In some cases the UI requires to GET information from a specific
reseller or billing profile because needed to show/created other
endpoints (for example 'customers').
Due to that it has been added the possiiblity to do the GET not
only of the list of the resellers and biling profiles, but also
of each specific item.
Change-Id: Iebbbbc494ce71e616d8e41ca20e97bebce7998b8
* the relevant max license checkes are moved from
Controller::API::Subscribers::POST to
Utils::Subscribers::prepare_resource because there we fetch
customer_id from the pilot subscriber in case of pbx subscriberadmin
requests that is neccessary for PBX subscribers max license check.
Change-Id: I2d1c212d73fe5b9295d1595b4fffebeb67b61e5a
* correctly detect and skip password validation when
sip_validatation or web_validation is not enabled respectively
* better detect web password for admin users
* /api/admins PUT/PATCH now also correctly checks last used passwords
Change-Id: I9a6fa9b8e30ae2b81d2852dec0e1f9d858be13ef
* users for admin/subscriber realms are now banned if failed
to login X amount of times (UI/API).
* rework Redis connection and it's now a Catalyst plugin NGCP::Redis
accessed by $c->redis_get_connection({database => 19}), the connection
per database, per worker process is established only once and then
reused (with auto built-in reconnect support).
* remove Utils::Redis.pm as it does not have any code/logic anymore.
* ban values are taken from $config->{security}{login} as
- ban_enable: 1
- ban_expire_time: 3600 ban expire time in seconds
- max_attempts: 5
* if max_attempts set to 0, the ban functionality is disabled as it
requires to be at least 1 to work.
* upon successful login or ban, the failed attempts counter is removed
* the failed attempts counter is also removed automatically with the
expire time equals "ban_expire_time" or otherwise 3600 seconds.
* user bans are logged into panel.log
* banned user receives exactly the same return page/codes as per
invalid logic.
Change-Id: I05cc68c623ee289488fc64f1af50527004dcaae1
* passwords are now validated based on
- minlen
- maxlen
- min lower case chars
- min uppper case chars
- min digits
- min special chars
* Data::Password::zxcvbn is used to calculate
password score and reject passwords with score < 3 as weak
(this library is ported from the Dropbox password validation)
* Add password journals and check last used passwords in the journals
* Improve password generator javascript function to generate a password
with at least 4 of each of the char group types.
* Currently affected are subcriber and admin entry creation or
modification via UI/API
* NGCP::Utils::Auth add optional bcrypt_cost support as last argument
for generate_salted_hash and get_usr_salted_pass
Change-Id: I100c25107d91741d5101bc58d29a3fa558b0b017
* max_subscribers, max_pbx_subscribers, max_pbx_groups license
checks are added for subscriber/group creation in UI/API
* new accessor $c->license_meta that returns meta license
flags hashref
* new accessor $c->license_max_subscribers
* new accessor $c->license_max_pbx_subscribers
* new accessor $c->license_max_pbx_groups
* the new accessors (except license_meta) return -1
instead of 'unlimited' to ease off comprarsion
* 403 Forbidden is returned by the API if a license
is violated.
Change-Id: I3f5a949efc84bf85b76b33404b37b362ec484d5f
* UI and API parts are now under license control
* new Util::License::get_license($c, $name)
- fetches license status by name (1 if enabled, and also if
/proc/ngcp/check if 'ok')
* add Catalyst::Plugins::NGCP::License with license($name)
to fetch valid license by name from anywhere using
$c->license('pbx') or from the templates using c.license('pbx').
It internally uses Util::License::get_license($c, $name)
* License::get_license_status($c) now requires $c as first argument
as well logs license status check errors.
