From 88217297ec6bae4fb4c876631e521c52a5c07419 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Mon, 5 Feb 2024 17:55:59 +0100
Subject: [PATCH 01/84] nsx importer start

---
 documentation/revision-history-develop.md     |   3 +
 inventory/group_vars/all.yml                  |   2 +-
 .../files/sql/creation/fworch-fill-stm.sql    |   5 +
 roles/database/files/upgrade/7.3.7.sql        |   4 +
 .../files/importer/vmwareNSX/__init__.py      |   0
 .../importer/vmwareNSX/discovery_logging.conf |  41 ++++
 .../files/importer/vmwareNSX/fwcommon.py      | 101 ++++++++++
 .../importer/vmwareNSX/nsx_application.py     |  37 ++++
 .../files/importer/vmwareNSX/nsx_base.py      |   2 +
 .../files/importer/vmwareNSX/nsx_getter.py    |  92 +++++++++
 .../files/importer/vmwareNSX/nsx_network.py   | 175 ++++++++++++++++++
 .../files/importer/vmwareNSX/nsx_rule.py      | 144 ++++++++++++++
 .../files/importer/vmwareNSX/nsx_service.py   | 134 ++++++++++++++
 .../files/importer/vmwareNSX/nsx_zone.py      |  15 ++
 .../Pages/Settings/SettingsGateways.razor     |   3 +-
 15 files changed, 756 insertions(+), 2 deletions(-)
 create mode 100644 roles/database/files/upgrade/7.3.7.sql
 create mode 100644 roles/importer/files/importer/vmwareNSX/__init__.py
 create mode 100644 roles/importer/files/importer/vmwareNSX/discovery_logging.conf
 create mode 100644 roles/importer/files/importer/vmwareNSX/fwcommon.py
 create mode 100644 roles/importer/files/importer/vmwareNSX/nsx_application.py
 create mode 100644 roles/importer/files/importer/vmwareNSX/nsx_base.py
 create mode 100644 roles/importer/files/importer/vmwareNSX/nsx_getter.py
 create mode 100644 roles/importer/files/importer/vmwareNSX/nsx_network.py
 create mode 100644 roles/importer/files/importer/vmwareNSX/nsx_rule.py
 create mode 100644 roles/importer/files/importer/vmwareNSX/nsx_service.py
 create mode 100644 roles/importer/files/importer/vmwareNSX/nsx_zone.py

diff --git a/documentation/revision-history-develop.md b/documentation/revision-history-develop.md
index 3280dfb4d..9bf05abae 100644
--- a/documentation/revision-history-develop.md
+++ b/documentation/revision-history-develop.md
@@ -175,3 +175,6 @@ bugfix release:
 - common service handling
 - fixes credentials when installing without demo data
 - fix error with pdf creation on debian testing
+
+# 7.3.7 - 29.02.2024 DEVELOP
+- adding firewall importer support for NSX
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 1c87fdf27..d2e2b81f5 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -1,5 +1,5 @@
 ### general settings
-product_version: "7.3.6"
+product_version: "7.3.7"
 ansible_user: "{{ lookup('env', 'USER') }}"
 ansible_become_method: sudo
 ansible_python_interpreter: /usr/bin/python3
diff --git a/roles/database/files/sql/creation/fworch-fill-stm.sql b/roles/database/files/sql/creation/fworch-fill-stm.sql
index 062deaeb2..3f0620453 100644
--- a/roles/database/files/sql/creation/fworch-fill-stm.sql
+++ b/roles/database/files/sql/creation/fworch-fill-stm.sql
@@ -338,6 +338,11 @@ insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufac
     VALUES (24,'FortiOS Management','REST','Fortinet','',false,true,false) ON CONFLICT DO NOTHING;
 insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device)
     VALUES (25,'Fortinet FortiOS Gateway','REST','Fortinet','',false,false,false) ON CONFLICT DO NOTHING;
+insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device)
+    VALUES (26,'NSX','REST','VMWare','',false,true,false) ON CONFLICT DO NOTHING;
+insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device)
+    VALUES (27,'NSX DFW Gateway','REST','VMWare','',false,false,false) ON CONFLICT DO NOTHING;
+
 
 update stm_dev_typ set dev_typ_predef_svc=
 'ANY;0;0;65535;1;other;simple
diff --git a/roles/database/files/upgrade/7.3.7.sql b/roles/database/files/upgrade/7.3.7.sql
new file mode 100644
index 000000000..d85bfaac2
--- /dev/null
+++ b/roles/database/files/upgrade/7.3.7.sql
@@ -0,0 +1,4 @@
+insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device)
+    VALUES (26,'NSX','4ff','VMWare','',false,true,false) ON CONFLICT DO NOTHING;
+insert into stm_dev_typ (dev_typ_id,dev_typ_name,dev_typ_version,dev_typ_manufacturer,dev_typ_predef_svc,dev_typ_is_multi_mgmt,dev_typ_is_mgmt,is_pure_routing_device)
+    VALUES (27,'NSX DFW Gateway','4ff','VMWare','',false,false,false) ON CONFLICT DO NOTHING;
diff --git a/roles/importer/files/importer/vmwareNSX/__init__.py b/roles/importer/files/importer/vmwareNSX/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/roles/importer/files/importer/vmwareNSX/discovery_logging.conf b/roles/importer/files/importer/vmwareNSX/discovery_logging.conf
new file mode 100644
index 000000000..139c55a9c
--- /dev/null
+++ b/roles/importer/files/importer/vmwareNSX/discovery_logging.conf
@@ -0,0 +1,41 @@
+[loggers]
+keys=root,discoveryDebugLogger
+#keys=root,__main__
+
+[handlers]
+keys=consoleHandler,debugFileHandler
+
+[formatters]
+keys=defaultFormatter,debugFileFormatter
+
+[logger_root]
+level=DEBUG
+handlers=consoleHandler
+
+[logger_discoveryDebugLogger]
+#[logger___main__]
+level=DEBUG
+handlers=debugFileHandler
+qualname=discoveryDebugLogger
+#qualname=__main__
+propagate=0
+
+[handler_consoleHandler]
+class=StreamHandler
+level=DEBUG
+formatter=defaultFormatter
+args=(sys.stderr,)
+
+[handler_debugFileHandler]
+class=FileHandler
+level=DEBUG
+formatter=debugFileFormatter
+args=('/tmp/fworch_discovery.log',)
+# args=('/var/log/fworch/discovery.log',)
+
+[formatter_defaultFormatter]
+format=%(levelname)s:%(name)s:%(message)s
+
+[formatter_debugFileFormatter]
+format=%(asctime)s - %(name)s - %(levelname)s - %(message)s
+
diff --git a/roles/importer/files/importer/vmwareNSX/fwcommon.py b/roles/importer/files/importer/vmwareNSX/fwcommon.py
new file mode 100644
index 000000000..87de87449
--- /dev/null
+++ b/roles/importer/files/importer/vmwareNSX/fwcommon.py
@@ -0,0 +1,101 @@
+import sys
+from common import importer_base_dir
+sys.path.append(importer_base_dir + "/paloaltomanagement2023ff")
+from palo_service import normalize_svcobjects
+from palo_application import normalize_application_objects
+from palo_rule import normalize_access_rules
+from palo_network import normalize_nwobjects
+from palo_zone import normalize_zones
+from palo_getter import login, update_config_with_palofw_api_call
+from fwo_log import getFwoLogger
+from palo_base import api_version_str
+
+def has_config_changed(full_config, mgm_details, force=False):
+    # dummy - may be filled with real check later on
+    return True
+
+
+def get_config(config2import, full_config, current_import_id, mgm_details, limit=1000, force=False, jwt=''):
+    logger = getFwoLogger()
+    if full_config == {}:   # no native config was passed in, so getting it from Azzure
+        parsing_config_only = False
+    else:
+        parsing_config_only = True
+
+    if not parsing_config_only: # no native config was passed in, so getting it from Palo Firewall
+        apipwd = mgm_details["import_credential"]['secret']
+        apiuser = mgm_details["import_credential"]['user']
+        apihost = mgm_details["hostname"]
+
+        vsys_objects   = ["/Network/Zones", "/Objects/Addresses", "/Objects/Services", "/Objects/AddressGroups", "/Objects/ServiceGroups", "/Objects/Tags"]
+        predef_objects = ["/Objects/Applications"]
+        rulebase_names = ["/Policies/SecurityRules", "/Policies/NATRules"]
+
+        for obj_path in vsys_objects:
+            full_config[obj_path] = []
+
+        for obj_path in predef_objects:
+            full_config[obj_path] = []
+        
+        # login
+        key = login(apiuser, apipwd, apihost)
+        if key == None or key == "":
+            logger.error('Did not succeed in logging in to Palo API, no key returned.')
+            return 1
+
+        ## get objects:
+        base_url =  "https://{apihost}/restapi/v{api_version_str}".format(apihost=apihost, api_version_str=api_version_str)
+
+        vsys_name = "vsys1" # TODO - automate this hard-coded name
+        location = "vsys"       # alternative: panorama-pushed
+
+        for obj_path in vsys_objects:
+            update_config_with_palofw_api_call(key, base_url, full_config, obj_path + "?location={location}&vsys={vsys_name}".format(location=location, vsys_name=vsys_name), obj_type=obj_path)
+
+        for obj_path in predef_objects:
+            update_config_with_palofw_api_call(key, base_url, full_config, obj_path + "?location={location}".format(location="predefined"), obj_type=obj_path)
+
+        # users
+        
+        # get rules
+        full_config.update({'devices': {}})
+        for device in mgm_details["devices"]:
+            dev_id = device['id']
+            dev_name = device['local_rulebase_name']
+            full_config['devices'].update({ dev_id: {} })
+
+            for obj_path in rulebase_names:
+                update_config_with_palofw_api_call(
+                        key, base_url, full_config['devices'][device['id']], 
+                        obj_path + "?location={location}&vsys={vsys_name}".format(location="vsys", vsys_name=dev_name),
+                        obj_type=obj_path)
+
+    ##################
+    # now we normalize relevant parts of the raw config and write the results to config2import dict
+
+    normalize_nwobjects(full_config, config2import, current_import_id, jwt=jwt, mgm_id=mgm_details['id'])
+    normalize_svcobjects(full_config, config2import, current_import_id)
+    normalize_application_objects(full_config, config2import, current_import_id)
+    # normalize_users(full_config, config2import, current_import_id, user_scope)
+
+    # adding default any and predefined objects
+    any_nw_svc = {"svc_uid": "any_svc_placeholder", "svc_name": "any", "svc_comment": "Placeholder service.", 
+        "svc_typ": "simple", "ip_proto": -1, "svc_port": 0, "svc_port_end": 65535, "control_id": current_import_id}
+    http_svc = {"svc_uid": "http_predefined_svc", "svc_name": "service-http", "svc_comment": "Predefined service", 
+        "svc_typ": "simple", "ip_proto": 6, "svc_port": 80, "control_id": current_import_id}
+    https_svc = {"svc_uid": "https_predefined_svc", "svc_name": "service-https", "svc_comment": "Predefined service", 
+        "svc_typ": "simple", "ip_proto": 6, "svc_port": 443, "control_id": current_import_id}
+
+    config2import["service_objects"].append(any_nw_svc)
+    config2import["service_objects"].append(http_svc)
+    config2import["service_objects"].append(https_svc)
+
+    any_nw_object = {"obj_uid": "any_obj_placeholder", "obj_name": "any", "obj_comment": "Placeholder object.",
+        "obj_typ": "network", "obj_ip": "0.0.0.0/0", "control_id": current_import_id}
+    config2import["network_objects"].append(any_nw_object)
+
+    normalize_zones(full_config, config2import, current_import_id)
+    normalize_access_rules(full_config, config2import, current_import_id, mgm_details=mgm_details)
+    # normalize_nat_rules(full_config, config2import, current_import_id, jwt=jwt)
+
+    return 0
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_application.py b/roles/importer/files/importer/vmwareNSX/nsx_application.py
new file mode 100644
index 000000000..4652fa0c6
--- /dev/null
+++ b/roles/importer/files/importer/vmwareNSX/nsx_application.py
@@ -0,0 +1,37 @@
+from fwo_const import list_delimiter
+from fwo_log import getFwoLogger
+
+
+def normalize_application_objects(full_config, config2import, import_id):
+    app_objects = []
+    for app_orig in full_config["/Objects/Applications"]:
+        app_objects.append(parse_app(app_orig, import_id,config2import))
+    config2import['service_objects'] += app_objects
+
+
+def extract_base_app_infos(app_orig, import_id):
+    app = {}
+    if "@name" in app_orig:
+        app["svc_uid"] = app_orig["@name"]
+        app["svc_name"] = app_orig["@name"]
+    if "comment" in app_orig:
+        app["svc_comment"] = app_orig["comment"]
+    app["control_id"] = import_id 
+    app["svc_typ"] = 'simple' 
+    return app
+
+
+def parse_app(app_orig, import_id,config2import):
+    svc = extract_base_app_infos(app_orig, import_id)
+    app_comment = ''
+    if 'category' in app_orig:
+        app_comment = "category: " + app_orig['category']
+        if 'subcategory' in app_orig:
+            app_comment += ", " +  "subcategory: " + app_orig['subcategory']
+            if 'technology' in app_orig:
+                app_comment += ", " + "technology: " + app_orig['technology']
+    if 'svc_comment' in svc:
+        svc['svc_comment'] += "; " + app_comment
+    else:
+        svc['svc_comment'] = app_comment
+    return svc
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_base.py b/roles/importer/files/importer/vmwareNSX/nsx_base.py
new file mode 100644
index 000000000..e4a69e545
--- /dev/null
+++ b/roles/importer/files/importer/vmwareNSX/nsx_base.py
@@ -0,0 +1,2 @@
+
+api_version_str="9.1"
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_getter.py b/roles/importer/files/importer/vmwareNSX/nsx_getter.py
new file mode 100644
index 000000000..ae2c94b33
--- /dev/null
+++ b/roles/importer/files/importer/vmwareNSX/nsx_getter.py
@@ -0,0 +1,92 @@
+# library for API get functions
+import base64
+from typing import Dict
+from fwo_log import getFwoLogger
+import requests.packages
+import requests
+import xmltodict, json
+import fwo_globals
+from fwo_exception import FwLoginFailed
+
+
+def api_call(url, params = {}, headers = {}, data = {}, credentials = '', show_progress=False, method='get'):
+    logger = getFwoLogger()
+    result_type='xml'
+    request_headers = {'Content-Type': 'application/json'}
+    for header_key in headers:
+        request_headers[header_key] = headers[header_key]
+    if key != '':
+        request_headers["Authorization"] = 'Basic ' + '{credentials}'.format(key=key)
+        result_type='json'
+
+    if method == "post":
+        response = requests.post(url, params=params, data=data, headers=request_headers, verify=fwo_globals.verify_certs)
+    elif method == "get":
+        response = requests.get(url, params=params, headers=request_headers, verify=fwo_globals.verify_certs)
+    else:
+        raise Exception("unknown HTTP method found in palo_getter")
+    
+    # error handling:
+    exception_text = ''
+    if response is None:
+        if 'password' in json.dumps(data):
+            exception_text = "error while sending api_call containing credential information to url '" + \
+                str(url)
+        else:
+            exception_text = "error while sending api_call to url '" + str(url) + "' with payload '" + json.dumps(
+                data, indent=2) + "' and  headers: '" + json.dumps(request_headers, indent=2)
+    if not response.ok:
+        exception_text = 'error code: {error_code}, error={error}'.format(error_code=response.status_code, error=response.content)
+        #logger.error(response.content)
+    if (len(response.content) == 0):
+        exception_text = 'empty response content'
+
+    if exception_text != '':
+        raise Exception(exception_text)
+
+    # no errors found
+    if result_type=='xml':
+        r = xmltodict.parse(response.content)
+        body_json = json.loads(json.dumps(r))
+    elif result_type=='json':
+        body_json = json.loads(response.content)
+        if 'result' in body_json:
+            body_json = body_json['result']
+
+    else:
+        body_json = None
+
+    return body_json
+
+
+def login(apiuser, apipwd, apihost):
+    base_url = "https://{apihost}/api/?type=keygen&user={apiuser}&password={apipwd}".format(apihost=apihost, apiuser=apiuser, apipwd=apipwd)
+    try:
+        body = api_call(base_url, method="get", headers={}, data={})
+    except Exception as e:
+        raise FwLoginFailed("Palo FW login to firewall=" + str(apihost) + " failed; Message: " + str(e)) from None
+    
+    if 'response' in body and 'result' in body['response'] and 'key' in body['response']['result'] and not body['response']['result']['key'] == None:
+        key = body['response']['result']['key']
+    else:
+        raise FwLoginFailed("Palo FW login to firewall=" + str(apihost) + " failed") from None
+    
+    if fwo_globals.debug_level > 2:
+        logger = getFwoLogger()
+        logger.debug("Login successful. Received key: " + key)
+
+    return key
+
+
+def update_config_with_palofw_api_call(key, api_base_url, config, api_path, obj_type='generic', parameters={}, payload={}, show_progress=False, limit: int=1000, method="get"):
+    returned_new_data = True
+    
+    full_result = []
+    result = api_call(api_base_url + api_path,key=key, params=parameters, data=payload, show_progress=show_progress, method=method)
+    if "entry" in result:
+        returned_new_data = len(result['entry'])>0
+    else:
+        returned_new_data = False
+    if returned_new_data:
+        full_result.extend(result["entry"])           
+        config.update({obj_type: full_result})
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_network.py b/roles/importer/files/importer/vmwareNSX/nsx_network.py
new file mode 100644
index 000000000..252ba38cf
--- /dev/null
+++ b/roles/importer/files/importer/vmwareNSX/nsx_network.py
@@ -0,0 +1,175 @@
+from asyncio.log import logger
+from fwo_log import getFwoLogger
+from fwo_const import list_delimiter
+import ipaddress
+
+
+def normalize_nwobjects(full_config, config2import, import_id, jwt=None, mgm_id=None):
+    logger = getFwoLogger()
+    nw_objects = []
+    nw_tagged_groups = {}
+    for obj_orig in full_config["/Objects/Addresses"]:
+        nw_objects.append(parse_object(obj_orig, import_id, config2import, nw_objects))
+        if 'tag' in obj_orig and 'member' in obj_orig['tag']:
+            logger.info("found simple network object with tags: " + obj_orig['@name'])
+            for t in obj_orig['tag']['member']:
+                collect_tag_information(nw_tagged_groups, "#"+t, obj_orig['@name'])
+
+    for tag in nw_tagged_groups:
+        logger.info("handling nw_tagged_group: " + tag + " with members: " + list_delimiter.join(nw_tagged_groups[tag]))
+        obj = {}
+        obj["obj_name"] = tag
+        obj["obj_uid"] = tag
+        obj["obj_comment"] = 'dynamic group defined by tagging'
+        obj['control_id'] = import_id
+        obj['obj_typ'] = 'group'
+        members = nw_tagged_groups[tag] # parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups)
+        obj['obj_members'] = list_delimiter.join(members)
+        obj['obj_member_refs'] = list_delimiter.join(members)
+        nw_objects.append(obj)
+
+    for obj_grp_orig in full_config["/Objects/AddressGroups"]:
+        logger.info("found network group: " + obj_grp_orig['@name'])
+        obj_grp = extract_base_object_infos(obj_grp_orig, import_id, config2import, nw_objects)
+        obj_grp["obj_typ"] = "group"
+        if 'static' in obj_grp_orig and 'filter' in obj_grp_orig['static']:
+            obj_grp["obj_member_refs"], obj_grp["obj_member_names"] = parse_static_obj_group(obj_grp_orig, import_id, nw_objects, config2import)
+        if 'dynamic' in obj_grp_orig and 'filter' in obj_grp_orig['dynamic']:
+            members = parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups)
+            obj_grp["obj_member_refs"] = list_delimiter.join(members)
+            obj_grp["obj_member_names"] = list_delimiter.join(members)
+        nw_objects.append(obj_grp)
+        if 'tag' in obj_grp_orig and 'member' in obj_grp_orig['tag']:
+            logger.info("found network group with tags: " + obj_grp_orig['@name'])
+            for t in obj_grp_orig['tag']['member']:
+                logger.info("    found tag " + t)
+                collect_tag_information(nw_tagged_groups, "#"+t, obj_grp_orig['@name'])
+    
+    config2import['network_objects'] = nw_objects
+
+
+def parse_object(obj_orig, import_id, config2import, nw_objects):
+    obj = extract_base_object_infos(obj_orig, import_id, config2import, nw_objects)
+    obj['obj_ip'] = obj_orig['ip-netmask']
+    if '/' in obj['obj_ip'] and not '/32' in obj['obj_ip']:
+        obj['obj_typ'] = 'network'
+    else:
+        obj['obj_typ'] = 'host'
+    return obj
+
+
+def extract_base_object_infos(obj_orig, import_id, config2import, nw_objects):
+    obj = {}
+    obj["obj_name"] = obj_orig["@name"]
+    obj["obj_uid"] = obj_orig["@name"]
+    if 'description' in obj_orig:
+        obj["obj_comment"] = obj_orig["description"] 
+    if 'tag' in obj_orig:
+        tag_list = ",".join(obj_orig["tag"]['member'])
+        if 'obj_comment' in obj:
+            obj["obj_comment"] += ("; tags: " + tag_list)
+        else:
+            obj["obj_comment"] = tag_list
+    obj['control_id'] = import_id
+    return obj
+
+
+def parse_dynamic_object_group(orig_grp, nw_tagged_groups):
+    if "dynamic" in orig_grp:
+        if 'filter' in orig_grp['dynamic']:
+            if ' ' not in orig_grp['dynamic']['filter']:
+                # just a single tag
+                # add all nw objects with the tag to this group
+                tag = "#" + orig_grp['dynamic']['filter'][1:-1]
+                if tag in nw_tagged_groups:
+                    return nw_tagged_groups[tag]
+            else:
+                # later: deal with more complex tagging (and/or)
+                return []
+    return []
+
+
+def parse_static_obj_group(orig_grp, import_id, nw_objects, config2import, id = None):
+    refs = []
+    names = []
+
+    if "static" in orig_grp and "member" in orig_grp["static"]:
+        for m in orig_grp['static']['member']:
+            names.append(m)
+            refs.append(m)
+    return list_delimiter.join(refs), list_delimiter.join(names)
+
+
+def parse_obj_list(nw_obj_list, import_id, obj_list, id, type='network'):
+    refs = []
+    names = []
+    for obj_name in nw_obj_list:
+        names.append(obj_name)
+        refs.append(lookup_obj_uid(obj_name, obj_list, import_id, type=type))
+    return list_delimiter.join(refs), list_delimiter.join(names)
+
+
+def lookup_obj_uid(obj_name, obj_list, import_id, type='network'):
+    for o in obj_list:
+        if type=='network' and 'obj_name' in o:
+            if o['obj_name']==obj_name:
+                return o['obj_uid']
+        elif type=='service' and 'svc_name' in o:
+            if o['svc_name']==obj_name:
+                return o['svc_uid']
+        else:
+            logger.warning("could not find object name in object " + str(o))
+
+    # could not find existing obj in obj list, so creating new one
+    if type=='network':
+        refs, names = add_ip_obj([obj_name], obj_list, import_id)
+        return refs ## assuming only one object here
+    elif type=='service':
+        logger.warning("could not find service object " + str(obj_name))
+    else:
+        logger.warning("unknown object type '" + type + "' for object " + str(obj_name))
+    return None
+
+
+def add_ip_obj(ip_list, obj_list, import_id):
+    refs = []
+    names = []
+    for ip in ip_list:
+        # TODO: lookup ip in network_objects and re-use
+        ip_obj = {}
+        ip_obj['obj_name'] = ip
+        ip_obj['obj_uid'] = ip_obj['obj_name']
+        try:
+            ipaddress.ip_network(ip)
+            # valid ip
+            ip_obj['obj_ip'] = ip
+        except:
+            # no valid ip - asusming Tag
+            ip_obj['obj_ip'] = '0.0.0.0/0'
+            ip = '0.0.0.0/0'
+            ip_obj['obj_name'] = "#"+ip_obj['obj_name']
+            ip_obj['obj_uid'] = ip_obj['obj_name']
+        ip_obj['obj_type'] = 'simple'
+        ip_obj['obj_typ'] = 'host'
+        if "/" in ip:
+            ip_obj['obj_typ'] = 'network'
+
+        if "-" in ip: # ip range
+            ip_obj['obj_typ'] = 'ip_range'
+            ip_range = ip.split("-")
+            ip_obj['obj_ip'] = ip_range[0]
+            ip_obj['obj_ip_end'] = ip_range[1]
+        
+        ip_obj['control_id'] = import_id
+
+        obj_list.append(ip_obj)
+        refs.append(ip_obj['obj_uid'])
+        names.append(ip_obj['obj_name'])
+    return list_delimiter.join(refs), list_delimiter.join(names)
+
+
+def collect_tag_information(tagged_groups, tag, obj_name):
+    if tag in tagged_groups.keys():
+        tagged_groups[tag].append(obj_name)
+    else:
+        tagged_groups.update({tag: [obj_name]})
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_rule.py b/roles/importer/files/importer/vmwareNSX/nsx_rule.py
new file mode 100644
index 000000000..6071f5ef2
--- /dev/null
+++ b/roles/importer/files/importer/vmwareNSX/nsx_rule.py
@@ -0,0 +1,144 @@
+from palo_service import parse_svc_list
+from palo_network import parse_obj_list
+from fwo_log import getFwoLogger
+from fwo_const import list_delimiter
+import hashlib
+import base64
+
+
+def make_hash_sha256(o):
+    hasher = hashlib.sha256()
+    hasher.update(repr(make_hashable(o)).encode())
+    return base64.b64encode(hasher.digest()).decode()
+
+
+def make_hashable(o):
+    if isinstance(o, (tuple, list)):
+        return tuple((make_hashable(e) for e in o))
+
+    if isinstance(o, dict):
+        return tuple(sorted((k,make_hashable(v)) for k,v in o.items()))
+
+    if isinstance(o, (set, frozenset)):
+        return tuple(sorted(make_hashable(e) for e in o))
+
+    return o
+
+
+def normalize_access_rules(full_config, config2import, import_id, mgm_details={}):
+    rules = []
+    logger = getFwoLogger()
+
+    nw_obj_names = []
+    for o in config2import['network_objects']:
+        nw_obj_names.append(o["obj_name"])
+
+    for device in full_config["devices"]:     
+        rule_number = 0
+        for dev_id in full_config['devices'].keys():
+            for rulebase in list(full_config['devices'][dev_id].keys()):
+                for rule_orig in full_config['devices'][dev_id][rulebase]:
+                    rule = {'rule_src': 'any', 'rule_dst': 'any', 'rule_svc': 'any',
+                    'rule_src_refs': 'any_obj_placeholder', 'rule_dst_refs': 'any_obj_placeholder',
+                    'rule_src_neg': False, 'rule_dst_neg': False,
+                    'rule_svc_refs': 'any_svc_placeholder'}
+                    if 'negate-source' in rule_orig and rule_orig['negate-source']=='yes':
+                        rule["rule_src_neg"] = True
+                    if 'negate-destination' in rule_orig and rule_orig['negate-destination']=='yes':
+                        rule["rule_dst_neg"] = True
+                    rule.update({
+                        "rule_svc_neg": False,     # not possible to negate the svc field on Palo
+                        "rulebase_name": rule_orig['@vsys'],
+                        "rule_name": rule_orig['@name'],
+                        'rule_type': 'access',
+                        'rule_num': rule_number,
+                        'rule_installon': rule_orig['@vsys'],
+                        'parent_rule_id': None,
+                        'rule_time': None,
+                        'rule_implied': False,
+                        'rule_comment': None,
+                        'rule_track': 'None',
+                        'rule_uid': rule_orig['@uuid'],
+                        'rule_disabled': False,
+                        'control_id': import_id
+                    })
+
+                    if "action" in rule_orig:
+                        if rule_orig['action']=='allow':
+                            rule['rule_action'] = 'accept'
+                        elif rule_orig['action']=='drop':
+                            rule['rule_action'] = 'drop'
+                        elif rule_orig['action']=='deny':
+                            rule['rule_action'] = 'deny'
+                        elif rule_orig['action']=='reset-client':
+                            rule['rule_action'] = 'reject'
+                        else:
+                            logger.warning("found undefined action:" + str(rule_orig))
+                    else:   # NAT rules
+                        rule['rule_action'] = "accept"
+                        rule['rule_type'] = 'nat'
+
+                    # TODO: should either duplicate the rule for each zone to zone pair
+                    # or much better allow for n:m rule:zone mappings --> change of DB necessary
+                    # instead we are just picking the last one!!!
+                    for z in rule_orig['from']['member']:
+                        rule.update({'rule_from_zone': z})
+                    for z in rule_orig['to']['member']:
+                        rule.update({'rule_to_zone': z})
+
+                    if 'disabled' in rule_orig and rule_orig['disabled']=='yes':
+                        rule['rule_disabled'] = True
+                    if 'log-start' in rule_orig:
+                        if rule_orig['log-start']=='yes':
+                            rule['rule_track'] = 'all start'
+                        elif rule_orig['log-start']=='no':
+                            rule['rule_track'] = 'None'
+                        else:
+                            logger.warning ("found undefined track:" + str(rule_orig))
+                            rule['rule_track'] = 'None'
+                    else:
+                        rule['rule_track'] = 'None'
+
+                    if "source" in rule_orig:
+                        if 'member' in rule_orig["source"]:
+                            source_objects = rule_orig["source"]["member"]
+                        else:
+                            source_objects = [rule_orig["service"]]
+                        rule['rule_src_refs'], rule["rule_src"] = parse_obj_list(source_objects, import_id, config2import['network_objects'], rule["rule_uid"])
+                    else:
+                        logger.warning("found undefined source in rule: " + str(rule_orig))
+
+                    if "destination" in rule_orig:
+                        if 'member' in rule_orig["destination"]:
+                            destination_objects = rule_orig["destination"]["member"]
+                        else:
+                            destination_objects = [rule_orig["destination"]]
+                        rule['rule_dst_refs'], rule["rule_dst"] = parse_obj_list(destination_objects, import_id, config2import['network_objects'], rule["rule_uid"])
+                    else:
+                        logger.warning("found undefined destination in rule: " + str(rule_orig))
+
+                    services = []
+                    if "service" in rule_orig:
+                        if 'member' in rule_orig['service']:
+                            services = rule_orig["service"]["member"]
+                        else:
+                            services = [rule_orig["service"]]
+                        if services[0] == 'application-default' or services[0] == 'any':
+                            services =  []
+                    apps = []
+                    if 'application' in rule_orig:
+                        # no services given but applications - parse apps
+                        if 'member' in rule_orig['application']:
+                            # apps = ['any']  ## TEMP before app parsing
+                            apps = rule_orig["application"]["member"]
+                        else:
+                            apps = [rule_orig["application"]]
+                        if apps[0] == 'any':
+                            apps = []
+                    
+                    rule['rule_svc_refs'], rule["rule_svc"] = parse_svc_list(apps + services, import_id, config2import['service_objects'], rule["rule_uid"], type='service')
+
+                    rule_number += 1
+                    rules.append(rule)
+
+    config2import['rules'] += rules
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_service.py b/roles/importer/files/importer/vmwareNSX/nsx_service.py
new file mode 100644
index 000000000..c8d932f7b
--- /dev/null
+++ b/roles/importer/files/importer/vmwareNSX/nsx_service.py
@@ -0,0 +1,134 @@
+from fwo_const import list_delimiter
+from fwo_log import getFwoLogger
+
+
+def normalize_svcobjects(full_config, config2import, import_id):
+    svc_objects = []
+    for svc_orig in full_config["/Objects/Services"]:
+        svc_objects.append(parse_svc(svc_orig, import_id,config2import))
+    for svc_grp_orig in full_config["/Objects/ServiceGroups"]:
+        svc_grp = extract_base_svc_infos(svc_grp_orig, import_id)
+        svc_grp["svc_typ"] = "group"
+        svc_grp["svc_member_refs"] , svc_grp["svc_member_names"] = parse_svc_group(svc_grp_orig,config2import)
+        svc_objects.append(svc_grp)
+    config2import['service_objects'] += svc_objects
+
+
+def parse_svc_group(orig_grp,config2import):
+    refs = []
+    names = []
+    if "dynamic" in orig_grp:
+        pass
+    if "static" in orig_grp and "member" in orig_grp["static"]:
+        for m in orig_grp['static']['member']:
+            names.append(m)
+            refs.append(m)
+    return list_delimiter.join(refs), list_delimiter.join(names)
+
+    
+def extract_base_svc_infos(svc_orig, import_id):
+    svc = {}
+    if "@name" in svc_orig:
+        svc["svc_uid"] = svc_orig["@name"]
+        svc["svc_name"] = svc_orig["@name"]
+    if "comment" in svc_orig:
+        svc["svc_comment"] = svc_orig["comment"]
+    svc["svc_timeout"] = None
+    svc["svc_color"] = None
+    svc["control_id"] = import_id 
+    svc["svc_typ"] = 'simple' 
+    return svc
+
+
+def parse_svc(svc_orig, import_id,config2import):
+    svc = extract_base_svc_infos(svc_orig, import_id)
+    if 'protocol' in svc_orig:
+        proto_string = 'undefined'
+        if 'tcp' in svc_orig['protocol']:
+            svc["ip_proto"] = 6
+            proto_string = 'tcp'
+            svc["svc_port"] = svc_orig['protocol']['tcp']['port']
+        elif 'udp' in svc_orig['protocol']:
+            svc["ip_proto"] = 17
+            proto_string = 'udp'
+            
+        if proto_string=='undefined':
+            svc["svc_name"] += " [Protocol \"" + str(svc_orig["protocol"]) + "\" not supported]"
+        else:
+            port_string = svc_orig['protocol'][proto_string]['port']
+            if ',' in port_string:
+                svc["svc_typ"] = "group"
+                svc["svc_port"] = None
+                members = []
+                for p in port_string.split(","):
+                    hlp_svc = create_helper_service(p, proto_string, svc["svc_name"], import_id)
+                    add_service(hlp_svc, config2import)
+                    members.append(hlp_svc['svc_uid'])
+                svc["svc_members"] = list_delimiter.join(members)                
+                svc["svc_member_refs"] = list_delimiter.join(members)                
+            else:   # just a single port (range)
+                extract_port_for_service(port_string, svc)
+    return svc
+
+
+def add_service(svc, config2import):
+    config2import['service_objects'].append(svc)
+
+
+def extract_port_for_service(port_string, svc):
+    if '-' in port_string:
+        port_range = port_string.split("-")
+        if len(port_range)==2:
+            svc["svc_port"] = port_range[0]
+            svc["svc_port_end"] = port_range[1]
+        else:
+            logger = getFwoLogger()
+            logger.warning("found strange port range with more than one hyphen: " + str(port_string))
+    else:
+        svc["svc_port"] = port_string
+
+
+def create_helper_service(ports, proto_string, parent_svc_name, import_id):
+    svc = {
+        "svc_name": parent_svc_name + "_" + proto_string + "_" + ports,
+        "svc_uid": parent_svc_name + "_" + proto_string + "_" + ports,
+        "svc_comment": "helper service for Palo Alto multiple port range object: " + parent_svc_name,
+        "control_id": import_id, 
+        "svc_typ": 'simple' 
+    }
+
+    extract_port_for_service(ports, svc)    
+    return svc
+
+
+def parse_svc_list(nw_obj_list, import_id, obj_list, id, type='network'):
+    refs = []
+    names = []
+    for obj_name in nw_obj_list:
+        names.append(obj_name)
+        refs.append(lookup_svc_obj_uid(obj_name, obj_list, import_id, type=type))
+    return list_delimiter.join(refs), list_delimiter.join(names)
+
+
+def lookup_svc_obj_uid(obj_name, obj_list, import_id, type='network'):
+    logger = getFwoLogger()
+    for o in obj_list:
+        if type=='service' and 'svc_name' in o:
+            if o['svc_name']==obj_name:
+                return o['svc_uid']
+        else:
+            logger.warning("could not find object name in object " + str(o))
+
+    # could not find existing obj in obj list, so creating new one
+    return add_svc_obj(obj_name, obj_list, import_id)
+
+
+def add_svc_obj(svc_in, svc_list, import_id):
+    svc_obj = {}
+    svc_obj['svc_name'] = "#" + svc_in
+    svc_obj['svc_uid'] = "#" + svc_in
+    svc_obj['control_id'] = import_id
+    svc_obj['svc_typ'] = 'simple'
+
+    svc_list.append(svc_obj)
+    return svc_obj['svc_name']
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_zone.py b/roles/importer/files/importer/vmwareNSX/nsx_zone.py
new file mode 100644
index 000000000..a55f86dc9
--- /dev/null
+++ b/roles/importer/files/importer/vmwareNSX/nsx_zone.py
@@ -0,0 +1,15 @@
+from asyncio.log import logger
+from fwo_log import getFwoLogger
+from fwo_const import list_delimiter
+
+
+def normalize_zones(full_config, config2import, import_id):
+    zones = []
+    for zone_orig in full_config["/Network/Zones"]:
+        zones.append({
+            "zone_name":  zone_orig["@name"],
+            "zone_uid":   zone_orig["@name"],
+            "control_id": import_id
+        })
+    
+    config2import['zone_objects'] = zones
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor
index 0c3ae32a2..91a1a512c 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor
@@ -104,7 +104,8 @@
                     actDevice.DeviceType.Manufacturer == "Fortinet" || 
                     actDevice.DeviceType.Manufacturer == "Cisco" ||
                     actDevice.DeviceType.Manufacturer == "Palo Alto" ||
-                    actDevice.DeviceType.Manufacturer == "Microsoft")
+                    actDevice.DeviceType.Manufacturer == "Microsoft" ||
+                    actDevice.DeviceType.Manufacturer == "VMWare")
                 {
                     @if (actDevice.DeviceType.Manufacturer == "Fortinet" && actDevice.Management.DeviceType.IsLegacyDevType())
                     {

From 34c55a94420213e61b41c85957d79e0620babbb6 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 20 Feb 2024 14:35:12 +0100
Subject: [PATCH 02/84] iconify modelling

---
 .../files/sql/creation/fworch-fill-stm.sql    | 18 ++++
 .../files/sql/idempotent/fworch-texts.sql     | 39 +++++++--
 roles/database/files/upgrade/8.0.1.sql        | 17 ++++
 .../files/FWO.Config.Api/Data/ConfigData.cs   |  3 +
 .../files/FWO.Config.Api/GlobalConstants.cs   | 10 +++
 .../Pages/Help/HelpSettingsModelling.cshtml   |  3 +-
 .../Help/HelpSettingsModellingPers.cshtml     | 22 +++++
 .../Pages/Help/HelpSettingsSidebar.cshtml     |  3 +
 roles/ui/files/FWO.UI/Pages/Help/Index.cshtml |  3 +
 .../NetworkModelling/ConnectionTable.razor    |  6 +-
 .../EditAppRoleLeftSide.razor                 |  2 +-
 .../Pages/NetworkModelling/EditConn.razor     |  2 +-
 .../NetworkModelling/EditConnLeftSide.razor   | 54 ++++++++----
 .../EditServiceGroupLeftSide.razor            |  8 +-
 .../NetworkModelling/ManualAppServer.razor    | 21 +++--
 .../NetworkModelling/NetworkModelling.razor   |  8 +-
 .../FWO.UI/Pages/Settings/SearchUser.razor    |  2 +-
 .../Pages/Settings/SettingsModelling.razor    | 16 ++--
 .../Settings/SettingsModellingPers.razor      | 85 +++++++++++++++++++
 .../FWO.UI/Services/ModellingHandlerBase.cs   |  8 ++
 .../files/FWO.UI/Shared/SettingsLayout.razor  |  7 ++
 21 files changed, 284 insertions(+), 53 deletions(-)
 create mode 100644 roles/database/files/upgrade/8.0.1.sql
 create mode 100644 roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModellingPers.cshtml
 create mode 100644 roles/ui/files/FWO.UI/Pages/Settings/SettingsModellingPers.razor

diff --git a/roles/database/files/sql/creation/fworch-fill-stm.sql b/roles/database/files/sql/creation/fworch-fill-stm.sql
index 062deaeb2..eb47e43a4 100644
--- a/roles/database/files/sql/creation/fworch-fill-stm.sql
+++ b/roles/database/files/sql/creation/fworch-fill-stm.sql
@@ -32,6 +32,7 @@ insert into config (config_key, config_value, config_user) VALUES ('recCheckActi
 insert into config (config_key, config_value, config_user) VALUES ('recCheckEmailSubject', 'Upcoming rule recertifications', 0);
 insert into config (config_key, config_value, config_user) VALUES ('recCheckEmailUpcomingText', 'The following rules are upcoming to be recertified:', 0);
 insert into config (config_key, config_value, config_user) VALUES ('recCheckEmailOverdueText', 'The following rules are overdue to be recertified:', 0);
+insert into config (config_key, config_value, config_user) VALUES ('recCheckParams', '{"check_interval":2,"check_offset":1,"check_weekday":null,"check_dayofmonth":null}', 0);
 insert into config (config_key, config_value, config_user) VALUES ('recRefreshStartup', 'False', 0);
 insert into config (config_key, config_value, config_user) VALUES ('recRefreshDaily', 'False', 0);
 insert into config (config_key, config_value, config_user) VALUES ('messageViewTime', '7', 0);
@@ -80,6 +81,23 @@ insert into config (config_key, config_value, config_user) VALUES ('importSubnet
 insert into config (config_key, config_value, config_user) VALUES ('importAppDataPath', '[]', 0);
 insert into config (config_key, config_value, config_user) VALUES ('importSubnetDataPath', '', 0);
 insert into config (config_key, config_value, config_user) VALUES ('modNamingConvention', '{"networkAreaRequired":false,"fixedPartLength":0,"freePartLength":0,"networkAreaPattern":"","appRolePattern":""}', 0);
+insert into config (config_key, config_value, config_user) VALUES ('modIconify', 'True', 0);
+insert into config (config_key, config_value, config_user) VALUES ('reducedProtocolSet', 'True', 0);
+insert into config (config_key, config_value, config_user) VALUES ('overviewDisplayLines', '3', 0);
+insert into config (config_key, config_value, config_user) VALUES ('emailServerAddress', '', 0);
+insert into config (config_key, config_value, config_user) VALUES ('emailPort', '0', 0);
+insert into config (config_key, config_value, config_user) VALUES ('emailTls', 'None', 0);
+insert into config (config_key, config_value, config_user) VALUES ('emailUser', '', 0);
+insert into config (config_key, config_value, config_user) VALUES ('emailPassword', '', 0);
+insert into config (config_key, config_value, config_user) VALUES ('emailSenderAddress', '', 0);
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyRecipients', '', 0);
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifySubject', '', 0);
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyBody', '', 0);
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyActive', 'False', 0);
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyType', '0', 0);
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifySleepTime', '0', 0);
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyStartAt', '00:00:00', 0);
+
 
 INSERT INTO "report_format" ("report_format_name") VALUES ('json');
 INSERT INTO "report_format" ("report_format_name") VALUES ('pdf');
diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index 8ecfd3980..3f634659d 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -530,6 +530,8 @@ INSERT INTO txt VALUES ('no_rules_gtw',		    'German', 	'Anzahl Regeln pro Gatew
 INSERT INTO txt VALUES ('no_rules_gtw',		    'English', 	'Number of Rules per Gateway');
 INSERT INTO txt VALUES ('negated',		        'German', 	'nicht');
 INSERT INTO txt VALUES ('negated',		        'English', 	'not');
+INSERT INTO txt VALUES ('network_object',		'German', 	'Netzwerkobjekt');
+INSERT INTO txt VALUES ('network_object',		'English', 	'Network Object');
 INSERT INTO txt VALUES ('network_objects',		'German', 	'Netzwerkobjekte');
 INSERT INTO txt VALUES ('network_objects',		'English', 	'Network Objects');
 INSERT INTO txt VALUES ('network_services',		'German', 	'Netzwerkdienste');
@@ -1770,6 +1772,10 @@ INSERT INTO txt VALUES ('appRolePattern',       'German',   'Muster App Rolle');
 INSERT INTO txt VALUES ('appRolePattern',       'English',  'App Role Pattern');
 INSERT INTO txt VALUES ('import_source',        'German',   'Importquelle');
 INSERT INTO txt VALUES ('import_source',        'English',  'Import Source');
+INSERT INTO txt VALUES ('modelling_settings',   'German', 	'Modellierungseinstellungen');
+INSERT INTO txt VALUES ('modelling_settings',   'English', 	'Modelling Settings');
+INSERT INTO txt VALUES ('modIconify',           'German', 	'Nutzung von Piktogrammen');
+INSERT INTO txt VALUES ('modIconify',           'English', 	'Prefer use of Icons');
 
 -- monitoring
 INSERT INTO txt VALUES ('open_alerts',          'German', 	'Offene Alarme');
@@ -2167,6 +2173,8 @@ INSERT INTO txt VALUES ('U5413', 'German',  'Anpassung der pers&ouml;nlichen Rep
 INSERT INTO txt VALUES ('U5413', 'English', 'Adapt your personal reporting settings');
 INSERT INTO txt VALUES ('U5414', 'German',  'Anpassung der pers&ouml;nlichen Rezertifizierungseinstellungen');
 INSERT INTO txt VALUES ('U5414', 'English', 'Adapt your personal recertification settings');
+INSERT INTO txt VALUES ('U5415', 'German',  'Anpassung der pers&ouml;nlichen Modellierungseinstellungen');
+INSERT INTO txt VALUES ('U5415', 'English', 'Adapt your personal modelling settings');
 
 INSERT INTO txt VALUES ('U5501', 'German',  'Sind sie sicher, dass sie folgenden Status l&ouml;schen wollen: ');
 INSERT INTO txt VALUES ('U5501', 'English', 'Are you sure you want to delete state: ');
@@ -3398,16 +3406,18 @@ INSERT INTO txt VALUES ('H5013', 'German',  'Im Kapitel "Voreinstellungen" kann
     <a href="/help/settings/recertificationgeneral">Allgemeinen Rezertifizierungs-</a> und <a href="/help/settings/modelling">Modellierungseinstellungen</a>.
 ');
 INSERT INTO txt VALUES ('H5013', 'English', 'In the "Defaults" chapter the administrator can define <a href="/help/settings/defaults">Default Values</a> applicable to all users
-    and define <a href="/help/settings/email">email-</a>, <a href="/help/settings/importer">importer-</a> and  <a href="/help/settings/passwordpolicy">Password Policy</a> settings.
+    and define <a href="/help/settings/email">email-</a>, <a href="/help/settings/importer">importer-</a> and <a href="/help/settings/passwordpolicy">Password Policy</a> settings.
     Additionally there are the module specific <a href="/help/settings/recertificationgeneral">General Recertification</a> and <a href="/help/settings/modelling">Modelling Settings</a>.
 ');
 INSERT INTO txt VALUES ('H5014', 'German',  'Das Kapitel "Pers&ouml;nlich" ist f&uuml;r alle Nutzer zug&auml;nglich. Hier k&ouml;nnen das individuelle <a href="/help/settings/password">Password</a>,
     die bevorzugte <a href="/help/settings/language">Sprache</a> und <a href="/help/settings/report">Reporting</a>-Einstellungen gesetzt werden.
     Nutzer mit Rezertifizierer-Rolle k&ouml;nnen auch ihre <a href="/help/settings/recertificationpersonal">Rezertifizierungseinstellungen</a> anpassen.
+    Das gleiche gilt f&uuml;r Modellierer in den <a href="/help/settings/modellingpersonal">Modellierungseinstellungen</a>.
 ');
 INSERT INTO txt VALUES ('H5014', 'English', 'The "Personal" chapter is accessible by all users, where they can set their individual <a href="/help/settings/password">Password</a>,
     <a href="/help/settings/language">Language</a> and <a href="/help/settings/report">Reporting</a> preferences. 
     Users with recertifier role have also the possibility to adjust their <a href="/help/settings/recertificationpersonal">Recertification Setting</a>.
+    Same for modellers in the <a href="/help/settings/modellingpersonal">Modelling Settings</a>.
 ');
 INSERT INTO txt VALUES ('H5015', 'German',  'Das Kapitel "Workflow" dient dem Administrator, einen Workflow aufzusetzen. Dazu geh&ouml;rt die Definition der angebotenen <a href="/help/settings/stateactions">Aktionen</a>,
     der verwendeten <a href="/help/settings/statedefinitions">Stati</a> und den Status&uuml;berg&auml;ngen in den zentralen <a href="/help/settings/statematrix">Status-Matrizen</a>.
@@ -4310,8 +4320,12 @@ INSERT INTO txt VALUES ('H5603', 'German',  'Server in Verbindung erlauben: Steu
 INSERT INTO txt VALUES ('H5603', 'English', 'Allow Servers in Connection: Controls, if App Servers are offered in the Library besides the App Roles for direct use in the connections.');
 INSERT INTO txt VALUES ('H5604', 'German',  'Einfache Dienste in Verbindung erlauben: Steuert, ob in der Bibliothek neben den Servicegruppen auch einfache Services zur direkten Verwendung in den Verbindungen angeboten werden.');
 INSERT INTO txt VALUES ('H5604', 'English', 'Allow Simple Services in Connection: Controls, if simple Services are offered in the Library besides the Service Groups for direct use in the connections.');
-INSERT INTO txt VALUES ('H5605', 'German',  'Max. Anzahl Zeilen in &Uuml;bersicht: Definiert die Zeilenzahl innerhalb eines Eintrags in der &Uuml;bersichtstabelle der Verbindungen, ab der die Elemente eingeklappt dargestellt werden.');
-INSERT INTO txt VALUES ('H5605', 'English', 'Max. Number of Rows in Overview: Defines the number of rows inside an entry of the connections overview table, from which the elements are displayed retracted.');
+INSERT INTO txt VALUES ('H5605', 'German',  'Max. Anzahl Zeilen in &Uuml;bersicht: Definiert die Zeilenzahl innerhalb eines Eintrags in der &Uuml;bersichtstabelle der Verbindungen, ab der die Elemente eingeklappt dargestellt werden.
+    Wird vom Administrator allgemein vorausgew&auml;hlt, kann aber vom Nutzer in den pers&ouml;nlichen Einstellungen &uuml;berschrieben werden.
+');
+INSERT INTO txt VALUES ('H5605', 'English', 'Max. Number of Rows in Overview: Defines the number of rows inside an entry of the connections overview table, from which the elements are displayed retracted.
+    Generally set by the administrator but can be overwritten in the personal settings of the user.
+');
 INSERT INTO txt VALUES ('H5606', 'German',  'Netzwerkarea vorgeschrieben: Wenn dieses Flag gesetzt ist, m&uuml;ssen die auszuw&auml;hlenden App Server einer festen Area zugeordnet sein.
     Es werden dann beim Zusammenstellen einer App Rolle in der Bibliothek nur die der aktuell ausgew&auml;hlten Area zugeh&ouml;rigen App Server angeboten.
     F&uuml;r die Namensgebung der App Rolle wird dann die in den folgenden Punkten definierte Namenskonvention angewendet.
@@ -4373,6 +4387,15 @@ INSERT INTO txt VALUES ('H5616', 'German',  'Import Subnetzdaten-Start: Legt ein
 INSERT INTO txt VALUES ('H5616', 'English', 'Import Subnet data start at: Import App data start at: Defines a referential time from which the Subnte data import intervals are calculated.');
 INSERT INTO txt VALUES ('H5617', 'German',  'Reduzierten Protokollset darstellen: Nur eine begrenzte Zahl von Protokollen wird zur Auswahl angeboten (TCP, UDP, ICMP).');
 INSERT INTO txt VALUES ('H5617', 'English', 'Display reduced Protocol set: Offer only a reduced number of protocols for selection (TCP, UDP, ICMP).');
+INSERT INTO txt VALUES ('H5618', 'German',  'Nutzung von Piktogrammen: Vorzugsweise Nutzung von Piktogrammen wo sinnvoll. Wird vom Administrator allgemein vorausgew&auml;hlt, kann aber vom Nutzer in den pers&ouml;nlichen Einstellungen &uuml;berschrieben werden.');
+INSERT INTO txt VALUES ('H5618', 'English', 'Prefer use of Icons: Use icons where reasonnable. Generally set by the administrator but can be overwritten in the personal settings of the user.');
+INSERT INTO txt VALUES ('H5621', 'German',  'Ein Modellierer kann einige pers&ouml;nliche Voreinstellungen f&uuml;r die Darstellung der Modellierung &uuml;berschreiben.
+    Ausgangswert ist der vom Admin in den <a href="/help/settings/modelling">Modellierungseinstellungen</a> gesetzte Wert.
+');
+INSERT INTO txt VALUES ('H5621', 'English', 'A modeller can overwrite some personal settings for the modelling layout. 
+    The default value is set by the admin in the <a href="/help/settings/modelling">Modelling Settings</a>.
+');
+
 INSERT INTO txt VALUES ('H5701', 'German',  'Die in der Datenbank hinterlegten sprachabh&auml;ngigen Texte k&ouml;nnen individuell &uuml;berschrieben werden.
     Dabei werden die vom System vorgegebenen Texte nicht ge&auml;ndert, sondern nur durch die hier definierten Texte - falls vorhanden - &uuml;berblendet.
     Die hier gemachten &Auml;nderungen werden in der UI beim n&auml;chsten Login sichtbar, bei Hilfetexten erst nach dem n&auml;chsten Restart.
@@ -4489,7 +4512,7 @@ INSERT INTO txt VALUES ('H6906', 'German',  'Anmelden zur Generierung eines g&uu
 INSERT INTO txt VALUES ('H6906', 'English', 'Login to get a JWT for the steps further below');
 INSERT INTO txt VALUES ('H6907', 'German',  'Auflisten bereits vorhandener Reports im Archiv (hier der letzte generierte zum Schedule)');
 INSERT INTO txt VALUES ('H6907', 'English', 'List generated reports in archive (here we get the last one generated for the respective schedule)');
-INSERT INTO txt VALUES ('H6921', 'German',  'Der Import von Applikationsdaten wird aus einer oder mehreren .json-Dateien mit den in den <a href="/help/settings/modelling">Modellierungs-Einstellungen</a> definierten Pfaden und Namen gespeist.
+INSERT INTO txt VALUES ('H6921', 'German',  'Der Import von Applikationsdaten wird aus einer oder mehreren .json-Dateien mit den in den <a href="/help/settings/modelling">Modellierungseinstellungen</a> definierten Pfaden und Namen gespeist.
     Dort kann auch jeweils ein gleichnamiges Python-Skript (mit der Endung .py) zur Erzeugung eben dieser Dateien hinterlegt werden. Die .json-Datei hat die folgende Struktur:
 ');
 INSERT INTO txt VALUES ('H6921', 'English', 'The import of application data is fed from one or several .json files with paths and names defined in the <a href="/help/settings/modelling">Modelling Settings</a>.
@@ -4531,7 +4554,7 @@ INSERT INTO txt VALUES ('H6922', 'English', 'These fields have the following mea
         </li>
     </ul>
 ');
-INSERT INTO txt VALUES ('H6931', 'German',  'Der Import von Subnetzdaten wird aus einer .json-Datei mit dem in den <a href="/help/settings/modelling">Modellierungs-Einstellungen</a> definierten Pfad und Namen gespeist.
+INSERT INTO txt VALUES ('H6931', 'German',  'Der Import von Subnetzdaten wird aus einer .json-Datei mit dem in den <a href="/help/settings/modelling">Modellierungseinstellungen</a> definierten Pfad und Namen gespeist.
     Dort kann auch ein gleichnamiges Python-Skript (mit der Endung .py) zur Erzeugung eben dieser Datei hinterlegt werden. Die .json-Datei hat die folgende Struktur:
 ');
 INSERT INTO txt VALUES ('H6931', 'English', 'The import of subnet data is fed from a .json file with path and name defined in the <a href="/help/settings/modelling">Modelling Settings</a>.
@@ -5422,7 +5445,7 @@ INSERT INTO txt VALUES ('H9001', 'German',  'Insbesondere in gr&ouml;sseren Netz
     und ihre Elemente nach vorgegebenen Kriterien zu verkn&uuml;pfen. Dadurch wird ein Kommunikationsprofil erzeugt, bestehend aus einem Satz von <a href="/help/modelling/connections">Verbindungen und Schnittstellen</a>.<br>
     Zur Definition der Schnittstellen und Verbindungen wird auf der linken Seite eine Bibliothek bereitgestellt, in der zun&auml;chst die zur Applikation zugeordneten 
     (in der Regel aus Fremdsystemen <a href="/help/settings/modelling">importierten</a>) Host-Adressen (App-Server) angeboten werden. Diese k&ouml;nnen im ersten Schritt zu App-Rollen geb&uuml;ndelt werden (sh. <a href="/help/modelling/networkobjects">Netzwerkobjekte</a>).
-    Die App-Rollen (und je nach <a href="/help/settings/modelling">Modellierungs-Einstellungen</a> auch die App-Server selbst) k&ouml;nnen dann als Quelle oder Ziel in die zu erstellende Verbindung &uuml;bertragen werden.
+    Die App-Rollen (und je nach <a href="/help/settings/modelling">Modellierungseinstellungen</a> auch die App-Server selbst) k&ouml;nnen dann als Quelle oder Ziel in die zu erstellende Verbindung &uuml;bertragen werden.
     Hinzu k&ouml;nnen noch weitere Objekte (z. B. Netzwerke) kommen, und es k&ouml;nnen (interne und externe) Schnittstellen eingebunden werden.<br>
     Desweiteren werden in der Bibliothek vordefinierte (vom Administrator eingestellte) <a href="/help/modelling/services">Dienste</a> angeboten. Diese k&ouml;nnen durch selbst definierte Dienste erg&auml;nzt, 
     als Dienstgruppen geb&uuml;ndelt und dann in den zu definierenden Verbindungen verwendet werden.
@@ -5502,7 +5525,7 @@ INSERT INTO txt VALUES ('H9032', 'English', 'App Server: Elementary components (
     (<a href="/help/settings/modelling">Import Settings</a>, <a href="/help/API/appdataimport">Import Interface</a>), but can also be created manually by the administrator.
     Depending on the settings (according to company requirements) App Servers can be used directly in the connections or have to be bundled in App Roles first.
 ');
-INSERT INTO txt VALUES ('H9033', 'German',  'App-Rollen: Dienen der B&uuml;ndelung von App-Servern. Falls in den <a href="/help/settings/modelling">Modellierungs-Einstellungen</a> so vorgesehen,
+INSERT INTO txt VALUES ('H9033', 'German',  'App-Rollen: Dienen der B&uuml;ndelung von App-Servern. Falls in den <a href="/help/settings/modelling">Modellierungseinstellungen</a> so vorgesehen,
     m&uuml;ssen sie einer Netzwerkarea zugeh&ouml;ren. Beim Erstellen der App-Rolle muss dann zun&auml;chst eine Area ausgew&auml;hlt werden, nur von dieser werden dann die App-Server in der Bibliothek angeboten.
     Die Namen der App-Rollen m&uuml;ssen dann einer ebenfalls in den Einstellungen vorgegebenen Namenskonvention folgen.
 ');
@@ -5516,7 +5539,7 @@ INSERT INTO txt VALUES ('H9034', 'German',  'Netzwerkareas: Werden &uuml;ber die
 INSERT INTO txt VALUES ('H9034', 'English', 'Network Areas: Are imported via the Subnet Data Import Interface (<a href="/help/settings/modelling">Import Settings</a>, <a href="/help/API/subnetdataimport">Import Interface</a>).
     They can be searched an selected from the library and then used for source and destination of the connections.
 ');
-INSERT INTO txt VALUES ('H9041', 'German',  'Es wird zwischen einfachen Diensten und Dienstgruppen unterschieden. In den <a href="/help/settings/modelling">Modellierungs-Einstellungen</a>
+INSERT INTO txt VALUES ('H9041', 'German',  'Es wird zwischen einfachen Diensten und Dienstgruppen unterschieden. In den <a href="/help/settings/modelling">Modellierungseinstellungen</a>
     kann festgelegt werden, dass nur Dienstgruppen in der Definition von Verbindungen genutzt werden k&ouml;nnen, ansonsten sind auch einfache Dienste zugelassen.
 ');
 INSERT INTO txt VALUES ('H9041', 'English', 'There is a differentiation between simple services and Service Groups. It can be defined in the <a href="/help/settings/modelling">Modelling Settings</a>,
diff --git a/roles/database/files/upgrade/8.0.1.sql b/roles/database/files/upgrade/8.0.1.sql
new file mode 100644
index 000000000..d21147e47
--- /dev/null
+++ b/roles/database/files/upgrade/8.0.1.sql
@@ -0,0 +1,17 @@
+insert into config (config_key, config_value, config_user) VALUES ('modIconify', 'True', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('reducedProtocolSet', 'True', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('overviewDisplayLines', '3', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('emailServerAddress', '', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('emailPort', '0', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('emailTls', 'None', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('emailUser', '', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('emailPassword', '', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('emailSenderAddress', '', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyRecipients', '', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifySubject', '', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyBody', '', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyActive', 'False', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyType', '0', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifySleepTime', '0', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyStartAt', '00:00:00', 0) ON CONFLICT DO NOTHING;
+insert into config (config_key, config_value, config_user) VALUES ('recCheckParams', '{"check_interval":2,"check_offset":1,"check_weekday":null,"check_dayofmonth":null}', 0) ON CONFLICT DO NOTHING;
diff --git a/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs b/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
index cb9b3fde3..004020017 100644
--- a/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
+++ b/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
@@ -243,6 +243,9 @@ public class ConfigData : ICloneable
         [JsonProperty("modNamingConvention"), JsonPropertyName("modNamingConvention")]
         public string ModNamingConvention { get; set; } = "";
 
+        [JsonProperty("modIconify"), JsonPropertyName("modIconify")]
+        public bool ModIconify { get; set; } = true;
+
 
         public ConfigData(bool editable = false)
         {
diff --git a/roles/lib/files/FWO.Config.Api/GlobalConstants.cs b/roles/lib/files/FWO.Config.Api/GlobalConstants.cs
index d47e7fcd7..117a17e6d 100644
--- a/roles/lib/files/FWO.Config.Api/GlobalConstants.cs
+++ b/roles/lib/files/FWO.Config.Api/GlobalConstants.cs
@@ -39,4 +39,14 @@ public struct GlobalConst
         public const string kImplementer = "implementer";
         public const string kReviewer = "reviewer";
     }
+    
+    public struct Icons
+    {
+        public const string Add = "oi-plus";
+        public const string Edit = "oi-wrench";
+        public const string Delete = "oi-trash";
+        public const string Search = "oi-magnifying-glass";
+        public const string Use = "oi-arrow-thick-right";
+        public const string Unuse = "oi-arrow-thick-left";
+    }
 }
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml
index 2e8702bb6..b945455d8 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml
@@ -12,7 +12,7 @@
 @inject UserConfig userConfig
 
 <div class="p-2">
-    <h3>@(userConfig.GetText("modelling"))</h3>
+    <h3>@(userConfig.GetText("modelling_settings"))</h3>
     @(Html.Raw(userConfig.GetText("H5601")))
     <br><br>
     @(Html.Raw(userConfig.GetText("general")))
@@ -21,6 +21,7 @@
         <li>@(Html.Raw(userConfig.GetText("H5603")))</li>
         <li>@(Html.Raw(userConfig.GetText("H5604")))</li>
         <li>@(Html.Raw(userConfig.GetText("H5605")))</li>
+        <li>@(Html.Raw(userConfig.GetText("H5618")))</li>
         <li>@(Html.Raw(userConfig.GetText("H5617")))</li>
     </ul>
     @(Html.Raw(userConfig.GetText("naming_convention")))
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModellingPers.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModellingPers.cshtml
new file mode 100644
index 000000000..05b87a3d7
--- /dev/null
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModellingPers.cshtml
@@ -0,0 +1,22 @@
+@page "/help/settings/modellingpersonal"
+@model FWO.Ui.Pages.Help.MainModel
+@{
+    Layout = "HelpLayout";
+}
+@section sidebar{
+    @{ 
+        await Html.RenderPartialAsync("HelpSettingsSidebar.cshtml"); 
+    }
+}
+@using FWO.Config.Api
+@inject UserConfig userConfig
+
+<div class="p-2">
+    <h3>@(userConfig.GetText("modelling_settings"))</h3>
+    @(Html.Raw(userConfig.GetText("H5621")))
+    <br><br>
+    <ul>
+        <li>@(Html.Raw(userConfig.GetText("H5605")))</li>
+        <li>@(Html.Raw(userConfig.GetText("H5618")))</li>
+    </ul>
+</div>
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsSidebar.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsSidebar.cshtml
index 72db3d069..a5b788f14 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsSidebar.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsSidebar.cshtml
@@ -87,6 +87,9 @@
                 <a class="nav-link" href="/help/settings/recertificationpersonal/?lang=@($"{userConfig.GetUserLanguage()}")">
                     <span class="oi oi-badge"></span> @(userConfig.GetText("recertification"))
                 </a>
+                <a class="nav-link" href="/help/settings/modellingpersonal/?lang=@($"{userConfig.GetUserLanguage()}")">
+                    <span class="oi oi-puzzle-piece"></span> @(userConfig.GetText("modelling"))
+                </a>
             </ul>
         </div>
     </div>
diff --git a/roles/ui/files/FWO.UI/Pages/Help/Index.cshtml b/roles/ui/files/FWO.UI/Pages/Help/Index.cshtml
index d0336c036..d780971f8 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/Index.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/Index.cshtml
@@ -201,6 +201,9 @@
                 <li class="nav-item px-2">
                     <a href="/help/settings/recertificationpersonal/?lang=@($"{userConfig.GetUserLanguage()}")">@userConfig.GetText("recert_settings")</a>
                 </li>
+                <li class="nav-item px-2">
+                    <a href="/help/settings/modellingpersonal/?lang=@($"{userConfig.GetUserLanguage()}")">@userConfig.GetText("modelling_settings")</a>
+                </li>
             </ul>
          <li class="nav-item px-2">
             <a href="/help/API/?lang=@($"{userConfig.GetUserLanguage()}")">@userConfig.GetText("api")</a>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ConnectionTable.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ConnectionTable.razor
index 47ffb003a..9a7c2de32 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ConnectionTable.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ConnectionTable.razor
@@ -12,13 +12,13 @@
             <Template>
                 <div class="btn-group">
                     <button type="button" class="btn btn-sm btn-primary" @onclick="async () => 
-                        { await AppHandler.ShowDetails(context); await AppHandlerChanged.InvokeAsync(AppHandler); }">@(userConfig.GetText("details"))</button>
+                        { await AppHandler.ShowDetails(context); await AppHandlerChanged.InvokeAsync(AppHandler); }">@(AppHandler.DisplayButton("details", Icons.Search))</button>
                     @if(AppActive)
                     {
                         <button type="button" class="btn btn-sm btn-warning" @onclick="async () => 
-                            { await AppHandler.EditConn(context); await AppHandlerChanged.InvokeAsync(AppHandler); }">@(userConfig.GetText("edit"))</button>
+                            { await AppHandler.EditConn(context); await AppHandlerChanged.InvokeAsync(AppHandler); }">@(AppHandler.DisplayButton("edit", Icons.Edit))</button>
                         <button type="button" class="btn btn-sm btn-danger" @onclick="() => 
-                            { AppHandler.RequestDeleteConnection(context); AppHandlerChanged.InvokeAsync(AppHandler); }">@(userConfig.GetText("delete"))</button>
+                            { AppHandler.RequestDeleteConnection(context); AppHandlerChanged.InvokeAsync(AppHandler); }">@(AppHandler.DisplayButton("delete", Icons.Delete))</button>
                     }
                 </div>
             </Template>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRoleLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRoleLeftSide.razor
index 466384ab6..0c31a0529 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRoleLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRoleLeftSide.razor
@@ -19,7 +19,7 @@
             <div class="col-sm-2">
                 <button type="button" class="btn btn-sm btn-primary w-100" @onclick="() =>
                     {AppRoleHandler.AppServerToAppRole(selectedAppServers);
-                    AppRoleHandlerChanged.InvokeAsync(AppRoleHandler);}">@(userConfig.GetText("to_app_role"))</button>
+                    AppRoleHandlerChanged.InvokeAsync(AppRoleHandler);}">@(AppRoleHandler.DisplayButton("to_app_role", Icons.Use))</button>
             </div>
         }
     </div>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
index 780530d03..f8412facb 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
@@ -181,7 +181,7 @@
                 {
                     @if(ConnHandler.ActConn.UsedInterfaceId != null)
                     {
-                        <button type="button" class="btn btn-sm btn-danger" @onclick="() => ConnHandler.RemoveInterf()">@(userConfig.GetText("remove_interface"))</button>
+                        <button type="button" class="btn btn-sm btn-danger" @onclick="() => ConnHandler.RemoveInterf()">@(ConnHandler.DisplayButton("remove_interface", Icons.Unuse, "interface"))</button>
                     }
                 }
             </div>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
index dbc496f45..6abc9f8f7 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
@@ -21,20 +21,22 @@
                 @if(!ConnHandler.SrcDropForbidden() && selectedNwElems.Count > 0)
                 {
                     <button type="button" class="btn btn-sm btn-primary w-100" @onclick="() =>
-                        {NetworkElemsToConn(true);
-                        ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("to_source"))</button>
+                        {NetworkElemsToConn(true); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                        @(ConnHandler.DisplayButton("to_source", Icons.Use, "source"))</button>
                 }
                 @if(!ConnHandler.DstDropForbidden() && selectedNwElems.Count > 0)
                 {
                     <button type="button" class="btn btn-sm btn-primary w-100 mt-2" @onclick="() =>
-                        {NetworkElemsToConn(false);
-                        ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("to_dest"))</button>
+                        {NetworkElemsToConn(false); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                        @(ConnHandler.DisplayButton("to_dest", Icons.Use, "destination"))</button>
                 }
             </div>
         </div>
         <div class="btn-group mt-1">
-            <button type="button" class="btn btn-sm btn-success" @onclick="SearchNwObject">@(userConfig.GetText("search_nw_object"))</button>
-            <button type="button" class="btn btn-sm btn-success" @onclick="() => {ConnHandler.CreateAppRole(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("add_app_role"))</button>
+            <button type="button" class="btn btn-sm btn-success" @onclick="SearchNwObject">
+                @(ConnHandler.DisplayButton("search_nw_object", Icons.Search, "network_object"))</button>
+            <button type="button" class="btn btn-sm btn-success" @onclick="() => {ConnHandler.CreateAppRole(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                @(ConnHandler.DisplayButton("add_app_role", Icons.Add, "app_role"))</button>
             @if(selectedNwElems.Count == 1)
             {
                 @if(selectedNwElems[0].Key == (int)ModellingTypes.ObjectType.AppRole)
@@ -43,10 +45,11 @@
                     {
                         <button type="button" class="btn btn-sm btn-warning" @onclick="() => 
                             {ConnHandler.EditAppRole(ResolveAppRole(selectedNwElems[0].Value));
-                            ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("edit"))</button>
+                            ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(ConnHandler.DisplayButton("edit", Icons.Edit))</button>
                         <button type="button" class="btn btn-sm btn-danger" @onclick="async () => 
                             {await ConnHandler.RequestDeleteAppRole(ResolveAppRole(selectedNwElems[0].Value));
-                            selectedNwElems = new(); await ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("delete"))</button>
+                            selectedNwElems = new(); await ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                            @(ConnHandler.DisplayButton("delete", Icons.Delete))</button>
                     }
                 }
                 else if(selectedNwElems[0].Key == (int)ModellingTypes.ObjectType.AppServer)
@@ -59,7 +62,8 @@
                     {
                         <button type="button" class="btn btn-sm btn-danger" @onclick="() => 
                             {ConnHandler.RequestRemoveNwGrpObject(ResolveNwGroupObject(selectedNwElems[0].Value));
-                            selectedNwElems = new(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("remove"))</button>
+                            selectedNwElems = new(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                            @(ConnHandler.DisplayButton("remove", Icons.Delete))</button>
                     }
                 }
 
@@ -78,12 +82,14 @@
                     @if(selectedSvcElems.Count > 0)
                     {
                         <button type="button" class="btn btn-sm btn-primary w-100" @onclick="() =>
-                            {ServiceElemsToConn(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("to_service"))</button>
+                            {ServiceElemsToConn(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                            @(ConnHandler.DisplayButton("to_service", Icons.Use))</button>
                     }
                 </div>
             </div>
             <div class="btn-group mt-1">
-                <button type="button" class="btn btn-sm btn-success" @onclick="() => {ConnHandler.CreateServiceGroup(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("add_service_group"))</button>
+                <button type="button" class="btn btn-sm btn-success" @onclick="() => {ConnHandler.CreateServiceGroup(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                    @(ConnHandler.DisplayButton("add_service_group", Icons.Add, "services_group"))</button>
                 @if(selectedSvcElems.Count == 1)
                 {
                     @if(selectedSvcElems[0].Key == (int)ModellingTypes.ObjectType.ServiceGroup)
@@ -92,10 +98,12 @@
                         {
                             <button type="button" class="btn btn-sm btn-warning" @onclick="() =>
                                 {ConnHandler.EditServiceGroup(ResolveSvcGrp(selectedSvcElems[0].Value));
-                                ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("edit_service_group"))</button>
+                                ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                                @(ConnHandler.DisplayButton("edit_service_group", Icons.Edit))</button>
                             <button type="button" class="btn btn-sm btn-danger" @onclick="async () =>
                                 {await ConnHandler.RequestDeleteServiceGrp(ResolveSvcGrp(selectedSvcElems[0].Value));
-                                selectedSvcElems = new(); await ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("delete"))</button>
+                                selectedSvcElems = new(); await ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                                @(ConnHandler.DisplayButton("delete", Icons.Delete))</button>
                         }
                     }
                     else
@@ -104,10 +112,12 @@
                         {
                             <button type="button" class="btn btn-sm btn-warning" @onclick="() =>
                                 {ConnHandler.EditService(ResolveSvc(selectedSvcElems[0].Value));
-                                ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("edit_service"))</button>
+                                ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                                @(ConnHandler.DisplayButton("edit_service", Icons.Edit))</button>
                             <button type="button" class="btn btn-sm btn-danger" @onclick="async () =>
                                 {await ConnHandler.RequestDeleteService(ResolveSvc(selectedSvcElems[0].Value));
-                                selectedSvcElems = new(); await ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("delete"))</button>
+                                selectedSvcElems = new(); await ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                                @(ConnHandler.DisplayButton("delete", Icons.Delete))</button>
                         }
                     }
                 }
@@ -126,17 +136,20 @@
                     @if(selectedInterfaces.Count > 0)
                     {
                         <button type="button" class="btn btn-sm btn-primary w-100" @onclick="() =>
-                            {ConnHandler.InterfaceToConn(selectedInterfaces[0]); ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("use"))</button>
+                            {ConnHandler.InterfaceToConn(selectedInterfaces[0]); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                            @(ConnHandler.DisplayButton("use", Icons.Use))</button>
                     }
                 </div>
             </div>
             <div class="btn-group mt-1">
-                <button type="button" class="btn btn-sm btn-success" @onclick="SearchInterface">@(userConfig.GetText("search"))</button>
+                <button type="button" class="btn btn-sm btn-success" @onclick="SearchInterface">
+                    @(ConnHandler.DisplayButton("search", Icons.Search))</button>
                 @if(selectedInterfaces.Count == 1)
                 {
                     <button type="button" class="btn btn-sm btn-danger" @onclick="() => 
                         {ConnHandler.RequestRemovePreselectedInterface(selectedInterfaces[0]);
-                        selectedInterfaces = new(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">@(userConfig.GetText("remove"))</button>
+                        selectedInterfaces = new(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                        @(ConnHandler.DisplayButton("remove", Icons.Delete))</button>
                 }
             </div>
             <br>
@@ -192,6 +205,11 @@
     private bool SearchNwObjectMode = false;
     private int sidebarLeftWidth { get { return Width; } set { Width = value; WidthChanged.InvokeAsync(Width);}}
 
+    
+    @* private MarkupString DisplayButton(string text, string icon, string iconText = "")
+    {
+        return (MarkupString)(userConfig.ModIconify ? icon + (iconText != "" ? " " + userConfig.GetText(iconText) : "") : userConfig.GetText(text));
+    } *@
 
     private bool InterfaceToConn(ModellingConnection interf)
     {
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor
index c3f55cfbd..7a13ba262 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor
@@ -19,20 +19,20 @@
             <div class="col-sm-2">
                 <button type="button" class="btn btn-sm btn-primary w-100" @onclick="() =>
                     {SvcGroupHandler.ServicesToSvcGroup(selectedServices);
-                    SvcGroupHandlerChanged.InvokeAsync(SvcGroupHandler);}">@(userConfig.GetText("to_services_group"))</button>
+                    SvcGroupHandlerChanged.InvokeAsync(SvcGroupHandler);}">@(SvcGroupHandler.DisplayButton("to_services_group", Icons.Use))</button>
             </div>
         }
     </div>
     <div class="btn-group mt-2">
         <button type="button" class="btn btn-sm btn-success" @onclick="() =>
-            {SvcGroupHandler.CreateService(); SvcGroupHandlerChanged.InvokeAsync(SvcGroupHandler);}">@(userConfig.GetText("add_service"))</button>
+            {SvcGroupHandler.CreateService(); SvcGroupHandlerChanged.InvokeAsync(SvcGroupHandler);}">@(SvcGroupHandler.DisplayButton("add_service", Icons.Add, "service"))</button>
         @if(selectedServices.Count == 1)
         {
             <button type="button" class="btn btn-sm btn-warning" @onclick="() =>
-                {SvcGroupHandler.EditService(selectedServices.First()); SvcGroupHandlerChanged.InvokeAsync(SvcGroupHandler);}">@(userConfig.GetText("edit_service"))</button>
+                {SvcGroupHandler.EditService(selectedServices.First()); SvcGroupHandlerChanged.InvokeAsync(SvcGroupHandler);}">@(SvcGroupHandler.DisplayButton("edit_service", Icons.Edit))</button>
             <button type="button" class="btn btn-sm btn-danger" @onclick="async () =>
                 {await SvcGroupHandler.RequestDeleteService(selectedServices.First()); selectedServices = new();
-                await SvcGroupHandlerChanged.InvokeAsync(SvcGroupHandler);}">@(userConfig.GetText("delete"))</button>
+                await SvcGroupHandlerChanged.InvokeAsync(SvcGroupHandler);}">@(SvcGroupHandler.DisplayButton("delete", Icons.Delete))</button>
         }
     </div>
 </div>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
index 703b57e13..176437887 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
@@ -11,20 +11,25 @@
     <Body>
         @if (Display)
         {
-            <button type="button" class="btn btn-sm btn-success ms-5 mb-2" @onclick="appServerListHandler.CreateAppServer">@(userConfig.GetText("add_app_server"))</button>
+            <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appServerListHandler.CreateAppServer">
+                @(appServerListHandler.DisplayButton("add_app_server", Icons.Add, "app_server"))</button>
             <div class="vheight75">
-                <Table class="table table-bordered th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ModellingAppServer" Items="appServerListHandler.ManualAppServers" PageSize="0" ColumnReorder="true">
+                <Table class="table table-bordered th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ModellingAppServer"
+                        Items="appServerListHandler.ManualAppServers" PageSize="0" ColumnReorder="true">
                     <Column TableItem="ModellingAppServer" Title="@(userConfig.GetText("actions"))" Field="(x => x.Id)" Sortable="false" Filterable="false">
                         <Template>
                             <div class="btn-group">
                                 @if(context.IsDeleted)
                                 {
-                                    <button type="button" class="btn btn-sm btn-warning" @onclick="() => appServerListHandler.RequestReactivateAppServer(context)">@(userConfig.GetText("reactivate"))</button>
+                                    <button type="button" class="btn btn-sm btn-success" @onclick="() => appServerListHandler.RequestReactivateAppServer(context)">
+                                        @(appServerListHandler.DisplayButton("reactivate", Icons.Add))</button>
                                 }
                                 else
                                 {
-                                    <button type="button" class="btn btn-sm btn-warning" @onclick="() => appServerListHandler.EditAppServer(context)">@(userConfig.GetText("edit"))</button>
-                                    <button type="button" class="btn btn-sm btn-danger" @onclick="() => appServerListHandler.RequestDeleteAppServer(context)">@(userConfig.GetText(context.InUse ? "deactivate" : "delete"))</button>
+                                    <button type="button" class="btn btn-sm btn-warning" @onclick="() => appServerListHandler.EditAppServer(context)">
+                                        @(appServerListHandler.DisplayButton("edit", Icons.Edit))</button>
+                                    <button type="button" class="btn btn-sm btn-danger" @onclick="() => appServerListHandler.RequestDeleteAppServer(context)">
+                                        @(appServerListHandler.DisplayButton(context.InUse ? "deactivate" : "delete", Icons.Delete))</button>
                                 }
                             </div>
                         </Template>
@@ -51,8 +56,10 @@
     </Footer>
 </PopUp>
 <EditAppServer @bind-Display="appServerListHandler.EditAppServerMode" AppServerHandler="appServerListHandler.AppServerHandler" AddMode="appServerListHandler.AddAppServerMode"/>
-<ConfirmDelete @bind-Display="appServerListHandler.DeleteAppServerMode" PerformAction="async () => {await appServerListHandler.DeleteAppServer(); StateHasChanged();}" Title="@userConfig.GetText("delete_app_server")" DeleteMessage="@appServerListHandler.Message"/>
-<Confirm @bind-Display="appServerListHandler.ReactivateAppServerMode" PerformAction="async () => {await appServerListHandler.ReactivateAppServer(); StateHasChanged();}" Title="@userConfig.GetText("reactivate")" Message="@appServerListHandler.Message"/>
+<ConfirmDelete @bind-Display="appServerListHandler.DeleteAppServerMode" PerformAction="async () => {await appServerListHandler.DeleteAppServer(); StateHasChanged();}"
+    Title="@userConfig.GetText("delete_app_server")" DeleteMessage="@appServerListHandler.Message"/>
+<Confirm @bind-Display="appServerListHandler.ReactivateAppServerMode" PerformAction="async () => {await appServerListHandler.ReactivateAppServer(); StateHasChanged();}"
+    Title="@userConfig.GetText("reactivate")" Message="@appServerListHandler.Message"/>
 <InProgress Display="workInProgress"/>
 
 
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
index e8e5d53f3..82da52e5c 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
@@ -50,7 +50,7 @@
                 <div class="btn-group ms-5">
                     <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")">
                         <Authorized>
-                            <button type="button" class="btn btn-sm btn-dark" @onclick="ManualAppServer">@(userConfig.GetText("edit_app_server"))</button>
+                            <button type="button" class="btn btn-sm btn-dark" @onclick="ManualAppServer">@(appHandler.DisplayButton("edit_app_server", Icons.Edit, "app_server"))</button>
                         </Authorized>
                     </AuthorizeView>
                 </div>
@@ -60,18 +60,18 @@
         <div class="m-2 vheight75">
             <TabSet WholeWidth="false" DarkMode="false" KeepPanelsAlive="false" @ref="appHandler.tabset">
                 <Tab Title="@(userConfig.GetText("provided_interfaces"))" Position=0>
-                    <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddInterface">@(userConfig.GetText("add_interface"))</button>
+                    <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddInterface">@(appHandler.DisplayButton("add_interface", Icons.Add, "interface"))</button>
                     <ConnectionTable Connections="@appHandler.GetInterfaces()" @bind-AppHandler="appHandler" AppActive="appActive"/>
                 </Tab>
                 @if(selectedApp.CommSvcPossible)
                 {
                     <Tab Title="@(userConfig.GetText("common_services"))" Position=1>
-                        <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddCommonService">@(userConfig.GetText("add_common_service"))</button>
+                        <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddCommonService">@(appHandler.DisplayButton("add_common_service", Icons.Add, "common_service"))</button>
                         <ConnectionTable Connections="@appHandler.GetCommonServices()" @bind-AppHandler="appHandler" AppActive="appActive"/>
                     </Tab>
                 }
                 <Tab Title="@(userConfig.GetText("regular_connections"))" Position=2>
-                    <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddConnection">@(userConfig.GetText("add_connection"))</button>
+                    <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddConnection">@(appHandler.DisplayButton("add_connection", Icons.Add, "connection"))</button>
                     <ConnectionTable Connections="@appHandler.GetRegularConnections()" @bind-AppHandler="appHandler" AppActive="appActive"/>
                 </Tab>
             </TabSet>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor b/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor
index 8eadaf18d..bfcc2b6c2 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor
@@ -139,7 +139,7 @@
             connectedLdaps = await apiConnection.SendQueryAsync<List<UiLdapConnection>>(FWO.Api.Client.Queries.AuthQueries.getLdapConnections);
             if(connectedLdaps.Count > 0)
             {
-                selectedLdap = connectedLdaps.FirstOrDefault(x => x.IsInternal()) ?? connectedLdaps.First();
+                selectedLdap = connectedLdaps.First();
             }
             uiUsers = await apiConnection.SendQueryAsync<List<UiUser>>(FWO.Api.Client.Queries.AuthQueries.getUsers);
             uiUsers = uiUsers.FindAll(x => x.DbId != 0);
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
index 39a27b88e..9ed113ecd 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
@@ -12,7 +12,7 @@
 @inject UserConfig userConfig
 
 <div class="input-group">
-    <h3>@(userConfig.GetText("network_modelling"))</h3>
+    <h3>@(userConfig.GetText("modelling_settings"))</h3>
     <HelpLink Page="settings/modelling"/>
 </div>
 @(userConfig.GetText("U5322"))
@@ -40,9 +40,15 @@
         </div>
         <div class="form-group row mt-2">
             <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5605"))">
-                <label class="col-form-label col-sm-8">@(userConfig.GetText("overviewDisplayLines")):</label>
+                <label class="col-form-label col-sm-8">@(userConfig.GetText("overviewDisplayLines"))*:</label>
                 <input type="number" min="0" class="col-sm-3" @bind="configData!.OverviewDisplayLines" />
             </div>
+            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5618"))">
+                <label class="col-form-label col-sm-8">@(userConfig.GetText("modIconify"))*:</label>
+                <div class="col-sm-2">
+                    <input type="checkbox" class="w-100" @bind="configData!.ModIconify">
+                </div>
+            </div>
             <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5617"))">
                 <label class="col-form-label col-sm-8">@(userConfig.GetText("reducedProtocolSet")):</label>
                 <div class="col-sm-2">
@@ -126,7 +132,7 @@
         </NotAuthorized> 
     </AuthorizeView>
     <br><br>
-    @* <p>@(userConfig.GetText("U5303"))</p> *@
+    <p>@(userConfig.GetText("U5303"))</p>
 }
 else
 {
@@ -199,7 +205,7 @@ else
                 await globalConfig.WriteToDatabase(configData, apiConnection);
                 PathsToDelete = new();
                 PathsToAdd = new();
-                DisplayMessageInUi(null, userConfig.GetText("change_default"), userConfig.GetText("U5301"), false);
+                DisplayMessageInUi(null, userConfig.GetText("modelling_settings"), userConfig.GetText("U5301"), false);
             }
             else
             {
@@ -208,7 +214,7 @@ else
         }
         catch (Exception exception)
         {
-            DisplayMessageInUi(exception, userConfig.GetText("change_default"), "", true);
+            DisplayMessageInUi(exception, userConfig.GetText("modelling_settings"), "", true);
         }
     }
 }
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModellingPers.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModellingPers.razor
new file mode 100644
index 000000000..4bde46286
--- /dev/null
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModellingPers.razor
@@ -0,0 +1,85 @@
+@using FWO.Api.Client
+@using FWO.Config.Api
+@using FWO.Config.Api.Data
+@using System.Text.Json
+@using FWO.Ui.Pages.NetworkModelling
+
+@page "/settings/modellingpersonal"
+@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kModeller}")]
+
+@inject ApiConnection apiConnection
+@inject UserConfig userConfig
+
+<div class="input-group">
+    <h3>@(userConfig.GetText("modelling_settings"))</h3>
+    <HelpLink Page="settings/modellingpersonal"/>
+</div>
+@(userConfig.GetText("U5415"))
+<hr />
+
+@if (configData != null)
+{
+    <form onsubmit="return false">
+        <div class="form-group row mt-2">
+            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5605"))">
+                <label class="col-form-label col-sm-8">@(userConfig.GetText("overviewDisplayLines")):</label>
+                <input type="number" min="0" class="col-sm-3" @bind="configData!.OverviewDisplayLines" />
+            </div>
+            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5618"))">
+                <label class="col-form-label col-sm-8">@(userConfig.GetText("modIconify")):</label>
+                <div class="col-sm-2">
+                    <input type="checkbox" class="w-100" @bind="configData!.ModIconify">
+                </div>
+            </div>
+        </div>
+    </form>
+    <hr />
+    <button type="button" class="btn btn-sm btn-primary" @onclick="Save" @onclick:preventDefault>@(userConfig.GetText("save"))</button>
+}
+else
+{
+    <div class="spinner-border" role="status">
+        <span class="sr-only">Loading...</span>
+    </div>
+}
+
+
+@code
+{
+    [CascadingParameter]
+    Action<Exception?, string, string, bool> DisplayMessageInUi { get; set; } = DefaultInit.DoNothing;
+
+    private ConfigData? configData;
+
+
+    protected override async Task OnInitializedAsync()
+    {
+        try
+        {
+            configData = await userConfig.GetEditableConfig();
+        }
+        catch (Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("read_config"), userConfig.GetText("E5301"), false);
+        }
+    }
+    private async Task Save()
+    {
+        try
+        {
+            if (configData != null)
+            {
+                await userConfig.WriteToDatabase(configData, apiConnection);
+                DisplayMessageInUi(null, userConfig.GetText("modelling_settings"), userConfig.GetText("U5301"), false);
+            }
+            else
+            {
+                throw new Exception("Data saved before loaded. This should be impossible.");
+            }
+        }
+        catch (Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("modelling_settings"), "", true);
+        }
+    }
+}
diff --git a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
index 3c47f0039..1f4006124 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
@@ -2,6 +2,7 @@
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using Microsoft.AspNetCore.Components;
 
 
 namespace FWO.Ui.Services
@@ -31,6 +32,13 @@ public ModellingHandlerBase(ApiConnection apiConnection, UserConfig userConfig,
             IsOwner = isOwner;
         }
         
