ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Kirill Solomko	57a8cefd2c	TT#65101 enhance ccare roles support * ccare roles now have read-only access to profile packages, this is needed for working with a customer * enable expand for ccareadmin and ccare roles for the following: - contact_id - profile_id - profile_set_id - package_before_id - package_after_id * add expand support for admin,reseller,ccareadmin,ccare roles - profile_package_id - invoice_email_template_id - passreset_email_template_id - invoice_template_id Change-Id: I926304363048e659af67d596dce93be29b3e67af	3 years ago
Kirill Solomko	a8bc49408a	TT#182053 Header Manipulations feature is hidden for CE * "Header Manipulations" UI is now hidden for CE * /api/headerrulesets is now hidden for CE * /api/headerrules is now hidden for CE * /api/headerruleconditions is now hidden for CE * /api/headerruleactions is now hidden for CE Change-Id: I717b9d3cdf693f01e32f81086b69aafce4f3113a	4 years ago
Kirill Solomko	09b589738d	TT#182101 Phonebook feature is hidden for CE * templates now rely on c.config.general.ngcp_type and hide the Phonebook feature everywhere if ngcp_type is CE * introduce "allowed_ngcp_types" config for Controller::API::* that is an array, and when specified, only the ngcp_type roles are allowed, otherwise if not specified all ngcp types allowed (default) * Controller::API::Root: - filter controllers from the documentation rendedring that have allowed_ngcp_type config specified and do not match the current ngcp type * Role::API Role::Entities* - new method check_allowed_ngcp_types() - check_allowed_ngcp_types() is now called in Entities and EntitiesItem auto() and denies to 404 Path not found if the ngcp type does not match * "Phonebook" UI is now hidden for CE * /api/phonebookentries is now hidden for CE Change-Id: I41d4b2f87121f281472be3775b862333923fe37f	4 years ago
Kirill Solomko	eeeab1a4e3	TT#179901 api SMS remove obsolete rpc part from session * session->rpc is not in use anymore and had $parts there which was a leftover from the inew billing cleanup and moving $session into the Controller/API/SMS Change-Id: I6d9612cd3f3cbc57fe1b7df6584ad779dca64288	4 years ago
Marco Capetta	5f316b8e70	TT#179901 Discontinue iNew dedicated features and code SMS prepaid billing using libinewrate is not supported anymore * remove init_prepaid_billing, perform_prepaid_billing, cancel_prepaid_billing functions * /api/sms POST is now self sufficient and use $session internally and does not call *_prepaid_billing functions, nor rely on them Change-Id: I483f27ce82c7e0a039ce1f3f44c24bd9db75dfec	4 years ago
Kirill Solomko	22eb317b70	TT#180551 /api/topuplogs add filter by customer_id * customer_id filter is now possible, which behaves the same as the existing contract_id. This is to add consistency as filtering by customer_id is available in other endpoints Change-Id: I1577d06133f9629c363940a4e8d2fb8012336e21	4 years ago
Kirill Solomko	94941ef294	TT#177402 /api/capabilities allow ccareadmin, ccare roles Change-Id: I9537fc7912af628f546125d20f2e1419d6878cf7	4 years ago
Kirill Solomko	d3dc152cdc	TT#175000 remove rtcengine logic * rtcengine related logic and apps is now removed * remove /api/rtcapps endpoint * remove /api/rtcnetworks endpoint * remove rtcengine relations from resellers such as enable_rtc flags * remove rtcengine related API tests * remove rtcengine and comx related libraries * remove csc webphone ui app * remove webrtc related selenium tests * remove rtcengine flags from /api/capabilities Change-Id: I83a4b0457fac2e0df23d267f8dbc82841dfb3001	4 years ago