* new ActionRoles::License that enables usage of
:Does(License) RequiresLicense('pbx') LicenseDetachTo('/denied_page')
in the Controller chains
* Add license control for UI elements and return 403 Forbidden
if a resource is covered by licenses and the license is not active
* Hide UI elements if a license is not active
* API/Entities/Entities new $c->set_config key:
- per endpoint:
$c->set_config({
required_licenses => [qw/pbx device_provisioning/]
}
- or per method:
$c->set_config({
required_licenses => {
POST => [qw/pbx device_provisioning/]
}
}
}
* In case if an API endpoint does not have a license:
403 Forbidden "Invalid license" reply is returned.
* Add license based restrictions to API endpoints
* /api documentation:
- completely hide endpoints that do not have an active license
- hide only methods that does not have an active license
Change-Id: Iba45fc5068b02306a617fed7b5405f2210574b61
* new Utils::License::get_license_meta($c) to
fetch license meta ({} by default) that contains license
related metadata such as current and max amount
of subcsribers and license valid until date.
currently the following data is fetched from /proc/ngcp
check
current_calls
current_pbx_groups
current_pbx_subscribers
current_registered_subscribers
current_subscribers
license_valid_until
max_calls
max_pbx_groups
max_pbx_subscribers
max_registered_subscribers
max_subscribers
valid
* Controller::API::Root platforminfo now also returns
license_meta
Change-Id: I323cdfd646335a408e0150ecd69ad950fa0461ab
* NGCP::Utils::License new function get_licenses()
that reads /proc/ngcp/flags/ and returns all files
with content 1.
* api/platforminfo.tt template now calls a stashed
callback (coderef) that decodes provided json file,
includes licenses and returns encoded the json back.
* ngcp-panel.service changes
# Files + directories not directly associated are made
invisible in the /proc/ file system
# ProcSubset=pid
# Disabled: MT#58964, to be able to read /proc/ngcp/flags/
# Processes owned by other users are hidden from /proc/
# ProtectProc=invisible
# Disabled: MT#58964, to be able to read /proc/ngcp/flags/
Change-Id: I84b6707a918e3f4f271e32b9353f320753c5ae68
* customer_id search param now has the same search logic
as the rest as it had before 'null' detection and conversion
=> 'undef' whereas it's not needed anymore because it's now
supported globally. The change also fixes an empty response
issue.
Change-Id: If95de44d16ca2871da72d0ee019850802a3a94dd
* resellers should be able to create/update and delete
NCOS LNP Carrier entries using exising LNP Carriers.
Change-Id: I85d900c194d46af8d888e2f854729a3ca52711fe
* reseller role can use GET on the endpoint because
it is needed for an NCOS Levels (which resellers can create).
Change-Id: Ic793b0d74e767eb9e150a6ae3c67ff9f51c8cf6c
* in general expand collection now performs only 1 sql
query to per expand field to fetch all items by the ids
instead of fetching them for every single collection item,
that should significantly increase performance in case
of large databases and reduce work for the database
* introduce $c->stash->{expand_cache} that contains
cached data for the expand fields to avoid multiple
same calculations
* expand_field() and expand_field_data() have been reworked
to support expand_cache
* new method expand_prepare_collection() is called for all
API GET collection methods before preparing resource hal
fields, to change the expand logic to only cache the data
instead of fetching it from the database
* new method expand_collection_fields() that is called in all
API GET collection methods after the @embedded data is prepared
to finalise the expand collection fields
* for expand collection there is only 1 SQL request per expand field
that fetches all items -in [ids to expand] and then the
expand_collection_fields() uses the cached items_by_ids with
O(1) fetch from the cache by id
Change-Id: Ie7c6115472878febf0d8c9b4d833f5c23b15c78b
* subscriberadmin roles can now handle customer preferences
belonging to the same customer and only those with
expose_to_customer = '1'
Change-Id: Iae9ab5d4a96a065b1a627d180dd523e805d954f3
* subscriberadmin and subscriber can now use /api/mailtofaxsettings
* adapt item_rs query for subscriberadmin and subscriber so that
subscriberadmin can have access to all 'own' subscribers
Change-Id: If8e768c5c06bc4e5f0a6ef9d15e19f542d8b6a4d
* POST /api/subscribers/ invoke lock_provisioning_voip_subscriber()
before underrun_lock(), so that if the subscriber is about
to be locked due to customer balance costs, the
lock_provisioning_lock_subscriber() invocation will not unlock it
back straight after
Change-Id: I55020f844c9aa76df2e2f057a88b2ae7c9ebbfcc
Using API is possibile to edit an existing subscriber and set
status: active and lock: 2.