+        public MarkupString DisplayButton(string text, string icon, string iconText = "")
+        {
+            string tooltip = userConfig.ModIconify ? $"data-toggle=\"tooltip\" title=\"{@userConfig.PureLine(text)}\"" : "";
+            string iconToDisplay = $"<span class=\"oi {icon}\" {@tooltip}\"/>";
+            return (MarkupString)(userConfig.ModIconify ? iconToDisplay + (iconText != "" ? " " + userConfig.GetText(iconText) : "") : userConfig.GetText(text));
+        }
+
         protected async Task LogChange(ModellingTypes.ChangeType changeType, ModellingTypes.ObjectType objectType, long objId, string text, int? applicationId)
         {
             try
diff --git a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
index 9df37498a..3a4bcbd99 100644
--- a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
@@ -160,6 +160,13 @@
                     </NavLink>
                 </li>
             </AuthorizeView>
+            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kModeller}, {GlobalConst.kAuditor}")">
+                <li class="nav-item px-2">
+                    <NavLink class="nav-link" href="settings/modellingpersonal">
+                        <span class="oi oi-puzzle-piece"></span> @(userConfig.GetText("modelling"))
+                    </NavLink>
+                </li>
+            </AuthorizeView>
         </ul>
     </div>
 </Sidebar>

From e9cb603666d893ac4b35ac10d49b981f9f9fb54a Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 20 Feb 2024 14:41:11 +0100
Subject: [PATCH 03/84] update revision

---
 documentation/revision-history-develop.md | 4 ++++
 inventory/group_vars/all.yml              | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/documentation/revision-history-develop.md b/documentation/revision-history-develop.md
index 3280dfb4d..807bdaae8 100644
--- a/documentation/revision-history-develop.md
+++ b/documentation/revision-history-develop.md
@@ -175,3 +175,7 @@ bugfix release:
 - common service handling
 - fixes credentials when installing without demo data
 - fix error with pdf creation on debian testing
+
+# 8.0.1 - 20.02.2024 DEVELOP
+- iconify modelling
+- add missing config values
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index f636da984..f92156cf5 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -1,5 +1,5 @@
 ### general settings
-product_version: "8.0"
+product_version: "8.0.1"
 ansible_user: "{{ lookup('env', 'USER') }}"
 ansible_become_method: sudo
 ansible_python_interpreter: /usr/bin/python3

From be80fedc5bf5ff3452918c7c1176fba454a37bd5 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 20 Feb 2024 16:42:11 +0100
Subject: [PATCH 04/84] customize texts case sensitivity

---
 roles/database/files/sql/idempotent/fworch-texts.sql       | 6 ++++--
 .../files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor  | 7 ++++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index c227178cc..c2bebac6b 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -1736,6 +1736,8 @@ INSERT INTO txt VALUES ('customize_texts',		'German', 	'Texte anpassen');
 INSERT INTO txt VALUES ('customize_texts',		'English', 	'Customize Texts');
 INSERT INTO txt VALUES ('ignore_helptexts',		'German', 	'Hilfetexte ignorieren');
 INSERT INTO txt VALUES ('ignore_helptexts',		'English', 	'Ignore help texts');
+INSERT INTO txt VALUES ('case_sensitive',		'German', 	'');
+INSERT INTO txt VALUES ('case_sensitive',		'English', 	'Schreibungsabh&auml;ngig');
 INSERT INTO txt VALUES ('key',                  'German', 	'Schl&uuml;ssel');
 INSERT INTO txt VALUES ('key',                  'English', 	'Key');
 INSERT INTO txt VALUES ('text',                 'German', 	'Text');
@@ -4409,11 +4411,11 @@ INSERT INTO txt VALUES ('H5701', 'English', 'The language dependent texts stored
 INSERT INTO txt VALUES ('H5702', 'German',  'Im ersten Schritt muss die betroffene Sprache ausgew&auml;hlt werden. Dann erscheint die Zeile zur eigentlichen Textsuche.');
 INSERT INTO txt VALUES ('H5702', 'English', 'In the first step the language to be handled has to be selected. Then the row for the text search appears.');
 INSERT INTO txt VALUES ('H5703', 'German',  'Bei Eingabe eines Suchstrings erscheinen alle hinterlegten Texte, welche diesen beinhalten.
-    Wird das Feld leer gelassen, erscheinen alle verf&uuml;gbaren Texte der gew&auml;hlten Sprache.
+    Wird das Feld leer gelassen, erscheinen alle verf&uuml;gbaren Texte der gew&auml;hlten Sprache. Die Suche kann wahlweise auch schreibungsabh&auml;ngig durchgef&uuml;hrt werden.
     Durch das Setzen des "Hilfetexte ignorieren"-Flags werden die Hilfetexte (Schl&uuml;ssel beginnend mit "H"), bei der Suche nicht ber&uuml;cksichtigt.
 ');
 INSERT INTO txt VALUES ('H5703', 'English', 'When entering a search string, all texts containing this are displayed. If left empty, all texts of the selected language are displayed.
-    By setting the "Ignore Help Texts" flag all Help texts (Key beginning with "H") are disregarded.
+    Optionally the search can be case-sensitive. By setting the "Ignore Help Texts" flag all Help texts (Key beginning with "H") are disregarded.
 ');
 INSERT INTO txt VALUES ('H5704', 'German',  'In der Tabelle der Suchergebnisse k&ouml;nnen pro Schl&uuml;ssel neue Texte definiert,
     bereits vorhandene durch Setzen des "L&ouml;schen"-Flags zum L&ouml;schen vorgemerkt werden. Wird nur der Text entfernt, wird der Systemtext mit Leertext &uuml;berschrieben!
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor
index 9b29ae255..a097618c5 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor
@@ -39,6 +39,10 @@
         <div class="col-sm-2">
             <button type="button" class="btn btn-sm btn-primary" @onclick="async () => { await Search(); StateHasChanged(); }" @onclick:preventDefault>@(userConfig.GetText("search"))</button>
         </div>
+        <div class="col-sm-2">
+            <input class="form-check-input" type="checkbox" @bind="caseSensitive">
+            <label class="form-check-label">@(userConfig.GetText("case_sensitive"))</label>
+        </div>
         <div class="col-sm-2">
             <input class="form-check-input" type="checkbox" @bind="ignoreHelpTexts">
             <label class="form-check-label">@(userConfig.GetText("ignore_helptexts"))</label>
@@ -98,6 +102,7 @@
     private List<TextEntry> results = new();
     private bool displayResults = false;
     private bool ignoreHelpTexts = true;
+    private bool caseSensitive = false;
 
     protected override void OnInitialized()
     {
@@ -128,7 +133,7 @@
         results = new();
         foreach(var entry in actDict)
         {
-            if (!(ignoreHelpTexts && entry.Key.StartsWith("H")) && entry.Value.Contains(searchString))
+            if (!(ignoreHelpTexts && entry.Key.StartsWith("H")) && (caseSensitive ? entry.Value.Contains(searchString) : entry.Value.ToLower().Contains(searchString.ToLower())))
             {
                 results.Add(new TextEntry(){ Key = entry.Key, Text = entry.Value, CustomText = actCustomDict.ContainsKey(entry.Key) ? actCustomDict[entry.Key] : ""});
             }

From 775f8923367501ad969dde59377ba84ddb714be5 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Wed, 21 Feb 2024 19:13:34 +0100
Subject: [PATCH 05/84] first fry rules

---
 .vscode/launch.json                           |   2 +-
 inventory/group_vars/all.yml                  |   2 +-
 .../files/upgrade/{7.3.7.sql => 8.0.2.sql}    |   0
 .../{vmwareNSX => nsx4ff}/__init__.py         |   0
 .../discovery_logging.conf                    |   0
 .../{vmwareNSX => nsx4ff}/fwcommon.py         |  49 +++---
 .../{vmwareNSX => nsx4ff}/nsx_application.py  |   0
 .../{vmwareNSX => nsx4ff}/nsx_base.py         |   0
 .../{vmwareNSX => nsx4ff}/nsx_getter.py       |  52 +++----
 .../{vmwareNSX => nsx4ff}/nsx_network.py      |   0
 .../files/importer/nsx4ff/nsx_rule.py         | 130 ++++++++++++++++
 .../{vmwareNSX => nsx4ff}/nsx_service.py      |   0
 .../{vmwareNSX => nsx4ff}/nsx_zone.py         |   0
 .../paloaltomanagement2023ff/palo_rule.py     |   2 +-
 .../files/importer/vmwareNSX/nsx_rule.py      | 144 ------------------
 15 files changed, 183 insertions(+), 198 deletions(-)
 rename roles/database/files/upgrade/{7.3.7.sql => 8.0.2.sql} (100%)
 rename roles/importer/files/importer/{vmwareNSX => nsx4ff}/__init__.py (100%)
 rename roles/importer/files/importer/{vmwareNSX => nsx4ff}/discovery_logging.conf (100%)
 rename roles/importer/files/importer/{vmwareNSX => nsx4ff}/fwcommon.py (65%)
 rename roles/importer/files/importer/{vmwareNSX => nsx4ff}/nsx_application.py (100%)
 rename roles/importer/files/importer/{vmwareNSX => nsx4ff}/nsx_base.py (100%)
 rename roles/importer/files/importer/{vmwareNSX => nsx4ff}/nsx_getter.py (56%)
 rename roles/importer/files/importer/{vmwareNSX => nsx4ff}/nsx_network.py (100%)
 create mode 100644 roles/importer/files/importer/nsx4ff/nsx_rule.py
 rename roles/importer/files/importer/{vmwareNSX => nsx4ff}/nsx_service.py (100%)
 rename roles/importer/files/importer/{vmwareNSX => nsx4ff}/nsx_zone.py (100%)
 delete mode 100644 roles/importer/files/importer/vmwareNSX/nsx_rule.py

diff --git a/.vscode/launch.json b/.vscode/launch.json
index 3adab9410..f2e0be8f7 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -82,7 +82,7 @@
                 "PYTHONPATH": "${PYTHONPATH}:${workspaceRoot}"
             },
             "args": [
-                "-m7",
+                "-m24",
                 "-d1",
                 "-f",
                 "-s",
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index f636da984..a99ebfb35 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -1,5 +1,5 @@
 ### general settings
-product_version: "8.0"
+product_version: "8.0.2"
 ansible_user: "{{ lookup('env', 'USER') }}"
 ansible_become_method: sudo
 ansible_python_interpreter: /usr/bin/python3
diff --git a/roles/database/files/upgrade/7.3.7.sql b/roles/database/files/upgrade/8.0.2.sql
similarity index 100%
rename from roles/database/files/upgrade/7.3.7.sql
rename to roles/database/files/upgrade/8.0.2.sql
diff --git a/roles/importer/files/importer/vmwareNSX/__init__.py b/roles/importer/files/importer/nsx4ff/__init__.py
similarity index 100%
rename from roles/importer/files/importer/vmwareNSX/__init__.py
rename to roles/importer/files/importer/nsx4ff/__init__.py
diff --git a/roles/importer/files/importer/vmwareNSX/discovery_logging.conf b/roles/importer/files/importer/nsx4ff/discovery_logging.conf
similarity index 100%
rename from roles/importer/files/importer/vmwareNSX/discovery_logging.conf
rename to roles/importer/files/importer/nsx4ff/discovery_logging.conf
diff --git a/roles/importer/files/importer/vmwareNSX/fwcommon.py b/roles/importer/files/importer/nsx4ff/fwcommon.py
similarity index 65%
rename from roles/importer/files/importer/vmwareNSX/fwcommon.py
rename to roles/importer/files/importer/nsx4ff/fwcommon.py
index 87de87449..c68fe1b32 100644
--- a/roles/importer/files/importer/vmwareNSX/fwcommon.py
+++ b/roles/importer/files/importer/nsx4ff/fwcommon.py
@@ -1,14 +1,15 @@
 import sys
+import base64
 from common import importer_base_dir
-sys.path.append(importer_base_dir + "/paloaltomanagement2023ff")
-from palo_service import normalize_svcobjects
-from palo_application import normalize_application_objects
-from palo_rule import normalize_access_rules
-from palo_network import normalize_nwobjects
-from palo_zone import normalize_zones
-from palo_getter import login, update_config_with_palofw_api_call
+sys.path.append(importer_base_dir + "/nsx4ff")
+from nsx_service import normalize_svcobjects
+from nsx_application import normalize_application_objects
+from nsx_rule import normalize_access_rules
+from nsx_network import normalize_nwobjects
+from nsx_zone import normalize_zones
+from nsx_getter import update_config_with_nsxdcfw_api_call
 from fwo_log import getFwoLogger
-from palo_base import api_version_str
+from nsx_base import api_version_str
 
 def has_config_changed(full_config, mgm_details, force=False):
     # dummy - may be filled with real check later on
@@ -26,10 +27,11 @@ def get_config(config2import, full_config, current_import_id, mgm_details, limit
         apipwd = mgm_details["import_credential"]['secret']
         apiuser = mgm_details["import_credential"]['user']
         apihost = mgm_details["hostname"]
+        domain = mgm_details["configPath"]
 
         vsys_objects   = ["/Network/Zones", "/Objects/Addresses", "/Objects/Services", "/Objects/AddressGroups", "/Objects/ServiceGroups", "/Objects/Tags"]
         predef_objects = ["/Objects/Applications"]
-        rulebase_names = ["/Policies/SecurityRules", "/Policies/NATRules"]
+        rulebase_names = ["security-policies"] # , "/Policies/NATRules"]
 
         for obj_path in vsys_objects:
             full_config[obj_path] = []
@@ -37,23 +39,19 @@ def get_config(config2import, full_config, current_import_id, mgm_details, limit
         for obj_path in predef_objects:
             full_config[obj_path] = []
         
-        # login
-        key = login(apiuser, apipwd, apihost)
-        if key == None or key == "":
-            logger.error('Did not succeed in logging in to Palo API, no key returned.')
-            return 1
+        credentials = base64.b64encode((apiuser + ":" + apipwd).encode())
 
         ## get objects:
-        base_url =  "https://{apihost}/restapi/v{api_version_str}".format(apihost=apihost, api_version_str=api_version_str)
+        # base_url =  "https://{apihost}/policy/api/v1/infra/domains/{domain}/security-policies/[policy name]".format(apihost=apihost, api_version_str=api_version_str)
 
-        vsys_name = "vsys1" # TODO - automate this hard-coded name
-        location = "vsys"       # alternative: panorama-pushed
+        # vsys_name = "vsys1" # TODO - automate this hard-coded name
+        # location = "vsys"       # alternative: panorama-pushed
 
-        for obj_path in vsys_objects:
-            update_config_with_palofw_api_call(key, base_url, full_config, obj_path + "?location={location}&vsys={vsys_name}".format(location=location, vsys_name=vsys_name), obj_type=obj_path)
+        # for obj_path in vsys_objects:
+        #     update_config_with_nsxdcfw_api_call(key, base_url, full_config, obj_path + "?location={location}&vsys={vsys_name}".format(location=location, vsys_name=vsys_name), obj_type=obj_path)
 
-        for obj_path in predef_objects:
-            update_config_with_palofw_api_call(key, base_url, full_config, obj_path + "?location={location}".format(location="predefined"), obj_type=obj_path)
+        # for obj_path in predef_objects:
+        #     update_config_with_nsxdcfw_api_call(key, base_url, full_config, obj_path + "?location={location}".format(location="predefined"), obj_type=obj_path)
 
         # users
         
@@ -65,10 +63,11 @@ def get_config(config2import, full_config, current_import_id, mgm_details, limit
             full_config['devices'].update({ dev_id: {} })
 
             for obj_path in rulebase_names:
-                update_config_with_palofw_api_call(
-                        key, base_url, full_config['devices'][device['id']], 
-                        obj_path + "?location={location}&vsys={vsys_name}".format(location="vsys", vsys_name=dev_name),
-                        obj_type=obj_path)
+                base_url =  "https://{apihost}/policy/api/v1/infra/domains/{domain}/{rulebase_name}/{policy_name}".format(apihost=apihost, domain=domain, policy_name=dev_name, rulebase_name=obj_path)
+                update_config_with_nsxdcfw_api_call(
+                        base_url, full_config['devices'][device['id']], 
+                        obj_path,
+                        obj_type=obj_path, credentials=credentials)
 
     ##################
     # now we normalize relevant parts of the raw config and write the results to config2import dict
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_application.py b/roles/importer/files/importer/nsx4ff/nsx_application.py
similarity index 100%
rename from roles/importer/files/importer/vmwareNSX/nsx_application.py
rename to roles/importer/files/importer/nsx4ff/nsx_application.py
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_base.py b/roles/importer/files/importer/nsx4ff/nsx_base.py
similarity index 100%
rename from roles/importer/files/importer/vmwareNSX/nsx_base.py
rename to roles/importer/files/importer/nsx4ff/nsx_base.py
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_getter.py b/roles/importer/files/importer/nsx4ff/nsx_getter.py
similarity index 56%
rename from roles/importer/files/importer/vmwareNSX/nsx_getter.py
rename to roles/importer/files/importer/nsx4ff/nsx_getter.py
index ae2c94b33..390d778fd 100644
--- a/roles/importer/files/importer/vmwareNSX/nsx_getter.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_getter.py
@@ -11,12 +11,12 @@
 
 def api_call(url, params = {}, headers = {}, data = {}, credentials = '', show_progress=False, method='get'):
     logger = getFwoLogger()
-    result_type='xml'
+    result_type='json'
     request_headers = {'Content-Type': 'application/json'}
     for header_key in headers:
         request_headers[header_key] = headers[header_key]
-    if key != '':
-        request_headers["Authorization"] = 'Basic ' + '{credentials}'.format(key=key)
+    if credentials != '':
+        request_headers["Authorization"] = 'Basic {credentials}'.format(credentials=credentials.decode("utf-8"))
         result_type='json'
 
     if method == "post":
@@ -24,7 +24,7 @@ def api_call(url, params = {}, headers = {}, data = {}, credentials = '', show_p
     elif method == "get":
         response = requests.get(url, params=params, headers=request_headers, verify=fwo_globals.verify_certs)
     else:
-        raise Exception("unknown HTTP method found in palo_getter")
+        raise Exception("unknown HTTP method found in nsx_getter")
     
     # error handling:
     exception_text = ''
@@ -59,34 +59,34 @@ def api_call(url, params = {}, headers = {}, data = {}, credentials = '', show_p
     return body_json
 
 
-def login(apiuser, apipwd, apihost):
-    base_url = "https://{apihost}/api/?type=keygen&user={apiuser}&password={apipwd}".format(apihost=apihost, apiuser=apiuser, apipwd=apipwd)
-    try:
-        body = api_call(base_url, method="get", headers={}, data={})
-    except Exception as e:
-        raise FwLoginFailed("Palo FW login to firewall=" + str(apihost) + " failed; Message: " + str(e)) from None
+# def login(apiuser, apipwd, apihost):
+#     base_url = "https://{apihost}/api/?type=keygen&user={apiuser}&password={apipwd}".format(apihost=apihost, apiuser=apiuser, apipwd=apipwd)
+#     try:
+#         body = api_call(base_url, method="get", headers={}, data={})
+#     except Exception as e:
+#         raise FwLoginFailed("Palo FW login to firewall=" + str(apihost) + " failed; Message: " + str(e)) from None
     
-    if 'response' in body and 'result' in body['response'] and 'key' in body['response']['result'] and not body['response']['result']['key'] == None:
-        key = body['response']['result']['key']
-    else:
-        raise FwLoginFailed("Palo FW login to firewall=" + str(apihost) + " failed") from None
+#     if 'response' in body and 'result' in body['response'] and 'key' in body['response']['result'] and not body['response']['result']['key'] == None:
+#         key = body['response']['result']['key']
+#     else:
+#         raise FwLoginFailed("Palo FW login to firewall=" + str(apihost) + " failed") from None
     
-    if fwo_globals.debug_level > 2:
-        logger = getFwoLogger()
-        logger.debug("Login successful. Received key: " + key)
+#     if fwo_globals.debug_level > 2:
+#         logger = getFwoLogger()
+#         logger.debug("Login successful. Received key: " + key)
 
-    return key
+#     return key
 
 
-def update_config_with_palofw_api_call(key, api_base_url, config, api_path, obj_type='generic', parameters={}, payload={}, show_progress=False, limit: int=1000, method="get"):
+def update_config_with_nsxdcfw_api_call(api_base_url, config, api_path, credentials='', obj_type='generic', parameters={}, payload={}, show_progress=False, limit: int=1000, method="get"):
     returned_new_data = True
     
     full_result = []
-    result = api_call(api_base_url + api_path,key=key, params=parameters, data=payload, show_progress=show_progress, method=method)
-    if "entry" in result:
-        returned_new_data = len(result['entry'])>0
-    else:
-        returned_new_data = False
+    result = api_call(api_base_url, credentials=credentials, params=parameters, data=payload, show_progress=show_progress, method=method)
+    # if "entry" in result:
+    #     returned_new_data = len(result['entry'])>0
+    # else:
+    #     returned_new_data = False
     if returned_new_data:
-        full_result.extend(result["entry"])           
-        config.update({obj_type: full_result})
+        # full_result.extend(result)           
+        config.update({obj_type: result})
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_network.py b/roles/importer/files/importer/nsx4ff/nsx_network.py
similarity index 100%
rename from roles/importer/files/importer/vmwareNSX/nsx_network.py
rename to roles/importer/files/importer/nsx4ff/nsx_network.py
diff --git a/roles/importer/files/importer/nsx4ff/nsx_rule.py b/roles/importer/files/importer/nsx4ff/nsx_rule.py
new file mode 100644
index 000000000..239fd91d4
--- /dev/null
+++ b/roles/importer/files/importer/nsx4ff/nsx_rule.py
@@ -0,0 +1,130 @@
+from nsx_service import parse_svc_list
+from nsx_network import parse_obj_list
+from fwo_log import getFwoLogger
+from fwo_const import list_delimiter
+import hashlib
+import base64
+import os.path
+
+
+def make_hash_sha256(o):
+    hasher = hashlib.sha256()
+    hasher.update(repr(make_hashable(o)).encode())
+    return base64.b64encode(hasher.digest()).decode()
+
+
+def make_hashable(o):
+    if isinstance(o, (tuple, list)):
+        return tuple((make_hashable(e) for e in o))
+
+    if isinstance(o, dict):
+        return tuple(sorted((k,make_hashable(v)) for k,v in o.items()))
+
+    if isinstance(o, (set, frozenset)):
+        return tuple(sorted(make_hashable(e) for e in o))
+
+    return o
+
+
+def normalize_access_rules(full_config, config2import, import_id, mgm_details={}):
+    rules = []
+    logger = getFwoLogger()
+
+    nw_obj_names = []
+    for o in config2import['network_objects']:
+        nw_obj_names.append(o["obj_name"])
+
+    for device in full_config["devices"]:     
+        rule_number = 0
+        for dev_id in full_config['devices'].keys():
+            for rulebase in list(full_config['devices'][dev_id].keys()):
+                for rule_orig in full_config['devices'][dev_id][rulebase]['rules']:
+                    rule = {'rule_src': 'any', 'rule_dst': 'any', 'rule_svc': 'any',
+                    'rule_src_refs': 'any_obj_placeholder', 'rule_dst_refs': 'any_obj_placeholder',
+                    'rule_src_neg': False, 'rule_dst_neg': False,
+                    'rule_svc_refs': 'any_svc_placeholder'}
+
+                    if 'sources_excluded' in rule_orig and rule_orig['sources_excluded']:
+                        rule["rule_src_neg"] = True
+                    if 'destinations_excluded' in rule_orig and rule_orig['destinations_excluded']:
+                        rule["rule_dst_neg"] = True
+                    rule.update({
+                        "rule_svc_neg": False,     # not possible to negate the svc field on Palo
+                        "rulebase_name": os.path.basename(rule_orig['parent_path']),
+                        "rule_name": rule_orig['relative_path'],
+                        'rule_type': 'access',
+                        'rule_num': rule_number,
+                        #'rule_installon': rule_orig['@vsys'],
+                        'parent_rule_id': None,
+                        'rule_time': None,
+                        'rule_implied': False,
+                        'rule_comment': None,
+                        'rule_track': 'None',
+                        'rule_uid': rule_orig['unique_id'],
+                        'rule_disabled': rule_orig['disabled'],
+                        'control_id': import_id
+                    })
+
+                    if "action" in rule_orig:
+                        if rule_orig['action']=='ALLOW':
+                            rule['rule_action'] = 'accept'
+                        elif rule_orig['action']=='drop':
+                            rule['rule_action'] = 'drop'
+                        elif rule_orig['action']=='deny':
+                            rule['rule_action'] = 'deny'
+                        elif rule_orig['action']=='REJECT':
+                            rule['rule_action'] = 'reject'
+                        else:
+                            logger.warning("found undefined action:" + str(rule_orig))
+                    else:   # NAT rules
+                        rule['rule_action'] = "accept"
+                        rule['rule_type'] = 'nat'
+
+                    # TODO: should either duplicate the rule for each zone to zone pair
+                    # or much better allow for n:m rule:zone mappings --> change of DB necessary
+                    # # instead we are just picking the last one!!!
+                    # for z in rule_orig['from']['member']:
+                    #     rule.update({'rule_from_zone': z})
+                    # for z in rule_orig['to']['member']:
+                    #     rule.update({'rule_to_zone': z})
+
+                    if 'logged' in rule_orig and rule_orig['logged']:
+                        rule['rule_track'] = 'log'
+                    else:
+                        rule['rule_track'] = 'none'
+
+                    if "source_groups" in rule_orig:
+                        rule['rule_src_refs'] = ','.join(rule_orig["source_groups"])
+                        # rule['rule_src_refs'], rule["rule_src"] = parse_obj_list(source_objects, import_id, config2import['network_objects'], rule["rule_uid"])
+                    else:
+                        logger.warning("found undefined source in rule: " + str(rule_orig))
+
+                    if "destination_groups" in rule_orig:
+                        rule['rule_dst_refs'] = ','.join(rule_orig["destination_groups"])
+                        # rule['rule_dst_refs'], rule["rule_dst"] = parse_obj_list(destination_objects, import_id, config2import['network_objects'], rule["rule_uid"])
+                    else:
+                        logger.warning("found undefined destination in rule: " + str(rule_orig))
+
+                    services = []
+                    if "services" in rule_orig:
+                        services = rule_orig["services"]
+                        # if services[0] == 'application-default' or services[0] == 'any':
+                        #     services =  []
+                    # apps = []
+                    # if 'application' in rule_orig:
+                    #     # no services given but applications - parse apps
+                    #     if 'member' in rule_orig['application']:
+                    #         # apps = ['any']  ## TEMP before app parsing
+                    #         apps = rule_orig["application"]["member"]
+                    #     else:
+                    #         apps = [rule_orig["application"]]
+                    #     if apps[0] == 'any':
+                    #         apps = []
+                    
+                    # rule['rule_svc_refs'], rule["rule_svc"] = parse_svc_list(apps + services, import_id, config2import['service_objects'], rule["rule_uid"], type='service')
+                    rule['rule_svc_refs'], rule["rule_svc"] = parse_svc_list(services, import_id, config2import['service_objects'], rule["rule_uid"], type='service')
+
+                    rule_number += 1
+                    rules.append(rule)
+
+    config2import['rules'] += rules
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_service.py b/roles/importer/files/importer/nsx4ff/nsx_service.py
similarity index 100%
rename from roles/importer/files/importer/vmwareNSX/nsx_service.py
rename to roles/importer/files/importer/nsx4ff/nsx_service.py
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_zone.py b/roles/importer/files/importer/nsx4ff/nsx_zone.py
similarity index 100%
rename from roles/importer/files/importer/vmwareNSX/nsx_zone.py
rename to roles/importer/files/importer/nsx4ff/nsx_zone.py
diff --git a/roles/importer/files/importer/paloaltomanagement2023ff/palo_rule.py b/roles/importer/files/importer/paloaltomanagement2023ff/palo_rule.py
index 6071f5ef2..504a99a5e 100644
--- a/roles/importer/files/importer/paloaltomanagement2023ff/palo_rule.py
+++ b/roles/importer/files/importer/paloaltomanagement2023ff/palo_rule.py
@@ -103,7 +103,7 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={}
                         if 'member' in rule_orig["source"]:
                             source_objects = rule_orig["source"]["member"]
                         else:
-                            source_objects = [rule_orig["service"]]
+                            source_objects = [rule_orig["source"]]
                         rule['rule_src_refs'], rule["rule_src"] = parse_obj_list(source_objects, import_id, config2import['network_objects'], rule["rule_uid"])
                     else:
                         logger.warning("found undefined source in rule: " + str(rule_orig))
diff --git a/roles/importer/files/importer/vmwareNSX/nsx_rule.py b/roles/importer/files/importer/vmwareNSX/nsx_rule.py
deleted file mode 100644
index 6071f5ef2..000000000
--- a/roles/importer/files/importer/vmwareNSX/nsx_rule.py
+++ /dev/null
@@ -1,144 +0,0 @@
-from palo_service import parse_svc_list
-from palo_network import parse_obj_list
-from fwo_log import getFwoLogger
-from fwo_const import list_delimiter
-import hashlib
-import base64
-
-
-def make_hash_sha256(o):
-    hasher = hashlib.sha256()
-    hasher.update(repr(make_hashable(o)).encode())
-    return base64.b64encode(hasher.digest()).decode()
-
-
-def make_hashable(o):
-    if isinstance(o, (tuple, list)):
-        return tuple((make_hashable(e) for e in o))
-
-    if isinstance(o, dict):
-        return tuple(sorted((k,make_hashable(v)) for k,v in o.items()))
-
-    if isinstance(o, (set, frozenset)):
-        return tuple(sorted(make_hashable(e) for e in o))
-
-    return o
-
-
-def normalize_access_rules(full_config, config2import, import_id, mgm_details={}):
-    rules = []
-    logger = getFwoLogger()
-
-    nw_obj_names = []
-    for o in config2import['network_objects']:
-        nw_obj_names.append(o["obj_name"])
-
-    for device in full_config["devices"]:     
-        rule_number = 0
-        for dev_id in full_config['devices'].keys():
-            for rulebase in list(full_config['devices'][dev_id].keys()):
-                for rule_orig in full_config['devices'][dev_id][rulebase]:
-                    rule = {'rule_src': 'any', 'rule_dst': 'any', 'rule_svc': 'any',
-                    'rule_src_refs': 'any_obj_placeholder', 'rule_dst_refs': 'any_obj_placeholder',
-                    'rule_src_neg': False, 'rule_dst_neg': False,
-                    'rule_svc_refs': 'any_svc_placeholder'}
-                    if 'negate-source' in rule_orig and rule_orig['negate-source']=='yes':
-                        rule["rule_src_neg"] = True
-                    if 'negate-destination' in rule_orig and rule_orig['negate-destination']=='yes':
-                        rule["rule_dst_neg"] = True
-                    rule.update({
-                        "rule_svc_neg": False,     # not possible to negate the svc field on Palo
-                        "rulebase_name": rule_orig['@vsys'],
-                        "rule_name": rule_orig['@name'],
-                        'rule_type': 'access',
-                        'rule_num': rule_number,
-                        'rule_installon': rule_orig['@vsys'],
-                        'parent_rule_id': None,
-                        'rule_time': None,
-                        'rule_implied': False,
-                        'rule_comment': None,
-                        'rule_track': 'None',
-                        'rule_uid': rule_orig['@uuid'],
-                        'rule_disabled': False,
-                        'control_id': import_id
-                    })
-
-                    if "action" in rule_orig:
-                        if rule_orig['action']=='allow':
-                            rule['rule_action'] = 'accept'
-                        elif rule_orig['action']=='drop':
-                            rule['rule_action'] = 'drop'
-                        elif rule_orig['action']=='deny':
-                            rule['rule_action'] = 'deny'
-                        elif rule_orig['action']=='reset-client':
-                            rule['rule_action'] = 'reject'
-                        else:
-                            logger.warning("found undefined action:" + str(rule_orig))
-                    else:   # NAT rules
-                        rule['rule_action'] = "accept"
-                        rule['rule_type'] = 'nat'
-
-                    # TODO: should either duplicate the rule for each zone to zone pair
-                    # or much better allow for n:m rule:zone mappings --> change of DB necessary
-                    # instead we are just picking the last one!!!
-                    for z in rule_orig['from']['member']:
-                        rule.update({'rule_from_zone': z})
-                    for z in rule_orig['to']['member']:
-                        rule.update({'rule_to_zone': z})
-
-                    if 'disabled' in rule_orig and rule_orig['disabled']=='yes':
-                        rule['rule_disabled'] = True
-                    if 'log-start' in rule_orig:
-                        if rule_orig['log-start']=='yes':
-                            rule['rule_track'] = 'all start'
-                        elif rule_orig['log-start']=='no':
-                            rule['rule_track'] = 'None'
-                        else:
-                            logger.warning ("found undefined track:" + str(rule_orig))
-                            rule['rule_track'] = 'None'
-                    else:
-                        rule['rule_track'] = 'None'
-
-                    if "source" in rule_orig:
-                        if 'member' in rule_orig["source"]:
-                            source_objects = rule_orig["source"]["member"]
-                        else:
-                            source_objects = [rule_orig["service"]]
-                        rule['rule_src_refs'], rule["rule_src"] = parse_obj_list(source_objects, import_id, config2import['network_objects'], rule["rule_uid"])
-                    else:
-                        logger.warning("found undefined source in rule: " + str(rule_orig))
-
-                    if "destination" in rule_orig:
-                        if 'member' in rule_orig["destination"]:
-                            destination_objects = rule_orig["destination"]["member"]
-                        else:
-                            destination_objects = [rule_orig["destination"]]
-                        rule['rule_dst_refs'], rule["rule_dst"] = parse_obj_list(destination_objects, import_id, config2import['network_objects'], rule["rule_uid"])
-                    else:
-                        logger.warning("found undefined destination in rule: " + str(rule_orig))
-
-                    services = []
-                    if "service" in rule_orig:
-                        if 'member' in rule_orig['service']:
-                            services = rule_orig["service"]["member"]
-                        else:
-                            services = [rule_orig["service"]]
-                        if services[0] == 'application-default' or services[0] == 'any':
-                            services =  []
-                    apps = []
-                    if 'application' in rule_orig:
-                        # no services given but applications - parse apps
-                        if 'member' in rule_orig['application']:
-                            # apps = ['any']  ## TEMP before app parsing
-                            apps = rule_orig["application"]["member"]
-                        else:
-                            apps = [rule_orig["application"]]
-                        if apps[0] == 'any':
-                            apps = []
-                    
-                    rule['rule_svc_refs'], rule["rule_svc"] = parse_svc_list(apps + services, import_id, config2import['service_objects'], rule["rule_uid"], type='service')
-
-                    rule_number += 1
-                    rules.append(rule)
-
-    config2import['rules'] += rules

From 3043898dc04694d8f62110530738da0e36b629b9 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Thu, 22 Feb 2024 17:21:41 +0100
Subject: [PATCH 06/84] rework naming convention handling

---
 .../files/sql/creation/fworch-fill-stm.sql    |   2 +-
 .../files/sql/idempotent/fworch-texts.sql     |  14 +-
 .../Data/ModellingManagedIdString.cs          | 171 ++++++++++++++++++
 .../Data/ModellingNamingConvention.cs         |   3 +
 .../FWO.Api.Client/Data/ModellingNwGroup.cs   |  51 +-----
 .../files/FWO.Test/ManagedIdStringTest.cs     | 143 +++++++++++++++
 .../files/FWO.Test/ModellingHandlerTest.cs    |   6 -
 .../Pages/Help/HelpSettingsModelling.cshtml   |   5 +-
 .../Pages/NetworkModelling/EditAppRole.razor  |  16 +-
 .../Pages/Settings/SettingsModelling.razor    |  26 ++-
 .../Services/ModellingAppRoleHandler.cs       |  74 ++++----
 11 files changed, 396 insertions(+), 115 deletions(-)
 create mode 100644 roles/lib/files/FWO.Api.Client/Data/ModellingManagedIdString.cs
 create mode 100644 roles/test/files/FWO.Test/ManagedIdStringTest.cs

diff --git a/roles/database/files/sql/creation/fworch-fill-stm.sql b/roles/database/files/sql/creation/fworch-fill-stm.sql
index eb47e43a4..b357610fc 100644
--- a/roles/database/files/sql/creation/fworch-fill-stm.sql
+++ b/roles/database/files/sql/creation/fworch-fill-stm.sql
@@ -80,7 +80,7 @@ insert into config (config_key, config_value, config_user) VALUES ('importSubnet
 insert into config (config_key, config_value, config_user) VALUES ('importSubnetDataSleepTime', '0', 0);
 insert into config (config_key, config_value, config_user) VALUES ('importAppDataPath', '[]', 0);
 insert into config (config_key, config_value, config_user) VALUES ('importSubnetDataPath', '', 0);
-insert into config (config_key, config_value, config_user) VALUES ('modNamingConvention', '{"networkAreaRequired":false,"fixedPartLength":0,"freePartLength":0,"networkAreaPattern":"","appRolePattern":""}', 0);
+insert into config (config_key, config_value, config_user) VALUES ('modNamingConvention', '{"networkAreaRequired":false,"useAppPart":false,"fixedPartLength":0,"freePartLength":0,"networkAreaPattern":"","appRolePattern":""}', 0);
 insert into config (config_key, config_value, config_user) VALUES ('modIconify', 'True', 0);
 insert into config (config_key, config_value, config_user) VALUES ('reducedProtocolSet', 'True', 0);
 insert into config (config_key, config_value, config_user) VALUES ('overviewDisplayLines', '3', 0);
diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index c2bebac6b..c9fa79372 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -1770,6 +1770,8 @@ INSERT INTO txt VALUES ('fixedPartLength',      'German',   'L&auml;nge fixer Te
 INSERT INTO txt VALUES ('fixedPartLength',      'English',  'Fixed Part Length');
 INSERT INTO txt VALUES ('freePartLength',       'German',   'L&auml;nge freier Teil');
 INSERT INTO txt VALUES ('freePartLength',       'English',  'Free Part Length');
+INSERT INTO txt VALUES ('useAppPart',           'German',   'Eigent&uuml;mernamen verwenden');
+INSERT INTO txt VALUES ('useAppPart',           'English',  'Use Owner Name');
 INSERT INTO txt VALUES ('networkAreaPattern',   'German',   'Muster Netzwerkarea');
 INSERT INTO txt VALUES ('networkAreaPattern',   'English',  'Network Area Pattern');
 INSERT INTO txt VALUES ('appRolePattern',       'German',   'Muster App Rolle');
@@ -4338,17 +4340,19 @@ INSERT INTO txt VALUES ('H5606', 'English', 'Network Area Required: If this flag
     When defining an App Role, only the App Servers belonging to the selected area are displayed in the library.
     Naming of the App Role is then restricted to the naming convention defined in the following settings.
 ');
-INSERT INTO txt VALUES ('H5607', 'German',  'L&auml;nge fixer Teil: L&auml;nge des vorgebenen Teils des Namensmusters einer App Rolle.');
-INSERT INTO txt VALUES ('H5607', 'English', 'Fixed Part Length: Length of the predefined part of the name pattern of an App Role.');
-INSERT INTO txt VALUES ('H5608', 'German',  'L&auml;nge freier Teil: L&auml;nge des frei zu vergebenden Teils des Namens einer App Rolle.');
-INSERT INTO txt VALUES ('H5608', 'English', 'Free Part Length: Length of the free part of the name pattern of an App Role.');
+INSERT INTO txt VALUES ('H5607', 'German',  'L&auml;nge fixer Teil: L&auml;nge des vorgebenen Teils des Namensmusters einer App Rolle (ohne den ggf. vorhandenen Eigent&uuml;merteil variabler L&auml;nge).');
+INSERT INTO txt VALUES ('H5607', 'English', 'Fixed Part Length: Length of the predefined part of the name pattern of an App Role (without the owner part of variable length if activated).');
+INSERT INTO txt VALUES ('H5608', 'German',  'L&auml;nge freier Teil: L&auml;nge des frei zu vergebenden Teils des Namens einer App Rolle (nur f&uuml;r den Namensvorschlag beim Neuanlegen relevant).');
+INSERT INTO txt VALUES ('H5608', 'English', 'Free Part Length: Length of the free part of the name pattern of an App Role (only relevant for name proposal during creation).');
 INSERT INTO txt VALUES ('H5609', 'German',  'Muster Netzwerkarea: Definiert, wie der Name einer Netzwerkarea beginnt (z.B "NA").');
 INSERT INTO txt VALUES ('H5609', 'English', 'Network Area Pattern: Defines the beginning of a network area name (e.g. "NA").');
 INSERT INTO txt VALUES ('H5610', 'German',  'Muster App Rolle: Definiert, wie der Name einer App Rolle beginnt (z.B. "AR").
     Zu einer Netzwerkarea (z.B. "NAxx") wird dann ein Name der App Rolle (z.B. "ARxx") mit der oben definierten L&auml;nge des fixen Teils vorgegeben.
+    Ist die L&auml;nge des Musters gr&ouml;sser als die L&auml;nge des fixen Teils, wird der &uuml;bersch&uuml;ssige Teil nicht ber&uuml;cksichtigt.
 ');
 INSERT INTO txt VALUES ('H5610', 'English', 'App Role Pattern: Defines the beginning of an App Role name (e.g. "AR").
     According to an network area name (e.g. "NAxx"), an App Role name (e.g. "ARxx") is preset in the length of the fixed part defined above.
+    If the length of the pattern is greater than the fixed part length, the surplus part is ignored.
 ');
 INSERT INTO txt VALUES ('H5611', 'German',  'Pfad und Name von Appdaten-Import (ohne Endung): Hier werden die vollst&auml;ndigen Pfade f&uuml;r eventuell vorhandene Importskripte und -dateien eingegeben.
     Der Importprozess pr&uuml;ft f&uuml;r jede der eingegebenen Datenquellen zun&auml;chst, ob ein Skript dieses Namens mit der Endung .py vorhanden ist, und f&uuml;hrt dieses ggf. aus. 
@@ -4393,6 +4397,8 @@ INSERT INTO txt VALUES ('H5617', 'German',  'Reduzierten Protokollset darstellen
 INSERT INTO txt VALUES ('H5617', 'English', 'Display reduced Protocol set: Offer only a reduced number of protocols for selection (TCP, UDP, ICMP).');
 INSERT INTO txt VALUES ('H5618', 'German',  'Nutzung von Piktogrammen: Vorzugsweise Nutzung von Piktogrammen wo sinnvoll. Wird vom Administrator allgemein vorausgew&auml;hlt, kann aber vom Nutzer in den pers&ouml;nlichen Einstellungen &uuml;berschrieben werden.');
 INSERT INTO txt VALUES ('H5618', 'English', 'Prefer use of Icons: Use icons where reasonnable. Generally set by the administrator but can be overwritten in the personal settings of the user.');
+INSERT INTO txt VALUES ('H5619', 'German',  'Eigent&uuml;mernamen verwenden: Der Name des Eigent&uuml;mers fliesst in den mittleren Teil der Namenskonvention f&uuml;r App-Rollen ein.');
+INSERT INTO txt VALUES ('H5619', 'English', 'Use Owner Name: The name of the owner is used in the middle part of the naming convention for App Roles.');
 INSERT INTO txt VALUES ('H5621', 'German',  'Ein Modellierer kann einige pers&ouml;nliche Voreinstellungen f&uuml;r die Darstellung der Modellierung &uuml;berschreiben.
     Ausgangswert ist der vom Admin in den <a href="/help/settings/modelling">Modellierungseinstellungen</a> gesetzte Wert.
 ');
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingManagedIdString.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingManagedIdString.cs
new file mode 100644
index 000000000..cea36bc14
--- /dev/null
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingManagedIdString.cs
@@ -0,0 +1,171 @@
+namespace FWO.Api.Data
+{
+    public class ModellingManagedIdString
+    {
+        private string IdString = "";
+        private const string separator = "-";
+
+        public ModellingNamingConvention NamingConvention { get; set; } = new();
+
+
+        public ModellingManagedIdString()
+        {}
+
+        public ModellingManagedIdString(string idstring)
+        {
+            IdString = idstring;
+            NamingConvention = new();
+        }
+
+        public ModellingManagedIdString(ModellingManagedIdString managedIdstring)
+        {
+            IdString = managedIdstring.IdString;
+            NamingConvention = managedIdstring.NamingConvention;
+        }
+
+        public string Whole
+        {
+            get
+            {
+                return IdString;
+            }
+            set
+            {
+                IdString = value;
+            }
+        }
+
+        public string FixedPart
+        {
+            get
+            {
+                return IdString.Length >= NamingConvention.FixedPartLength ? IdString.Substring(0, NamingConvention.FixedPartLength) : IdString;
+            }
+            set
+            {
+                string valueToInsert = value.Length > NamingConvention.FixedPartLength ? value.Substring(0, NamingConvention.FixedPartLength) : value;
+                valueToInsert = FillFixedIfNecessary(valueToInsert, "?");
+                if (IdString.Length >= NamingConvention.FixedPartLength)
+                {
+                    IdString = valueToInsert + IdString.Substring(NamingConvention.FixedPartLength);
+                }
+                else
+                {
+                    IdString = valueToInsert;
+                }
+            }
+        }
+
+        public string AppPart
+        {
+            get
+            {
+                return NamingConvention.UseAppPart ? (AppPartExisting() ? IdString.Substring(NamingConvention.FixedPartLength, AppPartEnd() - NamingConvention.FixedPartLength + 1): "") : "";
+            }
+            set
+            {
+                if(NamingConvention.UseAppPart)
+                {
+                    IdString = FillFixedIfNecessary(IdString);
+                    IdString = IdString.Substring(0, NamingConvention.FixedPartLength) + value + FreePart;
+                }
+            }
+        }
+
+        public string CombinedFixPart
+        {
+            get
+            {
+                return FixedPart + (AppPart.EndsWith(separator) ? AppPart.Substring(0, AppPart.Length - 1) : AppPart);
+            }
+            set
+            {
+                IdString = value + FreePart;
+            }
+        }
+
+        public string Separator
+        {
+            get
+            {
+                return NamingConvention.UseAppPart && AppPart.EndsWith(separator) ? separator : "";
+            }
+            set
+            {
+                if(NamingConvention.UseAppPart)
+                {
+                    AppPart += value;
+                }
+            }
+        }
+
+        public string FreePart
+        {
+            get
+            {
+                return NamingConvention.UseAppPart && AppPartExisting() ? IdString.Substring(AppPartEnd() + 1) : IdString.Substring(NamingConvention.FixedPartLength);
+            }
+            set
+            {
+                IdString = FillFixedIfNecessary(IdString);
+                IdString = IdString.Substring(0, AppPartExisting() ? AppPartEnd() + 1 : NamingConvention.FixedPartLength) + value;
+            }
+        }
+
+        public void SetAppPartFromExtId(string extAppId)
+        {
+            string zoneType = extAppId.StartsWith("APP") ? "0" : (extAppId.StartsWith("COM") ? "1" :  "?");
+            int idx = extAppId.IndexOf(separator);
+            string appNumber = idx > 0 ? extAppId.Substring(idx + 1, extAppId.Length - idx - 1) : "";
+            AppPart = zoneType + appNumber + separator;
+        }
+
+        public void ConvertAreaToAppRoleFixedPart (string areaIdString)
+        {
+            FixedPart = ConvertAreaToAppRole(areaIdString, NamingConvention);
+        }
+
+        public static string ConvertAreaToAppRole (string areaIdString, ModellingNamingConvention namingConvention)
+        {
+            if(areaIdString.Length >= namingConvention.FixedPartLength)
+            {
+                return areaIdString.Substring(0, namingConvention.FixedPartLength).Remove(0, namingConvention.NetworkAreaPattern.Length).Insert(0, namingConvention.AppRolePattern);
+            }
+            return areaIdString;
+        }
+
+        public static string ConvertAppRoleToArea (string appRoleIdString, ModellingNamingConvention namingConvention)
+        {
+            int convLength = namingConvention.AppRolePattern.Length > namingConvention.FixedPartLength ? namingConvention.FixedPartLength : namingConvention.AppRolePattern.Length;
+            if(appRoleIdString.Length >= namingConvention.FixedPartLength)
+            {
+                return appRoleIdString.Substring(0, namingConvention.FixedPartLength).Remove(0, convLength).Insert(0, namingConvention.NetworkAreaPattern);
+            }
+            return "";
+        }
+
+
+        private int AppPartEnd() 
+        {
+            return IdString.IndexOf(separator);
+        }
+
+        private bool AppPartExisting()
+        {
+            return AppPartEnd() > NamingConvention.FixedPartLength && IdString.Length >= AppPartEnd();
+        }
+
+        private string FillFixedIfNecessary(string idString, string filler = " ")
+        {
+            if (idString.Length < NamingConvention.FixedPartLength)
+            {
+                int positionsToFill = NamingConvention.FixedPartLength - idString.Length;
+                for (int i = 0; i < positionsToFill; i++)
+                {
+                    idString += filler;
+                }
+            }
+            return idString;
+        }
+    }
+}
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingNamingConvention.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingNamingConvention.cs
index ca117f732..c6f86c3bf 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingNamingConvention.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingNamingConvention.cs
@@ -8,6 +8,9 @@ public class ModellingNamingConvention
         [JsonProperty("networkAreaRequired"), JsonPropertyName("networkAreaRequired")]
         public bool NetworkAreaRequired { get; set; } = false;
 
+        [JsonProperty("useAppPart"), JsonPropertyName("useAppPart")]
+        public bool UseAppPart { get; set; } = false;
+
         [JsonProperty("fixedPartLength"), JsonPropertyName("fixedPartLength")]
         public int FixedPartLength { get; set; }
 
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingNwGroup.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingNwGroup.cs
index 1082a3b91..eda16f192 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingNwGroup.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingNwGroup.cs
@@ -9,54 +9,13 @@ public class ModellingNwGroup : ModellingNwObject
         public int GroupType { get; set; }
 
         [JsonProperty("id_string"), JsonPropertyName("id_string")]
-        public string IdString { get; set; } = "";
-        public string IdStringFixedPart
-        { 
-            get
-            { 
-                return IdString.Length >= FixedPartLength ? IdString.Substring(0, FixedPartLength) : IdString;
-            }
-            set
-            { 
-                if(IdString.Length >= FixedPartLength)
-                {
-                    IdString = value + IdString.Substring(FixedPartLength);
-                }
-                else
-                {
-                    IdString = value;
-                }
-            }
-        }
-        public string IdStringFreePart
+        public string IdString
         {
-            get
-            {
-                return IdString.Length >= FixedPartLength ? IdString.Substring(FixedPartLength) : "";
-            }
-            set
-            {
-                if(IdString.Length >= FixedPartLength)
-                {
-                    IdString = IdString.Substring(0, FixedPartLength) + value;
-                }
-                else
-                {
-                    for (int i = 0; i < FixedPartLength - IdString.Length; i++)
-                    {
-                        IdString += " ";
-                    }
-                    IdString += value;
-                }
-            }
+            get { return ManagedIdString.Whole; }
+            set { ManagedIdString = new (value); }
         }
+        public ModellingManagedIdString ManagedIdString { get; set; } = new ();
 
-        public int FixedPartLength;
-
-        public void SetFixedPartLength(int fixedPartLength)
-        {
-            FixedPartLength = fixedPartLength;
-        }
 
         public override string Display()
         {
@@ -76,7 +35,7 @@ public override string DisplayWithIcon()
         public override bool Sanitize()
         {
             bool shortened = base.Sanitize();
-            IdString = Sanitizer.SanitizeMand(IdString, ref shortened);
+            ManagedIdString.FreePart = Sanitizer.SanitizeMand(ManagedIdString.FreePart, ref shortened);
             return shortened;
         }
 
diff --git a/roles/test/files/FWO.Test/ManagedIdStringTest.cs b/roles/test/files/FWO.Test/ManagedIdStringTest.cs
new file mode 100644
index 000000000..8ae4692b4
--- /dev/null
+++ b/roles/test/files/FWO.Test/ManagedIdStringTest.cs
@@ -0,0 +1,143 @@
+using NUnit.Framework;
+using FWO.Api.Data;
+
+namespace FWO.Test
+{
+    [TestFixture]
+    [Parallelizable]
+    internal class ManagedIdStringTest
+    {
+        ModellingManagedIdString IdString1 = new();
+        ModellingManagedIdString IdString2 = new("AR5001234-123");
+
+        static readonly ModellingNamingConvention NamingConvention1 = new()
+        {
+            NetworkAreaRequired = true,
+            UseAppPart = false,
+            FixedPartLength = 2,
+            FreePartLength = 5,
+            NetworkAreaPattern = "NA",
+            AppRolePattern = "AR"
+        };
+        static readonly ModellingNamingConvention NamingConvention2 = new()
+        {
+            NetworkAreaRequired = true,
+            UseAppPart = true,
+            FixedPartLength = 4,
+            FreePartLength = 3,
+            NetworkAreaPattern = "NA",
+            AppRolePattern = "AR"
+        };
+
+        ModellingNamingConvention NamingConvention3 = new()
+        {
+            NetworkAreaRequired = true,
+            UseAppPart = true,
+            FixedPartLength = 4,
+            FreePartLength = 3,
+            NetworkAreaPattern = "",
+            AppRolePattern = "A"
+        };
+
+
+        [Test]
+        public void TestManagedIdStringStartEmpty()
+        {
+            Assert.AreEqual("", IdString1.Whole);
+            Assert.AreEqual("", IdString1.FixedPart);
+            Assert.AreEqual("", IdString1.AppPart);
+            Assert.AreEqual("", IdString1.FreePart);
+            Assert.AreEqual("", IdString1.CombinedFixPart);
+            
+            IdString1.SetAppPartFromExtId("APP-0001");
+            Assert.AreEqual("", IdString1.Whole);
+            Assert.AreEqual("", IdString1.FixedPart);
+            Assert.AreEqual("", IdString1.AppPart);
+            Assert.AreEqual("", IdString1.Separator);
+            Assert.AreEqual("", IdString1.FreePart);
+            Assert.AreEqual("", IdString1.CombinedFixPart);
+
+            IdString1.NamingConvention = NamingConvention2;
+            IdString1.SetAppPartFromExtId("APP-0001");
+            Assert.AreEqual("    00001-", IdString1.Whole);
+            Assert.AreEqual("    ", IdString1.FixedPart);
+            Assert.AreEqual("00001-", IdString1.AppPart);
+            Assert.AreEqual("-", IdString1.Separator);
+            Assert.AreEqual("", IdString1.FreePart);
+            Assert.AreEqual("    00001", IdString1.CombinedFixPart);
+
+            IdString1.FixedPart = "x";
+            Assert.AreEqual("x???00001-", IdString1.Whole);
+            Assert.AreEqual("x???", IdString1.FixedPart);
+            Assert.AreEqual("00001-", IdString1.AppPart);
+            Assert.AreEqual("-", IdString1.Separator);
+            Assert.AreEqual("", IdString1.FreePart);
+            Assert.AreEqual("x???00001", IdString1.CombinedFixPart);
+
+            IdString1.FixedPart = "muchlonger";
+            Assert.AreEqual("much00001-", IdString1.Whole);
+            Assert.AreEqual("much", IdString1.FixedPart);
+            Assert.AreEqual("00001-", IdString1.AppPart);
+            Assert.AreEqual("-", IdString1.Separator);
+            Assert.AreEqual("", IdString1.FreePart);
+            Assert.AreEqual("much00001", IdString1.CombinedFixPart);
+        }
+
+        [Test]
+        public void TestManagedIdStringPrefilled()
+        {
+            Assert.AreEqual("AR5001234-123", IdString2.Whole);
+            Assert.AreEqual("", IdString2.FixedPart);
+            Assert.AreEqual("", IdString2.AppPart);
+            Assert.AreEqual("", IdString2.Separator);
+            Assert.AreEqual("AR5001234-123", IdString2.FreePart);
+            Assert.AreEqual("", IdString2.CombinedFixPart);
+
+            IdString2.NamingConvention = NamingConvention1;
+            Assert.AreEqual("AR5001234-123", IdString2.Whole);
+            Assert.AreEqual("AR", IdString2.FixedPart);
+            Assert.AreEqual("", IdString2.AppPart);
+            Assert.AreEqual("", IdString2.Separator);
+            Assert.AreEqual("5001234-123", IdString2.FreePart);
+            Assert.AreEqual("AR", IdString2.CombinedFixPart);
+
+            IdString2.NamingConvention = NamingConvention2;
+            Assert.AreEqual("AR5001234-123", IdString2.Whole);
+            Assert.AreEqual("AR50", IdString2.FixedPart);
+            Assert.AreEqual("01234-", IdString2.AppPart);
+            Assert.AreEqual("-", IdString2.Separator);
+            Assert.AreEqual("123", IdString2.FreePart);
+            Assert.AreEqual("AR5001234", IdString2.CombinedFixPart);
+
+            IdString2.SetAppPartFromExtId("COM-99999");
+            Assert.AreEqual("AR50199999-123", IdString2.Whole);
+            Assert.AreEqual("AR50", IdString2.FixedPart);
+            Assert.AreEqual("199999-", IdString2.AppPart);
+            Assert.AreEqual("-", IdString2.Separator);
+            Assert.AreEqual("123", IdString2.FreePart);
+            Assert.AreEqual("AR50199999", IdString2.CombinedFixPart);
+
+            IdString2.NamingConvention =  new();
+            Assert.AreEqual("AR50199999-123", IdString2.Whole);
+            Assert.AreEqual("", IdString2.FixedPart);
+            Assert.AreEqual("", IdString2.AppPart);
+            Assert.AreEqual("", IdString2.Separator);
+            Assert.AreEqual("AR50199999-123", IdString2.FreePart);
+            Assert.AreEqual("", IdString2.CombinedFixPart);
+        }
+
+        [Test]
+        public void TestReconstructAreaIdString()
+        {
+            Assert.AreEqual("NA", ModellingManagedIdString.ConvertAppRoleToArea("AR5000001", NamingConvention1));
+            Assert.AreEqual("NA91", ModellingManagedIdString.ConvertAppRoleToArea("AR9104106-001", NamingConvention2));
+            Assert.AreEqual("R91", ModellingManagedIdString.ConvertAppRoleToArea("AR9112345-001", NamingConvention3));
+            NamingConvention3.NetworkAreaPattern = "XYZ";
+            Assert.AreEqual("XYZR91", ModellingManagedIdString.ConvertAppRoleToArea("AR9112345-001", NamingConvention3));
+            NamingConvention3.AppRolePattern = "AR91";
+            Assert.AreEqual("XYZ", ModellingManagedIdString.ConvertAppRoleToArea("AR9112345-001", NamingConvention3));
+            NamingConvention3.AppRolePattern = "AR91123";
+            Assert.AreEqual("XYZ", ModellingManagedIdString.ConvertAppRoleToArea("AR9112345-001", NamingConvention3));
+        }
+    }
+}
diff --git a/roles/test/files/FWO.Test/ModellingHandlerTest.cs b/roles/test/files/FWO.Test/ModellingHandlerTest.cs
index b4e88a768..a3c04cd9a 100644
--- a/roles/test/files/FWO.Test/ModellingHandlerTest.cs
+++ b/roles/test/files/FWO.Test/ModellingHandlerTest.cs
@@ -140,11 +140,5 @@ public async Task TestProposeFreeAppRoleNumber()
         {
             Assert.AreEqual("00002", await AppRoleHandler.ProposeFreeAppRoleNumber(TestArea));
         }
-
-        [Test]
-        public void TestReconstructAreaIdString()
-        {
-            Assert.AreEqual("NA50", AppRoleHandler.ReconstructAreaIdString(new(){ Id = 1, IdString = "AR5000001" }));
-        }
     }
 }
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml
index b945455d8..a1beff12d 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml
@@ -27,10 +27,11 @@
     @(Html.Raw(userConfig.GetText("naming_convention")))
     <ul>
         <li>@(Html.Raw(userConfig.GetText("H5606")))</li>
-        <li>@(Html.Raw(userConfig.GetText("H5607")))</li>
-        <li>@(Html.Raw(userConfig.GetText("H5608")))</li>
         <li>@(Html.Raw(userConfig.GetText("H5609")))</li>
         <li>@(Html.Raw(userConfig.GetText("H5610")))</li>
+        <li>@(Html.Raw(userConfig.GetText("H5607")))</li>
+        <li>@(Html.Raw(userConfig.GetText("H5619")))</li>
+        <li>@(Html.Raw(userConfig.GetText("H5608")))</li>
     </ul>
     @(Html.Raw(userConfig.GetText("import_app_data")))
     <ul>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
index 58051da78..65333a30d 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
@@ -40,8 +40,9 @@
                             <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("id"))*:</label>
                             @if(AppRoleHandler.NamingConvention.NetworkAreaRequired)
                             {
-                                <input type="text" class="col-sm-2" readonly @bind="AppRoleHandler.ActAppRole.IdStringFixedPart" />
-                                <input type="text" class="col-sm-6" @bind="AppRoleHandler.ActAppRole.IdStringFreePart" />
+                                <input type="text" class="col-sm-4" readonly @bind="AppRoleHandler.ActAppRole.ManagedIdString.CombinedFixPart" />
+                                <span class="col-sm-1">@AppRoleHandler.ActAppRole.ManagedIdString.Separator</span>
+                                <input type="text" class="col-sm-3" @bind="AppRoleHandler.ActAppRole.ManagedIdString.FreePart" />
                             }
                             else
                             {
@@ -189,16 +190,7 @@
             if(!workInProgress)
             {
                 workInProgress = true;
-                AppRoleHandler.ActAppRole.Area = newArea;
-                if(newArea != null)
-                {
-                    if(newArea.IdString.Length >= AppRoleHandler.NamingConvention.FixedPartLength && AddMode)
-                    {
-                        AppRoleHandler.ActAppRole.IdStringFixedPart = AppRoleHandler.GetFixedAppRolePart(newArea);
-                        AppRoleHandler.ActAppRole.IdStringFreePart = await AppRoleHandler.ProposeFreeAppRoleNumber(newArea);
-                    }
-                }
-                await AppRoleHandler.SelectAppServersFromArea(newArea);
+                await AppRoleHandler.InitAppRole(newArea);
                 workInProgress = false;
             }
         }
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
index 9ed113ecd..aa7728de9 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
@@ -64,25 +64,31 @@
                     <input type="checkbox" @bind="namingConvention.NetworkAreaRequired">
                 </div>
             </div>
+            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5609"))">
+                <label class="col-form-label col-sm-5">@userConfig.GetText("networkAreaPattern"):</label>
+                <input type="text" class="col-sm-4" @bind="namingConvention.NetworkAreaPattern" />
+            </div>
+            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5610"))">
+                <label class="col-form-label col-sm-5">@userConfig.GetText("appRolePattern"):</label>
+                <input type="text" class="col-sm-4" @bind="namingConvention.AppRolePattern" />
+            </div>
+        </div>
+        <div class="form-group row mt-2">
             <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5607"))">
                 <label class="col-form-label col-sm-5">@userConfig.GetText("fixedPartLength"):</label>
                 <input type="number" min="0" class="col-sm-4" @bind="namingConvention.FixedPartLength" />
              </div>
+            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5619"))">
+                <label class="col-form-label col-sm-8">@(userConfig.GetText("useAppPart")):</label>
+                <div class="col-sm-2">
+                    <input type="checkbox" @bind="namingConvention.UseAppPart">
+                </div>
+            </div>
             <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5608"))">
                 <label class="col-form-label col-sm-5">@userConfig.GetText("freePartLength"):</label>
                 <input type="number" min="0" class="col-sm-4" @bind="namingConvention.FreePartLength" />
             </div>
         </div>
-        <div class="form-group row mt-2" data-toggle="tooltip" title="@(userConfig.PureLine("H5609"))">
-            <div class="row col-sm-6">
-                <label class="col-form-label col-sm-4">@userConfig.GetText("networkAreaPattern"):</label>
-                <input type="text" class="col-sm-4" @bind="namingConvention.NetworkAreaPattern" />
-            </div>
-            <div class="row col-sm-6" data-toggle="tooltip" title="@(userConfig.PureLine("H5610"))">
-                <label class="col-form-label col-sm-4">@userConfig.GetText("appRolePattern"):</label>
-                <input type="text" class="col-sm-4" @bind="namingConvention.AppRolePattern" />
-            </div>
-        </div>
         <hr />
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5611"))">
             <label class="col-form-label col-sm-4">@userConfig.GetText("importAppDataPath"):</label>
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
index 7376716f6..ef726e624 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
@@ -17,33 +17,56 @@ public class ModellingAppRoleHandler : ModellingHandlerBase
         public List<ModellingAppServer> AvailableAppServers { get; set; } = new();
         public List<ModellingAppServer> AppServersInArea { get; set; } = new();
         public List<KeyValuePair<int, long>> AvailableNwElems { get; set; } = new();
-
         public List<ModellingAppServer> AppServerToAdd { get; set; } = new();
         public List<ModellingAppServer> AppServerToDelete { get; set; } = new();
-        private readonly string origId = "";
         public ModellingNamingConvention NamingConvention = new();
 
+        private ModellingManagedIdString OrigId = new();
+
 
         public ModellingAppRoleHandler(ApiConnection apiConnection, UserConfig userConfig, FwoOwner application, 
             List<ModellingAppRole> appRoles, ModellingAppRole appRole, List<ModellingAppServer> availableAppServers,
             List<KeyValuePair<int, long>> availableNwElems, bool addMode, Action<Exception?, string, string, bool> displayMessageInUi, bool isOwner = true)
             : base (apiConnection, userConfig, application, addMode, displayMessageInUi, isOwner)
         {
-            NamingConvention = JsonSerializer.Deserialize<ModellingNamingConvention>(userConfig.ModNamingConvention) ?? new();
             AppRoles = appRoles;
-            foreach(var aR in AppRoles)
-            {
-                aR.SetFixedPartLength(NamingConvention.FixedPartLength);
-            }
             AvailableAppServers = availableAppServers;
             AvailableNwElems = availableNwElems;
             ActAppRole = appRole;
-            ActAppRole.SetFixedPartLength(NamingConvention.FixedPartLength);
-            if(!AddMode)
+            ApplyNamingConvention(application.ExtAppId);
+        }
+
+        private void ApplyNamingConvention(string extAppId)
+        {
+            NamingConvention = JsonSerializer.Deserialize<ModellingNamingConvention>(userConfig.ModNamingConvention) ?? new();
+            foreach(var aR in AppRoles)
+            {
+                aR.ManagedIdString.NamingConvention = NamingConvention;
+            }
+            ActAppRole.ManagedIdString.NamingConvention = NamingConvention;
+            if(AddMode)
+            {
+                ActAppRole.ManagedIdString.SetAppPartFromExtId(extAppId);
+            }
+            else
+            {
+                ActAppRole.Area = new () { IdString = ModellingManagedIdString.ConvertAppRoleToArea(ActAppRole.IdString, NamingConvention) };
+            }
+        }
+
+        public async Task InitAppRole(ModellingNetworkArea? newArea)
+        {
+            ActAppRole.Area = newArea;
+            if(newArea != null)
             {
-                ActAppRole.Area = new () { IdString = ReconstructAreaIdString(appRole) };
+                if(newArea.IdString.Length >= NamingConvention.FixedPartLength && AddMode)
+                {
+                    ActAppRole.ManagedIdString.ConvertAreaToAppRoleFixedPart(newArea.IdString);
+                    ActAppRole.ManagedIdString.FreePart = await ProposeFreeAppRoleNumber(newArea);
+                }
             }
-            origId = ActAppRole.IdString;
+            OrigId = new(ActAppRole.ManagedIdString);
+            await SelectAppServersFromArea(newArea);
         }
 
         public void AppServerToAppRole(List<ModellingAppServer> appServers)
@@ -101,10 +124,11 @@ private async Task<bool> CheckAppRole()
                 DisplayMessageInUi(null, userConfig.GetText("edit_app_role"), userConfig.GetText("E5102"), true);
                 return false;
             }
-            if((AddMode || ActAppRole.IdString != origId) && await IdStringAlreadyUsed(ActAppRole.IdString))
+            if((AddMode || ActAppRole.IdString != OrigId.Whole) && await IdStringAlreadyUsed(ActAppRole.IdString))
             {
                 // popup for correction?
-                DisplayMessageInUi(null, userConfig.GetText("edit_app_role"), userConfig.GetText("E9003"), true);
+                DisplayMessageInUi(null, userConfig.GetText("edit_app_role"), ActAppRole.IdString.ToString() + ": " + userConfig.GetText("E9003"), true);
+                ActAppRole.ManagedIdString = new(OrigId);
                 return false;
             }
             return true;
@@ -129,12 +153,12 @@ private async Task<bool> IdStringAlreadyUsed(string appRoleIdString)
         public async Task<string> ProposeFreeAppRoleNumber(ModellingNetworkArea area)
         {
             double maxNumbers = Math.Pow(10, NamingConvention.FreePartLength) - 1;
-            string idFix = GetFixedAppRolePart(area);
+            string idFix = ModellingManagedIdString.ConvertAreaToAppRole(area.IdString, NamingConvention);
             List<ModellingAppRole>? newestARs = await apiConnection.SendQueryAsync<List<ModellingAppRole>>(ModellingQueries.getNewestAppRoles, new { pattern = idFix + "%" });
             if(newestARs != null && newestARs.Count > 0)
             {
-                newestARs[0].SetFixedPartLength(NamingConvention.FixedPartLength);
-                if(int.TryParse(newestARs[0].IdStringFreePart, out int aRNumber))
+                newestARs[0].ManagedIdString.NamingConvention = NamingConvention;
+                if(int.TryParse(newestARs[0].ManagedIdString.FreePart, out int aRNumber))
                 {
                     aRNumber++;
                     while(aRNumber <= maxNumbers)
@@ -159,24 +183,6 @@ public async Task<string> ProposeFreeAppRoleNumber(ModellingNetworkArea area)
             return 1.ToString($"D{NamingConvention.FreePartLength}");
         }
 
-        public string GetFixedAppRolePart(ModellingNetworkArea area)
-        {
-            if(area.IdString.Length >= NamingConvention.FixedPartLength)
-            {
-                return area.IdString.Substring(0, NamingConvention.FixedPartLength).Remove(0, NamingConvention.NetworkAreaPattern.Length).Insert(0, NamingConvention.AppRolePattern);
-            }
-            return area.IdString;
-        }
-
-        public string ReconstructAreaIdString(ModellingAppRole appRole)
-        {
-            if(appRole.IdString.Length >= NamingConvention.FixedPartLength)
-            {
-                return appRole.IdString.Substring(0, NamingConvention.FixedPartLength).Remove(0, NamingConvention.AppRolePattern.Length).Insert(0, NamingConvention.NetworkAreaPattern);
-            }
-            return "";
-        }
-
         private async Task AddAppRoleToDb()
         {
             try

From 7ff1e1e7bdc1fd649cd21735eb12ec2ea76ea1b1 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Fri, 23 Feb 2024 08:19:05 +0100
Subject: [PATCH 07/84] cleanup old code (commented out already)

---
 roles/importer/files/importer/checkpointR8x/cp_getter.py | 1 -
 roles/importer/files/importer/fwo_api.py                 | 1 -
 2 files changed, 2 deletions(-)

diff --git a/roles/importer/files/importer/checkpointR8x/cp_getter.py b/roles/importer/files/importer/checkpointR8x/cp_getter.py
index 98071ddf4..90bdc188e 100644
--- a/roles/importer/files/importer/checkpointR8x/cp_getter.py
+++ b/roles/importer/files/importer/checkpointR8x/cp_getter.py
@@ -1,6 +1,5 @@
 # library for API get functions
 from asyncio.log import logger
-# from distutils.log import debug
 import json
 import re
 import requests, requests.packages
diff --git a/roles/importer/files/importer/fwo_api.py b/roles/importer/files/importer/fwo_api.py
index 97ea43210..f827accc5 100644
--- a/roles/importer/files/importer/fwo_api.py
+++ b/roles/importer/files/importer/fwo_api.py
@@ -1,6 +1,5 @@
 # library for FWORCH API calls
 from asyncio.log import logger
-# from distutils.log import debug
 import re
 import traceback
 from sqlite3 import Timestamp

From ec5e45c4aa3ded3b835d08ecd55709093f767c8d Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Fri, 23 Feb 2024 12:58:02 +0100
Subject: [PATCH 08/84] tabs + tests

---
 .../files/sql/idempotent/fworch-texts.sql     |  8 ++--
 .../Data/ModellingConnection.cs               |  2 +-
 .../files/FWO.Test/ManagedIdStringTest.cs     | 22 ++-------
 .../files/FWO.Test/ModellingHandlerTest.cs    | 23 ++++++++-
 .../FWO.Test/ModellingHandlerTestApiConn.cs   | 21 +++++++--
 .../NetworkModelling/NetworkModelling.razor   | 12 ++---
 .../FWO.UI/Services/ModellingAppHandler.cs    |  8 ++--
 .../Services/ModellingAppRoleHandler.cs       | 47 ++++++++++---------
 8 files changed, 84 insertions(+), 59 deletions(-)

diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index c9fa79372..2949e68a6 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -5511,19 +5511,19 @@ INSERT INTO txt VALUES ('H9022', 'English', 'Interfaces: They serve primarily th
     Besides the service either source or destination have to be defined in the application. The interfaces are offered to other applications to use
     them in the definition of own connections.
 ');
-INSERT INTO txt VALUES ('H9023', 'German',  'Standard-Verbindungen: Zentrale Objekte zur Modellierung der Kommunikationsverbindungen. Dabei m&uuml;ssen Quelle, Dienst und Ziel aus den in der Bibliothek 
+INSERT INTO txt VALUES ('H9023', 'German',  'Standard: Zentrale Objekte zur Modellierung der Kommunikationsverbindungen. Dabei m&uuml;ssen Quelle, Dienst und Ziel aus den in der Bibliothek 
     angebotenen Ntzwerkobjekten bzw. Services gew&auml;hlt werden. Es k&ouml;nnen auch eigene oder externe Schnittstellen eingebunden werden. Dann m&uuml;ssen nur noch die "offenen Enden"
     (je nach Schnittstelle Quelle oder Ziel) aus der Bibliothek hinzugef&uuml;gt werden.
 ');
-INSERT INTO txt VALUES ('H9023', 'English', 'Regular Connections: Essential objects for modelling the communication. Source, Service and Destination have to be selected from the network resp. service objects 
+INSERT INTO txt VALUES ('H9023', 'English', 'Connections: Essential objects for modelling the communication. Source, Service and Destination have to be selected from the network resp. service objects 
     offered in the library. Additionally own or external interfaces can be integrated. In this case only the "open ends" (source or destination, depending on the inetrface type)
     have to be added from the library.
 ');
 INSERT INTO txt VALUES ('H9024', 'German',  'Common Services: K&ouml;nnen nur definiert werden, wenn die Applikation durch den Administrator in den <a href="/help/settings/owners">Eigent&uuml;mer-Einstellungen</a> 
-    daf&uuml;r freigegeben wurde. Sie sind formal wie Standard-Verbindungen aufgebaut. 
+    daf&uuml;r freigegeben wurde. Sie sind formal wie normale Verbindungen aufgebaut, d&uuml;rfen aber keine Schnittstellen verwenden. 
 ');
 INSERT INTO txt VALUES ('H9024', 'English', 'Common Services: Can only be defined, if the application is marked as permitted in the <a href="/help/settings/owners">Owner Settings</a> by the administrator.
-    Formally they are structured as regular connections.
+    Formally they are structured as regular connections but are not allowed to use interfaces.
 ');
 INSERT INTO txt VALUES ('H9031', 'German',  'Netzwerkobjekte werden zur Definition von Quelle und Ziel der Verbindungen ben&ouml;tigt. Es wird zwischen verschiedenen Arten von Netzwerkobjekten unterschieden:');
 INSERT INTO txt VALUES ('H9031', 'English', 'Network objects are used to define source and destination of the connections. There are different types of network objects:');
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
index f1209612f..3fbb62943 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
@@ -124,7 +124,7 @@ public string GetConnType()
             {
                 return "common_service";
             }
-            return "regular_connection";
+            return "connection";
         }
 
         public bool SourceFilled()
diff --git a/roles/test/files/FWO.Test/ManagedIdStringTest.cs b/roles/test/files/FWO.Test/ManagedIdStringTest.cs
index 8ae4692b4..5b498d81e 100644
--- a/roles/test/files/FWO.Test/ManagedIdStringTest.cs
+++ b/roles/test/files/FWO.Test/ManagedIdStringTest.cs
@@ -12,31 +12,15 @@ internal class ManagedIdStringTest
 
         static readonly ModellingNamingConvention NamingConvention1 = new()
         {
-            NetworkAreaRequired = true,
-            UseAppPart = false,
-            FixedPartLength = 2,
-            FreePartLength = 5,
-            NetworkAreaPattern = "NA",
-            AppRolePattern = "AR"
+            NetworkAreaRequired = true, UseAppPart = false, FixedPartLength = 2, FreePartLength = 5, NetworkAreaPattern = "NA", AppRolePattern = "AR"
         };
         static readonly ModellingNamingConvention NamingConvention2 = new()
         {
-            NetworkAreaRequired = true,
-            UseAppPart = true,
-            FixedPartLength = 4,
-            FreePartLength = 3,
-            NetworkAreaPattern = "NA",
-            AppRolePattern = "AR"
+            NetworkAreaRequired = true, UseAppPart = true, FixedPartLength = 4, FreePartLength = 3, NetworkAreaPattern = "NA", AppRolePattern = "AR"
         };
-
         ModellingNamingConvention NamingConvention3 = new()
         {
-            NetworkAreaRequired = true,
-            UseAppPart = true,
-            FixedPartLength = 4,
-            FreePartLength = 3,
-            NetworkAreaPattern = "",
-            AppRolePattern = "A"
+            NetworkAreaRequired = true, UseAppPart = true, FixedPartLength = 4, FreePartLength = 3, NetworkAreaPattern = "", AppRolePattern = "A"
         };
 
 
diff --git a/roles/test/files/FWO.Test/ModellingHandlerTest.cs b/roles/test/files/FWO.Test/ModellingHandlerTest.cs
index a3c04cd9a..3a9e290ef 100644
--- a/roles/test/files/FWO.Test/ModellingHandlerTest.cs
+++ b/roles/test/files/FWO.Test/ModellingHandlerTest.cs
@@ -42,6 +42,15 @@ internal class ModellingHandlerTest
             new(){ Content = new(){ Name = "Testsubnet2", Ip = "11.0.0.0/30", IpEnd = "11.0.0.0/30" }}
         }};
 
+        static readonly ModellingNamingConvention NamingConvention1 = new()
+        {
+            NetworkAreaRequired = true, UseAppPart = false, FixedPartLength = 4, FreePartLength = 5, NetworkAreaPattern = "NA", AppRolePattern = "AR"
+        };
+        static readonly ModellingNamingConvention NamingConvention2 = new()
+        {
+            NetworkAreaRequired = true, UseAppPart = true, FixedPartLength = 4, FreePartLength = 3, NetworkAreaPattern = "NA", AppRolePattern = "AR"
+        };
+
         ModellingAppRoleHandler? AppRoleHandler;
         ModellingAppHandler? AppHandler;
 
@@ -138,7 +147,19 @@ public async Task TestSelectAppServersFromArea()
         [Test]
         public async Task TestProposeFreeAppRoleNumber()
         {
-            Assert.AreEqual("00002", await AppRoleHandler.ProposeFreeAppRoleNumber(TestArea));
+            ModellingManagedIdString idFixString = new() { NamingConvention = NamingConvention1 };
+            idFixString.ConvertAreaToAppRoleFixedPart(TestArea.IdString);
+            idFixString.SetAppPartFromExtId("APP-1234");
+            Assert.AreEqual("00002", await AppRoleHandler.ProposeFreeAppRoleNumber(idFixString));
+
+            idFixString.NamingConvention = NamingConvention2;
+            idFixString.ConvertAreaToAppRoleFixedPart("NA91");
+            idFixString.SetAppPartFromExtId("APP-1234");
+            AppRoleHandler.NamingConvention = NamingConvention2;
+            Assert.AreEqual("003", await AppRoleHandler.ProposeFreeAppRoleNumber(idFixString));
+
+            idFixString.ConvertAreaToAppRoleFixedPart("NA99");
+            Assert.AreEqual("001", await AppRoleHandler.ProposeFreeAppRoleNumber(idFixString));
         }
     }
 }
diff --git a/roles/test/files/FWO.Test/ModellingHandlerTestApiConn.cs b/roles/test/files/FWO.Test/ModellingHandlerTestApiConn.cs
index 43e1105ae..356ee3aa6 100644
--- a/roles/test/files/FWO.Test/ModellingHandlerTestApiConn.cs
+++ b/roles/test/files/FWO.Test/ModellingHandlerTestApiConn.cs
@@ -7,7 +7,11 @@ namespace FWO.Test
 internal class ModellingHandlerTestApiConn : SimulatedApiConnection
     {
         const string AppRoleId1 = "AR5000001";
+        const string AppRoleId2 = "AR9101234-002";
+        const string AppRoleId3 = "AR9901234-999";
         ModellingAppRole AppRole1 = new(){ Id = 1, IdString = AppRoleId1 };
+        ModellingAppRole AppRole2 = new(){ Id = 2, IdString = AppRoleId2 };
+        ModellingAppRole AppRole3 = new(){ Id = 3, IdString = AppRoleId3 };
 
 
         public override async Task<QueryResponseType> SendQueryAsync<QueryResponseType>(string query, object? variables = null, string? operationName = null)
@@ -18,10 +22,21 @@ public override async Task<QueryResponseType> SendQueryAsync<QueryResponseType>(
                 List<ModellingAppRole>? appRoles = new();
                 if(query == ModellingQueries.getNewestAppRoles)
                 {
-                    string pattern = variables.GetType().GetProperties().First(o => o.Name == "pattern").GetValue(variables, null).ToString();
-                    if(variables != null && (pattern == AppRoleId1 || pattern == "AR50%"))
+                    if(variables != null)
                     {
-                        appRoles = new(){ AppRole1 };
+                        string pattern = variables.GetType().GetProperties().First(o => o.Name == "pattern").GetValue(variables, null)?.ToString();
+                        if(pattern == AppRoleId1 || pattern == "AR50%")
+                        {
+                            appRoles = new(){ AppRole1 };
+                        }
+                        else if(pattern == AppRoleId2 || pattern == "AR9101234%")
+                        {
+                            appRoles = new(){ AppRole2 };
+                        }
+                        else if(pattern == AppRoleId3 || pattern == "AR9901234%")
+                        {
+                            appRoles = new(){ AppRole3 };
+                        }
                     }
                 }
                 else
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
index 82da52e5c..16566337c 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
@@ -59,21 +59,21 @@
         </div>
         <div class="m-2 vheight75">
             <TabSet WholeWidth="false" DarkMode="false" KeepPanelsAlive="false" @ref="appHandler.tabset">
-                <Tab Title="@(userConfig.GetText("provided_interfaces"))" Position=0>
+                <Tab Title="@(userConfig.GetText("connections"))" Position=0>
+                    <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddConnection">@(appHandler.DisplayButton("add_connection", Icons.Add, "connection"))</button>
+                    <ConnectionTable Connections="@appHandler.GetRegularConnections()" @bind-AppHandler="appHandler" AppActive="appActive"/>
+                </Tab>
+                <Tab Title="@(userConfig.GetText("provided_interfaces"))" Position=1>
                     <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddInterface">@(appHandler.DisplayButton("add_interface", Icons.Add, "interface"))</button>
                     <ConnectionTable Connections="@appHandler.GetInterfaces()" @bind-AppHandler="appHandler" AppActive="appActive"/>
                 </Tab>
                 @if(selectedApp.CommSvcPossible)
                 {
-                    <Tab Title="@(userConfig.GetText("common_services"))" Position=1>
+                    <Tab Title="@(userConfig.GetText("common_services"))" Position=2>
                         <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddCommonService">@(appHandler.DisplayButton("add_common_service", Icons.Add, "common_service"))</button>
                         <ConnectionTable Connections="@appHandler.GetCommonServices()" @bind-AppHandler="appHandler" AppActive="appActive"/>
                     </Tab>
                 }
-                <Tab Title="@(userConfig.GetText("regular_connections"))" Position=2>
-                    <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddConnection">@(appHandler.DisplayButton("add_connection", Icons.Add, "connection"))</button>
-                    <ConnectionTable Connections="@appHandler.GetRegularConnections()" @bind-AppHandler="appHandler" AppActive="appActive"/>
-                </Tab>
             </TabSet>
         </div>
         <ConfirmDelete @bind-Display="appHandler.DeleteConnMode" PerformAction="async () => {await appHandler.DeleteConnection(); appHandler.RestoreTab(); StateHasChanged();}"
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
index e8ec27797..6627910ca 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
@@ -50,15 +50,15 @@ public async Task Init()
         public void InitActiveTab()
         {
             int tab = 0;
-            if(GetInterfaces().Count == 0)
+            if(GetRegularConnections().Count == 0)
             {
-                if (Application.CommSvcPossible && GetCommonServices().Count > 0)
+                if (GetInterfaces().Count > 0)
                 {
                     tab = 1;
                 }
-                else if (GetRegularConnections().Count > 0)
+                else if (Application.CommSvcPossible && GetCommonServices().Count > 0)
                 {
-                    tab = Application.CommSvcPossible ? 2 : 1;
+                    tab = 2;
                 }
             }
             tabset.SetActiveTab(tab);
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
index ef726e624..d6367052c 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
@@ -62,7 +62,7 @@ public async Task InitAppRole(ModellingNetworkArea? newArea)
                 if(newArea.IdString.Length >= NamingConvention.FixedPartLength && AddMode)
                 {
                     ActAppRole.ManagedIdString.ConvertAreaToAppRoleFixedPart(newArea.IdString);
-                    ActAppRole.ManagedIdString.FreePart = await ProposeFreeAppRoleNumber(newArea);
+                    ActAppRole.ManagedIdString.FreePart = await ProposeFreeAppRoleNumber(ActAppRole.ManagedIdString);
                 }
             }
             OrigId = new(ActAppRole.ManagedIdString);
@@ -150,37 +150,42 @@ private async Task<bool> IdStringAlreadyUsed(string appRoleIdString)
             return false;
         }
 
