* the UI field device edit form now contains a checkbox
that, when checked, replaces the subscriber devices dropdown
with an input text (only [0-9#*] chars are allowed)
* aligned the related script code to automatically detect and handle
switching between the sub number / target_number
Change-Id: I70ae5cf5bb81f5953d25a760fbf0efe6c418f6cb
* subscriber profile form is fixed so that the attributes
list is now correctly shown in the old UI
* /api/subscriberprofiles update, attribute values are now correctly
transformed for the validation and processing
Change-Id: I4418250d4a0e702d75524ab5999eb47429be5a04
* ccare roles now have read-only access to profile packages, this
is needed for working with a customer
* enable expand for ccareadmin and ccare roles for the following:
- contact_id
- profile_id
- profile_set_id
- package_before_id
- package_after_id
* add expand support for admin,reseller,ccareadmin,ccare roles
- profile_package_id
- invoice_email_template_id
- passreset_email_template_id
- invoice_template_id
Change-Id: I926304363048e659af67d596dce93be29b3e67af
* it is possible to expand arrays of ids now
* add expand support for pbx_group_ids
* add expand support for pxb_groupmember_ids
* remove _password and _webpassword internally prepared fields
from expands by subscriber_id, pbx_group_ids, pbx_groupmember_ids
Change-Id: I7651aae4c58d98943e82d1eda6b24d260ff2480a
* the attributes fields list in field_list() {} was rendered
without the field name, causing internal issues in HTML::FormHandler
Change-Id: Ic4c7a0454135b2bf394a0fb8c4291a0fadd06df6
SMS prepaid billing using libinewrate is not supported anymore
* remove init_prepaid_billing, perform_prepaid_billing,
cancel_prepaid_billing functions
* /api/sms POST is now self sufficient and use $session
internally and does not call *_prepaid_billing functions,
nor rely on them
Change-Id: I483f27ce82c7e0a039ce1f3f44c24bd9db75dfec
* rtcengine related logic and apps is now removed
* remove /api/rtcapps endpoint
* remove /api/rtcnetworks endpoint
* remove rtcengine relations from resellers such as
enable_rtc flags
* remove rtcengine related API tests
* remove rtcengine and comx related libraries
* remove csc webphone ui app
* remove webrtc related selenium tests
* remove rtcengine flags from /api/capabilities
Change-Id: I83a4b0457fac2e0df23d267f8dbc82841dfb3001
* the endpoint now contains additional fields starting with prefix
current_* that represent the current aggregated value that is
used for the preferences and also
current_fraud_interval_source
current_fraud_daily_source
that represent the used source for the current_ values
(billing_profie or customer)
customer - if the fraud limit is set on the customer level and > 0
billing_profile - if fraud limit is not set on the customer level
Change-Id: I074285e3464420a14f65695c40c8b8008a241a8d
* Role::API::Contracts add item_by_id() that calls contract_by_id()
* Utils::ProfilePackages::catchup_contract_balances return if
$contract object is undef
* Form::Topup::Log::contract_id expands into Role::API::Customers
instead of Role::API::Contracts
Change-Id: Id4fc67b8ea1e91f350d0172aafc2b722f34e61f3
so far the invoice contained outgoing calls only.
this change introduces the "call direction" mode
for invoice templates, to configure invoices with
either
- outgoing calls only
- incoming calls only
- both outgoing and incoming calls
Change-Id: I3a9d4e3dbb83de63cc2bfab5f1c55714fe487c25
The 'Calculated fields' label is displayed when creating a new
Batch Provisioning template on Admin Panel. This field has a
selector which offers the 'Javascript' and 'Perl' options. The
label may be confusing, since the options are programming languages
(rather than 'calculated' fields) that can be used on provisioning
templates.
Hence, it is more suitable to change the 'Calculated fields' label
to just the 'Language' label. This will also be in concordance with
the JSON property 'lang' (short word for "Language") that can be used
at API level to set the programming language.
Change-Id: Ie944e446bbab845fee644f698023ac1eacf0e866
* 'location' field is now optional, if not filled it it will always
default to an empty string instead of null. This is required for the
new mode 'forward' that has no use for this field. If the field
is empty in any other mode like 'add' or 'replace', the entry
will be skiped by the logic.
Change-Id: Ia964c3bb272c9772c51b836ac2418ee4cd7b7f42
* Users with "system" role can change all items accross the system including the password changing for other users.
* Login "system" has persistant "system" role.
* "system" login name is restricted for the user input.