It is instead impossbile to create a new subscriber with the same
configuration because the 'lock' param is not taken into account.
The only way to properly setup lock level it is to set the status
to 'locked' and this is in fact wrong.
The fix address this issue and allow now to create a new subscriber
with status: active and lock: 2.
Change-Id: Id18e40bc001c5a7de30f5d148231bda93a3b1b3d
* Entites logic is used for GET/POST/PUT/PATCH/DELETE
* Utils::CallForwards::check_destinations() do not obfuscate
destinations that are returned in the response as all
logged data is obfuscated anyways
Change-Id: Ia79f9e236c966410e2640d719c3a7f5784cc4c2a
* /api/cftimesets now fully use Entities/EntitiesItem
* EntitiesItem: delete(): fix delete_item() expression processing
* Entities/EntitiesItem: post/put/patch/delete: go to TX_END
in scenarios where after a method call (e.g. update_item()) there
is a normal return from the function but errors in $c->error, so
that they are also caught correctly
Change-Id: I3bef409ded590796c2bba4f30acd28b02e99065b
* clear errors in Controller::API::Root::end so that they are
not interfere with generated ones
* API::error(): add $c->stash->{is_api_error_response} = 1
to track it in log_response()
* API::log_response(): distinguish and correctly correct errors
for cases when is_api_response == 1 and also when there were
$c->error('error') calls in the code, to log them correctly
in both cases
Change-Id: Id922b8219832c1b99815d9d608309035b9b25cff
* the following changes resolve an issue where $now in Role/Contracts
resource_from_item appeared as an object and failed subsequent
logic:
- hal_from_contract is renamed to hal_from_item to match correctly
the parent method
- call hal_from_item and pass $now string there correctly as $params
{ now => $now }
Change-Id: I5c02d5f7df5d9000550505ad120b9531f87e8d65
* Role/Entities*: POST/PUT/PATCH/DELETE methods changes:
- support deadlock detection and transaction retry
(2 retry attempts at the moment)
- improve transaction control, use local $guard
instead of saving the ref to $c->stash, as in that
case it went out of scope too late and also reported
an error message into the log about abnormal $guard out
of scope interruption
- move all non transaction related code outside
of the scope
- add error handling when methods such as update_item,
and a like do not return the expected data, instead of
simply going out of scope and resulting in an uncontrolled
reply
* Role/API:
- rework transaction control:
+ get_transaction_control() is renamed to start_transaction()
to better reflect what it does
+ complete_transaction() is renamed to commit_transaction()
+ remove unused %params arg
+ pass $guard into commit_transaction() instead of having it
stored as $c->stash->{transaction_guard) that caused the $guard
ref to be destroyed much late than expected
(there was also a typo as transaction_quard,
which is not relevant anymore with the changes
+ add check_deadlock() that is invoked when an exception is caught
or an $c->errors contain an error, and if the error message
represents a transaction error, the transaction block is
re-invoked via "goto TX_START"
- rework error():
+ it now accepts args as following:
($self, $c, $code, $message, @errors)
# code -> returned as HTTP code in the reply
# message -> returned as HTTP message in the reply
# errors -> contain errors for internal logging, last element often contains a DBIx exception
+ populates all @errors into $c->error so they are available on
demend in the code via $c->error or $c->last_error
+ $c->log->error is not invoked now as the errors become printed
in log_response()
- log_response() now prints collected errors from $c->error correctly
as a separate log line, that is alike to the other api logs so that
those can be looked up by the request's tx_id, also all errors are
now printed only into api.log
* Adjust all $self->error() calls in catch($e) to include $e as the last
argument, as well as the duplicate $c->log->error is removed from
those ocassions
* Remove all $c->log->error() calls as they are replaced with either
$self->error() (that logs it correctly into api.log) or
$c->error('err') that also adds it correctly into api.log
* API::CallForwards: rework to use Entities/EntitiesItem
* API::Contracts: rework POST to use Entities
* API::PeeringGroups: rework POST to use Entities
* API::SubscriberRegistrations: rework POST to use Entities
* API::RewriteRuleSets: improve create_item() functionality
* Utils/Message: add 'api_retry' log type
* $c->session->{api_request_tx_id} is changed to
$c->stash->{api_request_tx_id} because sometimes the session
ref is different and a different tx_id becomes used
Change-Id: I633ce7a8047b1bf00a2f6889003088edf0825dcd
* POST /api/headerrules now supports either 'set_id' or 'subscriber_id'.