-        public async Task<string> ProposeFreeAppRoleNumber(ModellingNetworkArea area)
+        public async Task<string> ProposeFreeAppRoleNumber(ModellingManagedIdString idFixString)
         {
-            double maxNumbers = Math.Pow(10, NamingConvention.FreePartLength) - 1;
-            string idFix = ModellingManagedIdString.ConvertAreaToAppRole(area.IdString, NamingConvention);
-            List<ModellingAppRole>? newestARs = await apiConnection.SendQueryAsync<List<ModellingAppRole>>(ModellingQueries.getNewestAppRoles, new { pattern = idFix + "%" });
+            int proposedNumber = 1;
+            List<ModellingAppRole>? newestARs = await apiConnection.SendQueryAsync<List<ModellingAppRole>>(ModellingQueries.getNewestAppRoles, new { pattern = idFixString.CombinedFixPart + "%" });
             if(newestARs != null && newestARs.Count > 0)
             {
                 newestARs[0].ManagedIdString.NamingConvention = NamingConvention;
-                if(int.TryParse(newestARs[0].ManagedIdString.FreePart, out int aRNumber))
+                if(int.TryParse(newestARs[0].ManagedIdString.FreePart, out int newestARNumber))
                 {
-                    aRNumber++;
-                    while(aRNumber <= maxNumbers)
+                    proposedNumber = await SearchFrom(idFixString, newestARNumber + 1);
+                    if(proposedNumber == 0)
                     {
-                        if(!await IdStringAlreadyUsed(idFix + aRNumber.ToString($"D{NamingConvention.FreePartLength}")))
-                        {
-                            return aRNumber.ToString($"D{NamingConvention.FreePartLength}");
-                        }
-                        aRNumber++;
+                        proposedNumber = await SearchFrom(idFixString, 1);
                     }
                 }
-                aRNumber = 1;
-                while(aRNumber <= maxNumbers)
+            }
+            return ProposedString(proposedNumber);
+        }
+
+        private async Task<int> SearchFrom(ModellingManagedIdString idFixString, int aRNumber)
+        {
+            double maxNumbers = Math.Pow(10, NamingConvention.FreePartLength) - 1;
+            while(aRNumber <= maxNumbers)
+            {
+                if(!await IdStringAlreadyUsed(idFixString.CombinedFixPart + idFixString.Separator + ProposedString(aRNumber)))
                 {
-                    if(!await IdStringAlreadyUsed(idFix + aRNumber.ToString($"D{NamingConvention.FreePartLength}")))
-                    {
-                        return aRNumber.ToString($"D{NamingConvention.FreePartLength}");
-                    }
-                    aRNumber++;
+                    return aRNumber;
                 }
+                aRNumber++;
             }
-            return 1.ToString($"D{NamingConvention.FreePartLength}");
+            return 0;
+        }
+
+        private string ProposedString(int aRNumber)
+        {
+            return aRNumber.ToString($"D{NamingConvention.FreePartLength}");
         }
 
         private async Task AddAppRoleToDb()

From c44f66d7bd4036a790ed61731043cb30eaa221d0 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Fri, 23 Feb 2024 16:57:03 +0100
Subject: [PATCH 09/84] modelling fixes

---
 .../NetworkModelling/EditConnLeftSide.razor      | 16 ++++++++--------
 .../EditServiceGroupLeftSide.razor               |  2 +-
 .../Pages/NetworkModelling/ManualAppServer.razor |  2 +-
 .../NetworkModelling/NetworkModelling.razor      |  6 +++---
 .../Services/ModellingConnectionHandler.cs       |  3 ++-
 .../FWO.UI/Services/ModellingHandlerBase.cs      | 10 +++++++---
 .../Services/ModellingServiceGroupHandler.cs     |  3 ++-
 .../FWO.UI/Services/ModellingServiceHandler.cs   |  5 ++++-
 8 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
index 6abc9f8f7..2271b5ed8 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
@@ -34,9 +34,9 @@
         </div>
         <div class="btn-group mt-1">
             <button type="button" class="btn btn-sm btn-success" @onclick="SearchNwObject">
-                @(ConnHandler.DisplayButton("search_nw_object", Icons.Search, "network_object"))</button>
+                @(ConnHandler.DisplayButton("search_nw_object", Icons.Search))</button>
             <button type="button" class="btn btn-sm btn-success" @onclick="() => {ConnHandler.CreateAppRole(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
-                @(ConnHandler.DisplayButton("add_app_role", Icons.Add, "app_role"))</button>
+                @(ConnHandler.DisplayButton("add_app_role", Icons.Add))</button>
             @if(selectedNwElems.Count == 1)
             {
                 @if(selectedNwElems[0].Key == (int)ModellingTypes.ObjectType.AppRole)
@@ -90,6 +90,11 @@
             <div class="btn-group mt-1">
                 <button type="button" class="btn btn-sm btn-success" @onclick="() => {ConnHandler.CreateServiceGroup(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
                     @(ConnHandler.DisplayButton("add_service_group", Icons.Add, "services_group"))</button>
+                @if(userConfig.AllowServiceInConn)
+                {
+                    <button type="button" class="btn btn-sm btn-success" @onclick="() => {ConnHandler.CreateService(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                        @(ConnHandler.DisplayButton("add_service", Icons.Add, "service"))</button>
+                }
                 @if(selectedSvcElems.Count == 1)
                 {
                     @if(selectedSvcElems[0].Key == (int)ModellingTypes.ObjectType.ServiceGroup)
@@ -123,7 +128,7 @@
                 }
             </div>
         }
-        @if(!ConnHandler.ActConn.IsInterface && ConnHandler.ActConn.UsedInterfaceId == null)
+        @if(!ConnHandler.ActConn.IsInterface && !ConnHandler.ActConn.IsCommonService && ConnHandler.ActConn.UsedInterfaceId == null)
         {
             <br><br>
             <h5>@(userConfig.GetText("interfaces"))</h5>
@@ -206,11 +211,6 @@
     private int sidebarLeftWidth { get { return Width; } set { Width = value; WidthChanged.InvokeAsync(Width);}}
 
     
-    @* private MarkupString DisplayButton(string text, string icon, string iconText = "")
-    {
-        return (MarkupString)(userConfig.ModIconify ? icon + (iconText != "" ? " " + userConfig.GetText(iconText) : "") : userConfig.GetText(text));
-    } *@
-
     private bool InterfaceToConn(ModellingConnection interf)
     {
         ConnHandler.InterfaceToConn(interf);
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor
index 7a13ba262..60ef77cf5 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor
@@ -25,7 +25,7 @@
     </div>
     <div class="btn-group mt-2">
         <button type="button" class="btn btn-sm btn-success" @onclick="() =>
-            {SvcGroupHandler.CreateService(); SvcGroupHandlerChanged.InvokeAsync(SvcGroupHandler);}">@(SvcGroupHandler.DisplayButton("add_service", Icons.Add, "service"))</button>
+            {SvcGroupHandler.CreateService(); SvcGroupHandlerChanged.InvokeAsync(SvcGroupHandler);}">@(SvcGroupHandler.DisplayButton("add_service", Icons.Add))</button>
         @if(selectedServices.Count == 1)
         {
             <button type="button" class="btn btn-sm btn-warning" @onclick="() =>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
index 176437887..da41059fa 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
@@ -12,7 +12,7 @@
         @if (Display)
         {
             <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appServerListHandler.CreateAppServer">
-                @(appServerListHandler.DisplayButton("add_app_server", Icons.Add, "app_server"))</button>
+                @(appServerListHandler.DisplayButton("add_app_server", Icons.Add))</button>
             <div class="vheight75">
                 <Table class="table table-bordered th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ModellingAppServer"
                         Items="appServerListHandler.ManualAppServers" PageSize="0" ColumnReorder="true">
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
index 16566337c..903d3bb79 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
@@ -60,17 +60,17 @@
         <div class="m-2 vheight75">
             <TabSet WholeWidth="false" DarkMode="false" KeepPanelsAlive="false" @ref="appHandler.tabset">
                 <Tab Title="@(userConfig.GetText("connections"))" Position=0>
-                    <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddConnection">@(appHandler.DisplayButton("add_connection", Icons.Add, "connection"))</button>
+                    <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddConnection">@(appHandler.DisplayButton("add_connection", Icons.Add))</button>
                     <ConnectionTable Connections="@appHandler.GetRegularConnections()" @bind-AppHandler="appHandler" AppActive="appActive"/>
                 </Tab>
                 <Tab Title="@(userConfig.GetText("provided_interfaces"))" Position=1>
-                    <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddInterface">@(appHandler.DisplayButton("add_interface", Icons.Add, "interface"))</button>
+                    <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddInterface">@(appHandler.DisplayButton("add_interface", Icons.Add))</button>
                     <ConnectionTable Connections="@appHandler.GetInterfaces()" @bind-AppHandler="appHandler" AppActive="appActive"/>
                 </Tab>
                 @if(selectedApp.CommSvcPossible)
                 {
                     <Tab Title="@(userConfig.GetText("common_services"))" Position=2>
-                        <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddCommonService">@(appHandler.DisplayButton("add_common_service", Icons.Add, "common_service"))</button>
+                        <button type="button" class="btn btn-sm btn-success mb-2" @onclick="appHandler.AddCommonService">@(appHandler.DisplayButton("add_common_service", Icons.Add))</button>
                         <ConnectionTable Connections="@appHandler.GetCommonServices()" @bind-AppHandler="appHandler" AppActive="appActive"/>
                     </Tab>
                 }
diff --git a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
index dc94fdfa8..88c3a3d3c 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
@@ -535,7 +535,8 @@ public void HandleService(ModellingService service)
         {
             try
             {
-                ServiceHandler = new ModellingServiceHandler(apiConnection, userConfig, Application, service, AvailableServices, AddServiceMode, DisplayMessageInUi, IsOwner);
+                ServiceHandler = new ModellingServiceHandler(apiConnection, userConfig, Application, service,
+                    AvailableServices, AvailableSvcElems, AddServiceMode, DisplayMessageInUi, IsOwner);
                 EditServiceMode = true;
             }
             catch (Exception exception)
diff --git a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
index 1f4006124..b911fba0c 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
@@ -32,11 +32,15 @@ public ModellingHandlerBase(ApiConnection apiConnection, UserConfig userConfig,
             IsOwner = isOwner;
         }
         
-        public MarkupString DisplayButton(string text, string icon, string iconText = "")
+        public MarkupString DisplayButton(string text, string icon, string iconText = "", string objIcon = "")
         {
             string tooltip = userConfig.ModIconify ? $"data-toggle=\"tooltip\" title=\"{@userConfig.PureLine(text)}\"" : "";
-            string iconToDisplay = $"<span class=\"oi {icon}\" {@tooltip}\"/>";
-            return (MarkupString)(userConfig.ModIconify ? iconToDisplay + (iconText != "" ? " " + userConfig.GetText(iconText) : "") : userConfig.GetText(text));
+            string iconToDisplay = $"<span class=\"oi {icon}\" {@tooltip}/>";
+            string objIconToDisplay = $"<span class=\"oi {objIcon}\"/>";
+            
+            return (MarkupString)(userConfig.ModIconify ? 
+                iconToDisplay + (iconText != "" ? " " + userConfig.GetText(iconText) : "") + (objIcon != "" ? " " + objIconToDisplay : "")
+                : userConfig.GetText(text));
         }
 
         protected async Task LogChange(ModellingTypes.ChangeType changeType, ModellingTypes.ObjectType objectType, long objId, string text, int? applicationId)
diff --git a/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
index 6865dfbd6..a75fec3c9 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
@@ -60,7 +60,8 @@ public void HandleService(ModellingService service)
             try
             {
                 service.IsGlobal = ActServiceGroup.IsGlobal;
-                ServiceHandler = new ModellingServiceHandler(apiConnection, userConfig, Application, service, AvailableServices, AddServiceMode, DisplayMessageInUi, IsOwner);
+                ServiceHandler = new ModellingServiceHandler(apiConnection, userConfig, Application, service,
+                    AvailableServices, AvailableSvcElems, AddServiceMode, DisplayMessageInUi, IsOwner);
                 EditServiceMode = true;
             }
             catch (Exception exception)
diff --git a/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
index ddf178715..f85013578 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
@@ -10,15 +10,17 @@ public class ModellingServiceHandler : ModellingHandlerBase
     {
         public ModellingService ActService { get; set; } = new();
         public List<ModellingService> AvailableServices { get; set; } = new();
+        public List<KeyValuePair<int, int>> AvailableSvcElems { get; set; } = new();
         private ModellingService ActServiceOrig { get; set; } = new();
 
 
         public ModellingServiceHandler(ApiConnection apiConnection, UserConfig userConfig, FwoOwner application, 
-            ModellingService service, List<ModellingService> availableServices, bool addMode, Action<Exception?, string, string, bool> displayMessageInUi, bool isOwner = true)
+            ModellingService service, List<ModellingService> availableServices, List<KeyValuePair<int, int>> availableSvcElems, bool addMode, Action<Exception?, string, string, bool> displayMessageInUi, bool isOwner = true)
             : base (apiConnection, userConfig, application, addMode, displayMessageInUi, isOwner)
         {
             ActService = service;
             AvailableServices = availableServices;
+            AvailableSvcElems = availableSvcElems;
             ActServiceOrig = new ModellingService(ActService);
         }
         
@@ -96,6 +98,7 @@ private async Task AddServiceToDb()
                     await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ObjectType.Service, ActService.Id,
                         $"New Service: {ActService.Display()}", Application.Id);
                     AvailableServices.Add(ActService);
+                    AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ObjectType.Service, ActService.Id));
                 }
             }
             catch (Exception exception)

From 766364434a263a28e95b166991f1acdc2b8b2352 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Fri, 23 Feb 2024 17:07:33 +0100
Subject: [PATCH 10/84] move global const, parametrize modelling icons

---
 .../Data}/GlobalConstants.cs                  | 21 ++++++++++++-------
 .../FWO.Api.Client/Data/ModellingAppRole.cs   |  2 +-
 .../FWO.Api.Client/Data/ModellingAppServer.cs |  3 +--
 .../FWO.Api.Client/Data/ModellingNwGroup.cs   |  2 +-
 .../FWO.Api.Client/Data/ModellingObject.cs    |  2 +-
 .../FWO.Api.Client/Data/ModellingService.cs   |  2 +-
 .../Data/ModellingServiceGroup.cs             |  2 +-
 .../Controllers/GroupController.cs            |  2 +-
 .../Controllers/RoleController.cs             |  2 +-
 .../files/FWO.Test/ModellingHandlerTest.cs    | 14 ++++++-------
 .../NetworkModelling/EditConnLeftSide.razor   |  4 ++--
 .../FWO.UI/Services/ModellingHandlerBase.cs   |  4 ++--
 roles/ui/files/FWO.UI/Shared/Confirm.razor    |  2 +-
 .../files/FWO.UI/Shared/ConfirmDelete.razor   |  2 +-
 .../FWO.UI/Shared/MonitoringLayout.razor      |  1 +
 .../files/FWO.UI/Shared/NavigationMenu.razor  |  1 +
 .../files/FWO.UI/Shared/RequestLayout.razor   |  1 +
 .../files/FWO.UI/Shared/SettingsLayout.razor  |  1 +
 18 files changed, 39 insertions(+), 29 deletions(-)
 rename roles/lib/files/{FWO.Config.Api => FWO.Api.Client/Data}/GlobalConstants.cs (72%)

diff --git a/roles/lib/files/FWO.Config.Api/GlobalConstants.cs b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
similarity index 72%
rename from roles/lib/files/FWO.Config.Api/GlobalConstants.cs
rename to roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
index 117a17e6d..e6a1959ed 100644
--- a/roles/lib/files/FWO.Config.Api/GlobalConstants.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
@@ -1,4 +1,4 @@
-namespace FWO.Config.Api
+namespace FWO.Api.Data
 {
     public struct GlobalConst
     {
@@ -42,11 +42,18 @@ public struct GlobalConst
     
     public struct Icons
     {
-        public const string Add = "oi-plus";
-        public const string Edit = "oi-wrench";
-        public const string Delete = "oi-trash";
-        public const string Search = "oi-magnifying-glass";
-        public const string Use = "oi-arrow-thick-right";
-        public const string Unuse = "oi-arrow-thick-left";
+        public const string Add = "oi oi-plus";
+        public const string Edit = "oi oi-wrench";
+        public const string Delete = "oi oi-trash";
+        public const string Search = "oi oi-magnifying-glass";
+        public const string Use = "oi oi-arrow-thick-right";
+        public const string Unuse = "oi oi-arrow-thick-left";
+
+        public const string ModObject = "oi oi-tag";
+        public const string Service = "oi oi-wrench";
+        public const string ServiceGroup = "oi oi-list-rich";
+        public const string AppServer = "oi oi-laptop";
+        public const string AppRole = "oi oi-list-rich";
+        public const string NwGroup = "oi oi-folder";
     }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
index 04f16d7bc..a76ff30ae 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
@@ -35,7 +35,7 @@ public ModellingNwGroup ToBase()
 
         public override string DisplayWithIcon()
         {
-            return $"<span class=\"oi oi-list-rich\"></span> " + DisplayHtml();
+            return $"<span class=\"{Icons.AppRole}\"></span> " + DisplayHtml();
         }
 
         public override bool Sanitize()
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
index cd4652330..971629c47 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
@@ -27,8 +27,7 @@ public override string DisplayHtml()
 
         public override string DisplayWithIcon()
         {
-            return $"<span class=\"oi oi-laptop\"></span> " + DisplayHtml();
-            // return $"<span class=\"oi {(ImportSource == "manual" ? "" : "oi-data-transfer-download")}\"></span> " + Display();
+            return $"<span class=\"{Icons.AppServer}\"></span> " + DisplayHtml();
         }
 
         public override bool Sanitize()
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingNwGroup.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingNwGroup.cs
index eda16f192..b5ec0b270 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingNwGroup.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingNwGroup.cs
@@ -29,7 +29,7 @@ public override string DisplayHtml()
 
         public override string DisplayWithIcon()
         {
-            return $"<span class=\"oi oi-folder\"></span> " + DisplayHtml();
+            return $"<span class=\"{Icons.NwGroup}\"></span> " + DisplayHtml();
         }
 
         public override bool Sanitize()
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingObject.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingObject.cs
index d4155c2d1..d95122b06 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingObject.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingObject.cs
@@ -25,7 +25,7 @@ public virtual string DisplayHtml()
 
         public virtual string DisplayWithIcon()
         {
-            return $"<span class=\"oi oi-tag\"></span> " + DisplayHtml();
+            return $"<span class=\"{Icons.ModObject}\"></span> " + DisplayHtml();
         }
 
         public virtual string DisplayWithIcon(bool displayGrey)
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs
index 6c75eba19..2582fc33d 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs
@@ -40,7 +40,7 @@ public override string Display()
 
         public override string DisplayWithIcon()
         {
-            return $"<span class=\"oi oi-wrench\"></span> " + DisplayHtml();
+            return $"<span class=\"{Icons.Service}\"></span> " + DisplayHtml();
         }
 
         public static NetworkService ToNetworkService(ModellingService service)
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
index d9fc53966..b4b769ed2 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
@@ -20,7 +20,7 @@ public class ModellingServiceGroup : ModellingSvcObject
 
         public override string DisplayWithIcon()
         {
-            return $"<span class=\"oi oi-list-rich\"></span> " + DisplayHtml();
+            return $"<span class=\"{Icons.ServiceGroup}\"></span> " + DisplayHtml();
         }
 
         public override bool Sanitize()
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs
index b290e359b..f8c0f2dcf 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs
@@ -1,4 +1,4 @@
-using FWO.Config.Api;
+using FWO.Api.Data;
 using FWO.Logging;
 using FWO.Middleware.RequestParameters;
 using FWO.Middleware.Server;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs
index 48943c0e3..8de471647 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs
@@ -1,4 +1,4 @@
-using FWO.Config.Api;
+using FWO.Api.Data;
 using FWO.Logging;
 using FWO.Middleware.RequestParameters;
 using FWO.Middleware.Server;
diff --git a/roles/test/files/FWO.Test/ModellingHandlerTest.cs b/roles/test/files/FWO.Test/ModellingHandlerTest.cs
index 3a9e290ef..56b08fac1 100644
--- a/roles/test/files/FWO.Test/ModellingHandlerTest.cs
+++ b/roles/test/files/FWO.Test/ModellingHandlerTest.cs
@@ -117,13 +117,13 @@ public void TestGetSrcDstSvcNames()
                 ServiceGroups = new(){ new(){ Content = new(){ Name = "SvcGroup1", IsGlobal = true}}},
                 Services = new(){ new(){ Content = new(){ Name = "Svc1", Port = 1111, Protocol = new(){ Name = "UDP"}} }}
             };
-            List<string> expectedSrc = new(){"<span class=\"\"><span class=\"oi oi-folder\"></span> <span><b><span class=\"\" ><span class=\"\">Area1 (NA50)</span></span></b></span></span>",
-                                             "<span class=\"\"><span class=\"oi oi-list-rich\"></span> <span><b><span class=\"text-danger\" ><i><span class=\"\">!AppRole1 (AR5000001)</span></i></span></b></span></span>",
-                                             "<span class=\"\"><span class=\"oi oi-laptop\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside1 (10.0.0.0)</span></span></span></span>",
-                                             "<span class=\"\"><span class=\"oi oi-laptop\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside2 (10.0.0.5)</span></span></span></span>"};
-            List<string> expectedDst = new(){"<span class=\"text-secondary\"><span class=\"oi oi-laptop\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside3 (11.0.0.1)</span></span></span></span>"};
-            List<string> expectedSvc = new(){"<span class=\"text-secondary\"><span class=\"oi oi-list-rich\"></span> <span><b>SvcGroup1</b></span></span>",
-                                             "<span class=\"text-secondary\"><span class=\"oi oi-wrench\"></span> <span>Svc1 (1111/UDP)</span></span>"};
+            List<string> expectedSrc = new(){$"<span class=\"\"><span class=\"{Icons.NwGroup}\"></span> <span><b><span class=\"\" ><span class=\"\">Area1 (NA50)</span></span></b></span></span>",
+                                             $"<span class=\"\"><span class=\"{Icons.AppRole}\"></span> <span><b><span class=\"text-danger\" ><i><span class=\"\">!AppRole1 (AR5000001)</span></i></span></b></span></span>",
+                                             $"<span class=\"\"><span class=\"{Icons.AppServer}\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside1 (10.0.0.0)</span></span></span></span>",
+                                             $"<span class=\"\"><span class=\"{Icons.AppServer}\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside2 (10.0.0.5)</span></span></span></span>"};
+            List<string> expectedDst = new(){$"<span class=\"text-secondary\"><span class=\"{Icons.AppServer}\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside3 (11.0.0.1)</span></span></span></span>"};
+            List<string> expectedSvc = new(){$"<span class=\"text-secondary\"><span class=\"{Icons.ServiceGroup}\"></span> <span><b>SvcGroup1</b></span></span>",
+                                             $"<span class=\"text-secondary\"><span class=\"{Icons.Service}\"></span> <span>Svc1 (1111/UDP)</span></span>"};
             Assert.AreEqual(expectedSrc, AppHandler.GetSrcNames(conn));
             Assert.AreEqual(expectedDst, AppHandler.GetDstNames(conn));
             Assert.AreEqual(expectedSvc, AppHandler.GetSvcNames(conn));
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
index 2271b5ed8..26695d8ea 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
@@ -89,11 +89,11 @@
             </div>
             <div class="btn-group mt-1">
                 <button type="button" class="btn btn-sm btn-success" @onclick="() => {ConnHandler.CreateServiceGroup(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
-                    @(ConnHandler.DisplayButton("add_service_group", Icons.Add, "services_group"))</button>
+                    @(ConnHandler.DisplayButton("add_service_group", Icons.Add, "", Icons.ServiceGroup))</button>
                 @if(userConfig.AllowServiceInConn)
                 {
                     <button type="button" class="btn btn-sm btn-success" @onclick="() => {ConnHandler.CreateService(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
-                        @(ConnHandler.DisplayButton("add_service", Icons.Add, "service"))</button>
+                        @(ConnHandler.DisplayButton("add_service", Icons.Add, "", Icons.Service))</button>
                 }
                 @if(selectedSvcElems.Count == 1)
                 {
diff --git a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
index b911fba0c..00f494c8d 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
@@ -35,8 +35,8 @@ public ModellingHandlerBase(ApiConnection apiConnection, UserConfig userConfig,
         public MarkupString DisplayButton(string text, string icon, string iconText = "", string objIcon = "")
         {
             string tooltip = userConfig.ModIconify ? $"data-toggle=\"tooltip\" title=\"{@userConfig.PureLine(text)}\"" : "";
-            string iconToDisplay = $"<span class=\"oi {icon}\" {@tooltip}/>";
-            string objIconToDisplay = $"<span class=\"oi {objIcon}\"/>";
+            string iconToDisplay = $"<span class=\"{icon}\" {@tooltip}/>";
+            string objIconToDisplay = $"<span class=\"{objIcon}\"/>";
             
             return (MarkupString)(userConfig.ModIconify ? 
                 iconToDisplay + (iconText != "" ? " " + userConfig.GetText(iconText) : "") + (objIcon != "" ? " " + objIconToDisplay : "")
diff --git a/roles/ui/files/FWO.UI/Shared/Confirm.razor b/roles/ui/files/FWO.UI/Shared/Confirm.razor
index c4faa698e..50eb508e7 100644
--- a/roles/ui/files/FWO.UI/Shared/Confirm.razor
+++ b/roles/ui/files/FWO.UI/Shared/Confirm.razor
@@ -1,4 +1,4 @@
-@using FWO.Config.Api
+@using FWO.Api.Data
 
 @attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
 
diff --git a/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor b/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor
index afee5f32c..211fcc1d9 100644
--- a/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor
+++ b/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor
@@ -1,4 +1,4 @@
-@using FWO.Config.Api
+@using FWO.Api.Data
 
 @attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kModeller}")]
 
diff --git a/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor b/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
index 30775ebc6..6b35ca141 100644
--- a/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
@@ -1,5 +1,6 @@
 @using FWO.Config.Api
 @using FWO.Config.Api.Data
+@using FWO.Api.Data
 
 @inherits LayoutComponentBase
 @layout MainLayout
diff --git a/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor b/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
index 47a18027c..cffafffe6 100644
--- a/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
+++ b/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
@@ -1,5 +1,6 @@
 @using FWO.Config.Api
 @using FWO.Config.Api.Data
+@using FWO.Api.Data
 
 @inject GlobalConfig globalConfig
 @inject UserConfig userConfig
diff --git a/roles/ui/files/FWO.UI/Shared/RequestLayout.razor b/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
index 746258647..72237a10a 100644
--- a/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
@@ -2,6 +2,7 @@
 @using FWO.Config.Api.Data
 @using FWO.Ui.Services
 @using FWO.Api.Client
+@using FWO.Api.Data
 
 @inherits LayoutComponentBase
 @layout MainLayout
diff --git a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
index 3a4bcbd99..03ad8881e 100644
--- a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
@@ -1,5 +1,6 @@
 @using FWO.Config.Api
 @using FWO.Config.Api.Data
+@using FWO.Api.Data
 
 @inherits LayoutComponentBase
 @layout MainLayout

From 95347765c520bd36d8122fb7ccc9eb2cff9b0019 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Fri, 23 Feb 2024 17:51:22 +0100
Subject: [PATCH 11/84] rename role string constants

---
 .../FWO.Api.Client/Data/GlobalConstants.cs    | 35 ++++++++++---------
 .../AuthenticationServerController.cs         | 10 +++---
 .../AuthenticationTokenController.cs          |  6 ++--
 .../Controllers/GroupController.cs            | 14 ++++----
 .../Controllers/RoleController.cs             |  6 ++--
 .../Controllers/TenantController.cs           |  8 ++---
 .../Controllers/UserController.cs             | 18 +++++-----
 .../files/FWO.Middleware.Server/JwtWriter.cs  | 34 +++++++++---------
 .../ui/files/FWO.UI/Auth/AuthStateProvider.cs |  2 +-
 .../ui/files/FWO.UI/Pages/Certification.razor | 10 +++---
 .../Pages/Compliance/ComplianceLayout.razor   |  2 +-
 .../FWO.UI/Pages/Compliance/ZoneTable.razor   |  2 +-
 .../Pages/Compliance/ZonesConfiguration.razor |  6 ++--
 .../FWO.UI/Pages/Compliance/ZonesMatrix.razor |  4 +--
 .../Pages/Monitoring/MonitorAlerts.razor      |  4 +--
 .../FWO.UI/Pages/Monitoring/MonitorAll.razor  |  2 +-
 .../Monitoring/MonitorAutodiscoveryLog.razor  |  4 +--
 .../Pages/Monitoring/MonitorDailyChecks.razor |  2 +-
 .../Pages/Monitoring/MonitorImportLog.razor   |  2 +-
 .../Monitoring/MonitorImportStatus.razor      |  2 +-
 .../Pages/Monitoring/MonitorUiLog.razor       |  2 +-
 .../Pages/Monitoring/MonitoringMain.razor     | 12 +++----
 .../files/FWO.UI/Pages/NetworkAnalysis.razor  |  2 +-
 .../EditAppRoleLeftSide.razor                 |  2 +-
 .../NetworkModelling/EditAppServer.razor      |  4 +--
 .../NetworkModelling/EditConnLeftSide.razor   | 10 +++---
 .../Pages/NetworkModelling/EditService.razor  |  4 +--
 .../NetworkModelling/EditServiceGroup.razor   |  2 +-
 .../EditServiceGroupLeftSide.razor            |  2 +-
 .../NetworkModelling/ManualAppServer.razor    |  2 +-
 .../NetworkModelling/NetworkModelling.razor   | 16 ++++-----
 .../NetworkModelling/PredefServices.razor     |  6 ++--
 .../NetworkModelling/SearchInterface.razor    |  4 +--
 .../NetworkModelling/SearchNwObject.razor     |  4 +--
 .../Pages/NetworkModelling/ShowHistory.razor  |  4 +--
 .../FWO.UI/Pages/Reporting/Archive.razor      |  4 +--
 .../files/FWO.UI/Pages/Reporting/Report.razor |  8 ++---
 .../Pages/Reporting/ReportCreateTicket.razor  |  6 ++--
 .../Reporting/ReportTemplateComponent.razor   |  4 +--
 .../FWO.UI/Pages/Reporting/Schedule.razor     |  4 +--
 .../FWO.UI/Pages/Request/AssignObject.razor   |  6 ++--
 .../FWO.UI/Pages/Request/CommentObject.razor  |  4 +--
 .../FWO.UI/Pages/Request/DeleteObject.razor   |  4 +--
 .../Pages/Request/DisplayAccessElements.razor |  2 +-
 .../Pages/Request/DisplayApprovals.razor      |  4 +--
 .../Pages/Request/DisplayImplTaskTable.razor  |  6 ++--
 .../Request/DisplayImplementationTask.razor   |  6 ++--
 .../Pages/Request/DisplayPathAnalysis.razor   |  2 +-
 .../Pages/Request/DisplayReqTaskTable.razor   |  6 ++--
 .../Pages/Request/DisplayRequestTask.razor    |  8 ++---
 .../FWO.UI/Pages/Request/DisplayRules.razor   |  2 +-
 .../FWO.UI/Pages/Request/DisplayTicket.razor  |  6 ++--
 .../Pages/Request/DisplayTicketTable.razor    |  2 +-
 .../FWO.UI/Pages/Request/PromoteObject.razor  |  4 +--
 .../Pages/Request/RequestApprovals.razor      |  6 ++--
 .../Request/RequestImplementations.razor      |  6 ++--
 .../Pages/Request/RequestPlannings.razor      |  6 ++--
 .../FWO.UI/Pages/Request/RequestReviews.razor |  6 ++--
 .../FWO.UI/Pages/Request/RequestTickets.razor |  6 ++--
 .../Request/RequestTicketsOverview.razor      |  6 ++--
 .../FWO.UI/Pages/Settings/RemoveUser.razor    |  2 +-
 .../FWO.UI/Pages/Settings/SearchUser.razor    |  4 +--
 .../Pages/Settings/SelectFromLdap.razor       |  4 +--
 .../Pages/Settings/SettingsActions.razor      |  6 ++--
 .../Pages/Settings/SettingsCredentials.razor  | 10 +++---
 .../Pages/Settings/SettingsCustomTexts.razor  |  4 +--
 .../Pages/Settings/SettingsCustomizing.razor  |  4 +--
 .../Pages/Settings/SettingsDefaults.razor     |  4 +--
 .../FWO.UI/Pages/Settings/SettingsEmail.razor |  4 +--
 .../Pages/Settings/SettingsGateways.razor     |  8 ++---
 .../Pages/Settings/SettingsGroups.razor       |  8 ++---
 .../Pages/Settings/SettingsImport.razor       |  4 +--
 .../Pages/Settings/SettingsLanguage.razor     |  2 +-
 .../FWO.UI/Pages/Settings/SettingsLdap.razor  |  4 +--
 .../Pages/Settings/SettingsManagements.razor  | 12 +++----
 .../Pages/Settings/SettingsModelling.razor    |  4 +--
 .../Settings/SettingsModellingPers.razor      |  2 +-
 .../FWO.UI/Pages/Settings/SettingsOwner.razor |  8 ++---
 .../Pages/Settings/SettingsPassword.razor     |  4 +--
 .../Settings/SettingsPasswordPolicy.razor     |  4 +--
 .../Settings/SettingsRecertificationGen.razor |  6 ++--
 .../SettingsRecertificationPers.razor         |  2 +-
 .../Pages/Settings/SettingsReport.razor       |  2 +-
 .../FWO.UI/Pages/Settings/SettingsRoles.razor |  6 ++--
 .../Pages/Settings/SettingsStateMatrix.razor  | 10 +++---
 .../Pages/Settings/SettingsStates.razor       |  6 ++--
 .../Pages/Settings/SettingsTenants.razor      |  4 +--
 .../FWO.UI/Pages/Settings/SettingsUsers.razor | 12 +++----
 roles/ui/files/FWO.UI/Pages/Start.razor       |  2 +-
 .../Services/ModellingAppServerHandler.cs     |  2 +-
 .../Services/ModellingAppServerListHandler.cs |  2 +-
 .../files/FWO.UI/Shared/AutoDiscovery.razor   | 12 +++----
 roles/ui/files/FWO.UI/Shared/Confirm.razor    |  4 +--
 .../files/FWO.UI/Shared/ConfirmDelete.razor   |  4 +--
 .../files/FWO.UI/Shared/ImportRollback.razor  |  2 +-
 roles/ui/files/FWO.UI/Shared/MainLayout.razor |  2 +-
 .../FWO.UI/Shared/MonitoringLayout.razor      |  4 +--
 .../files/FWO.UI/Shared/NavigationMenu.razor  | 26 +++++++-------
 .../files/FWO.UI/Shared/RequestLayout.razor   | 12 +++----
 .../files/FWO.UI/Shared/SettingsLayout.razor  | 18 +++++-----
 100 files changed, 308 insertions(+), 305 deletions(-)

diff --git a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
index e6a1959ed..c2f8bf881 100644
--- a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
@@ -22,22 +22,25 @@ public struct GlobalConst
         public const string kManual = "manual";
         public const string kModellerGroup = "ModellerGroup_";
         public const string kImportChangeNotify = "importChangeNotify";
-
-        public const string kAnonymous = "anonymous";
-        public const string kAdmin = "admin";
-        public const string kAuditor = "auditor";
-        public const string kMiddlewareServer = "middleware-server";
-        public const string kImporter = "importer";
-        public const string kFwAdmin = "fw-admin";
-        public const string kRecertifier = "recertifier";
-        public const string kModeller = "modeller";
-        public const string kReporter = "reporter";
-        public const string kReporterViewAll = "reporter-viewall";
-        public const string kRequester = "requester";
-        public const string kApprover = "approver";
-        public const string kPlanner = "planner";
-        public const string kImplementer = "implementer";
-        public const string kReviewer = "reviewer";
+    }
+    
+    public struct Roles
+    {
+        public const string Anonymous = "anonymous";
+        public const string Admin = "admin";
+        public const string Auditor = "auditor";
+        public const string MiddlewareServer = "middleware-server";
+        public const string Importer = "importer";
+        public const string FwAdmin = "fw-admin";
+        public const string Recertifier = "recertifier";
+        public const string Modeller = "modeller";
+        public const string Reporter = "reporter";
+        public const string ReporterViewAll = "reporter-viewall";
+        public const string Requester = "requester";
+        public const string Approver = "approver";
+        public const string Planner = "planner";
+        public const string Implementer = "implementer";
+        public const string Reviewer = "reviewer";
     }
     
     public struct Icons
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs
index 9419cc993..25fe49399 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs
@@ -44,7 +44,7 @@ public AuthenticationServerController(ApiConnection apiConnection, List<Ldap> ld
         /// <param name="parameters">Ldap connection parameters</param>
         /// <returns></returns>
         [HttpGet("TestConnection")]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+        [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
         public ActionResult<string> TestConnection([FromBody] LdapGetUpdateParameters parameters)
         {
             try
@@ -65,7 +65,7 @@ public ActionResult<string> TestConnection([FromBody] LdapGetUpdateParameters pa
         /// </summary>
         /// <returns>List of all connected Ldaps</returns>
         [HttpGet]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+        [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
         public async Task<List<LdapGetUpdateParameters>> Get()
         {
             UiLdapConnection[] ldapConnections = (await apiConnection.SendQueryAsync<UiLdapConnection[]>(AuthQueries.getAllLdapConnections));
@@ -103,7 +103,7 @@ public async Task<List<LdapGetUpdateParameters>> Get()
         /// <param name="ldapData">LdapAddParameters</param>
         /// <returns>Id of new ldap, 0 if no ldap could be added</returns>
         [HttpPost]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<int> PostAsync([FromBody] LdapAddParameters ldapData)//, [FromHeader] string bearer)
         {
             // Add ldap to DB and to middleware ldap list
@@ -147,7 +147,7 @@ public async Task<int> PostAsync([FromBody] LdapAddParameters ldapData)//, [From
         /// <param name="ldapData">LdapGetUpdateParameters</param>
         /// <returns>Id of updated ldap</returns>
         [HttpPut]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<int> Update([FromBody] LdapGetUpdateParameters ldapData)
         {
             // Update ldap in DB and in middleware ldap list
@@ -172,7 +172,7 @@ public async Task<int> Update([FromBody] LdapGetUpdateParameters ldapData)
         /// <param name="ldapData">LdapDeleteParameters</param>
         /// <returns>Id of deleted ldap connection</returns>
         [HttpDelete]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<int> Delete([FromBody] LdapDeleteParameters ldapData)
         {
             // Delete ldap in DB and in middleware ldap list
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs
index 16063b85f..a5481cf38 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs
@@ -100,7 +100,7 @@ public async Task<ActionResult<string>> GetAsyncForUser([FromBody] Authenticatio
                 try
                 {
                     await authManager.AuthorizeUserAsync(adminUser, validatePassword: true);
-                    if (!adminUser.Roles.Contains(GlobalConst.kAdmin))
+                    if (!adminUser.Roles.Contains(Roles.Admin))
                     {
                         throw new AuthenticationException("Provided credentials do not belong to a user with role admin.");
                     }
@@ -239,7 +239,7 @@ public async Task<List<string>> GetGroups(LdapEntry ldapUser, Ldap ldap)
                             if (currentLdapEntry != null)
                             {
                                 // User was successfully authenticated via this LDAP
-                                if(user.Name == GlobalConst.kImporter)
+                                if(user.Name == Roles.Importer)
                                 {
                                     Log.WriteDebug("User Authentication", $"User {user.Name + " " + currentLdapEntry.Dn} found.");
                                 }
@@ -320,7 +320,7 @@ public async Task<List<string>> GetRoles(UiUser user)
             {
                 // Use anonymous role
                 Log.WriteWarning("Missing roles", $"No roles for user \"{user.Dn}\" could be found. Using anonymous role.");
-                userRoles.Add(GlobalConst.kAnonymous);
+                userRoles.Add(Roles.Anonymous);
             }
 
             return userRoles;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs
index f8c0f2dcf..9ac8f479c 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs
@@ -31,7 +31,7 @@ public GroupController(List<Ldap> ldaps)
         /// </summary>
         /// <returns>List of groups</returns>
         [HttpGet]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kRecertifier}")]
+        [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.Recertifier}")]
         public async Task<ActionResult<List<GroupGetReturnParameters>>> Get()
         {
             try
@@ -74,7 +74,7 @@ public async Task<ActionResult<List<GroupGetReturnParameters>>> Get()
         /// <param name="parameters">GroupAddDeleteParameters</param>
         /// <returns>Dn of new group, empty string if no group could be created</returns>
         [HttpPost]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<string> Create([FromBody] GroupAddDeleteParameters parameters)
         {
             string groupDn = "";
@@ -113,7 +113,7 @@ public async Task<string> Create([FromBody] GroupAddDeleteParameters parameters)
         /// <param name="parameters">GroupAddDeleteParameters</param>
         /// <returns>true if group deleted</returns>
         [HttpDelete]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<bool> Delete([FromBody] GroupAddDeleteParameters parameters)
         {
             bool groupDeleted = false;
@@ -151,7 +151,7 @@ public async Task<bool> Delete([FromBody] GroupAddDeleteParameters parameters)
         /// <param name="parameters">GroupEditParameters</param>
         /// <returns>Dn of updated group</returns>
         [HttpPut]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<string> Edit([FromBody] GroupEditParameters parameters)
         {
             string groupUpdatedDn = "";
@@ -189,7 +189,7 @@ public async Task<string> Edit([FromBody] GroupEditParameters parameters)
         /// <param name="parameters">GroupGetParameters</param>
         /// <returns>List of groups</returns>
         [HttpPost("Get")]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+        [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
         public async Task<List<string>> Get([FromBody] GroupGetParameters parameters)
         {
             List<string> allGroups = new List<string>();
@@ -221,7 +221,7 @@ await Task.Run(() =>
         /// <param name="parameters">GroupAddDeleteUserParameters</param>
         /// <returns>true if user could be added to group</returns>
         [HttpPost("User")]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<bool> AddUser([FromBody] GroupAddDeleteUserParameters parameters)
         {
             bool userAdded = false;
@@ -259,7 +259,7 @@ public async Task<bool> AddUser([FromBody] GroupAddDeleteUserParameters paramete
         /// <param name="parameters">GroupAddDeleteUserParameters</param>
         /// <returns>true if user could be removed from group</returns>        [HttpDelete("User")]
         [HttpDelete("User")]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<bool> RemoveUser([FromBody] GroupAddDeleteUserParameters parameters)
         {
             bool userRemoved = false;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs
index 8de471647..9b97404b1 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs
@@ -32,7 +32,7 @@ public RoleController(List<Ldap> ldaps)
         /// </summary>
         /// <returns>List of roles</returns>
         [HttpGet]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}")]
+        [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}")]
         public async Task<List<RoleGetReturnParameters>> Get()
         {
             // No parameters
@@ -69,7 +69,7 @@ public async Task<List<RoleGetReturnParameters>> Get()
         /// <param name="parameters">RoleAddDeleteUserParameters</param>
         /// <returns>true if user could be added to role</returns>
         [HttpPost("User")]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<bool> AddUser([FromBody] RoleAddDeleteUserParameters parameters)
         {
             bool userAdded = false;
@@ -107,7 +107,7 @@ public async Task<bool> AddUser([FromBody] RoleAddDeleteUserParameters parameter
         /// <param name="parameters">RoleAddDeleteUserParameters</param>
         /// <returns>true if user could be removed from role</returns>
         [HttpDelete("User")]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<bool> RemoveUser([FromBody] RoleAddDeleteUserParameters parameters)
         {
             bool userRemoved = false;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs
index 8e18a6db5..105a26da4 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs
@@ -36,7 +36,7 @@ public TenantController(List<Ldap> ldaps, ApiConnection apiConnection)
         /// </summary>
         /// <returns>List of tenants</returns>
         [HttpGet]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")]
         public async Task<List<TenantGetReturnParameters>> Get()
         {
             Tenant[] tenants = await apiConnection.SendQueryAsync<Tenant[]>(FWO.Api.Client.Queries.AuthQueries.getTenants);
@@ -61,7 +61,7 @@ public async Task<List<TenantGetReturnParameters>> Get()
         /// <param name="tenant">TenantAddParameters</param>
         /// <returns>Id of new tenant, 0 if no tenant could be created</returns>
         [HttpPost]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<int> Post([FromBody] TenantAddParameters tenant)
         {
             bool tenantAdded = false;
@@ -128,7 +128,7 @@ await Task.Run(() =>
         /// <param name="parameters">TenantEditParameters</param>
         /// <returns>true if updated</returns>
         [HttpPut]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}")]
         public async Task<bool> Change([FromBody] TenantEditParameters parameters)
         {
             bool tenantUpdated = false;
@@ -168,7 +168,7 @@ public async Task<bool> Change([FromBody] TenantEditParameters parameters)
         /// <param name="tenant">TenantDeleteParameters</param>
         /// <returns>true if tenant deleted</returns>
         [HttpDelete]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<bool> Delete([FromBody] TenantDeleteParameters tenant)
         {
             bool tenantDeleted = false;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs
index e713319b3..940bb7ccf 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs
@@ -37,7 +37,7 @@ public UserController(List<Ldap> ldaps, ApiConnection apiConnection)
         /// </summary>
         /// <returns>List of all locally known users</returns>
         [HttpGet]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+        [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
         public async Task<List<UserGetReturnParameters>> Get()
         {
             List<UiUser> users = (await apiConnection.SendQueryAsync<UiUser[]>(FWO.Api.Client.Queries.AuthQueries.getUsers)).ToList();
@@ -63,7 +63,7 @@ public async Task<List<UserGetReturnParameters>> Get()
         /// <param name="parameters">LdapUserGetParameters</param>
         /// <returns>List of users</returns>
         [HttpPost("Get")]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+        [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
         public async Task<List<LdapUserGetReturnParameters>> Get([FromBody] LdapUserGetParameters parameters)
         {
             List<LdapUserGetReturnParameters> allUsers = new List<LdapUserGetReturnParameters>();
@@ -99,7 +99,7 @@ await Task.Run(() =>
         /// <param name="parameters">UserAddParameters</param>
         /// <returns>Id of new user, 0 if no user could be created</returns>
         [HttpPost]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<int> Add([FromBody] UserAddParameters parameters)
         {
             string email = parameters.Email ?? "";
@@ -163,7 +163,7 @@ await Task.Run(() =>
         /// <param name="parameters">UserEditParameters</param>
         /// <returns>true, if user could be updated</returns>
         [HttpPut]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<bool> Change([FromBody] UserEditParameters parameters)
         {
             string email = parameters.Email ?? "";
@@ -222,7 +222,7 @@ await Task.Run(() =>
         public async Task<ActionResult<string>> ChangePassword([FromBody] UserChangePasswordParameters parameters)
         {
             // the demo user (currently auditor) can't change his password
-            if (User.IsInRole(GlobalConst.kAuditor))
+            if (User.IsInRole(Roles.Auditor))
                 return Unauthorized();
 
             UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId");
@@ -263,7 +263,7 @@ await Task.Run(async () =>
         /// <param name="parameters">UserResetPasswordParameters</param>
         /// <returns>error message or Ok</returns>
         [HttpPatch("ResetPassword")]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<ActionResult<string>> ResetPassword([FromBody] UserResetPasswordParameters parameters)
         {
             UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId");
@@ -281,7 +281,7 @@ await Task.Run(async () =>
                         {
                             List<string> roles = currentLdap.GetRoles(new List<string>() { user.Dn }).ToList(); // TODO: Group roles are not included
                             // the demo user (currently auditor) can't be forced to change password as he is not allowed to do it. Everyone else has to change it though
-                            bool passwordMustBeChanged = !roles.Contains(GlobalConst.kAuditor); 
+                            bool passwordMustBeChanged = !roles.Contains(Roles.Auditor); 
                             await UiUserHandler.UpdateUserPasswordChanged(apiConnection, user.Dn, passwordMustBeChanged);
                         }
                     });
@@ -302,7 +302,7 @@ await Task.Run(async () =>
         /// <param name="parameters">UserDeleteAllEntriesParameters</param>
         /// <returns>true if user removed from all entries</returns>
         [HttpDelete("AllGroupsAndRoles")]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<bool> DeleteAllGroupsAndRoles([FromBody] UserDeleteAllEntriesParameters parameters)
         {
             UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId");
@@ -342,7 +342,7 @@ public async Task<bool> DeleteAllGroupsAndRoles([FromBody] UserDeleteAllEntriesP
         /// <param name="parameters">UserDeleteParameters</param>
         /// <returns>true if user deleted</returns>
         [HttpDelete]
-        [Authorize(Roles = $"{GlobalConst.kAdmin}")]
+        [Authorize(Roles = $"{Roles.Admin}")]
         public async Task<bool> Delete([FromBody] UserDeleteParameters parameters)
         {
             UiUser user = await resolveUser(parameters.UserId) ?? throw new Exception("Wrong UserId");
diff --git a/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs b/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs
index 4ce4c186b..fde56b004 100644
--- a/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs
@@ -45,7 +45,7 @@ public async Task<string> CreateJWT(UiUser? user = null, TimeSpan? lifetime = nu
             if (user != null)
                 subject = SetClaims(await uiUserHandler.HandleUiUserAtLogin(user));
             else
-                subject = SetClaims(new UiUser() { Name = "", Password = "", Dn = GlobalConst.kAnonymous, Roles = new List<string> { GlobalConst.kAnonymous } });
+                subject = SetClaims(new UiUser() { Name = "", Password = "", Dn = Roles.Anonymous, Roles = new List<string> { Roles.Anonymous } });
             // adding uiuser.uiuser_id as x-hasura-user-id to JWT
 
             // Create JWToken
@@ -76,7 +76,7 @@ public async Task<string> CreateJWT(UiUser? user = null, TimeSpan? lifetime = nu
         /// <returns>JWT for middleware-server role.</returns>
         public string CreateJWTMiddlewareServer()
         {
-            return CreateJWTInternal(GlobalConst.kMiddlewareServer);
+            return CreateJWTInternal(Roles.MiddlewareServer);
         }
 
         /// <summary>
@@ -86,7 +86,7 @@ public string CreateJWTMiddlewareServer()
         /// <returns>JWT for reporter-viewall role.</returns>
         public string CreateJWTReporterViewall()
         {
-            return CreateJWTInternal(GlobalConst.kReporterViewAll);
+            return CreateJWTInternal(Roles.ReporterViewAll);
         }
 
         private string CreateJWTInternal(string role)
@@ -153,20 +153,20 @@ private static string GetDefaultRole(UiUser user, List<string> hasuraRolesList)
             string defaultRole = "";
             if (user.Roles.Count > 0)
             {
-                if (hasuraRolesList.Contains(GlobalConst.kAdmin))
-                    defaultRole = GlobalConst.kAdmin;
-                else if (hasuraRolesList.Contains(GlobalConst.kAuditor))
-                    defaultRole = GlobalConst.kAuditor;
-                else if (hasuraRolesList.Contains(GlobalConst.kFwAdmin))
-                    defaultRole = GlobalConst.kFwAdmin;
-                else if (hasuraRolesList.Contains(GlobalConst.kReporterViewAll))
-                    defaultRole = GlobalConst.kReporterViewAll;
-                else if (hasuraRolesList.Contains(GlobalConst.kReporter))
-                    defaultRole = GlobalConst.kReporter;
-                else if (hasuraRolesList.Contains(GlobalConst.kRecertifier))
-                    defaultRole = GlobalConst.kRecertifier;
-                else if (hasuraRolesList.Contains(GlobalConst.kModeller))
-                    defaultRole = GlobalConst.kModeller;
+                if (hasuraRolesList.Contains(Roles.Admin))
+                    defaultRole = Roles.Admin;
+                else if (hasuraRolesList.Contains(Roles.Auditor))
+                    defaultRole = Roles.Auditor;
+                else if (hasuraRolesList.Contains(Roles.FwAdmin))
+                    defaultRole = Roles.FwAdmin;
+                else if (hasuraRolesList.Contains(Roles.ReporterViewAll))
+                    defaultRole = Roles.ReporterViewAll;
+                else if (hasuraRolesList.Contains(Roles.Reporter))
+                    defaultRole = Roles.Reporter;
+                else if (hasuraRolesList.Contains(Roles.Recertifier))
+                    defaultRole = Roles.Recertifier;
+                else if (hasuraRolesList.Contains(Roles.Modeller))
+                    defaultRole = Roles.Modeller;
                 else
                     defaultRole = user.Roles[0]; // pick first role at random (todo: might need to be changed)
             }
diff --git a/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs b/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs
index ab3bae302..58c520143 100644
--- a/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs
+++ b/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs
@@ -54,7 +54,7 @@ public async Task Authenticate(string jwtString, ApiConnection apiConnection, Mi
             if (jwtReader.Validate())
             {
                 // importer is not allowed to login
-                if (jwtReader.ContainsRole(GlobalConst.kImporter))
+                if (jwtReader.ContainsRole(Roles.Importer))
                 {
                     throw new AuthenticationException("login_importer_error");
                 }
diff --git a/roles/ui/files/FWO.UI/Pages/Certification.razor b/roles/ui/files/FWO.UI/Pages/Certification.razor
index c8e26bf21..82b6b6e88 100644
--- a/roles/ui/files/FWO.UI/Pages/Certification.razor
+++ b/roles/ui/files/FWO.UI/Pages/Certification.razor
@@ -9,7 +9,7 @@
 @using FWO.Middleware.Client
 
 @page "/certification"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRecertifier}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Recertifier}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -34,7 +34,7 @@
         <input  type="text" class="form-control form-control-sm" @bind="recertLookAheadDays" />
     </div>
 
-    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")">
+    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
         <Authorized>
             <div class="p-3">
                 <h5 class="text-left">@(userConfig.GetText("owner")):</h5>
@@ -70,7 +70,7 @@
     <div class="btn-group sticky-marker-60">
         @if(!readonlyMode)
         {
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRecertifier}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Recertifier}")">
                 <Authorized>
                     @if(rulesFound)
                     {
@@ -169,7 +169,7 @@
 
         try
         {
-            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { GlobalConst.kRecertifier, GlobalConst.kAdmin, GlobalConst.kAuditor });
+            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { Roles.Recertifier, Roles.Admin, Roles.Auditor });
             rulesFound = false;
             ticketCreator = new TicketCreator(apiConnection, userConfig);
 
@@ -231,7 +231,7 @@
     private async Task GenerateRecertificationReport()
     {
         processing = true;
-        readonlyMode = !authenticationStateTask!.Result.User.IsInRole(GlobalConst.kRecertifier) || selectedOwner == null;
+        readonlyMode = !authenticationStateTask!.Result.User.IsInRole(Roles.Recertifier) || selectedOwner == null;
         selectedRules.Clear();
 
         Management[] managementsOrig = managements;
diff --git a/roles/ui/files/FWO.UI/Pages/Compliance/ComplianceLayout.razor b/roles/ui/files/FWO.UI/Pages/Compliance/ComplianceLayout.razor
index 9c5d22de1..25e45905c 100644
--- a/roles/ui/files/FWO.UI/Pages/Compliance/ComplianceLayout.razor
+++ b/roles/ui/files/FWO.UI/Pages/Compliance/ComplianceLayout.razor
@@ -12,7 +12,7 @@
             <li class="nav-item px-2" data-toggle="tooltip" title="@(userConfig.GetText("network_zones"))">
                 <h5>@(userConfig.GetText("network_zones"))</h5>
             </li>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/compliance/zones/configuration">
                         <span class="oi oi-cog"></span> @(userConfig.GetText("configuration"))
diff --git a/roles/ui/files/FWO.UI/Pages/Compliance/ZoneTable.razor b/roles/ui/files/FWO.UI/Pages/Compliance/ZoneTable.razor
index 055c3ea8e..ab90a9621 100644
--- a/roles/ui/files/FWO.UI/Pages/Compliance/ZoneTable.razor
+++ b/roles/ui/files/FWO.UI/Pages/Compliance/ZoneTable.razor
@@ -34,7 +34,7 @@
 			</ExpandableList>
 		</Template>
 	</Column>
-	<AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kAuditor}")" Context="authContext">
+	<AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")" Context="authContext">
 		<Column TableItem="ComplianceNetworkZone" Title="@(userConfig.GetText("actions"))" Context="networkZone">
 			<Template>
 				<div class="btn-group">
diff --git a/roles/ui/files/FWO.UI/Pages/Compliance/ZonesConfiguration.razor b/roles/ui/files/FWO.UI/Pages/Compliance/ZonesConfiguration.razor
index 01e16d2bf..1dd333c1e 100644
--- a/roles/ui/files/FWO.UI/Pages/Compliance/ZonesConfiguration.razor
+++ b/roles/ui/files/FWO.UI/Pages/Compliance/ZonesConfiguration.razor
@@ -1,7 +1,7 @@
 @using NetTools;
 @using System.Diagnostics;
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")]
 
 @page "/compliance/zones/configuration"
 
@@ -130,7 +130,7 @@
 		</Body>
 		<Footer>
 			<div class="btn-group">
-				<AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+				<AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
 					<Authorized>
 						<button type="button" class="btn btn-primary" @onclick="ExecuteNetworkZoneModifications">@(userConfig.GetText("ok"))</button>
 					</Authorized>
@@ -152,7 +152,7 @@
 		</Body>
 		<Footer>
 			<div class="btn-group">
-				<AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+				<AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
 					<Authorized>
 						<button type="button" class="btn btn-sm btn-danger" @onclick="ExecuteNetworkZoneDeletion">@(userConfig.GetText("delete"))</button>
 					</Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Compliance/ZonesMatrix.razor b/roles/ui/files/FWO.UI/Pages/Compliance/ZonesMatrix.razor
index f043c0036..226b465ba 100644
--- a/roles/ui/files/FWO.UI/Pages/Compliance/ZonesMatrix.razor
+++ b/roles/ui/files/FWO.UI/Pages/Compliance/ZonesMatrix.razor
@@ -13,7 +13,7 @@
         {
             <div class="btn-group" role="group">
                 <button type="button" class="btn btn-sm btn-secondary" @onclick="() => ToggleEditMode(false)">@userConfig.GetText("cancel")</button>
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-primary" @onclick="CommitChanges">@userConfig.GetText("commit_changes")</button>
                     </Authorized>
@@ -25,7 +25,7 @@
         }
         else
         {
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")">
                 <button type="button" class="btn btn-sm btn-primary" @onclick="() => ToggleEditMode(true)">@userConfig.GetText("edit")</button>
             </AuthorizeView>
         }
diff --git a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAlerts.razor b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAlerts.razor
index 601d32ca5..0a401c7d2 100644
--- a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAlerts.razor
+++ b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAlerts.razor
@@ -7,7 +7,7 @@
 @inject UserConfig userConfig
 
 @page "/monitoring/alerts"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")]
 
 <h3>@(userConfig.GetText("all_alerts"))</h3>
 @(userConfig.GetText("U7101"))
@@ -66,7 +66,7 @@ else
             JwtReader jwt = new JwtReader(userConfig.User.Jwt);
             jwt.Validate();
 
-            if (jwt.ContainsAllowedRole(GlobalConst.kAdmin) || jwt.ContainsAllowedRole(GlobalConst.kFwAdmin))
+            if (jwt.ContainsAllowedRole(Roles.Admin) || jwt.ContainsAllowedRole(Roles.FwAdmin))
                 managements = await apiConnection.SendQueryAsync<List<Management>>(FWO.Api.Client.Queries.DeviceQueries.getManagementsDetails);
             else
                 managements = await apiConnection.SendQueryAsync<List<Management>>(FWO.Api.Client.Queries.DeviceQueries.getManagementDetailsWithoutSecrets);
diff --git a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAll.razor b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAll.razor
index ac9735407..a3feae8e6 100644
--- a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAll.razor
+++ b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAll.razor
@@ -5,7 +5,7 @@
 @inject UserConfig userConfig
 
 @page "/monitoring/monitor_all"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")]
 
 <h3>@(userConfig.GetText("monitoring"))</h3>
 
diff --git a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAutodiscoveryLog.razor b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAutodiscoveryLog.razor
index 2f55a25aa..363f2bddc 100644
--- a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAutodiscoveryLog.razor
+++ b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAutodiscoveryLog.razor
@@ -4,7 +4,7 @@
 @inject UserConfig userConfig
 
 @page "/monitoring/autodiscovery_logs"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")]
 
 <h3>@(userConfig.GetText("autodiscovery_logs"))</h3>
 @(userConfig.GetText("U7401"))
@@ -60,7 +60,7 @@ else
 
             JwtReader jwt = new JwtReader(userConfig.User.Jwt);
             jwt.Validate();
-            if (jwt.ContainsAllowedRole(GlobalConst.kAdmin) || jwt.ContainsAllowedRole(GlobalConst.kFwAdmin))
+            if (jwt.ContainsAllowedRole(Roles.Admin) || jwt.ContainsAllowedRole(Roles.FwAdmin))
                 managements = await apiConnection.SendQueryAsync<List<Management>>(FWO.Api.Client.Queries.DeviceQueries.getManagementsDetails);
             else
                 managements = await apiConnection.SendQueryAsync<List<Management>>(FWO.Api.Client.Queries.DeviceQueries.getManagementDetailsWithoutSecrets);
diff --git a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorDailyChecks.razor b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorDailyChecks.razor
index 3ff0595c4..36c501ab1 100644
--- a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorDailyChecks.razor
+++ b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorDailyChecks.razor
@@ -4,7 +4,7 @@
 @inject UserConfig userConfig
 
 @page "/monitoring/daily_check_logs"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")]
 
 <h3>@(userConfig.GetText("daily_checks"))</h3>
 @(userConfig.GetText("U7501"))
diff --git a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportLog.razor b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportLog.razor
index 26f44dac8..b3ff515c5 100644
--- a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportLog.razor
+++ b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportLog.razor
@@ -4,7 +4,7 @@
 @inject UserConfig userConfig
 
 @page "/monitoring/import_logs"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")]
 
 <h3>@(userConfig.GetText("import_logs"))</h3>
 @(userConfig.GetText("U7201"))
diff --git a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportStatus.razor b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportStatus.razor
index 8fec957f0..2704482ef 100644
--- a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportStatus.razor
+++ b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportStatus.razor
@@ -4,7 +4,7 @@
 @using FWO.Config.Api
 
 @page "/monitoring/import_status"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kImporter}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Importer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
diff --git a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorUiLog.razor b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorUiLog.razor
index bc24ea2b6..296988d42 100644
--- a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorUiLog.razor
+++ b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorUiLog.razor
@@ -69,7 +69,7 @@ else
     {
         try
         {
-            seeAllUsers = authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAuditor);
+            seeAllUsers = authenticationStateTask!.Result.User.IsInRole(Roles.Admin) || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor);
             if(seeAllUsers)
             {
                 uiUsers.Add(new UiUser(){ DbId = -1, Name = userConfig.GetText("all") });
diff --git a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitoringMain.razor b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitoringMain.razor
index cc4e0b3fb..ccfd818a8 100644
--- a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitoringMain.razor
+++ b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitoringMain.razor
@@ -8,7 +8,7 @@
 
 @page "/monitoring"
 @page "/monitoring/main"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kReporter}, {GlobalConst.kReporterViewAll}, {GlobalConst.kModeller}, {GlobalConst.kRecertifier}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Modeller}, {Roles.Recertifier}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject MiddlewareClient middlewareClient
@@ -18,7 +18,7 @@
 @(userConfig.GetText("U7001"))
 <hr />
 
-<AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kAuditor}")">
+<AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")">
     <h5>@(userConfig.GetText("open_alerts"))</h5>
     @if(InitComplete)
     {
@@ -54,7 +54,7 @@
                                     <button type="button" class="btn btn-sm btn-primary" disabled>@(userConfig.GetText("details"))</button>
                                 }
                                 
-                                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+                                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                                     <Authorized Context="ctx">
                                         <button type="button" class="btn btn-sm btn-secondary" @onclick="() => Acknowledge(alert)">@(userConfig.GetText("acknowledge"))</button>
                                     </Authorized>
@@ -121,9 +121,9 @@
         {
             JwtReader jwt = new JwtReader(userConfig.User.Jwt);
             jwt.Validate();
-            if (jwt.ContainsAllowedRole(GlobalConst.kAdmin) || jwt.ContainsAllowedRole(GlobalConst.kFwAdmin) || jwt.ContainsAllowedRole(GlobalConst.kAuditor))
+            if (jwt.ContainsAllowedRole(Roles.Admin) || jwt.ContainsAllowedRole(Roles.FwAdmin) || jwt.ContainsAllowedRole(Roles.Auditor))
             {
-                if (jwt.ContainsAllowedRole(GlobalConst.kAdmin) || jwt.ContainsAllowedRole(GlobalConst.kFwAdmin))
+                if (jwt.ContainsAllowedRole(Roles.Admin) || jwt.ContainsAllowedRole(Roles.FwAdmin))
                 {
                     managements = await apiConnection.SendQueryAsync<List<Management>>(FWO.Api.Client.Queries.DeviceQueries.getManagementsDetails);
                 }
@@ -229,7 +229,7 @@
             jwt.Validate();
 
             List<Management> managements = new List<Management>();
-            if (jwt.ContainsAllowedRole(GlobalConst.kAdmin) || jwt.ContainsAllowedRole(GlobalConst.kFwAdmin))
+            if (jwt.ContainsAllowedRole(Roles.Admin) || jwt.ContainsAllowedRole(Roles.FwAdmin))
                 managements = await apiConnection.SendQueryAsync<List<Management>>(FWO.Api.Client.Queries.DeviceQueries.getManagementsDetails);
             else
                 managements = await apiConnection.SendQueryAsync<List<Management>>(FWO.Api.Client.Queries.DeviceQueries.getManagementDetailsWithoutSecrets);
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkAnalysis.razor b/roles/ui/files/FWO.UI/Pages/NetworkAnalysis.razor
index 0a7837470..f7c9764c9 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkAnalysis.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkAnalysis.razor
@@ -9,7 +9,7 @@
 @inject UserConfig userConfig
 
 @page "/network_analysis"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kPlanner}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Planner}, {Roles.Auditor}")]
 
 <h3>@(userConfig.GetText("network_analysis"))</h3>
 
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRoleLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRoleLeftSide.razor
index 0c31a0529..83909deb3 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRoleLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRoleLeftSide.razor
@@ -23,7 +23,7 @@
             </div>
         }
     </div>
-    @* <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")">
+    @* <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
         <NotAuthorized>
             <button type="button" class="btn btn-sm btn-danger" @onclick="DataInconsistent">@(userConfig.GetText("data_inconsistent"))</button>
         </NotAuthorized> 
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppServer.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppServer.razor
index 1c9c0f893..a973f9766 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppServer.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppServer.razor
@@ -1,6 +1,6 @@
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -23,7 +23,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@GlobalConst.kAdmin">
+            <AuthorizeView Roles="@Roles.Admin">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-danger" @onclick="async () => {if(await AppServerHandler.Save()) Close();}">@(userConfig.GetText("save"))</button>
                 </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
index 26695d8ea..0114d4e05 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
@@ -163,21 +163,21 @@
 </Sidebar>
 <EditAppRole @bind-Display="ConnHandler.EditAppRoleMode" @bind-AppRoleHandler="ConnHandler.AppRoleHandler" AddMode="ConnHandler.AddAppRoleMode"/>
 <ConfirmDelete @bind-Display="ConnHandler.DeleteAppRoleMode" PerformAction="async () => await WrapAsync(ConnHandler.DeleteAppRole)"
-    Title="@userConfig.GetText("delete_app_role")" DeleteMessage="@ConnHandler.Message" AllowedRoles="@GlobalConst.kModeller" DeleteAllowed="ConnHandler.DeleteAllowed" Enabled="ConnHandler.IsOwner"/>
+    Title="@userConfig.GetText("delete_app_role")" DeleteMessage="@ConnHandler.Message" AllowedRoles="@Roles.Modeller" DeleteAllowed="ConnHandler.DeleteAllowed" Enabled="ConnHandler.IsOwner"/>
 <EditServiceGroup @bind-Display="ConnHandler.EditSvcGrpMode" @bind-SvcGroupHandler="ConnHandler.SvcGrpHandler" AddMode="ConnHandler.AddSvcGrpMode"/>
 <ConfirmDelete @bind-Display="ConnHandler.DeleteSvcGrpMode" PerformAction="async () => await WrapAsync(ConnHandler.DeleteServiceGroup)"
-    Title="@userConfig.GetText("delete_service_group")" DeleteMessage="@ConnHandler.Message" AllowedRoles="@GlobalConst.kModeller" DeleteAllowed="ConnHandler.DeleteAllowed" Enabled="ConnHandler.IsOwner"/>
+    Title="@userConfig.GetText("delete_service_group")" DeleteMessage="@ConnHandler.Message" AllowedRoles="@Roles.Modeller" DeleteAllowed="ConnHandler.DeleteAllowed" Enabled="ConnHandler.IsOwner"/>
 <EditService @bind-Display="ConnHandler.EditServiceMode" ServiceHandler="ConnHandler.ServiceHandler" AddMode="ConnHandler.AddServiceMode"/>
 <ConfirmDelete @bind-Display="ConnHandler.DeleteServiceMode" PerformAction="async () => await WrapAsync(ConnHandler.DeleteService)"
-    Title="@userConfig.GetText("delete_service")" DeleteMessage="@ConnHandler.Message" AllowedRoles="@GlobalConst.kModeller" DeleteAllowed="ConnHandler.DeleteAllowed" Enabled="ConnHandler.IsOwner"/>
+    Title="@userConfig.GetText("delete_service")" DeleteMessage="@ConnHandler.Message" AllowedRoles="@Roles.Modeller" DeleteAllowed="ConnHandler.DeleteAllowed" Enabled="ConnHandler.IsOwner"/>
 <SearchInterface @bind-Display="SearchInterfaceMode" @bind-PreselectedInterfaces="ConnHandler.PreselectedInterfaces" SelectAction="InterfaceToConn"
     DisplayInterface="ConnHandler.DisplayInterface" Application="ConnHandler.Application"/>
 <ConfirmDelete @bind-Display="ConnHandler.RemovePreselectedInterfaceMode" PerformAction="async () => await WrapAsync(ConnHandler.RemovePreselectedInterface)" 
-    Title="@userConfig.GetText("remove_connection")" DeleteMessage="@ConnHandler.Message" AllowedRoles="@GlobalConst.kModeller" Remove="true" Enabled="ConnHandler.IsOwner"/>
+    Title="@userConfig.GetText("remove_connection")" DeleteMessage="@ConnHandler.Message" AllowedRoles="@Roles.Modeller" Remove="true" Enabled="ConnHandler.IsOwner"/>
 <SearchNwObject @bind-Display="SearchNwObjectMode" @bind-ObjectList="ConnHandler.AvailableSelectedObjects"
     Application="ConnHandler.Application" Refresh="ConnHandler.RefreshSelectedNwObjects"/>
 <ConfirmDelete @bind-Display="ConnHandler.RemoveNwObjectMode" PerformAction="async () => await WrapAsync(ConnHandler.RemoveNwGrpObject)"
-    Title="@userConfig.GetText("remove_nw_object")" DeleteMessage="@ConnHandler.Message" AllowedRoles="@GlobalConst.kModeller" Remove="true" Enabled="ConnHandler.IsOwner"/>
+    Title="@userConfig.GetText("remove_nw_object")" DeleteMessage="@ConnHandler.Message" AllowedRoles="@Roles.Modeller" Remove="true" Enabled="ConnHandler.IsOwner"/>
 
 @code
 {
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
index 1cf086256..0b13b1ca2 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
@@ -1,6 +1,6 @@
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kModeller}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.Modeller}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -34,7 +34,7 @@
             <div class="btn-group">
                 @if(ServiceHandler.IsOwner)
                 {
-                    <AuthorizeView Roles="@(AsAdmin? GlobalConst.kAdmin : GlobalConst.kModeller)">
+                    <AuthorizeView Roles="@(AsAdmin? Roles.Admin : Roles.Modeller)">
                         <Authorized>
                             <button type="button" class="btn btn-sm btn-danger" @onclick="async () => {if(await ServiceHandler.Save()) Close();}">@(userConfig.GetText("save"))</button>
                         </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor
index 81e854edf..4e3816d41 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor
@@ -51,7 +51,7 @@
             <div class="btn-group">
                 @if(SvcGroupHandler.IsOwner)
                 {
-                    <AuthorizeView Roles="@(AsAdmin? GlobalConst.kAdmin : GlobalConst.kModeller)">
+                    <AuthorizeView Roles="@(AsAdmin? Roles.Admin : Roles.Modeller)">
                         <Authorized>
                             <button type="button" class="btn btn-sm btn-primary" @onclick="async () => {workInProgress = true; if(await SvcGroupHandler.Save()) Close(); else workInProgress = false;}">@(userConfig.GetText("save"))</button>
                         </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor
index 60ef77cf5..1946fc9f7 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroupLeftSide.razor
@@ -38,7 +38,7 @@
 </div>
 <EditService @bind-Display="SvcGroupHandler.EditServiceMode" ServiceHandler="SvcGroupHandler.ServiceHandler" AddMode="SvcGroupHandler.AddServiceMode" AsAdmin="AsAdmin"/>
 <ConfirmDelete @bind-Display="SvcGroupHandler.DeleteServiceMode" PerformAction="async () => { await SvcGroupHandler.DeleteService(); await SvcGroupHandlerChanged.InvokeAsync(SvcGroupHandler);}"
-    Title="@userConfig.GetText("delete_service")" DeleteMessage="@SvcGroupHandler.Message" AllowedRoles="@(AsAdmin? GlobalConst.kAdmin : GlobalConst.kModeller)"
+    Title="@userConfig.GetText("delete_service")" DeleteMessage="@SvcGroupHandler.Message" AllowedRoles="@(AsAdmin? Roles.Admin : Roles.Modeller)"
     DeleteAllowed="SvcGroupHandler.DeleteAllowed" Enabled="SvcGroupHandler.IsOwner"/>
 
 
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
index da41059fa..9675f2716 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
@@ -1,7 +1,7 @@
 @using FWO.Config.Api
 @using FWO.Ui.Display
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
index 903d3bb79..50957fb1b 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
@@ -2,7 +2,7 @@
 @using FWO.Ui.Display
 
 @page "/networkmodelling/{appId?}"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kModeller}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Modeller}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -48,7 +48,7 @@
             @if(appActive)
             {
                 <div class="btn-group ms-5">
-                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")">
+                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
                         <Authorized>
                             <button type="button" class="btn btn-sm btn-dark" @onclick="ManualAppServer">@(appHandler.DisplayButton("edit_app_server", Icons.Edit, "app_server"))</button>
                         </Authorized>
@@ -77,7 +77,7 @@
             </TabSet>
         </div>
         <ConfirmDelete @bind-Display="appHandler.DeleteConnMode" PerformAction="async () => {await appHandler.DeleteConnection(); appHandler.RestoreTab(); StateHasChanged();}"
-            Title="@userConfig.GetText("delete_connection")" DeleteMessage="@appHandler.Message" AllowedRoles="@GlobalConst.kModeller"/>
+            Title="@userConfig.GetText("delete_connection")" DeleteMessage="@appHandler.Message" AllowedRoles="@Roles.Modeller"/>
     }
 }
 else
@@ -112,7 +112,7 @@ else
     protected override async Task OnInitializedAsync()
     {
         // if use has modeller role, choose it before all others for this menu
-        apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { GlobalConst.kModeller, GlobalConst.kAdmin, GlobalConst.kAuditor });
+        apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { Roles.Modeller, Roles.Admin, Roles.Auditor });
         await InitAppList();
     }
 
@@ -171,7 +171,7 @@ else
     {
         try
         {
-            if(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAuditor))
+            if(authenticationStateTask!.Result.User.IsInRole(Roles.Admin) || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor))
             {
                 apps = await apiConnection.SendQueryAsync<List<FwoOwner>>(FWO.Api.Client.Queries.OwnerQueries.getOwnersWithConn);
             }
@@ -217,17 +217,17 @@ else
         {
             appSelected = false;
             selectedApp = newApp;
-            bool isOwner = authenticationStateTask!.Result.User.IsInRole(GlobalConst.kModeller) && userConfig.User.Ownerships.Contains(selectedApp.Id);
+            bool isOwner = authenticationStateTask!.Result.User.IsInRole(Roles.Modeller) && userConfig.User.Ownerships.Contains(selectedApp.Id);
             appHandler = new ModellingAppHandler(apiConnection, userConfig, selectedApp, DisplayMessageInUi, isOwner);
             await appHandler.Init();
             appActive = selectedApp.Active;
             if(isOwner)
             {
-                apiConnection.SetRole(GlobalConst.kModeller);
+                apiConnection.SetRole(Roles.Modeller);
             }
             else
             {
-                apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { GlobalConst.kAdmin, GlobalConst.kAuditor});
+                apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { Roles.Admin, Roles.Auditor});
             }
             appSelected = true;
             tabSelected = false;
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/PredefServices.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/PredefServices.razor
index b35f45b48..cb9063cee 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/PredefServices.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/PredefServices.razor
@@ -1,7 +1,7 @@
 @using FWO.Config.Api
 @using FWO.Ui.Display
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -18,7 +18,7 @@
                         <Template>
                             <div class="btn-group">
                                 <button type="button" class="btn btn-sm btn-warning" @onclick="() => EditServiceGroup(context)">@(userConfig.GetText("edit"))</button>
-                                <AuthorizeView Roles="@GlobalConst.kAdmin" Context="ctx">
+                                <AuthorizeView Roles="@Roles.Admin" Context="ctx">
                                     <Authorized>
                                         <button type="button" class="btn btn-sm btn-danger" @onclick="async () => await RequestDeleteServiceGrp(context)">@(userConfig.GetText("delete"))</button>
                                     </Authorized>
@@ -164,7 +164,7 @@
     {
         try
         {
-            apiConnection.SetRole(GlobalConst.kAdmin);
+            apiConnection.SetRole(Roles.Admin);
             if((await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.deleteServiceGroup, new { id = ActServiceGroup.Id })).AffectedRows > 0)
             {
                 await ModellingHandlerBase.LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ObjectType.ServiceGroup, ActServiceGroup.Id,
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchInterface.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchInterface.razor
index b85c87df3..a5182956c 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchInterface.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchInterface.razor
@@ -1,6 +1,6 @@
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kModeller}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.Modeller}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -25,7 +25,7 @@
         <div class="btn-group">
             @if(selectedInterface != null)
             {
-                <AuthorizeView Roles="@GlobalConst.kModeller">
+                <AuthorizeView Roles="@Roles.Modeller">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-success" @onclick="SelectInterface">@(userConfig.GetText("select"))</button>
                     </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor
index 10ef059cb..97f36e70e 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor
@@ -1,6 +1,6 @@
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kModeller}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.Modeller}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -46,7 +46,7 @@
         <div class="btn-group">
             @if(selectedObject != null)
             {
-                <AuthorizeView Roles="@GlobalConst.kModeller">
+                <AuthorizeView Roles="@Roles.Modeller">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-success" @onclick="AddObject">@(userConfig.GetText("select"))</button>
                     </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ShowHistory.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ShowHistory.razor
index d72c707ec..1bf665573 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ShowHistory.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ShowHistory.razor
@@ -1,6 +1,6 @@
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -10,7 +10,7 @@
     <Body>
         @if (Display)
         {
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
                 <Authorized>
                     <div class="form-group row">
                         <label class="col-form-label col-sm-2">@(userConfig.GetText("show_all")):</label>
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Archive.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Archive.razor
index 66c41a2fc..253d30bf6 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Archive.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Archive.razor
@@ -7,7 +7,7 @@
 @inject UserConfig userConfig
 
 @page "/report/archive"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kReporter}, {GlobalConst.kReporterViewAll}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}")]
 
 <ReportTabset></ReportTabset>
 
@@ -19,7 +19,7 @@
                     @if (!Exporting)
                     {
                         <button type="button" class="btn btn-sm btn-primary" @onclick="async () => { Exporting = true; await GetGeneratedReportContent(context.Id); ShowDownloadReportFileDialog = true; Exporting = false; }">@(userConfig.GetText("download"))</button>
-                        @if (context.Owner.DbId == userConfig.User.DbId || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin))
+                        @if (context.Owner.DbId == userConfig.User.DbId || authenticationStateTask!.Result.User.IsInRole(Roles.Admin))
                         {
                             <button type="button" class="btn btn-sm btn-danger" @onclick="() => { reportFileContext = context; ShowDeleteReportFileDialog = true; }">@(userConfig.GetText("delete"))</button>
                         }
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index ca5328186..079eff8de 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -11,7 +11,7 @@
 @using System.Diagnostics
 
 @page "/report/generation"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kReporter}, {GlobalConst.kReporterViewAll}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}")]
 
 @inject ApiConnection Connection
 @inject UserConfig userConfig
@@ -137,7 +137,7 @@
         <ReportExport ReportToExport="currentReport"></ReportExport>
         <button type="button" class="btn btn-sm btn-secondary" @onclick="() => { reportTemplateControl.NewTemplate(ConstructReportTemplate()); }">@(userConfig.GetText("save_as_template"))</button>
         @if(currentReport != null && currentReport.ReportType == ReportType.UnusedRules && selectedItemsRuleReportTable.Count > 0 
-            && (authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kRequester) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAuditor)))
+            && (authenticationStateTask!.Result.User.IsInRole(Roles.Admin) || authenticationStateTask!.Result.User.IsInRole(Roles.Requester) || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor)))
         {
             <button type="button" class="btn btn-sm btn-danger" @onclick="() => {ShowCreateTicketDialog = true;}">@(userConfig.GetText("create_delete_ticket"))</button>
         }
@@ -293,8 +293,8 @@
 
     private bool collapseDevices = false;
 
-    private bool tenantFilteringAllowed => authenticationStateTask!.Result.User.IsInRole(GlobalConst.kReporterViewAll) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin)
-        || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kFwAdmin) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAuditor);
+    private bool tenantFilteringAllowed => authenticationStateTask!.Result.User.IsInRole(Roles.ReporterViewAll) || authenticationStateTask!.Result.User.IsInRole(Roles.Admin)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.FwAdmin) || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor);
 
     protected override async Task OnInitializedAsync()
     {
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportCreateTicket.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportCreateTicket.razor
index e656507ed..5e361f97e 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportCreateTicket.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportCreateTicket.razor
@@ -1,6 +1,6 @@
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kRequester}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.Requester}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -23,7 +23,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRequester}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}")">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-danger" @onclick="() => {CreateTicket(); Close();}">@(userConfig.GetText("create_ticket"))</button>
                 </Authorized>
@@ -94,7 +94,7 @@
 
     private async Task CreateTicket()
     {
-        apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { GlobalConst.kRequester, GlobalConst.kAdmin});
+        apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { Roles.Requester, Roles.Admin});
         TicketCreator ticketCreator = new TicketCreator(apiConnection, userConfig);
         foreach(int devId in ruleUidsPerDevice.Keys)
         {
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
index 5fab21160..1eeec060a 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
@@ -15,7 +15,7 @@
                             <div class="btn-group">
                                 <button type="button" class="btn btn-sm btn-success" @onclick="() => OnTemplateLoad(template)">@(userConfig.GetText("load"))</button>
                                 @* only display buttons for manipulating a template, when it's the user's template or the user has admin role *@
-                                @if (template.Owner == userConfig.User.DbId || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin))
+                                @if (template.Owner == userConfig.User.DbId || authenticationStateTask!.Result.User.IsInRole(Roles.Admin))
                                 {
                                     <button type="button" class="btn btn-sm btn-warning" @onclick="() => EditTemplate(template)">@(userConfig.GetText("edit"))</button>
                                     <button type="button" class="btn btn-sm btn-danger" @onclick="() => { reportTemplateInEdit = template; ShowDeleteTemplateDialog = true; }">@(userConfig.GetText("delete"))</button>
@@ -127,7 +127,7 @@
 
 <ConfirmDelete @bind-Display="ShowDeleteTemplateDialog" PerformAction="DeleteTemplate" Title="@(userConfig.GetText("report_template"))" 
     DeleteMessage="@(userConfig.GetText("U1002") + " " + reportTemplateInEdit.Name + " ?")"
-    AllowedRoles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kReporter}, {GlobalConst.kReporterViewAll}")"/>
+    AllowedRoles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}")"/>
 
 
 @code
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
index 9f2f11445..a4e52fc0b 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
@@ -7,7 +7,7 @@
 @inject UserConfig userConfig
 
 @page "/report/schedule"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kReporter}, {GlobalConst.kReporterViewAll}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}")]
 
 <ReportTabset></ReportTabset>
 
@@ -17,7 +17,7 @@
     <Table TableClass="table table-bordered table-sm th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ScheduledReport" Items="scheduledReports" PageSize="0">
         <Column TableItem="ScheduledReport" Title="@(userConfig.GetText("actions"))">
             <Template>
-                @if (context.Owner.DbId == uiUserDbId || authenticationState != null && authenticationState.User.IsInRole(GlobalConst.kAdmin))
+                @if (context.Owner.DbId == uiUserDbId || authenticationState != null && authenticationState.User.IsInRole(Roles.Admin))
                 {
                     <div class="btn-group">
                         <button type="button" class="btn btn-sm btn-warning" @onclick="() => { scheduledReportInEdit = context; actDate = actTime = context.StartTime; ShowEditScheduledReportDialog = true; }">@(userConfig.GetText("edit"))</button>
diff --git a/roles/ui/files/FWO.UI/Pages/Request/AssignObject.razor b/roles/ui/files/FWO.UI/Pages/Request/AssignObject.razor
index 03151bd85..938bd5354 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/AssignObject.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/AssignObject.razor
@@ -4,7 +4,7 @@
 @using FWO.Middleware.Client
 
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject MiddlewareClient middlewareClient
@@ -27,7 +27,7 @@
                     @if(userAndGroupList.Count > 0)
                     {
                         <div class="col-sm-2">
-                            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}")">
+                            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}")">
                                 <Authorized>
                                     <button type="button" class="btn btn-sm btn-success" @onclick="async () => { PrepAssign(); await Assign(StatefulObject); await Close();}" @onclick:preventDefault>@(userConfig.GetText("assign1"))</button>
                                 </Authorized>
@@ -45,7 +45,7 @@
                     <form class="form-group row">
                         <label for="backAssignedGroup" class="col-sm-2 col-form-label col-form-label-sm">@(userConfig.GetText("back_to")):</label>
                         <label id="backAssignedGroup" class="col-sm-8">@StatefulObject.RecentHandler.Name</label>
-                        <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}")">
+                        <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}")">
                             <Authorized>
                                 <button type="button" class="btn btn-sm btn-success" @onclick="async () => { await AssignBack(); await Close();}" @onclick:preventDefault>@(userConfig.GetText("assign1"))</button>
                             </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Request/CommentObject.razor b/roles/ui/files/FWO.UI/Pages/Request/CommentObject.razor
index ce06221a7..530240df4 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/CommentObject.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/CommentObject.razor
@@ -1,7 +1,7 @@
 @using FWO.Api.Client
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -21,7 +21,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kFwAdmin}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.FwAdmin}")">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-primary" @onclick:preventDefault @onclick="async () => {await Save(commentText); await Close();}">@(userConfig.GetText("save"))</button>
                 </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DeleteObject.razor b/roles/ui/files/FWO.UI/Pages/Request/DeleteObject.razor
index 7caeffe81..a6a78a4d5 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DeleteObject.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DeleteObject.razor
@@ -1,7 +1,7 @@
 @using FWO.Api.Client
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -16,7 +16,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kFwAdmin}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.FwAdmin}")">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-danger" @onclick:preventDefault @onclick="async () => { await Delete(); await Close();}">@(userConfig.GetText("delete"))</button>
                 </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayAccessElements.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayAccessElements.razor
index 2b51226c5..e55102411 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayAccessElements.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayAccessElements.razor
@@ -1,7 +1,7 @@
 @using FWO.Api.Client
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayApprovals.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayApprovals.razor
index cc11b0f04..ad0e5c73c 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayApprovals.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayApprovals.razor
@@ -3,7 +3,7 @@
 @using FWO.Ui.Services
 
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -86,7 +86,7 @@
     [Parameter]
     public RequestStateDict States { get; set; } = new RequestStateDict();
 
-    static List<string> validRoles = new List<string>(){GlobalConst.kApprover};
+    static List<string> validRoles = new List<string>(){Roles.Approver};
 
 
     private async Task Close()
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayImplTaskTable.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayImplTaskTable.razor
index c0bd52916..9d43b4ea2 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayImplTaskTable.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayImplTaskTable.razor
@@ -3,7 +3,7 @@
 @using FWO.Config.Api
 @using FWO.Ui.Services
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -50,7 +50,7 @@
                             {
                                 @if (implTask.StateId < ReqHandler.StateMatrix(implTask.TaskType).LowestStartedState)
                                 {
-                                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kFwAdmin}")">
+                                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.FwAdmin}")">
                                         <Authorized Context="ctx">
                                             <button type="button" class="btn btn-sm btn-warning" @onclick:preventDefault @onclick="async () => await StartImplPhase(implTask)">@(userConfig.GetText("start_" + Phase.ToString()))</button>
                                         </Authorized>
@@ -177,7 +177,7 @@
     [Parameter]
     public Func<RequestImplTask, Task> StartImplPhase { get; set; } = DefaultInit.DoNothing;
 
-    static List<string> validRoles = new List<string>(){GlobalConst.kImplementer, GlobalConst.kFwAdmin};
+    static List<string> validRoles = new List<string>(){Roles.Implementer, Roles.FwAdmin};
     private bool DisplayInfo = false;
     private List<KeyValuePair<string, bool>> deviceCheck = new List<KeyValuePair<string, bool>>();
 
