[asterisk-dev] More manager, more manager, more manager

Olle E Johansson olle at voop.com
Wed Apr 25 23:14:52 MST 2007 

26 apr 2007 kl. 08.09 skrev Tzafrir Cohen:

> On Wed, Apr 25, 2007 at 09:29:46PM +0200, Olle E Johansson wrote:
>> FYI:
>> I've started a new YAOB (YAOB = yet another Olle branch) to clean up
>> and add to manager a bit. It's based
>> on 1.4, for some specific reasons. It's called "moremanager"
>>
>> I'm proposing to implement this cleanup in trunk and update the
>> manager revision from 1.0 to 1.1 to indicate
>> the changes.
>>
>> Among the changes are things to make it easier to write a parser,
>> like Always having the Result/Response or
>> Event: header as the first line in an event, and try to be more
>> consequent in naming the current channel "Channel"
>> - not Channel1, SrcChannel, THischannel or ThatChannel.
>>
>> I've documented the changes for your review. Please read and comment
>> or - you can do it - test it!
>>
>> http://svn.digium.com/view/asterisk/team/oej/moremanager/
>> CHANGES.moremanager
>
> Anything on the issue of permissions for manager actions?
>
> For instance, the Originate action is too powerful, as it allows the
> originator to originate a call to an arbitrary context and using an
> arbitrary application. Hence can instruct Asterisk to run a System()
> command.
>
> Is there a need for a more limited Originate-like action?
>
> What is the meaning of each of the permissions we have?
>
> What exactly is the meaning of the "log" permission?
> What exactly is the meaning of the "system" permission? What is
> read=system?

It's not the scope of this work, but we certainly need to document  
the current
system and then think about what we need.

During my work with ASTUM, the Asterisk User Manager, I started doing  
some
work on a generic user object with group memberships that could be  
used to
control access to services - including the CLI and manager.

At some point there needs to be some kind of PBX domain definition -  
a set of services only
members of the domain can reach. And of course, the good old  
"superuser" :-)

/O

More information about the asterisk-dev mailing list