When 'subsriber_id' is specified, a subscriber assigned header rule
set is automatically created if it does not exist, as well as
automatically removed when its last header rule is deleted.
* It is now possible to directly GET and DELETE /api/headerrules/:id
where :id is a subscriber assigned header rule.
* It is now possible to directly GET and DELETE /api/headerrulesets/:id
where :id is a subscriber assigned header rule set.
* Improve /api/headerrules data validation and duplicate header rule
detection.
* It is now possible to expand by /api/headerrules/?expand=set_id field
Change-Id: I681bc61c2eed47a8e54847f07f31134f643930c2
this filter is another spot, where leading/trailing wildcards
were added unintentionally, during harmonization.
Change-Id: Id23114f8e7ebca018ad222e35b39d8260f1da92f
* /api/rewriterules PATCH, DELETE methods used the generic
transaction, which conflicted with the xmlrpc reload command.
* own_transaction_control was only set for PUT and now also
extended to PATCH, DELETE to ensure that dialplan_sip_reload()
is called properly after $guard->commit.
Change-Id: I7313b4f6d1f6699bf38ae34749c5383a3943f61d
with the change to harmonize wildcard symbols % and *
to * in query param filters across all restapi rails,
only
- /api/subscribers?alias=
- /api/subscribers?pbx_extension=
- /api/subscribers?primary_number=
- /api/pbxdevices?pbx_extension=
are supposed to include implicit leading an trailing
wildcards.
panel UI uses trailing wildcard by default everywhere,
and so should the databales of the new Admin UI.
external_id were used to support patterns, but must
not include a trailing wildcard in rest API, as this
can break logic that rely on unique api request results.
we now therefore no longer append wildcards in particular to:
- /api/voicemails?folder=
- /api/voicemailgreetings?type=
- /api/subscribers?subscriber_external_id=
- /api/subscribers?customer_external_id=
- /api/subscribers?display_name=
- /api/subscribers?domain=
- /api/profilepackages?profile_name=
- /api/profilepackages?network_name=
- /api/pbxdevices?display_name=
- /api/faxserversettings?name_or_password=
Change-Id: I40ef1912d7224a56c6d14619d258c70e447ab23d
the /api/callists rail supports the "call_id" query parameter to match calls with a callid prefix. this filter also adds an implicity ordering ORDER BY length(call_id) ASC, 'start_time' ASC.
the /api/callists api rail also requires the query parameter "susbcriber_id", which renders a (fast) compound SQL query to list matching incoming (query1) and outgoing calls (query2) using UNION ALL (instead of a slow OR query).
query1 UNION ALL query2
this is supported by the https://metacpan.org/pod/DBIx::Class::Helper::ResultSet::SetOperations module, which however generates invalid SQL syntax if query1 or query2 contains an ORDER BY.
this is exactly what caused the 500 error of the customer who applied both "call_id" and "susbcriber_id" parameter in the request at the same time.
... ORDER BY length(call_id) ASC, `start_time` ASC UNION ALL SELECT `me`.`id`...
the error happens randomly, because query parameters are stored in a hash (which by definition has no deterministic order of the entries). when the "call_id" parameter is applied at last, it worked as expected.
so the issue can be adressed by strictly ordering the UNION ALL result, and prohibit ORDER BY in query1 and query1. the latter was added already with commit b2dfe28eed, and could be hotfixed.
however, the ORDER BY of "call_id" query param is lost, and should be properly handled by forcing strict ordering of how query parameters are applied.
the fix will introduce paramater ordering according to their order of definition in the code.