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayImplementationTask.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayImplementationTask.razor
index 7a0c67c8c..9021e81b8 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayImplementationTask.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayImplementationTask.razor
@@ -3,7 +3,7 @@
 @using FWO.Config.Api
 @using FWO.Ui.Services
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -191,7 +191,7 @@
         <div class="btn-group">
             @if (ReqHandler.EditImplTaskMode)
             {
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kPlanner}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Planner}, {Roles.FwAdmin}")">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-primary" @onclick:preventDefault @onclick="SaveImplTask">@(userConfig.GetText("save"))</button>
                     </Authorized>
@@ -202,7 +202,7 @@
             }
             else if (ReqHandler.ImplementImplTaskMode)
             {
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.FwAdmin}")">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-primary" @onclick:preventDefault @onclick="InitPromoteImplTask">@(userConfig.GetText("change_state"))</button>
                     </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayPathAnalysis.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayPathAnalysis.razor
index d100abae0..bbb7f2759 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayPathAnalysis.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayPathAnalysis.razor
@@ -1,7 +1,7 @@
 @using FWO.Api.Client
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayReqTaskTable.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayReqTaskTable.razor
index 00ac5d99a..483f95b32 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayReqTaskTable.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayReqTaskTable.razor
@@ -1,7 +1,7 @@
 @using FWO.Config.Api
 @using FWO.Ui.Services
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject UserConfig userConfig
 
@@ -30,7 +30,7 @@
                         {
                             @if (context.StateId >= ReqHandler.StateMatrix(context.TaskType).LowestInputState && context.StateId < ReqHandler.StateMatrix(context.TaskType).LowestStartedState)
                             {
-                                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kFwAdmin}")">
+                                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.FwAdmin}")">
                                     <Authorized Context="ctx">
                                         <button type="button" class="btn btn-sm btn-warning" @onclick:preventDefault @onclick="async () => await StartPhase(context)">@(userConfig.GetText("start_" + Phase.ToString()))</button>
                                     </Authorized>
@@ -124,7 +124,7 @@
     [Parameter]
     public Func<RequestImplTask, Task> StartImplPhase { get; set; } = DefaultInit.DoNothing;
 
-    static List<string> validRoles = new List<string>(){GlobalConst.kPlanner, GlobalConst.kFwAdmin};
+    static List<string> validRoles = new List<string>(){Roles.Planner, Roles.FwAdmin};
 
 
     private async Task Reset()
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayRequestTask.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayRequestTask.razor
index d8303c78b..9cdd8de2c 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayRequestTask.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayRequestTask.razor
@@ -2,7 +2,7 @@
 @using FWO.Config.Api
 @using FWO.Ui.Services
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -263,7 +263,7 @@
         <div class="btn-group">
             @if (ReqHandler.EditReqTaskMode)
             {
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.FwAdmin}")">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-primary" @onclick:preventDefault @onclick="SaveReqTask">@(userConfig.GetText("save"))</button>
                     </Authorized>
@@ -274,7 +274,7 @@
             }
             else if (ReqHandler.PlanReqTaskMode)
             {
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kPlanner}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Planner}, {Roles.FwAdmin}")">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-primary" @onclick:preventDefault @onclick="InitPromoteReqTask">@(userConfig.GetText("change_state"))</button>
                     </Authorized>
@@ -285,7 +285,7 @@
             }
             else if (ReqHandler.ApproveReqTaskMode)
             {
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kApprover}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Approver}, {Roles.FwAdmin}")">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-primary" @onclick:preventDefault @onclick="InitApproveTask">@(userConfig.GetText("approve"))</button>
                     </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayRules.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayRules.razor
index 5c008c446..2e4db3228 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayRules.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayRules.razor
@@ -1,7 +1,7 @@
 @using FWO.Api.Client
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayTicket.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayTicket.razor
index 113d5a5d5..0f5b456ba 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayTicket.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayTicket.razor
@@ -4,7 +4,7 @@
 @using FWO.Ui.Services
 @using FWO.Ui.Data
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -121,7 +121,7 @@
         <div class="btn-group">
             @if(ReqHandler.EditTicketMode)
             {
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.FwAdmin}")">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-primary" @onclick="InitSaveTicket">@(userConfig.GetText("save"))</button>
                     </Authorized>
@@ -132,7 +132,7 @@
             }
             else if (CheckPromoteTicket())
             {
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.FwAdmin}")">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-primary" @onclick:preventDefault @onclick="InitPromoteTicket">@(userConfig.GetText("change_state"))</button>
                     </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayTicketTable.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayTicketTable.razor
index 89b4b6d08..4db5c4309 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayTicketTable.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayTicketTable.razor
@@ -1,7 +1,7 @@
 @using FWO.Config.Api
 @using FWO.Ui.Services
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject UserConfig userConfig
 
diff --git a/roles/ui/files/FWO.UI/Pages/Request/PromoteObject.razor b/roles/ui/files/FWO.UI/Pages/Request/PromoteObject.razor
index 9d3e2a536..dc88216cf 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/PromoteObject.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/PromoteObject.razor
@@ -1,7 +1,7 @@
 @using FWO.Api.Client
 @using FWO.Config.Api
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -34,7 +34,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kFwAdmin}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.FwAdmin}")">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-primary" @onclick:preventDefault @onclick="async () => {StatefulObject.SetOptComment(optComm); await Save(StatefulObject); await Close();}">@(userConfig.GetText("save"))</button>
                 </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestApprovals.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestApprovals.razor
index 8a5b7a34c..1aa9e57b9 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestApprovals.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestApprovals.razor
@@ -4,7 +4,7 @@
 @using FWO.Ui.Services
 
 @page "/request/approvals"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kApprover}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Approver}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -41,7 +41,7 @@ else
     {
         try
         {
-            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { GlobalConst.kAdmin, GlobalConst.kApprover, GlobalConst.kAuditor});
+            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { Roles.Admin, Roles.Approver, Roles.Auditor});
             await states.Init(apiConnection);
 
             reqHandler = new RequestHandler(DisplayMessageInUi, userConfig, apiConnection, WorkflowPhases.approval){};
@@ -60,7 +60,7 @@ else
     {
         try
         {
-            reqHandler.ReadOnlyMode = !(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kApprover) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin));
+            reqHandler.ReadOnlyMode = !(authenticationStateTask!.Result.User.IsInRole(Roles.Approver) || authenticationStateTask!.Result.User.IsInRole(Roles.Admin));
             await reqHandler.Init();
         }
         catch (Exception exception)
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestImplementations.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestImplementations.razor
index 053a1290f..d4dc25221 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestImplementations.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestImplementations.razor
@@ -4,7 +4,7 @@
 @using FWO.Ui.Services
 
 @page "/request/implementations"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kImplementer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Implementer}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -72,7 +72,7 @@ else
     {
         try
         {
-            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { GlobalConst.kAdmin, GlobalConst.kImplementer, GlobalConst.kFwAdmin, GlobalConst.kAuditor});
+            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { Roles.Admin, Roles.Implementer, Roles.FwAdmin, Roles.Auditor});
             await states.Init(apiConnection);
 
             reqHandler = new RequestHandler(DisplayMessageInUi, userConfig, apiConnection, WorkflowPhases.implementation){};
@@ -122,7 +122,7 @@ else
     {
         try
         {
-            reqHandler.ReadOnlyMode = !(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kImplementer) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kFwAdmin) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin));
+            reqHandler.ReadOnlyMode = !(authenticationStateTask!.Result.User.IsInRole(Roles.Implementer) || authenticationStateTask!.Result.User.IsInRole(Roles.FwAdmin) || authenticationStateTask!.Result.User.IsInRole(Roles.Admin));
             await reqHandler.Init();
         }
         catch (Exception exception)
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestPlannings.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestPlannings.razor
index 92e260155..b39b9ac71 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestPlannings.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestPlannings.razor
@@ -4,7 +4,7 @@
 @using FWO.Ui.Services
 
 @page "/request/plannings"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kPlanner}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Planner}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -41,7 +41,7 @@ else
     {
         try
         {
-            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { GlobalConst.kAdmin, GlobalConst.kPlanner, GlobalConst.kFwAdmin, GlobalConst.kAuditor});
+            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { Roles.Admin, Roles.Planner, Roles.FwAdmin, Roles.Auditor});
             await states.Init(apiConnection);
 
             reqHandler = new RequestHandler(DisplayMessageInUi, userConfig, apiConnection, WorkflowPhases.planning){};
@@ -60,7 +60,7 @@ else
     {
         try
         {
-            reqHandler.ReadOnlyMode = !(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kPlanner) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kFwAdmin) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin));
+            reqHandler.ReadOnlyMode = !(authenticationStateTask!.Result.User.IsInRole(Roles.Planner) || authenticationStateTask!.Result.User.IsInRole(Roles.FwAdmin) || authenticationStateTask!.Result.User.IsInRole(Roles.Admin));
             await reqHandler.Init();
         }
         catch (Exception exception)
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestReviews.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestReviews.razor
index b4e657ec7..84e7bdf73 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestReviews.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestReviews.razor
@@ -4,7 +4,7 @@
 @using FWO.Ui.Services
 
 @page "/request/reviews"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Reviewer}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -40,7 +40,7 @@ else
     {
         try
         {
-            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { GlobalConst.kAdmin, GlobalConst.kReviewer, GlobalConst.kAuditor });
+            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { Roles.Admin, Roles.Reviewer, Roles.Auditor });
             await states.Init(apiConnection);
 
             reqHandler = new RequestHandler(DisplayMessageInUi, userConfig, apiConnection, WorkflowPhases.review){};
@@ -59,7 +59,7 @@ else
     {
         try
         {
-            reqHandler.ReadOnlyMode = !(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kReviewer) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin));
+            reqHandler.ReadOnlyMode = !(authenticationStateTask!.Result.User.IsInRole(Roles.Reviewer) || authenticationStateTask!.Result.User.IsInRole(Roles.Admin));
             await reqHandler.Init();
         }
         catch (Exception exception)
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestTickets.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestTickets.razor
index 6b59984db..7fbe7e8ed 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestTickets.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestTickets.razor
@@ -4,7 +4,7 @@
 @using FWO.Ui.Services
 
 @page "/request/tickets"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Requester}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -40,7 +40,7 @@ else
     {
         try
         {
-            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { GlobalConst.kAdmin, GlobalConst.kRequester, GlobalConst.kAuditor });
+            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { Roles.Admin, Roles.Requester, Roles.Auditor });
             await states.Init(apiConnection);
 
             reqHandler = new RequestHandler(DisplayMessageInUi, userConfig, apiConnection, WorkflowPhases.request){};
@@ -57,7 +57,7 @@ else
     {
         try
         {
-            reqHandler.ReadOnlyMode = !(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kRequester) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin));
+            reqHandler.ReadOnlyMode = !(authenticationStateTask!.Result.User.IsInRole(Roles.Requester) || authenticationStateTask!.Result.User.IsInRole(Roles.Admin));
             await reqHandler.Init();
         }
         catch (Exception exception)
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestTicketsOverview.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestTicketsOverview.razor
index 120a7781b..6057ea99d 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestTicketsOverview.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestTicketsOverview.razor
@@ -4,7 +4,7 @@
 @using FWO.Ui.Services
 
 @page "/request/ticketsoverview"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}, {GlobalConst.kRequester}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}, {Roles.Requester}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -40,7 +40,7 @@ else
     {
         try
         {
-            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { GlobalConst.kAdmin, GlobalConst.kFwAdmin, GlobalConst.kRequester, GlobalConst.kAuditor });
+            apiConnection.SetProperRole(authenticationStateTask!.Result.User, new List<string> { Roles.Admin, Roles.FwAdmin, Roles.Requester, Roles.Auditor });
             await states.Init(apiConnection);
 
             reqHandler = new RequestHandler(DisplayMessageInUi, userConfig, apiConnection, WorkflowPhases.request){};
@@ -61,7 +61,7 @@ else
             await reqHandler.Init(1);
 
             // Todo: put filtering into graphql query
-            if(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kRequester) && !(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kFwAdmin)))
+            if(authenticationStateTask!.Result.User.IsInRole(Roles.Requester) && !(authenticationStateTask!.Result.User.IsInRole(Roles.Admin) || authenticationStateTask!.Result.User.IsInRole(Roles.FwAdmin)))
             {
                 reqHandler.FilterForRequester();
             }
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/RemoveUser.razor b/roles/ui/files/FWO.UI/Pages/Settings/RemoveUser.razor
index d393740c8..8857af211 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/RemoveUser.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/RemoveUser.razor
@@ -20,7 +20,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@GlobalConst.kAdmin">
+            <AuthorizeView Roles="@Roles.Admin">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-danger" @onclick="async () => { await Remove(selectedUser); Close(); }" @onclick:preventDefault>@(userConfig.GetText("remove"))</button>
                 </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor b/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor
index bfcc2b6c2..9ba99b955 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor
@@ -46,7 +46,7 @@
                             </Dropdown>
                         </div>
                         <div class="col-sm-2">
-                            <AuthorizeView Roles="@GlobalConst.kAdmin">
+                            <AuthorizeView Roles="@Roles.Admin">
                                 <Authorized>
                                     <button type="button" class="btn btn-sm btn-success" @onclick="async () => { await AddUser(selectedUiUser); Close(); }" @onclick:preventDefault>@(userConfig.GetText("assign"))</button>
                                 </Authorized>
@@ -65,7 +65,7 @@
                             <Dropdown ElementType="string" @bind-SelectedElement="selectedInternalGroupDn" Elements="Array.ConvertAll(internalGroups.ToArray(), x => x.Dn).ToList()" />
                         </div>
                         <div class="col-sm-2">
-                            <AuthorizeView Roles="@GlobalConst.kAdmin">
+                            <AuthorizeView Roles="@Roles.Admin">
                                 <Authorized>
                                     <button type="button" class="btn btn-sm btn-success" @onclick="async () => { await AddGroup(selectedInternalGroupDn); Close(); }" @onclick:preventDefault>@(userConfig.GetText("assign"))</button>
                                 </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SelectFromLdap.razor b/roles/ui/files/FWO.UI/Pages/Settings/SelectFromLdap.razor
index 794bba9a2..0e439576b 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SelectFromLdap.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SelectFromLdap.razor
@@ -15,7 +15,7 @@
                             </ElementTemplate>
                         </Dropdown>
                     </div>
-                    <AuthorizeView Roles="@GlobalConst.kAdmin">
+                    <AuthorizeView Roles="@Roles.Admin">
                         <Authorized>
                             <button type="button" class="btn btn-sm btn-success col-sm-2" @onclick="async () => { await AddUser(selectedLdapUser); Close(); }" @onclick:preventDefault>@(userConfig.GetText("assign"))</button>
                         </Authorized>
@@ -32,7 +32,7 @@
                     <div class="col-sm-8">
                         <Dropdown ElementType="string" @bind-SelectedElement="selectedLdapGroup" Elements="LdapGroups" />
                     </div>
-                    <AuthorizeView Roles="@GlobalConst.kAdmin">
+                    <AuthorizeView Roles="@Roles.Admin">
                         <Authorized>
                             <button type="button" class="btn btn-sm btn-success col-sm-2" @onclick="async () => { await AddGroup(selectedLdapGroup); Close(); }" @onclick:preventDefault>@(userConfig.GetText("assign"))</button>
                         </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsActions.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsActions.razor
index f02041c41..c96b08d34 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsActions.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsActions.razor
@@ -6,7 +6,7 @@
 @using FWO.Middleware.Client
 
 @page "/settings/stateactions"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject MiddlewareClient middlewareClient
@@ -243,7 +243,7 @@
         </Body>
         <Footer>
             <div class="btn-group">
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-primary" @onclick="SaveAction">@(userConfig.GetText("save"))</button>
                     </Authorized>
@@ -308,7 +308,7 @@ else
             statesPlus = new List<RequestState>(states);
             statesPlus.Add(AutomaticState);
             availableTaskTypes = System.Text.Json.JsonSerializer.Deserialize<List<TaskType>>(userConfig.ReqAvailableTaskTypes) ?? throw new Exception("Config data could not be parsed.");
-            userAndGroupList = await RoleAccess.GetRoleMembers(middlewareClient, GlobalConst.kApprover);
+            userAndGroupList = await RoleAccess.GetRoleMembers(middlewareClient, Roles.Approver);
         }
         catch (Exception exception)
         {
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCredentials.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCredentials.razor
index 8bfd13ae7..4c1a99ae2 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCredentials.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCredentials.razor
@@ -5,7 +5,7 @@
 @using FWO.Middleware.Client
 
 @page "/settings/credentials"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -21,7 +21,7 @@
     <button type="button" class="btn btn-sm btn-success" @onclick="Add">@(userConfig.GetText("add_new_credential"))</button>
     @if (showCleanupButton)
     {
-        <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")">
+        <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
             <Authorized>
                 <button type="button" class="btn btn-sm btn-danger" @onclick="RequestRemoveSampleData">@(userConfig.GetText("remove_sample_data"))</button>
             </Authorized>
@@ -36,7 +36,7 @@
                 <div class="btn-group">
                     <button type="button" class="btn btn-sm btn-success" @onclick="() => Clone(context)">@(userConfig.GetText("clone"))</button>
                     <button type="button" class="btn btn-sm btn-warning" @onclick="() => Edit(context)">@(userConfig.GetText("edit"))</button>
-                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")" Context="ctx">
+                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")" Context="ctx">
                         <Authorized>
                             <button type="button" class="btn btn-sm btn-danger" @onclick="() => RequestDelete(context)">@(userConfig.GetText("delete"))</button>
                         </Authorized>
@@ -125,7 +125,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-primary" @onclick="Save">@(userConfig.GetText("save"))</button>
                 </Authorized>
@@ -178,7 +178,7 @@
         {
             JwtReader jwt = new JwtReader(userConfig.User.Jwt);
             jwt.Validate();
-            if (jwt.ContainsAllowedRole(GlobalConst.kAdmin) || jwt.ContainsAllowedRole(GlobalConst.kFwAdmin))
+            if (jwt.ContainsAllowedRole(Roles.Admin) || jwt.ContainsAllowedRole(Roles.FwAdmin))
                 credentials = await apiConnection.SendQueryAsync<List<ImportCredential>>(FWO.Api.Client.Queries.DeviceQueries.getCredentials);
             else
                 credentials = await apiConnection.SendQueryAsync<List<ImportCredential>>(FWO.Api.Client.Queries.DeviceQueries.getCredentialsWithoutSecrets);
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor
index a097618c5..588271904 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomTexts.razor
@@ -4,7 +4,7 @@
 @using FWO.Ui.Services
 
 @page "/settings/customtexts"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject GlobalConfig globalConfig
@@ -72,7 +72,7 @@
     </div>
 }
 <hr />
-<AuthorizeView Roles="@GlobalConst.kAdmin">
+<AuthorizeView Roles="@Roles.Admin">
     <Authorized>
         <button type="button" class="btn btn-sm btn-primary" @onclick:preventDefault="true" @onclick="Save">@(userConfig.GetText("save"))</button>
     </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomizing.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomizing.razor
index 4cc8da24d..ccbce63f2 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomizing.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCustomizing.razor
@@ -5,7 +5,7 @@
 
 
 @page "/settings/workflowcustomizing"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject GlobalConfig globalConfig
@@ -85,7 +85,7 @@
     </form>
 
     <hr />
-    <AuthorizeView Roles="@GlobalConst.kAdmin">
+    <AuthorizeView Roles="@Roles.Admin">
         <Authorized>
             <button type="button" class="btn btn-sm btn-primary" @onclick="Save" @onclick:preventDefault>@(userConfig.GetText("save"))</button>
         </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor
index 8e272daa4..54350ce87 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor
@@ -3,7 +3,7 @@
 @using FWO.Config.Api.Data
 
 @page "/settings/defaults"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject GlobalConfig globalConfig
@@ -156,7 +156,7 @@
         </div>
     </form>
     <hr />
-    <AuthorizeView Roles="@GlobalConst.kAdmin">
+    <AuthorizeView Roles="@Roles.Admin">
         <Authorized>
             <button type="button" class="btn btn-sm btn-primary" @onclick="Save" @onclick:preventDefault>@(userConfig.GetText("save"))</button>
         </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsEmail.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsEmail.razor
index e651d28f2..2527a7491 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsEmail.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsEmail.razor
@@ -6,7 +6,7 @@
 @using FWO.Mail
 
 @page "/settings/email"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject MiddlewareClient middlewareClient
@@ -69,7 +69,7 @@
 <hr>
 
 <div class="btn-group">
-    <AuthorizeView Roles="@GlobalConst.kAdmin">
+    <AuthorizeView Roles="@Roles.Admin">
         <Authorized>
             <button type="button" class="btn btn-sm btn-dark"  data-toggle="tooltip" title="@(userConfig.PureLine("H5492"))"
                 @onclick="TestConnection">@(userConfig.GetText("test_connection"))</button>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor
index cd1bc69a4..5cf54367a 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor
@@ -4,7 +4,7 @@
 @using FWO.Middleware.Client
 
 @page "/settings/gateways"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -25,7 +25,7 @@
                 <div class="btn-group">
                     <button type="button" class="btn btn-sm btn-success" @onclick="() => Clone(context)">@(userConfig.GetText("clone"))</button>
                     <button type="button" class="btn btn-sm btn-warning" @onclick="() => Edit(context)">@(userConfig.GetText("edit"))</button>
-                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")" Context="ctx">
+                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")" Context="ctx">
                         <Authorized>
                             <button type="button" class="btn btn-sm btn-danger" @onclick="() => RequestDelete(context)">@(userConfig.GetText("delete"))</button>
                         </Authorized>
@@ -167,7 +167,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-primary" @onclick="Save">@(userConfig.GetText("save"))</button>
                 </Authorized>
@@ -209,7 +209,7 @@
 
             JwtReader jwt = new JwtReader(userConfig.User.Jwt);
             jwt.Validate();
-            if (jwt.ContainsAllowedRole(GlobalConst.kAdmin) || jwt.ContainsAllowedRole(GlobalConst.kFwAdmin))
+            if (jwt.ContainsAllowedRole(Roles.Admin) || jwt.ContainsAllowedRole(Roles.FwAdmin))
                 managements = await apiConnection.SendQueryAsync<List<Management>>(FWO.Api.Client.Queries.DeviceQueries.getManagementsDetails);
             else
                 managements = await apiConnection.SendQueryAsync<List<Management>>(FWO.Api.Client.Queries.DeviceQueries.getManagementDetailsWithoutSecrets);
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGroups.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGroups.razor
index 5624706b9..11da37de4 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGroups.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGroups.razor
@@ -9,7 +9,7 @@
 @using RestSharp
 
 @page "/settings/groups"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject MiddlewareClient middlewareClient
@@ -115,7 +115,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@GlobalConst.kAdmin">
+            <AuthorizeView Roles="@Roles.Admin">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-primary" @onclick="() => Save()">@(userConfig.GetText("save"))</button>
                 </Authorized>
@@ -176,8 +176,8 @@
             await GetRolesFromInternalLdap();
             SynchronizeGroupsToRoles();
 
-            availableRoles = roles.FindAll(x => (x.Name != GlobalConst.kAnonymous && x.Name != GlobalConst.kMiddlewareServer));
-            ownerGroupRoles = roles.FindAll(x => (x.Name == GlobalConst.kRecertifier || x.Name == GlobalConst.kModeller));
+            availableRoles = roles.FindAll(x => (x.Name != Roles.Anonymous && x.Name != Roles.MiddlewareServer));
+            ownerGroupRoles = roles.FindAll(x => (x.Name == Roles.Recertifier || x.Name == Roles.Modeller));
         }
         catch (System.Exception exception)
         {
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor
index 31c8a66a4..f289c7203 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor
@@ -3,7 +3,7 @@
 @using FWO.Config.Api.Data
 
 @page "/settings/importer"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject GlobalConfig globalConfig
@@ -93,7 +93,7 @@
         </div>
     </form>
     <hr />
-    <AuthorizeView Roles="@GlobalConst.kAdmin">
+    <AuthorizeView Roles="@Roles.Admin">
         <Authorized>
             <button type="button" class="btn btn-sm btn-primary" @onclick="Save" @onclick:preventDefault>@(userConfig.GetText("save"))</button>
         </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsLanguage.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsLanguage.razor
index 821d161f0..464ccfb1b 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsLanguage.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsLanguage.razor
@@ -3,7 +3,7 @@
 @using FWO.Api.Client
 
 @page "/settings/language"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kReporter}, {GlobalConst.kReporterViewAll}, {GlobalConst.kModeller}, {GlobalConst.kRecertifier}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Modeller}, {Roles.Recertifier}, {Roles.Auditor}, {Roles.FwAdmin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}")]
 
 @inject GlobalConfig globalConfig
 @inject UserConfig userConfig
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor
index b7e4698c8..d8e9ee91e 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor
@@ -9,7 +9,7 @@
 
 
 @page "/settings/ldap"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject MiddlewareClient middlewareClient
@@ -190,7 +190,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@GlobalConst.kAdmin">
+            <AuthorizeView Roles="@Roles.Admin">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-dark" @onclick="TestConnection">@(userConfig.GetText("test_connection"))</button>
                     <button type="button" class="btn btn-sm btn-primary" @onclick="Save">@(userConfig.GetText("save"))</button>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsManagements.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsManagements.razor
index 6f3662531..94db3965d 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsManagements.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsManagements.razor
@@ -6,7 +6,7 @@
 @using FWO.Middleware.Client
 
 @page "/settings/managements"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -22,7 +22,7 @@
     <button type="button" class="btn btn-sm btn-success" @onclick="Add">@(userConfig.GetText("add_new_management"))</button>
     @if (showCleanupButton)
     {
-        <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")">
+        <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
             <Authorized>
                 <button type="button" class="btn btn-sm btn-danger" @onclick="RequestRemoveSampleData">@(userConfig.GetText("remove_sample_data"))</button>
             </Authorized>
@@ -37,7 +37,7 @@
                 <div class="btn-group">
                     <button type="button" class="btn btn-sm btn-success" @onclick="() => Clone(context)">@(userConfig.GetText("clone"))</button>
                     <button type="button" class="btn btn-sm btn-warning" @onclick="() => Edit(context)">@(userConfig.GetText("edit"))</button>
-                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")" Context="ctx">
+                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")" Context="ctx">
                         <Authorized>
                             <button type="button" class="btn btn-sm btn-danger" @onclick="() => RequestDelete(context)">@(userConfig.GetText("delete"))</button>
                             @if (context.DeviceType.CanBeSupermanager() || context.DeviceType.CanBeAutodiscovered(context))
@@ -228,7 +228,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-primary" @onclick="Save">@(userConfig.GetText("save"))</button>
                 </Authorized>
@@ -291,7 +291,7 @@
             JwtReader jwt = new JwtReader(userConfig.User.Jwt);
             jwt.Validate();
 
-            if (jwt.ContainsAllowedRole(GlobalConst.kAdmin) || jwt.ContainsAllowedRole(GlobalConst.kFwAdmin))
+            if (jwt.ContainsAllowedRole(Roles.Admin) || jwt.ContainsAllowedRole(Roles.FwAdmin))
                 managements = await apiConnection.SendQueryAsync<List<Management>>(FWO.Api.Client.Queries.DeviceQueries.getManagementsDetails);
             else
                 managements = await apiConnection.SendQueryAsync<List<Management>>(FWO.Api.Client.Queries.DeviceQueries.getManagementDetailsWithoutSecrets);
@@ -300,7 +300,7 @@
 
             deviceTypes = await apiConnection.SendQueryAsync<List<DeviceType>>(FWO.Api.Client.Queries.DeviceQueries.getDeviceTypeDetails);
 
-            if (jwt.ContainsAllowedRole(GlobalConst.kAdmin) || jwt.ContainsAllowedRole(GlobalConst.kFwAdmin))
+            if (jwt.ContainsAllowedRole(Roles.Admin) || jwt.ContainsAllowedRole(Roles.FwAdmin))
                 credentials = await apiConnection.SendQueryAsync<List<ImportCredential>>(FWO.Api.Client.Queries.DeviceQueries.getCredentials);
             else
                 credentials = await apiConnection.SendQueryAsync<List<ImportCredential>>(FWO.Api.Client.Queries.DeviceQueries.getCredentialsWithoutSecrets);
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
index aa7728de9..a4ce9066e 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
@@ -5,7 +5,7 @@
 @using FWO.Ui.Pages.NetworkModelling
 
 @page "/settings/modelling"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject GlobalConfig globalConfig
@@ -129,7 +129,7 @@
         </div>
     </form>
     <hr />
-    <AuthorizeView Roles="@GlobalConst.kAdmin">
+    <AuthorizeView Roles="@Roles.Admin">
         <Authorized>
             <button type="button" class="btn btn-sm btn-primary" @onclick="Save" @onclick:preventDefault>@(userConfig.GetText("save"))</button>
         </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModellingPers.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModellingPers.razor
index 4bde46286..d65c61b96 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModellingPers.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModellingPers.razor
@@ -5,7 +5,7 @@
 @using FWO.Ui.Pages.NetworkModelling
 
 @page "/settings/modellingpersonal"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kModeller}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.Modeller}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsOwner.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsOwner.razor
index be58cd076..d8a0d210e 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsOwner.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsOwner.razor
@@ -10,7 +10,7 @@
 @using FWO.Recert
 
 @page "/settings/owners"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject GlobalConfig globalConfig
@@ -30,7 +30,7 @@
         {
             <button type="button" class="btn btn-sm btn-success" @onclick="AddOwner">@(userConfig.GetText("add_owner"))</button>
         }
-        <AuthorizeView Roles="@GlobalConst.kAdmin" Context="ctx">
+        <AuthorizeView Roles="@Roles.Admin" Context="ctx">
             <Authorized>
                 @if (!recertCalcInProgress)
                 {
@@ -70,7 +70,7 @@
                         <button type="button" class="btn btn-sm btn-warning" @onclick="async () => await EditOwner(context)">@(userConfig.GetText("edit"))</button>
                         @if(!context.IsDefault)
                         {
-                            <AuthorizeView Roles="@GlobalConst.kAdmin" Context="ctx">
+                            <AuthorizeView Roles="@Roles.Admin" Context="ctx">
                                 <Authorized>
                                     <button type="button" class="btn btn-sm btn-danger" @onclick="() => RequestDeleteOwner(context)">@(userConfig.GetText("delete"))</button>
                                 </Authorized>
@@ -301,7 +301,7 @@
             <div class="btn-group">
                 @if(!Readonly || !userConfig.AllowManualOwnerAdmin)
                 {
-                    <AuthorizeView Roles="@GlobalConst.kAdmin">
+                    <AuthorizeView Roles="@Roles.Admin">
                         <Authorized>
                             <button type="button" class="btn btn-sm btn-primary" @onclick="SaveOwner">@(userConfig.GetText("save"))</button>
                         </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsPassword.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsPassword.razor
index 14b456c74..7366b91a5 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsPassword.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsPassword.razor
@@ -3,7 +3,7 @@
 @using FWO.Ui.Services
 
 @page "/settings/password"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kReporter}, {GlobalConst.kReporterViewAll}, {GlobalConst.kModeller}, {GlobalConst.kRecertifier}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Modeller}, {Roles.Recertifier}, {Roles.Auditor}, {Roles.FwAdmin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}")]
 
 @inject GlobalConfig globalConfig
 @inject UserConfig userConfig
@@ -37,7 +37,7 @@
     </div>
 </form>
 <hr />
-<AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kReporter}, {GlobalConst.kReporterViewAll}, {GlobalConst.kModeller}, {GlobalConst.kRecertifier}, {GlobalConst.kFwAdmin}, {GlobalConst.kRequester}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}")">
+<AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Modeller}, {Roles.Recertifier}, {Roles.FwAdmin}, {Roles.Requester}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}")">
     <Authorized>
         <button type="button" class="btn btn-sm btn-primary" @onclick:preventDefault="true" @onclick="ChangePassword">@(userConfig.GetText("change_password"))</button>
     </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsPasswordPolicy.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsPasswordPolicy.razor
index 61b64c960..62299382c 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsPasswordPolicy.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsPasswordPolicy.razor
@@ -3,7 +3,7 @@
 @using FWO.Config.Api.Data
 
 @page "/settings/passwordpolicy"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject GlobalConfig globalConfig
@@ -51,7 +51,7 @@
         </div>
     </form>
     <hr />
-    <AuthorizeView Roles="@GlobalConst.kAdmin">
+    <AuthorizeView Roles="@Roles.Admin">
         <Authorized>
             <button type="button" class="btn btn-sm btn-primary" @onclick="Save" @onclick:preventDefault>@(userConfig.GetText("save"))</button>
         </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsRecertificationGen.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsRecertificationGen.razor
index 17a2b8998..df2f69c48 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsRecertificationGen.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsRecertificationGen.razor
@@ -4,7 +4,7 @@
 @using FWO.Recert
 
 @page "/settings/recertificationgeneral"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject GlobalConfig globalConfig
@@ -173,7 +173,7 @@
                 <label class="col-form-label-marg7">@(userConfig.GetText("daily"))</label>
             </div>
             <div class="form-group col-sm-2">
-                <AuthorizeView Roles="@GlobalConst.kAdmin">
+                <AuthorizeView Roles="@Roles.Admin">
                     <Authorized>
                         @if (!recertCalcInProgress)
                         {
@@ -200,7 +200,7 @@
         </div>
     </form>
     <hr />
-    <AuthorizeView Roles="@GlobalConst.kAdmin">
+    <AuthorizeView Roles="@Roles.Admin">
         <Authorized>
             <button type="button" class="btn btn-sm btn-primary" @onclick="Save" @onclick:preventDefault>@(userConfig.GetText("save"))</button>
         </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsRecertificationPers.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsRecertificationPers.razor
index ff5ea8da1..36f4a0d73 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsRecertificationPers.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsRecertificationPers.razor
@@ -4,7 +4,7 @@
 @using FWO.Ui.Services
 
 @page "/settings/recertificationpersonal"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kRecertifier}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Recertifier}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsReport.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsReport.razor
index 301826c83..9bbf65589 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsReport.razor
@@ -4,7 +4,7 @@
 
 
 @page "/settings/report"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kReporter}, {GlobalConst.kReporterViewAll}, {GlobalConst.kRecertifier}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Recertifier}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsRoles.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsRoles.razor
index 20b14ea1c..fbcf73419 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsRoles.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsRoles.razor
@@ -9,7 +9,7 @@
 @using RestSharp
 
 @page "/settings/roles"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject MiddlewareClient middlewareClient
@@ -29,7 +29,7 @@
             <Template>
                 <div class="btn-group" data-toggle="tooltip" title="@(userConfig.PureLine("H5341") + "\r\n" + userConfig.PureLine("H5351") +
                         "\r\n" + userConfig.PureLine("H5352") + "\r\n" + userConfig.PureLine("H5353"))">
-                    @if (context.Name != GlobalConst.kMiddlewareServer && context.Name != GlobalConst.kAnonymous)
+                    @if (context.Name != Roles.MiddlewareServer && context.Name != Roles.Anonymous)
                     {
                         <button type="button" class="btn btn-sm btn-success" @onclick="() => AddToRole(context)">@(userConfig.GetText("assign_user_group"))</button>
                         @if(context.Users.Count > 0)
@@ -158,7 +158,7 @@
     {
         if (selectedUserToRemove.Dn != "")
         {
-            if (actRole.Name == GlobalConst.kAdmin && actRole.Users.Count < 2)
+            if (actRole.Name == Roles.Admin && actRole.Users.Count < 2)
             {
                 DisplayMessageInUi(null, userConfig.GetText("remove_user_group_from_role"), userConfig.GetText("E5256"), true);
             }
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsStateMatrix.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsStateMatrix.razor
index 6f5de2407..7348c449c 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsStateMatrix.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsStateMatrix.razor
@@ -5,7 +5,7 @@
 @using System.Text.Json
 
 @page "/settings/statematrix"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject GlobalConfig globalConfig
@@ -109,7 +109,7 @@
         }
     }
     <hr />
-    <AuthorizeView Roles="@GlobalConst.kAdmin">
+    <AuthorizeView Roles="@Roles.Admin">
         <Authorized>
             <button type="button" class="btn btn-sm btn-primary" @onclick="InitSaveMatrix" @onclick:preventDefault>@(userConfig.GetText("save"))</button>
             <button type="button" class="btn btn-sm btn-danger" @onclick="InitResetMatrix" @onclick:preventDefault>@(userConfig.GetText("reset_to_default"))</button>
@@ -130,7 +130,7 @@
         </Body>
         <Footer>
             <div class="btn-group">
-                <AuthorizeView Roles="@GlobalConst.kAdmin">
+                <AuthorizeView Roles="@Roles.Admin">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-danger" @onclick="SaveMatrix">@(userConfig.GetText("save"))</button>
                     </Authorized>
@@ -152,7 +152,7 @@
         </Body>
         <Footer>
             <div class="btn-group">
-                <AuthorizeView Roles="@GlobalConst.kAdmin">
+                <AuthorizeView Roles="@Roles.Admin">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-danger" @onclick="ResetMatrix">@(userConfig.GetText("reset_to_default"))</button>
                     </Authorized>
@@ -214,7 +214,7 @@
         </Body>
         <Footer>
             <div class="btn-group">
-                <AuthorizeView Roles="@GlobalConst.kAdmin">
+                <AuthorizeView Roles="@Roles.Admin">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-primary" @onclick="ApplySelection">@(userConfig.GetText("select"))</button>
                     </Authorized>
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsStates.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsStates.razor
index ffa6820ff..35dbda4fd 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsStates.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsStates.razor
@@ -2,7 +2,7 @@
 @using FWO.Config.Api
 
 @page "/settings/statedefinitions"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject GlobalConfig globalConfig
@@ -80,7 +80,7 @@
         </Body>
         <Footer>
             <div class="btn-group">
-                <AuthorizeView Roles="@GlobalConst.kAdmin">
+                <AuthorizeView Roles="@Roles.Admin">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-primary" @onclick="SaveState">@(userConfig.GetText("save"))</button>
                     </Authorized>
@@ -110,7 +110,7 @@
         </Body>
         <Footer>
             <div class="btn-group">
-                <AuthorizeView Roles="@GlobalConst.kAdmin">
+                <AuthorizeView Roles="@Roles.Admin">
                     <Authorized>
                         @if(selectedAction != null)
                         {
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsTenants.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsTenants.razor
index 5c38a59d3..24c8dd31f 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsTenants.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsTenants.razor
@@ -10,7 +10,7 @@
 @using RestSharp
 
 @page "/settings/tenants"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")]
 
 @inject ApiConnection apiConnection
 @inject MiddlewareClient middlewareClient
@@ -220,7 +220,7 @@
     {
         try
         {
-            addDeleteAllowed = authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin) || authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAuditor);
+            addDeleteAllowed = authenticationStateTask!.Result.User.IsInRole(Roles.Admin) || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor);
             await GetTenantsFromLdap();
             uiUsers = await apiConnection.SendQueryAsync<List<UiUser>>(AuthQueries.getUsers);
         }
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsUsers.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsUsers.razor
index 3ab17091d..e06030524 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsUsers.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsUsers.razor
@@ -9,7 +9,7 @@
 @using RestSharp
 
 @page "/settings/users"
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject ApiConnection apiConnection
 @inject MiddlewareClient middlewareClient
@@ -25,7 +25,7 @@
 
 <div class="btn-group m-1" data-toggle="tooltip" title="@(userConfig.PureLine("H5261"))">
     <button type="button" class="btn btn-sm btn-success" @onclick="AddUser">@(userConfig.GetText("add_new_user"))</button>
-    <AuthorizeView Roles="@GlobalConst.kAdmin">
+    <AuthorizeView Roles="@Roles.Admin">
         <Authorized>
             <button type="button" class="btn btn-sm btn-info" @onclick="Resynchronize">@(userConfig.GetText("synchronize"))</button>
         </Authorized>
@@ -209,7 +209,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@GlobalConst.kAdmin">
+            <AuthorizeView Roles="@Roles.Admin">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-primary" @onclick="() => Save()">@(userConfig.GetText("save"))</button>
                 </Authorized>
@@ -242,7 +242,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@GlobalConst.kAdmin">
+            <AuthorizeView Roles="@Roles.Admin">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-primary" @onclick="() => ResetPassword()">@(userConfig.GetText("set"))</button>
                 </Authorized>
@@ -368,7 +368,7 @@
         await GetRolesFromInternalLdap();
         SynchronizeUsersToRoles();
 
-        availableRoles = roles.Where(x => (x.Name != GlobalConst.kAnonymous && x.Name != GlobalConst.kMiddlewareServer)).OrderBy(x => x.Name).ToList();
+        availableRoles = roles.Where(x => (x.Name != Roles.Anonymous && x.Name != Roles.MiddlewareServer)).OrderBy(x => x.Name).ToList();
     }
 
     private void SynchronizeUsersToGroups()
@@ -682,7 +682,7 @@
         if(selectedRole != null)
         {
             user.Roles.Add(selectedRole.Name);
-            if (selectedRole.Name == GlobalConst.kAuditor)
+            if (selectedRole.Name == Roles.Auditor)
             {
                 user.PasswordMustBeChanged = false;
             }
diff --git a/roles/ui/files/FWO.UI/Pages/Start.razor b/roles/ui/files/FWO.UI/Pages/Start.razor
index d402048d8..da16f57ec 100644
--- a/roles/ui/files/FWO.UI/Pages/Start.razor
+++ b/roles/ui/files/FWO.UI/Pages/Start.razor
@@ -43,7 +43,7 @@
         uiUserDbId = userConfig.User.DbId;
         authenticationState = await authenticationStateTask!;
 
-        if(authenticationState.User.IsInRole(GlobalConst.kModeller))
+        if(authenticationState.User.IsInRole(Roles.Modeller))
         {
             NavigationManager.NavigateTo($"/networkmodelling/{AppId ?? ""}");
         }
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
index 4b53f5a09..c7e2bff13 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
@@ -34,7 +34,7 @@ public async Task<bool> Save()
                 if(CheckAppServer())
                 {
                     bool saveOk = true;
-                    apiConnection.SetRole(GlobalConst.kAdmin);
+                    apiConnection.SetRole(Roles.Admin);
                     if(AddMode)
                     {
                         saveOk &= await AddAppServerToDb();
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs
index fa7d3174a..6da6e5dfd 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs
@@ -75,7 +75,7 @@ public async Task DeleteAppServer()
         {
             try
             {
-                apiConnection.SetRole(GlobalConst.kAdmin);
+                apiConnection.SetRole(Roles.Admin);
                 if(await CheckAppServerInUse(actAppServer))
                 {
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.setAppServerDeletedState, new { id = actAppServer.Id, deleted = true });
diff --git a/roles/ui/files/FWO.UI/Shared/AutoDiscovery.razor b/roles/ui/files/FWO.UI/Shared/AutoDiscovery.razor
index 1076f65e0..cbc0574fc 100644
--- a/roles/ui/files/FWO.UI/Shared/AutoDiscovery.razor
+++ b/roles/ui/files/FWO.UI/Shared/AutoDiscovery.razor
@@ -29,7 +29,7 @@
                                     }
                                     else
                                     {
-                                        <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+                                        <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                                             <Authorized Context="ctx">
                                                 <button type="button" class="btn btn-sm btn-warning" @onclick="() => ChangeManagementState(context, true)">@(userConfig.GetText("disable"))</button>
                                                 <button type="button" class="btn btn-sm btn-danger" @onclick="() => RequestDeleteManagement(context)">@(userConfig.GetText("delete"))</button>
@@ -43,7 +43,7 @@
                                 }
                                 else
                                 {
-                                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+                                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                                         <Authorized Context="ctx">
                                             <button type="button" class="btn btn-sm btn-success" @onclick="() => ConfirmManagement(context)">@(userConfig.GetText("add"))</button>
                                         </Authorized>
@@ -73,7 +73,7 @@
                                             {
                                                 @if(Dev.Delete)
                                                 {
-                                                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+                                                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                                                         <Authorized Context="ctx">
                                                             <button type="button" class="btn btn-sm btn-warning" @onclick="() => ChangeDeviceState(Dev, true)">@(userConfig.GetText("disable"))</button>
                                                             <button type="button" class="btn btn-sm btn-danger" @onclick="() => RequestDeleteDevice(Dev)">@(userConfig.GetText("delete"))</button>
@@ -92,7 +92,7 @@
                                                     }
                                                     else
                                                     {                    
-                                                        <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+                                                        <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                                                             <Authorized Context="ctx">
                                                                 <button type="button" class="btn btn-sm btn-success" @onclick="() => ConfirmDevice(Dev)">@(userConfig.GetText("add"))</button>
                                                             </Authorized>
@@ -127,7 +127,7 @@
         <div class="btn-group">
             @if(actAlertId != null)
             {
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                     <Authorized Context="ctx">
                         <button type="button" class="btn btn-sm btn-secondary" @onclick="async () => {await AcknowledgeAlert(actAlertId); await Close();}">@(userConfig.GetText("acknowledge"))</button>
                     </Authorized>
@@ -138,7 +138,7 @@
             }
             else if(somethingToDo)
             {
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                     <Authorized Context="ctx">
                         <button type="button" class="btn btn-sm btn-warning" @onclick="async () => {await doAllChanges(); await Close();}">@(userConfig.GetText("do_all_changes"))</button>
                     </Authorized>
diff --git a/roles/ui/files/FWO.UI/Shared/Confirm.razor b/roles/ui/files/FWO.UI/Shared/Confirm.razor
index 50eb508e7..d9aebbc5c 100644
--- a/roles/ui/files/FWO.UI/Shared/Confirm.razor
+++ b/roles/ui/files/FWO.UI/Shared/Confirm.razor
@@ -1,6 +1,6 @@
 @using FWO.Api.Data
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
 @inject UserConfig userConfig
 
@@ -14,7 +14,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@GlobalConst.kAdmin">
+            <AuthorizeView Roles="@Roles.Admin">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-danger" @onclick="() => {PerformAction(); Display = false;}">@(userConfig.GetText("confirm"))</button>
                 </Authorized>
diff --git a/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor b/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor
index 211fcc1d9..51dc7495f 100644
--- a/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor
+++ b/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor
@@ -1,6 +1,6 @@
 @using FWO.Api.Data
 
-@attribute [Authorize(Roles = $"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kModeller}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.Modeller}")]
 
 @inject UserConfig userConfig
 
@@ -59,7 +59,7 @@
     public bool DeleteAllowed { get; set; } = true;
 
     [Parameter]
-    public string AllowedRoles { get; set; } = GlobalConst.kAdmin;
+    public string AllowedRoles { get; set; } = Roles.Admin;
 
     [Parameter]
     public bool Remove { get; set; } = false;
diff --git a/roles/ui/files/FWO.UI/Shared/ImportRollback.razor b/roles/ui/files/FWO.UI/Shared/ImportRollback.razor
index ac999bfce..0bf4cc198 100644
--- a/roles/ui/files/FWO.UI/Shared/ImportRollback.razor
+++ b/roles/ui/files/FWO.UI/Shared/ImportRollback.razor
@@ -21,7 +21,7 @@
     </Body>
     <Footer>
         <div class="btn-group">
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kImporter}")" Context="xxx">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Importer}")" Context="xxx">
                 <Authorized>
                     <button type="button" class="btn btn-sm btn-danger" @onclick="async () => {await Rollback(); RollbackMode = false; await Closing.InvokeAsync(RollbackMode);}">@(userConfig.GetText("rollback"))</button>
                 </Authorized>
diff --git a/roles/ui/files/FWO.UI/Shared/MainLayout.razor b/roles/ui/files/FWO.UI/Shared/MainLayout.razor
index 3d7883855..60c760893 100644
--- a/roles/ui/files/FWO.UI/Shared/MainLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/MainLayout.razor
@@ -196,7 +196,7 @@
     private void OnAlertUpdate(List<Alert> alerts)
     {
         user = authenticationStateTask!.Result.User;
-        showAlert = (user.IsInRole(GlobalConst.kAdmin) || user.IsInRole(GlobalConst.kFwAdmin) || user.IsInRole(GlobalConst.kAuditor)) && alerts.Count() > 0;
+        showAlert = (user.IsInRole(Roles.Admin) || user.IsInRole(Roles.FwAdmin) || user.IsInRole(Roles.Auditor)) && alerts.Count() > 0;
         InvokeAsync(StateHasChanged);
     }
 
diff --git a/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor b/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
index 6b35ca141..14d09f8c6 100644
--- a/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
@@ -10,7 +10,7 @@
 <Sidebar PositionLeft="true" Collapsible="true" Resizeable="true" @bind-Width="sidebarWidth">
     <div class="me-2 ms-2 mt-4 mb-4">
         <ul class="navbar-nav navbar-dark flex-column">
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")">
                 <li class="nav-item px-2">
                     <h5>@(userConfig.GetText("alerts"))</h5>
                 </li>
@@ -62,7 +62,7 @@
                     <span class="oi oi-monitor"></span> @(userConfig.GetText("ui_messages"))
                 </NavLink>
             </li>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="monitoring/monitor_all">
                         <span class="oi oi-monitor"></span> @(userConfig.GetText("all"))
diff --git a/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor b/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
index cffafffe6..88c233e0e 100644
--- a/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
+++ b/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
@@ -18,42 +18,42 @@
 
     <div class="navbar-collapse me-auto nav-main-left @NavMenuCollapseClass">
         <ul class="navbar-nav me-auto">
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kReporter}, {GlobalConst.kReporterViewAll}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <a href="/report/generation" class="nav-link @(navigationManager.Uri.Contains("/report/") ? "active" : "")">
                         <span class="oi oi-spreadsheet"></span> @(userConfig.GetText("reporting"))
                     </a>
                 </li>
             </AuthorizeView>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kFwAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.FwAdmin}, {Roles.Auditor}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="@firstPage">
                         <span class="oi oi-comment-square"></span> @(userConfig.GetText("workflow"))
                     </NavLink>
                 </li>
             </AuthorizeView>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRecertifier}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Recertifier}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/certification">
                         <span class="oi oi-badge"></span> @(userConfig.GetText("recertification"))
                     </NavLink>
                 </li>
             </AuthorizeView>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kModeller}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Modeller}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/networkmodelling">
                         <span class="oi oi-puzzle-piece"></span> @(userConfig.GetText("modelling"))
                     </NavLink>
                 </li>
             </AuthorizeView>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kFwAdmin}, {GlobalConst.kPlanner}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Planner}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/network_analysis">
                         <span class="oi oi-spreadsheet"></span> @(userConfig.GetText("network_analysis"))
                     </NavLink>
                 </li>
             </AuthorizeView>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kFwAdmin}, {GlobalConst.kReporter}, {GlobalConst.kAuditor}, {GlobalConst.kApprover}, {GlobalConst.kPlanner}, {GlobalConst.kImplementer}, {GlobalConst.kReviewer}, {GlobalConst.kReporterViewAll}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.Auditor}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.ReporterViewAll}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/compliance/zones/matrix">
                         <span class="oi oi-dashboard"></span> @(userConfig.GetText("compliance"))
@@ -113,25 +113,25 @@
     protected override void OnInitialized()
     {
         userConfig.OnChange += OnChange;
-        if(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAdmin) || 
-            authenticationStateTask!.Result.User.IsInRole(GlobalConst.kFwAdmin) ||
-            authenticationStateTask!.Result.User.IsInRole(GlobalConst.kAuditor))
+        if(authenticationStateTask!.Result.User.IsInRole(Roles.Admin) || 
+            authenticationStateTask!.Result.User.IsInRole(Roles.FwAdmin) ||
+            authenticationStateTask!.Result.User.IsInRole(Roles.Auditor))
         {
             firstPage = "/request/ticketsoverview";
         }
-        else if(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kRequester))
+        else if(authenticationStateTask!.Result.User.IsInRole(Roles.Requester))
         {
             firstPage = "/request/tickets";
         }
-        else if(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kApprover))
+        else if(authenticationStateTask!.Result.User.IsInRole(Roles.Approver))
         {
             firstPage = "/request/approvals";
         }
-        else if(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kPlanner))
+        else if(authenticationStateTask!.Result.User.IsInRole(Roles.Planner))
         {
             firstPage = "/request/plannings";
         }
-        else if(authenticationStateTask!.Result.User.IsInRole(GlobalConst.kImplementer))
+        else if(authenticationStateTask!.Result.User.IsInRole(Roles.Implementer))
         {
             firstPage = "/request/implementations";
         }
diff --git a/roles/ui/files/FWO.UI/Shared/RequestLayout.razor b/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
index 72237a10a..6e58248f7 100644
--- a/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
@@ -18,7 +18,7 @@
                 <li class="nav-item px-2">
                     <h5>@(userConfig.GetText("requests"))</h5>
                 </li>
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}, {GlobalConst.kRequester}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}, {Roles.Requester}")">
                     <li class="nav-item px-2">
                         <NavLink class="nav-link" href="request/ticketsoverview">
                             <span class="oi oi-layers"></span> @(userConfig.GetText("tickets"))
@@ -27,7 +27,7 @@
                 </AuthorizeView>
                 @if(stateMatrix.PhaseActive[WorkflowPhases.request])
                 {
-                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRequester}, {GlobalConst.kAuditor}")">
+                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.Auditor}")">
                         <li class="nav-item px-2">
                             <NavLink class="nav-link" href="request/tickets">
                                 <span class="oi oi-comment-square"></span> @(userConfig.GetText("create_ticket"))
@@ -37,7 +37,7 @@
                 }
                 @if(stateMatrix.PhaseActive[WorkflowPhases.approval])
                 {
-                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kApprover}, {GlobalConst.kAuditor}")">
+                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Approver}, {Roles.Auditor}")">
                         <li class="nav-item px-2">
                             <NavLink class="nav-link" href="request/approvals">
                                 <span class="oi oi-check"></span> @(userConfig.GetText("approvals"))
@@ -47,7 +47,7 @@
                 }
                 @if(stateMatrix.PhaseActive[WorkflowPhases.planning])
                 {
-                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kPlanner}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")">
+                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Planner}, {Roles.Auditor}, {Roles.FwAdmin}")">
                         <li class="nav-item px-2">
                             <NavLink class="nav-link" href="request/plannings">
                                 <span class="oi oi-project"></span> @(userConfig.GetText("plannings"))
@@ -57,7 +57,7 @@
                 }
                 @if(stateMatrix.PhaseActive[WorkflowPhases.implementation])
                 {
-                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kImplementer}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")">
+                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Implementer}, {Roles.Auditor}, {Roles.FwAdmin}")">
                         <li class="nav-item px-2">
                             <NavLink class="nav-link" href="request/implementations">
                                 <span class="oi oi-task"></span> @(userConfig.GetText("implementations"))
@@ -67,7 +67,7 @@
                 }
                 @if(stateMatrix.PhaseActive[WorkflowPhases.review])
                 {
-                    <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kReviewer}, {GlobalConst.kAuditor}")">
+                    <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Reviewer}, {Roles.Auditor}")">
                         <li class="nav-item px-2">
                             <NavLink class="nav-link" href="request/reviews">
                                 <span class="oi oi-check"></span> @(userConfig.GetText("reviews"))
diff --git a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
index 03ad8881e..ab595e775 100644
--- a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
@@ -10,12 +10,12 @@
 <Sidebar PositionLeft="true" Collapsible="true" Resizeable="true" @bind-Width="sidebarWidth">
     <div class="me-2 ms-2 mt-4 mb-4">
         <ul class="navbar-nav navbar-dark flex-column">
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kImporter}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Importer}, {Roles.Auditor}, {Roles.FwAdmin}")">
                 <li class="nav-item px-2" data-toggle="tooltip" title="@(userConfig.GetText("U5011"))">
                     <h5>@(userConfig.GetText("devices"))</h5>
                 </li>
             </AuthorizeView>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/credentials">
                         <span class="oi oi-key"></span> @(userConfig.GetText("import_credential"))
@@ -33,26 +33,26 @@
                 </li>
             </AuthorizeView>
             <hr />
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")">
                 <li class="nav-item px-2" data-toggle="tooltip" title="@(userConfig.GetText("U5012"))">
                     <h5>@(userConfig.GetText("authorization"))</h5>
                 </li>
             </AuthorizeView>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/ldap">
                         <span class="oi oi-key"></span> @(userConfig.GetText("ldap_conns"))
                     </NavLink>
                 </li>
             </AuthorizeView>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/tenants">
                         <span class="oi oi-command"></span> @(userConfig.GetText("tenants"))
                     </NavLink>
                 </li>
             </AuthorizeView>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/users">
                         <span class="oi oi-person"></span> @(userConfig.GetText("users"))
@@ -148,20 +148,20 @@
                 <NavLink class="nav-link" href="settings/language">
                     <span class="oi oi-comment-square"></span> @(userConfig.GetText("language"))
                 </NavLink>
-                <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kReporter}, {GlobalConst.kReporterViewAll}, {GlobalConst.kRecertifier}, {GlobalConst.kAuditor}, {GlobalConst.kFwAdmin}")">
+                <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Recertifier}, {Roles.Auditor}, {Roles.FwAdmin}")">
                     <NavLink class="nav-link" href="settings/report">
                         <span class="oi oi-list"></span> @(userConfig.GetText("reporting"))
                     </NavLink>
                 </AuthorizeView>
             </li>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kRecertifier}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Recertifier}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/recertificationpersonal">
                         <span class="oi oi-badge"></span> @(userConfig.GetText("recertification"))
                     </NavLink>
                 </li>
             </AuthorizeView>
-            <AuthorizeView Roles="@($"{GlobalConst.kAdmin}, {GlobalConst.kModeller}, {GlobalConst.kAuditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Modeller}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/modellingpersonal">
                         <span class="oi oi-puzzle-piece"></span> @(userConfig.GetText("modelling"))

From b93aef69a9874e2bf7db1ad478c62a1affe0aaa2 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Sat, 24 Feb 2024 13:12:32 +0100
Subject: [PATCH 12/84] string constants for icons

---
 .../FWO.Api.Client/Data/GlobalConstants.cs    |  36 ------
 roles/lib/files/FWO.Api.Client/Data/Icons.cs  | 103 ++++++++++++++++++
 .../FWO.Api.Client/Data/ModellingAppServer.cs |   2 +-
 roles/lib/files/FWO.Api.Client/Data/Roles.cs  |  29 +++++
 roles/lib/files/FWO.Report/ReportBase.cs      |  16 +--
 .../files/FWO.Test/ModellingHandlerTest.cs    |   6 +-
 .../Pages/Compliance/ComplianceLayout.razor   |   6 +-
 .../FWO.UI/Pages/Help/HelpApiSidebar.cshtml   |  26 +++--
 .../files/FWO.UI/Pages/Help/HelpLayout.cshtml |  16 +--
 .../Pages/Help/HelpModellingSidebar.cshtml    |  10 +-
 .../Pages/Help/HelpMonitoringSidebar.cshtml   |  16 +--
 .../Help/HelpRecertificationSidebar.cshtml    |  10 +-
 .../Pages/Help/HelpReportingSidebar.cshtml    |  20 ++--
 .../Pages/Help/HelpSettingsSidebar.cshtml     |  52 ++++-----
 .../Pages/Help/HelpWorkflowSidebar.cshtml     |  16 +--
 roles/ui/files/FWO.UI/Pages/Login.razor       |   4 +-
 .../FWO.UI/Pages/Settings/SettingsUser.razor  |   2 +-
 roles/ui/files/FWO.UI/Shared/Collapse.razor   |   3 +-
 .../ui/files/FWO.UI/Shared/ContentSwap.razor  |   6 +-
 roles/ui/files/FWO.UI/Shared/Dropdown.razor   |   5 +-
 roles/ui/files/FWO.UI/Shared/EditList.razor   |   6 +-
 roles/ui/files/FWO.UI/Shared/HelpLink.razor   |   6 +-
 roles/ui/files/FWO.UI/Shared/MainLayout.razor |   4 +-
 .../FWO.UI/Shared/MonitoringLayout.razor      |  16 +--
 .../files/FWO.UI/Shared/NavigationMenu.razor  |  20 ++--
 .../ui/files/FWO.UI/Shared/ObjectGroup.razor  |  28 -----
 .../files/FWO.UI/Shared/RequestLayout.razor   |  12 +-
 .../files/FWO.UI/Shared/SettingsLayout.razor  |  50 ++++-----
 roles/ui/files/FWO.UI/Shared/Sidebar.razor    |  14 ++-
 roles/ui/files/FWO.UI/Shared/TabSet.razor     |   2 +-
 30 files changed, 318 insertions(+), 224 deletions(-)
 create mode 100644 roles/lib/files/FWO.Api.Client/Data/Icons.cs
 create mode 100644 roles/lib/files/FWO.Api.Client/Data/Roles.cs

diff --git a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
index c2f8bf881..d1654c7a1 100644
--- a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
@@ -23,40 +23,4 @@ public struct GlobalConst
         public const string kModellerGroup = "ModellerGroup_";
         public const string kImportChangeNotify = "importChangeNotify";
     }
-    
-    public struct Roles
-    {
-        public const string Anonymous = "anonymous";
-        public const string Admin = "admin";
-        public const string Auditor = "auditor";
-        public const string MiddlewareServer = "middleware-server";
-        public const string Importer = "importer";
-        public const string FwAdmin = "fw-admin";
-        public const string Recertifier = "recertifier";
-        public const string Modeller = "modeller";
-        public const string Reporter = "reporter";
-        public const string ReporterViewAll = "reporter-viewall";
-        public const string Requester = "requester";
-        public const string Approver = "approver";
-        public const string Planner = "planner";
-        public const string Implementer = "implementer";
-        public const string Reviewer = "reviewer";
-    }
-    
-    public struct Icons
-    {
-        public const string Add = "oi oi-plus";
-        public const string Edit = "oi oi-wrench";
-        public const string Delete = "oi oi-trash";
-        public const string Search = "oi oi-magnifying-glass";
-        public const string Use = "oi oi-arrow-thick-right";
-        public const string Unuse = "oi oi-arrow-thick-left";
-
-        public const string ModObject = "oi oi-tag";
-        public const string Service = "oi oi-wrench";
-        public const string ServiceGroup = "oi oi-list-rich";
-        public const string AppServer = "oi oi-laptop";
-        public const string AppRole = "oi oi-list-rich";
-        public const string NwGroup = "oi oi-folder";
-    }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/Icons.cs b/roles/lib/files/FWO.Api.Client/Data/Icons.cs
new file mode 100644
index 000000000..4cb039bb1
--- /dev/null
+++ b/roles/lib/files/FWO.Api.Client/Data/Icons.cs
@@ -0,0 +1,103 @@
+namespace FWO.Api.Data
+{
+    public struct Icons
+    {
+        // General
+        public const string Locked = "oi oi-lock-locked";
+        public const string Type = "oi oi-list";
+        public const string Example = "oi oi-eye";
+        public const string Requirement = "oi oi-eye";
+        public const string Security = "oi oi-shield";
+        public const string FurtherReading = "oi oi-external-link";
+
+        // Actions
+        public const string Add = "oi oi-plus";
+        public const string Edit = "oi oi-wrench";
+        public const string Delete = "oi oi-trash";
+        public const string Search = "oi oi-magnifying-glass";
+        public const string Use = "oi oi-arrow-thick-right";
+        public const string Unuse = "oi oi-arrow-thick-left";
+        public const string Close = "oi oi-x";
+        public const string Login = "oi oi-account-login";
+        public const string Logout = "oi oi-account-logout";
+        public const string Check = "oi oi-check";
+        public const string Swap = "oi oi-loop-circular";
+        public const string CollapseUp = "oi oi-collapse-up";
+        public const string CollapseDown = "oi oi-collapse-down";
+        public const string CollapseLeft = "oi oi-collapse-left";
+        public const string CollapseRight = "oi oi-collapse-right";
+
+        // Object types: General
+        public const string Ldap = "oi oi-key";
+        public const string Management = "oi oi-inbox";
+        public const string Gateway = "oi oi-shield";
+        public const string Credential = "oi oi-key";
+        public const string Role = "oi oi-tags";
+        public const string Tenant = "oi oi-command";
+        public const string Owner = "oi oi-flag";
+        public const string Email = "oi oi-envelope-closed";
+        
+        // Object types: Reporting
+        public const string UserGroup = "oi oi-people";
+        public const string ObjGroup = "oi oi-list-rich";
+        public const string Host = "oi oi-laptop";
+        public const string Network = "oi oi-rss";
+        public const string Range = "oi oi-resize-width";
+        public const string NwObject = "oi oi-laptop";
+        public const string Service = "oi oi-wrench";
+        public const string User = "oi oi-person";
+
+        // Object types: Modelling
+        public const string ModObject = "oi oi-tag";
+        public const string ServiceGroup = "oi oi-list-rich";
+        public const string AppRole = "oi oi-list-rich";
+        public const string NwGroup = "oi oi-folder";
+        public const string Connection = "oi oi-transfer";
+
+        // Modules
+        public const string Reporting = "oi oi-spreadsheet";
+        public const string Workflow = "oi oi-project"; //"oi oi-data-transfer-download"; //"oi oi-comment-square";
+        public const string Recertification = "oi oi-badge";
+        public const string Modelling = "oi oi-puzzle-piece";
+        public const string NetworkAnalysis = "oi oi-spreadsheet";
+        public const string Compliance = "oi oi-dashboard";
+        public const string Monitoring = "oi oi-monitor";
+        public const string Settings = "oi oi-cog";
+        public const string Help = "oi oi-info";
+        public const string Api = "oi oi-eye";
+
+        // Reporting
+        public const string Template = "oi oi-document";
+        public const string Schedule = "oi oi-timer";
+        public const string Archive = "oi oi-hard-drive";
+        public const string Export = "oi oi-arrow-thick-right";
+        public const string Output = "oi oi-share";
+        public const string Filter = "oi oi-eye";
+
+        // Workflow
+        public const string Tickets = "oi oi-layers";
+        public const string Approval = "oi oi-check";
+        public const string Planning = "oi oi-project";
+        public const string Implementation = "oi oi-task";
+        public const string Review = "oi oi-check";
+        public const string State = "oi oi-tag";
+        public const string Matrix = "oi oi-grid-four-up";
+        public const string Action = "oi oi-arrow-right";
+        public const string Phase = "oi oi-loop-square";
+        
+        // Monitoring
+        public const string Alarm = "oi oi-bell";
+        public const string Import = "oi oi-data-transfer-download";
+        public const string UiMessages = "oi oi-monitor";
+
+        // Settings
+        public const string Policy = "oi oi-document";
+        public const string Text = "oi oi-text";
+        public const string Language = "oi oi-comment-square";
+
+        // Api
+        public const string RestDoku = "oi oi-command";
+        public const string GraphQL = "oi oi-inbox";
+        public const string Hasura = "oi oi-shield";
+    }
+}
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
index 971629c47..5331868d2 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
@@ -27,7 +27,7 @@ public override string DisplayHtml()
 
         public override string DisplayWithIcon()
         {
-            return $"<span class=\"{Icons.AppServer}\"></span> " + DisplayHtml();
+            return $"<span class=\"{Icons.Host}\"></span> " + DisplayHtml();
         }
 
         public override bool Sanitize()
diff --git a/roles/lib/files/FWO.Api.Client/Data/Roles.cs b/roles/lib/files/FWO.Api.Client/Data/Roles.cs
new file mode 100644
index 000000000..3eb74d131
--- /dev/null
+++ b/roles/lib/files/FWO.Api.Client/Data/Roles.cs
@@ -0,0 +1,29 @@
+namespace FWO.Api.Data
+{
+    public struct Roles
+    {
+        // General
+        public const string Anonymous = "anonymous";
+        public const string Admin = "admin";
+        public const string Auditor = "auditor";
+        public const string FwAdmin = "fw-admin";
+
+        // Rules
+        public const string Reporter = "reporter";
+        public const string ReporterViewAll = "reporter-viewall";
+        public const string Recertifier = "recertifier";
+        public const string Modeller = "modeller";
+
+        // Workflow
+        public const string Requester = "requester";
+        public const string Approver = "approver";
+        public const string Planner = "planner";
+        public const string Implementer = "implementer";
+        public const string Reviewer = "reviewer";
+
+        // Technical
+        public const string MiddlewareServer = "middleware-server";
+        public const string Importer = "importer";
+        public const string DbBackup = "dbbackup";
+    }
+}
diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index d79af4cf2..cfbeddbd7 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -261,24 +261,24 @@ public static string GetIconClass(ObjCategory? objCategory, string? objType)
             switch (objType)
             {
                 case "group" when objCategory == ObjCategory.user:
-                    return "oi oi-people";
+                    return Icons.UserGroup;
                 case "group":
-                    return "oi oi-list-rich";
+                    return Icons.ObjGroup;
                 case "host":
-                    return "oi oi-laptop";
+                    return Icons.Host;
                 case "network":
-                    return "oi oi-rss";
+                    return Icons.Network;
                 case "ip_range":
-                    return "oi oi-resize-width";
+                    return Icons.Range;
                 default:
                     switch (objCategory)
                     {
                         case ObjCategory.nobj:
-                            return "oi oi-laptop";
+                            return Icons.NwObject;
                         case ObjCategory.nsrv:
-                            return "oi oi-wrench";
+                            return Icons.Service;
                         case ObjCategory.user:
-                            return "oi oi-person";
+                            return Icons.User;
                     }
                     return "";
             }
diff --git a/roles/test/files/FWO.Test/ModellingHandlerTest.cs b/roles/test/files/FWO.Test/ModellingHandlerTest.cs
index 56b08fac1..5ed73e8ad 100644
--- a/roles/test/files/FWO.Test/ModellingHandlerTest.cs
+++ b/roles/test/files/FWO.Test/ModellingHandlerTest.cs
@@ -119,9 +119,9 @@ public void TestGetSrcDstSvcNames()
             };
             List<string> expectedSrc = new(){$"<span class=\"\"><span class=\"{Icons.NwGroup}\"></span> <span><b><span class=\"\" ><span class=\"\">Area1 (NA50)</span></span></b></span></span>",
                                              $"<span class=\"\"><span class=\"{Icons.AppRole}\"></span> <span><b><span class=\"text-danger\" ><i><span class=\"\">!AppRole1 (AR5000001)</span></i></span></b></span></span>",
-                                             $"<span class=\"\"><span class=\"{Icons.AppServer}\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside1 (10.0.0.0)</span></span></span></span>",
-                                             $"<span class=\"\"><span class=\"{Icons.AppServer}\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside2 (10.0.0.5)</span></span></span></span>"};
-            List<string> expectedDst = new(){$"<span class=\"text-secondary\"><span class=\"{Icons.AppServer}\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside3 (11.0.0.1)</span></span></span></span>"};
+                                             $"<span class=\"\"><span class=\"{Icons.Host}\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside1 (10.0.0.0)</span></span></span></span>",
+                                             $"<span class=\"\"><span class=\"{Icons.Host}\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside2 (10.0.0.5)</span></span></span></span>"};
+            List<string> expectedDst = new(){$"<span class=\"text-secondary\"><span class=\"{Icons.Host}\"></span> <span class=\"\" ><span class=\"\" ><span class=\"\">AppServerInside3 (11.0.0.1)</span></span></span></span>"};
             List<string> expectedSvc = new(){$"<span class=\"text-secondary\"><span class=\"{Icons.ServiceGroup}\"></span> <span><b>SvcGroup1</b></span></span>",
                                              $"<span class=\"text-secondary\"><span class=\"{Icons.Service}\"></span> <span>Svc1 (1111/UDP)</span></span>"};
             Assert.AreEqual(expectedSrc, AppHandler.GetSrcNames(conn));
diff --git a/roles/ui/files/FWO.UI/Pages/Compliance/ComplianceLayout.razor b/roles/ui/files/FWO.UI/Pages/Compliance/ComplianceLayout.razor
index 25e45905c..6893fc07f 100644
--- a/roles/ui/files/FWO.UI/Pages/Compliance/ComplianceLayout.razor
+++ b/roles/ui/files/FWO.UI/Pages/Compliance/ComplianceLayout.razor
@@ -15,18 +15,18 @@
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/compliance/zones/configuration">
-                        <span class="oi oi-cog"></span> @(userConfig.GetText("configuration"))
+                        <span class="@Icons.Settings"></span> @(userConfig.GetText("configuration"))
                     </NavLink>
                 </li>
             </AuthorizeView>
             <li class="nav-item px-2">
                 <NavLink class="nav-link" href="/compliance/zones/matrix">
-                    <span class="oi oi-grid-four-up"></span> @(userConfig.GetText("matrix"))
+                    <span class="@Icons.Matrix"></span> @(userConfig.GetText("matrix"))
                 </NavLink>
             </li>
             <li class="nav-item px-2">
                 <NavLink class="nav-link" href="/compliance/zones/checks">
-                    <span class="oi oi-check"></span> @(userConfig.GetText("checks"))
+                    <span class="@Icons.Check"></span> @(userConfig.GetText("checks"))
                 </NavLink>
             </li>
         </ul>
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpApiSidebar.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpApiSidebar.cshtml
index d8078a011..2512706e6 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpApiSidebar.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpApiSidebar.cshtml
@@ -1,4 +1,6 @@
 @using FWO.Config.Api
+@using FWO.Api.Data
+
 @inject UserConfig userConfig
 
 <nav class="sidebar fixed sidebar-help shadow">
@@ -8,50 +10,50 @@
                 <p></p>
                 <h5>@userConfig.GetText("api_general")</h5>
                 <a class="nav-link" href="/help/API/security/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-shield"></span> @userConfig.GetText("security")
+                    <span class="@Icons.Security"></span> @userConfig.GetText("security")
                 </a>
                 <a class="nav-link" href="/help/API/login/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-account-login"></span> @userConfig.GetText("login")
+                    <span class="@Icons.Login"></span> @userConfig.GetText("login")
                 </a>
                 <a class="nav-link" href="/help/API/logout/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-account-logout"></span> @userConfig.GetText("logout")
+                    <span class="@Icons.Logout"></span> @userConfig.GetText("logout")
                 </a>
                 <p></p>
 
                 <h5>@userConfig.GetText("api_user_mgmt")</h5>
                 <a class="nav-link" href="/help/API/userAuth/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-command"></span> @userConfig.GetText("api_user_mgmt_head")
+                    <span class="@Icons.RestDoku"></span> @userConfig.GetText("api_user_mgmt_head")
                 </a>
                 <p></p>
 
                 <h5>@userConfig.GetText("api_fwo")</h5>
                 <a class="nav-link" href="/help/API/graphql/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-inbox"></span> @userConfig.GetText("graphql")
+                    <span class="@Icons.GraphQL"></span> @userConfig.GetText("graphql")
                 </a>
                 <a class="nav-link" href="/help/API/hasura/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-shield"></span> @userConfig.GetText("hasura")
+                    <span class="@Icons.Hasura"></span> @userConfig.GetText("hasura")
                 </a>
                 <a class="nav-link" href="/help/API/links/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-data-transfer-download"></span> @userConfig.GetText("further_reading")
+                    <span class="@Icons.FurtherReading"></span> @userConfig.GetText("further_reading")
                 </a>
 
                 <a class="nav-link" href="/help/API/query/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-eye"></span> @userConfig.GetText("sample_queries")
+                    <span class="@Icons.Example"></span> @userConfig.GetText("sample_queries")
                 </a>
                 <a class="nav-link" href="/help/API/mutation/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-command"></span> @userConfig.GetText("sample_mutation")
+                    <span class="@Icons.Example"></span> @userConfig.GetText("sample_mutation")
                 </a>
                 <a class="nav-link" href="/help/API/reporting/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-spreadsheet"></span> @userConfig.GetText("reporting")
+                    <span class="@Icons.Reporting"></span> @userConfig.GetText("reporting")
                 </a>
                 <p></p>
 
                 <h5>@userConfig.GetText("import_interfaces")</h5>
                 <a class="nav-link" href="/help/API/appdataimport/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-people"></span> @userConfig.GetText("import_app_data")
+                    <span class="@Icons.UserGroup"></span> @userConfig.GetText("import_app_data")
                 </a>
                 <a class="nav-link" href="/help/API/subnetdataimport/?lang=@($"{userConfig.User.Language}")">
-                    <span class="oi oi-folder"></span> @userConfig.GetText("import_subnet_data")
+                    <span class="@Icons.NwGroup"></span> @userConfig.GetText("import_subnet_data")
                 </a>
             </ul>
         </div>
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpLayout.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpLayout.cshtml
index 27b122c8f..88b0a1381 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpLayout.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpLayout.cshtml
@@ -1,4 +1,6 @@
 @using FWO.Config.Api
+@using FWO.Api.Data
+
 @inject UserConfig userConfig
 
 <!DOCTYPE html>
@@ -19,37 +21,37 @@
             <ul class="navbar-nav me-auto">
                 <li class="nav-item px-2">
                     <a class="nav-link" href="/help/reporting/?lang=@($"{userConfig.GetUserLanguage()}")">
-                        <span class="oi oi-spreadsheet"></span> @userConfig.GetText("reporting")
+                        <span class="@Icons.Reporting"></span> @userConfig.GetText("reporting")
                     </a>
                 </li>
                 <li class="nav-item px-2">
                     <a class="nav-link" href="/help/workflow/?lang=@($"{userConfig.GetUserLanguage()}")">
-                        <span class="oi oi-comment-square"></span> @userConfig.GetText("workflow")
+                        <span class="@Icons.Workflow"></span> @userConfig.GetText("workflow")
                     </a>
                 </li>
                 <li class="nav-item px-2">
                     <a class="nav-link" href="/help/recertification/?lang=@($"{userConfig.GetUserLanguage()}")">
-                        <span class="oi oi-badge"></span> @userConfig.GetText("recertification")
+                        <span class="@Icons.Recertification"></span> @userConfig.GetText("recertification")
                     </a>
                 </li>
                 <li class="nav-item px-2">
                     <a class="nav-link" href="/help/modelling/?lang=@($"{userConfig.GetUserLanguage()}")">
-                        <span class="oi oi-puzzle-piece"></span> @userConfig.GetText("modelling")
+                        <span class="@Icons.Modelling"></span> @userConfig.GetText("modelling")
                     </a>
                 </li>
                 <li class="nav-item px-2">
                     <a class="nav-link" href="/help/monitoring/?lang=@($"{userConfig.GetUserLanguage()}")">
-                        <span class="oi oi-monitor"></span> @userConfig.GetText("monitoring")
+                        <span class="@Icons.Monitoring"></span> @userConfig.GetText("monitoring")
                     </a>
                 </li>
                 <li class="nav-item px-2">
                     <a class="nav-link" href="/help/settings/?lang=@($"{userConfig.GetUserLanguage()}")">
-                        <span class="oi oi-cog"></span> @userConfig.GetText("settings")
+                        <span class="@Icons.Settings"></span> @userConfig.GetText("settings")
                     </a>
                 </li>
                 <li class="nav-item px-2">
                     <a class="nav-link" href="/help/API/?lang=@($"{userConfig.GetUserLanguage()}")">
-                        <span class="oi oi-eye"></span> @userConfig.GetText("api")
+                        <span class="@Icons.Api"></span> @userConfig.GetText("api")
                     </a>
                 </li>                
             </ul>
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpModellingSidebar.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpModellingSidebar.cshtml
index 258284236..679a4c9b6 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpModellingSidebar.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpModellingSidebar.cshtml
@@ -1,4 +1,6 @@
 @using FWO.Config.Api
+@using FWO.Api.Data
+
 @inject UserConfig userConfig
 
 <nav class="sidebar fixed sidebar-help shadow">
@@ -8,16 +10,16 @@
                 <p></p>
                 <h5>@userConfig.GetText("modelling")</h5>
                 <a class="nav-link" href="/help/modelling/applications/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-flag"></span> @(userConfig.GetText("applications"))
+                    <span class="@Icons.Owner"></span> @(userConfig.GetText("applications"))
                 </a>
                 <a class="nav-link" href="/help/modelling/connections/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-transfer"></span> @(userConfig.GetText("connections"))
+                    <span class="@Icons.Connection"></span> @(userConfig.GetText("connections"))
                 </a>
                 <a class="nav-link" href="/help/modelling/networkobjects/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-laptop"></span> @(userConfig.GetText("network_objects"))
+                    <span class="@Icons.NwObject"></span> @(userConfig.GetText("network_objects"))
                 </a>
                 <a class="nav-link" href="/help/modelling/services/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-wrench"></span> @(userConfig.GetText("services"))
+                    <span class="@Icons.Service"></span> @(userConfig.GetText("services"))
                 </a>
 
             </ul>
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpMonitoringSidebar.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpMonitoringSidebar.cshtml
index 030e7a300..260f0dcd6 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpMonitoringSidebar.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpMonitoringSidebar.cshtml
@@ -1,4 +1,6 @@
 @using FWO.Config.Api
+@using FWO.Api.Data
+
 @inject UserConfig userConfig
 
 <nav class="bg-gray fixed sidebar-help shadow">
@@ -8,31 +10,31 @@
                 <p></p>
                 <h5>@(userConfig.GetText("alerts"))</h5>
                 <a class="nav-link" href="/help/monitoring/open_alerts/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-bell"></span> @(userConfig.GetText("open_alerts"))
+                    <span class="@Icons.Alarm"></span> @(userConfig.GetText("open_alerts"))
                 </a>
                 <a class="nav-link" href="/help/monitoring/all_alerts/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-bell"></span> @(userConfig.GetText("all_alerts"))
+                    <span class="@Icons.Alarm"></span> @(userConfig.GetText("all_alerts"))
                 </a>
                 <p></p>
                 <h5>@(userConfig.GetText("background_checks"))</h5>
                 <a class="nav-link" href="/help/monitoring/autodiscovery/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-magnifying-glass"></span> @(userConfig.GetText("autodiscovery"))
+                    <span class="@Icons.Search"></span> @(userConfig.GetText("autodiscovery"))
                 </a>
                 <a class="nav-link" href="/help/monitoring/daily_checks/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-check"></span> @(userConfig.GetText("daily_checks"))
+                    <span class="@Icons.Check"></span> @(userConfig.GetText("daily_checks"))
                 </a>
                 <p></p>
                 <h5>@(userConfig.GetText("import"))</h5>
                 <a class="nav-link" href="/help/monitoring/import_status/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-data-transfer-download"></span> @(userConfig.GetText("import_status"))
+                    <span class="@Icons.Import"></span> @(userConfig.GetText("import_status"))
                 </a>
                 <a class="nav-link" href="/help/monitoring/import_logs/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-data-transfer-download"></span> @(userConfig.GetText("import_logs"))
+                    <span class="@Icons.Import"></span> @(userConfig.GetText("import_logs"))
                 </a>
                 <p></p>
                 <h5>@(userConfig.GetText("personal"))</h5>
                 <a class="nav-link" href="/help/monitoring/ui_messages/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-monitor"></span> @(userConfig.GetText("ui_messages"))
+                    <span class="@Icons.UiMessages"></span> @(userConfig.GetText("ui_messages"))
                 </a>
             </ul>
         </div>
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpRecertificationSidebar.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpRecertificationSidebar.cshtml
index d929872e3..5e1bb0d2f 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpRecertificationSidebar.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpRecertificationSidebar.cshtml
@@ -1,4 +1,6 @@
 @using FWO.Config.Api
+@using FWO.Api.Data
+
 @inject UserConfig userConfig
 
 <nav class="sidebar fixed sidebar-help shadow">
@@ -8,16 +10,16 @@
                 <p></p>
                 <h5>@(userConfig.GetText("recertification"))</h5>
                 <a class="nav-link" href="/help/recertification/recert_require/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-eye"></span> @(userConfig.GetText("requirements"))
+                    <span class="@Icons.Requirement"></span> @(userConfig.GetText("requirements"))
                 </a>
                 <a class="nav-link" href="/help/recertification/workflow/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-data-transfer-download"></span> @(userConfig.GetText("workflow"))
+                    <span class="@Icons.Workflow"></span> @(userConfig.GetText("workflow"))
                 </a>
                 <a class="nav-link" href="/help/recertification/recert_logic/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-cog"></span> @(userConfig.GetText("recert_logic"))
+                    <span class="@Icons.Settings"></span> @(userConfig.GetText("recert_logic"))
                 </a>
                 <a class="nav-link" href="/help/recertification/owner_import/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-people"></span> @(userConfig.GetText("owner_import"))
+                    <span class="@Icons.UserGroup"></span> @(userConfig.GetText("owner_import"))
                 </a>
             </ul>
         </div>
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpReportingSidebar.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpReportingSidebar.cshtml
index 72be40b7e..b4e4d046f 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpReportingSidebar.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpReportingSidebar.cshtml
@@ -1,4 +1,6 @@
 @using FWO.Config.Api
+@using FWO.Api.Data
+
 @inject UserConfig userConfig
 
 <nav class="sidebar fixed sidebar-help shadow">
@@ -8,31 +10,31 @@
                 <p></p>
                 <h5>@userConfig.GetText("reporting")</h5>
                 <a class="nav-link" href="/help/reporting/reporttypes/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-list"></span> @(userConfig.GetText("report_types"))
+                    <span class="@Icons.Type"></span> @(userConfig.GetText("report_types"))
                 </a>
                 <a class="nav-link" href="/help/reporting/filter/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-eye"></span> @(userConfig.GetText("filter_syntax"))
+                    <span class="@Icons.Filter"></span> @(userConfig.GetText("filter_syntax"))
                 </a>
                 <a class="nav-link" href="/help/reporting/templates/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-document"></span> @(userConfig.GetText("templates"))
+                    <span class="@Icons.Template"></span> @(userConfig.GetText("templates"))
                 </a>
                 <a class="nav-link" href="/help/reporting/export/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-arrow-thick-right"></span> @(userConfig.GetText("export"))
+                    <span class="@Icons.Export"></span> @(userConfig.GetText("export"))
                 </a>
                 <a class="nav-link" href="/help/reporting/scheduling/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-timer"></span> @(userConfig.GetText("scheduling"))
+                    <span class="@Icons.Schedule"></span> @(userConfig.GetText("scheduling"))
                 </a>
                 <a class="nav-link" href="/help/reporting/archive/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-hard-drive"></span> @(userConfig.GetText("archive"))
+                    <span class="@Icons.Archive"></span> @(userConfig.GetText("archive"))
                 </a>
                 <a class="nav-link" href="/help/reporting/output/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-share"></span> @(userConfig.GetText("report_data_output"))
+                    <span class="@Icons.Output"></span> @(userConfig.GetText("report_data_output"))
                 </a>
                 <a class="nav-link" href="/help/reporting/leftside/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-collapse-left"></span> @(userConfig.GetText("left_sidebar"))
+                    <span class="@Icons.CollapseLeft"></span> @(userConfig.GetText("left_sidebar"))
                 </a>
                 <a class="nav-link" href="/help/reporting/rightside/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-collapse-right"></span> @(userConfig.GetText("right_sidebar"))
+                    <span class="@Icons.CollapseRight"></span> @(userConfig.GetText("right_sidebar"))
                 </a>
             </ul>
         </div>
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsSidebar.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsSidebar.cshtml
index a5b788f14..028a24ded 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsSidebar.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsSidebar.cshtml
@@ -1,4 +1,6 @@
 @using FWO.Config.Api
+@using FWO.Api.Data
+
 @inject UserConfig userConfig
 
