* LI admins wil only be visible to the is_system
administrator.
* It's not possible for an andmin to be both ccare
and LI at the same time
* LI admins can only read/modify themselves
* Non-system admins cannot create/read/modify LI admins
Change-Id: I7b2189a87a5433d270380393d8e5ffec0283d9e5
* new c.users.role 'lintercept', that set to when an admin user has
enabled 'lawful_intercept' flag
* only Administrator page /api/admins and /api/interceptions are available for
the role
* 'lintercept' role can only see own user and only change password
and email
Change-Id: Iadcb022a124afbd77b224e734026f380af0170e8
* Allow ccareadmin access to reseller ajax;
it is needed when ccareadmins create a
customer contact
Change-Id: I5fff19ed8b19cfa3d1118a574455e136aa240236
This reverts commit ec674132df.
Reason for revert: Feature was partially backported and lawful intercept admins were deleted from databse. Feature needs redesign.
Change-Id: I500e66f3bd3b4a0c29fa05e1113568d3776eacf9
* LI Admins are no longer visible in NGCP Panel;
they will be managed via config.yml; creation,
deletion, email update ar all handled when
adding/removing/updating a LI admin in config.yml
* LI Admins can only change their password and
email via Panel UI and API
Change-Id: Idec849e52962b2d5c4cb2a4365cf8c90414c0431
* Introduce endopint '/resetpassword' for asking for
password reset using admin username
* Create form for introducing username
* Create url with unique token pointing to '/recoverpassword'
where admin user can introduce new password and email
said url to admin's email address
* Create form for setting new password
* Store username and unique token in Redis expiring
in 5 minutes to store password reset attempt
and identify it when user accesses url in email
* Limit admin access to be able to only change own password
due to new password reset possibility as requested in
TT#76110
Change-Id: Ie3acb961444398afa5b2fdc85e3ca8ceccf9244a
* there is a catch when changing the admin password;
first of all, according to TT#76110 only own admin
users can change the password via PUT/PATCH;
secondly, inside the code, for PATCH to work we need
a dummy 'password' key on the old resource which has
been set to the saltedpass; when updating the admin,
if the password is still equal to saltedpass, no change
is made to the password
Change-Id: I423ebe13988c58b527db65d666f09b73a483422d
* Remove headers, menu, site title and footer if
parameter 'framed' is sent
* Persist 'framed' in the session once it's sent
and only restore header/footer once 'framed' is
sent again with the value 0
Change-Id: Ie1dcc698b901ea3c659a05391ffcdc882113ef13
- persist prov tmeplates in the database: create, update
and permanently remove them again.
- prov templates from config.yml are still supported,
but cannot be edited though. the templates from
config.yml are merged with those from the db.
- each reseller can have their own prov templates,
while the prov templates from config.yml are visible
to all.
- YAML syntax highlighting and parse check when saving.
Scripting language (perl/javascript) is currently parsed
when executing a provisioning templates only. It is
possible to further extend the parsing checks.
- the prov template "name" + reseller is the unique
identifier. relevant also for the command line tool.
Change-Id: I58d7c54fa82fe512b263b3219bfc84d7e49c56a8
* add admin_jwt realm
* admin JWT tokens are now used to access all non /api
content
Change-Id: I711d6419f0b624b02b53876a8c9171ab638b5d09
(cherry picked from commit dc4d9ec84b5b1199f17631e9e1f9a39ab1996807)
* Utils::Admin was renamed to Utils::Auth in
the commit that introduced support for
bcrypted subscribers webpasswords
Change-Id: I61a90bb135f218e9a0854e9ccdda9e83ffd4ba83
* Change the way webpassword is handled accross
NGCP Panel UI/API to comply with new password
encryption
* At login, if password is not encrypted with
high cost due to the ngcp-bcrypt-webpassword
script, encrypt it with proper cost
* Accept old password format as well until all
webpasswords are encrypted
Change-Id: Iefa9584a62ab4b7d2a224d10bdd415e9cbb8dfb5
* /admin_login_jwt now returns a JWT token for admin
users and also the JWT token is supported in the
authorization process for the admin requests
Change-Id: I987640d46bd8a339a959a6b2efb65b6dce06bf8c
* Deleting or diasbling a peering server was leaving
the peer_probe value in kamailio htable which was
falsely identifying peering server as up when it
was actually down
* Sending htable.delete peer_probe whenever deleting,
disabling or disabling 'probe' for a peering server
fixes the issue
Change-Id: Ie54fd4bd00391a0cc02544d8d7b55108240c74e8
complete the renaming of "sub rowlock_contract" into
"sub acquire_contract_rowlocks" to distinguish it from
"sub recursevly_lock_contract" (which is related to set
the subscriber lock level, not db row write locks)
Change-Id: I287ee611e20c71a90121007511c3781359968bd2
acquire the billing.contract row lock *before* any
unordered billing.voip_numbers rowlocks by
sub manage_subscriber_numbers().