Kirill Solomko	1841d07d00	TT#172451 /api/passwordreset fix provisioning subscriber join * fix a join where webusername was fetched from the billing db instead of provisioning Change-Id: I1681c5fa1bac702d493168c2008d1ab911f910a6	4 years ago
Kirill Solomko	19547328d7	TT#172451 password reset uses webusername * the password reset via API now uses webusername instead of wrongly used username to fetch the subscriber Change-Id: Ib2ed042382963f13d73619acd48a588f3874c25b	4 years ago
Oleksandr Duts	752d81de48	TT#146103 API POST resetpassword - subscriber search fix * If user@domain is provided then looking for the specified domain, otherwise - url domain. Change-Id: I8ad9e0dab0f83eb8200d80e8ad993fba7c16abd3	4 years ago
Oleksandr Duts	a2dfbe8f36	TT#158900 API DELETE admincerts/:id - master-admin for other admins * Allow to delete admin cetificate of other admins under master-admin. Change-Id: I37ffaedce34b3a71d0a04556059059186a5b690d	4 years ago
Rene Krenn	eac6c2dc4c	TT#146101 add external base url parameter for deployments that expose panel/csc via a proxy, the auto-generated base url printed in emails can be unreachable. we therefore introduce the option to explicitly specify a base url to use. it will support an sprintf pattern with individual params for eg.: - protocol scheme - domain part - port - base url path Change-Id: I6a9ca23126c669d249ef7f3e092cae0161235ebe	4 years ago
Kirill Solomko	d7c7391644	Revert "TT#158252 API GET subscriberpreferences - fix DBI timeout" This reverts commit `a6b5ac98c0`. Change-Id: Ie9c70a0821db61cb2bc1634d54ae0f6d3a096a92	4 years ago
Kirill Solomko	26c868bcb3	Revert "TT#158252 API GET subscriberpreferences - rm acquire_contract_rowlocks" This reverts commit `9d77ddb15d`. Change-Id: I649fa2b01498c55f1f27811cda1f882d3192d0bc	4 years ago
Oleksandr Duts	9d77ddb15d	TT#158252 API GET subscriberpreferences - rm acquire_contract_rowlocks Change-Id: Icfa19eb0fac8e6114f491f626cb50e99b070ba6b	4 years ago
Oleksandr Duts	a6b5ac98c0	TT#158252 API GET subscriberpreferences - fix DBI timeout * Add pref->attribute prefetching. * Remove unused contract balance calling. Change-Id: Idff3893beb42aa72bd04d6248a390ab6c89fe4a1	4 years ago
Rene Krenn	b05628db60	TT#81004 support callforwards in provisioning templates provisioning templates can now include configuration of callforward mappings, eg.: cf_mappings: cfu: [] cfb: - enabled: 1 destinationset: name: "test" destinations: - destination: "123" cft: [] cfna: [] cfs: [] cfr: [] cfo: [] Change-Id: I8073322630d63e5ef23e7a9f8c299a6010cb4866	4 years ago
Oleksandr Duts	f2ae8c9513	TT#163451 API GET headerrules - name, description filtering fix * Fix endpoint fith filters - api/headerrules/?[name\|description] Change-Id: Icd43dbd993b31c2adef79aa61b2a6c53b6f789bb	4 years ago
Oleksandr Duts	8af29b6470	TT#154351 Sound set propagation * Contract default sound set - subscriber propagation for cases: - New customer sound set is created as default. - Customer sound set is changed to default. - New subscriber creation - setting contract default sound set id. * The mentioned cases were implemented for both UI and API. Change-Id: Ia4733c972ae388d3457d0336e3f85b85eec6e9a2	4 years ago
Oleksandr Duts	c12d5077f0	TT#158250 API: autoattendats - fix subscriber_id expand under subscriberadmin * Fix API autoattendats expand subscriber_id for subscriberadmin role. Change-Id: Ib55c9e0370a2405456f3a311c98221b59e3a6d3f	4 years ago
Oleksandr Duts	a4d3585430	TT#160300 API: header[rules,ruleactions,ruleconditions] - subscriber_id filter Add subscriber_id(billing) filter parameter for GET endpoints: - headerrules - headerruleactions - headerruleconditions Change-Id: Ief568ddbdc3641be5e57411191f5716ab175acb9	4 years ago