Change-Id: Ibaecba35a86f71fa8895ce9d9feab8e768b65d14
* Fetch recording_metakeys caller/callee for the certain record id(call).
* Add caller/callee fields to the resource and form.
* Frefetching recording_metakeys for the call recording.
Change-Id: I767ea32e19edfd7cbbc74956200343f680fdb2b4
this fix addresses regression reported by dominik:
* $resource{_password}/{_webpassword} cannot be set before the
form validation as they are effectively removed by it,
causing /api/susbcribers returning no passwords at
all for 'subscriber' roles
* Having them after the patch makes no sense either as next
resource_from_item call will effectively remove them again (in PATCH)
(cherry picked from commit 5e9066c4fb)
Change-Id: I88c9ec40843f1e9a6983952b96c0b0e70fbb1bb1
* check $c->state for cases when it does not exist
(admin user creation)
* return undef instead 0 in the default field method
Change-Id: I3aa69ebc0f5ec5a590c113379bdf0a5a94e35747
This reverts commit 5e9066c4fb.
This implementation breaks:
* $resource{_password}/{_webpassword} cannot be set before the
form validation as they are effectively removed by it,
causing /api/susbcribers returning no passwords at
all for 'subscriber' roles
* Having them after the patch makes no sense either as next
resource_from_item call will effectively remove them again (in PATCH)
Change-Id: I0e8389e8ab34ad72f1b87a684daba77f1030f8ba
* admin users with is_master = 0, cannot see other admin users
(this includes system users) and brings the is_master flag
to the common behaviour
* ccareadmin, ccare users can now access te UI Admins page
as well as /api/admins but they are limited to see/manage
only themselves
* admin users cannot see system users (UI/API)
* reseller users cannot see system/admin users (UI/API)
* admin users cannot modify their own role and flags except for:
email, password, can_reset_password (UI/API)
* UI edit form now does not render fields that are not meant to be
modified by a user (exception: "login")
Change-Id: I82e1946437fd2ec4651abd24074470c695a40582
- Optional "role" parameter is added for POST PUT PATCH.
If "role" is provided then the passed flags are ignored and are applied internally by the server according to the provided role.
If "role" is not provided then the former flags based approach is applied.
Change-Id: Ib6e591ff6dc50122e0ec49a348153ca820fc2e03
* role_id field is set to optional as the API uses the
form and there is no support for the role_id there yet
Change-Id: Ib663b4d9d0501eca2310a7e95733c2166c9872eb
- Add Role column on /administrator table
- Add Role dropdown input on /administrator/:id/edit
- Add Role dropdown input on /administrator/create
- Implements logic to resolve flags and role id params:
1. role_id is passed(create/edit) then flags will be overrided according to the concrete role.
2. role_id is not passed(create/edit) then flags will be checked to determine role id according to the concrete flags pattern:
Role | Flags
----------- ---------------------------------
system | is_system = 1,
admin | is_superuser = 1
reseller | is_superuser = 0
ccareadmin | is_ccare = 1, is_superuser = 1
ccare | is_ccare = 1, is_superuser = 0
lintercept | lintercept = 1
Change-Id: Ia923a47f664a162d78a06efcc006f84dcd08701d
a multitude of issues popped after introducing bcrypted
webpasswords in the database. most recently the PATCH /api/susbcribers
rail was reported to reset the webpassword unintentionally.
subscriber login fails afterwards, which is a severe issue.
the bugs are adressed by this refactorings. the change also
introduces a global variable
$NGCP::Panel::Utils::Auth::ENCRYPT_SUBSCRIBER_WEBPASSWORDS
to control encrypting webpasswords. it is still enabled as of now,
but it's worth to consider disabling it. there other ways to have
a "cost" for an authentication request, eg. adding a simple
sleep(1sec).
Change-Id: I2d47d54a2d83568546ffdd2b211337a5f56be3a2
* allowed_roles in the expand defintion restrict the field
only to the roles in the allowed list, otherwise the field
is not expanded.
