feat: add new permission for freeswitch voip endpoints (#33310)

apps/meteor/app/api/server/lib/users.ts

@@ -143,21 +143,6 @@ export async function findPaginatedUsersByStatus({
 	hasLoggedIn,
 	type,
 }: FindPaginatedUsersByStatusProps) {
-	const projection = {
-		name: 1,
-		username: 1,
-		emails: 1,
-		roles: 1,
-		status: 1,
-		active: 1,
-		avatarETag: 1,
-		lastLogin: 1,
-		type: 1,
-		reason: 1,
-		federated: 1,
-		freeSwitchExtension: 1,
-	};
-
 	const actualSort: Record<string, 1 | -1> = sort || { username: 1 };
 	if (sort?.status) {
 		actualSort.active = sort.status;
@@ -184,6 +169,22 @@ export async function findPaginatedUsersByStatus({
 	}
 
 	const canSeeAllUserInfo = await hasPermissionAsync(uid, 'view-full-other-user-info');
+	const canSeeExtension = canSeeAllUserInfo || (await hasPermissionAsync(uid, 'view-user-voip-extension'));
+
+	const projection = {
+		name: 1,
+		username: 1,
+		emails: 1,
+		roles: 1,
+		status: 1,
+		active: 1,
+		avatarETag: 1,
+		lastLogin: 1,
+		type: 1,
+		reason: 1,
+		federated: 1,
+		...(canSeeExtension ? { freeSwitchExtension: 1 } : {}),
+	};
 
 	match.$or = [
 		...(canSeeAllUserInfo ? [{ 'emails.address': { $regex: escapeRegExp(searchTerm || ''), $options: 'i' } }] : []),

apps/meteor/app/authorization/server/constant/permissions.ts

@@ -208,6 +208,13 @@ export const permissions = [
 	// allows to receive a voip call
 	{ _id: 'inbound-voip-calls', roles: ['livechat-agent'] },
 
+	// Allow managing team collab voip extensions
+	{ _id: 'manage-voip-extensions', roles: ['admin'] },
+	// Allow viewing the extension number of other users
+	{ _id: 'view-user-voip-extension', roles: ['admin', 'user'] },
+	// Allow viewing details of an extension
+	{ _id: 'view-voip-extension-details', roles: ['admin', 'user'] },
+
 	{ _id: 'remove-livechat-department', roles: ['livechat-manager', 'admin'] },
 	{ _id: 'manage-apps', roles: ['admin'] },
 	{ _id: 'post-readonly', roles: ['admin', 'owner', 'moderator'] },

apps/meteor/ee/app/api-enterprise/server/voip-freeswitch.ts

@@ -13,7 +13,7 @@ import { settings } from '../../../../app/settings/server/cached';
 
 API.v1.addRoute(
 	'voip-freeswitch.extension.list',
-	{ authRequired: true, permissionsRequired: ['manage-voip-call-settings'], validateParams: isVoipFreeSwitchExtensionListProps },
+	{ authRequired: true, permissionsRequired: ['manage-voip-extensions'], validateParams: isVoipFreeSwitchExtensionListProps },
 	{
 		async get() {
 			const { username, type = 'all' } = this.queryParams;
@@ -55,7 +55,7 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'voip-freeswitch.extension.assign',
-	{ authRequired: true, permissionsRequired: ['manage-voip-call-settings'], validateParams: isVoipFreeSwitchExtensionAssignProps },
+	{ authRequired: true, permissionsRequired: ['manage-voip-extensions'], validateParams: isVoipFreeSwitchExtensionAssignProps },
 	{
 		async post() {
 			const { extension, username } = this.bodyParams;
@@ -86,7 +86,7 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'voip-freeswitch.extension.getDetails',
-	{ authRequired: true, permissionsRequired: ['manage-voip-call-settings'], validateParams: isVoipFreeSwitchExtensionGetDetailsProps },
+	{ authRequired: true, permissionsRequired: ['view-voip-extension-details'], validateParams: isVoipFreeSwitchExtensionGetDetailsProps },
 	{
 		async get() {
 			const { extension, group } = this.queryParams;
@@ -112,7 +112,7 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'voip-freeswitch.extension.getRegistrationInfoByUserId',
-	{ authRequired: true, permissionsRequired: ['manage-voip-call-settings'], validateParams: isVoipFreeSwitchExtensionGetInfoProps },
+	{ authRequired: true, permissionsRequired: ['view-user-voip-extension'], validateParams: isVoipFreeSwitchExtensionGetInfoProps },
 	{
 		async get() {
 			const { userId } = this.queryParams;

packages/i18n/src/locales/en.i18n.json

@@ -3467,6 +3467,8 @@
   "manage-user-status_description": "Permission to manage the server custom user statuses",
   "manage-voip-call-settings": "Manage Voip Call Settings",
   "manage-voip-call-settings_description": "Permission to manage voip call settings",
+  "manage-voip-extensions": "Manage Voip Extensions",
+  "manage-voip-extensions_description": "Permission to manage voip extensions assigned to users",
   "manage-voip-contact-center-settings": "Manage Voip Contact Center Settings",
   "manage-voip-contact-center-settings_description": "Permission to manage voip contact center settings",
   "Manage_Omnichannel": "Manage Omnichannel",
@@ -5904,6 +5906,10 @@
   "view-statistics_description": "Permission to view system statistics such as number of users logged in, number of rooms, operating system information",
   "view-user-administration": "View User Administration",
   "view-user-administration_description": "Permission to partial, read-only list view of other user accounts currently logged into the system. No user account information is accessible with this permission",
+  "view-user-voip-extension": "View User VoIP Extension",
+  "view-user-voip-extension_description": "Permission to view user's assigned VoIP Extension",
+  "view-voip-extension-details": "View VoIP Extension Details",
+  "view-voip-extension-details_description": "Permission to view the details associated with VoIP extensions",
   "Viewing_room_administration": "Viewing room administration",
   "Visibility": "Visibility",
   "Visible": "Visible",