kazte Posted November 12, 2020 Report Share Posted November 12, 2020 Hello, I have the need to limit the number of devices created by an account in their call flow app or their smartpbx. I understand I can bill them "by device", but I would like that only resellers be able to add devices, while end users shall only "use" them. I would also need to control the CLID that is placed in the device parameters. Ideally only CLID that are "mapped" as DID for an account shall be accepted. I think this is a common compliance requirement, to avoid one device impersonating an arbitrary number. Alternatively, when a device uses a CLID that is not "owned" by the account, it should be overridden by kazoo with a "random" number from their DID pool, or the call should be dropped all together. Any hints on how to achieve the above? Link to comment Share on other sites More sharing options...
Mooseable Posted November 13, 2020 Report Share Posted November 13, 2020 Token restrictions will allow you to block "CREATE" "DELETE" operations for certain endpoints, though I've not implemented this myself yet; https://docs.2600hz.com/integrator/applications/crossbar/doc/token_restrictions/ Not sure how to handle the CLID without writing your own app at this stage (though this is something I will be looking in to myself soon) Link to comment Share on other sites More sharing options...
kazte Posted November 13, 2020 Author Report Share Posted November 13, 2020 The token restrictions for an account could be a checkbox in the accounts app when creating a subaccount (I.e. a reseller account could be able to just forbid new device creation, or even device updates). Regarding CLID control, In my current home-made module for asterisk, I do this during the call authorization phase. My module will query all available DID for an account. If the CLID presented by the device is not within them, I override the CLID with the first available DID and place and upstream the call. This allows the call to progress and the customer will probably understand. My guess is that in kazoo this would be a ecallmgr task. Would it be possible to modify the CLID on the fly? If not, perhaps jonny5 could just not authorize the call when CLID != DID ? Perhaps the numbers application (which I'll look at later) has a document with all assigned DID for an account ? Link to comment Share on other sites More sharing options...
godril Posted November 14, 2020 Report Share Posted November 14, 2020 (edited) Hi, Replying about how to restrict CLID, I think what you are looking for is the "ensure_valid_callerid" in system_config/callflow. By default it is set to false, just change it to true you can also check the complete document here: https://github.com/2600hz/kazoo/blob/master/applications/crossbar/priv/couchdb/schemas/system_config.callflow.json Edited November 14, 2020 by godril (see edit history) Link to comment Share on other sites More sharing options...
kazte Posted November 15, 2020 Author Report Share Posted November 15, 2020 Spot on @godril . It's sunday here but I could not resist to look at the trunkstore code and it does exactly this. Thank you! Link to comment Share on other sites More sharing options...
godril Posted January 14, 2021 Report Share Posted January 14, 2021 Hi @kazte No problem at all. Btw, did you find answer on how to limit device according to your policy? Link to comment Share on other sites More sharing options...
Recommended Posts