- "deadlock" waittimeout errors will cease when
creating subscribers concurrently via api
- max_subscribers, is_pilot and other per-contract
constraints will be respected accurately
Change-Id: I73bb7525b327bbb09217b790be9c14cc65ddebcc
* A new endpoint is now available that will
return subscriber's preferences and also
the preferences that the subscriber inherits
from its domain
Change-Id: Iaa29fbe57d520f79ac7051dc8fd151d26df41384
* Default to 1 if no 'enabled' param is sent
* Send mapping's 'enabled' value to UI Form
to stop defaulting to 1 when trying to edit
Change-Id: Iec22f878bd87999c85a0cc99eabcda68fd7f2985
* Add check wether recording stream actually
exists, to prevent throwing error in case
there's a DB entry for the stream, but no
actual file is saved
Change-Id: Ibd051496f570f05ca7067dcaa9f2f9e85e5d84d6
* Introduce posibility to provision header rules,
conditions and actions at the same time
using only the /api/headerrules endpoint;
also rules can be modified with PUT/PATCH on
/api/headerrules
Change-Id: I5ef9a85b4bf0f28693d22603cc74f269ea483983
* Introduce posibility to provision rule sets,
rules, condition and actions at the same time
using only the /api/headerrulesets endpoint;
also rules can be modified with PUT/PATCH on
/api/headerrulesets
Change-Id: I8c054f72a2632d45fec76166774521f8c22aea05
The kamailio lcr.reload RPC command was executed before the gateway
were actually removed from the DB.
The execution has been moved afterwards.
Change-Id: I5c514744cf49a4a32f2a8f08dc8f2a45c0b3c87a
The value is taken from the kamailio location table and
it is useful to know which is the device with highest
proiority.
Change-Id: I978c7d8da48a84fa537c941e486016881fc03afb
* Change datepicker to datetimepicker
to be able to select time as well
* datetimepicker is now available only
for call lists since this is where
a more thorough filtering is needed
in case the limit of 1000 entries is
passed
Change-Id: I48107fa8f7c4d4ee9b40044c8ae5f7842e35c2a5
* Check if there's a terminated reseller with
the same name and update that reseller's
name to be of "old_<reseller_id>_<name>"
format then create new reseller with that
name
* Applies to both regular creation and default
values creation
* Added same checks to API too
Change-Id: If997cf3716341c5c78bc6879ddea53f7b502c305
* Change sql 'or' which was still in use
when filtering with customer_id to
'union_all' which changes order of
status from enum to alphabetical so
it's now consistent to what happens
when filtering with subscriber_id
Change-Id: I82eea0059d6b414e1148b16d47d4c189a3f43238
* Controller/Domain missed privileges for
ccareadmin/ccare roles
* Fix ccareadmin role typo in customer templates
preventing "Create Susbcriber" button to show up for the role
Change-Id: I05bb520912ad0f1f49a0097d7443081d40aa7426
when there are other subscribers
* Deleting the pilot subscriber and then editing
other subscribers would result in error, as
details from the pilot are needed
* Added code to makde the deletion of the PBX
pilot subscriber impossible if there are
other subscribers
Change-Id: I46da3e0e3726a8b9e3811fd879869988aa01adff
* If a device id is assigned to a field device line, populate the
device_id field for this line to be used in config templates.
* Handle assigned alias id of deviceid_number_id in /api/pbxdevices,
if any.