 <nav class="sidebar fixed sidebar-help shadow">
@@ -8,87 +10,87 @@
                 <p></p>
                 <h5>@(userConfig.GetText("devices"))</h5>
                 <a class="nav-link" href="/help/settings/credentials/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-key"></span> @(userConfig.GetText("import_credential"))
+                    <span class="@Icons.Credential"></span> @(userConfig.GetText("import_credential"))
                 </a>
                 <a class="nav-link" href="/help/settings/managements/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-inbox"></span> @(userConfig.GetText("managements"))
+                    <span class="@Icons.Management"></span> @(userConfig.GetText("managements"))
                 </a>
                 <a class="nav-link" href="/help/settings/gateways/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-shield"></span> @(userConfig.GetText("gateways"))
+                    <span class="@Icons.Gateway"></span> @(userConfig.GetText("gateways"))
                 </a>
                 <p></p>
                 <h5>@(userConfig.GetText("authorization"))</h5>
                 <a class="nav-link" href="/help/settings/ldap/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-key"></span> @(userConfig.GetText("ldap_conns"))
+                    <span class="@Icons.Ldap"></span> @(userConfig.GetText("ldap_conns"))
                 </a>
                 <a class="nav-link" href="/help/settings/tenants/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-command"></span> @(userConfig.GetText("tenants"))
+                    <span class="@Icons.Tenant"></span> @(userConfig.GetText("tenants"))
                 </a>
                 <a class="nav-link" href="/help/settings/users/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-person"></span> @(userConfig.GetText("users"))
+                    <span class="@Icons.User"></span> @(userConfig.GetText("users"))
                 </a>
                 <a class="nav-link" href="/help/settings/groups/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-people"></span> @(userConfig.GetText("groups"))
+                    <span class="@Icons.UserGroup"></span> @(userConfig.GetText("groups"))
                 </a>
                 <a class="nav-link" href="/help/settings/roles/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-tags"></span> @(userConfig.GetText("roles"))
+                    <span class="@Icons.Role"></span> @(userConfig.GetText("roles"))
                 </a>
                 <a class="nav-link" href="/help/settings/owners/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-flag"></span> @(userConfig.GetText("owners"))
+                    <span class="@Icons.Owner"></span> @(userConfig.GetText("owners"))
                 </a>
                 <p></p>
                 <h5>@(userConfig.GetText("defaults"))</h5>
                 <a class="nav-link" href="/help/settings/email/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-envelope-open"></span> @(userConfig.GetText("email_settings"))
+                    <span class="@Icons.Email"></span> @(userConfig.GetText("email_settings"))
                 </a>
                 <a class="nav-link" href="/help/settings/importer/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-arrow-right"></span> @(userConfig.GetText("importer_settings"))
+                    <span class="@Icons.Import"></span> @(userConfig.GetText("importer_settings"))
                 </a>
                 <a class="nav-link" href="/help/settings/defaults/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-cog"></span> @(userConfig.GetText("standards"))
+                    <span class="@Icons.Settings"></span> @(userConfig.GetText("standards"))
                 </a>
                 <a class="nav-link" href="/help/settings/recertificationgeneral/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-badge"></span> @(userConfig.GetText("recertification"))
+                    <span class="@Icons.Recertification"></span> @(userConfig.GetText("recertification"))
                 </a>
                 <a class="nav-link" href="/help/settings/modelling/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-puzzle-piece"></span> @(userConfig.GetText("modelling"))
+                    <span class="@Icons.Modelling"></span> @(userConfig.GetText("modelling"))
                 </a>
                 <a class="nav-link" href="/help/settings/passwordpolicy/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-document"></span> @(userConfig.GetText("password_policy"))
+                    <span class="@Icons.Policy"></span> @(userConfig.GetText("password_policy"))
                 </a>
                 <a class="nav-link" href="/help/settings/customtexts/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-text"></span> @(userConfig.GetText("customize_texts"))
+                    <span class="@Icons.Text"></span> @(userConfig.GetText("customize_texts"))
                 </a>
                 <p></p>
                 <h5>@(userConfig.GetText("workflow"))</h5>
                 <a class="nav-link" href="/help/settings/stateactions/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-arrow-right"></span> @(userConfig.GetText("state_actions"))
+                    <span class="@Icons.Action"></span> @(userConfig.GetText("state_actions"))
                 </a>
                 <a class="nav-link" href="/help/settings/statedefinitions/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-tag"></span> @(userConfig.GetText("state_definitions"))
+                    <span class="@Icons.State"></span> @(userConfig.GetText("state_definitions"))
                 </a>
                 <a class="nav-link" href="/help/settings/statematrix/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-loop-square"></span> @(userConfig.GetText("state_matrix"))
+                    <span class="@Icons.Matrix"></span> @(userConfig.GetText("state_matrix"))
                 </a>
                 <a class="nav-link" href="/help/settings/workflowcustomizing/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-cog"></span> @(userConfig.GetText("customizing"))
+                    <span class="@Icons.Settings"></span> @(userConfig.GetText("customizing"))
                 </a>
                 <p></p>
                 <h5>@(userConfig.GetText("personal"))</h5>
                 <a class="nav-link" href="/help/settings/password/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-account-login"></span> @(userConfig.GetText("password"))
+                    <span class="@Icons.Login"></span> @(userConfig.GetText("password"))
                 </a>
                 <a class="nav-link" href="/help/settings/language/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-comment-square"></span> @(userConfig.GetText("language"))
+                    <span class="@Icons.Language"></span> @(userConfig.GetText("language"))
                 </a>
                 <a class="nav-link" href="/help/settings/report/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-list"></span> @(userConfig.GetText("reporting"))
+                    <span class="@Icons.Reporting"></span> @(userConfig.GetText("reporting"))
                 </a>
                 <a class="nav-link" href="/help/settings/recertificationpersonal/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-badge"></span> @(userConfig.GetText("recertification"))
+                    <span class="@Icons.Recertification"></span> @(userConfig.GetText("recertification"))
                 </a>
                 <a class="nav-link" href="/help/settings/modellingpersonal/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-puzzle-piece"></span> @(userConfig.GetText("modelling"))
+                    <span class="@Icons.Modelling"></span> @(userConfig.GetText("modelling"))
                 </a>
             </ul>
         </div>
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpWorkflowSidebar.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpWorkflowSidebar.cshtml
index 21a0b7752..f03cb97a8 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpWorkflowSidebar.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpWorkflowSidebar.cshtml
@@ -1,4 +1,6 @@
 @using FWO.Config.Api
+@using FWO.Api.Data
+
 @inject UserConfig userConfig
 
 <nav class="sidebar fixed sidebar-help shadow">
@@ -8,25 +10,25 @@
                 <p></p>
                 <h5>@(userConfig.GetText("workflow"))</h5>
                 <a class="nav-link" href="/help/workflow/objects/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-layers"></span> @(userConfig.GetText("objects"))
+                    <span class="@Icons.Tickets"></span> @(userConfig.GetText("objects"))
                 </a>
                 <a class="nav-link" href="/help/workflow/tasktypes/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-browser"></span> @(userConfig.GetText("task_types"))
+                    <span class="@Icons.Type"></span> @(userConfig.GetText("task_types"))
                 </a>
                 <a class="nav-link" href="/help/workflow/phases/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-loop-square"></span> @(userConfig.GetText("phases_roles"))
+                    <span class="@Icons.Phase"></span> @(userConfig.GetText("phases_roles"))
                 </a>
                 <a class="nav-link" href="/help/workflow/states/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-tag"></span> @(userConfig.GetText("state_handling"))
+                    <span class="@Icons.State"></span> @(userConfig.GetText("state_handling"))
                 </a>
                 <a class="nav-link" href="/help/workflow/actions/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-arrow-right"></span> @(userConfig.GetText("actions"))
+                    <span class="@Icons.Action"></span> @(userConfig.GetText("actions"))
                 </a>
                 <a class="nav-link" href="/help/workflow/checklist/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-check"></span> @(userConfig.GetText("checklist"))
+                    <span class="@Icons.Check"></span> @(userConfig.GetText("checklist"))
                 </a>
                 <a class="nav-link" href="/help/workflow/examples/?lang=@($"{userConfig.GetUserLanguage()}")">
-                    <span class="oi oi-eye"></span> @(userConfig.GetText("examples"))
+                    <span class="@Icons.Example"></span> @(userConfig.GetText("examples"))
                 </a>
             </ul>
         </div>
diff --git a/roles/ui/files/FWO.UI/Pages/Login.razor b/roles/ui/files/FWO.UI/Pages/Login.razor
index c79a1935c..09c2347e2 100644
--- a/roles/ui/files/FWO.UI/Pages/Login.razor
+++ b/roles/ui/files/FWO.UI/Pages/Login.razor
@@ -38,7 +38,7 @@
                     @if (loginInProgress == false)
                     {
                         <button type="submit" class="btn btn-block btn-primary mt-3" @onclick:preventDefault="true" @onclick="LoginSubmit">@(globalConfig.GetText("login"))</button>
-                        @* <button type="submit" class="btn btn-block btn-primary" @onclick:preventDefault="true" @onclick="LoginSubmit"><div class="oi oi-account-login"></div></button> *@
+                        @* <button type="submit" class="btn btn-block btn-primary" @onclick:preventDefault="true" @onclick="LoginSubmit"><div class="@Icons.Login"></div></button> *@
                     }
                     else
                     {
@@ -71,7 +71,7 @@
                 </div>
                 @if (passwordChangeInProgress == false)
                 {
-                    <button type="button" class="btn btn-block btn-primary mt-2" @onclick:preventDefault="true" @onclick="ChangePassword"><div class="oi oi-account-login"></div></button>
+                    <button type="button" class="btn btn-block btn-primary mt-2" @onclick:preventDefault="true" @onclick="ChangePassword"><div class="@Icons.Login"></div></button>
                 }
                 else
                 {
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsUser.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsUser.razor
index 803d400ab..0cb75a176 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsUser.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsUser.razor
@@ -24,7 +24,7 @@
 
 <button type="button" class="btn btn-sm btn-danger">
     <NavLink class="nav-link text-white" href="/logout">
-        <span class="oi oi-account-logout"></span> @(userConfig.GetText("logout"))
+        <span class="@Icons.Logout"></span> @(userConfig.GetText("logout"))
     </NavLink>
 </button>
 
diff --git a/roles/ui/files/FWO.UI/Shared/Collapse.razor b/roles/ui/files/FWO.UI/Shared/Collapse.razor
index 879f1b76e..e4e5265fd 100644
--- a/roles/ui/files/FWO.UI/Shared/Collapse.razor
+++ b/roles/ui/files/FWO.UI/Shared/Collapse.razor
@@ -1,10 +1,11 @@
 @using FWO.Ui.Data
+@using FWO.Api.Data
 
 @implements IDisposable
 
 <div class="w-100 card @Class" style="border: transparent;">
     <div class="btn-group btn-group-sm w-100">
-        <button type="button" class="btn btn-@Style" @onclick="ToggleCollapse"> <span class="oi oi-@(show ? "collapse-up" : "collapse-down")"></span> </button>
+        <button type="button" class="btn btn-@Style" @onclick="ToggleCollapse"> <span class="@(show ? Icons.CollapseUp : Icons.CollapseDown)"></span> </button>
         <button type="button" class="btn btn-sm btn-@Style disabled text-left" style="width: calc(100% - 50px) !important;" @onclick="ToggleCollapse">
             @if (UseHtmlTitle)
                 @TitleWithHtml
diff --git a/roles/ui/files/FWO.UI/Shared/ContentSwap.razor b/roles/ui/files/FWO.UI/Shared/ContentSwap.razor
index 2ffeae900..4dea340df 100644
--- a/roles/ui/files/FWO.UI/Shared/ContentSwap.razor
+++ b/roles/ui/files/FWO.UI/Shared/ContentSwap.razor
@@ -1,7 +1,9 @@
-<div class="w-100 card">
+@using FWO.Api.Data
+
+<div class="w-100 card">
     <div class="btn-group w-100">
         <button type="button" class="btn btn-sm btn-block text-sm-left" @ondblclick="SwapContent">@(swapped ? Title2 : Title1)</button>
-        <button type="button" class="btn btn-sm btn-secondary" @onclick="SwapContent"><span class="oi oi-loop-circular"></span></button>
+        <button type="button" class="btn btn-sm btn-secondary" @onclick="SwapContent"><span class="@Icons.Swap"></span></button>
     </div>
     @if (swapped)
     {
diff --git a/roles/ui/files/FWO.UI/Shared/Dropdown.razor b/roles/ui/files/FWO.UI/Shared/Dropdown.razor
index 11a3d50e0..5a34431ae 100644
--- a/roles/ui/files/FWO.UI/Shared/Dropdown.razor
+++ b/roles/ui/files/FWO.UI/Shared/Dropdown.razor
@@ -1,5 +1,6 @@
 @using System.Reflection
 @using System.Diagnostics;
+@using FWO.Api.Data
 @typeparam ElementType
 
 @inject DomEventService eventService
@@ -7,7 +8,7 @@
 
 <div id="@($"dropdown-{Id}")" class="input-group @(Small ? "input-group-sm" : "")">
 	<label id="@($"dropdown-input-prepend-{Id}")" class="input-group-text d-flex justify-content-center" style="width: 40px;" for="@($"dropdown-input-{Id}")">
-		<span id="@($"dropdown-input-prepend-icon-{Id}")" class="oi oi-magnifying-glass"></span>
+		<span id="@($"dropdown-input-prepend-icon-{Id}")" class="@Icons.Search"></span>
 	</label>
 	<input type="text" id="@($"dropdown-input-{Id}")" class="@InputClass form-control" style="@($"width: calc(100% - {40 + AppendWidth}px);")" @onclick="ShowMenu" @onfocus="ClearFilter" @oninput="Filter" @bind="searchValue" />
 	@if (Append != null)
@@ -29,7 +30,7 @@
 							@ElementTemplate(element)
 							@if ((Nullable || Multiselect))
 							{
-								<i id="@($"dropdown-menu-selected-x-{Id + i++}")" class="ms-2 oi oi-x"></i>
+								<i id="@($"dropdown-menu-selected-x-{Id + i++}")" class="ms-2 @(Icons.Close)"></i>
 							}
 						</div>
 					</button>
diff --git a/roles/ui/files/FWO.UI/Shared/EditList.razor b/roles/ui/files/FWO.UI/Shared/EditList.razor
index 4c5c17689..2ba45d62b 100644
--- a/roles/ui/files/FWO.UI/Shared/EditList.razor
+++ b/roles/ui/files/FWO.UI/Shared/EditList.razor
@@ -1,4 +1,6 @@
-@typeparam ElementType
+@using FWO.Api.Data
+
+@typeparam ElementType
 
 <ul class="list-group @(StdLayout ? "mb-2" : "")">
 	@for (int i = 0; i < ElementsToAdd.Count; i++)
@@ -7,7 +9,7 @@
 		<li class="bg-success-subtle @(StdLayout ? StdClass : AltClass) d-flex justify-content-between">
 			<div class="@(StdLayout ? "" : AltElemClass)">@(Display(ElementsToAdd[i]))</div>
 			<span @onclick="() => {ElementsToAdd.Remove(ElementsToAdd[j]);AfterRemoveAction();}" class="@(StdLayout ? "" : AltButtonClass) badge bg-danger">
-				<i class="oi oi-x text-light"></i>
+				<i class="@(Icons.Close) text-light"></i>
 			</span>
 		</li>
 	}
diff --git a/roles/ui/files/FWO.UI/Shared/HelpLink.razor b/roles/ui/files/FWO.UI/Shared/HelpLink.razor
index 633bf096f..262dbe548 100644
--- a/roles/ui/files/FWO.UI/Shared/HelpLink.razor
+++ b/roles/ui/files/FWO.UI/Shared/HelpLink.razor
@@ -1,8 +1,10 @@
-@inject UserConfig userConfig
+@using FWO.Api.Data
+
+@inject UserConfig userConfig
 @inject IJSRuntime jsRuntime
 
 <NavLink class="nav-link" target="_blank" rel="noopener noreferrer" href="@($"/help/{Page}?lang={userConfig.GetUserLanguage()}")">
-    <span class="oi oi-info ms-2"></span> @ChildContent
+    <span class="@(Icons.Help) ms-2"></span> @ChildContent
 </NavLink>
 
 @code
diff --git a/roles/ui/files/FWO.UI/Shared/MainLayout.razor b/roles/ui/files/FWO.UI/Shared/MainLayout.razor
index 60c760893..43ff114b8 100644
--- a/roles/ui/files/FWO.UI/Shared/MainLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/MainLayout.razor
@@ -38,7 +38,7 @@
     <div class="@cssClass">
         <div class="d-flex flex-row justify-content-between">
             <div>@dialogTitle - @dialogMessage</div>
-            <div class="oi oi-x" @onclick="@(() => { messageDialogShow = false; StateHasChanged();})"></div>
+            <div class="@Icons.Close" @onclick="@(() => { messageDialogShow = false; StateHasChanged();})"></div>
         </div>
     </div>
 }
@@ -48,7 +48,7 @@
         <p>@(reloginDialogText)</p>
         <div class="input-group">
             <div class="input-group-prepend">
-                <span class="input-group-text"><span class="oi oi-lock-locked"></span></span>               
+                <span class="input-group-text"><span class="@Icons.Locked"></span></span>               
             </div>
             <input type="password" class="form-control @reloginCssClass" @bind="password" placeholder="@(userConfig.GetText("password"))" @bind:event="oninput" @onkeypress="@KeyHandler">
         </div>
diff --git a/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor b/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
index 14d09f8c6..be6dc4dab 100644
--- a/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
@@ -16,12 +16,12 @@
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="monitoring/main">
-                        <span class="oi oi-bell"></span> @(userConfig.GetText("open_alerts"))
+                        <span class="@Icons.Alarm"></span> @(userConfig.GetText("open_alerts"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="monitoring/alerts">
-                        <span class="oi oi-bell"></span> @(userConfig.GetText("all_alerts"))
+                        <span class="@Icons.Alarm"></span> @(userConfig.GetText("all_alerts"))
                     </NavLink>
                 </li>
                 <hr />
@@ -30,12 +30,12 @@
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="monitoring/autodiscovery_logs">
-                        <span class="oi oi-magnifying-glass"></span> @(userConfig.GetText("autodiscovery"))
+                        <span class="@Icons.Search"></span> @(userConfig.GetText("autodiscovery"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="monitoring/daily_check_logs">
-                        <span class="oi oi-check"></span> @(userConfig.GetText("daily_checks"))
+                        <span class="@Icons.Check"></span> @(userConfig.GetText("daily_checks"))
                     </NavLink>
                 </li>
                 <hr />
@@ -44,12 +44,12 @@
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="monitoring/import_status">
-                        <span class="oi oi-data-transfer-download"></span> @(userConfig.GetText("import_status"))
+                        <span class="@Icons.Import"></span> @(userConfig.GetText("import_status"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="monitoring/import_logs">
-                        <span class="oi oi-data-transfer-download"></span> @(userConfig.GetText("import_logs"))
+                        <span class="@Icons.Import"></span> @(userConfig.GetText("import_logs"))
                     </NavLink>
                 </li>
                 <hr />
@@ -59,13 +59,13 @@
             </li>
             <li class="nav-item px-2">
                 <NavLink class="nav-link" href="monitoring/ui_messages">
-                    <span class="oi oi-monitor"></span> @(userConfig.GetText("ui_messages"))
+                    <span class="@Icons.UiMessages"></span> @(userConfig.GetText("ui_messages"))
                 </NavLink>
             </li>
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="monitoring/monitor_all">
-                        <span class="oi oi-monitor"></span> @(userConfig.GetText("all"))
+                        <span class="@Icons.Monitoring"></span> @(userConfig.GetText("all"))
                     </NavLink>
                 </li>
             </AuthorizeView>
diff --git a/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor b/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
index 88c233e0e..8960ba0d9 100644
--- a/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
+++ b/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
@@ -21,42 +21,42 @@
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <a href="/report/generation" class="nav-link @(navigationManager.Uri.Contains("/report/") ? "active" : "")">
-                        <span class="oi oi-spreadsheet"></span> @(userConfig.GetText("reporting"))
+                        <span class="@Icons.Reporting"></span> @(userConfig.GetText("reporting"))
                     </a>
                 </li>
             </AuthorizeView>
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.FwAdmin}, {Roles.Auditor}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="@firstPage">
-                        <span class="oi oi-comment-square"></span> @(userConfig.GetText("workflow"))
+                        <span class="@Icons.Workflow"></span> @(userConfig.GetText("workflow"))
                     </NavLink>
                 </li>
             </AuthorizeView>
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Recertifier}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/certification">
-                        <span class="oi oi-badge"></span> @(userConfig.GetText("recertification"))
+                        <span class="@Icons.Recertification"></span> @(userConfig.GetText("recertification"))
                     </NavLink>
                 </li>
             </AuthorizeView>
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Modeller}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/networkmodelling">
-                        <span class="oi oi-puzzle-piece"></span> @(userConfig.GetText("modelling"))
+                        <span class="@Icons.Modelling"></span> @(userConfig.GetText("modelling"))
                     </NavLink>
                 </li>
             </AuthorizeView>
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Planner}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/network_analysis">
-                        <span class="oi oi-spreadsheet"></span> @(userConfig.GetText("network_analysis"))
+                        <span class="@Icons.NetworkAnalysis"></span> @(userConfig.GetText("network_analysis"))
                     </NavLink>
                 </li>
             </AuthorizeView>
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.Auditor}, {Roles.Approver}, {Roles.Planner}, {Roles.Implementer}, {Roles.Reviewer}, {Roles.ReporterViewAll}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/compliance/zones/matrix">
-                        <span class="oi oi-dashboard"></span> @(userConfig.GetText("compliance"))
+                        <span class="@Icons.Compliance"></span> @(userConfig.GetText("compliance"))
                     </NavLink>
                 </li>
             </AuthorizeView>
@@ -66,10 +66,10 @@
                 <li class="nav-item px-2">
                     @* d-flex align-items-center *@
                     <NavLink class="nav-link" href="/monitoring">
-                        <span class="oi oi-monitor">
+                        <span class="@Icons.Monitoring">
                             @if (ShowAlert)
                             {
-                                <span class="oi oi-bell" style="color: red; margin-left: 5px; width: 15px; height: 10px;"></span>
+                                <span class="@Icons.Alarm" style="color: red; margin-left: 5px; width: 15px; height: 10px;"></span>
                             }
                         </span>
                         @(userConfig.GetText("monitoring"))
@@ -77,7 +77,7 @@
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/settings">
-                        <span class="oi oi-cog"></span> @(userConfig.GetText("settings"))
+                        <span class="@Icons.Settings"></span> @(userConfig.GetText("settings"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
@@ -85,7 +85,7 @@
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="/settings/user">
-                        <span class="oi oi-person"></span> @(userConfig.User.Name.ToUpper())
+                        <span class="@Icons.User"></span> @(userConfig.User.Name.ToUpper())
                     </NavLink>
                 </li>
             </ul>
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index e55774160..64dec5ec4 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -303,34 +303,6 @@
         return GetIDPrefix(objCategory) + objId;
     }
 
-    @* private string GetIconClass(ObjCategory objCategory, string type)
-    {
-        switch (type)
-        {
-            case "group" when objCategory == ObjCategory.user:
-                return "oi oi-people";
-            case "group":
-                return "oi oi-list-rich";
-            case "host":
-                return "oi oi-laptop";
-            case "network":
-                return "oi oi-rss";
-            case "ip_range":
-                return "oi oi-resize-width";
-            default:
-                switch (objCategory)
-                {
-                    case ObjCategory.nobj:
-                        return "oi oi-laptop";
-                    case ObjCategory.nsrv:
-                        return "oi oi-wrench";
-                    case ObjCategory.user:
-                        return "oi oi-person";
-                }
-                return "";
-        }
-    } *@
-
     RenderFragment AddLinkToObject(ObjCategory objCategory, long objId, string type, string name)
     {
         RsbTab targetTab = Tab == RsbTab.all ? RsbTab.all : RsbTab.report;
diff --git a/roles/ui/files/FWO.UI/Shared/RequestLayout.razor b/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
index 6e58248f7..194a3b713 100644
--- a/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
@@ -21,7 +21,7 @@
                 <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}, {Roles.Requester}")">
                     <li class="nav-item px-2">
                         <NavLink class="nav-link" href="request/ticketsoverview">
-                            <span class="oi oi-layers"></span> @(userConfig.GetText("tickets"))
+                            <span class="@Icons.Tickets"></span> @(userConfig.GetText("tickets"))
                         </NavLink>
                     </li>
                 </AuthorizeView>
@@ -30,7 +30,7 @@
                     <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Requester}, {Roles.Auditor}")">
                         <li class="nav-item px-2">
                             <NavLink class="nav-link" href="request/tickets">
-                                <span class="oi oi-comment-square"></span> @(userConfig.GetText("create_ticket"))
+                                <span class="@Icons.Workflow"></span> @(userConfig.GetText("create_ticket"))
                             </NavLink>
                         </li>
                     </AuthorizeView>
@@ -40,7 +40,7 @@
                     <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Approver}, {Roles.Auditor}")">
                         <li class="nav-item px-2">
                             <NavLink class="nav-link" href="request/approvals">
-                                <span class="oi oi-check"></span> @(userConfig.GetText("approvals"))
+                                <span class="@Icons.Approval"></span> @(userConfig.GetText("approvals"))
                             </NavLink>
                         </li>
                     </AuthorizeView>
@@ -50,7 +50,7 @@
                     <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Planner}, {Roles.Auditor}, {Roles.FwAdmin}")">
                         <li class="nav-item px-2">
                             <NavLink class="nav-link" href="request/plannings">
-                                <span class="oi oi-project"></span> @(userConfig.GetText("plannings"))
+                                <span class="@Icons.Planning"></span> @(userConfig.GetText("plannings"))
                             </NavLink>
                         </li>
                     </AuthorizeView>
@@ -60,7 +60,7 @@
                     <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Implementer}, {Roles.Auditor}, {Roles.FwAdmin}")">
                         <li class="nav-item px-2">
                             <NavLink class="nav-link" href="request/implementations">
-                                <span class="oi oi-task"></span> @(userConfig.GetText("implementations"))
+                                <span class="@Icons.Implementation"></span> @(userConfig.GetText("implementations"))
                             </NavLink>
                         </li>
                     </AuthorizeView>
@@ -70,7 +70,7 @@
                     <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Reviewer}, {Roles.Auditor}")">
                         <li class="nav-item px-2">
                             <NavLink class="nav-link" href="request/reviews">
-                                <span class="oi oi-check"></span> @(userConfig.GetText("reviews"))
+                                <span class="@Icons.Review"></span> @(userConfig.GetText("reviews"))
                             </NavLink>
                         </li>
                     </AuthorizeView>
diff --git a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
index ab595e775..65b64d745 100644
--- a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
@@ -18,17 +18,17 @@
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/credentials">
-                        <span class="oi oi-key"></span> @(userConfig.GetText("import_credential"))
+                        <span class="@Icons.Credential"></span> @(userConfig.GetText("import_credential"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/managements">
-                        <span class="oi oi-inbox"></span> @(userConfig.GetText("managements"))
+                        <span class="@Icons.Management"></span> @(userConfig.GetText("managements"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/gateways">
-                        <span class="oi oi-shield"></span> @(userConfig.GetText("gateways"))
+                        <span class="@Icons.Gateway"></span> @(userConfig.GetText("gateways"))
                     </NavLink>
                 </li>
             </AuthorizeView>
@@ -41,36 +41,36 @@
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/ldap">
-                        <span class="oi oi-key"></span> @(userConfig.GetText("ldap_conns"))
+                        <span class="@Icons.Ldap"></span> @(userConfig.GetText("ldap_conns"))
                     </NavLink>
                 </li>
             </AuthorizeView>
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/tenants">
-                        <span class="oi oi-command"></span> @(userConfig.GetText("tenants"))
+                        <span class="@Icons.Tenant"></span> @(userConfig.GetText("tenants"))
                     </NavLink>
                 </li>
             </AuthorizeView>
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/users">
-                        <span class="oi oi-person"></span> @(userConfig.GetText("users"))
+                        <span class="@Icons.User"></span> @(userConfig.GetText("users"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/groups">
-                        <span class="oi oi-people"></span> @(userConfig.GetText("groups"))
+                        <span class="@Icons.UserGroup"></span> @(userConfig.GetText("groups"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/roles">
-                        <span class="oi oi-tags"></span> @(userConfig.GetText("roles"))
+                        <span class="@Icons.Role"></span> @(userConfig.GetText("roles"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/owners">
-                        <span class="oi oi-flag"></span> @(userConfig.GetText("owners"))
+                        <span class="@Icons.Owner"></span> @(userConfig.GetText("owners"))
                     </NavLink>
                 </li>
                 <hr />
@@ -79,37 +79,37 @@
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/email">
-                        <span class="oi oi-envelope-closed"></span> @(userConfig.GetText("email_settings"))
+                        <span class="@Icons.Email"></span> @(userConfig.GetText("email_settings"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/importer">
-                        <span class="oi oi-data-transfer-download"></span> @(userConfig.GetText("importer_settings"))
+                        <span class="@Icons.Import"></span> @(userConfig.GetText("importer_settings"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/defaults">
-                        <span class="oi oi-cog"></span> @(userConfig.GetText("standards"))
+                        <span class="@Icons.Settings"></span> @(userConfig.GetText("standards"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/recertificationgeneral">
-                        <span class="oi oi-badge"></span> @(userConfig.GetText("recertification"))
+                        <span class="@Icons.Recertification"></span> @(userConfig.GetText("recertification"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/modelling">
-                        <span class="oi oi-puzzle-piece"></span> @(userConfig.GetText("modelling"))
+                        <span class="@Icons.Modelling"></span> @(userConfig.GetText("modelling"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/passwordpolicy">
-                        <span class="oi oi-document"></span> @(userConfig.GetText("password_policy"))
+                        <span class="@Icons.Policy"></span> @(userConfig.GetText("password_policy"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/customtexts">
-                        <span class="oi oi-text"></span> @(userConfig.GetText("customize_texts"))
+                        <span class="@Icons.Text"></span> @(userConfig.GetText("customize_texts"))
                     </NavLink>
                 </li>
                 <hr />
@@ -118,22 +118,22 @@
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/stateactions">
-                        <span class="oi oi-arrow-right"></span> @(userConfig.GetText("state_actions"))
+                        <span class="@Icons.Action"></span> @(userConfig.GetText("state_actions"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/statedefinitions">
-                        <span class="oi oi-tag"></span> @(userConfig.GetText("state_definitions"))
+                        <span class="@Icons.State"></span> @(userConfig.GetText("state_definitions"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/statematrix">
-                        <span class="oi oi-loop-square"></span> @(userConfig.GetText("state_matrix"))
+                        <span class="@Icons.Matrix"></span> @(userConfig.GetText("state_matrix"))
                     </NavLink>
                 </li>
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/workflowcustomizing">
-                        <span class="oi oi-cog"></span> @(userConfig.GetText("customizing"))
+                        <span class="@Icons.Settings"></span> @(userConfig.GetText("customizing"))
                     </NavLink>
                 </li>
             </AuthorizeView>
@@ -143,28 +143,28 @@
             </li>
             <li class="nav-item px-2">
                 <NavLink class="nav-link" href="settings/password">
-                    <span class="oi oi-account-login"></span> @(userConfig.GetText("password"))
+                    <span class="@Icons.Login"></span> @(userConfig.GetText("password"))
                 </NavLink>
                 <NavLink class="nav-link" href="settings/language">
-                    <span class="oi oi-comment-square"></span> @(userConfig.GetText("language"))
+                    <span class="@Icons.Language"></span> @(userConfig.GetText("language"))
                 </NavLink>
                 <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Recertifier}, {Roles.Auditor}, {Roles.FwAdmin}")">
                     <NavLink class="nav-link" href="settings/report">
-                        <span class="oi oi-list"></span> @(userConfig.GetText("reporting"))
+                        <span class="@Icons.Reporting"></span> @(userConfig.GetText("reporting"))
                     </NavLink>
                 </AuthorizeView>
             </li>
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Recertifier}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/recertificationpersonal">
-                        <span class="oi oi-badge"></span> @(userConfig.GetText("recertification"))
+                        <span class="@Icons.Recertification"></span> @(userConfig.GetText("recertification"))
                     </NavLink>
                 </li>
             </AuthorizeView>
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Modeller}, {Roles.Auditor}")">
                 <li class="nav-item px-2">
                     <NavLink class="nav-link" href="settings/modellingpersonal">
-                        <span class="oi oi-puzzle-piece"></span> @(userConfig.GetText("modelling"))
+                        <span class="@Icons.Modelling"></span> @(userConfig.GetText("modelling"))
                     </NavLink>
                 </li>
             </AuthorizeView>
diff --git a/roles/ui/files/FWO.UI/Shared/Sidebar.razor b/roles/ui/files/FWO.UI/Shared/Sidebar.razor
index 5fa7be0d0..cc4c640f0 100644
--- a/roles/ui/files/FWO.UI/Shared/Sidebar.razor
+++ b/roles/ui/files/FWO.UI/Shared/Sidebar.razor
@@ -1,10 +1,12 @@
-<div class="sidebar-main d-flex flex-row @SidebarContainerCssClass" style="@(PositionLeft ? "left: 0px;" : "right: 0px;")">
+@using FWO.Api.Data
+
+<div class="sidebar-main d-flex flex-row @SidebarContainerCssClass" style="@(PositionLeft ? "left: 0px;" : "right: 0px;")">
     @if (!PositionLeft)
     {
         if (Collapsible)
         {
             <div class="btn btn-dark btn-sm sidebar-min-max-button align-self-center text-left" @onclick="MinMaxSidebar" draggable="@(Resizeable.ToString())" @ondragstart="ResizeStart" @ondragend="Resize">
-                <div class="oi oi-@minMaxButtonSymbol" style="vertical-align: top; margin-left:-5px; margin-top:-3px;"></div>
+                <div class="@minMaxButtonSymbol" style="vertical-align: top; margin-left:-5px; margin-top:-3px;"></div>
             </div>
         }
 
@@ -23,7 +25,7 @@
         if (Collapsible)
         {
             <div class="btn btn-dark btn-sm sidebar-min-max-button align-self-center text-left" style="transform:rotate(180deg);" @onclick="MinMaxSidebar" draggable="@(Resizeable.ToString())" @ondragstart="ResizeStart" @ondragend="Resize">
-                <div class="oi oi-@minMaxButtonSymbol" style="vertical-align: top; margin-left:-5px; margin-top:-3px;"></div>
+                <div class="@minMaxButtonSymbol" style="vertical-align: top; margin-left:-5px; margin-top:-3px;"></div>
             </div>
         }
     }
@@ -61,7 +63,7 @@
 
     private int WidthBeforeMinimize;
 
-    private string minMaxButtonSymbol = "collapse-right";
+    private string minMaxButtonSymbol = Icons.CollapseRight;
     private string overflowSidebar = "auto";
 
     private void ResizeStart(DragEventArgs dragArgs)
@@ -100,7 +102,7 @@
         {
             if (collapse)
             {
-                minMaxButtonSymbol = "collapse-left";
+                minMaxButtonSymbol = Icons.CollapseLeft;
 
                 WidthBeforeMinimize = Width;
                 Width = 0;
@@ -108,7 +110,7 @@
             }
             else
             {
-                minMaxButtonSymbol = "collapse-right";
+                minMaxButtonSymbol = Icons.CollapseRight;
 
                 Width = WidthBeforeMinimize;
                 WidthChanged.InvokeAsync(Width);
diff --git a/roles/ui/files/FWO.UI/Shared/TabSet.razor b/roles/ui/files/FWO.UI/Shared/TabSet.razor
index f373a4b0f..1027834a7 100644
--- a/roles/ui/files/FWO.UI/Shared/TabSet.razor
+++ b/roles/ui/files/FWO.UI/Shared/TabSet.razor
@@ -12,7 +12,7 @@
                 @tab.Title
                 @*@if (Closeable)
                     {
-                        <div class="ms-1 oi oi-x"></div>
+                        <div class="ms-1 @(Icons.Close)"></div>
                     }*@
             </a>
         </li>

From 8434a1bf20d4cfc6208a8f3b61445d8985513cc6 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Mon, 26 Feb 2024 09:45:16 +0100
Subject: [PATCH 13/84] small adaptations + unit test

---
 .../FWO.Api.Client/Data/GlobalConstants.cs    |  3 ++
 .../FWO.Api.Client/Data/LdapConnectionBase.cs | 10 ++--
 .../lib/files/FWO.Config.Api/GlobalConfig.cs  |  5 +-
 roles/test/files/FWO.Test/DistNameTest.cs     | 49 +++++++++++++++++++
 .../ui/files/FWO.UI/Pages/Certification.razor |  4 +-
 .../Pages/NetworkModelling/EditAppRole.razor  |  2 +-
 .../Pages/NetworkModelling/EditConn.razor     |  2 +-
 .../NetworkModelling/EditServiceGroup.razor   |  2 +-
 .../files/FWO.UI/Pages/Reporting/Report.razor |  4 +-
 .../ui/files/FWO.UI/Shared/ReportLayout.razor |  5 +-
 roles/ui/files/FWO.UI/wwwroot/css/site.css    |  1 +
 11 files changed, 69 insertions(+), 18 deletions(-)
 create mode 100644 roles/test/files/FWO.Test/DistNameTest.cs

diff --git a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
index d1654c7a1..34b63ba5b 100644
--- a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
@@ -1,5 +1,8 @@
 namespace FWO.Api.Data
 {
+    /// <summary>
+    /// Global string constants used e.g. as database keys etc.
+    /// </summary>
     public struct GlobalConst
     {
         public const string kEnglish = "English";
diff --git a/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs b/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs
index 61c28061e..20a662e11 100644
--- a/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs
@@ -90,27 +90,27 @@ public LdapConnectionBase(LdapGetUpdateParameters ldapGetUpdateParameters)
 
         public string Host()
         {
-            return (Address != "" ? Address + ":" + Port : "");
+            return Address != "" ? Address + ":" + Port : "";
         }
         
         public bool IsWritable()
         {
-            return (WriteUser != null && WriteUser != "");
+            return WriteUser != null && WriteUser != "";
         }
 
         public bool HasGroupHandling()
         {
-            return (GroupSearchPath != null && GroupSearchPath != "");
+            return GroupSearchPath != null && GroupSearchPath != "";
         }
 
         public bool HasRoleHandling()
         {
-            return (RoleSearchPath != null && RoleSearchPath != "");
+            return RoleSearchPath != null && RoleSearchPath != "";
         }
 
         public bool IsInternal()
         {
-            return ((new DistName(UserSearchPath)).IsInternal());
+            return new DistName(UserSearchPath).IsInternal();
         }
     }
 }
diff --git a/roles/lib/files/FWO.Config.Api/GlobalConfig.cs b/roles/lib/files/FWO.Config.Api/GlobalConfig.cs
index 8fb1bbf97..fc350798a 100644
--- a/roles/lib/files/FWO.Config.Api/GlobalConfig.cs
+++ b/roles/lib/files/FWO.Config.Api/GlobalConfig.cs
@@ -12,11 +12,8 @@ namespace FWO.Config.Api
     public class GlobalConfig : Config
     {
         /// <summary>
-        /// Global string constants used e.g. as database keys etc.
+        /// Global config constants
         /// </summary>
-        public static readonly int kSidebarLeftWidth = 300;
-        public static readonly int kSidebarRightWidth = 300;
-
         public string productVersion { get; set; }
         public Language[] uiLanguages { get; set; }
         public Dictionary<string, Dictionary<string, string>> langDict { get; set; }
diff --git a/roles/test/files/FWO.Test/DistNameTest.cs b/roles/test/files/FWO.Test/DistNameTest.cs
new file mode 100644
index 000000000..a14bdf0af
--- /dev/null
+++ b/roles/test/files/FWO.Test/DistNameTest.cs
@@ -0,0 +1,49 @@
+using NUnit.Framework;
+using FWO.Api.Data;
+
+namespace FWO.Test
+{
+    [TestFixture]
+    [Parallelizable]
+    internal class DistNameTest
+    {
+
+        static readonly DistName dn1 = new("");
+        static readonly DistName dn2 = new("uid=intuser2,ou=users,ou=tenant2,dc=fworch,dc=internal");
+        static readonly DistName dn3 = new("cn=usergroup3,ou=groups,dc=somewhere,dc=de");
+
+        [SetUp]
+        public void Initialize()
+        {}
+
+        [Test]
+        public void TestDistName()
+        {
+            Assert.AreEqual("", dn1.UserName);
+            Assert.AreEqual("", dn1.Role);
+            Assert.AreEqual("", dn1.Group);
+            Assert.AreEqual(0, dn1.Root.Count);
+            Assert.AreEqual(0, dn1.Path.Count);
+            Assert.AreEqual("", dn1.getTenant());
+            Assert.AreEqual(false, dn1.IsInternal());
+
+            Assert.AreEqual("intuser2", dn2.UserName);
+            Assert.AreEqual("", dn2.Role);
+            Assert.AreEqual("", dn2.Group);
+            Assert.AreEqual(2, dn2.Root.Count);
+            Assert.AreEqual(4, dn2.Path.Count);
+            Assert.AreEqual("tenant2", dn2.getTenant(3));
+            Assert.AreEqual(true, dn2.IsInternal());
+
+            Assert.AreEqual("usergroup3", dn3.UserName);
+            Assert.AreEqual("usergroup3", dn3.Role);
+            Assert.AreEqual("usergroup3", dn3.Group);
+            Assert.AreEqual(2, dn3.Root.Count);
+            Assert.AreEqual("somewhere", dn3.Root[0]);
+            Assert.AreEqual(3, dn3.Path.Count);
+            Assert.AreEqual("groups", dn3.Path[0]);
+            Assert.AreEqual("", dn3.getTenant(0));
+            Assert.AreEqual(false, dn3.IsInternal());
+        }
+    }
+}
diff --git a/roles/ui/files/FWO.UI/Pages/Certification.razor b/roles/ui/files/FWO.UI/Pages/Certification.razor
index 82b6b6e88..fe126f6b3 100644
--- a/roles/ui/files/FWO.UI/Pages/Certification.razor
+++ b/roles/ui/files/FWO.UI/Pages/Certification.razor
@@ -131,8 +131,8 @@
 
     private const int rulesPerPage = 0;
 
-    private int sidebarLeftWidth = GlobalConfig.kSidebarLeftWidth;
-    private int sidebarRightWidth = GlobalConfig.kSidebarRightWidth;
+    private int sidebarLeftWidth = GlobalConst.kSidebarLeftWidth;
+    private int sidebarRightWidth = GlobalConst.kSidebarRightWidth;
 
     private bool processing = false;
     private bool rulesFound = false;
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
index 65333a30d..f1b88e31d 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
@@ -120,7 +120,7 @@
 
 
     private ModellingDnDContainer Container { get; set; } = new();
-    int sidebarLeftWidth = GlobalConfig.kSidebarLeftWidth + 300;
+    int sidebarLeftWidth = GlobalConst.kSidebarLeftWidth + 300;
 
     private List<ModellingNetworkArea> areas = new();
     private bool firstTry = true;
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
index f8412facb..bbc92c6e4 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
@@ -211,7 +211,7 @@
 
 
     private ModellingDnDContainer Container { get; set; } = new();
-    private int sidebarInitWidth = GlobalConfig.kSidebarLeftWidth + 300;
+    private int sidebarInitWidth = GlobalConst.kSidebarLeftWidth + 300;
     private int sidebarLeftWidth;
     
     private List<ModellingService> services = new();
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor
index 4e3816d41..cbf2c3a61 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor
@@ -95,7 +95,7 @@
     public bool AsAdmin { get; set; } = false;
 
     private ModellingDnDContainer Container { get; set; } = new();
-    int sidebarLeftWidth = GlobalConfig.kSidebarLeftWidth + 300;
+    int sidebarLeftWidth = GlobalConst.kSidebarLeftWidth + 300;
     private bool workInProgress = false;
 
 
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 079eff8de..e39a85740 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -275,8 +275,8 @@
 
     private int rulesPerPage = 0;   // todo: remove - no pagination implemented?
 
-    private int sidebarLeftWidth = GlobalConfig.kSidebarLeftWidth;
-    private int sidebarRightWidth = GlobalConfig.kSidebarRightWidth;
+    private int sidebarLeftWidth = GlobalConst.kSidebarLeftWidth;
+    private int sidebarRightWidth = GlobalConst.kSidebarRightWidth;
 
     private ReportTemplateComponent reportTemplateControl = new ReportTemplateComponent();
 
diff --git a/roles/ui/files/FWO.UI/Shared/ReportLayout.razor b/roles/ui/files/FWO.UI/Shared/ReportLayout.razor
index a7ef9e47f..c9b506bff 100644
--- a/roles/ui/files/FWO.UI/Shared/ReportLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/ReportLayout.razor
@@ -1,5 +1,6 @@
 @inherits LayoutComponentBase
 @layout MainLayout
+@using FWO.Api.Data
 
 <!--<Sidebar PositionLeft="true" Collapsible="true" Resizeable="true" InitialWidth="sidebarLeftWidth" @bind-Width="sidebarLeftWidth">
     @SidebarLeftContent--> @* maybe not needed *@
@@ -22,6 +23,6 @@
     private RenderFragment? SidebarLeftContent { get; set; } @* maybe not needed *@
     private RenderFragment? SidebarRightContent { get; set; }
 
-    private int sidebarLeftWidth = GlobalConfig.kSidebarLeftWidth;
-    private int sidebarRightWidth = GlobalConfig.kSidebarRightWidth;
+    private int sidebarLeftWidth = GlobalConst.kSidebarLeftWidth;
+    private int sidebarRightWidth = GlobalConst.kSidebarRightWidth;
 }
diff --git a/roles/ui/files/FWO.UI/wwwroot/css/site.css b/roles/ui/files/FWO.UI/wwwroot/css/site.css
index cff51547d..2e1b7d56b 100644
--- a/roles/ui/files/FWO.UI/wwwroot/css/site.css
+++ b/roles/ui/files/FWO.UI/wwwroot/css/site.css
@@ -261,6 +261,7 @@ h5 {
     /* color: black; */
     color-scheme: dark;
     background-image: linear-gradient(#e4e8ec, #9b9797);
+    overflow: auto;
 }
 
 .sidebar-main {

From 7d705b57938d66901f503da24987932749ea3841 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Mon, 26 Feb 2024 17:19:51 +0100
Subject: [PATCH 14/84] new component recert param selection

---
 .../files/FWO.Api.Client/Data/RecertFilter.cs |  12 +-
 .../files/FWO.UI/Pages/Reporting/Report.razor | 109 ++++--------------
 .../ReportRecertParamSelection.razor          |  99 ++++++++++++++++
 3 files changed, 134 insertions(+), 86 deletions(-)
 create mode 100644 roles/ui/files/FWO.UI/Pages/Reporting/ReportRecertParamSelection.razor

diff --git a/roles/lib/files/FWO.Api.Client/Data/RecertFilter.cs b/roles/lib/files/FWO.Api.Client/Data/RecertFilter.cs
index 09305a48a..e985d21cd 100644
--- a/roles/lib/files/FWO.Api.Client/Data/RecertFilter.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/RecertFilter.cs
@@ -2,9 +2,19 @@ namespace FWO.Api.Data
 {
     public class RecertFilter
     {
-        public List<int> RecertOwnerList {get; set;} = new List<int>();
+        public List<int> RecertOwnerList {get; set;} = new ();
         public bool RecertShowAnyMatch {get; set;} = false;
         public int RecertificationDisplayPeriod = 0;
 
+        public RecertFilter()
+        {}
+
+        public RecertFilter(RecertFilter recertFilter)
+        {
+            RecertOwnerList = new(recertFilter.RecertOwnerList);
+            RecertShowAnyMatch = recertFilter.RecertShowAnyMatch;
+            RecertificationDisplayPeriod = recertFilter.RecertificationDisplayPeriod;
+
+        }
     }
 }
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index e39a85740..78b946eb9 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -13,7 +13,7 @@
 @page "/report/generation"
 @attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}")]
 
-@inject ApiConnection Connection
+@inject ApiConnection apiConnection
 @inject UserConfig userConfig
 
 @* ==== LEFT SIDEBAR ==== *@
@@ -29,43 +29,7 @@
     </div>
     @if (selectedReportType==ReportType.Recertification)
     {
-        <div class="p-3">
-            <h5 class="text-left">@(userConfig.GetText("recert_parameter"))</h5>
-            <h7 class="text-left">@(userConfig.GetText("due_within")):</h7>
-            <input type="number" min="1" max="5000" step="1" class="form-control form-control-sm" @bind="recertLookAheadDays" />
-            <h7 class="text-left">@(userConfig.GetText("owner"))</h7>
-            <Dropdown ElementType="FwoOwner" ElementToString="@(o => o.Name)" Nullable="true"
-                @bind-SelectedElement="selectedOwner" Elements="ownerList">
-                <ElementTemplate Context="owner">
-                    @owner.Name
-                </ElementTemplate>
-            </Dropdown>
-            <br>
-            <div class="form-check">
-                <input class="form-check-input" type="checkbox" id="recertShowAnyMatch"
-                    @bind="recertShowAnyMatch"
-                    @oninput="@(async () => { 
-                            recertShowAnyMatch = !recertShowAnyMatch;
-                            if (!recertShowAnyMatch) 
-                            {
-                                if (filterInput.Length>0)
-                                {
-                                    filterInput += " and (not src==0.0.0.0 and not dst==0.0.0.0)";
-                                }
-                                else
-                                {
-                                    filterInput = "(not src==0.0.0.0 and not dst==0.0.0.0)";
-                                }
-                            }
-                            else 
-                            {
-                                filterInput =  filterInput.Replace("and (not src==0.0.0.0 and not dst==0.0.0.0)", string.Empty);
-                                filterInput =  filterInput.Replace("(not src==0.0.0.0 and not dst==0.0.0.0)", string.Empty);
-                            }
-                        })" />
-                <label class="form-check-label" for="recertShowAnyMatch">@(userConfig.GetText("show_any_match"))</label>
-            </div>
-        </div>
+        <ReportRecertParamSelection @bind-FilterInput="filterInput" @bind-RecertFilter="actRecertFilter"/>
     }
     else if(selectedReportType==ReportType.UnusedRules)
     {
@@ -86,21 +50,18 @@
     }
     @if (selectedReportType != ReportType.Statistics && tenantList.Count > 1)
     {
-        if (tenantFilteringAllowed)
-        {
-            <div class="p-3">
-                <h5 class="text-left">@(userConfig.GetText("tenant_view"))</h5>
-                <Dropdown
-                    @ref="tenantSelector"
-                    SelectedElementChanged="TenantViewChanged"
-                    ElementType="Tenant" ElementToString="@(t => t.Name)" Nullable="true"
-                    Elements="tenantList">
-                    <ElementTemplate Context="tenant">
-                        @tenant.Name
-                    </ElementTemplate>
-                </Dropdown>
-            </div>
-        }
+        <div class="p-3">
+            <h5 class="text-left">@(userConfig.GetText("tenant_view"))</h5>
+            <Dropdown
+                @ref="tenantSelector"
+                SelectedElementChanged="TenantViewChanged"
+                ElementType="Tenant" ElementToString="@(t => t.Name)" Nullable="true"
+                Elements="tenantList">
+                <ElementTemplate Context="tenant">
+                    @tenant.Name
+                </ElementTemplate>
+            </Dropdown>
+        </div>
     }
     else
     {
@@ -252,8 +213,6 @@
     private Management? globalStats = null;
 
     private ReportType selectedReportType = ReportType.Rules;
-    private FwoOwner? selectedOwner = null;
-    private List<FwoOwner> ownerList = new List<FwoOwner>();
     private Tenant? selectedTenantView = null;
     private List<Tenant> tenantList = new List<Tenant>();
 
@@ -268,8 +227,7 @@
     private TimeFilter savedTimeFilter = new TimeFilter();
     private string displayedTimeSelection = "";
     private bool ShowSelectTimeDialog = false;
-    private bool recertShowAnyMatch = true;
-    private int recertLookAheadDays = 0;
+    private RecertFilter actRecertFilter = new();
     private int unusedDays = 0;
     private bool ShowCreateTicketDialog = false;
 
@@ -302,11 +260,10 @@
         {
             displayedTimeSelection = userConfig.GetText("now");
             unusedDays = userConfig.UnusedTolerance;
-            deviceFilter.Managements = await Connection.SendQueryAsync<List<ManagementSelect>>(DeviceQueries.getDevicesByManagement);
-            ownerList = await Connection.SendQueryAsync<List<FwoOwner>>(FWO.Api.Client.Queries.OwnerQueries.getOwners);
+            deviceFilter.Managements = await apiConnection.SendQueryAsync<List<ManagementSelect>>(DeviceQueries.getDevicesByManagement);
             if (tenantFilteringAllowed)
             {
-                tenantList = await Connection.SendQueryAsync<List<Tenant>>(FWO.Api.Client.Queries.AuthQueries.getTenants);
+                tenantList = await apiConnection.SendQueryAsync<List<Tenant>>(FWO.Api.Client.Queries.AuthQueries.getTenants);
                 tenantList?.Sort((a, b) => a.Name?.CompareTo(b.Name) ?? -1); // sort list of tenants
             }
 
@@ -314,8 +271,6 @@
             {
                 collapseDevices = true;
             }
-
-            recertLookAheadDays = Convert.ToInt32(userConfig.RecertificationDisplayPeriod);
             await InvokeAsync(StateHasChanged);
         }
         catch (Exception exception)
@@ -353,7 +308,7 @@
     private async Task SetDeviceVisibility(List<ManagementSelect> mgms, Tenant tenantView)
     {
         // TODO: not used yet
-        List<ManagementSelect> visibleDevices = await Connection.SendQueryAsync<List<ManagementSelect>>(DeviceQueries.getDevicesByManagement);
+        // List<ManagementSelect> visibleDevices = await apiConnection.SendQueryAsync<List<ManagementSelect>>(DeviceQueries.getDevicesByManagement);
 
         // List<TenantGateway> tenantGatewayList = new List<TenantGateway>(selectedTenantView.TenantVisibleGateways);
         // List<TenantViewGateway> tenantGatewayList = new List<TenantViewGateway>();
@@ -447,7 +402,7 @@
 
         if (template.ReportParams.TenantFilter.IsActive)
         {
-            Tenant tenantFromTemplate = await Tenant.getSingleTenant(Connection, template.ReportParams.TenantFilter.TenantId);
+            Tenant tenantFromTemplate = await Tenant.getSingleTenant(apiConnection, template.ReportParams.TenantFilter.TenantId);
             await tenantSelector.SelectElement(tenantFromTemplate);
             await TenantViewChanged(tenantFromTemplate);
         }
@@ -470,12 +425,7 @@
             actTimeFilter = template.ReportParams.TimeFilter;
         }
         DisplaySelectedTime();
-        if(template.ReportParams.RecertFilter.RecertOwnerList.Count > 0)
-        {
-            selectedOwner = ownerList.FirstOrDefault(o => o.Id == template.ReportParams.RecertFilter.RecertOwnerList.First());
-        }
-        recertShowAnyMatch = template.ReportParams.RecertFilter.RecertShowAnyMatch;
-        recertLookAheadDays = template.ReportParams.RecertFilter.RecertificationDisplayPeriod;
+        actRecertFilter = new(template.ReportParams.RecertFilter);
         unusedDays = template.ReportParams.UnusedFilter.UnusedForDays;
     }
 
@@ -569,7 +519,7 @@
                 if(currentReport!.ReportType == ReportType.Statistics)
                 {
                     globalStats = new Management();
-                    await currentReport.Generate(0, Connection,
+                    await currentReport.Generate(0, apiConnection,
                         managementsReportIntermediate =>
                         {
                             managementsReport = managementsReportIntermediate;
@@ -589,7 +539,7 @@
                 }
                 else
                 {
-                    await currentReport.Generate(userConfig.ElementsPerFetch, Connection,
+                    await currentReport.Generate(userConfig.ElementsPerFetch, apiConnection,
                     managementsReportIntermediate =>
                     {
                         managementsReport = managementsReportIntermediate;
@@ -644,7 +594,7 @@
         // check for unsupported devices
         if(selectedReportType == ReportType.UnusedRules)
         {
-            var result = await ReportBase.GetUsageDataUnsupportedDevices(Connection, deviceFilter);
+            var result = await ReportBase.GetUsageDataUnsupportedDevices(apiConnection, deviceFilter);
             reducedDeviceFilter = result.reducedDeviceFilter;
             unsupportedList = result.unsupportedList;
             if(unsupportedList.Count > 0)
@@ -687,12 +637,6 @@
 
     private ReportTemplate ConstructReportTemplate()
     {
-        List<int> ownerList = new List<int>();
-        if (selectedOwner != null)
-        {
-            ownerList.Add(selectedOwner.Id);
-        }
-
         ReportParams reportParams = new ReportParams((int)selectedReportType, selectedReportType == ReportType.UnusedRules ? reducedDeviceFilter : deviceFilter);
         reportParams.TimeFilter = savedTimeFilter;
         if (selectedReportType != ReportType.Statistics)
@@ -707,12 +651,7 @@
             reportParams.TenantFilter = new TenantFilter(selectedTenantView);
 
         }
-        reportParams.RecertFilter = new RecertFilter()
-        {
-            RecertOwnerList = ownerList,
-            RecertShowAnyMatch = recertShowAnyMatch,
-            RecertificationDisplayPeriod = recertLookAheadDays
-        };
+        reportParams.RecertFilter = new RecertFilter(actRecertFilter);
         reportParams.UnusedFilter = new UnusedFilter() 
         {
             UnusedForDays = unusedDays, 
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportRecertParamSelection.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportRecertParamSelection.razor
new file mode 100644
index 000000000..019ce6181
--- /dev/null
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportRecertParamSelection.razor
@@ -0,0 +1,99 @@
+@using FWO.Config.Api
+
+@inject ApiConnection apiConnection
+@inject UserConfig userConfig
+
+
+<div class="p-3">
+    <h5 class="text-left">@(userConfig.GetText("recert_parameter"))</h5>
+    <h7 class="text-left">@(userConfig.GetText("due_within")):</h7>
+    <input type="number" min="1" max="5000" step="1" class="form-control form-control-sm" @bind="RecertFilter.RecertificationDisplayPeriod" />
+    <h7 class="text-left">@(userConfig.GetText("owner"))</h7>
+    <Dropdown ElementType="FwoOwner" ElementToString="@(o => o.Name)" Nullable="true" SelectedElement="selectedOwner" 
+            SelectedElementChanged="SelectedOwnerChanged" Elements="ownerList">
+        <ElementTemplate Context="owner">
+            @owner.Name
+        </ElementTemplate>
+    </Dropdown>
+    <br>
+    <div class="form-check">
+        <input class="form-check-input" type="checkbox" id="recertShowAnyMatch"
+            @bind="RecertFilter.RecertShowAnyMatch"
+            @oninput="@(async () =>
+            { 
+                RecertFilter.RecertShowAnyMatch = !RecertFilter.RecertShowAnyMatch;
+                if (!RecertFilter.RecertShowAnyMatch) 
+                {
+                    if (FilterInput.Length > 0)
+                    {
+                        FilterInput += " and (not src==0.0.0.0 and not dst==0.0.0.0)";
+                    }
+                    else
+                    {
+                        FilterInput = "(not src==0.0.0.0 and not dst==0.0.0.0)";
+                    }
+                }
+                else 
+                {
+                    FilterInput =  FilterInput.Replace("and (not src==0.0.0.0 and not dst==0.0.0.0)", string.Empty);
+                    FilterInput =  FilterInput.Replace("(not src==0.0.0.0 and not dst==0.0.0.0)", string.Empty);
+                }
+                await FilterInputChanged.InvokeAsync(FilterInput);
+            })" />
+        <label class="form-check-label" for="recertShowAnyMatch">@(userConfig.GetText("show_any_match"))</label>
+    </div>
+</div>
+
+
+@code
+{
+    [CascadingParameter]
+    Action<Exception?, string, string, bool> DisplayMessageInUi { get; set; } = DefaultInit.DoNothing;
+
+    [Parameter]
+    public string FilterInput { get; set; } = "";
+
+    [Parameter]
+    public EventCallback<string> FilterInputChanged { get; set; }
+
+    [Parameter]
+    public RecertFilter RecertFilter { get; set; } = new();
+
+    [Parameter]
+    public EventCallback<RecertFilter> RecertFilterChanged { get; set; }
+
+    private List<FwoOwner> ownerList = new List<FwoOwner>();
+    private FwoOwner? selectedOwner = null;
+
+
+    protected override async Task OnInitializedAsync()
+    {
+        try
+        {
+            ownerList = await apiConnection.SendQueryAsync<List<FwoOwner>>(FWO.Api.Client.Queries.OwnerQueries.getOwners);
+            RecertFilter.RecertificationDisplayPeriod = Convert.ToInt32(userConfig.RecertificationDisplayPeriod);
+        }
+        catch (Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("object_fetch"), "", true);
+        }
+    }
+
+    protected override void OnParametersSet()
+    {
+        if(RecertFilter.RecertOwnerList.Count > 0)
+        {
+            selectedOwner = ownerList.FirstOrDefault(o => o.Id == RecertFilter.RecertOwnerList.First());
+        }
+    }
+
+    private void SelectedOwnerChanged(FwoOwner newOwner)
+    {
+        selectedOwner = newOwner;
+        RecertFilter.RecertOwnerList = new();
+        if(newOwner != null)
+        {
+            RecertFilter.RecertOwnerList.Add(newOwner.Id);
+        }
+    }
+}

From c0f68f7fc9ac06e861d472103d12708680062905 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 27 Feb 2024 16:33:32 +0100
Subject: [PATCH 15/84] first steps modelling reports

---
 roles/api/files/replace_metadata.json         | 302 ++++++++++++++++++
 .../files/sql/idempotent/fworch-texts.sql     |   2 +
 .../FilterTypes/ReportType.cs                 |  20 +-
 .../FWO.UI/Pages/Reporting/Archive.razor      |   4 +-
 .../files/FWO.UI/Pages/Reporting/Report.razor | 127 ++++----
 .../Reporting/ReportTemplateComponent.razor   |  26 +-
 .../Reporting/Reports/StatisticsReport.razor  |  43 +++
 .../FWO.UI/Pages/Reporting/Schedule.razor     |  30 +-
 .../files/FWO.UI/Shared/NavigationMenu.razor  |   2 +-
 9 files changed, 471 insertions(+), 85 deletions(-)
 create mode 100644 roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor

diff --git a/roles/api/files/replace_metadata.json b/roles/api/files/replace_metadata.json
index 85bedf791..6841c208b 100644
--- a/roles/api/files/replace_metadata.json
+++ b/roles/api/files/replace_metadata.json
@@ -10155,6 +10155,28 @@
                     ]
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "check": {},
+                    "columns": [
+                      "report_id",
+                      "description",
+                      "report_name",
+                      "report_owner_id",
+                      "report_template_id",
+                      "report_type",
+                      "tenant_wide_visible",
+                      "report_json",
+                      "report_csv",
+                      "report_html",
+                      "report_pdf",
+                      "report_end_time",
+                      "report_start_time"
+                    ]
+                  },
+                  "comment": ""
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -10267,6 +10289,32 @@
                     "allow_aggregations": true
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "columns": [
+                      "report_id",
+                      "description",
+                      "report_name",
+                      "report_owner_id",
+                      "report_template_id",
+                      "report_type",
+                      "tenant_wide_visible",
+                      "report_json",
+                      "report_csv",
+                      "report_html",
+                      "report_pdf",
+                      "report_end_time",
+                      "report_start_time"
+                    ],
+                    "filter": {
+                      "report_owner_id": {
+                        "_eq": "X-Hasura-User-Id"
+                      }
+                    },
+                    "allow_aggregations": true
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -10399,6 +10447,32 @@
                     "check": null
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "columns": [
+                      "report_pdf",
+                      "report_owner_id",
+                      "report_template_id",
+                      "report_type",
+                      "description",
+                      "tenant_wide_visible",
+                      "report_id",
+                      "report_json",
+                      "report_csv",
+                      "report_html",
+                      "report_end_time",
+                      "report_start_time",
+                      "report_name"
+                    ],
+                    "filter": {
+                      "report_owner_id": {
+                        "_eq": "X-Hasura-User-Id"
+                      }
+                    },
+                    "check": null
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -10499,6 +10573,16 @@
                     }
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "filter": {
+                      "report_owner_id": {
+                        "_eq": "X-Hasura-User-Id"
+                      }
+                    }
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -10676,6 +10760,25 @@
                     ]
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "check": {},
+                    "columns": [
+                      "report_schedule_id",
+                      "report_schedule_active",
+                      "report_schedule_name",
+                      "report_schedule_counter",
+                      "report_schedule_every",
+                      "report_schedule_owner",
+                      "report_schedule_repeat",
+                      "report_schedule_repetitions",
+                      "report_template_id",
+                      "report_schedule_start_time"
+                    ]
+                  },
+                  "comment": ""
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -10808,6 +10911,28 @@
                     "allow_aggregations": true
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "columns": [
+                      "report_schedule_active",
+                      "report_schedule_every",
+                      "report_schedule_id",
+                      "report_schedule_name",
+                      "report_schedule_owner",
+                      "report_schedule_repeat",
+                      "report_schedule_repetitions",
+                      "report_schedule_start_time",
+                      "report_schedule_counter",
+                      "report_template_id"
+                    ],
+                    "filter": {
+                      "report_schedule_owner": {
+                        "_eq": "X-Hasura-User-Id"
+                      }
+                    }
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -10938,6 +11063,29 @@
                     "check": null
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "columns": [
+                      "report_schedule_active",
+                      "report_schedule_every",
+                      "report_schedule_id",
+                      "report_schedule_name",
+                      "report_schedule_owner",
+                      "report_schedule_repeat",
+                      "report_schedule_repetitions",
+                      "report_schedule_start_time",
+                      "report_schedule_counter",
+                      "report_template_id"
+                    ],
+                    "filter": {
+                      "report_schedule_owner": {
+                        "_eq": "X-Hasura-User-Id"
+                      }
+                    },
+                    "check": null
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -11029,6 +11177,16 @@
                     }
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "filter": {
+                      "report_schedule_owner": {
+                        "_eq": "X-Hasura-User-Id"
+                      }
+                    }
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -11113,6 +11271,22 @@
                     ]
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "check": {
+                      "report_schedule": {
+                        "report_schedule_owner": {
+                          "_eq": "X-Hasura-User-Id"
+                        }
+                      }
+                    },
+                    "columns": [
+                      "report_schedule_format_name",
+                      "report_schedule_id"
+                    ]
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -11199,6 +11373,22 @@
                     "filter": {}
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "columns": [
+                      "report_schedule_format_name",
+                      "report_schedule_id"
+                    ],
+                    "filter": {
+                      "report_schedule": {
+                        "report_schedule_owner": {
+                          "_eq": "X-Hasura-User-Id"
+                        }
+                      }
+                    }
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -11289,6 +11479,29 @@
                     }
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "columns": [
+                      "report_schedule_format_name",
+                      "report_schedule_id"
+                    ],
+                    "filter": {
+                      "report_schedule": {
+                        "report_schedule_owner": {
+                          "_eq": "X-Hasura-User-Id"
+                        }
+                      }
+                    },
+                    "check": {
+                      "report_schedule": {
+                        "report_schedule_owner": {
+                          "_eq": "X-Hasura-User-Id"
+                        }
+                      }
+                    }
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -11384,6 +11597,18 @@
                     }
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "filter": {
+                      "report_schedule": {
+                        "report_schedule_owner": {
+                          "_eq": "X-Hasura-User-Id"
+                        }
+                      }
+                    }
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -11506,6 +11731,23 @@
                     ]
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "check": {},
+                    "columns": [
+                      "filterline_history",
+                      "report_filter",
+                      "report_template_name",
+                      "report_template_id",
+                      "report_template_owner",
+                      "report_parameters",
+                      "report_template_comment",
+                      "report_template_create"
+                    ]
+                  },
+                  "comment": ""
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -11618,6 +11860,35 @@
                     "allow_aggregations": true
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "columns": [
+                      "filterline_history",
+                      "report_filter",
+                      "report_parameters",
+                      "report_template_comment",
+                      "report_template_create",
+                      "report_template_id",
+                      "report_template_name",
+                      "report_template_owner"
+                    ],
+                    "filter": {
+                      "_or": [
+                        {
+                          "report_template_owner": {
+                            "_eq": 0
+                          }
+                        },
+                        {
+                          "report_template_owner": {
+                            "_eq": "X-Hasura-User-Id"
+                          }
+                        }
+                      ]
+                    }
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -11749,6 +12020,27 @@
                     "check": null
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "columns": [
+                      "filterline_history",
+                      "report_filter",
+                      "report_parameters",
+                      "report_template_comment",
+                      "report_template_create",
+                      "report_template_id",
+                      "report_template_name",
+                      "report_template_owner"
+                    ],
+                    "filter": {
+                      "report_template_owner": {
+                        "_eq": "X-Hasura-User-Id"
+                      }
+                    },
+                    "check": null
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
@@ -11834,6 +12126,16 @@
                     }
                   }
                 },
+                {
+                  "role": "modeller",
+                  "permission": {
+                    "filter": {
+                      "report_template_owner": {
+                        "_eq": "X-Hasura-User-Id"
+                      }
+                    }
+                  }
+                },
                 {
                   "role": "recertifier",
                   "permission": {
diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index 2949e68a6..7558d58f6 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -105,6 +105,8 @@ INSERT INTO txt VALUES ('ResolvedChangesTech', 	'German', 	'Changes-Report (tech
 INSERT INTO txt VALUES ('ResolvedChangesTech', 	'English', 	'Changes Report (technical)');
 INSERT INTO txt VALUES ('UnusedRules', 	        'German', 	'Unbenutzte-Regel-Report');
 INSERT INTO txt VALUES ('UnusedRules', 	        'English', 	'Unused Rules Report');
+INSERT INTO txt VALUES ('Connections', 	        'German', 	'Verbindungs-Report');
+INSERT INTO txt VALUES ('Connections', 	        'English', 	'Connections Report');
 INSERT INTO txt VALUES ('mixed', 	            'German', 	'Gemischt');
 INSERT INTO txt VALUES ('mixed', 	            'English', 	'Mixed');
 INSERT INTO txt VALUES ('exclusive', 	        'German', 	'Exklusiv');
diff --git a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs
index d4d650809..a6c464961 100644
--- a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs
+++ b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs
@@ -11,7 +11,9 @@ public enum ReportType
         Recertification = 7,
         ResolvedChanges = 8,
         ResolvedChangesTech = 9,
-        UnusedRules = 10
+        UnusedRules = 10,
+
+        Connections = 21
     }
 
     public static class ReportTypeGroups
@@ -70,5 +72,21 @@ public static bool IsTechReport(this ReportType reportType)
                     return false;
             }
         }
+
+        public static bool IsRuleRelatedReport(this ReportType reportType)
+        {
+            return reportType.IsRuleReport() || reportType.IsChangeReport() || reportType == ReportType.Statistics;
+        }
+
+        public static bool IsModellingReport(this ReportType reportType)
+        {
+            switch(reportType)
+            {
+                case ReportType.Connections:
+                    return true;
+                default: 
+                    return false;
+            }
+        }
     }
 }
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Archive.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Archive.razor
index 253d30bf6..c9ec3ca2b 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Archive.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Archive.razor
@@ -7,9 +7,9 @@
 @inject UserConfig userConfig
 
 @page "/report/archive"
-@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}, {Roles.Modeller}")]
 
-<ReportTabset></ReportTabset>
+<ReportTabset/>
 
 <div class="vheight75">
     <Table TableClass="table table-bordered table-sm th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ReportFile" Items="archivedReports" PageSize="0">
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 78b946eb9..34da2a8aa 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -3,15 +3,12 @@
 @using FWO.Report.Filter
 @using FWO.Report.Filter.Exceptions
 @using FWO.Api.Data
-@using System
-@using System.Threading
-@using System.Text.RegularExpressions
 @using FWO.Ui.Data
 @using FWO.Ui.Pages.Reporting.Reports
 @using System.Diagnostics
 
 @page "/report/generation"
-@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}, {Roles.Modeller}")]
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
@@ -70,7 +67,10 @@
         </div>
     }
 
-    <DeviceSelection @bind-DeviceFilter="deviceFilter" @bind-CollapseAll="collapseDevices" @bind-SelectAll="selectAll"></DeviceSelection>
+    @if (selectedReportType.IsRuleRelatedReport())
+    {
+        <DeviceSelection @bind-DeviceFilter="deviceFilter" @bind-CollapseAll="collapseDevices" @bind-SelectAll="selectAll"></DeviceSelection>
+    }
 </Sidebar>
 
 @* ==== Middle div ==== *@
@@ -134,34 +134,7 @@
                         break;
 
                     case ReportType.Statistics:
-                        @if (globalStats != null)
-                        {
-                            <h5>@(userConfig.GetText("glob_no_obj"))</h5>
-                            <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Management" Items="new Management[] {globalStats}">
-                                <Column TableItem="Management" Title="@(userConfig.GetText("network_objects"))" Field="@(Management => Management.NetworkObjectStatistics.ObjectAggregate.ObjectCount)" />
-                                <Column TableItem="Management" Title="@(userConfig.GetText("service_objects"))" Field="@(Management => Management.ServiceObjectStatistics.ObjectAggregate.ObjectCount)" />
-                                <Column TableItem="Management" Title="@(userConfig.GetText("user_objects"))" Field="@(Management => Management.UserObjectStatistics.ObjectAggregate.ObjectCount)" />
-                                <Column TableItem="Management" Title="@(userConfig.GetText("rules"))" Field="@(Management => Management.RuleStatistics.ObjectAggregate.ObjectCount)" />
-                            </Table>
-                        }
-                        @foreach (Management management in managementsReport.Where(mgt => !mgt.Ignore))
-                        {
-                            <Collapse Title="@management.Name" Style="@("primary")" StartToggled="false">
-                                <h6>@(userConfig.GetText("total_no_obj_mgt"))</h6>
-                                <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Management" Items="new Management[] {management}" PageSize="0">
-                                    <Column TableItem="Management" Title="@(userConfig.GetText("network_objects"))" Field="@(Management => Management.NetworkObjectStatistics.ObjectAggregate.ObjectCount)" />
-                                    <Column TableItem="Management" Title="@(userConfig.GetText("service_objects"))" Field="@(Management => Management.ServiceObjectStatistics.ObjectAggregate.ObjectCount)" />
-                                    <Column TableItem="Management" Title="@(userConfig.GetText("user_objects"))" Field="@(Management => Management.UserObjectStatistics.ObjectAggregate.ObjectCount)" />
-                                    <Column TableItem="Management" Title="@(userConfig.GetText("rules"))" Field="@(Management => Management.RuleStatistics.ObjectAggregate.ObjectCount)" />
-                                </Table>
-
-                                <h6>@(userConfig.GetText("no_rules_gtw"))</h6>
-                                <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Device" Items="management.Devices" PageSize="0">
-                                    <Column TableItem="Device" Title="@(userConfig.GetText("gateway"))" Field="@(Device => Device.Name)" />
-                                    <Column TableItem="Device" Title="@(userConfig.GetText("no_of_rules"))" Field="@(Device => Device.RuleStatistics.ObjectAggregate.ObjectCount)" />
-                                </Table>
-                            </Collapse>
-                        }
+                        <StatisticsReport Managements="managementsReport" GlobalStats="globalStats"/>
                         break;
 
                     default:
@@ -187,13 +160,17 @@
 </div>
 
 @* ==== RIGHT SIDEBAR ==== *@
-<RightSidebar @bind-Width="sidebarRightWidth" Tabset="rsbTabset" AnchorNavToRSB="anchorNavToRSB" CurrentReport="currentReport" @bind-SelectedRules="selectedItemsRuleReportTable" ManagementsReport="managementsReport" AllTabVisible="(tenantFilteringAllowed && selectedTenantView == null)" />
-<AnchorNavToRSB @ref="anchorNavToRSB" TabSet="rsbTabset" />
+@if (selectedReportType.IsRuleRelatedReport())
+{
+    <RightSidebar @bind-Width="sidebarRightWidth" Tabset="rsbTabset" AnchorNavToRSB="anchorNavToRSB" CurrentReport="currentReport" @bind-SelectedRules="selectedItemsRuleReportTable" ManagementsReport="managementsReport" AllTabVisible="(tenantFilteringAllowed && selectedTenantView == null)" />
+    <AnchorNavToRSB @ref="anchorNavToRSB" TabSet="rsbTabset" />
+}
 
 @* ==== POPUPS ==== *@
 <ReportSelectTime @bind-Display="ShowSelectTimeDialog" SelectedReportType="selectedReportType" @bind-ActTimeFilter="actTimeFilter" @bind-SavedTimeFilter="savedTimeFilter" DisplayTime="DisplaySelectedTime"/>
 <ReportCreateTicket @bind-Display="ShowCreateTicketDialog" SelectedRules="selectedItemsRuleReportTable"/>
 
+
 @code
 {
     [CascadingParameter]
@@ -210,6 +187,7 @@
     private List<RuleChange> selectedItemsChangeReportTable = new List<RuleChange>();
 
     private Management[] managementsReport = new Management[0];
+    List<int> relevantManagementIds = new();
     private Management? globalStats = null;
 
     private ReportType selectedReportType = ReportType.Rules;
@@ -223,8 +201,8 @@
 
     private Dropdown<Tenant> tenantSelector;
 
-    private TimeFilter actTimeFilter = new TimeFilter();
-    private TimeFilter savedTimeFilter = new TimeFilter();
+    private TimeFilter actTimeFilter = new();
+    private TimeFilter savedTimeFilter = new();
     private string displayedTimeSelection = "";
     private bool ShowSelectTimeDialog = false;
     private RecertFilter actRecertFilter = new();
@@ -254,10 +232,21 @@
     private bool tenantFilteringAllowed => authenticationStateTask!.Result.User.IsInRole(Roles.ReporterViewAll) || authenticationStateTask!.Result.User.IsInRole(Roles.Admin)
         || authenticationStateTask!.Result.User.IsInRole(Roles.FwAdmin) || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor);
 
+    private bool showRuleRelatedReports => authenticationStateTask!.Result.User.IsInRole(Roles.Reporter)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.ReporterViewAll)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.FwAdmin)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Admin)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor);
+    private bool showModellingReports => authenticationStateTask!.Result.User.IsInRole(Roles.Modeller)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Admin)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor);
+
+
     protected override async Task OnInitializedAsync()
     {
         try
         {
+            selectedReportType = showRuleRelatedReports ? ReportType.Rules : ReportType.Connections;
             displayedTimeSelection = userConfig.GetText("now");
             unusedDays = userConfig.UnusedTolerance;
             deviceFilter.Managements = await apiConnection.SendQueryAsync<List<ManagementSelect>>(DeviceQueries.getDevicesByManagement);
@@ -499,7 +488,7 @@
         Management[] managementsReportOrig = managementsReport;
         try
         {
-            if (!deviceFilter.isAnyDeviceFilterSet())  // display warning
+            if (selectedReportType.IsRuleRelatedReport() && !deviceFilter.isAnyDeviceFilterSet())  // display warning
             {
                 DisplayMessageInUi(null, userConfig.GetText("no_device_selected"), userConfig.GetText("E1001"), true);
                 return;
@@ -509,33 +498,16 @@
             await PrepareReportGeneration();
 
             // save selected managements before resetting
-            List<int> relevantManagements = deviceFilter.getSelectedManagements();
+            relevantManagementIds = deviceFilter.getSelectedManagements();
 
             DateTime startTime = DateTime.Now;
             managementsReport = new Management[0]; // reset management data when switching between reports
 
             try
             {
-                if(currentReport!.ReportType == ReportType.Statistics)
+                if(currentReport.ReportType == ReportType.Statistics)
                 {
-                    globalStats = new Management();
-                    await currentReport.Generate(0, apiConnection,
-                        managementsReportIntermediate =>
-                        {
-                            managementsReport = managementsReportIntermediate;
-                            setRelevantManagements(relevantManagements);
-                            return InvokeAsync(() =>
-                            {
-                                foreach (Management mgm in managementsReport.Where(mgt => !mgt.Ignore))
-                                {
-                                    globalStats.RuleStatistics.ObjectAggregate.ObjectCount += mgm.RuleStatistics.ObjectAggregate.ObjectCount;
-                                    globalStats.NetworkObjectStatistics.ObjectAggregate.ObjectCount += mgm.NetworkObjectStatistics.ObjectAggregate.ObjectCount;
-                                    globalStats.ServiceObjectStatistics.ObjectAggregate.ObjectCount += mgm.ServiceObjectStatistics.ObjectAggregate.ObjectCount;
-                                    globalStats.UserObjectStatistics.ObjectAggregate.ObjectCount += mgm.UserObjectStatistics.ObjectAggregate.ObjectCount;
-                                }
-                                StateHasChanged();
-                            });
-                        }, token);
+                    await GenerateStatisticsReport(token);
                 }
                 else
                 {
@@ -543,7 +515,7 @@
                     managementsReportIntermediate =>
                     {
                         managementsReport = managementsReportIntermediate;
-                        setRelevantManagements(relevantManagements);
+                        setRelevantManagements();
                         return InvokeAsync(StateHasChanged);
                     }, token);
                     if (currentReport.ReportType == ReportType.Recertification)
@@ -605,6 +577,28 @@
         currentReport = ReportBase.ConstructReport(ConstructReportTemplate(), userConfig);
     }
 
+    private async Task GenerateStatisticsReport(CancellationToken token)
+    {
+        globalStats = new Management();
+        await currentReport.Generate(0, apiConnection,
+            managementsReportIntermediate =>
+            {
+                managementsReport = managementsReportIntermediate;
+                setRelevantManagements();
+                return InvokeAsync(() =>
+                {
+                    foreach (Management mgm in managementsReport.Where(mgt => !mgt.Ignore))
+                    {
+                        globalStats.RuleStatistics.ObjectAggregate.ObjectCount += mgm.RuleStatistics.ObjectAggregate.ObjectCount;
+                        globalStats.NetworkObjectStatistics.ObjectAggregate.ObjectCount += mgm.NetworkObjectStatistics.ObjectAggregate.ObjectCount;
+                        globalStats.ServiceObjectStatistics.ObjectAggregate.ObjectCount += mgm.ServiceObjectStatistics.ObjectAggregate.ObjectCount;
+                        globalStats.UserObjectStatistics.ObjectAggregate.ObjectCount += mgm.UserObjectStatistics.ObjectAggregate.ObjectCount;
+                    }
+                    StateHasChanged();
+                });
+            }, token);
+    }
+
     private bool PrepareMetadata(Management[] Managements)
     {
         bool rulesFound = false;
@@ -627,11 +621,11 @@
         DisplayMessageInUi(null, userConfig.GetText("report_data_fetch"), userConfig.GetText("E1003"), true);
     }
 
-    private void setRelevantManagements(List<int> relevantManagements)
+    private void setRelevantManagements()
     {
         foreach (Management mgm in managementsReport)
         {
-            mgm.Ignore = !relevantManagements.Contains(mgm.Id);
+            mgm.Ignore = !relevantManagementIds.Contains(mgm.Id);
         }
     }
 
@@ -646,10 +640,8 @@
             {
                 selectedTenantView = userConfig.User.Tenant;
                 // TODO: when admin selects a tenant filter, add the corresponding device filter to make sure only those devices are reported that the tenant is allowed to see
-
             }
             reportParams.TenantFilter = new TenantFilter(selectedTenantView);
-
         }
         reportParams.RecertFilter = new RecertFilter(actRecertFilter);
         reportParams.UnusedFilter = new UnusedFilter() 
@@ -657,7 +649,6 @@
             UnusedForDays = unusedDays, 
             CreationTolerance = userConfig.CreationTolerance
         };
-
         return new ReportTemplate(filterInput, reportParams);
     }
 
@@ -719,14 +710,18 @@
             ReportType.Rules, ReportType.ResolvedRules, ReportType.ResolvedRulesTech, ReportType.UnusedRules, ReportType.NatRules,
             ReportType.Recertification,
             ReportType.Changes, ReportType.ResolvedChanges, ReportType.ResolvedChangesTech, 
-            ReportType.Statistics
+            ReportType.Statistics,
+            ReportType.Connections
         };
         foreach (ReportType reportType in orderedReportTypeList)
         {
             ReportType? foundType = ListIn.Find(x => x == reportType);
             if (foundType != null)
             {
-                ListOut.Add(reportType);
+                if(showRuleRelatedReports && reportType.IsRuleRelatedReport() || showModellingReports && reportType.IsModellingReport())
+                {
+                    ListOut.Add(reportType);
+                }
                 ListIn.Remove(reportType);
             }
         }
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
index 1eeec060a..166aedc18 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
@@ -104,13 +104,16 @@
                     <label class="col-sm-8">@(DisplayTime())</label>
                 </div>
             }
-            <div class="form-group row mt-2">
-                <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("devices")):</label>
-                <div class="form-group row col-sm-9">
-                    <label class="col-sm-9">@(reportTemplateInEdit.ReportParams.DeviceFilter.listAllSelectedDevices())</label>
-                    <button type="button" class="btn btn-sm btn-warning col-sm-2" @onclick="EditDeviceSelection">@(userConfig.GetText("edit"))</button>
+            @if(reportTypeInEdit.IsRuleRelatedReport())
+            {
+                <div class="form-group row mt-2">
+                    <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("devices")):</label>
+                    <div class="form-group row col-sm-9">
+                        <label class="col-sm-9">@(reportTemplateInEdit.ReportParams.DeviceFilter.listAllSelectedDevices())</label>
+                        <button type="button" class="btn btn-sm btn-warning col-sm-2" @onclick="EditDeviceSelection">@(userConfig.GetText("edit"))</button>
+                    </div>
                 </div>
-            </div>
+            }
             <div class="form-group row mt-2">
                 <label for="saveTemplateFilterLineTextarea" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("filter")):</label>
                 <textarea id="saveTemplateFilterLineTextarea" class="col-sm-8" @bind="reportTemplateInEdit.Filter" />
@@ -157,6 +160,15 @@
     private Collapse collapseControl = new Collapse();
     private DeviceFilter DeviceFilterOrig = new();
 
+    private bool showRuleRelatedReports => authenticationStateTask!.Result.User.IsInRole(Roles.Reporter)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.ReporterViewAll)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.FwAdmin)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Admin)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor);
+    private bool showModellingReports => authenticationStateTask!.Result.User.IsInRole(Roles.Modeller)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Admin)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor);
+
 
     protected override async Task OnInitializedAsync()
     {
@@ -169,6 +181,8 @@
         try
         {
             reportTemplates = (await apiConnection.SendQueryAsync<ReportTemplate[]>(ReportQueries.getReportTemplates, new { userId = userConfig.User.DbId })).ToList();
+            reportTemplates = reportTemplates.Where(rt => (showRuleRelatedReports && ((ReportType)rt.ReportParams.ReportType).IsRuleRelatedReport() || 
+                                                           showModellingReports && ((ReportType)rt.ReportParams.ReportType).IsModellingReport())).ToList();
             await InvokeAsync(StateHasChanged);
         }
         catch (Exception exception)
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
new file mode 100644
index 000000000..be34bdc5a
--- /dev/null
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
@@ -0,0 +1,43 @@
+@using FWO.Ui.Display
+@using FWO.Config.Api
+@using FWO.Report.Filter
+
+@inject UserConfig userConfig
+
+@if (GlobalStats != null)
+{
+    <h5>@(userConfig.GetText("glob_no_obj"))</h5>
+    <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Management" Items="new Management[] {GlobalStats}">
+        <Column TableItem="Management" Title="@(userConfig.GetText("network_objects"))" Field="@(Management => Management.NetworkObjectStatistics.ObjectAggregate.ObjectCount)" />
+        <Column TableItem="Management" Title="@(userConfig.GetText("service_objects"))" Field="@(Management => Management.ServiceObjectStatistics.ObjectAggregate.ObjectCount)" />
+        <Column TableItem="Management" Title="@(userConfig.GetText("user_objects"))" Field="@(Management => Management.UserObjectStatistics.ObjectAggregate.ObjectCount)" />
+        <Column TableItem="Management" Title="@(userConfig.GetText("rules"))" Field="@(Management => Management.RuleStatistics.ObjectAggregate.ObjectCount)" />
+    </Table>
+}
+@foreach (Management management in Managements.Where(mgt => !mgt.Ignore))
+{
+    <Collapse Title="@management.Name" Style="@("primary")" StartToggled="false">
+        <h6>@(userConfig.GetText("total_no_obj_mgt"))</h6>
+        <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Management" Items="new Management[] {management}" PageSize="0">
+            <Column TableItem="Management" Title="@(userConfig.GetText("network_objects"))" Field="@(Management => Management.NetworkObjectStatistics.ObjectAggregate.ObjectCount)" />
+            <Column TableItem="Management" Title="@(userConfig.GetText("service_objects"))" Field="@(Management => Management.ServiceObjectStatistics.ObjectAggregate.ObjectCount)" />
+            <Column TableItem="Management" Title="@(userConfig.GetText("user_objects"))" Field="@(Management => Management.UserObjectStatistics.ObjectAggregate.ObjectCount)" />
+            <Column TableItem="Management" Title="@(userConfig.GetText("rules"))" Field="@(Management => Management.RuleStatistics.ObjectAggregate.ObjectCount)" />
+        </Table>
+
+        <h6>@(userConfig.GetText("no_rules_gtw"))</h6>
+        <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Device" Items="management.Devices" PageSize="0">
+            <Column TableItem="Device" Title="@(userConfig.GetText("gateway"))" Field="@(Device => Device.Name)" />
+            <Column TableItem="Device" Title="@(userConfig.GetText("no_of_rules"))" Field="@(Device => Device.RuleStatistics.ObjectAggregate.ObjectCount)" />
+        </Table>
+    </Collapse>
+}
+
+@code
+{
+    [Parameter]
+    public Management[] Managements { get; set; } = new Management[]{};
+
+    [Parameter]
+    public Management? GlobalStats { get; set; }
+}
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
index a4e52fc0b..6e7009780 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
@@ -7,9 +7,9 @@
 @inject UserConfig userConfig
 
 @page "/report/schedule"
-@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}")]
+@attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}, {Roles.Modeller}")]
 
