provided it calls
clearFiles (so that only the specific sound handle is cleared)
- if only sound sets are provided it calls clearSets (so that
all of the cached files beloning to the sets are removed)
- if none of the above are provided it calls clearAll to invalidate
the whole cache
Change-Id: Ie85f208e27183e88665803b93bb16d7de8e3d7ac
* subscriberadmin can only delete items that belong to the same
contract_id, otherwise 'read-only' forbidden error is returned
Change-Id: I3ef2716039626bc1b208a5c7af06cf87f69cad73
* uses prefix 'me.' for query types search_eq and search_like
in the where condition to avoid ambiguity if the search_rs
has joins that with the same column names
Change-Id: I90fef80970aa4415480b00bbed2fb9fbee1f1ccc
* API now has own GroupAPI form with the correct fields for API
* db/form field name conversion is moved to the newly added
resource_from_item() and process_form_resource() functions
* simplify code for GET/POST/PUT/PATCH operations
Change-Id: I99b76801a2894c8a4821513186796627db728189
* /api/soundsets new parent_name field
* /api/soundfiles now allow POST to be done without the upload,
for cases when an empty record needs to be added to define
"use_parent" behaviour
* improve sems audio cache clear on sound files change, now
sems instances that are not available (not running/request timeout)
are skipped instead of raising an error
Change-Id: I83af2ee2fd3672ab35cf330464ace68416ab52be
a 500 error results when specifying the RewriteRule
"description" filter because of ambigous field names.
Change-Id: I9c0a9f6c84ec62fca4c77ce904fb07c4dadef13b
* subscriber role can now GET call forward sets that
does not belong to the user but used in call forwards
assigned to the user
* the user can only GET the sets but cannot update/delete them
(403 Forbidden is raised in case of attempt)
Change-Id: I391b802d962f4bbeae991e3046ac3f132a19edb6
* add described query_params 'subscriber_id', 'reseller_id' so they are
avaialable on the doc
* remove search by param from Role::ResellerBrandingLogos::_item_rs()
* fix Role::ResellerBrandingLogos::_item_rs() queries
* Controller::API::ResellerBrandingLogos*
- now always returns the binary data containing the logo and with
the Content-Type header
- change NOT_FOUND message to indicate that the ResellerBrandingLogo
is either not found or does not have image/image_type
* do not log response queries
* fix allowed_role to be: admin, reseller, subsscriberadmin
Change-Id: Iaadb47fb2d72886a8d9244a523d5914500a4dd20
* when customer_id query param is specified as customer_id=null
or customer_id=NULL it now correctly fetches soundsets that
do not have customer_id assigned to them
Change-Id: I8de3d9615c133c2abd3eb2b5f4fea8de5b652417
we were sending this command:
> host:deactivate('NGCP::Panel::Model::DB::domains=HASH(0x55955564e6c8)')
Change-Id: I63271b05ee12d0ff3767b5d9376aec22352cb4d5
* ccare roles now have read-only access to profile packages, this
is needed for working with a customer
* enable expand for ccareadmin and ccare roles for the following:
- contact_id
- profile_id
- profile_set_id
- package_before_id
- package_after_id
* add expand support for admin,reseller,ccareadmin,ccare roles
- profile_package_id
- invoice_email_template_id
- passreset_email_template_id
- invoice_template_id
Change-Id: I926304363048e659af67d596dce93be29b3e67af
* "Header Manipulations" UI is now hidden for CE
* /api/headerrulesets is now hidden for CE
* /api/headerrules is now hidden for CE
* /api/headerruleconditions is now hidden for CE
* /api/headerruleactions is now hidden for CE
Change-Id: I717b9d3cdf693f01e32f81086b69aafce4f3113a
* templates now rely on c.config.general.ngcp_type and hide
the Phonebook feature everywhere if ngcp_type is CE
* introduce "allowed_ngcp_types" config for Controller::API::*
that is an array, and when specified, only the ngcp_type
roles are allowed, otherwise if not specified all ngcp types
allowed (default)
* Controller::API::Root:
- filter controllers from the documentation rendedring
that have allowed_ngcp_type config
specified and do not match the current ngcp type
* Role::API Role::Entities*
- new method check_allowed_ngcp_types()
- check_allowed_ngcp_types() is now called in Entities and
EntitiesItem auto() and denies to 404 Path not found if
the ngcp type does not match
* "Phonebook" UI is now hidden for CE
* /api/phonebookentries is now hidden for CE
Change-Id: I41d4b2f87121f281472be3775b862333923fe37f
* session->rpc is not in use anymore and had $parts there which
was a leftover from the inew billing cleanup and moving $session
into the Controller/API/SMS
Change-Id: I6d9612cd3f3cbc57fe1b7df6584ad779dca64288
SMS prepaid billing using libinewrate is not supported anymore
* remove init_prepaid_billing, perform_prepaid_billing,
cancel_prepaid_billing functions
* /api/sms POST is now self sufficient and use $session
internally and does not call *_prepaid_billing functions,
nor rely on them
Change-Id: I483f27ce82c7e0a039ce1f3f44c24bd9db75dfec
* customer_id filter is now possible, which behaves the same as the
existing contract_id. This is to add consistency as filtering by
customer_id is available in other endpoints
Change-Id: I1577d06133f9629c363940a4e8d2fb8012336e21
* rtcengine related logic and apps is now removed
* remove /api/rtcapps endpoint
* remove /api/rtcnetworks endpoint
* remove rtcengine relations from resellers such as
enable_rtc flags
* remove rtcengine related API tests
* remove rtcengine and comx related libraries
* remove csc webphone ui app
* remove webrtc related selenium tests
* remove rtcengine flags from /api/capabilities
Change-Id: I83a4b0457fac2e0df23d267f8dbc82841dfb3001
* the password reset via API now uses webusername instead of
wrongly used username to fetch the subscriber
Change-Id: Ib2ed042382963f13d73619acd48a588f3874c25b
for deployments that expose panel/csc via a proxy,
the auto-generated base url printed in emails can
be unreachable. we therefore introduce the option
to explicitly specify a base url to use.
