Enhance authorizations management and sync cache with these

[SebastianMB-IT]

After changing the user's profile settings, the new authorizations must be applied to the data shown inside the report, it isn't acceptable for the users to see changes after hours. Furthermore in some cases the authorizations are not correctly applied.

Actual behavior

• After editing the user's profile settings from the wizard, the data shown in report continue to be served from the server's cache so the new authorizations seems not applied
• When no queues are selected within the report's filters, data for all queues are shown even if the user isn't authorized to see data for them all
• Filters's fields values are set checking the user's authorizations and then these are cached client-side and not reloaded after authorizations editing
• The report's UI sections are visible to all users even if they aren't authorized to see any of those data

Proposed solution

• Compare server-side cached data expiration with the authorizations modification time and invalidate the single cached data if needed
• Enhance the permissions check before queries execution and restrict data only to authorized values
• Provide the authorizations modification time to the client and reload the fields values when authorizations are changed
• Provide a map for the report's UI sections based on authorizations and hide sections for the not authorized users
• Hide the cdr personal data for the admin user
• Allow the login only for users which have the permissions to see at least one report or section

Components

nethvoice-report nethserver-nethvoice14

[SebastianMB-IT]

The following table can be usefull to understand the users authorizations behavior:

AUTHORIZATIONS TABLE
/opt/nethvoice-report/api/user_authorizations.json	NV	QUEUES UI	QUEUES API	CDR UI	CDR API
{ username: marco, queues: [], groups: [], agents: [], users: [] },	QManager OFF - CDR OFF - CDR Groups OFF - CDR Global OFF	HIDDEN (access denied on login)	../login (access denied)	HIDDEN (access denied on login)	../login (access denied)
{ username: marco, queues: [], groups: [], agents: [], users: [ "220" ], },	QManager OFF - CDR ON - CDR Groups OFF - CDR Global OFF	HIDDEN	../graph/queues/.. (access denied)	SHOWN (only personal)	../graph/cdr/personal/.. (access granted) ../graph/cdr/pbx/.. (access denied)
{ username: marco, queues: [], groups: [ "Developers","NG","Support" ], agents: [], users: [ "220", "310", "221", "222", "223", "224", "225", "212","92212", "213", "91213", "211", "92211" ] },	QManager OFF - CDR ON - CDR Groups ON - CDR Global OFF	HIDDEN	../graph/queues/.. (access denied)	SHOWN	../graph/cdr/personal/.. (access granted) ../graph/cdr/pbx/.. (access granted only for listed users or groups data)
{ username: marco, queues: [], groups: [ "Developers","NG","Support" ], agents: [], users: [ "220", "310", "221", "222", "223", "224", "225", "212","92212", "213", "91213", "211", "92211" ] },	QManager OFF - CDR ON - CDR Groups OFF - CDR Global ON	HIDDEN	../graph/queues/.. (access denied)	SHOWN	../graph/cdr/personal/.. (access granted) ../graph/cdr/pbx/.. (access granted only for listed users or groups data)
{ username: marco, queues: [], groups: [ "Developers","NG","Support" ], agents: [], users: [ "220", "310", "221", "222", "223", "224", "225", "212","92212", "213", "91213", "211", "92211" ] },	QManager OFF - CDR ON - CDR Groups ON - CDR Global ON	HIDDEN	../graph/queues/.. (access denied)	SHOWN	../graph/cdr/personal/.. (access granted) ../graph/cdr/pbx/.. (access granted only for listed users or groups data)
{ username: marco, queues: [ 401, 402, 404, 405 ], groups: [], agents: [ "foo 5" ,"foo 6" ,"foo 7" ,"foo 8" ,"foo 2" ], users: [] },	QManager ON - CDR OFF - CDR Groups OFF - CDR Global OFF	SHOWN	../graph/queues/.. (access granted only for listed agents or queues data)	HIDDEN	../graph/cdr/.. (access denied)
{ username: marco, queues: [ 401, 402, 404, 405 ], groups: [ "Developers","NG","Support" ], agents: [ "foo 5", "foo 6", "foo 7", "foo 8" ,"foo 2" ], users: [ "220" ,"310" ,"221" ,"222" ,"223" ,"224" ,"225" ,"212" ,"92212" ,"213" ,"91213" ,"211" ,"92211" ] },	QManager ON CDR ON CDR Groups ON CDR Global ON	SHOWN	../graph/queues/.. (access granted only for listed agents or queues data)	SHOWN	../graph/cdr/personal/.. (access granted) ../graph/cdr/pbx/.. (access granted only for listed users or groups data)

Furthermore for cdr pbx sections permissions an additional behavior must be implemented:

• Cdr PBX inbound -> check only called (destinations) in allowed users
• Cdr PBX outbound -> check only caller (sources) in allowed users
• Cdr PBX local -> check caller (sources) or called (destinations) in allowed users

[nethbot]

in 7.9.2009/nethesis-testing:

• nethvoice-report-1.1.3-1.1.g38830e6.ns7.x86_64.rpm x86_64
• nethvoice-report-debuginfo-1.1.3-1.1.g38830e6.ns7.x86_64.rpm x86_64

[nethbot]

in 7.9.2009/nethesis-testing:

• nethserver-nethvoice14-14.16.1-1.1.gde35055.ns7.noarch.rpm x86_64

[nethbot]

in 7.9.2009/nethesis-testing:

• nethserver-nethvoice14-14.16.1-1.2.g4b4208e.ns7.noarch.rpm x86_64

[nethbot]

in 7.9.2009/nethesis-updates:

• nethvoice-report-1.1.4-1.ns7.x86_64.rpm x86_64
• nethvoice-report-debuginfo-1.1.4-1.ns7.x86_64.rpm x86_64

[nethbot]

in 7.9.2009/nethesis-updates:

• nethserver-nethvoice14-14.16.2-1.ns7.noarch.rpm x86_64