Change-Id: Ib6f776388457327f2fa85e71deb9591022cee2da
* add dictionary support for fields that are expanded
if encountered in all endpoints, with a possibility
to override it, if defined on the endpoint's field
level
* move expand definitions from form fields into the
Expand dictionary
* simplify the expand usage, it now operates only with the
<x>_id fields that are returned and visible in the response
(e.g. if reseller_id is returned, then ?expand=reseller_id),
the returned expand object name is <expand_field_name>_expand
the, so in case of ?expand=reseller_id, the returned object
will be reseller_id_expand
* adapt Role/SystemContacts to work correctly with the expand
functionality
* expanded fields are returned as <expanded_field_name>_expand
Change-Id: I4cab44ede9b40c70a95bbcedc81f58dd1f4e3b67
the form used for the /api/ncoslnpcarriers rail
uses the same technique to expose a JSON field
"carrier_id" for the table column "lnp_provider_id",
also found in the /api/lnpnumbers rail implementation.
it however did not work until now, because the
fieldname in the render_list did not match.
Change-Id: I45dca22bab73e16b538de7ea1d540aa1383fb56d
the /api/provisionintemplates rail provides the
operations to create, edit and delete "provisioning
templates" know from the "batch provisioning" feature
of admin panel.
these templates can also be defined in config.yml,
while it is however only possible to edit templates
stored in the database.
executing a template and/or uploading a .csv for bulk
execution will be available in a separate part.
Change-Id: If8627327270edfce5bca1be3b1f777c1bd44e90f
fee matching works in 2 attempts:
1. try to find a fee matching <user@domain>
2. if none found, try to find a fee matching <user>
the billing_profile record will get a new field
"ignore_domain". if set to "1", step#1 above
should be skipped.
Change-Id: I7f0a8f1dd8d5699ad4e2b8242c68fb9f75fc1bff
A feature request to have an opportunity to add a default action slot,
in case a caller hangs on the AA and doesn't pick anything.
Main change is related to sql structure of 'provisioning.voip_pbx_autoattendants' table,
which now has 'voip_pbx_autoattendants.choice' as VARCHAR(16) instead of TINYINT.
Also adding a label 'default' for the drop-down menu.
Change-Id: I6382a68c8258094a2bf2bf9c71407092860f5e4d
The value of "interval_free_time" preference is specified in seconds.
To avoid confusion, use the term "free calling time" rather than "free
minutes" in tooltips.
Change-Id: Ia4bd507e4a2281723fd2168a34b2178bf404f867
* 'webpassword' field is now also validated for invalid
(non-ascii) characters
* Fix multiple APP input field validation erros to comma joined.
* Adjust 'webpassword' field validation errors to have better
readability when there are multiple validation errors
Change-Id: I21536f97a4da78cc5192a3abd8cd5adef1b819ec
* add API functionality to request additional data
and expand fields in GET methods
* syntax:
- /api/resource/?expand=all - expands all expandable fields
e.g.: customer_id field is expanded and customer internally
is queried and returned under "customer" => {...}
(the returned data is identical to what /api/customers/id
would return)
- /api/resource/?expand=reseller_id,customer_id - expands
only reseller_id and customer_id fields, if they are expandable
- /api/resource/?expand=reseller_id,invalidfield_id -
returns the data and expands only fields that are expandable
(reseller_id in this case) but if it finds either unknown
fields or non-expandable fields, changes HTTP status code
to "409 Conflict"
* adapt all API endpoints to support dynamic expand fields expanding
functionality, however the actual expand for them requires modifying
the form fields in the following format:
has_field 'contact_id' => (
element_attr => {
expand => {
class => 'NGCP::Panel::Role::API::CustomerContacts',
id_field => 'contact_id',
alias => 'contact',
fetch => 0,
},
},
);
- class - represents the class that should be used by the logic
to fetch the relevant data
- id_field - which field from the resource needs to be expanded,
it should be the "id" field (subscriber_id, domain_id, etc.)
- alias - (optional), under which key the fetched data is stored.
the field name is used as the key if the option is omitted.
- fetch - (optional), if the returned data is under
$data->{contract_id} then it will be fetched from there and
stored under the key (field name or alias), otherwise the whole
retreived data is stored under the key (field name or alias)
* adapt /api/autoattendants to use the new approach (old one was expand=1)
* currently supported endpoints with expand:
- admins
- autoattendants
- domains
- customers
- customercontacts
- resellers
- subscribers
Change-Id: Iac53409dad944ed4794039a48dc3a9f6dce25bc1
Fix ngcp_panel_dump_db_strings.pl to load Forms modules properly.
Make modules not to fail when they are called without ctx context.