Change-Id: I165d341b5c20e9bb750bd1fba88c836b393e80bd
* get_handlers_rs() is renamed into get_file_handles() and
reworked from an indented 'from' resultset into 2 separate
resultsets, one fetching all the handles and another one
files for the sound set, it is now returned as an array with the
similar data. Reason for this rework is the deprecated use of
'from', that resulted in a lot of warnings in panel-fcgi.log:
DBIx::Class::SQLMaker::ClassicExtensions::_join_condition():
ResultSet {from} structures with conditions not conforming to the
SQL::Abstract::Classic syntax are deprecated: you either need to
stop abusing {from} altogether, or express the condition properly
using the { -ident => ... }
* adjust file_handles data key names to better follow the
naming conventions and readability, e.g.: groupname -> group_name,
fileid -> file_id
Change-Id: Ia91c9104c0b4dc79ee5bc359eb0b6e035e56ef3e
* the expected csv fields are as following:
- /api/resellerphonebookentries/?reseller_id=1
name,number
- /api/customerphonebookentries/?customer_id=1
name,number
- /api/subscriberphonebookentries/?subscriber_id=1
name,number,shared
- /api/resellerphonebookentries/
name,number,reseller_id
- /api/customerphonebookentries/
name,number,contract_id
- /api/customerphonebookentries/
name,number,shared,subcriber_id
(note: the fields are taken from the leftmost side
as the minimum required fields, so if one provides as:
- /api/resellerphonebookentries/?reseller_id=1
name,number,reseller_id
this line will be uploaded and columns after 'number' are
ignored in this case.
this is for convenience if you have a prepared upload
for different customers/resellers for instance, you can
upload it under one customer/reseller when needed
* user access scope is now validated, e.g.:
resellers cannot upload phonebook entries to another resellers,
etc.
* fix csv upload for /api/customerphonebookentries/?customer_id=1
Change-Id: I970ac36fdb8b366adff15515a48d296e8abeff13
* {"values:", ["value1", "value2"]} is not accepted by
/api/headerruleconditions
* the previous behaviour of {"values": [{"value": "value1"},{"value":
"value2"}]} is preserved
Change-Id: I7d9540d20ed0ecbb2712f1905a7d9e6f7af7e06d
- all standard LIKE search are migrated
- will avoid LIKE unless a pattern (* wildcard) is
used as a search term. this encourage db index
usage, will be faster
- supports wildcard escape sequence \\*
- harmonize swagger UI descriptions of filters
Change-Id: Iea155871c9be6c284e6970a562d4e6af73fedc4b
filtering an Entity-Attribute-Value model cannot be done as
simple conjunctions, but requires either INTERSECT set
operation, or joining the same table multiple times.
Change-Id: I5ce1ae1ece9406b6610487654f09d768a233b122
various api rails will need to support ?caller= and ?callee=
url query parameters.
since this involves SQL queries against potentially large
database tables, special care is taken with wildcard search
to prevent slow queries:
- the ?wildcards=true query parameter has to be specified
to accept search patterns that contain wildcard symbols,
so wildcards are not accepted by default.
WARNING: a search string with a leading wildcard will always
force a *slow* full db table scan!
- the * symbol is used as a wildcard symbol
- \ (backslash) is used as escape character to search for
a literal '*'
Change-Id: Ie6065b0cfa883f7963e1dc8259fffea9a1edfdfe
the conversation list now supports ?caller= and ?callee=
url query parameters.
since this involves SQL queries against potentially large
database tables, special care is taken with wildcard search
to prevent slow queries:
- the ?wildcard=true query parameter has to be specified
to accept search patterns that contain wildcard symbols,
so wilddcards are not accepted by default.