Kirill Solomko	9dd50e8427	TT#158003 make subscriber location mappings 'location' optional * 'location' field is now optional, if not filled it it will always default to an empty string instead of null. This is required for the new mode 'forward' that has no use for this field. If the field is empty in any other mode like 'add' or 'replace', the entry will be skiped by the logic. Change-Id: Ia964c3bb272c9772c51b836ac2418ee4cd7b7f42	4 years ago
Oleksandr Duts	938eef9140	TT#119465 API callrecordings - searchable caller/callee * Fetch recording_metakeys caller/callee for the certain record id(call). * Add caller/callee fields to the resource and form. * Frefetching recording_metakeys for the call recording. Change-Id: I767ea32e19edfd7cbbc74956200343f680fdb2b4	4 years ago
Michael Prokop	35b568dde4	TT#71950 Fix typos * successfuly -> successfully * diplay -> display * recieve -> receive * mathes -> matches * cahnged -> changed * Unprocessible -> Unprocessable * The the -> The * repesent -> represents Change-Id: I123f5b1ec8c11fe01db4e5768bd640c4920d3366	4 years ago
Rene Krenn	599dd0613b	TT#151751 fix plaintext sippassword no longer returned this fix addresses regression reported by dominik: * $resource{_password}/{_webpassword} cannot be set before the form validation as they are effectively removed by it, causing /api/susbcribers returning no passwords at all for 'subscriber' roles * Having them after the patch makes no sense either as next resource_from_item call will effectively remove them again (in PATCH) (cherry picked from commit `5e9066c4fb`) Change-Id: I88c9ec40843f1e9a6983952b96c0b0e70fbb1bb1	4 years ago
Kirill Solomko	f4154b1dbc	TT#154500 tighten /api/admins roles * An attempt to change own role, login, flags (except for can_reset_password) now returns 403 Forbidden, User cannot modify own permissions * POST checks if the admin has necessarry permissions to create another admin * PUT/PATCH changing own role is now forbidden * PUT/PATCH changing other's admin role now checks permissions * DELETE checks role permissions Change-Id: I990609985ae9cab6213cf47f5f5c8afba2efdda3	4 years ago
Oleksandr Duts	8b6939a715	TT#134106 API: GET autoattendants - fix subscriber access * Fix UI form [CSC] PBX Settings -> Auto-attendant. * Subscriber can create own slots. Change-Id: I410aa9112edb8f6f2f85ac697f4eef8149db0240	4 years ago
Oleksandr Duts	e5dd7e5587	TT#129169 API: DELETE /api/admins/:id return wrong http 500 * Fix http code to 403 - Cannot delete own user Change-Id: I21225e112fd7e5b746381753b2e52474b6069c5c	4 years ago
Kirill Solomko	81ebdb8dcf	Revert "TT#151751 refactor persisting subscriber webpassword" This reverts commit `5e9066c4fb`. This implementation breaks: * $resource{_password}/{_webpassword} cannot be set before the form validation as they are effectively removed by it, causing /api/susbcribers returning no passwords at all for 'subscriber' roles * Having them after the patch makes no sense either as next resource_from_item call will effectively remove them again (in PATCH) Change-Id: I0e8389e8ab34ad72f1b87a684daba77f1030f8ba	4 years ago
Kirill Solomko	e95ed81ca7	TT#154500 improve admin users behaviour * admin users with is_master = 0, cannot see other admin users (this includes system users) and brings the is_master flag to the common behaviour * ccareadmin, ccare users can now access te UI Admins page as well as /api/admins but they are limited to see/manage only themselves * admin users cannot see system users (UI/API) * reseller users cannot see system/admin users (UI/API) * admin users cannot modify their own role and flags except for: email, password, can_reset_password (UI/API) * UI edit form now does not render fields that are not meant to be modified by a user (exception: "login") Change-Id: I82e1946437fd2ec4651abd24074470c695a40582	4 years ago