Change-Id: I695978b1831068f37198bce9f6a5b9e406d79ede
* the endpoint will receive "type" (expires|onetime)
and "expires" (positive integer representing seconds)
* type will define the expiray method for the token;
onetime: the token expires as soon as it's used, or
after "expires" seconds if not used
expires: the token can be used multiple times until
it expires according to the "expires" param value
* login_jwt endpoint for generating the JWT token for
subscribers has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* admin_login_jwt endpoint for generating the JWT token
for admins has been enhanced to accept the "token"
param, containing the token generated using the
/api/authtokens endpoint
* login_jwt and amin_login_jwt will respond with 403
"Forbidden" if the token role stored in Redis does
not match the role of the user that generated it
* /api/authtokens is hidden from documentation for now
Change-Id: I4eb76c2b08f2e24774fa84ba0ccf7412ce8670e8
The fix has been created by Gerhard Jungwirth three years ago for
branch 'mr5.5' and was not merged into branch 'master'.
It is a follow up master commit to address customer ticket TT#82306.
The cherry-pick has been done AS IS, with one small trivial resolution:
> + my $is_pbx_customer = $c->stash->{billing_mapping}->product->class eq "pbxaccount";
> my $base_number;
>
> ++<<<<<<< HEAD
> + if($subscriber->contract->product->class eq "pbxaccount") {
> ++=======
> + if($is_pbx_customer) {
> ++>>>>>>> 239d4a385... TT#44168 create additional form for subadmin non-pbx subscriber edit
Change-Id: Ie242c4ad44fc21319cdaa29dcca423fe241aab20
(cherry picked from commit 239d4a3859)
* add color pickers and store the hex code of the colors
inside the branding table in panel UI
* implement /api/resellerbrandings endpoint, where all things
related to reseller branding can be managed; the branding
logo will still be retrieved using /api/resellerrandinglogos
Change-Id: Ib7ed364811acf67ffd62252d9799a0af8b91e9bc
* Create upload and content type form fields for 'blob'
type preferences
* Implement blob preference upload/download to database
* Show blob content in read only text area if content
is text
Change-Id: Ic4b800f84324eab0aadbf8eeb55c03c770ecc94f
* The profile_set field was inactivated in form if subscriber
had a profile set, but just for cosmetic purposes; this is
only for pbx extensions, other subscribers don't have this
field inactivation; inactivating it, made subscriber editing
in Panel UI behave weirdly because a check for profile_set
would fail since it's missing
* Bottom line, we can sacrifice the cosmetic part for having
subscriber editing function properly
Change-Id: I6a9a7cf3e5c7250d20dd5873521f72cdcc1b6d55
* Remove bootstrap methods from forms and other code
* Delete SipwiseProfile and SipwiseRedirect modules
Change-Id: Iabf6c2730aae27af67830a9470ab176392c1ba50
* Remove old XMLRPC redirection logic
* Implement Hawk header generation for SRAPS authorization
* Implement bootstraping provisioning profile on SRAPS,
then add the device into said profile
* Implement deletion of device
* Add 'Profile' and 'Product family' fields in SNOM device
models
Change-Id: I44ecf5199a7c04c6b0cb2e969aaa7f75578d874c
* The new endpoint will only accept POSTs
* The request body should have two parameters
called 'new_password' and 'token'
* First, look for the token in redis (for admins),
if not found, look for it in DB (for subscribers),
if neither is found, return
Change-Id: I4163a0d5bd886961317b21aeca20c8ccfdeab0dd
* It will be used in case of devices that
don't need to contact any redirect server
for provisioning
Change-Id: I423993f52b72680d243394e8ca69bd7abdf5022b
* this is needed in order to prevent error when
requesting api documentation
* add 'type' and 'domain' to field list in form
to show up in api documentation
Change-Id: I210ce214523a2c27f84098e630cbfeb5de227848
* The new endpoint will only accept POSTs
* The request body should have two parameters
called 'type', 'username' and 'domain'
* 'type' will accept either 'administrator',
in which case only 'username' is needed,
or 'subscriber', in which case 'username'
and 'domain' will be needed
* The regular password reset email will be sent
to either the admin or the subscriber
Change-Id: If1457c8c625a95295e5e93b6637927e3905698d9
* "month", "day", "hour", "minute" can now
be entered as "day":"30-12" where max < min,
that is to allow timeset date ranges entered via the API.
That also brings it equal to how it is accepted to be entered in
timesets UI form.