WARNING: a search string with a leading wildcard will always
force a *slow* full db table scan!
- the * symbol is used as a wildcard symbol
- \ (backslash) is used as escape character to search for
a literal '*'
Change-Id: I792d2ea9c649c69c4b5cc98076097cb96467d4bc
The commit extends what done already in e15e40423 allowing the
subscribers to get the soundgroups and soundhandles using API.
This is necessary for some CSC features like the selection of
the Custom Announcement to play after Call Forward.
Change-Id: I40d57d1efdc107c64fe3efafd9e87d1403c4d124
* filtering by package_id with an incorrect search db query (non-existing
field) caused a 500 error
* package_id filter is renamed into profile_package_id to correspond
to the response field
* fix profile_package_id db search query
Change-Id: Ia93e0662172dd89e85572717cbb99a2ed51eb3a7
* /api/phonebookentries is now split into 3 parts
* /api/resellerphonebookentries
* /api/customerphonebookentries
* /api/subscriberphonebookentries
main reason is because there are 3 different contexts (tables)
that in the end return "id" which is also a resource identifier
and it is not unique because the contexts handle their own ids,
another reason is to simplify code and access definitions, as well
as to have solid and easy representation.
* /api/resllerphonebookentries
* can be accessed by 'admin', 'reseller' roles
* /api/customerphonebookentries
* can be accessed by 'admin', 'reseller', 'subscriberadmin' roles
* fix contract_id field to be correctly represented as 'customer_id'
* /api/subscriberphonebookentries
* can be accessed by 'admin', 'reseller', 'subscriberadmin',
'subscriber' roles
* add 'shared' query filter
* all the new endpoints
* no more required query param fields
* customer_id is now optional query parameter filter
* add valid/existing resource checks for POST/PATCH/PUT ops
* add correct auto filtering based on the user's role
* various major code simplifications, fixes and code style improvements
* csv download now also allows query param filters to be applied
* fix documentation
Change-Id: I735df96b7a7e18006a46b82a4fcc603e400ad9e6
* allowed_ngcp_types check is now correct in the
Controller:API::Root::GET
* also fix allowed roles check
Change-Id: I2446d7377d2a1ef152560bfb2799bb9debd0f34b
* when a new rewrite rule is created and the priority attribute
is not specified, only the first rewrite rule of the same rewrite
rule set is set as 50, and the following are as:
"MAX(priority) of the same rewrite rule set"+1
Change-Id: I1f1ae275e00918a34a625409987f21044b3b940f
* Max subscribers can now be defined in the Reseller contract
* Max subscribers is now shown in int Reseller's "Reseller Contract"
Details (with an indictaion of how many subscribers are created
out of the defined max subscribers, as well as when the limit
is reached (similar to the Customer's Details page)
* Add reseller subscribers count checks on the UI Create Subscriber
page
* Add reseller subscribers count checks in /api/contracts POST/PUT
* Prevent max_subscribers definition for Peering contracts in
/api/contracts POST/PUT
Change-Id: I1561d4eb7da5b1a0a0c99acabd18d2a9cd98dec7
* as changes to sound sets and sound files cause
internal triggers + SP to be invoked, the gap
locking should be reduced to avoid possible
deadlocks, hence READ COMMITTED transaction
isolation level is used for all sound sets
and sound files change operations.
* fix a condition that caused an evaluation error
when both old_parent_id and parent_id are undef.
Change-Id: I7e69a0a0e5878c03b086977933315e532aaa2a29
* NCOS Levels and NCOS Sets now have expose_to_customer
option (boolean). If enabled, the NCOS Level/Set can
be seen and used by Customers in their and their subscribers'
preferences
* NCOS Levels and NCOS Sets with expose_to_customer = 0 (default)
are not visible anymore to subscribers.
* API GET /api/ncoslevels is now accessible by 'subscriberadmin' role
and returns a list of NCOS Levels that belong to the same reseller
and with expose_to_customer = 1 (fields are limited to
id,name,description).