Rene Krenn	9a3c3cd42c	TT#153100 fix subscriber username queryparam search Change-Id: I56ca6601bb1abc38552561e0a110e875e9282a3b	4 years ago
Oleksandr Duts	9855b6ab45	TT#149461 Enhance /api/admins to accept the role data property - Optional "role" parameter is added for POST PUT PATCH. If "role" is provided then the passed flags are ignored and are applied internally by the server according to the provided role. If "role" is not provided then the former flags based approach is applied. Change-Id: Ib6e591ff6dc50122e0ec49a348153ca820fc2e03	4 years ago
Rene Krenn	5e9066c4fb	TT#151751 refactor persisting subscriber webpassword a multitude of issues popped after introducing bcrypted webpasswords in the database. most recently the PATCH /api/susbcribers rail was reported to reset the webpassword unintentionally. subscriber login fails afterwards, which is a severe issue. the bugs are adressed by this refactorings. the change also introduces a global variable $NGCP::Panel::Utils::Auth::ENCRYPT_SUBSCRIBER_WEBPASSWORDS to control encrypting webpasswords. it is still enabled as of now, but it's worth to consider disabling it. there other ways to have a "cost" for an authentication request, eg. adding a simple sleep(1sec). Change-Id: I2d47d54a2d83568546ffdd2b211337a5f56be3a2	4 years ago
Oleksandr Duts	e58cb2cc39	TT#149456 Admins introduce role_id flag - role_id is taken from billing.acl_roles and written into the billing.admins table when a new admin user is created/updated via UI/API. This is the first step towards the role based admin user handling. Change-Id: I0804379cbbcab174cebbb292397a39cb3ea01a31	4 years ago
Rene Krenn	d786af1591	TT#147151 finish refactoring of avoiding JOIN billing.product follow up on TT#147151 (fast loading/paging/searching panel datatables), which broke restapi tests. Change-Id: I799cb9087b9405c71dec4c690e7a7bab5dfdbdde	4 years ago
Flaviu Mates	fe09f80224	TT#86652 Fix utf8 fax body encoding * decode utf8 on multipart/form-data request since we encode the json for this content type, and the fax body gets double encoded and ends up wrong Change-Id: I50d10879e5fe1ba99141e76d311641fcd5d568a1	4 years ago
Oleksandr Duts	a65d00c3a8	TT#139800 Enable subscriber access to /api/autoattendants/:id * "subscriber" role can now retrieve own autoattendant data. This is needed for the CSC interface. Change-Id: Id10b302205fe458d5793ae8f7bd9201233f9a0d4	4 years ago
Oleksandr Duts	e058a15958	TT#139351 enable DELETE method in /api/invoicetemplates/:id Change-Id: I3be4c4cee36d459da03b883f38d2b6442dbc304b	4 years ago
Oleksandr Duts	8017805589	TT#124802 GET /api/admins/:id/journal - fixing * Admins with is_system and is_superuser are able to see the items for all roles. * Admin is able to see own journal. Change-Id: I3e5d459b08ff7ef218220f1ae11974351121c489	4 years ago
Rene Krenn	e73dd3ea27	TT#132650 api .csv upload for provisioningtemplates the POST /api/provicioningtemplates/<reseller>/<template> request will accept text/csv content type to provision many susbcribers at once. Change-Id: I59079ba8f2bacc0ce2b1367d2bd1a7251cf4763c	4 years ago
Kirill Solomko	e4cfb19a38	TT#139550 fix vmnotify play/delete * fix vmnotify play from the UI regression * fix vmnotify DELETE API method * fix vmnotify DELETE UI method Change-Id: Id1224eb425c75be9325b707311ed3d0ac82ef2b7	4 years ago
Rene Krenn	4c47920f2e	TT#132650 run provisioningtemplate from api provisioning templates with their dynamic forms can be executed by a entityitem POST request, ie. POST /api/provicioningtemplates/<reseller>/<template> or POST /api/provisioningtemplates/<readonly template> Change-Id: I77f6c9d42e1afdb49635d3f11e4d73bcf6269605	4 years ago