Change-Id: I455c4cb6e7d96a21977094e9af97ae91bd29fb92
* Add check for provisioning subscriber
webusername so the API trhows the correct
error when encountering a duplicate
* This implementation relies on the DBIx
error to keep the database integrity
Change-Id: Ica3e2673cead28759ad25f5edb3f7ca0f32e1c1e
* Ajax request failed when vouchers was
not set in ngcp_panel.conf under features
because it redirected to denied_page;
moved redirect to topup_voucher method
in Customer.pm because it doesn't work
on ajax requests
* Also hide the top up voucher button if
voucher option is not set under features
in ngcp_panel.conf
Change-Id: I888ac46e9634d75163241cdb4b59b00a2ca08b2f
* ccareadmin and ccare roles have full access to
Customers, Subscribers and their preferences/settings,
and read-only access to BillingProfiles,InvoceTemplates,
EmailTemplates
* ccare role is restricted to the related reseller
Change-Id: I6cf7d3adf912f0fa98d1ef5c02abea2f4331ec4b
* The timeout was defaulting to 300 for
any call forward besides URI. Removing
a sepcific validation for this case fixed
the issue
Change-Id: I2658d77cee08567047c40fb2b3711f5870b49d25
* /api/customerfraudevents now support cdr_period_costs
* add PATCH support to be able to change notify_status and notified_at
* item id is now compound from contract_id,period,period_date
* now all locked contracts are returned (was only for current
day/month before)
* interval query param is not mandatory anymore and multiple
entries per contract can be returned
Change-Id: I9faa911d260f3e3cd386fb1470663a82edb2850c
If a device needs the CA cert to bootstrap, then provide the full
chain of certificates for proper validation.
Change-Id: I62eb0adfa3fba8c558ac244f1cc10189de94ec64
ALE terminals request config.$mac.xml, also strip them in the
bootstrap phase to determine the $mac.
Change-Id: I1a34ce5b0f0ffa4fd5f819b276344bff43a53d64
adds gdpr obfuscation quoting for:
+ subscriber numbers
+ subscriber ip addresses
+ subscriber usernames
+ any logmessage "DATA": query parameters, form data, response data
+ subscriber uuid's
+ call id's
+ callforward sip uri's
the quoting is centralized by $c->qs() ("quote sensitive"), using
catalyst plugin mechanism.
escape symbols are set to « (\x{ab}) and » (\x{bb}).
generate_logfile_data_inventory.pl was modified to mark loglines
with "gdpr affected" status, if $c->qs() was used in a log message.
Change-Id: I0f42d7992594232ae33e5666b0a64009211c5b76
* Add validation when retrieving callflow
domains from config. This prevents the
panel from crashing when features like
pbx are not enabled
Change-Id: Ibe459c7c877d9fdcbc941dcd92e3708b5a1d9b1f
* There is now a PATCH method for soundfiles so
their details can be updated without uploading
a new file
Change-Id: I96e7b453b9830c40d24c15f5ca364021373dfdee
* subscriber_only UI header rule set is now
automatically created only when a first rule
is created and removed with the last rule
Change-Id: I7c0be5a3e89e050e97441c4baaf355769db9867b
* Adapt code to retrieve file type from header,
not only to expect WAV, and convert it to WAV internally
* Add support for multipart/form-data requests for CSC platform
Change-Id: I12dca611a23c90801b1faae269a55b9fcc895244
And also fix description for Location creation form
All Customer controller fix implemented a little out of common way to handle customer detatils forms
Forms on customer details page use common code on the bottom of the customer/details.tt. Phonebook forms use helpers/datatables forms related code. It allows to avoid stashed "description" parameter, that is totally related to View (template) and generates correct name for the edit form.
Change-Id: I2a16d6861cd2d847f68bd02245058c9a4535a0a9
The is_devid and devid_alias were not properly saved and re-loaded
in edit, nor was their status shown in the master data.
Change-Id: If3403b5baa6135b4171e7b523aaa56de0fc5cb10
* Change find_or_create to find_or_new to insert new record
only when a POST is issued and form is validated
Change-Id: I31149c50f543747468230355b7f97d8f02fb47e8
* UI: subscriber Preferences" page now contains
a new "Header Manipulations" tab that enables
setting header manipulation rules per subscriber.
They are applied in the following order:
- domain header rule set is applied (if defined)
- subscriber header rules are applied (if defined)
An internal header rule set is now created per subscriber
automatically, if used from the UI
* API: /api/headerrulesets now supports "subsriber_id",
when a whole collection is fetched without ?subscriber_id
only records where subscriber_id = NULL are returned
by default
* fix "read only" UI elements representation in the datable
for header rule sets, rules, conditions, actions
Change-Id: I3e80d1899c577055f3603e80bb3a13d70c5b22cf
* header manipulations related endpoints are now
rendered with the datatables and support pagination,
and search
Change-Id: I264d2c55ec97199714159bbc2d1d3181e23880fb
Flaviu Mates
Kirill Solomko
Marco Capetta
Rene Krenn
Andreas Granig
Guillem Jover
Irina Peshinskaya