Jump to content
2600Hz Community

Controlling user access to devices and their parameters


kazte
 Share

Recommended Posts

Hello,

I have the need to limit the number of devices created by an account in their call flow app or their smartpbx. I understand I can bill them "by device", but I would like that only resellers be able to add devices, while end users shall only "use" them.

I would also need to control the CLID that is placed in the device parameters. Ideally only CLID that are "mapped" as DID for an account shall be accepted. I think this is a common compliance requirement, to avoid one device impersonating an arbitrary number.

Alternatively, when a device uses a CLID that is not "owned" by the account, it should be overridden by kazoo with a "random" number from their DID pool, or the call should be dropped all together.

Any hints on how to achieve the above?

Link to comment
Share on other sites

Token restrictions will allow you to block "CREATE" "DELETE" operations for certain endpoints, though I've not implemented this myself yet;

https://docs.2600hz.com/integrator/applications/crossbar/doc/token_restrictions/

Not sure how to handle the CLID without writing your own app at this stage (though this is something I will be looking in to myself soon)

Link to comment
Share on other sites

The token restrictions for an account could be a checkbox in the accounts app when creating a subaccount (I.e. a reseller account could be able to just forbid new device creation, or even device updates).

Regarding CLID control,  In my current home-made module for asterisk, I do this during the call authorization phase. My module will query all available DID for an account. If the CLID presented by the device is not within them, I override the CLID with the first available DID and place and upstream the call. This allows the call to progress and the customer will probably understand.

My guess is that in kazoo this would be a ecallmgr task. Would it be possible to modify the CLID on the fly? If not, perhaps jonny5 could just not authorize the call when CLID != DID ? Perhaps  the numbers application (which I'll look at later) has a document with all assigned DID for an account ?

Link to comment
Share on other sites

Hi, 

Replying about how to restrict CLID, I think what you are looking for is the "ensure_valid_callerid" in system_config/callflow. By default it is set to false, just change it to true

you can also check the complete document here:

https://github.com/2600hz/kazoo/blob/master/applications/crossbar/priv/couchdb/schemas/system_config.callflow.json

 

Edited by godril (see edit history)
Link to comment
Share on other sites

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...