* When NCOS Level is expose_to_customer is set from 1 to 0, all
assigned ncos preferences for contracts and subscribers are that
contain the NCOS Level are removed.
Change-Id: Id7c444b4a0834939a128179ded6670705258519b
* timezone names are converted to their links, and if a link
is found (means that the current name is deprecated), it's
validated and stored as the link.
Change-Id: I6348659178400a96eaadd70f79b792c4fa25d7d4
When calling a PATCH or PUT API on a peering group or
outbound rule the reload of the kamailio lcr module was
triggered before the update of the database, thus the
kamailio status was not updated.
Change-Id: I59ed863c85219e62d6f5b5a2af80db8ef952844c
* clear_audio_cache is now invoked also from:
- when a sound file is added (to reflect use_parent/potential child
sets)
- when a parent is changed for a sound set (to reflect current
and potential child sets)
- when a sound set is removed (to reflect potential child sets)
* clear_audio_cache() is reworked
- clear_audio_cache() now calls virtual_child_sound_sets to
fetch all potentially affected child sound sets and also
clears audio cache for them. if the amount of fetched
sound_sets is greater than 10000 then the the whole audio
cache is invalidated
* _clear_audio_cache_service() is reworked
- supports/expects a list of sound sets and sends them
as a string with ':' separator
- if both sound handle and sound sets are provided it calls
clearFiles (so that only the specific sound handle is cleared)
- if only sound sets are provided it calls clearSets (so that
all of the cached files beloning to the sets are removed)
- if none of the above are provided it calls clearAll to invalidate
the whole cache
Change-Id: Ie85f208e27183e88665803b93bb16d7de8e3d7ac
* subscriberadmin can only delete items that belong to the same
contract_id, otherwise 'read-only' forbidden error is returned
Change-Id: I3ef2716039626bc1b208a5c7af06cf87f69cad73
* uses prefix 'me.' for query types search_eq and search_like
in the where condition to avoid ambiguity if the search_rs
has joins that with the same column names
Change-Id: I90fef80970aa4415480b00bbed2fb9fbee1f1ccc
* API now has own GroupAPI form with the correct fields for API
* db/form field name conversion is moved to the newly added
resource_from_item() and process_form_resource() functions
* simplify code for GET/POST/PUT/PATCH operations
Change-Id: I99b76801a2894c8a4821513186796627db728189
* /api/soundsets new parent_name field
* /api/soundfiles now allow POST to be done without the upload,
for cases when an empty record needs to be added to define
"use_parent" behaviour
* improve sems audio cache clear on sound files change, now
sems instances that are not available (not running/request timeout)
are skipped instead of raising an error
Change-Id: I83af2ee2fd3672ab35cf330464ace68416ab52be
a 500 error results when specifying the RewriteRule
"description" filter because of ambigous field names.
Change-Id: I9c0a9f6c84ec62fca4c77ce904fb07c4dadef13b
* subscriber role can now GET call forward sets that
does not belong to the user but used in call forwards
assigned to the user
* the user can only GET the sets but cannot update/delete them
(403 Forbidden is raised in case of attempt)
Change-Id: I391b802d962f4bbeae991e3046ac3f132a19edb6
* add described query_params 'subscriber_id', 'reseller_id' so they are
avaialable on the doc
* remove search by param from Role::ResellerBrandingLogos::_item_rs()
* fix Role::ResellerBrandingLogos::_item_rs() queries
* Controller::API::ResellerBrandingLogos*
- now always returns the binary data containing the logo and with
the Content-Type header
- change NOT_FOUND message to indicate that the ResellerBrandingLogo
is either not found or does not have image/image_type
* do not log response queries
* fix allowed_role to be: admin, reseller, subsscriberadmin
Change-Id: Iaadb47fb2d72886a8d9244a523d5914500a4dd20
* when customer_id query param is specified as customer_id=null
or customer_id=NULL it now correctly fetches soundsets that