it will support an sprintf pattern with individual
params for eg.:
- protocol scheme
- domain part
- port
- base url path
Change-Id: I6a9ca23126c669d249ef7f3e092cae0161235ebe
* Contract default sound set - subscriber propagation for cases:
- New customer sound set is created as default.
- Customer sound set is changed to default.
- New subscriber creation - setting contract default sound set id.
* The mentioned cases were implemented for both UI and API.
Change-Id: Ia4733c972ae388d3457d0336e3f85b85eec6e9a2
* 'location' field is now optional, if not filled it it will always
default to an empty string instead of null. This is required for the
new mode 'forward' that has no use for this field. If the field
is empty in any other mode like 'add' or 'replace', the entry
will be skiped by the logic.
Change-Id: Ia964c3bb272c9772c51b836ac2418ee4cd7b7f42
* Fetch recording_metakeys caller/callee for the certain record id(call).
* Add caller/callee fields to the resource and form.
* Frefetching recording_metakeys for the call recording.
Change-Id: I767ea32e19edfd7cbbc74956200343f680fdb2b4
this fix addresses regression reported by dominik:
* $resource{_password}/{_webpassword} cannot be set before the
form validation as they are effectively removed by it,
causing /api/susbcribers returning no passwords at
all for 'subscriber' roles
* Having them after the patch makes no sense either as next
resource_from_item call will effectively remove them again (in PATCH)
(cherry picked from commit 5e9066c4fb)
Change-Id: I88c9ec40843f1e9a6983952b96c0b0e70fbb1bb1
* An attempt to change own role, login, flags
(except for can_reset_password) now returns
403 Forbidden, User cannot modify own permissions
* POST checks if the admin has necessarry permissions
to create another admin
* PUT/PATCH changing own role is now forbidden
* PUT/PATCH changing other's admin role now checks permissions
* DELETE checks role permissions
Change-Id: I990609985ae9cab6213cf47f5f5c8afba2efdda3
This reverts commit 5e9066c4fb.
This implementation breaks:
* $resource{_password}/{_webpassword} cannot be set before the
form validation as they are effectively removed by it,
causing /api/susbcribers returning no passwords at
all for 'subscriber' roles
* Having them after the patch makes no sense either as next
resource_from_item call will effectively remove them again (in PATCH)
Change-Id: I0e8389e8ab34ad72f1b87a684daba77f1030f8ba
* admin users with is_master = 0, cannot see other admin users
(this includes system users) and brings the is_master flag
to the common behaviour
* ccareadmin, ccare users can now access te UI Admins page
as well as /api/admins but they are limited to see/manage
only themselves
* admin users cannot see system users (UI/API)
* reseller users cannot see system/admin users (UI/API)
* admin users cannot modify their own role and flags except for:
email, password, can_reset_password (UI/API)
* UI edit form now does not render fields that are not meant to be
modified by a user (exception: "login")
Change-Id: I82e1946437fd2ec4651abd24074470c695a40582
- Optional "role" parameter is added for POST PUT PATCH.
If "role" is provided then the passed flags are ignored and are applied internally by the server according to the provided role.
If "role" is not provided then the former flags based approach is applied.
Change-Id: Ib6e591ff6dc50122e0ec49a348153ca820fc2e03
a multitude of issues popped after introducing bcrypted
webpasswords in the database. most recently the PATCH /api/susbcribers
rail was reported to reset the webpassword unintentionally.
subscriber login fails afterwards, which is a severe issue.
the bugs are adressed by this refactorings. the change also
introduces a global variable
$NGCP::Panel::Utils::Auth::ENCRYPT_SUBSCRIBER_WEBPASSWORDS
to control encrypting webpasswords. it is still enabled as of now,
but it's worth to consider disabling it. there other ways to have
a "cost" for an authentication request, eg. adding a simple
sleep(1sec).