Kirill Solomko	b199ad3e1e	TT#139550 improve vmnotify behaviour * vmnotify() now accepts cli and uuid arguments * API handling of voicemails is now improved to: - send a notify if the item's INBOX/Old has been changed - correctly process DELETE to send vmnotify after the item's removal Change-Id: Ic00ae825cf091bce273e55aa37cd0a7ac80d8b0f	4 years ago
Kirill Solomko	da4278daa3	TT#145300 Adjust domains reseller_id handling * domains do not use billing.domain_resellers table anymore but instead the new domains.reseller_id field. That is to remove the unneeded many<>many relation through the additional table where the actual logic only supports one(reseller) to many(domains) relation Change-Id: I1b681543baf1901f19e10c2f6210e4cf6eeb8fbe	4 years ago
Flaviu Mates	9bb622a2bc	TT#117153 Improve /api/cfmappings performance * switch to 'populate' instead of using 'insert' for each destinations, sources, times, bnumbers, mappings and CF preferences * add API->check_patch_op_add_only - to check if the patch contains only "add" operations * improve /api/cfmappings, if all PATCH operations are "add" then the existing records are not fetched and not recreated, enabling very new mapping inserts Change-Id: I0b4e71565c11771026dbbc000aa57b2a613409fa	4 years ago
Rene Krenn	b6e696621b	TT#132650 /api/provisioning_templates CRUD rail the /api/provisionintemplates rail provides the operations to create, edit and delete "provisioning templates" know from the "batch provisioning" feature of admin panel. these templates can also be defined in config.yml, while it is however only possible to edit templates stored in the database. executing a template and/or uploading a .csv for bulk execution will be available in a separate part. Change-Id: If8627327270edfce5bca1be3b1f777c1bd44e90f	4 years ago
Victor Tsvetov	3cb71e4ceb	TT#130456 API Customers POST: show error if system template Throw descriptive error for attempt to create Customer with Template that does not belong to Contact’s Reseller. Cover the case when the Template belongs to System Contact (with no Reseller). Error example: 'subscriber_email_template_id' with value '1' does not belong to Reseller '1' that is assigned to Customer's Contact '1' Change-Id: Iffcef0339afc4490ecba81d4667cbb9225766af4	4 years ago
Kirill Solomko	02f3f6b3a1	TT#133800 fix webpassword field removal * webpassword field was unconditionally deleted in API GET and DELETE methods, it now relies on resource_from_item for the common approach Change-Id: I703158fd2022b49a49470db28cb22f37e613f841	4 years ago
Kirill Solomko	c50b49db96	TT#133800 fix password fields behaviour in API * PATCH: password fields are not removed when resource is created for apply_patch(), they are removed under the same condititions later when hal is generated, that is to ensure that admin users without the 'show_passwords' flag as well as subscribers will not run into situation when they use PATCH and cannot apply it for "path": "/password" or/and "path": "/webpassword", as they were removed before apply_patch() * rework encrypted webpassword detection. webpasword is detected as encrypted if its length is 54 or 56 and it contains at least one '$' char, there is a chance for false positive detection when a user provides with a plain-text password with the same pattern but it's very unlikely, as well as since mr8.5 webpasswords are expected to be encrypted, and moreover worth case scenario is that the plain-text password will not be returned to the user Change-Id: I8ea739cbf728b2134f3ce00cee29da42ab3fb4a3	4 years ago

1 2 3 4 5 ...

711 Commits (adbd2564234bcd35c03f574b3b3179ce7c034377)