do not have customer_id assigned to them
Change-Id: I8de3d9615c133c2abd3eb2b5f4fea8de5b652417
we were sending this command:
> host:deactivate('NGCP::Panel::Model::DB::domains=HASH(0x55955564e6c8)')
Change-Id: I63271b05ee12d0ff3767b5d9376aec22352cb4d5
* ccare roles now have read-only access to profile packages, this
is needed for working with a customer
* enable expand for ccareadmin and ccare roles for the following:
- contact_id
- profile_id
- profile_set_id
- package_before_id
- package_after_id
* add expand support for admin,reseller,ccareadmin,ccare roles
- profile_package_id
- invoice_email_template_id
- passreset_email_template_id
- invoice_template_id
Change-Id: I926304363048e659af67d596dce93be29b3e67af
* "Header Manipulations" UI is now hidden for CE
* /api/headerrulesets is now hidden for CE
* /api/headerrules is now hidden for CE
* /api/headerruleconditions is now hidden for CE
* /api/headerruleactions is now hidden for CE
Change-Id: I717b9d3cdf693f01e32f81086b69aafce4f3113a
* templates now rely on c.config.general.ngcp_type and hide
the Phonebook feature everywhere if ngcp_type is CE
* introduce "allowed_ngcp_types" config for Controller::API::*
that is an array, and when specified, only the ngcp_type
roles are allowed, otherwise if not specified all ngcp types
allowed (default)
* Controller::API::Root:
- filter controllers from the documentation rendedring
that have allowed_ngcp_type config
specified and do not match the current ngcp type
* Role::API Role::Entities*
- new method check_allowed_ngcp_types()
- check_allowed_ngcp_types() is now called in Entities and
EntitiesItem auto() and denies to 404 Path not found if
the ngcp type does not match
* "Phonebook" UI is now hidden for CE
* /api/phonebookentries is now hidden for CE
Change-Id: I41d4b2f87121f281472be3775b862333923fe37f
* session->rpc is not in use anymore and had $parts there which
was a leftover from the inew billing cleanup and moving $session
into the Controller/API/SMS
Change-Id: I6d9612cd3f3cbc57fe1b7df6584ad779dca64288
SMS prepaid billing using libinewrate is not supported anymore
* remove init_prepaid_billing, perform_prepaid_billing,
cancel_prepaid_billing functions
* /api/sms POST is now self sufficient and use $session
internally and does not call *_prepaid_billing functions,
nor rely on them
Change-Id: I483f27ce82c7e0a039ce1f3f44c24bd9db75dfec
* customer_id filter is now possible, which behaves the same as the
existing contract_id. This is to add consistency as filtering by
customer_id is available in other endpoints
Change-Id: I1577d06133f9629c363940a4e8d2fb8012336e21
* rtcengine related logic and apps is now removed
* remove /api/rtcapps endpoint
* remove /api/rtcnetworks endpoint
* remove rtcengine relations from resellers such as
enable_rtc flags
* remove rtcengine related API tests
* remove rtcengine and comx related libraries
* remove csc webphone ui app
* remove webrtc related selenium tests
* remove rtcengine flags from /api/capabilities
Change-Id: I83a4b0457fac2e0df23d267f8dbc82841dfb3001
* the password reset via API now uses webusername instead of
wrongly used username to fetch the subscriber
Change-Id: Ib2ed042382963f13d73619acd48a588f3874c25b
for deployments that expose panel/csc via a proxy,
the auto-generated base url printed in emails can
be unreachable. we therefore introduce the option
to explicitly specify a base url to use.
it will support an sprintf pattern with individual
params for eg.:
- protocol scheme
- domain part
- port
- base url path
Change-Id: I6a9ca23126c669d249ef7f3e092cae0161235ebe
* Contract default sound set - subscriber propagation for cases:
- New customer sound set is created as default.
- Customer sound set is changed to default.
- New subscriber creation - setting contract default sound set id.
* The mentioned cases were implemented for both UI and API.
Change-Id: Ia4733c972ae388d3457d0336e3f85b85eec6e9a2
Marco Capetta
Kirill Solomko
Rene Krenn
Victor Seva
Oleksandr Duts