Change-Id: I2d47d54a2d83568546ffdd2b211337a5f56be3a2
- role_id is taken from billing.acl_roles and written into the billing.admins table when a new admin user is created/updated via UI/API. This is the first step towards the role based admin user handling.
Change-Id: I0804379cbbcab174cebbb292397a39cb3ea01a31
follow up on TT#147151 (fast loading/paging/searching panel
datatables), which broke restapi tests.
Change-Id: I799cb9087b9405c71dec4c690e7a7bab5dfdbdde
* decode utf8 on multipart/form-data request
since we encode the json for this content
type, and the fax body gets double encoded
and ends up wrong
Change-Id: I50d10879e5fe1ba99141e76d311641fcd5d568a1
* "subscriber" role can now retrieve own autoattendant data. This is needed for the CSC interface.
Change-Id: Id10b302205fe458d5793ae8f7bd9201233f9a0d4
* Admins with is_system and is_superuser are able to see the items for all roles.
* Admin is able to see own journal.
Change-Id: I3e5d459b08ff7ef218220f1ae11974351121c489
the POST /api/provicioningtemplates/<reseller>/<template>
request will accept text/csv content type to provision
many susbcribers at once.
Change-Id: I59079ba8f2bacc0ce2b1367d2bd1a7251cf4763c
provisioning templates with their dynamic forms
can be executed by a entityitem POST request, ie.
POST /api/provicioningtemplates/<reseller>/<template>
or
POST /api/provisioningtemplates/<readonly template>
Change-Id: I77f6c9d42e1afdb49635d3f11e4d73bcf6269605
* vmnotify() now accepts cli and uuid arguments
* API handling of voicemails is now improved to:
- send a notify if the item's INBOX/Old has been changed
- correctly process DELETE to send vmnotify after the
item's removal
Change-Id: Ic00ae825cf091bce273e55aa37cd0a7ac80d8b0f
* domains do not use billing.domain_resellers table anymore
but instead the new domains.reseller_id field. That is
to remove the unneeded many<>many relation through the
additional table where the actual logic only supports
one(reseller) to many(domains) relation
Change-Id: I1b681543baf1901f19e10c2f6210e4cf6eeb8fbe
* switch to 'populate' instead of using
'insert' for each destinations, sources,
times, bnumbers, mappings and CF preferences
* add API->check_patch_op_add_only - to check if
the patch contains only "add" operations
* improve /api/cfmappings, if all PATCH operations
are "add" then the existing records are not
fetched and not recreated, enabling very new mapping
inserts
Change-Id: I0b4e71565c11771026dbbc000aa57b2a613409fa
the /api/provisionintemplates rail provides the
operations to create, edit and delete "provisioning
templates" know from the "batch provisioning" feature
of admin panel.
these templates can also be defined in config.yml,
while it is however only possible to edit templates
stored in the database.
executing a template and/or uploading a .csv for bulk
execution will be available in a separate part.
Change-Id: If8627327270edfce5bca1be3b1f777c1bd44e90f
Throw descriptive error for attempt to create Customer with Template
that does not belong to Contact’s Reseller. Cover the case when the
Template belongs to System Contact (with no Reseller).
Error example:
'subscriber_email_template_id' with value '1' does not belong to
Reseller '1' that is assigned to Customer's Contact '1'
Change-Id: Iffcef0339afc4490ecba81d4667cbb9225766af4
* webpassword field was unconditionally deleted
in API GET and DELETE methods, it now relies
on resource_from_item for the common approach
Change-Id: I703158fd2022b49a49470db28cb22f37e613f841
* PATCH: password fields are not removed when
resource is created for apply_patch(), they
are removed under the same condititions later
when hal is generated, that is to ensure that
admin users without the 'show_passwords' flag
as well as subscribers will not run into situation
when they use PATCH and cannot apply it for
"path": "/password" or/and "path": "/webpassword",
as they were removed before apply_patch()
* rework encrypted webpassword detection.