Change-Id: Icbfa8f4a3e9086d917fca061525999202b105b64
* Param 'number' is renamed to 'numbers'
* 'numbers' can be a single value like
it is currently used, or an array which
will result in all array elements having
the sub's rewriterule applied and returned
in the same order
Change-Id: Ic24179d2ecbec80cebd23e5af751df0ebbcc7141
* Admin with lawful intercept will no longer be able
to have any flags besides 'is_active', 'read_only',
'can_reset_password'
* Remove reseller filter on interceptions since LI
admins should see all interceptions
* Add permissions to /api/admincerts and reseller ajax
for LI admins
Change-Id: Id912424b9bbd3ab3cbbc373ac116fda035f81fd3
* LI admins wil only be visible to the is_system
administrator.
* It's not possible for an andmin to be both ccare
and LI at the same time
* LI admins can only read/modify themselves
* Non-system admins cannot create/read/modify LI admins
Change-Id: I7b2189a87a5433d270380393d8e5ffec0283d9e5
* new c.users.role 'lintercept', that set to when an admin user has
enabled 'lawful_intercept' flag
* only Administrator page /api/admins and /api/interceptions are available for
the role
* 'lintercept' role can only see own user and only change password
and email
Change-Id: Iadcb022a124afbd77b224e734026f380af0170e8
This reverts commit ec674132df.
Reason for revert: Feature was partially backported and lawful intercept admins were deleted from databse. Feature needs redesign.
Change-Id: I500e66f3bd3b4a0c29fa05e1113568d3776eacf9
* LI Admins are no longer visible in NGCP Panel;
they will be managed via config.yml; creation,
deletion, email update ar all handled when
adding/removing/updating a LI admin in config.yml
* LI Admins can only change their password and
email via Panel UI and API
Change-Id: Idec849e52962b2d5c4cb2a4365cf8c90414c0431
* Introduce endopint '/resetpassword' for asking for
password reset using admin username
* Create form for introducing username
* Create url with unique token pointing to '/recoverpassword'
where admin user can introduce new password and email
said url to admin's email address
* Create form for setting new password
* Store username and unique token in Redis expiring
in 5 minutes to store password reset attempt
and identify it when user accesses url in email
* Limit admin access to be able to only change own password
due to new password reset possibility as requested in
TT#76110
Change-Id: Ie3acb961444398afa5b2fdc85e3ca8ceccf9244a
* Introduce posibility to provision source sets,
time sets, b number sets and destination sets
in the same request with defining cf mappings
which include advanced cf setting with multiple
cf rules.
Change-Id: I9d2865c3fbdac0651a287b926a3fb0e190fca814
- persist prov tmeplates in the database: create, update
and permanently remove them again.
- prov templates from config.yml are still supported,
but cannot be edited though. the templates from
config.yml are merged with those from the db.
- each reseller can have their own prov templates,
while the prov templates from config.yml are visible
to all.
- YAML syntax highlighting and parse check when saving.
Scripting language (perl/javascript) is currently parsed
when executing a provisioning templates only. It is
possible to further extend the parsing checks.
- the prov template "name" + reseller is the unique
identifier. relevant also for the command line tool.
Change-Id: I58d7c54fa82fe512b263b3219bfc84d7e49c56a8
* Change the way webpassword is handled accross
NGCP Panel UI/API to comply with new password
encryption
* At login, if password is not encrypted with
high cost due to the ngcp-bcrypt-webpassword
script, encrypt it with proper cost
* Accept old password format as well until all
webpasswords are encrypted
Change-Id: Iefa9584a62ab4b7d2a224d10bdd415e9cbb8dfb5
* Implement checking/creation of server, profile
and prepare request for device creation on ALE
RPS
* Prepare request for device deletion on ALE RPS
* Changes in Panel to support provisioning via
the ALE RPS
Change-Id: I24b62c03b64c56fcbcabea71428d0b70b46706e6
* Introduce posibility to provision header rules,
conditions and actions at the same time
using only the /api/headerrules endpoint;
also rules can be modified with PUT/PATCH on
/api/headerrules
Change-Id: I5ef9a85b4bf0f28693d22603cc74f269ea483983
* Introduce posibility to provision rule sets,
rules, condition and actions at the same time
using only the /api/headerrulesets endpoint;
also rules can be modified with PUT/PATCH on
/api/headerrulesets
Change-Id: I8c054f72a2632d45fec76166774521f8c22aea05
Kirill Solomko
Marco Capetta
Rene Krenn
Fabricio Santolin da Silva
Oleksandr Duts
Javier Rodriguez
Michael Prokop
Victor Tsvetov
Donat Zenichev
Alexander Lutay
Flaviu Mates
Gerhard Jungwirth
Andreas Granig
Guillem Jover