-<ReportTabset></ReportTabset>
+<ReportTabset/>
 
 <button type="button" class="btn btn-sm btn-success mb-1" @onclick="() => { scheduledReportInEdit = new ScheduledReport() { RepeatInterval = Interval.Never }; ShowSaveScheduledReportDialog = true; }">@(userConfig.GetText("add"))</button>
 
@@ -168,7 +168,7 @@
 
 @code
 {
-    private GraphQlApiSubscription<ScheduledReport[]>? scheduledReportsSubscription;
+    private GraphQlApiSubscription<List<ScheduledReport>>? scheduledReportsSubscription;
     private List<ScheduledReport> scheduledReports = new List<ScheduledReport>();
     private ScheduledReport scheduledReportInEdit = new ScheduledReport();
     private DateTime actDate = DateTime.Today;
@@ -179,23 +179,35 @@
 
     private int uiUserDbId;
 
-    ReportTemplate[] reportTemplates = new ReportTemplate[0];
+    List<ReportTemplate> reportTemplates = new ();
 
     [CascadingParameter]
     Action<Exception?, string, string, bool> DisplayMessageInUi { get; set; } = DefaultInit.DoNothing;
 
     [CascadingParameter]
     private Task<AuthenticationState>? authenticationStateTask { get; set; }
+
     private AuthenticationState? authenticationState;
+    private bool showRuleRelatedReports => authenticationStateTask!.Result.User.IsInRole(Roles.Reporter)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.ReporterViewAll)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.FwAdmin)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Admin)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor);
+    private bool showModellingReports => authenticationStateTask!.Result.User.IsInRole(Roles.Modeller)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Admin)
+        || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor);
+
 
     protected override async Task OnInitializedAsync()
     {
         try
         {
             // Initial fetch to speed up loading before subscription is established
-            scheduledReports = (await apiConnection.SendQueryAsync<ScheduledReport[]>(ReportQueries.getReportSchedules)).ToList();
-            scheduledReportsSubscription = apiConnection.GetSubscription<ScheduledReport[]>(HandleSubscriptionError, OnReportScheduleUpdate, ReportQueries.subscribeReportScheduleChanges);
-            reportTemplates = await apiConnection.SendQueryAsync<ReportTemplate[]>(ReportQueries.getReportTemplates);
+            scheduledReports = (await apiConnection.SendQueryAsync<List<ScheduledReport>>(ReportQueries.getReportSchedules));
+            scheduledReportsSubscription = apiConnection.GetSubscription<List<ScheduledReport>>(HandleSubscriptionError, OnReportScheduleUpdate, ReportQueries.subscribeReportScheduleChanges);
+            reportTemplates = await apiConnection.SendQueryAsync<List<ReportTemplate>>(ReportQueries.getReportTemplates);
+            reportTemplates = reportTemplates.Where(rt => (showRuleRelatedReports && ((ReportType)rt.ReportParams.ReportType).IsRuleRelatedReport() || 
+                                                           showModellingReports && ((ReportType)rt.ReportParams.ReportType).IsModellingReport())).ToList();
             uiUserDbId = userConfig.User.DbId;
             authenticationState = await authenticationStateTask!;
         }
@@ -210,10 +222,10 @@
         await InvokeAsync(() => DisplayMessageInUi(exception, userConfig.GetText("schedule_tile"), userConfig.GetText("schedule_upd_err_msg"), true));
     }
 
-    private async void OnReportScheduleUpdate(ScheduledReport[] newScheduledReports)
+    private async void OnReportScheduleUpdate(List<ScheduledReport> newScheduledReports)
     {
         Log.WriteDebug("Report Scheduling", "Received report schedule update.");
-        scheduledReports = newScheduledReports.ToList();
+        scheduledReports = newScheduledReports;
         await InvokeAsync(StateHasChanged);
     }
 
diff --git a/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor b/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
index 8960ba0d9..7e5c6a9b2 100644
--- a/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
+++ b/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
@@ -18,7 +18,7 @@
 
     <div class="navbar-collapse me-auto nav-main-left @NavMenuCollapseClass">
         <ul class="navbar-nav me-auto">
-            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}")">
+            <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}, {Roles.Modeller}")">
                 <li class="nav-item px-2">
                     <a href="/report/generation" class="nav-link @(navigationManager.Uri.Contains("/report/") ? "active" : "")">
                         <span class="@Icons.Reporting"></span> @(userConfig.GetText("reporting"))

From 398c65c1d6a2cc8c7dff21197fe967775d09afe9 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 27 Feb 2024 16:35:58 +0100
Subject: [PATCH 16/84] extract tenant selection

---
 roles/lib/files/FWO.Api.Client/Data/Tenant.cs |  4 +-
 .../ui/files/FWO.UI/Auth/AuthStateProvider.cs |  7 +-
 .../files/FWO.UI/Pages/Reporting/Report.razor | 78 +++++--------------
 .../Reporting/ReportTenantSelection.razor     | 58 ++++++++++++++
 4 files changed, 83 insertions(+), 64 deletions(-)
 create mode 100644 roles/ui/files/FWO.UI/Pages/Reporting/ReportTenantSelection.razor

diff --git a/roles/lib/files/FWO.Api.Client/Data/Tenant.cs b/roles/lib/files/FWO.Api.Client/Data/Tenant.cs
index 4266ae70b..b42b13b6f 100644
--- a/roles/lib/files/FWO.Api.Client/Data/Tenant.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/Tenant.cs
@@ -160,11 +160,11 @@ public TenantEditParameters ToApiUpdateParams()
             return tenantUpdateParams;
         }
 
-        public static async Task<Tenant> getSingleTenant(ApiConnection conn, int tenantId)
+        public static async Task<Tenant?> getSingleTenant(ApiConnection conn, int tenantId)
         {
             Tenant[] tenants = Array.Empty<Tenant>(); 
             tenants = await conn.SendQueryAsync<Tenant[]>(AuthQueries.getTenants, new { tenant_id = tenantId });
-            if (tenants.Length>0)
+            if (tenants.Length > 0)
             {
                 return tenants[0];
             }
diff --git a/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs b/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs
index 58c520143..8b13752db 100644
--- a/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs
+++ b/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs
@@ -141,8 +141,7 @@ public int getTenantId(string jwtString)
         public async Task<Tenant> getTenantFromJwt(string jwtString, ApiConnection apiConnection)
         {
             JwtReader jwtReader = new JwtReader(jwtString);
-            Tenant tenant = new Tenant();
-            int tenantId;
+            Tenant tenant = new();
 
             if (jwtReader.Validate())
             {
@@ -157,9 +156,9 @@ public async Task<Tenant> getTenantFromJwt(string jwtString, ApiConnection apiCo
                 // Set user information
                 user = new ClaimsPrincipal(identity);
 
-                if (int.TryParse(user.FindFirstValue("x-hasura-tenant-id"), out tenantId))
+                if (int.TryParse(user.FindFirstValue("x-hasura-tenant-id"), out int tenantId))
                 {
-                    tenant = await Tenant.getSingleTenant(apiConnection, tenantId);
+                    tenant = await Tenant.getSingleTenant(apiConnection, tenantId) ?? new();
                 }
                 // else
                 // {
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 34da2a8aa..324273e08 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -45,26 +45,9 @@
             </div>
         </div>
     }
-    @if (selectedReportType != ReportType.Statistics && tenantList.Count > 1)
+    @if (selectedReportType != ReportType.Statistics)
     {
-        <div class="p-3">
-            <h5 class="text-left">@(userConfig.GetText("tenant_view"))</h5>
-            <Dropdown
-                @ref="tenantSelector"
-                SelectedElementChanged="TenantViewChanged"
-                ElementType="Tenant" ElementToString="@(t => t.Name)" Nullable="true"
-                Elements="tenantList">
-                <ElementTemplate Context="tenant">
-                    @tenant.Name
-                </ElementTemplate>
-            </Dropdown>
-        </div>
-    }
-    else
-    {
-        <div class="p-3">
-            <h5 class="text-left">@(userConfig.GetText("tenant")) @userConfig.User.Tenant.Name</h5>
-        </div>
+        <ReportTenantSelection SelectedTenant="selectedTenant" SelectedTenantChanged="TenantViewChanged" TenantFilteringAllowed="tenantFilteringAllowed"/>
     }
 
     @if (selectedReportType.IsRuleRelatedReport())
@@ -162,7 +145,7 @@
 @* ==== RIGHT SIDEBAR ==== *@
 @if (selectedReportType.IsRuleRelatedReport())
 {
-    <RightSidebar @bind-Width="sidebarRightWidth" Tabset="rsbTabset" AnchorNavToRSB="anchorNavToRSB" CurrentReport="currentReport" @bind-SelectedRules="selectedItemsRuleReportTable" ManagementsReport="managementsReport" AllTabVisible="(tenantFilteringAllowed && selectedTenantView == null)" />
+    <RightSidebar @bind-Width="sidebarRightWidth" Tabset="rsbTabset" AnchorNavToRSB="anchorNavToRSB" CurrentReport="currentReport" @bind-SelectedRules="selectedItemsRuleReportTable" ManagementsReport="managementsReport" AllTabVisible="(tenantFilteringAllowed && selectedTenant == null)" />
     <AnchorNavToRSB @ref="anchorNavToRSB" TabSet="rsbTabset" />
 }
 
@@ -191,15 +174,12 @@
     private Management? globalStats = null;
 
     private ReportType selectedReportType = ReportType.Rules;
-    private Tenant? selectedTenantView = null;
-    private List<Tenant> tenantList = new List<Tenant>();
 
     private DeviceFilter deviceFilter = new DeviceFilter();
     private bool selectAll = true;
     private List<string> unsupportedList = new List<string>();
     private DeviceFilter reducedDeviceFilter = new DeviceFilter();
-
-    private Dropdown<Tenant> tenantSelector;
+    private Tenant? selectedTenant = null;
 
     private TimeFilter actTimeFilter = new();
     private TimeFilter savedTimeFilter = new();
@@ -250,11 +230,6 @@
             displayedTimeSelection = userConfig.GetText("now");
             unusedDays = userConfig.UnusedTolerance;
             deviceFilter.Managements = await apiConnection.SendQueryAsync<List<ManagementSelect>>(DeviceQueries.getDevicesByManagement);
-            if (tenantFilteringAllowed)
-            {
-                tenantList = await apiConnection.SendQueryAsync<List<Tenant>>(FWO.Api.Client.Queries.AuthQueries.getTenants);
-                tenantList?.Sort((a, b) => a.Name?.CompareTo(b.Name) ?? -1); // sort list of tenants
-            }
 
             if (deviceFilter.NumberMgmtDev() > userConfig.MinCollapseAllDevices)
             {
@@ -270,8 +245,7 @@
 
     private void ReportTypeChanged(ReportType newReportType)
     {
-        // clear report data when switching reportType
-        // as we would be missing src/dst/svc information in some cases           
+        // clear report data when switching reportType as we would be missing src/dst/svc information in some cases           
         managementsReport = new Management[] {};
         globalStats = null;
         selectedReportType = newReportType;
@@ -296,11 +270,6 @@
 
     private async Task SetDeviceVisibility(List<ManagementSelect> mgms, Tenant tenantView)
     {
-        // TODO: not used yet
-        // List<ManagementSelect> visibleDevices = await apiConnection.SendQueryAsync<List<ManagementSelect>>(DeviceQueries.getDevicesByManagement);
-
-        // List<TenantGateway> tenantGatewayList = new List<TenantGateway>(selectedTenantView.TenantVisibleGateways);
-        // List<TenantViewGateway> tenantGatewayList = new List<TenantViewGateway>();
         if ((userConfig.User.Tenant.Id==null || userConfig.User.Tenant.Id==1) && tenantView.Id!=1)
         {
             // filtering for tenant simulation only done by a tenant0 user
@@ -336,10 +305,10 @@
             bool mgmVisible = false;
             foreach (DeviceSelect gw in mgm.Devices)
             {
-                // gw.Visible = tenantGatewayList.Exists(d => d.Id == gw.Id);
                 gw.Visible = tenantView.VisibleGatewayIds.Contains(gw.Id);
                 if (gw.Visible)
-                {   // one gateway is visible, so the management must be visible
+                {   
+                    // one gateway is visible, so the management must be visible
                     mgmVisible = true;
                 }
                 else
@@ -356,21 +325,19 @@
         }    
     }
 
-    /// sets deviceFilter.Managements and selectedTenantView according to either
+    /// sets deviceFilter.Managements and selectedTenant according to either
     /// a) selected tenant for tenant simulation
     /// b) tenant of the user logged in (if belonging to tenant <> tenant0)
     private async Task TenantViewChanged(Tenant newTenantView)
     {
-        // clear report data when switching Tenant
-        // as we would be missing src/dst/svc information in some cases           
+        selectedTenant = newTenantView;
+
+        // clear report data when switching Tenant as we would be missing src/dst/svc information in some cases           
         managementsReport = new Management[] {};
         globalStats = null;
 
-        // adjust device filter to newly selected tenant view
-        selectedTenantView = newTenantView;
-
         // we must modify the device visibility in the device filter
-        if (selectedTenantView==null || selectedTenantView.Id == 1)
+        if (selectedTenant==null || selectedTenant.Id == 1)
         {
            // tenant0 or no tenant selected --> all devices are visible            
             MarkAllDevicesVisible(deviceFilter.Managements);
@@ -378,10 +345,10 @@
         else
         {
             // not all devices are visible
-            await SetDeviceVisibility(deviceFilter.Managements, selectedTenantView);
+            await SetDeviceVisibility(deviceFilter.Managements, selectedTenant);
         }
         selectAll = !deviceFilter.isAnyDeviceFilterSet();
-        StateHasChanged(); // redisplay LSB
+        await InvokeAsync(StateHasChanged);
     }
 
     private async Task SyncFiltersFromTemplate(ReportTemplate template)
@@ -389,17 +356,12 @@
         filterInput = template.Filter;
         selectedReportType = (ReportType)template.ReportParams.ReportType;
 
+        Tenant? tenantFromTemplate,
         if (template.ReportParams.TenantFilter.IsActive)
         {
-            Tenant tenantFromTemplate = await Tenant.getSingleTenant(apiConnection, template.ReportParams.TenantFilter.TenantId);
-            await tenantSelector.SelectElement(tenantFromTemplate);
-            await TenantViewChanged(tenantFromTemplate);
-        }
-        else
-        {
-            await tenantSelector.SelectElement(null);
-            await TenantViewChanged(null);
+            tenantFromTemplate = await Tenant.getSingleTenant(apiConnection, template.ReportParams.TenantFilter.TenantId);
         }
+        await TenantViewChanged(tenantFromTemplate);
 
         if(template.ReportParams.DeviceFilter != null && template.ReportParams.DeviceFilter.Managements.Count > 0)
         {
@@ -636,12 +598,12 @@
         if (selectedReportType != ReportType.Statistics)
         {
             // also make sure the report a user belonging to a tenant <> 1 sees, gets the additional filters in DynGraphqlQuery.cs
-            if (selectedTenantView==null && userConfig.User.Tenant.Id>1)
+            if (selectedTenant==null && userConfig.User.Tenant.Id>1)
             {
-                selectedTenantView = userConfig.User.Tenant;
+                selectedTenant = userConfig.User.Tenant;
                 // TODO: when admin selects a tenant filter, add the corresponding device filter to make sure only those devices are reported that the tenant is allowed to see
             }
-            reportParams.TenantFilter = new TenantFilter(selectedTenantView);
+            reportParams.TenantFilter = new TenantFilter(selectedTenant);
         }
         reportParams.RecertFilter = new RecertFilter(actRecertFilter);
         reportParams.UnusedFilter = new UnusedFilter() 
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportTenantSelection.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTenantSelection.razor
new file mode 100644
index 000000000..e5ab04880
--- /dev/null
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTenantSelection.razor
@@ -0,0 +1,58 @@
+@using FWO.Config.Api
+
+@inject ApiConnection apiConnection
+@inject UserConfig userConfig
+
+
+@if (tenantList.Count > 1)
+{
+    <div class="p-3">
+        <h5 class="text-left">@(userConfig.GetText("tenant_view"))</h5>
+        <Dropdown SelectedElement="SelectedTenant" SelectedElementChanged="SelectedTenantChanged"
+                ElementType="Tenant" ElementToString="@(t => t.Name)" Nullable="true" Elements="tenantList">
+            <ElementTemplate Context="tenant">
+                @tenant.Name
+            </ElementTemplate>
+        </Dropdown>
+    </div>
+}
+else
+{
+    <div class="p-3">
+        <h5 class="text-left">@(userConfig.GetText("tenant")) @userConfig.User.Tenant.Name</h5>
+    </div>
+}
+
+
+@code
+{
+    [CascadingParameter]
+    Action<Exception?, string, string, bool> DisplayMessageInUi { get; set; } = DefaultInit.DoNothing;
+
+    [Parameter]
+    public Tenant SelectedTenant { get; set; } = new();
+
+    [Parameter]
+    public EventCallback<Tenant> SelectedTenantChanged { get; set; }
+
+    [Parameter]
+    public bool TenantFilteringAllowed { get; set; } = false;
+
+    private List<Tenant> tenantList = new List<Tenant>();
+
+    protected override async Task OnInitializedAsync()
+    {
+        try
+        {
+            if (TenantFilteringAllowed)
+            {
+                tenantList = await apiConnection.SendQueryAsync<List<Tenant>>(FWO.Api.Client.Queries.AuthQueries.getTenants);
+                tenantList?.Sort((a, b) => a.Name?.CompareTo(b.Name) ?? -1); // sort list of tenants
+            }
+        }
+        catch (Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("object_fetch"), "", true);
+        }
+    }
+}

From 5eabae3f1b990566c2f2e4d65d380a277ecbee7d Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 27 Feb 2024 20:52:53 +0100
Subject: [PATCH 17/84] move report filters to new class

---
 .../files/FWO.Api.Client/Data/TenantFilter.cs |   2 -
 .../FWO.Report.Filter.csproj                  |   1 +
 .../FilterTypes/ReportFilters.cs              | 232 +++++++++
 .../files/FWO.UI/Pages/Reporting/Report.razor | 473 ++++++------------
 4 files changed, 379 insertions(+), 329 deletions(-)
 create mode 100644 roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs

diff --git a/roles/lib/files/FWO.Api.Client/Data/TenantFilter.cs b/roles/lib/files/FWO.Api.Client/Data/TenantFilter.cs
index 3889f18df..ac6a7934c 100644
--- a/roles/lib/files/FWO.Api.Client/Data/TenantFilter.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/TenantFilter.cs
@@ -1,6 +1,4 @@
-using System.Text;
 using System.Text.Json.Serialization;
-using Microsoft.AspNetCore.Components;
 using Newtonsoft.Json;
 
 namespace FWO.Api.Data
diff --git a/roles/lib/files/FWO.Report.Filter/FWO.Report.Filter.csproj b/roles/lib/files/FWO.Report.Filter/FWO.Report.Filter.csproj
index c1ab04e12..595613788 100644
--- a/roles/lib/files/FWO.Report.Filter/FWO.Report.Filter.csproj
+++ b/roles/lib/files/FWO.Report.Filter/FWO.Report.Filter.csproj
@@ -11,5 +11,6 @@
   </ItemGroup>
   <ItemGroup>
       <ProjectReference Include="..\..\..\lib\files\FWO.Api.Client\FWO.Api.Client.csproj" />
+      <ProjectReference Include="..\..\..\lib\files\FWO.Config.Api\FWO.Config.Api.csproj" />
   </ItemGroup>
 </Project>
diff --git a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs
new file mode 100644
index 000000000..50b1295ac
--- /dev/null
+++ b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs
@@ -0,0 +1,232 @@
+using FWO.Api.Data;
+using FWO.Config.Api;
+
+namespace FWO.Report.Filter
+{
+    public class ReportFilters
+    {
+        public ReportType ReportType { get; set; } = ReportType.Rules;
+
+        public DeviceFilter DeviceFilter { get; set; } = new DeviceFilter();
+        public DeviceFilter ReducedDeviceFilter { get; set; } = new DeviceFilter();
+        public bool SelectAll = true;
+        public bool CollapseDevices = false;
+
+        public TimeFilter TimeFilter { get; set; } = new TimeFilter();
+        public TimeFilter SavedTimeFilter { get; set; } = new TimeFilter();
+
+        public TenantFilter TenantFilter { get; set; } = new TenantFilter();
+        public Tenant? SelectedTenant = null;
+
+        public RecertFilter RecertFilter { get; set; } = new RecertFilter();
+
+        public UnusedFilter UnusedFilter { get; set; } = new UnusedFilter();
+        public int UnusedDays = 0;
+
+        public string DisplayedTimeSelection = "";
+
+        private UserConfig userConfig;
+
+
+        public ReportFilters()
+        {}
+
+        public void Init(UserConfig userConfigIn, bool showRuleRelatedReports)
+        {
+            userConfig = userConfigIn;
+            ReportType = showRuleRelatedReports ? ReportType.Rules : ReportType.Connections;
+            DisplayedTimeSelection = userConfig.GetText("now");
+            UnusedDays = userConfig.UnusedTolerance;
+
+            if (DeviceFilter.NumberMgmtDev() > userConfig.MinCollapseAllDevices)
+            {
+                CollapseDevices = true;
+            }
+        }
+
+        public void SyncFiltersFromTemplate(ReportTemplate template)
+        {
+            ReportType = (ReportType)template.ReportParams.ReportType;
+            if(template.ReportParams.DeviceFilter != null && template.ReportParams.DeviceFilter.Managements.Count > 0)
+            {
+                DeviceFilter.SynchronizeDevFilter(template.ReportParams.DeviceFilter);
+            }
+            SelectAll = !DeviceFilter.isAnyDeviceFilterSet();
+
+            if(template.ReportParams.TimeFilter != null)
+            {
+                TimeFilter = template.ReportParams.TimeFilter;
+            }
+            SetDisplayedTimeSelection();
+            RecertFilter = new(template.ReportParams.RecertFilter);
+            UnusedDays = template.ReportParams.UnusedFilter.UnusedForDays;
+        }
+
+        public ReportParams ToReportParams()
+        {
+            ReportParams reportParams = new ReportParams((int)ReportType, ReportType == ReportType.UnusedRules ? ReducedDeviceFilter : DeviceFilter)
+            {
+                TimeFilter = SavedTimeFilter,
+                RecertFilter = new RecertFilter(RecertFilter),
+                UnusedFilter = new UnusedFilter() 
+                {
+                    UnusedForDays = UnusedDays, 
+                    CreationTolerance = userConfig.CreationTolerance
+                }
+            };
+            if (ReportType != ReportType.Statistics)
+            {
+                // also make sure the report a user belonging to a tenant <> 1 sees, gets the additional filters in DynGraphqlQuery.cs
+                if (SelectedTenant == null && userConfig.User.Tenant.Id > 1)
+                {
+                    SelectedTenant = userConfig.User.Tenant;
+                    // TODO: when admin selects a tenant filter, add the corresponding device filter to make sure only those devices are reported that the tenant is allowed to see
+                }
+                reportParams.TenantFilter = new TenantFilter(SelectedTenant);
+            }
+            return reportParams;
+        }
+
+        public bool SetDisplayedTimeSelection()
+        {
+            if (ReportType.IsChangeReport())
+            {
+                switch (TimeFilter.TimeRangeType)
+                {
+                    case TimeRangeType.Shortcut:
+                        DisplayedTimeSelection = userConfig.GetText(TimeFilter.TimeRangeShortcut);
+                        break;
+                    case TimeRangeType.Interval:
+                        DisplayedTimeSelection = userConfig.GetText("last") + " " + 
+                            TimeFilter.Offset + " " + userConfig.GetText(TimeFilter.Interval.ToString());
+                        break;
+                    case TimeRangeType.Fixeddates:
+                        if(TimeFilter.OpenStart && TimeFilter.OpenEnd)
+                        {
+                            DisplayedTimeSelection = userConfig.GetText("open");
+                        }
+                        else if(TimeFilter.OpenStart)
+                        {
+                            DisplayedTimeSelection = userConfig.GetText("until") + " " + TimeFilter.EndTime.ToString();
+                        }
+                        else if(TimeFilter.OpenEnd)
+                        {
+                            DisplayedTimeSelection = userConfig.GetText("from") + " " + TimeFilter.StartTime.ToString();
+                        }
+                        else
+                        {
+                            DisplayedTimeSelection = TimeFilter.StartTime.ToString() + " - " + TimeFilter.EndTime.ToString();
+                        }
+                        break;
+                    default:
+                        DisplayedTimeSelection = "";
+                        break;
+                };
+            }
+            else
+            {
+                if (TimeFilter.IsShortcut)
+                {
+                    DisplayedTimeSelection = userConfig.GetText(TimeFilter.TimeShortcut);
+                }
+                else
+                {
+                    DisplayedTimeSelection = TimeFilter.ReportTime.ToString();
+                }
+            }
+            return true;
+        }
+
+        /// sets deviceFilter.Managements and selectedTenant according to either
+        /// a) selected tenant for tenant simulation
+        /// b) tenant of the user logged in (if belonging to tenant <> tenant0)
+        public void TenantViewChanged(Tenant? newTenantView)
+        {
+            SelectedTenant = newTenantView;
+
+            // we must modify the device visibility in the device filter
+            if (SelectedTenant==null || SelectedTenant.Id == 1)
+            {
+            // tenant0 or no tenant selected --> all devices are visible            
+                MarkAllDevicesVisible(DeviceFilter.Managements);
+            }
+            else
+            {
+                // not all devices are visible
+                SetDeviceVisibility(SelectedTenant);
+            }
+            SelectAll = !DeviceFilter.isAnyDeviceFilterSet();
+        }
+        
+        private void MarkAllDevicesVisible(List<ManagementSelect> mgms)
+        {
+            foreach (ManagementSelect management in mgms)
+            {
+                management.Visible = true;
+                management.Shared = false;
+                foreach (DeviceSelect gw in management.Devices)
+                {
+                    gw.Visible = true;
+                    gw.Shared = false;
+                }
+            }
+        }
+
+        private void SetDeviceVisibility(Tenant tenantView)
+        {
+            if ((userConfig.User.Tenant.Id==null || userConfig.User.Tenant.Id==1) && tenantView.Id!=1)
+            {
+                // filtering for tenant simulation only done by a tenant0 user
+                foreach (TenantGateway gw in tenantView.TenantGateways)
+                {
+                    if (!tenantView.VisibleGatewayIds.Contains(gw.VisibleGateway.Id))
+                    {
+                        tenantView.VisibleGatewayIds.Append(gw.VisibleGateway.Id);
+                        tenantView.VisibleGatewayIds = tenantView.VisibleGatewayIds.Concat(new int[] { gw.VisibleGateway.Id }).ToArray();
+                    }
+                }
+
+                // also add all gateways of non-shared managments - necessary for simulated tenant filtering
+                foreach (TenantManagement mgm in tenantView.TenantManagements)
+                {
+                    if (!mgm.Shared)
+                    {
+                        foreach (Device gw in mgm.VisibleManagement.Devices)
+                        {
+                            if (!tenantView.VisibleGatewayIds.Contains(gw.Id))
+                            {
+                                tenantView.VisibleGatewayIds.Append(gw.Id);
+                                tenantView.VisibleGatewayIds = tenantView.VisibleGatewayIds.Concat(new int[] { gw.Id }).ToArray();
+                            }
+                        }
+                    }
+                }
+            }
+
+            foreach (ManagementSelect mgm in DeviceFilter.Managements)
+            {
+                mgm.Shared = false;
+                bool mgmVisible = false;
+                foreach (DeviceSelect gw in mgm.Devices)
+                {
+                    gw.Visible = tenantView.VisibleGatewayIds.Contains(gw.Id);
+                    if (gw.Visible)
+                    {   
+                        // one gateway is visible, so the management must be visible
+                        mgmVisible = true;
+                    }
+                    else
+                    {   
+                        gw.Selected = false; // make sure invisible devices are not selected
+                        mgm.Shared = true; // if one gateway is not visible, the mgm is shared (filtered)
+                    }
+                }
+                mgm.Visible = mgmVisible;
+                if (!mgm.Visible)
+                {   // make sure invisible managements are not selected
+                    mgm.Selected = false;
+                }
+            }    
+        }
+    }
+}
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 324273e08..25b58a2ea 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -13,144 +13,149 @@
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
 
-@* ==== LEFT SIDEBAR ==== *@
-<Sidebar @ref="deviceSelectionSidebar" Collapsible="true" Resizeable="true" PositionLeft="true" @bind-Width="sidebarLeftWidth" >
-    <div class="p-3 mt-2">
-        <h5 class="text-left">@(userConfig.GetText("report_type"))</h5>
-        <Dropdown ElementType="ReportType" ElementToString="@(r => userConfig.GetText(r.ToString()))" SelectedElement="selectedReportType"
-            SelectedElementChanged="ReportTypeChanged" Elements="CustomSortReportType(Enum.GetValues(typeof(ReportType)).Cast<ReportType>().ToList())">
-            <ElementTemplate Context="reportType">
-                @userConfig.GetText(reportType.ToString())
-            </ElementTemplate>
-        </Dropdown>
-    </div>
-    @if (selectedReportType==ReportType.Recertification)
-    {
-        <ReportRecertParamSelection @bind-FilterInput="filterInput" @bind-RecertFilter="actRecertFilter"/>
-    }
-    else if(selectedReportType==ReportType.UnusedRules)
-    {
-        <div class="p-3">
-            <h5 class="text-left">@(userConfig.GetText("unused_days"))</h5>
-            <input type="number" min="1" max="5000" step="1" class="form-control form-control-sm" @bind="unusedDays" />
-        </div>
-    }
-    else
-    {
-        <div class="p-3">
-            <h5 class="text-left">@(userConfig.GetText("report_time"))</h5>
-            <div class="input-group">
-                <input type="text" class="form-control form-control-sm" value="@displayedTimeSelection" />
-                <button type="button" class="btn btn-sm btn-secondary" @onclick="SelectTime">@(userConfig.GetText("change"))</button>
-            </div>
-        </div>
-    }
-    @if (selectedReportType != ReportType.Statistics)
-    {
-        <ReportTenantSelection SelectedTenant="selectedTenant" SelectedTenantChanged="TenantViewChanged" TenantFilteringAllowed="tenantFilteringAllowed"/>
-    }
-
-    @if (selectedReportType.IsRuleRelatedReport())
-    {
-        <DeviceSelection @bind-DeviceFilter="deviceFilter" @bind-CollapseAll="collapseDevices" @bind-SelectAll="selectAll"></DeviceSelection>
-    }
-</Sidebar>
-
-@* ==== Middle div ==== *@
-<div style="margin-left: @($"{sidebarLeftWidth + 10}px"); margin-right: @($"{sidebarRightWidth + 10}px");">
-    <ReportTabset/>
-
-    @* ==== Filter line ==== *@
-    <form class="m-1" @onsubmit="GenerateReport">
-        <input style="position:relative; z-index:1; background-color:rgba(0,0,0,0);" translate="no" autocapitalize="off"
-                class="form-control" spellcheck="false" placeholder="Filter" @oninput="TryFilter" @bind="filterInput" />
-        <div style="left:0px; top:0px; color:rgba(0,0,0,0); user-select:none;" translate="no" autocapitalize="off"
-                class="form-control position-absolute whitespace-div" spellcheck="false">
-            <span>@filterFeedbackStart</span><span class="error-underline">@filterFeedbackError</span><span>@filterFeedbackEnd</span>
+@if(InitDone)
+{
+    @* ==== LEFT SIDEBAR ==== *@
+    <Sidebar @ref="deviceSelectionSidebar" Collapsible="true" Resizeable="true" PositionLeft="true" @bind-Width="sidebarLeftWidth" >
+        <div class="p-3 mt-2">
+            <h5 class="text-left">@(userConfig.GetText("report_type"))</h5>
+            <Dropdown ElementType="ReportType" ElementToString="@(r => userConfig.GetText(r.ToString()))" SelectedElement="actReportFilters.ReportType"
+                SelectedElementChanged="ReportTypeChanged" Elements="CustomSortReportType(Enum.GetValues(typeof(ReportType)).Cast<ReportType>().ToList())">
+                <ElementTemplate Context="reportType">
+                    @userConfig.GetText(reportType.ToString())
+                </ElementTemplate>
+            </Dropdown>
         </div>
-    </form>
-    <div class="btn-group m-1 sticky-marker-60" style="z-index: 16;">
-        @if (processing == false)
+        @if (actReportFilters.ReportType==ReportType.Recertification)
         {
-            <button type="button" class="btn btn-sm btn-primary" @onclick="GenerateReport">@(userConfig.GetText("generate_report"))</button>
+            <ReportRecertParamSelection @bind-FilterInput="filterInput" @bind-RecertFilter="actReportFilters.RecertFilter"/>
+        }
+        else if(actReportFilters.ReportType==ReportType.UnusedRules)
+        {
+            <div class="p-3">
+                <h5 class="text-left">@(userConfig.GetText("unused_days"))</h5>
+                <input type="number" min="1" max="5000" step="1" class="form-control form-control-sm" @bind="actReportFilters.UnusedDays" />
+            </div>
         }
         else
         {
-            <button type="button" class="btn btn-sm btn-danger" @onclick="() => CancelGeneration()">@(userConfig.GetText("stop_fetching"))</button>
+            <div class="p-3">
+                <h5 class="text-left">@(userConfig.GetText("report_time"))</h5>
+                <div class="input-group">
+                    <input type="text" class="form-control form-control-sm" value="@actReportFilters.DisplayedTimeSelection" />
+                    <button type="button" class="btn btn-sm btn-secondary" @onclick="SelectTime">@(userConfig.GetText("change"))</button>
+                </div>
+            </div>
         }
-        <ReportExport ReportToExport="currentReport"></ReportExport>
-        <button type="button" class="btn btn-sm btn-secondary" @onclick="() => { reportTemplateControl.NewTemplate(ConstructReportTemplate()); }">@(userConfig.GetText("save_as_template"))</button>
-        @if(currentReport != null && currentReport.ReportType == ReportType.UnusedRules && selectedItemsRuleReportTable.Count > 0 
-            && (authenticationStateTask!.Result.User.IsInRole(Roles.Admin) || authenticationStateTask!.Result.User.IsInRole(Roles.Requester) || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor)))
+        @if (actReportFilters.ReportType != ReportType.Statistics)
         {
-            <button type="button" class="btn btn-sm btn-danger" @onclick="() => {ShowCreateTicketDialog = true;}">@(userConfig.GetText("create_delete_ticket"))</button>
+            <ReportTenantSelection SelectedTenant="actReportFilters.SelectedTenant" SelectedTenantChanged="TenantViewChanged" TenantFilteringAllowed="tenantFilteringAllowed"/>
         }
-    </div>
 
-    <hr />
+        @if (actReportFilters.ReportType.IsRuleRelatedReport())
+        {
+            <DeviceSelection @bind-DeviceFilter="actReportFilters.DeviceFilter" @bind-CollapseAll="actReportFilters.CollapseDevices" @bind-SelectAll="actReportFilters.SelectAll"></DeviceSelection>
+        }
+    </Sidebar>
+
+    @* ==== Middle div ==== *@
+    <div style="margin-left: @($"{sidebarLeftWidth + 10}px"); margin-right: @($"{sidebarRightWidth + 10}px");">
+        <ReportTabset/>
+
+        @* ==== Filter line ==== *@
+        <form class="m-1" @onsubmit="GenerateReport">
+            <input style="position:relative; z-index:1; background-color:rgba(0,0,0,0);" translate="no" autocapitalize="off"
+                    class="form-control" spellcheck="false" placeholder="Filter" @oninput="TryFilter" @bind="filterInput" />
+            <div style="left:0px; top:0px; color:rgba(0,0,0,0); user-select:none;" translate="no" autocapitalize="off"
+                    class="form-control position-absolute whitespace-div" spellcheck="false">
+                <span>@filterFeedbackStart</span><span class="error-underline">@filterFeedbackError</span><span>@filterFeedbackEnd</span>
+            </div>
+        </form>
+        <div class="btn-group m-1 sticky-marker-60" style="z-index: 16;">
+            @if (processing == false)
+            {
+                <button type="button" class="btn btn-sm btn-primary" @onclick="GenerateReport">@(userConfig.GetText("generate_report"))</button>
+            }
+            else
+            {
+                <button type="button" class="btn btn-sm btn-danger" @onclick="() => CancelGeneration()">@(userConfig.GetText("stop_fetching"))</button>
+            }
+            <ReportExport ReportToExport="currentReport" />
+            <button type="button" class="btn btn-sm btn-secondary" @onclick="() => { reportTemplateControl.NewTemplate(ConstructReportTemplate()); }">@(userConfig.GetText("save_as_template"))</button>
+            @if(currentReport != null && currentReport.ReportType == ReportType.UnusedRules && selectedItemsRuleReportTable.Count > 0 
+                && (authenticationStateTask!.Result.User.IsInRole(Roles.Admin) || authenticationStateTask!.Result.User.IsInRole(Roles.Requester) || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor)))
+            {
+                <button type="button" class="btn btn-sm btn-danger" @onclick="() => {ShowCreateTicketDialog = true;}">@(userConfig.GetText("create_delete_ticket"))</button>
+            }
+        </div>
 
-    @* ==== Templates ==== *@
-    <ReportTemplateComponent OnTemplateLoad="async template => { SyncFiltersFromTemplate(template); StateHasChanged(); }" @ref="reportTemplateControl" />
+        <hr />
 
-    @* ==== Report main div ==== *@
-    <div class="card me-1 ms-1 mb-1 shadow">
-        <div class="card-body">
-            @if (currentReport != null)
-            {
-                @switch (currentReport.ReportType)
+        @* ==== Templates ==== *@
+        <ReportTemplateComponent OnTemplateLoad="async template => { SyncFiltersFromTemplate(template); StateHasChanged(); }" @ref="reportTemplateControl" />
+
+        @* ==== Report main div ==== *@
+        <div class="card me-1 ms-1 mb-1 shadow">
+            <div class="card-body">
+                @if (currentReport != null)
                 {
-                    case ReportType.Rules:
-                    case ReportType.ResolvedRules:
-                    case ReportType.ResolvedRulesTech:
-                    case ReportType.Recertification:
-                    case ReportType.UnusedRules:
-                    case ReportType.NatRules:
-                        <RulesReport Managements="managementsReport" SelectedReportType="selectedReportType" RulesPerPage="rulesPerPage" 
-                            @bind-SelectedRules="selectedItemsRuleReportTable" />
-                        break;
-
-                    case ReportType.Changes:
-                    case ReportType.ResolvedChanges:
-                    case ReportType.ResolvedChangesTech:
-                        <ChangesReport Managements="managementsReport" SelectedReportType="selectedReportType" RulesPerPage="rulesPerPage"
-                            @bind-SelectedRuleChanges="selectedItemsChangeReportTable" />
-                        break;
-
-                    case ReportType.Statistics:
-                        <StatisticsReport Managements="managementsReport" GlobalStats="globalStats"/>
-                        break;
-
-                    default:
-                        break;
+                    @switch (currentReport.ReportType)
+                    {
+                        case ReportType.Rules:
+                        case ReportType.ResolvedRules:
+                        case ReportType.ResolvedRulesTech:
+                        case ReportType.Recertification:
+                        case ReportType.UnusedRules:
+                        case ReportType.NatRules:
+                            <RulesReport Managements="managementsReport" SelectedReportType="actReportFilters.ReportType" RulesPerPage="rulesPerPage" 
+                                @bind-SelectedRules="selectedItemsRuleReportTable" />
+                            break;
+
+                        case ReportType.Changes:
+                        case ReportType.ResolvedChanges:
+                        case ReportType.ResolvedChangesTech:
+                            <ChangesReport Managements="managementsReport" SelectedReportType="actReportFilters.ReportType" RulesPerPage="rulesPerPage"
+                                @bind-SelectedRuleChanges="selectedItemsChangeReportTable" />
+                            break;
+
+                        case ReportType.Statistics:
+                            <StatisticsReport Managements="managementsReport" GlobalStats="globalStats"/>
+                            break;
+
+                        default:
+                            break;
+                    }
                 }
-            }
+            </div>
         </div>
-    </div>
-    @if (currentReport != null)
-    {
-        if (reportGenerationDuration != 0)
+        @if (currentReport != null)
         {
-            if (reportGenerationDuration<600)
+            if (reportGenerationDuration != 0)
             {
-                <small>@(userConfig.GetText("report_duration")) @reportGenerationDuration.ToString("0.00") @(userConfig.GetText("seconds")).</small>
-            }
-            else
-            {
-                <small> @(userConfig.GetText("report_duration")) @((reportGenerationDuration/60.0).ToString("0.00")) @(userConfig.GetText("minutes")).</small>
+                if (reportGenerationDuration<600)
+                {
+                    <small>@(userConfig.GetText("report_duration")) @reportGenerationDuration.ToString("0.00") @(userConfig.GetText("seconds")).</small>
+                }
+                else
+                {
+                    <small> @(userConfig.GetText("report_duration")) @((reportGenerationDuration/60.0).ToString("0.00")) @(userConfig.GetText("minutes")).</small>
+                }
             }
         }
-    }
-</div>
+    </div>
 
-@* ==== RIGHT SIDEBAR ==== *@
-@if (selectedReportType.IsRuleRelatedReport())
-{
-    <RightSidebar @bind-Width="sidebarRightWidth" Tabset="rsbTabset" AnchorNavToRSB="anchorNavToRSB" CurrentReport="currentReport" @bind-SelectedRules="selectedItemsRuleReportTable" ManagementsReport="managementsReport" AllTabVisible="(tenantFilteringAllowed && selectedTenant == null)" />
-    <AnchorNavToRSB @ref="anchorNavToRSB" TabSet="rsbTabset" />
+    @* ==== RIGHT SIDEBAR ==== *@
+    @if (actReportFilters.ReportType.IsRuleRelatedReport())
+    {
+        <RightSidebar @bind-Width="sidebarRightWidth" Tabset="rsbTabset" AnchorNavToRSB="anchorNavToRSB" CurrentReport="currentReport"
+            @bind-SelectedRules="selectedItemsRuleReportTable" ManagementsReport="managementsReport" AllTabVisible="(tenantFilteringAllowed && actReportFilters.SelectedTenant == null)" />
+        <AnchorNavToRSB @ref="anchorNavToRSB" TabSet="rsbTabset" />
+    }
 }
 
 @* ==== POPUPS ==== *@
-<ReportSelectTime @bind-Display="ShowSelectTimeDialog" SelectedReportType="selectedReportType" @bind-ActTimeFilter="actTimeFilter" @bind-SavedTimeFilter="savedTimeFilter" DisplayTime="DisplaySelectedTime"/>
+<ReportSelectTime @bind-Display="ShowSelectTimeDialog" SelectedReportType="actReportFilters.ReportType"@bind-ActTimeFilter="actReportFilters.TimeFilter"
+    @bind-SavedTimeFilter="actReportFilters.SavedTimeFilter" DisplayTime="actReportFilters.SetDisplayedTimeSelection"/>
 <ReportCreateTicket @bind-Display="ShowCreateTicketDialog" SelectedRules="selectedItemsRuleReportTable"/>
 
 
@@ -173,20 +178,11 @@
     List<int> relevantManagementIds = new();
     private Management? globalStats = null;
 
-    private ReportType selectedReportType = ReportType.Rules;
+    private ReportFilters actReportFilters = new ();
+    private bool InitDone = false;
 
-    private DeviceFilter deviceFilter = new DeviceFilter();
-    private bool selectAll = true;
     private List<string> unsupportedList = new List<string>();
-    private DeviceFilter reducedDeviceFilter = new DeviceFilter();
-    private Tenant? selectedTenant = null;
-
-    private TimeFilter actTimeFilter = new();
-    private TimeFilter savedTimeFilter = new();
-    private string displayedTimeSelection = "";
     private bool ShowSelectTimeDialog = false;
-    private RecertFilter actRecertFilter = new();
-    private int unusedDays = 0;
     private bool ShowCreateTicketDialog = false;
 
     private int rulesPerPage = 0;   // todo: remove - no pagination implemented?
@@ -207,8 +203,6 @@
     private string filterFeedbackEnd = "";
     private string filterInput = "";
 
-    private bool collapseDevices = false;
-
     private bool tenantFilteringAllowed => authenticationStateTask!.Result.User.IsInRole(Roles.ReporterViewAll) || authenticationStateTask!.Result.User.IsInRole(Roles.Admin)
         || authenticationStateTask!.Result.User.IsInRole(Roles.FwAdmin) || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor);
 
@@ -226,15 +220,9 @@
     {
         try
         {
-            selectedReportType = showRuleRelatedReports ? ReportType.Rules : ReportType.Connections;
-            displayedTimeSelection = userConfig.GetText("now");
-            unusedDays = userConfig.UnusedTolerance;
-            deviceFilter.Managements = await apiConnection.SendQueryAsync<List<ManagementSelect>>(DeviceQueries.getDevicesByManagement);
-
-            if (deviceFilter.NumberMgmtDev() > userConfig.MinCollapseAllDevices)
-            {
-                collapseDevices = true;
-            }
+            actReportFilters.DeviceFilter.Managements = await apiConnection.SendQueryAsync<List<ManagementSelect>>(DeviceQueries.getDevicesByManagement);
+            actReportFilters.Init(userConfig, showRuleRelatedReports);
+            InitDone = true;
             await InvokeAsync(StateHasChanged);
         }
         catch (Exception exception)
@@ -245,139 +233,38 @@
 
     private void ReportTypeChanged(ReportType newReportType)
     {
-        // clear report data when switching reportType as we would be missing src/dst/svc information in some cases           
-        managementsReport = new Management[] {};
-        globalStats = null;
-        selectedReportType = newReportType;
-        DisplaySelectedTime();
+        actReportFilters.ReportType = newReportType;
+        actReportFilters.SetDisplayedTimeSelection();
+        ResetReport();
         StateHasChanged();
-        reportGenerationDuration = 0;
     }
 
-    private void MarkAllDevicesVisible(List<ManagementSelect> mgms)
+    private void ResetReport()
     {
-        foreach (ManagementSelect management in mgms)
-        {
-            management.Visible = true;
-            management.Shared = false;
-            foreach (DeviceSelect gw in management.Devices)
-            {
-                gw.Visible = true;
-                gw.Shared = false;
-            }
-        }
-    }
-
-    private async Task SetDeviceVisibility(List<ManagementSelect> mgms, Tenant tenantView)
-    {
-        if ((userConfig.User.Tenant.Id==null || userConfig.User.Tenant.Id==1) && tenantView.Id!=1)
-        {
-            // filtering for tenant simulation only done by a tenant0 user
-            foreach (TenantGateway gw in tenantView.TenantGateways)
-            {
-                if (!tenantView.VisibleGatewayIds.Contains(gw.VisibleGateway.Id))
-                {
-                    tenantView.VisibleGatewayIds.Append(gw.VisibleGateway.Id);
-                    tenantView.VisibleGatewayIds = tenantView.VisibleGatewayIds.Concat(new int[] { gw.VisibleGateway.Id }).ToArray();
-                }
-            }
-
-            // also add all gateways of non-shared managments - necessary for simulated tenant filtering
-            foreach (TenantManagement mgm in tenantView.TenantManagements)
-            {
-                if (!mgm.Shared)
-                {
-                    foreach (Device gw in mgm.VisibleManagement.Devices)
-                    {
-                        if (!tenantView.VisibleGatewayIds.Contains(gw.Id))
-                        {
-                            tenantView.VisibleGatewayIds.Append(gw.Id);
-                            tenantView.VisibleGatewayIds = tenantView.VisibleGatewayIds.Concat(new int[] { gw.Id }).ToArray();
-                        }
-                    }
-                }
-            }
-        }
-
-        foreach (ManagementSelect mgm in deviceFilter.Managements)
-        {
-            mgm.Shared = false;
-            bool mgmVisible = false;
-            foreach (DeviceSelect gw in mgm.Devices)
-            {
-                gw.Visible = tenantView.VisibleGatewayIds.Contains(gw.Id);
-                if (gw.Visible)
-                {   
-                    // one gateway is visible, so the management must be visible
-                    mgmVisible = true;
-                }
-                else
-                {   
-                    gw.Selected = false; // make sure invisible devices are not selected
-                    mgm.Shared = true; // if one gateway is not visible, the mgm is shared (filtered)
-                }
-            }
-            mgm.Visible = mgmVisible;
-            if (!mgm.Visible)
-            {   // make sure invisible managements are not selected
-                mgm.Selected = false;
-            }
-        }    
-    }
-
-    /// sets deviceFilter.Managements and selectedTenant according to either
-    /// a) selected tenant for tenant simulation
-    /// b) tenant of the user logged in (if belonging to tenant <> tenant0)
-    private async Task TenantViewChanged(Tenant newTenantView)
-    {
-        selectedTenant = newTenantView;
-
-        // clear report data when switching Tenant as we would be missing src/dst/svc information in some cases           
+        // clear report data when switching reportType as we would be missing src/dst/svc information in some cases           
         managementsReport = new Management[] {};
         globalStats = null;
+        reportGenerationDuration = 0;
+    }
 
-        // we must modify the device visibility in the device filter
-        if (selectedTenant==null || selectedTenant.Id == 1)
-        {
-           // tenant0 or no tenant selected --> all devices are visible            
-            MarkAllDevicesVisible(deviceFilter.Managements);
-        }
-        else
-        {
-            // not all devices are visible
-            await SetDeviceVisibility(deviceFilter.Managements, selectedTenant);
-        }
-        selectAll = !deviceFilter.isAnyDeviceFilterSet();
+    private async Task TenantViewChanged(Tenant? newTenantView)
+    {
+        actReportFilters.TenantViewChanged(newTenantView);
+        ResetReport();
         await InvokeAsync(StateHasChanged);
     }
 
     private async Task SyncFiltersFromTemplate(ReportTemplate template)
     {
         filterInput = template.Filter;
-        selectedReportType = (ReportType)template.ReportParams.ReportType;
-
-        Tenant? tenantFromTemplate,
+        Tenant? tenantFromTemplate = null;
         if (template.ReportParams.TenantFilter.IsActive)
         {
             tenantFromTemplate = await Tenant.getSingleTenant(apiConnection, template.ReportParams.TenantFilter.TenantId);
         }
         await TenantViewChanged(tenantFromTemplate);
-
-        if(template.ReportParams.DeviceFilter != null && template.ReportParams.DeviceFilter.Managements.Count > 0)
-        {
-            deviceFilter.SynchronizeDevFilter(template.ReportParams.DeviceFilter);
-            StateHasChanged();
-        }
-        selectAll = !deviceFilter.isAnyDeviceFilterSet();
+        actReportFilters.SyncFiltersFromTemplate(template);
         StateHasChanged();
-
-        if(template.ReportParams.TimeFilter != null)
-        {
-            actTimeFilter = template.ReportParams.TimeFilter;
-        }
-        DisplaySelectedTime();
-        actRecertFilter = new(template.ReportParams.RecertFilter);
-        unusedDays = template.ReportParams.UnusedFilter.UnusedForDays;
     }
 
     private void SelectTime()
@@ -385,56 +272,6 @@
         ShowSelectTimeDialog = true;
     }
 
-    private bool DisplaySelectedTime()
-    {
-        if (selectedReportType.IsChangeReport())
-        {
-            switch (actTimeFilter.TimeRangeType)
-            {
-                case TimeRangeType.Shortcut:
-                    displayedTimeSelection = userConfig.GetText(actTimeFilter.TimeRangeShortcut);
-                    break;
-                case TimeRangeType.Interval:
-                    displayedTimeSelection = userConfig.GetText("last") + " " + 
-                        actTimeFilter.Offset + " " + userConfig.GetText(actTimeFilter.Interval.ToString());
-                    break;
-                case TimeRangeType.Fixeddates:
-                    if(actTimeFilter.OpenStart && actTimeFilter.OpenEnd)
-                    {
-                        displayedTimeSelection = userConfig.GetText("open");
-                    }
-                    else if(actTimeFilter.OpenStart)
-                    {
-                        displayedTimeSelection = userConfig.GetText("until") + " " + actTimeFilter.EndTime.ToString();
-                    }
-                    else if(actTimeFilter.OpenEnd)
-                    {
-                        displayedTimeSelection = userConfig.GetText("from") + " " + actTimeFilter.StartTime.ToString();
-                    }
-                    else
-                    {
-                        displayedTimeSelection = actTimeFilter.StartTime.ToString() + " - " + actTimeFilter.EndTime.ToString();
-                    }
-                    break;
-                default:
-                    displayedTimeSelection = "";
-                    break;
-            };
-        }
-        else
-        {
-            if (actTimeFilter.IsShortcut)
-            {
-                displayedTimeSelection = userConfig.GetText(actTimeFilter.TimeShortcut);
-            }
-            else
-            {
-                displayedTimeSelection = actTimeFilter.ReportTime.ToString();
-            }
-        }
-        return true;
-    }
-
     private async Task GenerateReport()
     {
         Stopwatch watch = new System.Diagnostics.Stopwatch();
@@ -450,7 +287,7 @@
         Management[] managementsReportOrig = managementsReport;
         try
         {
-            if (selectedReportType.IsRuleRelatedReport() && !deviceFilter.isAnyDeviceFilterSet())  // display warning
+            if (actReportFilters.ReportType.IsRuleRelatedReport() && !actReportFilters.DeviceFilter.isAnyDeviceFilterSet())  // display warning
             {
                 DisplayMessageInUi(null, userConfig.GetText("no_device_selected"), userConfig.GetText("E1001"), true);
                 return;
@@ -460,7 +297,7 @@
             await PrepareReportGeneration();
 
             // save selected managements before resetting
-            relevantManagementIds = deviceFilter.getSelectedManagements();
+            relevantManagementIds = actReportFilters.DeviceFilter.getSelectedManagements();
 
             DateTime startTime = DateTime.Now;
             managementsReport = new Management[0]; // reset management data when switching between reports
@@ -498,7 +335,7 @@
                 {
                     DisplayMessageInUi(null, userConfig.GetText("generate_report"), userConfig.GetText("E4002"), true);
                 }
-                else if (selectedReportType.IsChangeReport())
+                else if (actReportFilters.ReportType.IsChangeReport())
                 {
                     DisplayMessageInUi(null, userConfig.GetText("generate_report"), userConfig.GetText("E4003"), true);
                 }
@@ -526,10 +363,10 @@
         reportTemplateControl.Collapse();
 
         // check for unsupported devices
-        if(selectedReportType == ReportType.UnusedRules)
+        if(actReportFilters.ReportType == ReportType.UnusedRules)
         {
-            var result = await ReportBase.GetUsageDataUnsupportedDevices(apiConnection, deviceFilter);
-            reducedDeviceFilter = result.reducedDeviceFilter;
+            var result = await ReportBase.GetUsageDataUnsupportedDevices(apiConnection, actReportFilters.DeviceFilter);
+            actReportFilters.ReducedDeviceFilter = result.reducedDeviceFilter;
             unsupportedList = result.unsupportedList;
             if(unsupportedList.Count > 0)
             {
@@ -593,25 +430,7 @@
 
     private ReportTemplate ConstructReportTemplate()
     {
-        ReportParams reportParams = new ReportParams((int)selectedReportType, selectedReportType == ReportType.UnusedRules ? reducedDeviceFilter : deviceFilter);
-        reportParams.TimeFilter = savedTimeFilter;
-        if (selectedReportType != ReportType.Statistics)
-        {
-            // also make sure the report a user belonging to a tenant <> 1 sees, gets the additional filters in DynGraphqlQuery.cs
-            if (selectedTenant==null && userConfig.User.Tenant.Id>1)
-            {
-                selectedTenant = userConfig.User.Tenant;
-                // TODO: when admin selects a tenant filter, add the corresponding device filter to make sure only those devices are reported that the tenant is allowed to see
-            }
-            reportParams.TenantFilter = new TenantFilter(selectedTenant);
-        }
-        reportParams.RecertFilter = new RecertFilter(actRecertFilter);
-        reportParams.UnusedFilter = new UnusedFilter() 
-        {
-            UnusedForDays = unusedDays, 
-            CreationTolerance = userConfig.CreationTolerance
-        };
-        return new ReportTemplate(filterInput, reportParams);
+        return new ReportTemplate(filterInput, actReportFilters.ToReportParams());
     }
 
     private void TryFilter(ChangeEventArgs changeArgs)

From b3b8e1247aa6e0c17a155648663fbe20ac8e7df4 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Wed, 28 Feb 2024 19:11:17 +0100
Subject: [PATCH 18/84] normalize svc

---
 .../files/importer/nsx4ff/fwcommon.py         | 27 ++++---
 .../files/importer/nsx4ff/nsx_application.py  | 10 +--
 .../files/importer/nsx4ff/nsx_getter.py       |  5 +-
 .../files/importer/nsx4ff/nsx_network.py      | 46 +++++------
 .../files/importer/nsx4ff/nsx_service.py      | 81 ++++++++++---------
 5 files changed, 92 insertions(+), 77 deletions(-)

diff --git a/roles/importer/files/importer/nsx4ff/fwcommon.py b/roles/importer/files/importer/nsx4ff/fwcommon.py
index c68fe1b32..5e5dea053 100644
--- a/roles/importer/files/importer/nsx4ff/fwcommon.py
+++ b/roles/importer/files/importer/nsx4ff/fwcommon.py
@@ -3,10 +3,10 @@
 from common import importer_base_dir
 sys.path.append(importer_base_dir + "/nsx4ff")
 from nsx_service import normalize_svcobjects
-from nsx_application import normalize_application_objects
+# from nsx_application import normalize_application_objects
 from nsx_rule import normalize_access_rules
 from nsx_network import normalize_nwobjects
-from nsx_zone import normalize_zones
+# from nsx_zone import normalize_zones
 from nsx_getter import update_config_with_nsxdcfw_api_call
 from fwo_log import getFwoLogger
 from nsx_base import api_version_str
@@ -29,15 +29,18 @@ def get_config(config2import, full_config, current_import_id, mgm_details, limit
         apihost = mgm_details["hostname"]
         domain = mgm_details["configPath"]
 
-        vsys_objects   = ["/Network/Zones", "/Objects/Addresses", "/Objects/Services", "/Objects/AddressGroups", "/Objects/ServiceGroups", "/Objects/Tags"]
-        predef_objects = ["/Objects/Applications"]
+        vsys_base_objects   = ["/infra/services"]
+        vsys_object_groups   = ["/infra/domains/{domain}/groups".format(domain=domain)]
+        vsys_objects   = vsys_object_groups + vsys_base_objects
+
+        #predef_objects = ["/Objects/Applications"]
         rulebase_names = ["security-policies"] # , "/Policies/NATRules"]
 
         for obj_path in vsys_objects:
             full_config[obj_path] = []
 
-        for obj_path in predef_objects:
-            full_config[obj_path] = []
+        # for obj_path in predef_objects:
+        #     full_config[obj_path] = []
         
         credentials = base64.b64encode((apiuser + ":" + apipwd).encode())
 
@@ -47,8 +50,10 @@ def get_config(config2import, full_config, current_import_id, mgm_details, limit
         # vsys_name = "vsys1" # TODO - automate this hard-coded name
         # location = "vsys"       # alternative: panorama-pushed
 
-        # for obj_path in vsys_objects:
-        #     update_config_with_nsxdcfw_api_call(key, base_url, full_config, obj_path + "?location={location}&vsys={vsys_name}".format(location=location, vsys_name=vsys_name), obj_type=obj_path)
+
+        for obj_path in vsys_objects:
+            base_url =  "https://{apihost}/policy/api/v1{path}".format(apihost=apihost, path=obj_path)
+            update_config_with_nsxdcfw_api_call(base_url, full_config, obj_path, obj_type=obj_path, credentials=credentials)
 
         # for obj_path in predef_objects:
         #     update_config_with_nsxdcfw_api_call(key, base_url, full_config, obj_path + "?location={location}".format(location="predefined"), obj_type=obj_path)
@@ -72,9 +77,9 @@ def get_config(config2import, full_config, current_import_id, mgm_details, limit
     ##################
     # now we normalize relevant parts of the raw config and write the results to config2import dict
 
-    normalize_nwobjects(full_config, config2import, current_import_id, jwt=jwt, mgm_id=mgm_details['id'])
+    normalize_nwobjects(full_config, config2import, current_import_id, jwt=jwt, mgm_id=mgm_details['id'], domain=domain)
     normalize_svcobjects(full_config, config2import, current_import_id)
-    normalize_application_objects(full_config, config2import, current_import_id)
+    # normalize_application_objects(full_config, config2import, current_import_id)
     # normalize_users(full_config, config2import, current_import_id, user_scope)
 
     # adding default any and predefined objects
@@ -93,7 +98,7 @@ def get_config(config2import, full_config, current_import_id, mgm_details, limit
         "obj_typ": "network", "obj_ip": "0.0.0.0/0", "control_id": current_import_id}
     config2import["network_objects"].append(any_nw_object)
 
-    normalize_zones(full_config, config2import, current_import_id)
+    # normalize_zones(full_config, config2import, current_import_id)
     normalize_access_rules(full_config, config2import, current_import_id, mgm_details=mgm_details)
     # normalize_nat_rules(full_config, config2import, current_import_id, jwt=jwt)
 
diff --git a/roles/importer/files/importer/nsx4ff/nsx_application.py b/roles/importer/files/importer/nsx4ff/nsx_application.py
index 4652fa0c6..6d132cbe8 100644
--- a/roles/importer/files/importer/nsx4ff/nsx_application.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_application.py
@@ -2,11 +2,11 @@
 from fwo_log import getFwoLogger
 
 
-def normalize_application_objects(full_config, config2import, import_id):
-    app_objects = []
-    for app_orig in full_config["/Objects/Applications"]:
-        app_objects.append(parse_app(app_orig, import_id,config2import))
-    config2import['service_objects'] += app_objects
+# def normalize_application_objects(full_config, config2import, import_id):
+#     app_objects = []
+#     for app_orig in full_config["/Objects/Applications"]:
+#         app_objects.append(parse_app(app_orig, import_id,config2import))
+#     config2import['service_objects'] += app_objects
 
 
 def extract_base_app_infos(app_orig, import_id):
diff --git a/roles/importer/files/importer/nsx4ff/nsx_getter.py b/roles/importer/files/importer/nsx4ff/nsx_getter.py
index 390d778fd..155f85b29 100644
--- a/roles/importer/files/importer/nsx4ff/nsx_getter.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_getter.py
@@ -88,5 +88,8 @@ def update_config_with_nsxdcfw_api_call(api_base_url, config, api_path, credenti
     # else:
     #     returned_new_data = False
     if returned_new_data:
+        if 'results' in result:
+            config.update({obj_type: result['results']})
+        else:
         # full_result.extend(result)           
-        config.update({obj_type: result})
+            config.update({obj_type: result})
diff --git a/roles/importer/files/importer/nsx4ff/nsx_network.py b/roles/importer/files/importer/nsx4ff/nsx_network.py
index 252ba38cf..e0f9ae7a4 100644
--- a/roles/importer/files/importer/nsx4ff/nsx_network.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_network.py
@@ -4,16 +4,16 @@
 import ipaddress
 
 
-def normalize_nwobjects(full_config, config2import, import_id, jwt=None, mgm_id=None):
+def normalize_nwobjects(full_config, config2import, import_id, jwt=None, mgm_id=None, domain="default"):
     logger = getFwoLogger()
     nw_objects = []
     nw_tagged_groups = {}
-    for obj_orig in full_config["/Objects/Addresses"]:
-        nw_objects.append(parse_object(obj_orig, import_id, config2import, nw_objects))
-        if 'tag' in obj_orig and 'member' in obj_orig['tag']:
-            logger.info("found simple network object with tags: " + obj_orig['@name'])
-            for t in obj_orig['tag']['member']:
-                collect_tag_information(nw_tagged_groups, "#"+t, obj_orig['@name'])
+    # for obj_orig in full_config["/Objects/Addresses"]:
+    #     nw_objects.append(parse_object(obj_orig, import_id, config2import, nw_objects))
+    #     if 'tag' in obj_orig and 'member' in obj_orig['tag']:
+    #         logger.info("found simple network object with tags: " + obj_orig['@name'])
+    #         for t in obj_orig['tag']['member']:
+    #             collect_tag_information(nw_tagged_groups, "#"+t, obj_orig['@name'])
 
     for tag in nw_tagged_groups:
         logger.info("handling nw_tagged_group: " + tag + " with members: " + list_delimiter.join(nw_tagged_groups[tag]))
@@ -28,22 +28,22 @@ def normalize_nwobjects(full_config, config2import, import_id, jwt=None, mgm_id=
         obj['obj_member_refs'] = list_delimiter.join(members)
         nw_objects.append(obj)
 
-    for obj_grp_orig in full_config["/Objects/AddressGroups"]:
-        logger.info("found network group: " + obj_grp_orig['@name'])
-        obj_grp = extract_base_object_infos(obj_grp_orig, import_id, config2import, nw_objects)
-        obj_grp["obj_typ"] = "group"
-        if 'static' in obj_grp_orig and 'filter' in obj_grp_orig['static']:
-            obj_grp["obj_member_refs"], obj_grp["obj_member_names"] = parse_static_obj_group(obj_grp_orig, import_id, nw_objects, config2import)
-        if 'dynamic' in obj_grp_orig and 'filter' in obj_grp_orig['dynamic']:
-            members = parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups)
-            obj_grp["obj_member_refs"] = list_delimiter.join(members)
-            obj_grp["obj_member_names"] = list_delimiter.join(members)
-        nw_objects.append(obj_grp)
-        if 'tag' in obj_grp_orig and 'member' in obj_grp_orig['tag']:
-            logger.info("found network group with tags: " + obj_grp_orig['@name'])
-            for t in obj_grp_orig['tag']['member']:
-                logger.info("    found tag " + t)
-                collect_tag_information(nw_tagged_groups, "#"+t, obj_grp_orig['@name'])
+        for obj_grp_orig in full_config["/infra/domains/{domain}/groups".format(domain=domain)]:
+            logger.info("found network group: " + obj_grp_orig['@name'])
+            obj_grp = extract_base_object_infos(obj_grp_orig, import_id, config2import, nw_objects)
+            obj_grp["obj_typ"] = "group"
+            if 'static' in obj_grp_orig and 'filter' in obj_grp_orig['static']:
+                obj_grp["obj_member_refs"], obj_grp["obj_member_names"] = parse_static_obj_group(obj_grp_orig, import_id, nw_objects, config2import)
+            if 'dynamic' in obj_grp_orig and 'filter' in obj_grp_orig['dynamic']:
+                members = parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups)
+                obj_grp["obj_member_refs"] = list_delimiter.join(members)
+                obj_grp["obj_member_names"] = list_delimiter.join(members)
+            nw_objects.append(obj_grp)
+            if 'tag' in obj_grp_orig and 'member' in obj_grp_orig['tag']:
+                logger.info("found network group with tags: " + obj_grp_orig['@name'])
+                for t in obj_grp_orig['tag']['member']:
+                    logger.info("    found tag " + t)
+                    collect_tag_information(nw_tagged_groups, "#"+t, obj_grp_orig['@name'])
     
     config2import['network_objects'] = nw_objects
 
diff --git a/roles/importer/files/importer/nsx4ff/nsx_service.py b/roles/importer/files/importer/nsx4ff/nsx_service.py
index c8d932f7b..6837955d6 100644
--- a/roles/importer/files/importer/nsx4ff/nsx_service.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_service.py
@@ -4,13 +4,13 @@
 
 def normalize_svcobjects(full_config, config2import, import_id):
     svc_objects = []
-    for svc_orig in full_config["/Objects/Services"]:
+    for svc_orig in full_config["/infra/services"]:
         svc_objects.append(parse_svc(svc_orig, import_id,config2import))
-    for svc_grp_orig in full_config["/Objects/ServiceGroups"]:
-        svc_grp = extract_base_svc_infos(svc_grp_orig, import_id)
-        svc_grp["svc_typ"] = "group"
-        svc_grp["svc_member_refs"] , svc_grp["svc_member_names"] = parse_svc_group(svc_grp_orig,config2import)
-        svc_objects.append(svc_grp)
+    # for svc_grp_orig in full_config["/Objects/ServiceGroups"]:
+    #     svc_grp = extract_base_svc_infos(svc_grp_orig, import_id)
+    #     svc_grp["svc_typ"] = "group"
+    #     svc_grp["svc_member_refs"] , svc_grp["svc_member_names"] = parse_svc_group(svc_grp_orig,config2import)
+    #     svc_objects.append(svc_grp)
     config2import['service_objects'] += svc_objects
 
 
@@ -28,11 +28,12 @@ def parse_svc_group(orig_grp,config2import):
     
 def extract_base_svc_infos(svc_orig, import_id):
     svc = {}
-    if "@name" in svc_orig:
-        svc["svc_uid"] = svc_orig["@name"]
-        svc["svc_name"] = svc_orig["@name"]
-    if "comment" in svc_orig:
-        svc["svc_comment"] = svc_orig["comment"]
+    if "display_name" in svc_orig:
+        svc["svc_name"] = svc_orig["display_name"]
+    if "id" in svc_orig:
+        svc["svc_uid"] = svc_orig["id"]
+    if "description" in svc_orig:
+        svc["svc_comment"] = svc_orig["description"]
     svc["svc_timeout"] = None
     svc["svc_color"] = None
     svc["control_id"] = import_id 
@@ -42,32 +43,38 @@ def extract_base_svc_infos(svc_orig, import_id):
 
 def parse_svc(svc_orig, import_id,config2import):
     svc = extract_base_svc_infos(svc_orig, import_id)
-    if 'protocol' in svc_orig:
-        proto_string = 'undefined'
-        if 'tcp' in svc_orig['protocol']:
-            svc["ip_proto"] = 6
-            proto_string = 'tcp'
-            svc["svc_port"] = svc_orig['protocol']['tcp']['port']
-        elif 'udp' in svc_orig['protocol']:
-            svc["ip_proto"] = 17
-            proto_string = 'udp'
-            
-        if proto_string=='undefined':
-            svc["svc_name"] += " [Protocol \"" + str(svc_orig["protocol"]) + "\" not supported]"
-        else:
-            port_string = svc_orig['protocol'][proto_string]['port']
-            if ',' in port_string:
-                svc["svc_typ"] = "group"
-                svc["svc_port"] = None
-                members = []
-                for p in port_string.split(","):
-                    hlp_svc = create_helper_service(p, proto_string, svc["svc_name"], import_id)
-                    add_service(hlp_svc, config2import)
-                    members.append(hlp_svc['svc_uid'])
-                svc["svc_members"] = list_delimiter.join(members)                
-                svc["svc_member_refs"] = list_delimiter.join(members)                
-            else:   # just a single port (range)
-                extract_port_for_service(port_string, svc)
+    if 'service_entries' in svc_orig:
+        for se in svc_orig['service_entries']:  # TODO: handle list of service entries
+            if 'l4_protocol' in se:
+                proto_string = 'undefined'
+                if se['l4_protocol'] == 'TCP':
+                    svc["ip_proto"] = 6
+                    proto_string = 'tcp'
+                if se['l4_protocol'] == 'UDP':
+                    svc["ip_proto"] = 17
+                    proto_string = 'udp'
+                
+                if 'destination_ports' in se and len(se['destination_ports'])>0:
+                    svc["svc_port"] = se['destination_ports'][0]    # TODO: handle list of ports!
+                else:
+                    pass
+                    
+                if proto_string=='undefined':
+                    svc["svc_name"] += " [Protocol \"" + str(se["l4_protocol"]) + "\" not supported]"
+                # else:
+                #     port_string = svc_orig['protocol'][proto_string]['port']
+                #     if ',' in port_string:
+                #         svc["svc_typ"] = "group"
+                #         svc["svc_port"] = None
+                #         members = []
+                #         for p in port_string.split(","):
+                #             hlp_svc = create_helper_service(p, proto_string, svc["svc_name"], import_id)
+                #             add_service(hlp_svc, config2import)
+                #             members.append(hlp_svc['svc_uid'])
+                #         svc["svc_members"] = list_delimiter.join(members)                
+                #         svc["svc_member_refs"] = list_delimiter.join(members)                
+                #     else:   # just a single port (range)
+                #         extract_port_for_service(port_string, svc)
     return svc
 
 

From 398e8f19be796bd7a87011b1eb9400c378f2acee Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Fri, 1 Mar 2024 08:42:32 +0100
Subject: [PATCH 19/84] connection report first steps

---
 .../FWO.Api.Client/Data/ModellingFilter.cs    |  16 ++
 .../FWO.Api.Client/Data/ReportTemplate.cs     |  15 +-
 .../files/FWO.Api.Client/Data/TenantFilter.cs |   2 +-
 .../FWO.Report.Filter/DynGraphqlQuery.cs      |  55 ++++-
 .../FilterTypes/ReportFilters.cs              |  22 +-
 .../FilterTypes/ReportType.cs                 |   2 +-
 roles/lib/files/FWO.Report/ReportBase.cs      | 188 +++++-------------
 roles/lib/files/FWO.Report/ReportChanges.cs   |  32 +--
 .../lib/files/FWO.Report/ReportConnections.cs |  59 ++++++
 .../files/FWO.Report/ReportConnectionsBase.cs |  19 ++
 .../lib/files/FWO.Report/ReportDevicesBase.cs | 148 ++++++++++++++
 roles/lib/files/FWO.Report/ReportRules.cs     |  89 ++++-----
 .../lib/files/FWO.Report/ReportStatistics.cs  |  31 +--
 .../ImportChangeNotifier.cs                   |   2 +-
 .../FWO.Middleware.Server/RecertCheck.cs      |   2 +-
 .../FWO.Middleware.Server/ReportScheduler.cs  |   6 +-
 .../ui/files/FWO.UI/Pages/Certification.razor |   2 +-
 .../NetworkModelling/NetworkModelling.razor   |  33 +--
 .../files/FWO.UI/Pages/Reporting/Report.razor | 106 +++++-----
 .../FWO.UI/Pages/Reporting/ReportExport.razor |  13 +-
 .../ReportModellingParamSelection.razor       |  50 +++++
 .../Reporting/ReportTemplateComponent.razor   |  40 +++-
 .../Reporting/Reports/ConnectionsReport.razor |  49 +++++
 .../FWO.UI/Pages/Reporting/Schedule.razor     |   2 +-
 .../FWO.UI/Services/ModellingAppHandler.cs    |  18 +-
 .../Services/ModellingConnectionHandler.cs    |   6 +-
 .../FWO.UI/Services/ModellingHandlerBase.cs   |  35 ++++
 27 files changed, 689 insertions(+), 353 deletions(-)
 create mode 100644 roles/lib/files/FWO.Api.Client/Data/ModellingFilter.cs
 create mode 100644 roles/lib/files/FWO.Report/ReportConnections.cs
 create mode 100644 roles/lib/files/FWO.Report/ReportConnectionsBase.cs
 create mode 100644 roles/lib/files/FWO.Report/ReportDevicesBase.cs
 create mode 100644 roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor
 create mode 100644 roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor

diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingFilter.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingFilter.cs
new file mode 100644
index 000000000..de3650ad3
--- /dev/null
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingFilter.cs
@@ -0,0 +1,16 @@
+namespace FWO.Api.Data
+{
+    public class ModellingFilter
+    {
+        public FwoOwner SelectedOwner {get; set;} = new ();
+
+
+        public ModellingFilter()
+        {}
+
+        public ModellingFilter(ModellingFilter modellingFilter)
+        {
+            SelectedOwner = modellingFilter.SelectedOwner;
+        }
+    }
+}
diff --git a/roles/lib/files/FWO.Api.Client/Data/ReportTemplate.cs b/roles/lib/files/FWO.Api.Client/Data/ReportTemplate.cs
index a891edf93..f1af001cf 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ReportTemplate.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ReportTemplate.cs
@@ -24,7 +24,7 @@ public class ReportTemplate
         public string Filter { get; set; } = "";
         
         [JsonProperty("report_parameters"), JsonPropertyName("report_parameters")]
-        public ReportParams ReportParams { get; set; } = new ReportParams();
+        public ReportParams ReportParams { get; set; } = new();
 
         public bool Detailed = false;
 
@@ -54,19 +54,22 @@ public class ReportParams
         public int ReportType { get; set; } = 0;
         
         [JsonProperty("device_filter"), JsonPropertyName("device_filter")]
-        public DeviceFilter DeviceFilter { get; set; } = new DeviceFilter();
+        public DeviceFilter DeviceFilter { get; set; } = new();
 
         [JsonProperty("time_filter"), JsonPropertyName("time_filter")]
-        public TimeFilter TimeFilter { get; set; } = new TimeFilter();
+        public TimeFilter TimeFilter { get; set; } = new();
 
         [JsonProperty("tenant_filter"), JsonPropertyName("tenant_filter")]
-        public TenantFilter TenantFilter { get; set; } = new TenantFilter();
+        public TenantFilter TenantFilter { get; set; } = new();
 
         [JsonProperty("recert_filter"), JsonPropertyName("recert_filter")]
-        public RecertFilter RecertFilter { get; set; } = new RecertFilter();
+        public RecertFilter RecertFilter { get; set; } = new();
 
         [JsonProperty("unused_filter"), JsonPropertyName("unused_filter")]
-        public UnusedFilter UnusedFilter { get; set; } = new UnusedFilter();
+        public UnusedFilter UnusedFilter { get; set; } = new();
+
+        [JsonProperty("modelling_filter"), JsonPropertyName("modelling_filter")]
+        public ModellingFilter ModellingFilter { get; set; } = new();
 
         public ReportParams()
         {}
diff --git a/roles/lib/files/FWO.Api.Client/Data/TenantFilter.cs b/roles/lib/files/FWO.Api.Client/Data/TenantFilter.cs
index ac6a7934c..dddf5bf97 100644
--- a/roles/lib/files/FWO.Api.Client/Data/TenantFilter.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/TenantFilter.cs
@@ -20,7 +20,7 @@ public TenantFilter(TenantFilter tenantFilter)
             TenantId = tenantFilter.TenantId;
         }
 
-        public TenantFilter(Tenant tenant)
+        public TenantFilter(Tenant? tenant)
         {
             IsActive = tenant?.Id > 1;
             TenantId = tenant?.Id ?? 0;
diff --git a/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs b/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs
index 08b1a3296..66b108d67 100644
--- a/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs
+++ b/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs
@@ -17,11 +17,11 @@ public class DynGraphqlQuery
         public string nwObjWhereStatement { get; set; } = "";
         public string svcObjWhereStatement { get; set; } = "";
         public string userObjWhereStatement { get; set; } = "";
+        public string connectionWhereStatement { get; set; } = "";
         public List<string> QueryParameters { get; set; } = new List<string>()
         {
             " $limit: Int ",
-            " $offset: Int ",
-            " $mgmId: [Int!]" // not needed for change reports??
+            " $offset: Int "
         };
 
         public string ReportTimeString { get; set; } = "";
@@ -132,6 +132,8 @@ private static void SetTimeFilter(ref DynGraphqlQuery query, TimeFilter? timeFil
                         query.QueryVariables["refdate1"] = query.ReportTimeString;
                         query.ruleWhereStatement += $@" rule_metadatum: {{ recertifications: {{ next_recert_date: {{ _lte: $refdate1 }} }} }} ";
                         break;
+                    case ReportType.Connections:
+                        break;
                     default:
                         Log.WriteError("Filter", $"Unexpected report type found: {reportType}");
                         break;
@@ -238,6 +240,16 @@ private static void SetRecertFilter(ref DynGraphqlQuery query, RecertFilter? rec
             }
         }
 
+        private static void SetConnectionFilter(ref DynGraphqlQuery query, ModellingFilter? modellingFilter)
+        {
+            if (modellingFilter != null)
+            {
+                query.QueryParameters.Add("$appId: Int!");
+                query.QueryVariables["appId"] = modellingFilter.SelectedOwner.Id;
+                query.connectionWhereStatement = $@"app_id: {{ _eq: $appId }}";
+            }
+        }
+
         private static void SetUnusedFilter(ref DynGraphqlQuery query, UnusedFilter? unusedFilter)
         {
             if (unusedFilter != null)
@@ -255,24 +267,35 @@ private static void SetUnusedFilter(ref DynGraphqlQuery query, UnusedFilter? unu
 
         private static void SetFixedFilters(ref DynGraphqlQuery query, ReportTemplate reportParams)
         {
+            if (((ReportType)reportParams.ReportParams.ReportType).IsRuleReport() || reportParams.ReportParams.ReportType == (int)ReportType.Statistics)
+            {
+                query.QueryParameters.Add("$mgmId: [Int!] ");
+            }
+
             // leave out all header texts
-            if (reportParams.ReportParams.ReportType != null &&
-                (reportParams.ReportParams.ReportType == (int)ReportType.Statistics ||
-                 reportParams.ReportParams.ReportType == (int)ReportType.Recertification))
+            if (reportParams.ReportParams.ReportType == (int)ReportType.Statistics ||
+                reportParams.ReportParams.ReportType == (int)ReportType.Recertification)
             {
                 query.ruleWhereStatement += "{rule_head_text: {_is_null: true}}, ";
             }
-            SetDeviceFilter(ref query, reportParams.ReportParams.DeviceFilter);
             SetTenantFilter(ref query, reportParams);
-            SetTimeFilter(ref query, reportParams.ReportParams.TimeFilter, (ReportType)reportParams.ReportParams.ReportType, reportParams.ReportParams.RecertFilter);
-            if (reportParams.ReportParams.ReportType!= null && (ReportType)reportParams.ReportParams.ReportType==ReportType.Recertification)
+            if (((ReportType)reportParams.ReportParams.ReportType).IsDeviceRelatedReport())
+            {
+                SetDeviceFilter(ref query, reportParams.ReportParams.DeviceFilter);
+                SetTimeFilter(ref query, reportParams.ReportParams.TimeFilter, (ReportType)reportParams.ReportParams.ReportType, reportParams.ReportParams.RecertFilter);
+            }
+            if ((ReportType)reportParams.ReportParams.ReportType==ReportType.Recertification)
             {
                 SetRecertFilter(ref query, reportParams.ReportParams.RecertFilter);
             }
-            if (reportParams.ReportParams.ReportType!= null && (ReportType)reportParams.ReportParams.ReportType==ReportType.UnusedRules)
+            if ((ReportType)reportParams.ReportParams.ReportType==ReportType.UnusedRules)
             {
                 SetUnusedFilter(ref query, reportParams.ReportParams.UnusedFilter);
             }
+            if ((ReportType)reportParams.ReportParams.ReportType==ReportType.Connections)
+            {
+                SetConnectionFilter(ref query, reportParams.ReportParams.ModellingFilter);
+            }
         }
 
         public static DynGraphqlQuery GenerateQuery(ReportTemplate filter, AstNode? ast)
@@ -468,6 +491,20 @@ query natRulesReport ({paramString})
                         }}
                     ");
                     break;
+                    
+                    case ReportType.Connections:
+                    
+                    query.FullQuery = Queries.compact($@"
+                        {ModellingQueries.connectionDetailsFragment}
+                        query getConnections ({paramString})
+                        {{
+                            modelling_connection (where: {{ {query.connectionWhereStatement} }} order_by: {{ is_interface: desc, common_service: desc, name: asc }})
+                            {{
+                                ...connectionDetails
+                            }}
+                        }}
+                    ");
+                    break;
             }
 
             SetTenantFilter(ref query, filter);
diff --git a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs
index 50b1295ac..2c3ee701e 100644
--- a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs
+++ b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs
@@ -7,22 +7,24 @@ public class ReportFilters
     {
         public ReportType ReportType { get; set; } = ReportType.Rules;
 
-        public DeviceFilter DeviceFilter { get; set; } = new DeviceFilter();
-        public DeviceFilter ReducedDeviceFilter { get; set; } = new DeviceFilter();
+        public DeviceFilter DeviceFilter { get; set; } = new();
+        public DeviceFilter ReducedDeviceFilter { get; set; } = new();
         public bool SelectAll = true;
         public bool CollapseDevices = false;
 
-        public TimeFilter TimeFilter { get; set; } = new TimeFilter();
-        public TimeFilter SavedTimeFilter { get; set; } = new TimeFilter();
+        public TimeFilter TimeFilter { get; set; } = new();
+        public TimeFilter SavedTimeFilter { get; set; } = new();
 
-        public TenantFilter TenantFilter { get; set; } = new TenantFilter();
+        public TenantFilter TenantFilter { get; set; } = new();
         public Tenant? SelectedTenant = null;
 
-        public RecertFilter RecertFilter { get; set; } = new RecertFilter();
+        public RecertFilter RecertFilter { get; set; } = new();
 
-        public UnusedFilter UnusedFilter { get; set; } = new UnusedFilter();
+        public UnusedFilter UnusedFilter { get; set; } = new();
         public int UnusedDays = 0;
 
+        public ModellingFilter ModellingFilter { get; set; } = new();
+
         public string DisplayedTimeSelection = "";
 
         private UserConfig userConfig;
@@ -60,6 +62,7 @@ public void SyncFiltersFromTemplate(ReportTemplate template)
             SetDisplayedTimeSelection();
             RecertFilter = new(template.ReportParams.RecertFilter);
             UnusedDays = template.ReportParams.UnusedFilter.UnusedForDays;
+            ModellingFilter = template.ReportParams.ModellingFilter;
         }
 
         public ReportParams ToReportParams()
@@ -72,12 +75,13 @@ public ReportParams ToReportParams()
                 {
                     UnusedForDays = UnusedDays, 
                     CreationTolerance = userConfig.CreationTolerance
-                }
+                },
+                ModellingFilter = new ModellingFilter(ModellingFilter)
             };
             if (ReportType != ReportType.Statistics)
             {
                 // also make sure the report a user belonging to a tenant <> 1 sees, gets the additional filters in DynGraphqlQuery.cs
-                if (SelectedTenant == null && userConfig.User.Tenant.Id > 1)
+                if (SelectedTenant == null && userConfig.User.Tenant?.Id > 1)
                 {
                     SelectedTenant = userConfig.User.Tenant;
                     // TODO: when admin selects a tenant filter, add the corresponding device filter to make sure only those devices are reported that the tenant is allowed to see
diff --git a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs
index a6c464961..15d263ba0 100644
--- a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs
+++ b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportType.cs
@@ -73,7 +73,7 @@ public static bool IsTechReport(this ReportType reportType)
             }
         }
 
-        public static bool IsRuleRelatedReport(this ReportType reportType)
+        public static bool IsDeviceRelatedReport(this ReportType reportType)
         {
             return reportType.IsRuleReport() || reportType.IsChangeReport() || reportType == ReportType.Statistics;
         }
diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index cfbeddbd7..1d8b1fa5f 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -1,9 +1,7 @@
 using FWO.Api.Client;
-using FWO.Api.Client.Queries;
 using FWO.Api.Data;
 using FWO.Report.Filter;
 using FWO.Config.Api;
-using System.Text.Json;
 using System.Text;
 using WkHtmlToPdfDotNet;
 
@@ -65,16 +63,16 @@ public abstract class ReportBase
     </body>
 </html>");
 
-        public Management[] Managements = new Management[] { };
-
         public readonly DynGraphqlQuery Query;
         protected UserConfig userConfig;
         public ReportType ReportType;
 
-        private string htmlExport = "";
+        protected string htmlExport = "";
 
         // Pdf converter
         protected static readonly SynchronizedConverter converter = new SynchronizedConverter(new PdfTools());
+        public bool GotObjectsInReport { get; protected set; } = false;
+
 
         public ReportBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType reportType)
         {
@@ -83,61 +81,64 @@ public ReportBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType repor
             ReportType = reportType;
         }
 
-        public abstract Task Generate(int rulesPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct);
+        public virtual Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct)
+        {
+            throw new NotImplementedException();
+        }
+        public virtual Task GenerateCon(int _, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback, CancellationToken ct)
+        {
+            throw new NotImplementedException();
+        }
 
-        public bool GotObjectsInReport { get; protected set; } = false;
+        public virtual Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback) // to be called when exporting
+        {
+            throw new NotImplementedException();
+        }
+        public virtual Task<bool> GetConObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback) // to be called when exporting
+        {
+            throw new NotImplementedException();
+        }
 
-        public abstract Task<bool> GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback); // to be called when exporting
+        public virtual Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback)
+        {
+            throw new NotImplementedException();
+        }
 
-        public abstract Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback);
+        public virtual bool NoRuleFound()
+        {
+            return true;
+        }
 
         public abstract string ExportToCsv();
 
-        public virtual string ExportToJson()
-        {
-            return JsonSerializer.Serialize(Managements.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true });
-        }
+        public abstract string ExportToJson();
 
         public abstract string ExportToHtml();
 
-        public virtual string SetDescription()
-        {
-            int managementCounter = 0;
-            foreach (var management in Managements.Where(mgt => !mgt.Ignore))
-            {
-                managementCounter++;
-            }
-            return $"{managementCounter} {userConfig.GetText("managements")}";
-        }
+        public abstract string SetDescription();
 