webpasword is detected as encrypted if its length
is 54 or 56 and it contains at least one '$' char,
there is a chance for false positive detection when
a user provides with a plain-text password with the
same pattern but it's very unlikely, as well as
since mr8.5 webpasswords are expected to be encrypted,
and moreover worth case scenario is that the
plain-text password will not be returned to the user
Change-Id: I8ea739cbf728b2134f3ce00cee29da42ab3fb4a3
* Login CSC v2 button is shown on the subscriber's master
data page if www_admin.http_csc.csc_js_enable == 1 or 2
* When the login is triggered an auth token
is generated internally followed by a redirect to
CSC as /?a=auth_token
* move generate_auth_token() into Utils/Auth
* improve generate_auth_token() arguments support
* add /api/authtokens error handling
Change-Id: Idd65400bf8ce6ce48979c736f6a199fb567ffaa4
* the endpoint will receive "type" (expires|onetime)
and "expires" (positive integer representing seconds)
* type will define the expiray method for the token;
onetime: the token expires as soon as it's used, or
after "expires" seconds if not used
expires: the token can be used multiple times until
it expires according to the "expires" param value
* login_jwt endpoint for generating the JWT token for
subscribers has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* admin_login_jwt endpoint for generating the JWT token
for admins has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* login_jwt and amin_login_jwt will respond with 403
"Forbidden" if the token role stored in Redis does
not match the role of the user that generated it
* /api/authtokens is hidden from documentation for now
Change-Id: I4eb76c2b08f2e24774fa84ba0ccf7412ce8670e8
* sip_lcr_reload is now called after "commit" in all API endpoints,
to correctly reflect updated DB changes. It was correct in
/api/peeringrules POST but not correct in DELETE, as well as
also not correct in /api/peeringservers and /api/peeringgroups
* sip_domain_reload does not check if the domain is successfully
reload in kamailio proxy as is logic is redundant, it fails
however if domain reload XMLRPC request failed on any available
proxy servers. Another reason is by default tcp_conn_wq_max
in kamailio-proxy is 32KB by default and that causes an impact
when domain.dump XMLRPC is used on very large domain sets (600+),
as well as sip_domain_reload has improved performance with the removed
XMLRPC domain.dump body parsing.
Change-Id: I17c5718198b06b1ce78b2654f3d7c3bd2830f60b
* xmlrpc lcr.reload request is now sent after the transaction
is committed, otherwise the reload operation is performed without
the newly added changes in the peering rules
Change-Id: I728605a8d277b00d02a3f864c84f172306f7b090
* /api/platforminfo does not have its own endpoint file
and therefore, does not appear in the rendered documentation.
it only supports GET method and renders the template file.
the endpoint is designed to provide with the prerendered JSON
data containing the current platform configuration.
* /api/platforminfo supports both authenticated and anonymous
requests, where based on that, the template provides with
the corresponding info withing the current scope.
Change-Id: Idc8138595eda2c14e7f8dc7ed97cc50039fd1adc
* the new filter params works as follows:
* if start_time is provided, recordings
with start time greater than provided value
are displayed
* if end_time is provided, recordings
with end time less than provided value
are displayed
Change-Id: Ie9cfb88141506581e2b724d4502b88091f9c7a02
* give access to subscribers roles to see,
create and update own registrations
* subscriberadmins can manage all registrations
of subscribers under same customer
Change-Id: I643121da901b0ed99fc718106a1632da4e1e1936
* it's now possible to filter reselelers by their status
(active, terminated), the default return of all resellers
has not changed.
Change-Id: I6e1f2b6745ac6c3c4a012fe261ee5db810084be3
* PeeringRules.pm is back to the old model for
consistency and to be backward compatible
* it contains the duplicate check fix
Change-Id: I2253f0e740bea7115efb7d1f072ec73498f20040
* PeeeringRules.pm now uses the Entities approach
for fine transaction control that fixes the POST operations
Change-Id: Ieb666d3009393404e04171966adc0912f55a8a4f
* change 'call' to 'me.call' to avoid ambigous
usage in SQL query, since 'call' is a column
in other joined tables
Change-Id: I3fb52aa7c42687b6be377e51f50779dd92f61ebe
* Add handling of mysql duplicate billingprofile errors
for reseller_id-handle and reseller_id-name combinations
Change-Id: Ife81d723f4208202311ca8cf3c3a12e7bf4827a2
* it will return user's username, role
and a structure where information about
the user's permitted operations on all
api endpoints and permitted operations
on the fields of that entity can be found
Change-Id: I11d2f5b60d24ca7b70ffc6dcf8ea94f9a3a221d1
* add color pickers and store the hex code of the colors
inside the branding table in panel UI
* implement /api/resellerbrandings endpoint, where all things
related to reseller branding can be managed; the branding
logo will still be retrieved using /api/resellerrandinglogos
Change-Id: Ib7ed364811acf67ffd62252d9799a0af8b91e9bc
* Add subscriber roles to MailToFaxSettingsItem
and allow them to only access their settings
* Don't return the 'active' field on subsciber
requests; instead, return 403 if mail2fax is
not active
Change-Id: I773df0c21fcba29f9e7b5172160178ff99482964
Kirill Solomko
Marco Capetta
Rene Krenn
Victor Seva
Oleksandr Duts
Michael Prokop
Flaviu Mates
Victor Tsvetov
Alexander Lutay