-        protected string GenerateHtmlFrame(string title, string filter, DateTime date, StringBuilder htmlReport)
+        public static ReportBase ConstructReport(ReportTemplate reportFilter, UserConfig userConfig)
         {
-            if (string.IsNullOrEmpty(htmlExport))
+            DynGraphqlQuery query = Compiler.Compile(reportFilter);
+            ReportType repType = (ReportType)reportFilter.ReportParams.ReportType;
+            return repType switch
             {
-                HtmlTemplate = HtmlTemplate.Replace("##Title##", title);
-                HtmlTemplate = HtmlTemplate.Replace("##Filter##", filter);
-                HtmlTemplate = HtmlTemplate.Replace("##GeneratedOn##", userConfig.GetText("generated_on"));
-                HtmlTemplate = HtmlTemplate.Replace("##Date##", date.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK"));
-                if(ReportType.IsChangeReport())
-                {
-                    string timeRange = $"{userConfig.GetText("change_time")}: " +
-                        $"{userConfig.GetText("from")}: {ToUtcString(Query.QueryVariables["start"]?.ToString())}, " +
-                        $"{userConfig.GetText("until")}: {ToUtcString(Query.QueryVariables["stop"]?.ToString())}";
-                    HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##: ##GeneratedFor##", timeRange);
-                }
-                else
-                {
-                    HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##", userConfig.GetText("date_of_config"));
-                    HtmlTemplate = HtmlTemplate.Replace("##GeneratedFor##", ToUtcString(Query.ReportTimeString));
-                }
-                HtmlTemplate = HtmlTemplate.Replace("##DeviceFilter##", string.Join("; ", Array.ConvertAll(Managements.Where(mgt => !mgt.Ignore).ToArray(), management => management.NameAndDeviceNames())));
-                HtmlTemplate = HtmlTemplate.Replace("##Body##", htmlReport.ToString());
-                htmlExport = HtmlTemplate.ToString();
-            }
-            return htmlExport;
+                ReportType.Statistics => new ReportStatistics(query, userConfig, repType),
+                ReportType.Rules => new ReportRules(query, userConfig, repType),
+                ReportType.ResolvedRules => new ReportRules(query, userConfig, repType),
+                ReportType.ResolvedRulesTech => new ReportRules(query, userConfig, repType),
+                ReportType.Changes => new ReportChanges(query, userConfig, repType),
+                ReportType.ResolvedChanges => new ReportChanges(query, userConfig, repType),
+                ReportType.ResolvedChangesTech => new ReportChanges(query, userConfig, repType),
+                ReportType.NatRules => new ReportNatRules(query, userConfig, repType),
+                ReportType.Recertification => new ReportRules(query, userConfig, repType),
+                ReportType.UnusedRules => new ReportRules(query, userConfig, repType),
+                ReportType.Connections => new ReportConnections(query, userConfig, repType),
+                _ => throw new NotSupportedException("Report Type is not supported."),
+            };
         }
 
-        private string ToUtcString(string? timestring)
+        public string ToUtcString(string? timestring)
         {
             try
             {
@@ -149,39 +150,6 @@ private string ToUtcString(string? timestring)
             }
         }
 
-        public string DisplayReportHeaderCsv()
-        {
-            StringBuilder report = new StringBuilder();
-            report.AppendLine($"# report type: {userConfig.GetText(ReportType.ToString())}");
-            report.AppendLine($"# report generation date: {DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)");
-            if(!ReportType.IsChangeReport())
-            {
-                report.AppendLine($"# date of configuration shown: {DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)");
-            }
-            report.AppendLine($"# device filter: {string.Join(" ", Array.ConvertAll(Managements.Where(mgt => !mgt.Ignore).ToArray(), management => management.NameAndDeviceNames(" ")))}");
-            report.AppendLine($"# other filters: {Query.RawFilter}");
-            report.AppendLine($"# report generator: Firewall Orchestrator - https://fwo.cactus.de/en");
-            report.AppendLine($"# data protection level: For internal use only");
-            report.AppendLine($"#");
-            return $"{report.ToString()}";
-        }
-
-        public string DisplayReportHeaderJson()
-        {
-            StringBuilder report = new StringBuilder();
-            report.AppendLine($"\"report type\": \"{userConfig.GetText(ReportType.ToString())}\",");
-            report.AppendLine($"\"report generation date\": \"{DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\",");
-            if(!ReportType.IsChangeReport())
-            {
-                report.AppendLine($"\"date of configuration shown\": \"{DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\",");
-            }
-            report.AppendLine($"\"device filter\": \"{string.Join("; ", Array.ConvertAll(Managements, management => management.NameAndDeviceNames()))}\",");
-            report.AppendLine($"\"other filters\": \"{Query.RawFilter}\",");
-            report.AppendLine($"\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\",");
-            report.AppendLine($"\"data protection level\": \"For internal use only\",");
-            return $"{report.ToString()}";
-        }
-
         public virtual byte[] ToPdf(PaperKind paperKind, int width = -1, int height = -1)
         {
             // HTML
@@ -228,34 +196,6 @@ public virtual byte[] ToPdf(PaperKind paperKind, int width = -1, int height = -1
             return converter.Convert(doc);
         }
 
-        public static ReportBase ConstructReport(ReportTemplate reportFilter, UserConfig userConfig)
-        {
-            DynGraphqlQuery query = Compiler.Compile(reportFilter);
-            ReportType repType = (ReportType)reportFilter.ReportParams.ReportType;
-            return repType switch
-            {
-                ReportType.Statistics => new ReportStatistics(query, userConfig, repType),
-                ReportType.Rules => new ReportRules(query, userConfig, repType),
-                ReportType.ResolvedRules => new ReportRules(query, userConfig, repType),
-                ReportType.ResolvedRulesTech => new ReportRules(query, userConfig, repType),
-                ReportType.Changes => new ReportChanges(query, userConfig, repType),
-                ReportType.ResolvedChanges => new ReportChanges(query, userConfig, repType),
-                ReportType.ResolvedChangesTech => new ReportChanges(query, userConfig, repType),
-                ReportType.NatRules => new ReportNatRules(query, userConfig, repType),
-                ReportType.Recertification => new ReportRules(query, userConfig, repType),
-                ReportType.UnusedRules => new ReportRules(query, userConfig, repType),
-                _ => throw new NotSupportedException("Report Type is not supported."),
-            };
-        }
-
-        public async Task<Management[]> getRelevantImportIds(ApiConnection apiConnection)
-        {
-            Dictionary<string, object> ImpIdQueryVariables = new Dictionary<string, object>();
-            ImpIdQueryVariables["time"] = (Query.ReportTimeString != "" ? Query.ReportTimeString : DateTime.Now.ToString(DynGraphqlQuery.fullTimeFormat));
-            ImpIdQueryVariables["mgmIds"] = Query.RelevantManagementIds;
-            return await apiConnection.SendQueryAsync<Management[]>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables);
-        }
-
         public static string GetIconClass(ObjCategory? objCategory, string? objType)
         {
             switch (objType)
@@ -283,39 +223,5 @@ public static string GetIconClass(ObjCategory? objCategory, string? objType)
                     return "";
             }
         }
-
-        public static async Task<(List<string> unsupportedList, DeviceFilter reducedDeviceFilter)> GetUsageDataUnsupportedDevices(ApiConnection apiConnection, DeviceFilter deviceFilter)
-        {
-            List<string> unsupportedList = new List<string>();
-            DeviceFilter reducedDeviceFilter = new DeviceFilter(deviceFilter);
-            foreach (ManagementSelect management in reducedDeviceFilter.Managements)
-            {
-                foreach (DeviceSelect device in management.Devices)
-                {
-                    if (device.Selected && !(await UsageDataAvailable(apiConnection, device.Id)))
-                    {
-                        unsupportedList.Add(device.Name ?? "?");
-                        device.Selected = false;
-                    }
-                }
-                if(!DeviceFilter.IsSelectedManagement(management))
-                {
-                    management.Selected = false;
-                }
-            }
-            return (unsupportedList, reducedDeviceFilter);
-        }
-        
-        private static async Task<bool> UsageDataAvailable(ApiConnection apiConnection, int devId)
-        {
-            try
-            {
-                return (await apiConnection.SendQueryAsync<AggregateCount>(FWO.Api.Client.Queries.ReportQueries.getUsageDataCount, new {devId = devId})).Aggregate.Count > 0;
-            }
-            catch(Exception)
-            {
-                return false;
-            }
-        }
     }
 }
diff --git a/roles/lib/files/FWO.Report/ReportChanges.cs b/roles/lib/files/FWO.Report/ReportChanges.cs
index 86cffda2c..05bca8474 100644
--- a/roles/lib/files/FWO.Report/ReportChanges.cs
+++ b/roles/lib/files/FWO.Report/ReportChanges.cs
@@ -9,26 +9,13 @@
 using Newtonsoft.Json;
 namespace FWO.Report
 {
-    public class ReportChanges : ReportBase
+    public class ReportChanges : ReportDevicesBase
     {
         private const int ColumnCount = 13;
 
-        public ReportChanges(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) { }
+        public ReportChanges(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
 
-        public override async Task<bool> GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback)
-        {
-            await callback(Managements);
-            // currently no further objects to be fetched
-            GotObjectsInReport = true;
-            return true;
-        }
-
-        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback)
-        {
-            throw new NotImplementedException();
-        }
-
-        public override async Task Generate(int changesPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct)
+        public override async Task GenerateMgt(int changesPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct)
         {
             Query.QueryVariables["limit"] = changesPerFetch;
             Query.QueryVariables["offset"] = 0;
@@ -50,6 +37,19 @@ public override async Task Generate(int changesPerFetch, ApiConnection apiConnec
             }
         }
 
+        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback)
+        {
+            await callback(Managements);
+            // currently no further objects to be fetched
+            GotObjectsInReport = true;
+            return true;
+        }
+
+        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback)
+        {
+            throw new NotImplementedException();
+        }
+
         public override string SetDescription()
         {
             int managementCounter = 0;
diff --git a/roles/lib/files/FWO.Report/ReportConnections.cs b/roles/lib/files/FWO.Report/ReportConnections.cs
new file mode 100644
index 000000000..83987a5b3
--- /dev/null
+++ b/roles/lib/files/FWO.Report/ReportConnections.cs
@@ -0,0 +1,59 @@
+using FWO.Api.Data;
+using FWO.Api.Client;
+using FWO.Report.Filter;
+using FWO.Config.Api;
+using FWO.Logging;
+
+namespace FWO.Report
+{
+    public class ReportConnections : ReportConnectionsBase
+    {
+        public ReportConnections(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) { }
+
+        public override async Task GenerateCon(int connectionsPerFetch, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback, CancellationToken ct)
+        {
+            // Query.QueryVariables["limit"] = connectionsPerFetch;
+            // Query.QueryVariables["offset"] = 0;
+            // bool gotNewObjects = true;
+
+            Connections = await apiConnection.SendQueryAsync<List<ModellingConnection>>(Query.FullQuery, Query.QueryVariables);
+
+            // while (gotNewObjects)
+            // {
+            //     if (ct.IsCancellationRequested)
+            //     {
+            //         Log.WriteDebug("Generate Changes Report", "Task cancelled");
+            //         ct.ThrowIfCancellationRequested();
+            //     }
+            //     Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + connectionsPerFetch;
+            //     List<ModellingConnection> newConnections = await apiConnection.SendQueryAsync<List<ModellingConnection>>(Query.FullQuery, Query.QueryVariables);
+            //     gotNewObjects = newConnections.Count > 0;
+            //     Connections.AddRange(newConnections);
+                await callback(Connections);
+            // }
+        }
+
+        public override async Task<bool> GetConObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback)
+        {
+            await callback (Connections);
+            // currently no further objects to be fetched
+            GotObjectsInReport = true;
+            return true;
+        }
+
+        public override string ExportToJson()
+        {
+            return "";
+        }
+
+        public override string ExportToCsv()
+        {
+            throw new NotImplementedException();
+        }
+
+        public override string ExportToHtml()
+        {
+            return "";
+        }
+    }
+}
diff --git a/roles/lib/files/FWO.Report/ReportConnectionsBase.cs b/roles/lib/files/FWO.Report/ReportConnectionsBase.cs
new file mode 100644
index 000000000..d4ce10fca
--- /dev/null
+++ b/roles/lib/files/FWO.Report/ReportConnectionsBase.cs
@@ -0,0 +1,19 @@
+using FWO.Api.Data;
+using FWO.Report.Filter;
+using FWO.Config.Api;
+
+namespace FWO.Report
+{
+    public abstract class ReportConnectionsBase : ReportBase
+    {
+        public List<ModellingConnection> Connections = new ();
+
+        public ReportConnectionsBase(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType)
+        {}
+
+        public override string SetDescription()
+        {
+            return $"{Connections.Count} {userConfig.GetText("connections")}";
+        }
+    }
+}
diff --git a/roles/lib/files/FWO.Report/ReportDevicesBase.cs b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
new file mode 100644
index 000000000..0044a32bd
--- /dev/null
+++ b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
@@ -0,0 +1,148 @@
+using FWO.Api.Client;
+using FWO.Api.Client.Queries;
+using FWO.Api.Data;
+using FWO.Report.Filter;
+using FWO.Config.Api;
+using System.Text;
+
+namespace FWO.Report
+{
+    public abstract class ReportDevicesBase : ReportBase
+    {
+        public Management[] Managements = new Management[] { };
+
+        public ReportDevicesBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType reportType) : base (query, UserConfig, reportType)
+        {}
+
+        public async Task<Management[]> getRelevantImportIds(ApiConnection apiConnection)
+        {
+            Dictionary<string, object> ImpIdQueryVariables = new Dictionary<string, object>();
+            ImpIdQueryVariables["time"] = Query.ReportTimeString != "" ? Query.ReportTimeString : DateTime.Now.ToString(DynGraphqlQuery.fullTimeFormat);
+            ImpIdQueryVariables["mgmIds"] = Query.RelevantManagementIds;
+            return await apiConnection.SendQueryAsync<Management[]>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables);
+        }
+
+        public static async Task<(List<string> unsupportedList, DeviceFilter reducedDeviceFilter)> GetUsageDataUnsupportedDevices(ApiConnection apiConnection, DeviceFilter deviceFilter)
+        {
+            List<string> unsupportedList = new List<string>();
+            DeviceFilter reducedDeviceFilter = new DeviceFilter(deviceFilter);
+            foreach (ManagementSelect management in reducedDeviceFilter.Managements)
+            {
+                foreach (DeviceSelect device in management.Devices)
+                {
+                    if (device.Selected && !await UsageDataAvailable(apiConnection, device.Id))
+                    {
+                        unsupportedList.Add(device.Name ?? "?");
+                        device.Selected = false;
+                    }
+                }
+                if(!DeviceFilter.IsSelectedManagement(management))
+                {
+                    management.Selected = false;
+                }
+            }
+            return (unsupportedList, reducedDeviceFilter);
+        }
+        
+        private static async Task<bool> UsageDataAvailable(ApiConnection apiConnection, int devId)
+        {
+            try
+            {
+                return (await apiConnection.SendQueryAsync<AggregateCount>(FWO.Api.Client.Queries.ReportQueries.getUsageDataCount, new {devId = devId})).Aggregate.Count > 0;
+            }
+            catch(Exception)
+            {
+                return false;
+            }
+        }
+
+        public override bool NoRuleFound()
+        {
+            foreach(var mgmt in Managements)
+            {
+                foreach(var dev in mgmt.Devices)
+                {
+                    if(dev.Rules != null && dev.Rules.Count() > 0)
+                    {
+                        return false;
+                    }
+                    if(dev.RuleChanges != null && dev.RuleChanges.Count() > 0)
+                    {
+                        return false;
+                    }
+                }
+            }
+            return true;
+        }
+
+        public override string SetDescription()
+        {
+            int managementCounter = 0;
+            foreach (var management in Managements.Where(mgt => !mgt.Ignore))
+            {
+                managementCounter++;
+            }
+            return $"{managementCounter} {userConfig.GetText("managements")}";
+        }
+
+        public string DisplayReportHeaderJson()
+        {
+            StringBuilder report = new StringBuilder();
+            report.AppendLine($"\"report type\": \"{userConfig.GetText(ReportType.ToString())}\",");
+            report.AppendLine($"\"report generation date\": \"{DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\",");
+            if(!ReportType.IsChangeReport())
+            {
+                report.AppendLine($"\"date of configuration shown\": \"{DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\",");
+            }
+            report.AppendLine($"\"device filter\": \"{string.Join("; ", Array.ConvertAll(Managements, management => management.NameAndDeviceNames()))}\",");
+            report.AppendLine($"\"other filters\": \"{Query.RawFilter}\",");
+            report.AppendLine($"\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\",");
+            report.AppendLine($"\"data protection level\": \"For internal use only\",");
+            return $"{report}";
+        }
+
+        public string DisplayReportHeaderCsv()
+        {
+            StringBuilder report = new StringBuilder();
+            report.AppendLine($"# report type: {userConfig.GetText(ReportType.ToString())}");
+            report.AppendLine($"# report generation date: {DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)");
+            if(!ReportType.IsChangeReport())
+            {
+                report.AppendLine($"# date of configuration shown: {DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)");
+            }
+            report.AppendLine($"# device filter: {string.Join(" ", Array.ConvertAll(Managements.Where(mgt => !mgt.Ignore).ToArray(), management => management.NameAndDeviceNames(" ")))}");
+            report.AppendLine($"# other filters: {Query.RawFilter}");
+            report.AppendLine($"# report generator: Firewall Orchestrator - https://fwo.cactus.de/en");
+            report.AppendLine($"# data protection level: For internal use only");
+            report.AppendLine($"#");
+            return $"{report}";
+        }
+
+        protected string GenerateHtmlFrame(string title, string filter, DateTime date, StringBuilder htmlReport)
+        {
+            if (string.IsNullOrEmpty(htmlExport))
+            {
+                HtmlTemplate = HtmlTemplate.Replace("##Title##", title);
+                HtmlTemplate = HtmlTemplate.Replace("##Filter##", filter);
+                HtmlTemplate = HtmlTemplate.Replace("##GeneratedOn##", userConfig.GetText("generated_on"));
+                HtmlTemplate = HtmlTemplate.Replace("##Date##", date.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK"));
+                if(ReportType.IsChangeReport())
+                {
+                    string timeRange = $"{userConfig.GetText("change_time")}: " +
+                        $"{userConfig.GetText("from")}: {ToUtcString(Query.QueryVariables["start"]?.ToString())}, " +
+                        $"{userConfig.GetText("until")}: {ToUtcString(Query.QueryVariables["stop"]?.ToString())}";
+                    HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##: ##GeneratedFor##", timeRange);
+                }
+                else
+                {
+                    HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##", userConfig.GetText("date_of_config"));
+                    HtmlTemplate = HtmlTemplate.Replace("##GeneratedFor##", ToUtcString(Query.ReportTimeString));
+                }
+                HtmlTemplate = HtmlTemplate.Replace("##DeviceFilter##", string.Join("; ", Array.ConvertAll(Managements.Where(mgt => !mgt.Ignore).ToArray(), management => management.NameAndDeviceNames())));
+                HtmlTemplate = HtmlTemplate.Replace("##Body##", htmlReport.ToString());
+                htmlExport = HtmlTemplate.ToString();
+            }
+            return htmlExport;
+        }
+    }
+}
diff --git a/roles/lib/files/FWO.Report/ReportRules.cs b/roles/lib/files/FWO.Report/ReportRules.cs
index 36f28f1e0..d2b3d3ef3 100644
--- a/roles/lib/files/FWO.Report/ReportRules.cs
+++ b/roles/lib/files/FWO.Report/ReportRules.cs
@@ -11,14 +11,54 @@
 
 namespace FWO.Report
 {
-    public class ReportRules : ReportBase
+    public class ReportRules : ReportDevicesBase
     {
-        public ReportRules(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) { }
-
         private const int ColumnCount = 12;
 
+        public ReportRules(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
+
+        public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct)
+        {
+            Query.QueryVariables["limit"] = rulesPerFetch;
+            Query.QueryVariables["offset"] = 0;
+            bool gotNewObjects = true;
+
+            Management[] managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
+
+            Managements = new Management[managementsWithRelevantImportId.Length];
+            int i;
+            for (i = 0; i < managementsWithRelevantImportId.Length; i++)
+            {
+                // setting mgmt and relevantImporId QueryVariables 
+                Query.QueryVariables["mgmId"] = managementsWithRelevantImportId[i].Id;
+                if (ReportType != ReportType.Recertification)
+                    Query.QueryVariables["relevantImportId"] = managementsWithRelevantImportId[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1 /* managment was not yet imported at that time */;
+                Managements[i] = (await apiConnection.SendQueryAsync<Management[]>(Query.FullQuery, Query.QueryVariables))[0];
+                Managements[i].Import = managementsWithRelevantImportId[i].Import;
+            }
+
+            while (gotNewObjects)
+            {
+                if (ct.IsCancellationRequested)
+                {
+                    Log.WriteDebug("Generate Rules Report", "Task cancelled");
+                    ct.ThrowIfCancellationRequested();
+                }
+                gotNewObjects = false;
+                Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + rulesPerFetch;
+                for (i = 0; i < managementsWithRelevantImportId.Length; i++)
+                {
+                    Query.QueryVariables["mgmId"] = managementsWithRelevantImportId[i].Id;
+                    if (ReportType != ReportType.Recertification)
+                        Query.QueryVariables["relevantImportId"] = managementsWithRelevantImportId[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1; /* managment was not yet imported at that time */;
+                    gotNewObjects |= Managements[i].Merge((await apiConnection.SendQueryAsync<Management[]>(Query.FullQuery, Query.QueryVariables))[0]);
+                }
+                await callback(Managements);
+            }
+            SetReportedRuleIds();
+        }
 
-        public override async Task<bool> GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback) // to be called when exporting
+        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback) // to be called when exporting
         {
             bool gotAllObjects = true; //whether the fetch count limit was reached during fetching
 
@@ -105,47 +145,6 @@ public override async Task<bool> GetObjectsForManagementInReport(Dictionary<stri
             return fetchCount <= maxFetchCycles;
         }
 
-        public override async Task Generate(int rulesPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct)
-        {
-            Query.QueryVariables["limit"] = rulesPerFetch;
-            Query.QueryVariables["offset"] = 0;
-            bool gotNewObjects = true;
-
-            Management[] managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
-
-            Managements = new Management[managementsWithRelevantImportId.Length];
-            int i;
-            for (i = 0; i < managementsWithRelevantImportId.Length; i++)
-            {
-                // setting mgmt and relevantImporId QueryVariables 
-                Query.QueryVariables["mgmId"] = managementsWithRelevantImportId[i].Id;
-                if (ReportType != ReportType.Recertification)
-                    Query.QueryVariables["relevantImportId"] = managementsWithRelevantImportId[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1 /* managment was not yet imported at that time */;
-                Managements[i] = (await apiConnection.SendQueryAsync<Management[]>(Query.FullQuery, Query.QueryVariables))[0];
-                Managements[i].Import = managementsWithRelevantImportId[i].Import;
-            }
-
-            while (gotNewObjects)
-            {
-                if (ct.IsCancellationRequested)
-                {
-                    Log.WriteDebug("Generate Rules Report", "Task cancelled");
-                    ct.ThrowIfCancellationRequested();
-                }
-                gotNewObjects = false;
-                Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + rulesPerFetch;
-                for (i = 0; i < managementsWithRelevantImportId.Length; i++)
-                {
-                    Query.QueryVariables["mgmId"] = managementsWithRelevantImportId[i].Id;
-                    if (ReportType != ReportType.Recertification)
-                        Query.QueryVariables["relevantImportId"] = managementsWithRelevantImportId[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1; /* managment was not yet imported at that time */;
-                    gotNewObjects |= Managements[i].Merge((await apiConnection.SendQueryAsync<Management[]>(Query.FullQuery, Query.QueryVariables))[0]);
-                }
-                await callback(Managements);
-            }
-            SetReportedRuleIds();
-        }
-
         public override string SetDescription()
         {
             int managementCounter = 0;
diff --git a/roles/lib/files/FWO.Report/ReportStatistics.cs b/roles/lib/files/FWO.Report/ReportStatistics.cs
index 48b2242c3..1d4bcfbc0 100644
--- a/roles/lib/files/FWO.Report/ReportStatistics.cs
+++ b/roles/lib/files/FWO.Report/ReportStatistics.cs
@@ -8,27 +8,15 @@
 
 namespace FWO.Report
 {
-    public class ReportStatistics : ReportBase
+    public class ReportStatistics : ReportDevicesBase
     {
         // TODO: Currently generated in Report.razor as well as here, because of export. Remove dupliacte.
         private Management globalStatisticsManagement = new Management();
 
-        public ReportStatistics(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) { }
+        public ReportStatistics(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
 
-        public override async Task<bool> GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback)
-        {
-            await callback(Managements);
-            // currently no further objects to be fetched
-            GotObjectsInReport = true;
-            return true;
-        }
 
-        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback)
-        {
-            return Task.FromResult<bool>(true);
-        }
-
-        public override async Task Generate(int _, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct)
+        public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct)
         {
             Management[] managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
 
@@ -59,6 +47,19 @@ public override async Task Generate(int _, ApiConnection apiConnection, Func<Man
             }
         }
 
+        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback)
+        {
+            await callback(Managements);
+            // currently no further objects to be fetched
+            GotObjectsInReport = true;
+            return true;
+        }
+
+        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback)
+        {
+            return Task.FromResult<bool>(true);
+        }
+
         public override string ExportToJson()
         {
             globalStatisticsManagement.Name = "global statistics";
diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
index bb8259fc8..7f9173a3a 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
@@ -127,7 +127,7 @@ private async Task GenerateChangeReport()
 
                 Management[] managements = Array.Empty<Management>();
 
-                await changeReport.Generate(int.MaxValue, apiConnection,
+                await changeReport.GenerateMgt(int.MaxValue, apiConnection,
                 managementsReportIntermediate =>
                 {
                     managements = managementsReportIntermediate;
diff --git a/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs b/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
index dac55fd82..9842780f9 100644
--- a/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
@@ -172,7 +172,7 @@ private async Task<List<Rule>> generateRecertificationReport(ApiConnection apiCo
 
                 Management[] managements = new Management[0];
 
-                await currentReport.Generate(int.MaxValue, apiConnection,
+                await currentReport.GenerateMgt(int.MaxValue, apiConnection,
                 managementsReportIntermediate =>
                 {
                     managements = managementsReportIntermediate;
diff --git a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
index 24979fedc..55419c923 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
@@ -147,14 +147,14 @@ private Task GenerateReport(ScheduledReport report, DateTime dateTimeNowRounded)
 
                     ReportBase reportRules = ReportBase.ConstructReport(report.Template, userConfig);
                     Management[] managementsReport = Array.Empty<Management>();
-                    await reportRules.Generate(int.MaxValue, apiConnectionUserContext, 
+                    await reportRules.GenerateMgt(int.MaxValue, apiConnectionUserContext, 
                         managementsReportIntermediate =>
                         {
                             managementsReport = managementsReportIntermediate;
                             SetRelevantManagements(ref managementsReport, report.Template.ReportParams.DeviceFilter);
                             return Task.CompletedTask;
                         }, token);
-                    await reportRules.GetObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask);
+                    await reportRules.GetMgtObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask);
 
                     WriteReportFile(reportRules, report.OutputFormat, reportFile);
                     await SaveReport(reportFile, reportRules.SetDescription(), apiConnectionUserContext);
@@ -179,7 +179,7 @@ private static async Task AdaptDeviceFilter(ReportParams reportParams, ApiConnec
                 }
                 if(reportParams.ReportType == (int)ReportType.UnusedRules)
                 {
-                    reportParams.DeviceFilter = (await ReportBase.GetUsageDataUnsupportedDevices(apiConnection, reportParams.DeviceFilter)).reducedDeviceFilter;
+                    reportParams.DeviceFilter = (await ReportDevicesBase.GetUsageDataUnsupportedDevices(apiConnection, reportParams.DeviceFilter)).reducedDeviceFilter;
                 }
             }
             catch (Exception)
diff --git a/roles/ui/files/FWO.UI/Pages/Certification.razor b/roles/ui/files/FWO.UI/Pages/Certification.razor
index fe126f6b3..5e3476e44 100644
--- a/roles/ui/files/FWO.UI/Pages/Certification.razor
+++ b/roles/ui/files/FWO.UI/Pages/Certification.razor
@@ -254,7 +254,7 @@
             {
                 if(currentReport != null)
                 {
-                    await currentReport.Generate(userConfig.ElementsPerFetch, apiConnection,
+                    await currentReport.GenerateMgt(userConfig.ElementsPerFetch, apiConnection,
                     managementsReportIntermediate =>
                     {
                         managements = managementsReportIntermediate;
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
index 50957fb1b..a714eba2e 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
@@ -143,7 +143,7 @@ else
     {
         try
         {
-            await GetOwnApps();
+            apps = await ModellingHandlerBase.GetOwnApps(authenticationStateTask, userConfig, apiConnection, DisplayMessageInUi);
             if (apps.Count == 0)
             {
                 DisplayMessageInUi(null, userConfig.GetText("fetch_data"), userConfig.GetText("E9001"), true);
@@ -167,37 +167,6 @@ else
         }
     }
 
-    private async Task GetOwnApps()
-    {
-        try
-        {
-            if(authenticationStateTask!.Result.User.IsInRole(Roles.Admin) || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor))
-            {
-                apps = await apiConnection.SendQueryAsync<List<FwoOwner>>(FWO.Api.Client.Queries.OwnerQueries.getOwnersWithConn);
-            }
-            else
-            {
-                UpdateOwnerships(); // qad: userConfig may not be properly filled
-                apps = await apiConnection.SendQueryAsync<List<FwoOwner>>(FWO.Api.Client.Queries.OwnerQueries.getEditableOwners, new { appIds = userConfig.User.Ownerships.ToArray() });
-            }
-        }
-        catch (Exception exception)
-        {
-            DisplayMessageInUi(exception, userConfig.GetText("fetch_data"), "", true);
-        }
-    }
-
-    private void UpdateOwnerships()
-    {
-        string ownerString = authenticationStateTask!.Result.User.Claims.FirstOrDefault(claim => claim.Type == "x-hasura-editable-owners").Value;
-        if(ownerString != null)
-        {
-            string[] separatingStrings = { ",", "{", "}" };
-            string[] owners = ownerString.Split(separatingStrings, StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries);
-            userConfig.User.Ownerships = Array.ConvertAll(owners, x => int.Parse(x)).ToList();
-        }
-    }
-
     private async Task HandleLink()
     {
         FwoOwner? existingApp = apps.FirstOrDefault(a => a.ExtAppId == AppId);
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 25b58a2ea..47ed7c63c 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -30,6 +30,10 @@
         {
             <ReportRecertParamSelection @bind-FilterInput="filterInput" @bind-RecertFilter="actReportFilters.RecertFilter"/>
         }
+        else if (actReportFilters.ReportType.IsModellingReport())
+        {
+            <ReportModellingParamSelection @bind-ModellingFilter="actReportFilters.ModellingFilter"/>
+        }
         else if(actReportFilters.ReportType==ReportType.UnusedRules)
         {
             <div class="p-3">
@@ -47,13 +51,13 @@
                 </div>
             </div>
         }
-        @if (actReportFilters.ReportType != ReportType.Statistics)
-        {
-            <ReportTenantSelection SelectedTenant="actReportFilters.SelectedTenant" SelectedTenantChanged="TenantViewChanged" TenantFilteringAllowed="tenantFilteringAllowed"/>
-        }
 
-        @if (actReportFilters.ReportType.IsRuleRelatedReport())
+        @if (actReportFilters.ReportType.IsDeviceRelatedReport())
         {
+            @if (actReportFilters.ReportType != ReportType.Statistics)
+            {
+                <ReportTenantSelection SelectedTenant="actReportFilters.SelectedTenant" SelectedTenantChanged="TenantViewChanged" TenantFilteringAllowed="tenantFilteringAllowed"/>
+            }
             <DeviceSelection @bind-DeviceFilter="actReportFilters.DeviceFilter" @bind-CollapseAll="actReportFilters.CollapseDevices" @bind-SelectAll="actReportFilters.SelectAll"></DeviceSelection>
         }
     </Sidebar>
@@ -122,6 +126,10 @@
                             <StatisticsReport Managements="managementsReport" GlobalStats="globalStats"/>
                             break;
 
+                        case ReportType.Connections:
+                            <ConnectionsReport AppHandler="appHandler"/>
+                            break;
+
                         default:
                             break;
                     }
@@ -145,7 +153,7 @@
     </div>
 
     @* ==== RIGHT SIDEBAR ==== *@
-    @if (actReportFilters.ReportType.IsRuleRelatedReport())
+    @if (actReportFilters.ReportType.IsDeviceRelatedReport())
     {
         <RightSidebar @bind-Width="sidebarRightWidth" Tabset="rsbTabset" AnchorNavToRSB="anchorNavToRSB" CurrentReport="currentReport"
             @bind-SelectedRules="selectedItemsRuleReportTable" ManagementsReport="managementsReport" AllTabVisible="(tenantFilteringAllowed && actReportFilters.SelectedTenant == null)" />
@@ -168,16 +176,19 @@
     private Task<AuthenticationState>? authenticationStateTask { get; set; }
 
     public double reportGenerationDuration;
+    DateTime startTime = DateTime.Now;
     private bool processing = false;
     private CancellationTokenSource tokenSource = new CancellationTokenSource();
 
     private List<Rule> selectedItemsRuleReportTable = new List<Rule>();
     private List<RuleChange> selectedItemsChangeReportTable = new List<RuleChange>();
 
+    private List<ModellingConnection> connectionReport = new();
+    private ModellingAppHandler? appHandler;
     private Management[] managementsReport = new Management[0];
     List<int> relevantManagementIds = new();
     private Management? globalStats = null;
-
+    
     private ReportFilters actReportFilters = new ();
     private bool InitDone = false;
 
@@ -244,6 +255,7 @@
         // clear report data when switching reportType as we would be missing src/dst/svc information in some cases           
         managementsReport = new Management[] {};
         globalStats = null;
+        connectionReport = new();
         reportGenerationDuration = 0;
     }
 
@@ -287,7 +299,7 @@
         Management[] managementsReportOrig = managementsReport;
         try
         {
-            if (actReportFilters.ReportType.IsRuleRelatedReport() && !actReportFilters.DeviceFilter.isAnyDeviceFilterSet())  // display warning
+            if (actReportFilters.ReportType.IsDeviceRelatedReport() && !actReportFilters.DeviceFilter.isAnyDeviceFilterSet())
             {
                 DisplayMessageInUi(null, userConfig.GetText("no_device_selected"), userConfig.GetText("E1001"), true);
                 return;
@@ -299,18 +311,29 @@
             // save selected managements before resetting
             relevantManagementIds = actReportFilters.DeviceFilter.getSelectedManagements();
 
-            DateTime startTime = DateTime.Now;
+            startTime = DateTime.Now;
             managementsReport = new Management[0]; // reset management data when switching between reports
 
             try
             {
-                if(currentReport.ReportType == ReportType.Statistics)
+                if(currentReport.ReportType.IsModellingReport())
+                {
+                    await currentReport.GenerateCon(userConfig.ElementsPerFetch, apiConnection,
+                    connectionReportIntermediate =>
+                    {
+                        connectionReport = connectionReportIntermediate;
+                        return InvokeAsync(StateHasChanged);
+                    }, token);
+                    appHandler = new (apiConnection, userConfig, actReportFilters.ModellingFilter.SelectedOwner, DisplayMessageInUi);
+                    await appHandler.Init(connectionReport);
+                }
+                else if(currentReport.ReportType == ReportType.Statistics)
                 {
                     await GenerateStatisticsReport(token);
                 }
                 else
                 {
-                    await currentReport.Generate(userConfig.ElementsPerFetch, apiConnection,
+                    await currentReport.GenerateMgt(userConfig.ElementsPerFetch, apiConnection,
                     managementsReportIntermediate =>
                     {
                         managementsReport = managementsReportIntermediate;
@@ -329,20 +352,7 @@
             }
 
             processing = false;
-            if(NoRuleFound())
-            {
-                if(currentReport is ReportRules || currentReport is ReportNatRules)
-                {
-                    DisplayMessageInUi(null, userConfig.GetText("generate_report"), userConfig.GetText("E4002"), true);
-                }
-                else if (actReportFilters.ReportType.IsChangeReport())
-                {
-                    DisplayMessageInUi(null, userConfig.GetText("generate_report"), userConfig.GetText("E4003"), true);
-                }
-            }
-
-            Log.WriteDebug("Report Generation", $"Generation Time: {DateTime.Now - startTime}.");
-            rsbTabset?.SetActiveTab(1);
+            PostProcess();
             await InvokeAsync(StateHasChanged);
         }
         catch (Exception exception)
@@ -365,7 +375,7 @@
         // check for unsupported devices
         if(actReportFilters.ReportType == ReportType.UnusedRules)
         {
-            var result = await ReportBase.GetUsageDataUnsupportedDevices(apiConnection, actReportFilters.DeviceFilter);
+            var result = await ReportDevicesBase.GetUsageDataUnsupportedDevices(apiConnection, actReportFilters.DeviceFilter);
             actReportFilters.ReducedDeviceFilter = result.reducedDeviceFilter;
             unsupportedList = result.unsupportedList;
             if(unsupportedList.Count > 0)
@@ -379,7 +389,7 @@
     private async Task GenerateStatisticsReport(CancellationToken token)
     {
         globalStats = new Management();
-        await currentReport.Generate(0, apiConnection,
+        await currentReport.GenerateMgt(0, apiConnection,
             managementsReportIntermediate =>
             {
                 managementsReport = managementsReportIntermediate;
@@ -414,6 +424,24 @@
         return rulesFound;
     }
 
+    private void PostProcess()
+    {
+        if(actReportFilters.ReportType.IsDeviceRelatedReport() && currentReport.NoRuleFound())
+        {
+            if(currentReport is ReportRules || currentReport is ReportNatRules)
+            {
+                DisplayMessageInUi(null, userConfig.GetText("generate_report"), userConfig.GetText("E4002"), true);
+            }
+            else if (actReportFilters.ReportType.IsChangeReport())
+            {
+                DisplayMessageInUi(null, userConfig.GetText("generate_report"), userConfig.GetText("E4003"), true);
+            }
+        }
+        
+        Log.WriteDebug("Report Generation", $"Generation Time: {DateTime.Now - startTime}.");
+        rsbTabset?.SetActiveTab(1);
+    }
+
     private void CancelGeneration()
     {
         tokenSource.Cancel();
@@ -461,28 +489,6 @@
         }
     }
 
-    private bool NoRuleFound()
-    {
-        if(currentReport != null)
-        {
-            foreach(var mgmt in currentReport.Managements)
-            {
-                foreach(var dev in mgmt.Devices)
-                {
-                    if(dev.Rules != null && dev.Rules.Count() > 0)
-                    {
-                        return false;
-                    }
-                    if(dev.RuleChanges != null && dev.RuleChanges.Count() > 0)
-                    {
-                        return false;
-                    }
-                }
-            }
-        }
-        return true;
-    }
-
     private List<ReportType> CustomSortReportType(List<ReportType> ListIn)
     {
         List<ReportType> ListOut = new List<ReportType>();
@@ -499,7 +505,7 @@
             ReportType? foundType = ListIn.Find(x => x == reportType);
             if (foundType != null)
             {
-                if(showRuleRelatedReports && reportType.IsRuleRelatedReport() || showModellingReports && reportType.IsModellingReport())
+                if(showRuleRelatedReports && reportType.IsDeviceRelatedReport() || showModellingReports && reportType.IsModellingReport())
                 {
                     ListOut.Add(reportType);
                 }
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportExport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportExport.razor
index 944e9f7ff..cce58a681 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportExport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportExport.razor
@@ -105,7 +105,7 @@
 </PopUp>
 
 <ReportDownloadPopUp Title="@(userConfig.GetText("export_report_download"))" ReportFile="reportExportFile"
-Show="ShowExportDownloadDialog" ShowJson="ExportJson" OnClose="() => ShowExportDownloadDialog = false" />
+    Show="ShowExportDownloadDialog" ShowJson="ExportJson" OnClose="() => ShowExportDownloadDialog = false" />
 
 @code
 {
@@ -149,7 +149,16 @@ Show="ShowExportDownloadDialog" ShowJson="ExportJson" OnClose="() => ShowExportD
                 try
                 {
                     if (!ReportToExport.GotObjectsInReport)
-                        await ReportToExport.GetObjectsInReport(int.MaxValue, apiConnection, _ => Task.CompletedTask);
+                    {
+                        if((bool)ReportToExport?.ReportType.IsModellingReport())
+                        {
+                            await ReportToExport.GetConObjectsInReport(int.MaxValue, apiConnection, _ => Task.CompletedTask);
+                        }
+                        else
+                        {
+                            await ReportToExport.GetMgtObjectsInReport(int.MaxValue, apiConnection, _ => Task.CompletedTask);
+                        }
+                    }
 
                     if (ExportHtml)
                     {
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor
new file mode 100644
index 000000000..596960520
--- /dev/null
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor
@@ -0,0 +1,50 @@
+@using FWO.Config.Api
+
+@inject ApiConnection apiConnection
+@inject UserConfig userConfig
+
+
+<div class="p-3">
+    <h5 class="text-left">@(userConfig.GetText("owner"))</h5>
+    <Dropdown ElementType="FwoOwner" ElementToString="@(o => o.Display(userConfig.GetText("common_service")))" Nullable="true" 
+            @bind-SelectedElement="ModellingFilter.SelectedOwner" Elements="ownerList">
+        <ElementTemplate Context="owner">
+            @owner.Display(userConfig.GetText("common_service"))
+        </ElementTemplate>
+    </Dropdown>
+</div>
+
+
+@code
+{
+    [CascadingParameter]
+    private Task<AuthenticationState>? authenticationStateTask { get; set; }
+
+    [CascadingParameter]
+    Action<Exception?, string, string, bool> DisplayMessageInUi { get; set; } = DefaultInit.DoNothing;
+
+    [Parameter]
+    public ModellingFilter ModellingFilter { get; set; } = new();
+
+    [Parameter]
+    public EventCallback<ModellingFilter> ModellingFilterChanged { get; set; }
+
+    private List<FwoOwner> ownerList = new List<FwoOwner>();
+
+
+    protected override async Task OnInitializedAsync()
+    {
+        try
+        {
+            ownerList = await ModellingHandlerBase.GetOwnApps(authenticationStateTask, userConfig, apiConnection, DisplayMessageInUi);
+            if(ownerList.Count > 0)
+            {
+                ModellingFilter.SelectedOwner = ownerList.First();
+            }
+        }
+        catch (Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("object_fetch"), "", true);
+        }
+    }
+}
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
index 166aedc18..cc15c5c8d 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
@@ -79,7 +79,7 @@
                 <div class="form-group row mt-2">
                     <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("owner")):</label>
                     <label class="col-sm-8">@(reportTemplateInEdit.ReportParams.RecertFilter.RecertOwnerList.Count > 0 ? 
-                        ownerList.FirstOrDefault(o => o.Id == reportTemplateInEdit.ReportParams.RecertFilter.RecertOwnerList.First())?.Name ?? 
+                        recertOwnerList.FirstOrDefault(o => o.Id == reportTemplateInEdit.ReportParams.RecertFilter.RecertOwnerList.First())?.Name ?? 
                         reportTemplateInEdit.ReportParams.RecertFilter.RecertOwnerList.First().ToString() : "")</label>
                 </div>
             }
@@ -90,21 +90,23 @@
                     <input id="saveTemplateUnused" type="number" min="0" class="col-sm-2" @bind="reportTemplateInEdit.ReportParams.UnusedFilter.UnusedForDays">
                 </div>
             }
-            else if(reportTemplateInEdit.ReportParams.TenantFilter.IsActive)
+            else if(reportTypeInEdit.IsDeviceRelatedReport())
             {
                 <div class="form-group row mt-2">
-                    <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("tenant")):</label>
-                    <label class="col-sm-8">@(reportTemplateInEdit.ReportParams.TenantFilter.TenantId)</label>
+                    <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("report_time")):</label>
+                    <label class="col-sm-8">@(DisplayTime())</label>
                 </div>
             }
-            else
+
+            @if(reportTemplateInEdit.ReportParams.TenantFilter.IsActive)
             {
                 <div class="form-group row mt-2">
-                    <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("report_time")):</label>
-                    <label class="col-sm-8">@(DisplayTime())</label>
+                    <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("tenant")):</label>
+                    <label class="col-sm-8">@(reportTemplateInEdit.ReportParams.TenantFilter.TenantId)</label>
                 </div>
             }
-            @if(reportTypeInEdit.IsRuleRelatedReport())
+
+            @if(reportTypeInEdit.IsDeviceRelatedReport())
             {
                 <div class="form-group row mt-2">
                     <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("devices")):</label>
@@ -114,6 +116,20 @@
                     </div>
                 </div>
             }
+            else
+            {
+                <div class="form-group row mt-2">
+                    <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("owner")):</label>
+                    <div class="col-sm-8">
+                        <Dropdown ElementType="FwoOwner" ElementToString="@(o => o.Display(userConfig.GetText("common_service")))" Nullable="true" 
+                                @bind-SelectedElement="reportTemplateInEdit.ReportParams.ModellingFilter.SelectedOwner" Elements="modOwnerList">
+                            <ElementTemplate Context="owner">
+                                @(owner.Display(userConfig.GetText("common_service")))
+                            </ElementTemplate>
+                        </Dropdown>
+                    </div>
+                </div>
+            }
             <div class="form-group row mt-2">
                 <label for="saveTemplateFilterLineTextarea" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("filter")):</label>
                 <textarea id="saveTemplateFilterLineTextarea" class="col-sm-8" @bind="reportTemplateInEdit.Filter" />
@@ -147,7 +163,8 @@
     public List<ReportTemplate> reportTemplates { get; set; } = new List<ReportTemplate>();
     public ReportTemplate reportTemplateInEdit = new ReportTemplate();
     private ReportType reportTypeInEdit = ReportType.Rules;
-    private List<FwoOwner> ownerList = new List<FwoOwner>();
+    private List<FwoOwner> recertOwnerList = new List<FwoOwner>();
+    private List<FwoOwner> modOwnerList = new List<FwoOwner>();
 
     private string tmpTemplateCommentKey = "";
     private string tmpTemplateComment = "";
@@ -173,7 +190,8 @@
     protected override async Task OnInitializedAsync()
     {
         await RefreshTemplates();
-        ownerList = await apiConnection.SendQueryAsync<List<FwoOwner>>(FWO.Api.Client.Queries.OwnerQueries.getOwners);
+        recertOwnerList = await apiConnection.SendQueryAsync<List<FwoOwner>>(FWO.Api.Client.Queries.OwnerQueries.getOwners);
+        modOwnerList = await ModellingHandlerBase.GetOwnApps(authenticationStateTask, userConfig, apiConnection, DisplayMessageInUi);
     }
 
     public async Task RefreshTemplates()
@@ -181,7 +199,7 @@
         try
         {
             reportTemplates = (await apiConnection.SendQueryAsync<ReportTemplate[]>(ReportQueries.getReportTemplates, new { userId = userConfig.User.DbId })).ToList();
-            reportTemplates = reportTemplates.Where(rt => (showRuleRelatedReports && ((ReportType)rt.ReportParams.ReportType).IsRuleRelatedReport() || 
+            reportTemplates = reportTemplates.Where(rt => (showRuleRelatedReports && ((ReportType)rt.ReportParams.ReportType).IsDeviceRelatedReport() || 
                                                            showModellingReports && ((ReportType)rt.ReportParams.ReportType).IsModellingReport())).ToList();
             await InvokeAsync(StateHasChanged);
         }
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
new file mode 100644
index 000000000..328f0e034
--- /dev/null
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
@@ -0,0 +1,49 @@
+@using FWO.Ui.Display
+@using FWO.Config.Api
+@using FWO.Report.Filter
+
+@inject UserConfig userConfig
+
+@if(AppHandler != null)
+{
+    <H5>@AppHandler.Application.Display(userConfig.GetText("common_service"))</H5>
+    <Table class="table table-bordered th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ModellingConnection"
+            Items="AppHandler.Connections" PageSize="0" ColumnReorder="true">
+        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("id"))" Field="@(x => x.Id)" Sortable="true" Filterable="true" />
+        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("name"))" Field="@(x => x.Name)" Sortable="true" Filterable="true" />
+        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("func_reason"))" Field="@(x => x.Reason)" Sortable="true" Filterable="true" />
+        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("source"))" Field="@(x => x.Id)" Sortable="true" Filterable="true" >
+            <Template>
+                <ExpandableList2 Elements="AppHandler.GetSrcNames(context)" Context="src" AlwaysShowElements="@userConfig.OverviewDisplayLines">
+                    <ElementTemplate>
+                        @((MarkupString)src)
+                    </ElementTemplate>
+                </ExpandableList2>
+            </Template>
+        </Column>
+        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("service"))" Field="@(x => x.Id)" Sortable="true" Filterable="true" >
+            <Template>
+                <ExpandableList2 Elements="AppHandler.GetSvcNames(context)" Context="svc" AlwaysShowElements="@userConfig.OverviewDisplayLines">
+                    <ElementTemplate>
+                        @((MarkupString)svc)
+                    </ElementTemplate>
+                </ExpandableList2>
+            </Template>
+        </Column>
+        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("destination"))" Field="@(x => x.Id)" Sortable="true" Filterable="true" >
+            <Template>
+                <ExpandableList2 Elements="AppHandler.GetDstNames(context)" Context="dest" AlwaysShowElements="@userConfig.OverviewDisplayLines">
+                    <ElementTemplate>
+                        @((MarkupString)dest)
+                    </ElementTemplate>
+                </ExpandableList2>
+            </Template>
+        </Column>
+    </Table>
+}
+
+@code
+{
+    [Parameter]
+    public ModellingAppHandler? AppHandler { get; set; } = null;
+}
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
index 6e7009780..8da761388 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
@@ -206,7 +206,7 @@
             scheduledReports = (await apiConnection.SendQueryAsync<List<ScheduledReport>>(ReportQueries.getReportSchedules));
             scheduledReportsSubscription = apiConnection.GetSubscription<List<ScheduledReport>>(HandleSubscriptionError, OnReportScheduleUpdate, ReportQueries.subscribeReportScheduleChanges);
             reportTemplates = await apiConnection.SendQueryAsync<List<ReportTemplate>>(ReportQueries.getReportTemplates);
-            reportTemplates = reportTemplates.Where(rt => (showRuleRelatedReports && ((ReportType)rt.ReportParams.ReportType).IsRuleRelatedReport() || 
+            reportTemplates = reportTemplates.Where(rt => (showRuleRelatedReports && ((ReportType)rt.ReportParams.ReportType).IsDeviceRelatedReport() || 
                                                            showModellingReports && ((ReportType)rt.ReportParams.ReportType).IsModellingReport())).ToList();
             uiUserDbId = userConfig.User.DbId;
             authenticationState = await authenticationStateTask!;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
index 6627910ca..2ca29e7b8 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
@@ -25,15 +25,23 @@ public ModellingAppHandler(ApiConnection apiConnection, UserConfig userConfig, F
             : base (apiConnection, userConfig, application, false, displayMessageInUi, isOwner)
         {}
         
-        public async Task Init()
+        public async Task Init(List<ModellingConnection>? connections = null)
         {
             try
             {
-                var queryParam = new
+                if(connections == null)
                 {
-                    appId = Application.Id
-                };
-                Connections = await apiConnection.SendQueryAsync<List<ModellingConnection>>(ModellingQueries.getConnections, queryParam);
+                    var queryParam = new
+                    {
+                        appId = Application.Id
+                    };
+                    Connections = await apiConnection.SendQueryAsync<List<ModellingConnection>>(ModellingQueries.getConnections, queryParam);
+                }
+                else
+                {
+                    Connections = connections;
+                }
+                
                 foreach(var conn in Connections)
                 {
                     conn.ExtractNwGroups();
diff --git a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
index 88c3a3d3c..6d1fe8d7c 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
@@ -61,7 +61,7 @@ public class ModellingConnectionHandler : ModellingHandlerBase
         public bool EditSvcGrpMode = false;
         public bool DeleteSvcGrpMode = false;
 
-        private List<FwoOwner> apps = new();
+        private List<FwoOwner> allApps = new();
         private ModellingAppRole actAppRole = new();
         private ModellingNwGroup actNwGrpObj = new();
         private ModellingConnection actInterface = new();
@@ -104,7 +104,7 @@ public async Task Init()
                 }
                 RefreshSelectedNwObjects();
                 InterfaceName = await ExtractUsedInterface(ActConn);
-                apps = await apiConnection.SendQueryAsync<List<FwoOwner>>(OwnerQueries.getOwnersWithConn);
+                allApps = await apiConnection.SendQueryAsync<List<FwoOwner>>(OwnerQueries.getOwnersWithConn);
             }
             catch (Exception exception)
             {
@@ -116,7 +116,7 @@ public string DisplayInterface(ModellingConnection? inter)
         {
             if(inter != null)
             {
-                FwoOwner? app = apps.FirstOrDefault(x => x.Id == inter.AppId);
+                FwoOwner? app = allApps.FirstOrDefault(x => x.Id == inter.AppId);
                 if(app != null)
                 {
                     return inter.DisplayWithOwner(app);
diff --git a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
index 00f494c8d..b9f5a4952 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
@@ -3,6 +3,7 @@
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
 using Microsoft.AspNetCore.Components;
+using Microsoft.AspNetCore.Components.Authorization;
 
 
 namespace FWO.Ui.Services
@@ -196,5 +197,39 @@ protected async Task<bool> CheckAppServerInUse(ModellingAppServer appServer)
                 return true;
             }
         }
+
+        public static async Task<List<FwoOwner>> GetOwnApps(Task<AuthenticationState> authenticationStateTask, UserConfig userConfig,
+            ApiConnection apiConnection, Action<Exception?, string, string, bool> DisplayMessageInUi)
+        {
+            List<FwoOwner> apps = new();
+            try
+            {
+                if(authenticationStateTask!.Result.User.IsInRole(Roles.Admin) || authenticationStateTask!.Result.User.IsInRole(Roles.Auditor))
+                {
+                    apps = await apiConnection.SendQueryAsync<List<FwoOwner>>(OwnerQueries.getOwnersWithConn);
+                }
+                else
+                {
+                    UpdateOwnerships(authenticationStateTask,userConfig); // qad: userConfig may not be properly filled
+                    apps = await apiConnection.SendQueryAsync<List<FwoOwner>>(OwnerQueries.getEditableOwners, new { appIds = userConfig.User.Ownerships.ToArray() });
+                }
+            }
+            catch (Exception exception)
+            {
+                DisplayMessageInUi(exception, userConfig.GetText("fetch_data"), "", true);
+            }
+            return apps;
+        }
+
+        private static void UpdateOwnerships(Task<AuthenticationState> authenticationStateTask, UserConfig userConfig)
+        {
+            string? ownerString = authenticationStateTask.Result.User.Claims.FirstOrDefault(claim => claim.Type == "x-hasura-editable-owners")?.Value;
+            if(ownerString != null)
+            {
+                string[] separatingStrings = { ",", "{", "}" };
+                string[] owners = ownerString.Split(separatingStrings, StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries);
+                userConfig.User.Ownerships = Array.ConvertAll(owners, x => int.Parse(x)).ToList();
+            }
+        }
     }
 }

From a60647735b4e95c88ab8a5f6c040c3d107f31b7f Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Fri, 1 Mar 2024 18:24:52 +0100
Subject: [PATCH 20/84] inject + scheduling

---
 .../{ScheduledReport.cs => ReportSchedule.cs} |   2 +-
 .../FWO.Middleware.Server/ReportScheduler.cs  | 105 ++++++------
 .../NetworkModelling/NetworkModelling.razor   |   7 +-
 .../files/FWO.UI/Pages/Reporting/Report.razor |  37 ++++-
 .../ReportModellingParamSelection.razor       |   5 +-
 .../Reporting/Reports/ConnectionsReport.razor |  52 +++---
 .../FWO.UI/Pages/Reporting/Schedule.razor     | 154 +++++++++---------
 .../ConnectionTable.razor                     |   6 +-
 .../ui/files/FWO.UI/Shared/ReportTabset.razor |  23 ++-
 9 files changed, 221 insertions(+), 170 deletions(-)
 rename roles/lib/files/FWO.Api.Client/Data/{ScheduledReport.cs => ReportSchedule.cs} (98%)
 rename roles/ui/files/FWO.UI/{Pages/NetworkModelling => Shared}/ConnectionTable.razor (96%)

diff --git a/roles/lib/files/FWO.Api.Client/Data/ScheduledReport.cs b/roles/lib/files/FWO.Api.Client/Data/ReportSchedule.cs
similarity index 98%
rename from roles/lib/files/FWO.Api.Client/Data/ScheduledReport.cs
rename to roles/lib/files/FWO.Api.Client/Data/ReportSchedule.cs
index 655c6e3c8..48ad3d7cd 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ScheduledReport.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ReportSchedule.cs
@@ -3,7 +3,7 @@
 
 namespace FWO.Api.Data
 {
-    public class ScheduledReport
+    public class ReportSchedule
     {
         [JsonProperty("report_schedule_id"), JsonPropertyName("report_schedule_id")]
         public int Id { get; set; }
diff --git a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
index 55419c923..7e55b21e0 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
@@ -18,12 +18,12 @@ namespace FWO.Middleware.Server
     public class ReportScheduler
     {
         private readonly object scheduledReportsLock = new object();
-        private List<ScheduledReport> scheduledReports = new List<ScheduledReport>();
+        private List<ReportSchedule> scheduledReports = new List<ReportSchedule>();
         private readonly TimeSpan CheckScheduleInterval = TimeSpan.FromMinutes(1);
 
         private readonly string apiServerUri;
         private readonly ApiConnection apiConnection;
-        private readonly GraphQlApiSubscription<ScheduledReport[]> scheduledReportsSubscription;
+        private readonly GraphQlApiSubscription<ReportSchedule[]> scheduledReportsSubscription;
         private readonly JwtWriter jwtWriter;
 
         private readonly object ldapLock = new object();
@@ -41,8 +41,8 @@ public ReportScheduler(ApiConnection apiConnection, JwtWriter jwtWriter, GraphQl
             connectedLdaps = apiConnection.SendQueryAsync<List<Ldap>>(AuthQueries.getLdapConnections).Result;
             connectedLdapsSubscription.OnUpdate += OnLdapUpdate;
 
-            //scheduledReports = apiConnection.SendQueryAsync<ScheduledReport[]>(ReportQueries.getReportSchedules).Result.ToList();
-            scheduledReportsSubscription = apiConnection.GetSubscription<ScheduledReport[]>(ApiExceptionHandler, OnScheduleUpdate, ReportQueries.subscribeReportScheduleChanges);
+            //scheduledReports = apiConnection.SendQueryAsync<ReportSchedule[]>(ReportQueries.getReportSchedules).Result.ToList();
+            scheduledReportsSubscription = apiConnection.GetSubscription<ReportSchedule[]>(ApiExceptionHandler, OnScheduleUpdate, ReportQueries.subscribeReportScheduleChanges);
 
             System.Timers.Timer checkScheduleTimer = new();
             checkScheduleTimer.Elapsed += CheckSchedule;
@@ -59,7 +59,7 @@ private void OnLdapUpdate(List<Ldap> connectedLdaps)
             }
         }
 
-        private void OnScheduleUpdate(ScheduledReport[] scheduledReports)
+        private void OnScheduleUpdate(ReportSchedule[] scheduledReports)
         {
             lock (scheduledReportsLock)
             {
@@ -81,29 +81,29 @@ private async void CheckSchedule(object? _, ElapsedEventArgs __)
 
             lock (scheduledReports)
             {
-                foreach (ScheduledReport scheduledReport in scheduledReports)
+                foreach (ReportSchedule reportSchedule in scheduledReports)
                 {
                     try
                     {
-                        if (scheduledReport.Active)
+                        if (reportSchedule.Active)
                         {
                             // Add schedule interval as long as schedule time is smaller then current time 
-                            while (RoundDown(scheduledReport.StartTime, CheckScheduleInterval) < dateTimeNowRounded)
+                            while (RoundDown(reportSchedule.StartTime, CheckScheduleInterval) < dateTimeNowRounded)
                             {
-                                scheduledReport.StartTime = scheduledReport.RepeatInterval switch
+                                reportSchedule.StartTime = reportSchedule.RepeatInterval switch
                                 {
-                                    Interval.Days => scheduledReport.StartTime.AddDays(scheduledReport.RepeatOffset),
-                                    Interval.Weeks => scheduledReport.StartTime.AddDays(scheduledReport.RepeatOffset * 7),
-                                    Interval.Months => scheduledReport.StartTime.AddMonths(scheduledReport.RepeatOffset),
-                                    Interval.Years => scheduledReport.StartTime.AddYears(scheduledReport.RepeatOffset),
-                                    Interval.Never => scheduledReport.StartTime.AddYears(42_42),
+                                    Interval.Days => reportSchedule.StartTime.AddDays(reportSchedule.RepeatOffset),
+                                    Interval.Weeks => reportSchedule.StartTime.AddDays(reportSchedule.RepeatOffset * 7),
+                                    Interval.Months => reportSchedule.StartTime.AddMonths(reportSchedule.RepeatOffset),
+                                    Interval.Years => reportSchedule.StartTime.AddYears(reportSchedule.RepeatOffset),
+                                    Interval.Never => reportSchedule.StartTime.AddYears(42_42),
                                     _ => throw new NotSupportedException("Time interval is not supported.")
                                 };
                             }
 
-                            if (RoundDown(scheduledReport.StartTime, CheckScheduleInterval) == dateTimeNowRounded)
+                            if (RoundDown(reportSchedule.StartTime, CheckScheduleInterval) == dateTimeNowRounded)
                             {
-                                reportGeneratorTasks.Add(GenerateReport(scheduledReport, dateTimeNowRounded));
+                                reportGeneratorTasks.Add(GenerateReport(reportSchedule, dateTimeNowRounded));
                             }
                         }
                     }
@@ -117,52 +117,65 @@ private async void CheckSchedule(object? _, ElapsedEventArgs __)
             await Task.WhenAll(reportGeneratorTasks);
         }
 
-        private Task GenerateReport(ScheduledReport report, DateTime dateTimeNowRounded)
+        private Task GenerateReport(ReportSchedule reportSchedule, DateTime dateTimeNowRounded)
         {
             CancellationToken token = new CancellationToken();
             return Task.Run(async () =>
             {
                 try
                 {
-                    Log.WriteInfo("Report Scheduling", $"Generating scheduled report \"{report.Name}\" with id \"{report.Id}\" for user \"{report.Owner.Name}\" with id \"{report.Owner.DbId}\" ...");
+                    Log.WriteInfo("Report Scheduling", $"Generating scheduled report \"{reportSchedule.Name}\" with id \"{reportSchedule.Id}\" for user \"{reportSchedule.Owner.Name}\" with id \"{reportSchedule.Owner.DbId}\" ...");
 
                     ReportFile reportFile = new ReportFile
                     { 
-                        Name = $"{report.Name}_{dateTimeNowRounded.ToShortDateString()}",
+                        Name = $"{reportSchedule.Name}_{dateTimeNowRounded.ToShortDateString()}",
                         GenerationDateStart = DateTime.Now,
-                        TemplateId = report.Template.Id,
-                        OwnerId = report.Owner.DbId,
-                        Type = report.Template.ReportParams.ReportType
+                        TemplateId = reportSchedule.Template.Id,
+                        OwnerId = reportSchedule.Owner.DbId,
+                        Type = reportSchedule.Template.ReportParams.ReportType
                     };
 
                     // get uiuser roles + tenant
                     AuthManager authManager = new AuthManager(jwtWriter, connectedLdaps, apiConnection);
-                    string jwt = await authManager.AuthorizeUserAsync(report.Owner, validatePassword: false, lifetime: TimeSpan.FromDays(365));
+                    string jwt = await authManager.AuthorizeUserAsync(reportSchedule.Owner, validatePassword: false, lifetime: TimeSpan.FromDays(365));
                     ApiConnection apiConnectionUserContext = new GraphQlApiConnection(apiServerUri, jwt);
                     GlobalConfig globalConfig = await GlobalConfig.ConstructAsync(jwt);
-                    UserConfig userConfig = await UserConfig.ConstructAsync(globalConfig, apiConnection, report.Owner.DbId);
+                    UserConfig userConfig = await UserConfig.ConstructAsync(globalConfig, apiConnection, reportSchedule.Owner.DbId);
 
-                    await apiConnectionUserContext.SendQueryAsync<object>(ReportQueries.countReportSchedule, new { report_schedule_id = report.Id });
-                    await AdaptDeviceFilter(report.Template.ReportParams, apiConnectionUserContext);
+                    await apiConnectionUserContext.SendQueryAsync<object>(ReportQueries.countReportSchedule, new { report_schedule_id = reportSchedule.Id });
+                    await AdaptDeviceFilter(reportSchedule.Template.ReportParams, apiConnectionUserContext);
 
-                    ReportBase reportRules = ReportBase.ConstructReport(report.Template, userConfig);
-                    Management[] managementsReport = Array.Empty<Management>();
-                    await reportRules.GenerateMgt(int.MaxValue, apiConnectionUserContext, 
-                        managementsReportIntermediate =>
-                        {
-                            managementsReport = managementsReportIntermediate;
-                            SetRelevantManagements(ref managementsReport, report.Template.ReportParams.DeviceFilter);
-                            return Task.CompletedTask;
-                        }, token);
-                    await reportRules.GetMgtObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask);
-
-                    WriteReportFile(reportRules, report.OutputFormat, reportFile);
-                    await SaveReport(reportFile, reportRules.SetDescription(), apiConnectionUserContext);
-                    Log.WriteInfo("Report Scheduling", $"Scheduled report \"{report.Name}\" with id \"{report.Id}\" for user \"{report.Owner.Name}\" with id \"{report.Owner.DbId}\" successfully generated.");
+                    ReportBase report = ReportBase.ConstructReport(reportSchedule.Template, userConfig);
+                    if(report.ReportType.IsDeviceRelatedReport())
+                    {
+                        Management[] managementsReport = Array.Empty<Management>();
+                        await report.GenerateMgt(int.MaxValue, apiConnectionUserContext, 
+                            managementsReportIntermediate =>
+                            {
+                                managementsReport = managementsReportIntermediate;
+                                SetRelevantManagements(ref managementsReport, reportSchedule.Template.ReportParams.DeviceFilter);
+                                return Task.CompletedTask;
+                            }, token);
+                        await report.GetMgtObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask);
+                    }
+                    else
+                    {
+                        List<ModellingConnection> connectionReport = new();
+                        await report.GenerateCon(int.MaxValue, apiConnectionUserContext,
+                            connectionReportIntermediate =>
+                            {
+                                connectionReport = connectionReportIntermediate;
+                                return Task.CompletedTask;
+                            }, token);
+                        await report.GetConObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask);
+                    }
+                    WriteReportFile(report, reportSchedule.OutputFormat, reportFile);
+                    await SaveReport(reportFile, report.SetDescription(), apiConnectionUserContext);
+                    Log.WriteInfo("Report Scheduling", $"Scheduled report \"{reportSchedule.Name}\" with id \"{reportSchedule.Id}\" for user \"{reportSchedule.Owner.Name}\" with id \"{reportSchedule.Owner.DbId}\" successfully generated.");
                 }
                 catch (Exception exception)
                 {
-                    Log.WriteError("Report Scheduling", $"Generating scheduled report \"{report.Name}\" with id \"{report.Id}\" lead to exception.", exception);
+                    Log.WriteError("Report Scheduling", $"Generating scheduled report \"{reportSchedule.Name}\" with id \"{reportSchedule.Id}\" lead to exception.", exception);
                 }
             }, token);
         }
@@ -189,23 +202,23 @@ private static async Task AdaptDeviceFilter(ReportParams reportParams, ApiConnec
             }
         }
 
-        private static void WriteReportFile(ReportBase reportRules, List<FileFormat> fileFormats, ReportFile reportFile)
+        private static void WriteReportFile(ReportBase report, List<FileFormat> fileFormats, ReportFile reportFile)
         {
-            reportFile.Json = reportRules.ExportToJson();
+            reportFile.Json = report.ExportToJson();
             foreach (FileFormat format in fileFormats)
             {
                 switch (format.Name)
                 {
                     case GlobalConst.kCsv:
-                        reportFile.Csv = reportRules.ExportToCsv();
+                        reportFile.Csv = report.ExportToCsv();
                         break;
 
                     case GlobalConst.kHtml:
-                        reportFile.Html = reportRules.ExportToHtml();
+                        reportFile.Html = report.ExportToHtml();
                         break;
 
                     case GlobalConst.kPdf:
-                        reportFile.Pdf = Convert.ToBase64String(reportRules.ToPdf(PaperKind.A4));
+                        reportFile.Pdf = Convert.ToBase64String(report.ToPdf(PaperKind.A4));
                         break;
 
                     case GlobalConst.kJson:
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
index a714eba2e..45f57cad1 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
@@ -6,6 +6,7 @@
 
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
+@inject NavigationManager NavigationManager
 
 @if(!appHandler?.EditConnMode ?? true)
 {
@@ -34,7 +35,7 @@
         }
         <div class="col-sm-6">
             <div class="btn-group">
-                @* <button type="button" class="ms-5 btn btn-sm btn-primary" @onclick="Report">@(userConfig.GetText("generate_report"))</button> *@
+                <button type="button" class="ms-5 btn btn-sm btn-primary" @onclick="Report">@(userConfig.GetText("generate_report"))</button>
                 <button type="button" class="btn btn-sm btn-dark" @onclick="ShowHistory">@(userConfig.GetText("show_history"))</button>
                 @* <button type="button" class="btn btn-sm btn-dark ms-5" @onclick="ExtRequest">@(userConfig.GetText("ext_request"))</button> *@
             </div>
@@ -221,14 +222,14 @@ else
         return $"<span class=\"{textClass}\" {tooltip}>{(app.Active ? "" : "<i>")}{textToDisplay}{(app.Active ? "" : "</i>")}</span>";
     }
 
-    private async Task ShowHistory()
+    private void ShowHistory()
     {
         showHistory = true;
     }
 
     private async Task Report()
     {
-
+        NavigationManager.NavigateTo($"/report/generation/{selectedApp.Id}");
     }
 
     private async Task ExtRequest()
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 47ed7c63c..1fbd431f3 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -7,7 +7,7 @@
 @using FWO.Ui.Pages.Reporting.Reports
 @using System.Diagnostics
 
-@page "/report/generation"
+@page "/report/generation/{appId?}"
 @attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Auditor}, {Roles.Modeller}")]
 
 @inject ApiConnection apiConnection
@@ -32,7 +32,7 @@
         }
         else if (actReportFilters.ReportType.IsModellingReport())
         {
-            <ReportModellingParamSelection @bind-ModellingFilter="actReportFilters.ModellingFilter"/>
+            <ReportModellingParamSelection @bind-ModellingFilter="actReportFilters.ModellingFilter" InjectedAppId="injectedAppId"/>
         }
         else if(actReportFilters.ReportType==ReportType.UnusedRules)
         {
@@ -140,7 +140,7 @@
         {
             if (reportGenerationDuration != 0)
             {
-                if (reportGenerationDuration<600)
+                if (reportGenerationDuration < 600)
                 {
                     <small>@(userConfig.GetText("report_duration")) @reportGenerationDuration.ToString("0.00") @(userConfig.GetText("seconds")).</small>
                 }
@@ -175,6 +175,9 @@
     [CascadingParameter]
     private Task<AuthenticationState>? authenticationStateTask { get; set; }
 
+    [Parameter]
+    public string? AppId { get; set; }
+
     public double reportGenerationDuration;
     DateTime startTime = DateTime.Now;
     private bool processing = false;
@@ -191,6 +194,8 @@
     
     private ReportFilters actReportFilters = new ();
     private bool InitDone = false;
+    private int? injectedAppId = null;
+    private bool autoGenerateReport = false;
 
     private List<string> unsupportedList = new List<string>();
     private bool ShowSelectTimeDialog = false;
@@ -232,7 +237,21 @@
         try
         {
             actReportFilters.DeviceFilter.Managements = await apiConnection.SendQueryAsync<List<ManagementSelect>>(DeviceQueries.getDevicesByManagement);
-            actReportFilters.Init(userConfig, showRuleRelatedReports);
+            if(int.TryParse(AppId, out int appId))
+            {
+                actReportFilters.Init(userConfig, false);
+                injectedAppId = appId;
+                List<FwoOwner> owners = await apiConnection.SendQueryAsync<List<FwoOwner>>(Api.Client.Queries.OwnerQueries.getEditableOwners, new { appIds = appId });
+                if(owners.Count > 0)
+                {
+                    actReportFilters.ModellingFilter.SelectedOwner = owners.First();
+                    autoGenerateReport = true;
+                }
+            }
+            else
+            {
+                actReportFilters.Init(userConfig, showRuleRelatedReports);
+            }
             InitDone = true;
             await InvokeAsync(StateHasChanged);
         }
@@ -242,6 +261,15 @@
         }
     }
 
+    protected override async Task OnAfterRenderAsync(bool firstRender)
+    {
+        if(autoGenerateReport)
+        {
+            await GenerateReport();
+            autoGenerateReport = false;
+        }
+    }
+
     private void ReportTypeChanged(ReportType newReportType)
     {
         actReportFilters.ReportType = newReportType;
@@ -383,6 +411,7 @@
                 DisplayMessageInUi(null, userConfig.GetText("generate_report"), userConfig.GetText("E4004") + string.Join(", ", unsupportedList), true);
             }
         }
+
         currentReport = ReportBase.ConstructReport(ConstructReportTemplate(), userConfig);
     }
 
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor
index 596960520..c8f3fa872 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor
@@ -29,6 +29,9 @@
     [Parameter]
     public EventCallback<ModellingFilter> ModellingFilterChanged { get; set; }
 
+    [Parameter]
+    public int? InjectedAppId { get; set; } = null;
+
     private List<FwoOwner> ownerList = new List<FwoOwner>();
 
 
@@ -39,7 +42,7 @@
             ownerList = await ModellingHandlerBase.GetOwnApps(authenticationStateTask, userConfig, apiConnection, DisplayMessageInUi);
             if(ownerList.Count > 0)
             {
-                ModellingFilter.SelectedOwner = ownerList.First();
+                ModellingFilter.SelectedOwner = InjectedAppId == null ? ownerList.First() : ownerList.FirstOrDefault(o => o.Id == InjectedAppId) ?? ownerList.First();
             }
         }
         catch (Exception exception)
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
index 328f0e034..10cec6c99 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
@@ -7,39 +7,25 @@
 @if(AppHandler != null)
 {
     <H5>@AppHandler.Application.Display(userConfig.GetText("common_service"))</H5>
-    <Table class="table table-bordered th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ModellingConnection"
-            Items="AppHandler.Connections" PageSize="0" ColumnReorder="true">
-        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("id"))" Field="@(x => x.Id)" Sortable="true" Filterable="true" />
-        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("name"))" Field="@(x => x.Name)" Sortable="true" Filterable="true" />
-        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("func_reason"))" Field="@(x => x.Reason)" Sortable="true" Filterable="true" />
-        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("source"))" Field="@(x => x.Id)" Sortable="true" Filterable="true" >
-            <Template>
-                <ExpandableList2 Elements="AppHandler.GetSrcNames(context)" Context="src" AlwaysShowElements="@userConfig.OverviewDisplayLines">
-                    <ElementTemplate>
-                        @((MarkupString)src)
-                    </ElementTemplate>
-                </ExpandableList2>
-            </Template>
-        </Column>
-        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("service"))" Field="@(x => x.Id)" Sortable="true" Filterable="true" >
-            <Template>
-                <ExpandableList2 Elements="AppHandler.GetSvcNames(context)" Context="svc" AlwaysShowElements="@userConfig.OverviewDisplayLines">
-                    <ElementTemplate>
-                        @((MarkupString)svc)
-                    </ElementTemplate>
-                </ExpandableList2>
-            </Template>
-        </Column>
-        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("destination"))" Field="@(x => x.Id)" Sortable="true" Filterable="true" >
-            <Template>
-                <ExpandableList2 Elements="AppHandler.GetDstNames(context)" Context="dest" AlwaysShowElements="@userConfig.OverviewDisplayLines">
-                    <ElementTemplate>
-                        @((MarkupString)dest)
-                    </ElementTemplate>
-                </ExpandableList2>
-            </Template>
-        </Column>
-    </Table>
+
+    @if(AppHandler.GetRegularConnections().Count > 0)
+    {
+        <Collapse Title="@userConfig.GetText("connections")" Style="@("primary")" StartToggled="false">
+            <ConnectionTable Connections="@AppHandler.GetRegularConnections()" AppHandler="AppHandler" Readonly="true"/>
+        </Collapse>
+    }
+    @if(AppHandler.GetInterfaces().Count > 0)
+    {
+        <Collapse Title="@userConfig.GetText("interfaces")" Style="@("primary")" StartToggled="false">
+            <ConnectionTable Connections="@AppHandler.GetInterfaces()" AppHandler="AppHandler" Readonly="true"/>
+        </Collapse>
+    }
+    @if(AppHandler.GetCommonServices().Count > 0)
+    {
+        <Collapse Title="@userConfig.GetText("common_services")" Style="@("primary")" StartToggled="false">
+            <ConnectionTable Connections="@AppHandler.GetCommonServices()" AppHandler="AppHandler" Readonly="true"/>
+        </Collapse>
+    }
 }
 
 @code
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
index 8da761388..b19d9c485 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Schedule.razor
@@ -11,42 +11,42 @@
 
 <ReportTabset/>
 
-<button type="button" class="btn btn-sm btn-success mb-1" @onclick="() => { scheduledReportInEdit = new ScheduledReport() { RepeatInterval = Interval.Never }; ShowSaveScheduledReportDialog = true; }">@(userConfig.GetText("add"))</button>
+<button type="button" class="btn btn-sm btn-success mb-1" @onclick="() => { reportScheduleInEdit = new ReportSchedule() { RepeatInterval = Interval.Never }; ShowSaveReportScheduleDialog = true; }">@(userConfig.GetText("add"))</button>
 
 <div class="vheight75">
-    <Table TableClass="table table-bordered table-sm th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ScheduledReport" Items="scheduledReports" PageSize="0">
-        <Column TableItem="ScheduledReport" Title="@(userConfig.GetText("actions"))">
+    <Table TableClass="table table-bordered table-sm th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ReportSchedule" Items="reportSchedules" PageSize="0">
+        <Column TableItem="ReportSchedule" Title="@(userConfig.GetText("actions"))">
             <Template>
                 @if (context.Owner.DbId == uiUserDbId || authenticationState != null && authenticationState.User.IsInRole(Roles.Admin))
                 {
                     <div class="btn-group">
-                        <button type="button" class="btn btn-sm btn-warning" @onclick="() => { scheduledReportInEdit = context; actDate = actTime = context.StartTime; ShowEditScheduledReportDialog = true; }">@(userConfig.GetText("edit"))</button>
-                        <button type="button" class="btn btn-sm btn-danger" @onclick="() => { scheduledReportInEdit = context; ShowDeleteScheduledReportDialog = true; }">@(userConfig.GetText("delete"))</button>
+                        <button type="button" class="btn btn-sm btn-warning" @onclick="() => { reportScheduleInEdit = context; actDate = actTime = context.StartTime; ShowEditReportScheduleDialog = true; }">@(userConfig.GetText("edit"))</button>
+                        <button type="button" class="btn btn-sm btn-danger" @onclick="() => { reportScheduleInEdit = context; ShowDeleteReportScheduleDialog = true; }">@(userConfig.GetText("delete"))</button>
                     </div>
                 }
             </Template>
         </Column>
-        <Column TableItem="ScheduledReport" Title="@(userConfig.GetText("id"))" Field="@(scheduledReport => scheduledReport.Id)" Sortable="true" Filterable="true"/>
-        <Column TableItem="ScheduledReport" Title="@(userConfig.GetText("name"))" Field="@(scheduledReport => scheduledReport.Name)" Sortable="true" Filterable="true"/>
-        <Column TableItem="ScheduledReport" Title="@(userConfig.GetText("start_time"))" Field="@(scheduledReport => scheduledReport.StartTime)" Sortable="true" Filterable="true">
+        <Column TableItem="ReportSchedule" Title="@(userConfig.GetText("id"))" Field="@(reportSchedule => reportSchedule.Id)" Sortable="true" Filterable="true"/>
+        <Column TableItem="ReportSchedule" Title="@(userConfig.GetText("name"))" Field="@(reportSchedule => reportSchedule.Name)" Sortable="true" Filterable="true"/>
+        <Column TableItem="ReportSchedule" Title="@(userConfig.GetText("start_time"))" Field="@(reportSchedule => reportSchedule.StartTime)" Sortable="true" Filterable="true">
             <Template>
                 @(context.StartTime.ToString("yyyy-MM-dd HH:mm:ssK"))
             </Template>
         </Column>
-        <Column TableItem="ScheduledReport" Title="@(userConfig.GetText("repeat_interval"))" Field="@(scheduledReport => scheduledReport.RepeatOffset)">
+        <Column TableItem="ReportSchedule" Title="@(userConfig.GetText("repeat_interval"))" Field="@(reportSchedule => reportSchedule.RepeatOffset)">
             <Template>
                 @(context.RepeatInterval != Interval.Never ? context.RepeatOffset : "") @(userConfig.GetText(context.RepeatInterval.ToString()))
             </Template>
         </Column>
-        <Column TableItem="ScheduledReport" Title="@(userConfig.GetText("template"))" Field="@(scheduledReport => scheduledReport.Template.Name)" Sortable="true" Filterable="true"/>
-        <Column TableItem="ScheduledReport" Title="@(userConfig.GetText("owner"))" Field="@(scheduledReport => scheduledReport.Owner.Name)" Sortable="true" Filterable="true"/>
-        <Column TableItem="ScheduledReport" Title="@(userConfig.GetText("active"))" Field="@(scheduledReport => scheduledReport.Active)" Sortable="true" Filterable="true">
+        <Column TableItem="ReportSchedule" Title="@(userConfig.GetText("template"))" Field="@(reportSchedule => reportSchedule.Template.Name)" Sortable="true" Filterable="true"/>
+        <Column TableItem="ReportSchedule" Title="@(userConfig.GetText("owner"))" Field="@(reportSchedule => reportSchedule.Owner.Name)" Sortable="true" Filterable="true"/>
+        <Column TableItem="ReportSchedule" Title="@(userConfig.GetText("active"))" Field="@(reportSchedule => reportSchedule.Active)" Sortable="true" Filterable="true">
                 <Template>
                     @(GlobalConfig.ShowBool(context.Active))
                 </Template>
         </Column>
-        <Column TableItem="ScheduledReport" Title="@(userConfig.GetText("count"))" Field="@(scheduledReport => scheduledReport.Counter)" Sortable="true" Filterable="true"/>
-        <Column TableItem="ScheduledReport" Title="@(userConfig.GetText("output_format"))" Field="@(scheduledReport => scheduledReport.OutputFormat)">
+        <Column TableItem="ReportSchedule" Title="@(userConfig.GetText("count"))" Field="@(reportSchedule => reportSchedule.Counter)" Sortable="true" Filterable="true"/>
+        <Column TableItem="ReportSchedule" Title="@(userConfig.GetText("output_format"))" Field="@(reportSchedule => reportSchedule.OutputFormat)">
             <Template>
                 @String.Join(", ", context.OutputFormat.ConvertAll(format => format.Name.ToUpperInvariant()))
             </Template>
@@ -54,17 +54,17 @@
     </Table>
 </div>
 
-<PopUp Size=PopupSize.Large Title="@(userConfig.GetText("report_schedule"))" Show="@(ShowSaveScheduledReportDialog || ShowEditScheduledReportDialog)">
+<PopUp Size=PopupSize.Large Title="@(userConfig.GetText("report_schedule"))" Show="@(ShowSaveReportScheduleDialog || ShowEditReportScheduleDialog)">
     <Body>
         <div>
             <div class="form-group row">
                 <label for="scheduleId" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("id")):</label>
-                <label class="col-sm-8 col-form-label col-form-label-sm">@scheduledReportInEdit.Id</label>
+                <label class="col-sm-8 col-form-label col-form-label-sm">@reportScheduleInEdit.Id</label>
             </div>
             <div class="form-group row mt-2">
                 <label for="scheduleName" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("name")):</label>
                 <div class="col-sm-8">
-                    <input id="scheduleName" type="text" class="form-control form-control-sm" @bind="scheduledReportInEdit.Name" />
+                    <input id="scheduleName" type="text" class="form-control form-control-sm" @bind="reportScheduleInEdit.Name" />
                 </div>
             </div>
             <div class="form-group row mt-2">
@@ -79,10 +79,10 @@
             <div class="form-group row mt-2">
                 <label for="scheduleRepeatEvery" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("repeat_every")):</label>
                 <div class="col-sm-3">
-                    <input id="scheduleRepeatEvery" type="number" min="1" class="form-control form-control-sm" @bind="scheduledReportInEdit.RepeatOffset" />
+                    <input id="scheduleRepeatEvery" type="number" min="1" class="form-control form-control-sm" @bind="reportScheduleInEdit.RepeatOffset" />
                 </div>
                 <div class="col-sm-5">
-                    <Dropdown @bind-SelectedElement="scheduledReportInEdit.RepeatInterval" ElementToString="@(i => userConfig.GetText(i.ToString()))" Elements="Enum.GetValues(typeof(Interval)).Cast<Interval>()" >
+                    <Dropdown @bind-SelectedElement="reportScheduleInEdit.RepeatInterval" ElementToString="@(i => userConfig.GetText(i.ToString()))" Elements="Enum.GetValues(typeof(Interval)).Cast<Interval>()" >
                         <ElementTemplate Context="interval">
                             @(userConfig.GetText(interval.ToString()))
                         </ElementTemplate>
@@ -93,7 +93,7 @@
                 <label for="scheduleTemplate" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("template")):</label>
                 <div class="col-sm-8">
                     <Dropdown ElementType="ReportTemplate" ElementToString="@(o => o.Name)" Nullable="false"
-                        @bind-SelectedElement="scheduledReportInEdit.Template" Elements="reportTemplates">
+                        @bind-SelectedElement="reportScheduleInEdit.Template" Elements="reportTemplates">
                         <ElementTemplate Context="reportTemplate">
                             @reportTemplate.Name
                         </ElementTemplate>
@@ -106,34 +106,34 @@
                     <div class="form-inline justify-content-between">
                         <div class="form-check">
                             <input class="form-check-input" type="checkbox" id="outputFormatHtml" value="Html"
-                                   checked="@(scheduledReportInEdit.OutputFormat.Exists(format => format.Name == GlobalConst.kHtml))"
-                                   @onchange="@(_ => scheduledReportInEdit.OutputFormat.AddOrRemove(GlobalConst.kHtml))">
+                                   checked="@(reportScheduleInEdit.OutputFormat.Exists(format => format.Name == GlobalConst.kHtml))"
+                                   @onchange="@(_ => reportScheduleInEdit.OutputFormat.AddOrRemove(GlobalConst.kHtml))">
                             <label class="form-check-label" for="outputFormatHtml">HTML</label>
                         </div>
                         <div class="form-check">
                             <input class="form-check-input" type="checkbox" id="outputFormatPdf" value="Pdf"
-                                   checked="@(scheduledReportInEdit.OutputFormat.Exists(format => format.Name == GlobalConst.kPdf))"
-                                   @onchange="@(_ => scheduledReportInEdit.OutputFormat.AddOrRemove(GlobalConst.kPdf))">
+                                   checked="@(reportScheduleInEdit.OutputFormat.Exists(format => format.Name == GlobalConst.kPdf))"
+                                   @onchange="@(_ => reportScheduleInEdit.OutputFormat.AddOrRemove(GlobalConst.kPdf))">
                             <label class="form-check-label" for="outputFormatPdf">PDF</label>
                         </div>
                         <div class="form-check">
                             <input class="form-check-input" type="checkbox" id="outputFormatJson" value="Json"
-                                   checked="@(scheduledReportInEdit.OutputFormat.Exists(format => format.Name == GlobalConst.kJson))"
-                                   @onchange="@(_ => scheduledReportInEdit.OutputFormat.AddOrRemove(GlobalConst.kJson))">
+                                   checked="@(reportScheduleInEdit.OutputFormat.Exists(format => format.Name == GlobalConst.kJson))"
+                                   @onchange="@(_ => reportScheduleInEdit.OutputFormat.AddOrRemove(GlobalConst.kJson))">
                             <label class="form-check-label" for="outputFormatJson">JSON</label>
                         </div>
-                        @if (((ReportType)scheduledReportInEdit.Template.ReportParams?.ReportType).IsResolvedReport())
+                        @if (((ReportType)reportScheduleInEdit.Template.ReportParams?.ReportType).IsResolvedReport())
                         {
                             <div class="form-check">
                                 <input class="form-check-input" type="checkbox" id="outputFormatCsv" value="Csv"
-                                    checked="@(scheduledReportInEdit.OutputFormat.Exists(format => format.Name == GlobalConst.kCsv))"
-                                    @onchange="@(_ => scheduledReportInEdit.OutputFormat.AddOrRemove(GlobalConst.kCsv))">
+                                    checked="@(reportScheduleInEdit.OutputFormat.Exists(format => format.Name == GlobalConst.kCsv))"
+                                    @onchange="@(_ => reportScheduleInEdit.OutputFormat.AddOrRemove(GlobalConst.kCsv))">
                                 <label class="form-check-label" for="outputFormatCsv">CSV</label>
                             </div>
                         }
                         else
                         {
-                            scheduledReportInEdit.OutputFormat.Remove(GlobalConst.kCsv);
+                            reportScheduleInEdit.OutputFormat.Remove(GlobalConst.kCsv);
                         }
                     </div>
                 </div>
@@ -141,41 +141,41 @@
             <div class="form-group row mt-2">
                 <label for="scheduleActive" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("active")):</label>
                 <div class="col-sm-8" style="padding-top: calc(0.25rem + 1px);">
-                    <input id="scheduleActive" type="checkbox" style="max-height: 22px;" @bind="scheduledReportInEdit.Active" />
+                    <input id="scheduleActive" type="checkbox" style="max-height: 22px;" @bind="reportScheduleInEdit.Active" />
                 </div>
             </div>
         </div>
     </Body>
     <Footer>
         <div class="btn-group">
-            <button type="button" class="btn btn-sm btn-primary" @onclick="async () => await (ShowSaveScheduledReportDialog ? SaveScheduledReport() : EditScheduledReport())">@(userConfig.GetText("save"))</button>
-            <button type="button" class="btn btn-sm btn-secondary" @onclick="() => ShowEditScheduledReportDialog = ShowSaveScheduledReportDialog = false">@(userConfig.GetText("cancel"))</button>
+            <button type="button" class="btn btn-sm btn-primary" @onclick="async () => await (ShowSaveReportScheduleDialog ? SaveReportSchedule() : EditScheduledReport())">@(userConfig.GetText("save"))</button>
+            <button type="button" class="btn btn-sm btn-secondary" @onclick="() => ShowEditReportScheduleDialog = ShowSaveReportScheduleDialog = false">@(userConfig.GetText("cancel"))</button>
         </div>
     </Footer>
 </PopUp>
 
-<PopUp Title="Report Schedule" Size=PopupSize.Small Show="@ShowDeleteScheduledReportDialog">
+<PopUp Title="Report Schedule" Size=PopupSize.Small Show="@ShowDeleteReportScheduleDialog">
     <Body>
-        <p>@(userConfig.GetText("U2002")) "@scheduledReportInEdit.Name" ?</p>
+        <p>@(userConfig.GetText("U2002")) "@reportScheduleInEdit.Name" ?</p>
     </Body>
     <Footer>
         <div class="btn-group">
-            <button type="button" class="btn btn-sm btn-danger" @onclick="DeleteScheduledReport">@(userConfig.GetText("delete"))</button>
-            <button type="button" class="btn btn-sm btn-secondary" @onclick="() => ShowDeleteScheduledReportDialog = false">@(userConfig.GetText("cancel"))</button>
+            <button type="button" class="btn btn-sm btn-danger" @onclick="DeleteReportSchedule">@(userConfig.GetText("delete"))</button>
+            <button type="button" class="btn btn-sm btn-secondary" @onclick="() => ShowDeleteReportScheduleDialog = false">@(userConfig.GetText("cancel"))</button>
         </div>
     </Footer>
 </PopUp>
 
 @code
 {
-    private GraphQlApiSubscription<List<ScheduledReport>>? scheduledReportsSubscription;
-    private List<ScheduledReport> scheduledReports = new List<ScheduledReport>();
-    private ScheduledReport scheduledReportInEdit = new ScheduledReport();
+    private GraphQlApiSubscription<List<ReportSchedule>>? reportSchedulesSubscription;
+    private List<ReportSchedule> reportSchedules = new List<ReportSchedule>();
+    private ReportSchedule reportScheduleInEdit = new ReportSchedule();
     private DateTime actDate = DateTime.Today;
     private DateTime actTime = DateTime.Now.AddSeconds(-DateTime.Now.Second);
-    private bool ShowSaveScheduledReportDialog = false;
-    private bool ShowEditScheduledReportDialog = false;
-    private bool ShowDeleteScheduledReportDialog = false;
+    private bool ShowSaveReportScheduleDialog = false;
+    private bool ShowEditReportScheduleDialog = false;
+    private bool ShowDeleteReportScheduleDialog = false;
 
     private int uiUserDbId;
 
@@ -203,8 +203,8 @@
         try
         {
             // Initial fetch to speed up loading before subscription is established
-            scheduledReports = (await apiConnection.SendQueryAsync<List<ScheduledReport>>(ReportQueries.getReportSchedules));
-            scheduledReportsSubscription = apiConnection.GetSubscription<List<ScheduledReport>>(HandleSubscriptionError, OnReportScheduleUpdate, ReportQueries.subscribeReportScheduleChanges);
+            reportSchedules = (await apiConnection.SendQueryAsync<List<ReportSchedule>>(ReportQueries.getReportSchedules));
+            reportSchedulesSubscription = apiConnection.GetSubscription<List<ReportSchedule>>(HandleSubscriptionError, OnReportScheduleUpdate, ReportQueries.subscribeReportScheduleChanges);
             reportTemplates = await apiConnection.SendQueryAsync<List<ReportTemplate>>(ReportQueries.getReportTemplates);
             reportTemplates = reportTemplates.Where(rt => (showRuleRelatedReports && ((ReportType)rt.ReportParams.ReportType).IsDeviceRelatedReport() || 
                                                            showModellingReports && ((ReportType)rt.ReportParams.ReportType).IsModellingReport())).ToList();
@@ -222,14 +222,14 @@
         await InvokeAsync(() => DisplayMessageInUi(exception, userConfig.GetText("schedule_tile"), userConfig.GetText("schedule_upd_err_msg"), true));
     }
 
-    private async void OnReportScheduleUpdate(List<ScheduledReport> newScheduledReports)
+    private async void OnReportScheduleUpdate(List<ReportSchedule> newReportSchedules)
     {
         Log.WriteDebug("Report Scheduling", "Received report schedule update.");
-        scheduledReports = newScheduledReports;
+        reportSchedules = newReportSchedules;
         await InvokeAsync(StateHasChanged);
     }
 
-    private async Task SaveScheduledReport()
+    private async Task SaveReportSchedule()
     {
         try
         {
@@ -241,8 +241,8 @@
             //$report_schedule_every: Int! # every x days/weeks/months/years
             //$report_schedule_active: Boolean!
 
-            scheduledReportInEdit.StartTime = actDate.Date.Add(actTime.TimeOfDay);
-            if (scheduledReportInEdit.Sanitize())
+            reportScheduleInEdit.StartTime = actDate.Date.Add(actTime.TimeOfDay);
+            if (reportScheduleInEdit.Sanitize())
             {
                 DisplayMessageInUi(null, userConfig.GetText("save_scheduled_report"), userConfig.GetText("U0001"), true);
             }
@@ -251,18 +251,18 @@
                 // Add report schedule to DB
                 dynamic queryVariablesReportSchedule = new
                 {
-                    report_schedule_name = scheduledReportInEdit.Name,
+                    report_schedule_name = reportScheduleInEdit.Name,
                     report_schedule_owner_id = uiUserDbId,
-                    report_schedule_template_id = scheduledReportInEdit.Template.Id,
-                    report_schedule_start_time = scheduledReportInEdit.StartTime,
-                    report_schedule_repeat = scheduledReportInEdit.RepeatOffset,
-                    report_schedule_every = (int)scheduledReportInEdit.RepeatInterval,
-                    report_schedule_active = scheduledReportInEdit.Active,
-                    report_schedule_formats = new { data = scheduledReportInEdit.OutputFormat }
+                    report_schedule_template_id = reportScheduleInEdit.Template.Id,
+                    report_schedule_start_time = reportScheduleInEdit.StartTime,
+                    report_schedule_repeat = reportScheduleInEdit.RepeatOffset,
+                    report_schedule_every = (int)reportScheduleInEdit.RepeatInterval,
+                    report_schedule_active = reportScheduleInEdit.Active,
+                    report_schedule_formats = new { data = reportScheduleInEdit.OutputFormat }
                 };
-                scheduledReportInEdit.Id = (await apiConnection.SendQueryAsync<NewReturning>(ReportQueries.addReportSchedule, queryVariablesReportSchedule)).ReturnIds[0].NewId;
+                reportScheduleInEdit.Id = (await apiConnection.SendQueryAsync<NewReturning>(ReportQueries.addReportSchedule, queryVariablesReportSchedule)).ReturnIds[0].NewId;
 
-                ShowSaveScheduledReportDialog = false;
+                ShowSaveReportScheduleDialog = false;
             }
         }
         catch (Exception exception)
@@ -276,8 +276,8 @@
     {
         try
         {
-            scheduledReportInEdit.StartTime = actDate.Date.Add(actTime.TimeOfDay);
-            if (scheduledReportInEdit.Sanitize())
+            reportScheduleInEdit.StartTime = actDate.Date.Add(actTime.TimeOfDay);
+            if (reportScheduleInEdit.Sanitize())
             {
                 DisplayMessageInUi(null, userConfig.GetText("edit_scheduled_report"), userConfig.GetText("U0001"), true);
             }
@@ -285,22 +285,22 @@
             {
                 var queryVariables = new
                 {
-                    report_schedule_id = scheduledReportInEdit.Id,
-                    report_schedule_name = scheduledReportInEdit.Name,
+                    report_schedule_id = reportScheduleInEdit.Id,
+                    report_schedule_name = reportScheduleInEdit.Name,
                     report_schedule_owner_id = uiUserDbId,
-                    report_schedule_template_id = scheduledReportInEdit.Template.Id,
-                    report_schedule_start_time = scheduledReportInEdit.StartTime,
-                    report_schedule_repeat = scheduledReportInEdit.RepeatOffset,
-                    report_schedule_every = (int)scheduledReportInEdit.RepeatInterval,
-                    report_schedule_active = scheduledReportInEdit.Active,
-                    report_schedule_format_names = scheduledReportInEdit.OutputFormat.ConvertAll(format => format.Name),
-                    report_schedule_format_rel = scheduledReportInEdit.OutputFormat.ConvertAll(format =>
-                    new { report_schedule_format_name = format.Name, report_schedule_id = scheduledReportInEdit.Id })
+                    report_schedule_template_id = reportScheduleInEdit.Template.Id,
+                    report_schedule_start_time = reportScheduleInEdit.StartTime,
+                    report_schedule_repeat = reportScheduleInEdit.RepeatOffset,
+                    report_schedule_every = (int)reportScheduleInEdit.RepeatInterval,
+                    report_schedule_active = reportScheduleInEdit.Active,
+                    report_schedule_format_names = reportScheduleInEdit.OutputFormat.ConvertAll(format => format.Name),
+                    report_schedule_format_rel = reportScheduleInEdit.OutputFormat.ConvertAll(format =>
+                    new { report_schedule_format_name = format.Name, report_schedule_id = reportScheduleInEdit.Id })
                 };
 
                 await apiConnection.SendQueryAsync<object>(ReportQueries.editReportSchedule, queryVariables);
 
-                ShowEditScheduledReportDialog = false;
+                ShowEditReportScheduleDialog = false;
             }
         }
         catch (Exception exception)
@@ -310,18 +310,18 @@
         }
     }
 
-    private async Task DeleteScheduledReport()
+    private async Task DeleteReportSchedule()
     {
         try
         {
             var queryVariables = new
             {
-                report_schedule_id = scheduledReportInEdit.Id
+                report_schedule_id = reportScheduleInEdit.Id
             };
 
             await apiConnection.SendQueryAsync<object>(ReportQueries.deleteReportSchedule, queryVariables);
 
-            ShowDeleteScheduledReportDialog = false;
+            ShowDeleteReportScheduleDialog = false;
         }
         catch (Exception exception)
         {
@@ -332,7 +332,7 @@
 
     private bool checkInput()
     {
-        if(scheduledReportInEdit.Template == null || scheduledReportInEdit.Template.Id == 0)
+        if(reportScheduleInEdit.Template == null || reportScheduleInEdit.Template.Id == 0)
         {
             DisplayMessageInUi(null, userConfig.GetText("edit_scheduled_report"), userConfig.GetText("E2001"), true);
             return false;
@@ -342,6 +342,6 @@
 
     public void Dispose()
     {
-        scheduledReportsSubscription?.Dispose();
+        reportSchedulesSubscription?.Dispose();
     }
 }
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ConnectionTable.razor b/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
similarity index 96%
rename from roles/ui/files/FWO.UI/Pages/NetworkModelling/ConnectionTable.razor
rename to roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
index 9a7c2de32..dd677ff14 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ConnectionTable.razor
+++ b/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
@@ -1,12 +1,14 @@
 @using FWO.Config.Api
 @using FWO.Ui.Display
+@using FWO.Api.Data
+@using BlazorTable
 
 @inject UserConfig userConfig
 
 
 <Table class="table table-bordered th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ModellingConnection"
         Items="Connections" PageSize="0" ColumnReorder="true" TableRowClass="@(con => getTableRowClass(con))">
-    @if(userConfig.AllowManualOwnerAdmin)
+    @if(userConfig.AllowManualOwnerAdmin && !Readonly)
     {
         <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("actions"))" Field="(x => x.Id)" Sortable="false" Filterable="false">
             <Template>
@@ -76,6 +78,8 @@
     [Parameter]
     public bool AppActive { get; set; } = false;
 
+    [Parameter]
+    public bool Readonly { get; set; } = false;
 
     private string getTableRowClass(ModellingConnection conn)
     {
diff --git a/roles/ui/files/FWO.UI/Shared/ReportTabset.razor b/roles/ui/files/FWO.UI/Shared/ReportTabset.razor
index 8598cc1fe..d8e0bdb97 100644
--- a/roles/ui/files/FWO.UI/Shared/ReportTabset.razor
+++ b/roles/ui/files/FWO.UI/Shared/ReportTabset.razor
@@ -2,12 +2,27 @@
 
 <ul class="nav nav-tabs sticky-marker mb-3">
 	<li class="nav-item">
-		<NavLink href="/report/generation" class="nav-link text-dark">@userConfig.GetText("generation")</NavLink>
+		<NavLink href="/report/generation" class="nav-link text-dark">
+			<div class="input-group">
+    			@userConfig.GetText("generation")
+    			<sup><HelpLink Page="reporting"/></sup>
+			</div>
+		</NavLink>
 	</li>
 	<li class="nav-item">
-		<NavLink href="/report/schedule" class="nav-link text-dark">@userConfig.GetText("scheduling")</NavLink>
+		<NavLink href="/report/schedule" class="nav-link text-dark">
+			<div class="input-group">
+    			@userConfig.GetText("scheduling")
+    			<sup><HelpLink Page="reporting/scheduling"/></sup>
+			</div>
+		</NavLink>
 	</li>
 	<li class="nav-item">
-		<NavLink href="/report/archive" class="nav-link text-dark">@userConfig.GetText("archive")</NavLink>
+		<NavLink href="/report/archive" class="nav-link text-dark">
+			<div class="input-group">
+    			@userConfig.GetText("archive")
+    			<sup><HelpLink Page="reporting/archive"/></sup>
+			</div>
+		</NavLink>
 	</li>
-</ul>
\ No newline at end of file
+</ul>

From a498d79109dc39c3863d14943e0d5df15c3da743 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Mon, 4 Mar 2024 18:54:06 +0100
Subject: [PATCH 21/84] first test

---
 roles/importer/files/importer/common.py       |   4 +-
 .../files/importer/nsx4ff/nsx_network.py      | 118 +++++++++++-------
 .../files/importer/nsx4ff/nsx_rule.py         |  10 +-
 .../files/importer/nsx4ff/nsx_service.py      | 114 ++++++++++-------
 4 files changed, 146 insertions(+), 100 deletions(-)

diff --git a/roles/importer/files/importer/common.py b/roles/importer/files/importer/common.py
index e0ebdc0c8..96c8f2916 100644
--- a/roles/importer/files/importer/common.py
+++ b/roles/importer/files/importer/common.py
@@ -129,7 +129,7 @@ def import_management(mgm_id=None, ssl_verification=None, debug_level_in=0,
                 config_changed_since_last_import, error_string, error_count, change_count = get_config_from_api(mgm_details, full_config_json, config2import, jwt, current_import_id, start_time,
                     in_file=in_file, import_tmp_path=import_tmp_path, error_string=error_string, error_count=error_count, change_count=change_count, 
                     limit=limit, force=force)
-                if (debug_level>7):  # dump full native config read from fw API
+                if (debug_level>8):  # dump full native config read from fw API
                     logger.info(json.dumps(full_config_json, indent=2))
 
         time_get_config = int(time.time()) - start_time
@@ -183,7 +183,7 @@ def import_management(mgm_id=None, ssl_verification=None, debug_level_in=0,
         else: # if no changes were found, we skip everything else without errors
             pass
 
-        if (debug_level>8): # dump normalized config for debugging purposes
+        if (debug_level>7): # dump normalized config for debugging purposes
             logger.info(json.dumps(config2import, indent=2))
 
         error_count = complete_import(current_import_id, error_string, start_time, mgm_details, change_count, error_count, jwt)
diff --git a/roles/importer/files/importer/nsx4ff/nsx_network.py b/roles/importer/files/importer/nsx4ff/nsx_network.py
index e0f9ae7a4..759508483 100644
--- a/roles/importer/files/importer/nsx4ff/nsx_network.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_network.py
@@ -2,6 +2,7 @@
 from fwo_log import getFwoLogger
 from fwo_const import list_delimiter
 import ipaddress
+import os.path
 
 
 def normalize_nwobjects(full_config, config2import, import_id, jwt=None, mgm_id=None, domain="default"):
@@ -15,35 +16,38 @@ def normalize_nwobjects(full_config, config2import, import_id, jwt=None, mgm_id=
     #         for t in obj_orig['tag']['member']:
     #             collect_tag_information(nw_tagged_groups, "#"+t, obj_orig['@name'])
 
-    for tag in nw_tagged_groups:
-        logger.info("handling nw_tagged_group: " + tag + " with members: " + list_delimiter.join(nw_tagged_groups[tag]))
-        obj = {}
-        obj["obj_name"] = tag
-        obj["obj_uid"] = tag
-        obj["obj_comment"] = 'dynamic group defined by tagging'
-        obj['control_id'] = import_id
-        obj['obj_typ'] = 'group'
-        members = nw_tagged_groups[tag] # parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups)
-        obj['obj_members'] = list_delimiter.join(members)
-        obj['obj_member_refs'] = list_delimiter.join(members)
-        nw_objects.append(obj)
-
-        for obj_grp_orig in full_config["/infra/domains/{domain}/groups".format(domain=domain)]:
-            logger.info("found network group: " + obj_grp_orig['@name'])
-            obj_grp = extract_base_object_infos(obj_grp_orig, import_id, config2import, nw_objects)
-            obj_grp["obj_typ"] = "group"
-            if 'static' in obj_grp_orig and 'filter' in obj_grp_orig['static']:
-                obj_grp["obj_member_refs"], obj_grp["obj_member_names"] = parse_static_obj_group(obj_grp_orig, import_id, nw_objects, config2import)
-            if 'dynamic' in obj_grp_orig and 'filter' in obj_grp_orig['dynamic']:
-                members = parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups)
-                obj_grp["obj_member_refs"] = list_delimiter.join(members)
-                obj_grp["obj_member_names"] = list_delimiter.join(members)
-            nw_objects.append(obj_grp)
-            if 'tag' in obj_grp_orig and 'member' in obj_grp_orig['tag']:
-                logger.info("found network group with tags: " + obj_grp_orig['@name'])
-                for t in obj_grp_orig['tag']['member']:
-                    logger.info("    found tag " + t)
-                    collect_tag_information(nw_tagged_groups, "#"+t, obj_grp_orig['@name'])
+    # for tag in nw_tagged_groups:
+    #     logger.info("handling nw_tagged_group: " + tag + " with members: " + list_delimiter.join(nw_tagged_groups[tag]))
+    #     obj = {}
+    #     obj["obj_name"] = tag
+    #     obj["obj_uid"] = tag
+    #     obj["obj_comment"] = 'dynamic group defined by tagging'
+    #     obj['control_id'] = import_id
+    #     obj['obj_typ'] = 'group'
+    #     members = nw_tagged_groups[tag] # parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups)
+    #     obj['obj_members'] = list_delimiter.join(members)
+    #     obj['obj_member_refs'] = list_delimiter.join(members)
+    #     nw_objects.append(obj)
+
+    for obj_grp_orig in full_config["/infra/domains/{domain}/groups".format(domain=domain)]:
+        # logger.info("found network group: " + obj_grp_orig['name'])
+        obj_grp = extract_base_object_infos(obj_grp_orig, import_id, config2import, nw_objects)
+
+        if 'resource_type' in obj_grp_orig:
+            obj_grp["obj_typ"] = obj_grp_orig["resource_type"].lower()
+
+        if 'static' in obj_grp_orig and 'filter' in obj_grp_orig['static']:
+            obj_grp["obj_member_refs"], obj_grp["obj_member_names"] = parse_static_obj_group(obj_grp_orig, import_id, nw_objects, config2import)
+        if 'dynamic' in obj_grp_orig and 'filter' in obj_grp_orig['dynamic']:
+            members = parse_dynamic_object_group(obj_grp_orig, nw_tagged_groups)
+            obj_grp["obj_member_refs"] = list_delimiter.join(members)
+            obj_grp["obj_member_names"] = list_delimiter.join(members)
+        nw_objects.append(obj_grp)
+        if 'tag' in obj_grp_orig and 'member' in obj_grp_orig['tag']:
+            logger.info("found network group with tags: " + obj_grp_orig['@name'])
+            for t in obj_grp_orig['tag']['member']:
+                logger.info("    found tag " + t)
+                collect_tag_information(nw_tagged_groups, t, obj_grp_orig['@name'])
     
     config2import['network_objects'] = nw_objects
 
@@ -60,17 +64,12 @@ def parse_object(obj_orig, import_id, config2import, nw_objects):
 
 def extract_base_object_infos(obj_orig, import_id, config2import, nw_objects):
     obj = {}
-    obj["obj_name"] = obj_orig["@name"]
-    obj["obj_uid"] = obj_orig["@name"]
+    if 'display_name' in obj_orig:
+        obj["obj_name"] = obj_orig["display_name"]
+        obj["obj_uid"] = obj_orig["path"]
     if 'description' in obj_orig:
-        obj["obj_comment"] = obj_orig["description"] 
-    if 'tag' in obj_orig:
-        tag_list = ",".join(obj_orig["tag"]['member'])
-        if 'obj_comment' in obj:
-            obj["obj_comment"] += ("; tags: " + tag_list)
-        else:
-            obj["obj_comment"] = tag_list
-    obj['control_id'] = import_id
+        obj["obj_comment"] = obj_orig["description"]
+    obj["control_id"] = import_id
     return obj
 
 
@@ -80,7 +79,7 @@ def parse_dynamic_object_group(orig_grp, nw_tagged_groups):
             if ' ' not in orig_grp['dynamic']['filter']:
                 # just a single tag
                 # add all nw objects with the tag to this group
-                tag = "#" + orig_grp['dynamic']['filter'][1:-1]
+                tag = orig_grp['dynamic']['filter'][1:-1]
                 if tag in nw_tagged_groups:
                     return nw_tagged_groups[tag]
             else:
@@ -103,20 +102,43 @@ def parse_static_obj_group(orig_grp, import_id, nw_objects, config2import, id =
 def parse_obj_list(nw_obj_list, import_id, obj_list, id, type='network'):
     refs = []
     names = []
-    for obj_name in nw_obj_list:
-        names.append(obj_name)
-        refs.append(lookup_obj_uid(obj_name, obj_list, import_id, type=type))
+    for obj_uid in nw_obj_list:
+        refs.append(obj_uid)
+        names.append(lookup_obj_uid(obj_uid, obj_list, import_id, type=type))
     return list_delimiter.join(refs), list_delimiter.join(names)
 
 
-def lookup_obj_uid(obj_name, obj_list, import_id, type='network'):
+
+def lookup_obj_uid(obj_uid, obj_list, import_id, type='network'):
+    for o in obj_list:
+        if type=='network' and 'obj_uid' in o:
+            if o['obj_uid']==obj_uid:
+                return o['obj_name']
+        elif type=='service' and 'svc_name' in o:
+            if o['svc_uid']==obj_uid:
+                return o['svc_name']
+        else:
+            logger.warning("could not find object uid in object " + str(o))
+
+    # could not find existing obj in obj list, so creating new one
+    if type=='network':
+        refs, names = add_ip_obj([obj_uid], obj_list, import_id)
+        return refs ## assuming only one object here
+    elif type=='service':
+        logger.warning("could not find service object " + str(svc_uid))
+    else:
+        logger.warning("unknown object type '" + type + "' for object " + str(obj_uid))
+    return None
+
+
+def lookup_obj_name(obj_name, obj_list, import_id, type='network'):
     for o in obj_list:
         if type=='network' and 'obj_name' in o:
             if o['obj_name']==obj_name:
-                return o['obj_uid']
+                return o['obj_name']
         elif type=='service' and 'svc_name' in o:
-            if o['svc_name']==obj_name:
-                return o['svc_uid']
+            if o['svc_uid']==obj_name:
+                return o['svc_name']
         else:
             logger.warning("could not find object name in object " + str(o))
 
@@ -147,7 +169,7 @@ def add_ip_obj(ip_list, obj_list, import_id):
             # no valid ip - asusming Tag
             ip_obj['obj_ip'] = '0.0.0.0/0'
             ip = '0.0.0.0/0'
-            ip_obj['obj_name'] = "#"+ip_obj['obj_name']
+            ip_obj['obj_name'] = ip_obj['obj_name']
             ip_obj['obj_uid'] = ip_obj['obj_name']
         ip_obj['obj_type'] = 'simple'
         ip_obj['obj_typ'] = 'host'
diff --git a/roles/importer/files/importer/nsx4ff/nsx_rule.py b/roles/importer/files/importer/nsx4ff/nsx_rule.py
index 239fd91d4..1f3d8d5f2 100644
--- a/roles/importer/files/importer/nsx4ff/nsx_rule.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_rule.py
@@ -39,6 +39,8 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={}
         for dev_id in full_config['devices'].keys():
             for rulebase in list(full_config['devices'][dev_id].keys()):
                 for rule_orig in full_config['devices'][dev_id][rulebase]['rules']:
+
+                    # set some default values first
                     rule = {'rule_src': 'any', 'rule_dst': 'any', 'rule_svc': 'any',
                     'rule_src_refs': 'any_obj_placeholder', 'rule_dst_refs': 'any_obj_placeholder',
                     'rule_src_neg': False, 'rule_dst_neg': False,
@@ -94,14 +96,14 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={}
                         rule['rule_track'] = 'none'
 
                     if "source_groups" in rule_orig:
-                        rule['rule_src_refs'] = ','.join(rule_orig["source_groups"])
-                        # rule['rule_src_refs'], rule["rule_src"] = parse_obj_list(source_objects, import_id, config2import['network_objects'], rule["rule_uid"])
+                        #rule['rule_src_refs'] = ','.join(rule_orig["source_groups"])
+                        rule['rule_src_refs'], rule["rule_src"] = parse_obj_list(rule_orig["source_groups"], import_id, config2import['network_objects'], rule["rule_uid"])
                     else:
                         logger.warning("found undefined source in rule: " + str(rule_orig))
 
                     if "destination_groups" in rule_orig:
-                        rule['rule_dst_refs'] = ','.join(rule_orig["destination_groups"])
-                        # rule['rule_dst_refs'], rule["rule_dst"] = parse_obj_list(destination_objects, import_id, config2import['network_objects'], rule["rule_uid"])
+                        #rule['rule_dst_refs'] = ','.join(rule_orig["destination_groups"])
+                        rule['rule_dst_refs'], rule["rule_dst"] = parse_obj_list(rule_orig["destination_groups"], import_id, config2import['network_objects'], rule["rule_uid"])
                     else:
                         logger.warning("found undefined destination in rule: " + str(rule_orig))
 
diff --git a/roles/importer/files/importer/nsx4ff/nsx_service.py b/roles/importer/files/importer/nsx4ff/nsx_service.py
index 6837955d6..ad69c8cfe 100644
--- a/roles/importer/files/importer/nsx4ff/nsx_service.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_service.py
@@ -1,15 +1,16 @@
 from fwo_const import list_delimiter
 from fwo_log import getFwoLogger
+import os.path
 
 
 def normalize_svcobjects(full_config, config2import, import_id):
     svc_objects = []
-    for svc_orig in full_config["/infra/services"]:
+    for svc_orig in full_config['/infra/services']:
         svc_objects.append(parse_svc(svc_orig, import_id,config2import))
-    # for svc_grp_orig in full_config["/Objects/ServiceGroups"]:
+    # for svc_grp_orig in full_config['/Objects/ServiceGroups']:
     #     svc_grp = extract_base_svc_infos(svc_grp_orig, import_id)
-    #     svc_grp["svc_typ"] = "group"
-    #     svc_grp["svc_member_refs"] , svc_grp["svc_member_names"] = parse_svc_group(svc_grp_orig,config2import)
+    #     svc_grp['svc_typ'] = 'group'
+    #     svc_grp['svc_member_refs'] , svc_grp['svc_member_names'] = parse_svc_group(svc_grp_orig,config2import)
     #     svc_objects.append(svc_grp)
     config2import['service_objects'] += svc_objects
 
@@ -17,9 +18,9 @@ def normalize_svcobjects(full_config, config2import, import_id):
 def parse_svc_group(orig_grp,config2import):
     refs = []
     names = []
-    if "dynamic" in orig_grp:
+    if 'dynamic' in orig_grp:
         pass
-    if "static" in orig_grp and "member" in orig_grp["static"]:
+    if 'static' in orig_grp and 'member' in orig_grp['static']:
         for m in orig_grp['static']['member']:
             names.append(m)
             refs.append(m)
@@ -28,16 +29,16 @@ def parse_svc_group(orig_grp,config2import):
     
 def extract_base_svc_infos(svc_orig, import_id):
     svc = {}
-    if "display_name" in svc_orig:
-        svc["svc_name"] = svc_orig["display_name"]
-    if "id" in svc_orig:
-        svc["svc_uid"] = svc_orig["id"]
-    if "description" in svc_orig:
-        svc["svc_comment"] = svc_orig["description"]
-    svc["svc_timeout"] = None
-    svc["svc_color"] = None
-    svc["control_id"] = import_id 
-    svc["svc_typ"] = 'simple' 
+    if 'display_name' in svc_orig:
+        svc['svc_name'] = svc_orig['display_name']
+    if 'path' in svc_orig:
+        svc['svc_uid'] = svc_orig['path']
+    if 'description' in svc_orig:
+        svc['svc_comment'] = svc_orig['description']
+    svc['svc_timeout'] = None
+    svc['svc_color'] = None
+    svc['control_id'] = import_id 
+    svc['svc_typ'] = 'simple' 
     return svc
 
 
@@ -48,75 +49,93 @@ def parse_svc(svc_orig, import_id,config2import):
             if 'l4_protocol' in se:
                 proto_string = 'undefined'
                 if se['l4_protocol'] == 'TCP':
-                    svc["ip_proto"] = 6
+                    svc['ip_proto'] = 6
                     proto_string = 'tcp'
                 if se['l4_protocol'] == 'UDP':
-                    svc["ip_proto"] = 17
+                    svc['ip_proto'] = 17
                     proto_string = 'udp'
                 
                 if 'destination_ports' in se and len(se['destination_ports'])>0:
-                    svc["svc_port"] = se['destination_ports'][0]    # TODO: handle list of ports!
+                    svc['svc_port'] = se['destination_ports'][0]    # TODO: handle list of ports!
+                    extract_port_for_service(svc['svc_port'], svc)
                 else:
                     pass
                     
                 if proto_string=='undefined':
-                    svc["svc_name"] += " [Protocol \"" + str(se["l4_protocol"]) + "\" not supported]"
+                    svc['svc_name'] += ' [Protocol \'' + str(se['l4_protocol']) + '\' not supported]'
                 # else:
                 #     port_string = svc_orig['protocol'][proto_string]['port']
                 #     if ',' in port_string:
-                #         svc["svc_typ"] = "group"
-                #         svc["svc_port"] = None
+                #         svc['svc_typ'] = 'group'
+                #         svc['svc_port'] = None
                 #         members = []
-                #         for p in port_string.split(","):
-                #             hlp_svc = create_helper_service(p, proto_string, svc["svc_name"], import_id)
+                #         for p in port_string.split(','):
+                #             hlp_svc = create_helper_service(p, proto_string, svc['svc_name'], import_id)
                 #             add_service(hlp_svc, config2import)
                 #             members.append(hlp_svc['svc_uid'])
-                #         svc["svc_members"] = list_delimiter.join(members)                
-                #         svc["svc_member_refs"] = list_delimiter.join(members)                
+                #         svc['svc_members'] = list_delimiter.join(members)                
+                #         svc['svc_member_refs'] = list_delimiter.join(members)                
                 #     else:   # just a single port (range)
                 #         extract_port_for_service(port_string, svc)
     return svc
 
 
-def add_service(svc, config2import):
-    config2import['service_objects'].append(svc)
+# def add_service(svc, config2import):
+#     #if svc not in config2import['service_objects']:
+#         config2import['service_objects'].append(svc)
 
 
 def extract_port_for_service(port_string, svc):
     if '-' in port_string:
-        port_range = port_string.split("-")
+        port_range = port_string.split('-')
         if len(port_range)==2:
-            svc["svc_port"] = port_range[0]
-            svc["svc_port_end"] = port_range[1]
+            svc['svc_port'] = port_range[0]
+            svc['svc_port_end'] = port_range[1]
         else:
             logger = getFwoLogger()
-            logger.warning("found strange port range with more than one hyphen: " + str(port_string))
+            logger.warning('found strange port range with more than one hyphen: ' + str(port_string))
     else:
-        svc["svc_port"] = port_string
+        svc['svc_port'] = port_string
 
 
 def create_helper_service(ports, proto_string, parent_svc_name, import_id):
     svc = {
-        "svc_name": parent_svc_name + "_" + proto_string + "_" + ports,
-        "svc_uid": parent_svc_name + "_" + proto_string + "_" + ports,
-        "svc_comment": "helper service for Palo Alto multiple port range object: " + parent_svc_name,
-        "control_id": import_id, 
-        "svc_typ": 'simple' 
+        'svc_name': parent_svc_name + '_' + proto_string + '_' + ports,
+        'svc_uid': parent_svc_name + '_' + proto_string + '_' + ports,
+        'svc_comment': 'helper service for NSX multiple port range object: ' + parent_svc_name,
+        'control_id': import_id, 
+        'svc_typ': 'simple' 
     }
 
     extract_port_for_service(ports, svc)    
     return svc
 
 
-def parse_svc_list(nw_obj_list, import_id, obj_list, id, type='network'):
+def parse_svc_list(svc_list, import_id, obj_list, id, type='network'):
     refs = []
     names = []
-    for obj_name in nw_obj_list:
-        names.append(obj_name)
-        refs.append(lookup_svc_obj_uid(obj_name, obj_list, import_id, type=type))
+    for obj_name in svc_list:
+        obj_name_base = os.path.basename(obj_name)
+        names.append(obj_name_base)
+        refs.append(obj_name)
+        #refs.append(lookup_svc_obj_uid(obj_name_base, obj_list, import_id, type=type))
     return list_delimiter.join(refs), list_delimiter.join(names)
 
 
+
+def lookup_svc_obj_name(obj_name, obj_list, import_id, type='network'):
+    logger = getFwoLogger()
+    for o in obj_list:
+        if type=='service' and 'svc_name' in o:
+            if o['svc_name']==obj_name:
+                return o['svc_uid']
+        else:
+            logger.warning('could not find object name in object ' + str(o))
+
+    # could not find existing obj in obj list, so creating new one
+    return add_svc_obj(obj_name, obj_list, import_id)
+
+
 def lookup_svc_obj_uid(obj_name, obj_list, import_id, type='network'):
     logger = getFwoLogger()
     for o in obj_list:
@@ -124,7 +143,7 @@ def lookup_svc_obj_uid(obj_name, obj_list, import_id, type='network'):
             if o['svc_name']==obj_name:
                 return o['svc_uid']
         else:
-            logger.warning("could not find object name in object " + str(o))
+            logger.warning('could not find object name in object ' + str(o))
 
     # could not find existing obj in obj list, so creating new one
     return add_svc_obj(obj_name, obj_list, import_id)
@@ -132,10 +151,13 @@ def lookup_svc_obj_uid(obj_name, obj_list, import_id, type='network'):
 
 def add_svc_obj(svc_in, svc_list, import_id):
     svc_obj = {}
-    svc_obj['svc_name'] = "#" + svc_in
-    svc_obj['svc_uid'] = "#" + svc_in
+    svc_obj['svc_name'] = os.path.basename(svc_in)
+    svc_obj['svc_uid'] = svc_in
     svc_obj['control_id'] = import_id
     svc_obj['svc_typ'] = 'simple'
 
-    svc_list.append(svc_obj)
+    if svc_obj not in svc_list:
+        # svc_list.append(svc_obj)
+        logger = getFwoLogger()
+        logger.warning('found undefined service: ' + str(svc_obj))
     return svc_obj['svc_name']

From 094d11f17bf40f4e0804d6ac9365efd0d149446d Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Mon, 4 Mar 2024 19:58:22 +0100
Subject: [PATCH 22/84] first import

---
 roles/importer/files/importer/nsx4ff/nsx_rule.py    | 5 +++--
 roles/importer/files/importer/nsx4ff/nsx_service.py | 1 -
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/importer/files/importer/nsx4ff/nsx_rule.py b/roles/importer/files/importer/nsx4ff/nsx_rule.py
index 1f3d8d5f2..464cd6038 100644
--- a/roles/importer/files/importer/nsx4ff/nsx_rule.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_rule.py
@@ -123,8 +123,9 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={}
                     #     if apps[0] == 'any':
                     #         apps = []
                     
-                    # rule['rule_svc_refs'], rule["rule_svc"] = parse_svc_list(apps + services, import_id, config2import['service_objects'], rule["rule_uid"], type='service')
-                    rule['rule_svc_refs'], rule["rule_svc"] = parse_svc_list(services, import_id, config2import['service_objects'], rule["rule_uid"], type='service')
+                    if services != [ "ANY" ]:
+                        # rule['rule_svc_refs'], rule["rule_svc"] = parse_svc_list(apps + services, import_id, config2import['service_objects'], rule["rule_uid"], type='service')
+                        rule['rule_svc_refs'], rule["rule_svc"] = parse_svc_list(services, import_id, config2import['service_objects'], rule["rule_uid"], type='service')
 
                     rule_number += 1
                     rules.append(rule)
diff --git a/roles/importer/files/importer/nsx4ff/nsx_service.py b/roles/importer/files/importer/nsx4ff/nsx_service.py
index ad69c8cfe..d1b5af697 100644
--- a/roles/importer/files/importer/nsx4ff/nsx_service.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_service.py
@@ -122,7 +122,6 @@ def parse_svc_list(svc_list, import_id, obj_list, id, type='network'):
     return list_delimiter.join(refs), list_delimiter.join(names)
 
 
-
 def lookup_svc_obj_name(obj_name, obj_list, import_id, type='network'):
     logger = getFwoLogger()
     for o in obj_list:

From 72f5143b36b318c69fd19c2abc0cee25b61d4611 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 5 Mar 2024 13:39:12 +0100
Subject: [PATCH 23/84] right sidebar first steps

---
 .../files/sql/idempotent/fworch-texts.sql     |  8 ++
 .../FWO.Api.Client/Data/ModellingService.cs   |  5 ++
 .../Data/ModellingServiceGroup.cs             | 17 ++++
 .../files/FWO.Api.Client/Data/OwnerReport.cs  | 49 +++++++++++
 roles/lib/files/FWO.Report/ReportBase.cs      |  8 +-
 .../lib/files/FWO.Report/ReportConnections.cs | 26 ++++--
 .../files/FWO.Report/ReportConnectionsBase.cs | 19 ----
 .../lib/files/FWO.Report/ReportOwnersBase.cs  | 19 ++++
 .../FWO.Middleware.Server/ReportScheduler.cs  |  2 +-
 .../files/FWO.UI/Pages/Reporting/Report.razor | 21 +++--
 .../ui/files/FWO.UI/Shared/ObjectGroup.razor  | 26 +++++-
 .../FWO.UI/Shared/ObjectGroupCollection.razor | 11 ++-
 .../ui/files/FWO.UI/Shared/RightSidebar.razor | 88 +++++++++++++------
 13 files changed, 227 insertions(+), 72 deletions(-)
 create mode 100644 roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs
 delete mode 100644 roles/lib/files/FWO.Report/ReportConnectionsBase.cs
 create mode 100644 roles/lib/files/FWO.Report/ReportOwnersBase.cs

diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index 7558d58f6..0657f80d4 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -388,6 +388,8 @@ Choose from the following contact options:
 ');
 
 -- reporting
+INSERT INTO txt VALUES ('report',		        'German', 	'Report');
+INSERT INTO txt VALUES ('report',		        'English', 	'Report');
 INSERT INTO txt VALUES ('report_type',		    'German', 	'Report-Typ');
 INSERT INTO txt VALUES ('report_type',		    'English', 	'Report Type');
 INSERT INTO txt VALUES ('report_time',		    'German', 	'Report-Zeit');
@@ -548,6 +550,10 @@ INSERT INTO txt VALUES ('rules',		        'German', 	'Regeln');
 INSERT INTO txt VALUES ('rules',		        'English', 	'Rules');
 INSERT INTO txt VALUES ('changes',		        'German', 	'&Auml;nderungen');
 INSERT INTO txt VALUES ('changes',		        'English', 	'Changes');
+INSERT INTO txt VALUES ('used_objects',		    'German', 	'Benutzte Objekte');
+INSERT INTO txt VALUES ('used_objects',		    'English', 	'Used Objects');
+INSERT INTO txt VALUES ('unused_objects',		'German', 	'Unbenutzte Objekte');
+INSERT INTO txt VALUES ('inused_objects',		'English', 	'Unused Objects');
 INSERT INTO txt VALUES ('rule_deleted',         'German', 	'Regel gel&ouml;scht');
 INSERT INTO txt VALUES ('rule_deleted',         'English', 	'Rule deleted');
 INSERT INTO txt VALUES ('rule_added',           'German', 	'Regel hinzugef&uuml;gt');
@@ -1014,6 +1020,8 @@ INSERT INTO txt VALUES ('library', 	            'German',	'Bibliothek');
 INSERT INTO txt VALUES ('library', 	            'English',	'Library');
 INSERT INTO txt VALUES ('app_server', 	        'German',	'App Server');
 INSERT INTO txt VALUES ('app_server', 	        'English',	'App Server');
+INSERT INTO txt VALUES ('app_servers', 	        'German',	'App Server');
+INSERT INTO txt VALUES ('app_servers', 	        'English',	'App Servers');
 INSERT INTO txt VALUES ('app_role', 	        'German',	'App Rolle');
 INSERT INTO txt VALUES ('app_role', 	        'English',	'App Role');
 INSERT INTO txt VALUES ('app_roles', 	        'German',	'App Rollen');
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs
index 2582fc33d..c38efa758 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs
@@ -66,5 +66,10 @@ public static ModellingService[] Resolve(List<ModellingServiceWrapper> wrappedLi
         {
             return Array.ConvertAll(wrappedList.ToArray(), wrapper => wrapper.Content);
         }
+
+        public static NetworkService[] ResolveAsNetworkServices(List<ModellingServiceWrapper> wrappedList)
+        {
+            return Array.ConvertAll(wrappedList.ToArray(), wrapper => ModellingService.ToNetworkService(wrapper.Content));
+        }
     }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
index b4b769ed2..75e028f32 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
@@ -23,6 +23,18 @@ public override string DisplayWithIcon()
             return $"<span class=\"{Icons.ServiceGroup}\"></span> " + DisplayHtml();
         }
 
+        public NetworkService ToNetworkServiceGroup()
+        {
+            return new()
+            {
+                Id = Id,
+                Name = Name ?? "",
+                Comment = Comment ?? "",
+                Type = new NetworkServiceType(){ Name = "group" },
+                ServiceGroups = ModellingServiceGroupWrapper.ResolveAsNetworkServiceGroup(Services ?? new List<ModellingServiceWrapper>())
+            };
+        }
+
         public override bool Sanitize()
         {
             bool shortened = base.Sanitize();
@@ -41,5 +53,10 @@ public static ModellingServiceGroup[] Resolve(List<ModellingServiceGroupWrapper>
         {
             return Array.ConvertAll(wrappedList.ToArray(), wrapper => wrapper.Content);
         }
+
+        public static Group<NetworkService>[] ResolveAsNetworkServiceGroup(List<ModellingServiceWrapper> wrappedList)
+        {
+            return Array.ConvertAll(wrappedList.ToArray(), wrapper => new Group<NetworkService> {Id = wrapper.Content.Id, Object = ModellingService.ToNetworkService(wrapper.Content)});
+        }
     }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs b/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs
new file mode 100644
index 000000000..4d4eb790d
--- /dev/null
+++ b/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs
@@ -0,0 +1,49 @@
+namespace FWO.Api.Data
+{
+    public class OwnerReport
+    {
+        public string Name = "";
+        public List<ModellingConnection> Connections { get; set; } = new ();
+
+        public OwnerReport()
+        {}
+
+        public OwnerReport(OwnerReport report)
+        {
+            Name = report.Name;
+            Connections = new (report.Connections);
+        }
+
+        public List<ModellingAppServer> GetAllAppServers()
+        {
+            List<ModellingAppServer> allAppServers = new();
+            foreach(var conn in Connections)
+            {
+                allAppServers = allAppServers.Union(ModellingAppServerWrapper.Resolve(conn.SourceAppServers).ToList()).ToList();
+                allAppServers = allAppServers.Union(ModellingAppServerWrapper.Resolve(conn.DestinationAppServers).ToList()).ToList();
+            }
+            return allAppServers;
+        }
+
+        public List<NetworkObject> GetAllNetworkObjects()
+        {
+            return Array.ConvertAll(GetAllAppServers().ToArray(), x => x.ToNetworkObject()).ToList();
+        }
+
+        public List<NetworkService> GetAllServices()
+        {
+            List<NetworkService> allServices = new();
+            foreach(var conn in Connections)
+            {
+                List<NetworkService> svcList = new();
+                foreach (var svcGrp in conn.ServiceGroups)
+                {
+                    svcList.Add(svcGrp.Content.ToNetworkServiceGroup());
+                }
+                allServices = allServices.Union(svcList).ToList();
+                allServices = allServices.Union(ModellingServiceWrapper.ResolveAsNetworkServices(conn.Services).ToList()).ToList();
+            }
+            return allServices;
+        }
+    }
+}
diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index 1d8b1fa5f..8456fba4c 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -11,7 +11,10 @@ public enum RsbTab
     {
         all = 10, 
         report = 20, 
-        rule = 30
+        rule = 30,
+
+        usedObj = 40,
+        unusedObj = 50
     }
 
     public enum ObjCategory
@@ -19,7 +22,8 @@ public enum ObjCategory
         all = 0,
         nobj = 1, 
         nsrv = 2, 
-        user = 3
+        user = 3,
+        appSvc = 4
     }
 
     public abstract class ReportBase
diff --git a/roles/lib/files/FWO.Report/ReportConnections.cs b/roles/lib/files/FWO.Report/ReportConnections.cs
index 83987a5b3..7b156e3a5 100644
--- a/roles/lib/files/FWO.Report/ReportConnections.cs
+++ b/roles/lib/files/FWO.Report/ReportConnections.cs
@@ -6,41 +6,55 @@
 
 namespace FWO.Report
 {
-    public class ReportConnections : ReportConnectionsBase
+    public class ReportConnections : ReportOwnersBase
     {
         public ReportConnections(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) { }
 
         public override async Task GenerateCon(int connectionsPerFetch, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback, CancellationToken ct)
         {
+            List<ModellingConnection> conns = new();
             // Query.QueryVariables["limit"] = connectionsPerFetch;
             // Query.QueryVariables["offset"] = 0;
             // bool gotNewObjects = true;
 
-            Connections = await apiConnection.SendQueryAsync<List<ModellingConnection>>(Query.FullQuery, Query.QueryVariables);
+            conns = await apiConnection.SendQueryAsync<List<ModellingConnection>>(Query.FullQuery, Query.QueryVariables);
 
             // while (gotNewObjects)
             // {
             //     if (ct.IsCancellationRequested)
             //     {
-            //         Log.WriteDebug("Generate Changes Report", "Task cancelled");
+            //         Log.WriteDebug("Generate Connections Report", "Task cancelled");
             //         ct.ThrowIfCancellationRequested();
             //     }
             //     Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + connectionsPerFetch;
             //     List<ModellingConnection> newConnections = await apiConnection.SendQueryAsync<List<ModellingConnection>>(Query.FullQuery, Query.QueryVariables);
             //     gotNewObjects = newConnections.Count > 0;
-            //     Connections.AddRange(newConnections);
-                await callback(Connections);
+            //     OwnersReport.Connections.AddRange(newConnections);
+
+            await callback(conns);
+
             // }
+            OwnersReport.Add(new(){ Connections = conns });
         }
 
         public override async Task<bool> GetConObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback)
         {
-            await callback (Connections);
+            await callback (OwnersReport[0].Connections);
             // currently no further objects to be fetched
             GotObjectsInReport = true;
             return true;
         }
 
+        public override string SetDescription()
+        {
+            int counter = 0;
+            foreach(var owner in OwnersReport)
+            {
+                counter += owner.Connections.Count;
+            }
+            return $"{counter} {userConfig.GetText("connections")}";
+        }
+
         public override string ExportToJson()
         {
             return "";
diff --git a/roles/lib/files/FWO.Report/ReportConnectionsBase.cs b/roles/lib/files/FWO.Report/ReportConnectionsBase.cs
deleted file mode 100644
index d4ce10fca..000000000
--- a/roles/lib/files/FWO.Report/ReportConnectionsBase.cs
+++ /dev/null
@@ -1,19 +0,0 @@
-using FWO.Api.Data;
-using FWO.Report.Filter;
-using FWO.Config.Api;
-
-namespace FWO.Report
-{
-    public abstract class ReportConnectionsBase : ReportBase
-    {
-        public List<ModellingConnection> Connections = new ();
-
-        public ReportConnectionsBase(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType)
-        {}
-
-        public override string SetDescription()
-        {
-            return $"{Connections.Count} {userConfig.GetText("connections")}";
-        }
-    }
-}
diff --git a/roles/lib/files/FWO.Report/ReportOwnersBase.cs b/roles/lib/files/FWO.Report/ReportOwnersBase.cs
new file mode 100644
index 000000000..9d0fdcbab
--- /dev/null
+++ b/roles/lib/files/FWO.Report/ReportOwnersBase.cs
@@ -0,0 +1,19 @@
+using FWO.Api.Data;
+using FWO.Report.Filter;
+using FWO.Config.Api;
+
+namespace FWO.Report
+{
+    public abstract class ReportOwnersBase : ReportBase
+    {
+        public List<OwnerReport> OwnersReport = new();
+
+        public ReportOwnersBase(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType)
+        {}
+
+        public override string SetDescription()
+        {
+            return $"{OwnersReport.Count} {userConfig.GetText("owners")}";
+        }
+    }
+}
diff --git a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
index 7e55b21e0..8a7127e68 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
@@ -167,7 +167,7 @@ await report.GenerateCon(int.MaxValue, apiConnectionUserContext,
                                 connectionReport = connectionReportIntermediate;
                                 return Task.CompletedTask;
                             }, token);
-                        await report.GetConObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask);
+                        //await report.GetConObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask);
                     }
                     WriteReportFile(report, reportSchedule.OutputFormat, reportFile);
                     await SaveReport(reportFile, report.SetDescription(), apiConnectionUserContext);
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 1fbd431f3..3648713ee 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -153,12 +153,13 @@
     </div>
 
     @* ==== RIGHT SIDEBAR ==== *@
-    @if (actReportFilters.ReportType.IsDeviceRelatedReport())
-    {
-        <RightSidebar @bind-Width="sidebarRightWidth" Tabset="rsbTabset" AnchorNavToRSB="anchorNavToRSB" CurrentReport="currentReport"
-            @bind-SelectedRules="selectedItemsRuleReportTable" ManagementsReport="managementsReport" AllTabVisible="(tenantFilteringAllowed && actReportFilters.SelectedTenant == null)" />
-        <AnchorNavToRSB @ref="anchorNavToRSB" TabSet="rsbTabset" />
-    }
+    <RightSidebar @bind-Width="sidebarRightWidth" Tabset="rsbTabset" AnchorNavToRSB="anchorNavToRSB" CurrentReport="currentReport"
+        @bind-SelectedRules="selectedItemsRuleReportTable" ManagementsReport="actReportFilters.ReportType.IsDeviceRelatedReport() ? managementsReport : null" 
+        ConnectionsReport="actReportFilters.ReportType.IsModellingReport() ? connectionReport : null"
+        AllTabVisible="(tenantFilteringAllowed && actReportFilters.SelectedTenant == null)"
+        SelectedReportType = "actReportFilters.ReportType"/>
+    <AnchorNavToRSB @ref="anchorNavToRSB" TabSet="rsbTabset" />
+
 }
 
 @* ==== POPUPS ==== *@
@@ -186,7 +187,7 @@
     private List<Rule> selectedItemsRuleReportTable = new List<Rule>();
     private List<RuleChange> selectedItemsChangeReportTable = new List<RuleChange>();
 
-    private List<ModellingConnection> connectionReport = new();
+    private List<OwnerReport> connectionReport = new();
     private ModellingAppHandler? appHandler;
     private Management[] managementsReport = new Management[0];
     List<int> relevantManagementIds = new();
@@ -341,19 +342,21 @@
 
             startTime = DateTime.Now;
             managementsReport = new Management[0]; // reset management data when switching between reports
+            connectionReport = new();
 
             try
             {
                 if(currentReport.ReportType.IsModellingReport())
                 {
+                    connectionReport.Add(new OwnerReport(){ Name = actReportFilters.ModellingFilter.SelectedOwner.Name });
                     await currentReport.GenerateCon(userConfig.ElementsPerFetch, apiConnection,
                     connectionReportIntermediate =>
                     {
-                        connectionReport = connectionReportIntermediate;
+                        connectionReport[0].Connections = connectionReportIntermediate;
                         return InvokeAsync(StateHasChanged);
                     }, token);
                     appHandler = new (apiConnection, userConfig, actReportFilters.ModellingFilter.SelectedOwner, DisplayMessageInUi);
-                    await appHandler.Init(connectionReport);
+                    await appHandler.Init(connectionReport[0].Connections);
                 }
                 else if(currentReport.ReportType == ReportType.Statistics)
                 {
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index 64dec5ec4..b2e119c74 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -84,12 +84,27 @@
                                     </Content2>
                                 </ContentSwap>
                             }
-                            <Detail Title="@(userConfig.GetText("last_changed"))" Data=@context.CreateTime.Time.ToString() />
+                            @if(context.CreateTime.Time.Year > 1)
+                            {
+                                <Detail Title="@(userConfig.GetText("last_changed"))" Data=@context.CreateTime.Time.ToString() />
+                            }
                             <Detail Title="@(userConfig.GetText("comment"))" Data=@context.Comment />
                         </DetailTemplate>
                     </Table>
                 </Collapse>
             }
+            @* @if(AppServerExtractor != null)
+            {
+                <Collapse Title="@(userConfig.GetText("app_servers"))" StartToggled="StartCollapsed" OnOpen="() => HandleUncollapse(ObjCategory.appSvc)">
+                    <Table style="font-size:small" class="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="ModellingAppServer" Items="@AppServerExtractor(Content)" PageSize="PageSize" ColumnReorder="true">
+                        <Column TableItem="ModellingAppServer" Title="@(userConfig.GetText("name"))" Field="@(x => x.Name)" Class="word-break">
+                            <Template>
+                                @((MarkupString)context.DisplayHtml())
+                            </Template>
+                        </Column>
+                    </Table>
+                </Collapse>
+            } *@
             @if(NetworkServiceExtractor != null)
             {
                 <Collapse Title="@(userConfig.GetText("services"))" StartToggled="StartCollapsed" OnOpen="() => HandleUncollapse(ObjCategory.nsrv)">
@@ -141,7 +156,10 @@
                                     </Content2>
                                 </ContentSwap>
                             }
-                            <Detail Title="@(userConfig.GetText("last_changed"))" Data=@context.CreateTime.Time.ToString() />
+                            @if(context.CreateTime.Time.Year > 1)
+                            {
+                                <Detail Title="@(userConfig.GetText("last_changed"))" Data=@context.CreateTime.Time.ToString() />
+                            }
                             <Detail Title="@(userConfig.GetText("comment"))" Data=@context.Comment />
                         </DetailTemplate>
                     </Table>
@@ -242,6 +260,10 @@
     [Parameter]
     public Func<InputDataType, IEnumerable<NetworkUser>>? NetworkUserExtractor { get; set; }
 
+    // [Parameter]
+    // public Func<InputDataType, IEnumerable<ModellingAppServer>>? AppServerExtractor { get; set; }
+
+
     // Parameter Variables are being overwritten, because something happens with the component on StateHasChanged (but the Initialize Task does not get called)
     public InputDataType? Content { get; set; }
     public bool ContentIsDetailed => nobjDetailed && nsrvDetailed && userDetailed;
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
index 62749b740..64ec635c7 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
@@ -3,14 +3,13 @@
 
 @typeparam InputDataType
 
-@if (Data != null && FetchObjects != null && NameExtractor != null&& NetworkObjectExtractor != null && NetworkServiceExtractor != null && NetworkUserExtractor != null)
+@if (Data != null && NameExtractor != null)
 {
     @foreach (InputDataType obj in Data)
     {
-        <ObjectGroup FetchObjects="FetchObjects" Recert="Recert" Tab="Tab" StartCollapsed="StartCollapsed" StartContentDetailed="StartContentDetailed" InputDataType="InputDataType" InitialContent="obj" NameExtractor="NameExtractor"
-                     NetworkObjectExtractor="NetworkObjectExtractor"
-                     NetworkServiceExtractor="NetworkServiceExtractor"
-                     NetworkUserExtractor="NetworkUserExtractor" />
+        <ObjectGroup FetchObjects="FetchObjects" Recert="Recert" Tab="Tab" StartCollapsed="StartCollapsed" StartContentDetailed="StartContentDetailed"
+            InputDataType="InputDataType" InitialContent="obj" NameExtractor="NameExtractor" NetworkObjectExtractor="NetworkObjectExtractor"
+            NetworkServiceExtractor="NetworkServiceExtractor" NetworkUserExtractor="NetworkUserExtractor"/>
         <div class="mb-1"></div>
     }
 }
@@ -49,4 +48,4 @@
 
     [Parameter]
     public Func<InputDataType, IEnumerable<NetworkUser>>? NetworkUserExtractor { get; set; }
-}
\ No newline at end of file
+}
diff --git a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
index 0a7887144..694896d5d 100644
--- a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
+++ b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
@@ -4,6 +4,7 @@
 @using FWO.Api.Client
 @using FWO.Api.Client.Queries
 @using FWO.Report
+@using FWO.Report.Filter
 @using FWO.Ui.Data
 
 @inject ApiConnection Connection
@@ -14,7 +15,7 @@
         <h5 class="text-center">@(userConfig.GetText("objects"))</h5>
         <CascadingValue Value="AnchorNavToRSB">
             <TabSet DarkMode="true" KeepPanelsAlive="true" @ref="Tabset">
-                @if(AllTabVisible)
+                @if(SelectedReportType.IsDeviceRelatedReport() && AllTabVisible)
                 {
                     <Tab Title="@(userConfig.GetText("all"))" Position=0>
                         <div class="d-md-flex justify-content-md-end sticky-marker-45">
@@ -22,43 +23,67 @@
                         </div>
                         <div class="mt-2">
                             <CascadingValue Value="collapseSidebarAll">
-                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.all" InputDataType="Management" Data="managementsAllObjects" NameExtractor="man => man.Name" NetworkObjectExtractor="man => man.Objects"
-                                                    NetworkServiceExtractor="man => man.Services" NetworkUserExtractor="man => man.Users" />
+                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.all" InputDataType="Management" Data="managementsAllObjects"
+                                    NameExtractor="man => man.Name" NetworkObjectExtractor="man => man.Objects"
+                                    NetworkServiceExtractor="man => man.Services" NetworkUserExtractor="man => man.Users" />
                             </CascadingValue>
                         </div>
                     </Tab>
                 }
-                @if(ManagementsReport != null)
+                @if(ManagementsReport != null && ManagementsReport.Length > 0 && (CurrentReport?.ReportType.IsDeviceRelatedReport() ?? false))
                 {
-                    <Tab Title="Report">
+                    <Tab Title="@(userConfig.GetText("report"))">
                         <div class="d-md-flex justify-content-md-end sticky-marker-45">
                             <div class="btn btn-secondary btn-sm w-50" @onclick="@(() => collapseSidebarReport.CollapseAll())">@(userConfig.GetText("collapse_all"))</div>
                         </div>
                         <div class="mt-2">
                             <CascadingValue Value="collapseSidebarReport">
-                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.report" InputDataType="Management" Data="ManagementsReport.Where(m => (m.Devices.Where(d => d.Rules != null && d.Rules.Count() > 0).Count() > 0))" NameExtractor="man => man.Name"
-                                                    NetworkObjectExtractor="man => man.ReportObjects"
-                                                    NetworkServiceExtractor="man => man.ReportServices"
-                                                    NetworkUserExtractor="man => man.ReportUsers" />
+                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.report" InputDataType="Management" 
+                                    Data="ManagementsReport.Where(m => (m.Devices.Where(d => d.Rules != null && d.Rules.Count() > 0).Count() > 0))"
+                                    NameExtractor="man => man.Name"
+                                    NetworkObjectExtractor="man => man.ReportObjects"
+                                    NetworkServiceExtractor="man => man.ReportServices"
+                                    NetworkUserExtractor="man => man.ReportUsers" />
+                            </CascadingValue>
+                        </div>
+                    </Tab>
+                    <Tab Title="@(userConfig.GetText("rule"))">
+                        <div class="btn-group btn-group-sm d-md-flex justify-content-md-between sticky-marker-45">
+                            <div class="btn btn-dark btn-sm w-50" @onclick="@(async () => {SelectedRules.Clear(); await SelectedRulesChanged.InvokeAsync(SelectedRules);})">@(userConfig.GetText("clear_all"))</div>
+                            <div class="btn btn-secondary btn-sm w-50" @onclick="@(() => collapseSidebarRule.CollapseAll())">@(userConfig.GetText("collapse_all"))</div>
+                        </div>
+                        <div class="mt-2">
+                            <CascadingValue Value="collapseSidebarRule">
+                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.rule" StartContentDetailed="true" StartCollapsed="false" InputDataType="Rule" Data="SelectedRules"
+                                    NameExtractor=@(rule => $"{rule.DeviceName} - Rule {rule.Id} {rule.Name}")
+                                    NetworkObjectExtractor="rule => rule.Froms.Select(nl => nl.Object)
+                                        .Union(rule.Tos.Select(nl => nl.Object))
+                                        .Union(rule.NatData.TranslatedFroms.Select(nl => nl.Object))
+                                        .Union(rule.NatData.TranslatedTos.Select(nl => nl.Object)).OrderBy(o => o.Name).ToArray()"
+                                    NetworkServiceExtractor="rule => rule.Services.Select(sw => sw.Content)
+                                        .Union(rule.NatData.TranslatedServices.Select(sw => sw.Content)).OrderBy(s => s.Name).ToArray()"
+                                    NetworkUserExtractor="rule => rule.Froms.Select(nl => nl.User).Distinct().Where(u => u != null).OrderBy(u => u.Name).ToArray()" />
+                            </CascadingValue>
+                        </div>
+                    </Tab>
+                }
+                @if(ConnectionsReport != null && ConnectionsReport.Count > 0 && (CurrentReport?.ReportType.IsModellingReport() ?? false))
+                {
+                    <Tab Title="@(userConfig.GetText("used_objects"))">
+                        <div class="d-md-flex justify-content-md-end sticky-marker-45">
+                            <div class="btn btn-secondary btn-sm w-50" @onclick="@(() => collapseSidebarReport.CollapseAll())">@(userConfig.GetText("collapse_all"))</div>
+                        </div>
+                        <div class="mt-2">
+                            <CascadingValue Value="collapseSidebarReport">
+                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.usedObj" InputDataType="OwnerReport" 
+                                    Data="ConnectionsReport"
+                                    NameExtractor="own => own.Name" 
+                                    NetworkObjectExtractor="own => own.GetAllNetworkObjects()"
+                                    NetworkServiceExtractor="own => own.GetAllServices()"/>
                             </CascadingValue>
                         </div>
                     </Tab>
                 }
-                <Tab Title="@(userConfig.GetText("rule"))">
-                    <div class="btn-group btn-group-sm d-md-flex justify-content-md-between sticky-marker-45">
-                        <div class="btn btn-dark btn-sm w-50" @onclick="@(async () => {SelectedRules.Clear(); await SelectedRulesChanged.InvokeAsync(SelectedRules);})">@(userConfig.GetText("clear_all"))</div>
-                        <div class="btn btn-secondary btn-sm w-50" @onclick="@(() => collapseSidebarRule.CollapseAll())">@(userConfig.GetText("collapse_all"))</div>
-                    </div>
-                    <div class="mt-2">
-                        <CascadingValue Value="collapseSidebarRule">
-                            <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.rule" StartContentDetailed="true" StartCollapsed="false" InputDataType="Rule" Data="SelectedRules"
-                                                NameExtractor=@(rule => $"{rule.DeviceName} - Rule {rule.Id} {rule.Name}")
-                                                NetworkObjectExtractor="rule => rule.Froms.Select(nl => nl.Object).Union(rule.Tos.Select(nl => nl.Object)).Union(rule.NatData.TranslatedFroms.Select(nl => nl.Object)).Union(rule.NatData.TranslatedTos.Select(nl => nl.Object)).OrderBy(o => o.Name).ToArray()"
-                                                NetworkServiceExtractor="rule => rule.Services.Select(sw => sw.Content).Union(rule.NatData.TranslatedServices.Select(sw => sw.Content)).OrderBy(s => s.Name).ToArray()"
-                                                NetworkUserExtractor="rule => rule.Froms.Select(nl => nl.User).Distinct().Where(u => u != null).OrderBy(u => u.Name).ToArray()" />
-                        </CascadingValue>
-                    </div>
-                </Tab>
             </TabSet>
         </CascadingValue>
     </div>
@@ -96,6 +121,12 @@
     [Parameter]
     public bool AllTabVisible { get; set; } = true;
 
+    [Parameter]
+    public ReportType SelectedReportType  { get; set; } = ReportType.Rules;
+
+    [Parameter]
+    public List<OwnerReport>? ConnectionsReport  { get; set; }
+        
     private CollapseState collapseSidebarAll = new CollapseState();
     private CollapseState collapseSidebarReport = new CollapseState();
     private CollapseState collapseSidebarRule = new CollapseState();
@@ -110,9 +141,12 @@
         {
             try
             {
-                PaginationVariables paginationVariables = new PaginationVariables() { Limit = 0, Offset = 0 };
-                managementsAllObjects = await Connection.SendQueryAsync<Management[]>(ObjectQueries.getAllObjectDetails, paginationVariables);
-                await InvokeAsync(StateHasChanged);
+                if(AllTabVisible)
+                {
+                    PaginationVariables paginationVariables = new PaginationVariables() { Limit = 0, Offset = 0 };
+                    managementsAllObjects = await Connection.SendQueryAsync<Management[]>(ObjectQueries.getAllObjectDetails, paginationVariables);
+                    await InvokeAsync(StateHasChanged);
+                }
             }
             catch (Exception exception)
             {

From 1fcde4838e6058f17a1c13fb01ac6c4a4a0f6e17 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 5 Mar 2024 14:24:35 +0100
Subject: [PATCH 24/84] objtype to string const

---
 roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs | 12 ++++++------
 .../files/FWO.Api.Client/Data/GlobalConstants.cs   |  8 ++++++++
 .../FWO.Api.Client/Data/ModellingServiceGroup.cs   |  2 +-
 .../files/FWO.Report/Display/RuleDisplayBase.cs    |  6 +++---
 roles/lib/files/FWO.Report/ReportBase.cs           | 14 +++++++-------
 roles/lib/files/FWO.Report/ReportNatRules.cs       |  2 +-
 roles/lib/files/FWO.Report/ReportRules.cs          |  2 +-
 roles/test/files/FWO.Test/ExportTest.cs            | 12 ++++++------
 .../FWO.UI/Pages/Compliance/ZonesChecks.razor      |  4 ++--
 roles/ui/files/FWO.UI/Shared/ObjectGroup.razor     | 14 +++++++-------
 10 files changed, 42 insertions(+), 34 deletions(-)

diff --git a/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs b/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
index 5ca1f08bd..9c747b664 100644
--- a/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
@@ -65,7 +65,7 @@ public static string DisplayIp(string ip1, string ip2, string nwObjType, bool in
             IPAddressRange IpRange;
             string IpStart;
             string IpEnd;
-            if (nwObjType != "group")
+            if (nwObjType != ObjectType.Group)
             {
                 if (ip2 == null)
                 {
@@ -96,14 +96,14 @@ public static string DisplayIp(string ip1, string ip2, string nwObjType, bool in
                             if (IpRange != null)
                             {
                                 result = inBrackets ? " (" : "";
-                                if (nwObjType == "network")
+                                if (nwObjType == ObjectType.Network)
                                 {
                                     result += IpRange.ToCidrString();
                                 }
                                 else
                                 {
                                     result += IpStart;
-                                    if (nwObjType.Contains("range"))
+                                    if (nwObjType.Contains(ObjectType.IPRange))
                                     {
                                         result += $"-{IpEnd}";
                                     }
@@ -152,13 +152,13 @@ private static string AutoDetectType(string ip1, string ip2)
         {
             if (ip1 == ip2)
             {
-                return "host";
+                return ObjectType.Host;
             }
             if (SpanSingleNetwork(ip1, ip2))
             {
-                return "network";
+                return ObjectType.Network;
             }
-            return "iprange";
+            return ObjectType.IPRange;
         }
 
         private static bool isV6Address(string ip)
diff --git a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
index 34b63ba5b..49b6a8b03 100644
--- a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
@@ -26,4 +26,12 @@ public struct GlobalConst
         public const string kModellerGroup = "ModellerGroup_";
         public const string kImportChangeNotify = "importChangeNotify";
     }
+
+    public struct ObjectType
+    {
+        public const string Group = "group";
+        public const string Host = "host";
+        public const string Network = "network";
+        public const string IPRange = "ip_range";
+    }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
index 75e028f32..fb932cd0e 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
@@ -30,7 +30,7 @@ public NetworkService ToNetworkServiceGroup()
                 Id = Id,
                 Name = Name ?? "",
                 Comment = Comment ?? "",
-                Type = new NetworkServiceType(){ Name = "group" },
+                Type = new NetworkServiceType(){ Name = ObjectType.Group },
                 ServiceGroups = ModellingServiceGroupWrapper.ResolveAsNetworkServiceGroup(Services ?? new List<ModellingServiceWrapper>())
             };
         }
diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs
index 6129f1278..f42ce6864 100644
--- a/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs
@@ -67,7 +67,7 @@ public StringBuilder DisplayNetworkLocation(NetworkLocation userNetworkObject, R
             {
                 result.Append($"{objName ?? userNetworkObject.Object.Name}");
             }
-            if (userNetworkObject.Object.Type.Name != "group")
+            if (userNetworkObject.Object.Type.Name != ObjectType.Group)
             {
                 bool showIpinBrackets = !reportType.IsTechReport();
                 result.Append(NwObjDisplay.DisplayIp(
@@ -103,7 +103,7 @@ public List<NetworkLocation> getNetworkLocations(NetworkLocation[] locationArray
             {
                 foreach (GroupFlat<NetworkObject> nwObject in networkObject.Object.ObjectGroupFlats)
                 {
-                    if (nwObject.Object != null && nwObject.Object.Type.Name != "group")    // leave out group level altogether
+                    if (nwObject.Object != null && nwObject.Object.Type.Name != ObjectType.Group)    // leave out group level altogether
                     {
                         collectedUserNetworkObjects.Add(new NetworkLocation(networkObject.User, nwObject.Object));
                     }
@@ -121,7 +121,7 @@ public List<NetworkService> GetNetworkServices(ServiceWrapper[] serviceArray)
             {
                 foreach (GroupFlat<NetworkService> nwService in service.Content.ServiceGroupFlats)
                 {
-                    if (nwService.Object != null && nwService.Object.Type.Name != "group")
+                    if (nwService.Object != null && nwService.Object.Type.Name != ObjectType.Group)
                     {
                         collectedServices.Add(nwService.Object);
                     }
diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index 8456fba4c..1cc2c3b10 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -22,8 +22,8 @@ public enum ObjCategory
         all = 0,
         nobj = 1, 
         nsrv = 2, 
-        user = 3,
-        appSvc = 4
+        user = 3 //,
+        // appSvc = 4
     }
 
     public abstract class ReportBase
@@ -204,15 +204,15 @@ public static string GetIconClass(ObjCategory? objCategory, string? objType)
         {
             switch (objType)
             {
-                case "group" when objCategory == ObjCategory.user:
+                case ObjectType.Group when objCategory == ObjCategory.user:
                     return Icons.UserGroup;
-                case "group":
+                case ObjectType.Group:
                     return Icons.ObjGroup;
-                case "host":
+                case ObjectType.Host:
                     return Icons.Host;
-                case "network":
+                case ObjectType.Network:
                     return Icons.Network;
-                case "ip_range":
+                case ObjectType.IPRange:
                     return Icons.Range;
                 default:
                     switch (objCategory)
diff --git a/roles/lib/files/FWO.Report/ReportNatRules.cs b/roles/lib/files/FWO.Report/ReportNatRules.cs
index fc15eb4c5..dec73044f 100644
--- a/roles/lib/files/FWO.Report/ReportNatRules.cs
+++ b/roles/lib/files/FWO.Report/ReportNatRules.cs
@@ -135,7 +135,7 @@ public override string ExportToHtml()
                         report.AppendLine($"<td>{objNumber++}</td>");
                         report.AppendLine($"<td>{svcobj.Name}</td>");
                         report.AppendLine($"<td><a name=svc{svcobj.Id}>{svcobj.Name}</a></td>");
-                        report.AppendLine($"<td>{((svcobj.Type.Name!="group" && svcobj.Protocol!=null)?svcobj.Protocol.Name:"")}</td>");
+                        report.AppendLine($"<td>{((svcobj.Type.Name!=ObjectType.Group && svcobj.Protocol!=null)?svcobj.Protocol.Name:"")}</td>");
                         if (svcobj.DestinationPortEnd != null && svcobj.DestinationPortEnd != svcobj.DestinationPort)
                             report.AppendLine($"<td>{svcobj.DestinationPort}-{svcobj.DestinationPortEnd}</td>");
                         else
diff --git a/roles/lib/files/FWO.Report/ReportRules.cs b/roles/lib/files/FWO.Report/ReportRules.cs
index d2b3d3ef3..685bb500e 100644
--- a/roles/lib/files/FWO.Report/ReportRules.cs
+++ b/roles/lib/files/FWO.Report/ReportRules.cs
@@ -489,7 +489,7 @@ private void appendNetworkServicesForManagementHtml(ref StringBuilder report, re
                     report.AppendLine($"<td>{objNumber++}</td>");
                     report.AppendLine($"<td>{svcobj.Name}</td>");
                     report.AppendLine($"<td><a name=svc{svcobj.Id}>{svcobj.Name}</a></td>");
-                    report.AppendLine($"<td>{((svcobj.Type.Name!="group" && svcobj.Protocol != null) ? svcobj.Protocol.Name : "")}</td>");
+                    report.AppendLine($"<td>{((svcobj.Type.Name!=ObjectType.Group && svcobj.Protocol != null) ? svcobj.Protocol.Name : "")}</td>");
                     if (svcobj.DestinationPortEnd != null && svcobj.DestinationPortEnd != svcobj.DestinationPort)
                         report.AppendLine($"<td>{svcobj.DestinationPort}-{svcobj.DestinationPortEnd}</td>");
                     else
diff --git a/roles/test/files/FWO.Test/ExportTest.cs b/roles/test/files/FWO.Test/ExportTest.cs
index 198dd4206..660645cd8 100644
--- a/roles/test/files/FWO.Test/ExportTest.cs
+++ b/roles/test/files/FWO.Test/ExportTest.cs
@@ -11,17 +11,17 @@ namespace FWO.Test
     [Parallelizable]
     internal class ExportTest
     {
-        static NetworkObject TestIp1 = new NetworkObject(){ Id = 1, Name = "TestIp1", IP = "1.2.3.4/32", IpEnd = "1.2.3.4/32", Type = new NetworkObjectType(){ Name = "network" }};
-        static NetworkObject TestIp2 = new NetworkObject(){ Id = 2, Name = "TestIp2", IP = "127.0.0.1/32", IpEnd = "127.0.0.1/32", Type = new NetworkObjectType(){ Name = "network" }};
-        static NetworkObject TestIpRange = new NetworkObject(){ Id = 3, Name = "TestIpRange", IP = "1.2.3.4/32", IpEnd = "1.2.3.5/32", Type = new NetworkObjectType(){ Name = "ip_range" }};
-        static NetworkObject TestIpNew = new NetworkObject(){ Id = 4, Name = "TestIpNew", IP = "10.0.6.0/32", IpEnd = "10.0.6.255/32", Type = new NetworkObjectType(){ Name = "network" }};
-        static NetworkObject TestIp1Changed = new NetworkObject(){ Id = 5, Name = "TestIp1Changed", IP = "2.3.4.5/32", IpEnd = "2.3.4.5/32", Type = new NetworkObjectType(){ Name = "host" }};
+        static NetworkObject TestIp1 = new NetworkObject(){ Id = 1, Name = "TestIp1", IP = "1.2.3.4/32", IpEnd = "1.2.3.4/32", Type = new NetworkObjectType(){ Name = ObjectType.Network }};
+        static NetworkObject TestIp2 = new NetworkObject(){ Id = 2, Name = "TestIp2", IP = "127.0.0.1/32", IpEnd = "127.0.0.1/32", Type = new NetworkObjectType(){ Name = ObjectType.Network }};
+        static NetworkObject TestIpRange = new NetworkObject(){ Id = 3, Name = "TestIpRange", IP = "1.2.3.4/32", IpEnd = "1.2.3.5/32", Type = new NetworkObjectType(){ Name = ObjectType.IPRange }};
+        static NetworkObject TestIpNew = new NetworkObject(){ Id = 4, Name = "TestIpNew", IP = "10.0.6.0/32", IpEnd = "10.0.6.255/32", Type = new NetworkObjectType(){ Name = ObjectType.Network }};
+        static NetworkObject TestIp1Changed = new NetworkObject(){ Id = 5, Name = "TestIp1Changed", IP = "2.3.4.5/32", IpEnd = "2.3.4.5/32", Type = new NetworkObjectType(){ Name = ObjectType.Host }};
 
         static NetworkService TestService1 = new NetworkService(){  Id = 1, DestinationPort = 443, DestinationPortEnd = 443, Name = "TestService1", Protocol = new NetworkProtocol { Name = "TCP" }};
         static NetworkService TestService2 = new NetworkService(){  Id = 2, DestinationPort = 6666, DestinationPortEnd = 7777, Name = "TestService2", Protocol = new NetworkProtocol { Name = "UDP" }};
 
         static NetworkUser TestUser1 = new NetworkUser(){ Id = 1, Name = "TestUser1" };
-        static NetworkUser TestUser2 = new NetworkUser(){ Id = 2, Name = "TestUser2", Type = new NetworkUserType() { Name = "group"} };
+        static NetworkUser TestUser2 = new NetworkUser(){ Id = 2, Name = "TestUser2", Type = new NetworkUserType() { Name = ObjectType.Group} };
 
         static Rule Rule1 = new Rule();
         static Rule Rule1Changed = new Rule();
diff --git a/roles/ui/files/FWO.UI/Pages/Compliance/ZonesChecks.razor b/roles/ui/files/FWO.UI/Pages/Compliance/ZonesChecks.razor
index 877845917..fe4bebc0b 100644
--- a/roles/ui/files/FWO.UI/Pages/Compliance/ZonesChecks.razor
+++ b/roles/ui/files/FWO.UI/Pages/Compliance/ZonesChecks.razor
@@ -170,11 +170,11 @@
 	{
 		List<IPAddressRange> ranges = new List<IPAddressRange>();
 
-		if (networkObject.Type == new NetworkObjectType() { Name = "range" })
+		if (networkObject.Type == new NetworkObjectType() { Name = ObjectType.IPRange })
 		{
 			ranges.Add(IPAddressRange.Parse($"{networkObject.IP}-{networkObject.IpEnd}"));
 		}
-		else if (networkObject.Type != new NetworkObjectType() { Name = "group" })
+		else if (networkObject.Type != new NetworkObjectType() { Name = ObjectType.Group })
 		{
 			for (int j = 0; j < networkObject.ObjectGroupFlats.Length; j++)
 			{
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index b2e119c74..1801fd02c 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -54,7 +54,7 @@
                             <Detail Title="@(userConfig.GetText("uid"))" Data=@context.Uid />
                             <Detail Title="@(userConfig.GetText("ip"))" Data=@NwObjDisplay.DisplayIp(context.IP, context.IpEnd, context.Type.Name) />
                             <Detail Title="@(userConfig.GetText("zone"))" Data=@context.Zone?.Name />
-                            @if (context.Type.Name == "group" && context.ObjectGroups != null && context.ObjectGroupFlats != null)
+                            @if (context.Type.Name == ObjectType.Group && context.ObjectGroups != null && context.ObjectGroupFlats != null)
                             {
                                 <ContentSwap Title1="@(userConfig.GetText("group_members"))" Title2="@(userConfig.GetText("group_members_flat"))">
                                     <Content1>
@@ -73,7 +73,7 @@
                                         {
                                             if(member.Object != null)
                                             {
-                                                if (member.Object.Type.Name == "group" || shownMemberIds.Contains(member.Object.Id))
+                                                if (member.Object.Type.Name == ObjectType.Group || shownMemberIds.Contains(member.Object.Id))
                                                     continue;
                                                 shownMemberIds.Add(member.Object.Id);
 
@@ -118,7 +118,7 @@
                         <DetailTemplate TableItem="NetworkService">
                             <Detail Title="@(userConfig.GetText("type"))" Data=@context.Type.Name />
                             <Detail Title="@(userConfig.GetText("uid"))" Data=@context.Uid />
-                            @if (context.Type.Name != "group")
+                            @if (context.Type.Name != ObjectType.Group)
                             {
                                 <Detail Title="@(userConfig.GetText("source_port"))" Data=@(context.SourcePort == context.SourcePortEnd ? context.SourcePort.ToString() : $"{context.SourcePort.ToString()}-{context.SourcePortEnd.ToString()}") />
                                 <Detail Title="@(userConfig.GetText("destination_port"))" Data=@(context.DestinationPort == context.DestinationPortEnd ? context.DestinationPort.ToString() : $"{context.DestinationPort.ToString()}-{context.DestinationPortEnd.ToString()}") />
@@ -126,7 +126,7 @@
                                 <Detail Title="@(userConfig.GetText("code"))" Data=@context.Code />
                                 <Detail Title="@(userConfig.GetText("timeout"))" Data=@context.Timeout.ToString() />
                             }
-                            @if (context.Type.Name == "group" && context.ServiceGroups != null && context.ServiceGroupFlats != null)
+                            @if (context.Type.Name == ObjectType.Group && context.ServiceGroups != null && context.ServiceGroupFlats != null)
                             {
                                 <ContentSwap Title1="@(userConfig.GetText("group_members"))" Title2="@(userConfig.GetText("group_members_flat"))">
                                     <Content1>
@@ -145,7 +145,7 @@
                                         {
                                             if(member.Object != null)
                                             {
-                                                if (member.Object.Type.Name == "group" || shownMemberIds.Contains(member.Object.Id))
+                                                if (member.Object.Type.Name == ObjectType.Group || shownMemberIds.Contains(member.Object.Id))
                                                     continue;
                                                 shownMemberIds.Add(member.Object.Id);
 
@@ -179,7 +179,7 @@
                             <Detail Title="@(userConfig.GetText("type"))" Data=@context.Type?.Name />
                             <Detail Title="@(userConfig.GetText("uid"))" Data=@context.Uid />
                             <Detail Title="@(userConfig.GetText("real_name"))" Data=@($"{context.FirstName} {context.LastName}") />
-                            @if (context.Type != null && context.Type.Name == "group" && context.UserGroups != null && context.UserGroupFlats != null)
+                            @if (context.Type != null && context.Type.Name == ObjectType.Group && context.UserGroups != null && context.UserGroupFlats != null)
                             {
                                 <ContentSwap Title1="@(userConfig.GetText("group_members"))" Title2="@(userConfig.GetText("group_members_flat"))">
                                     <Content1>
@@ -198,7 +198,7 @@
                                         {
                                             if(member.Object != null)
                                             {
-                                                if (member.Object.Type.Name == "group" || shownMemberIds.Contains(member.Object.Id))
+                                                if (member.Object.Type.Name == ObjectType.Group || shownMemberIds.Contains(member.Object.Id))
                                                     continue;
                                                 shownMemberIds.Add(member.Object.Id);
 

From 0b0a81874e9360fe26cd3a83d34a1568739a199b Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Wed, 6 Mar 2024 16:06:22 +0100
Subject: [PATCH 25/84] conn filter first step

---
 .../FWO.Report.Filter/Ast/AstNodeConnector.cs |  8 +++++--
 .../FWO.Report.Filter/Ast/AstNodeFilter.cs    |  1 -
 .../Ast/AstNodeFilterBool.cs                  |  5 -----
 .../FWO.Report.Filter/Ast/AstNodeFilterInt.cs |  1 +
 .../Ast/AstNodeFilterNetwork.cs               |  5 +++++
 .../Ast/AstNodeFilterReportType.cs            |  1 +
 .../Ast/AstNodeFilterString.cs                | 21 +++++++++++--------
 .../FWO.Report.Filter/DynGraphqlQuery.cs      |  5 ++++-
 .../ui/files/FWO.UI/Shared/ObjectGroup.razor  | 13 ++++++++++++
 .../FWO.UI/Shared/ObjectGroupCollection.razor |  5 ++++-
 .../ui/files/FWO.UI/Shared/RightSidebar.razor |  3 ++-
 11 files changed, 48 insertions(+), 20 deletions(-)

diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeConnector.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeConnector.cs
index 3b82fa64a..a21f7682e 100644
--- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeConnector.cs
+++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeConnector.cs
@@ -23,13 +23,15 @@ public override void Extract(ref DynGraphqlQuery query, ReportType? reportType)
                     query.ruleWhereStatement += "_and: [{"; 
                     query.nwObjWhereStatement += "_and: [{";
                     query.svcObjWhereStatement += "_and: [{";
-                    query.userObjWhereStatement += "_and: [{"; 
+                    query.userObjWhereStatement += "_and: [{";
+                    query.connectionWhereStatement += "_and: [{"; 
                     break;
                 case TokenKind.Or: // or terms need to be enclosed in []
                     query.ruleWhereStatement += "_or: [{"; 
                     query.nwObjWhereStatement += "_or: [{";
                     query.svcObjWhereStatement += "_or: [{";
-                    query.userObjWhereStatement += "_or: [{"; 
+                    query.userObjWhereStatement += "_or: [{";
+                    query.connectionWhereStatement += "_or: [{"; 
                     break;
                 default:
                     throw new SemanticException($"### Compiler Error: Found unexpected and unsupported connector token (prefix): \"{Connector}\". ###", Connector.Position);
@@ -45,6 +47,7 @@ public override void Extract(ref DynGraphqlQuery query, ReportType? reportType)
                     query.nwObjWhereStatement += "}, {";
                     query.svcObjWhereStatement += "}, {";
                     query.userObjWhereStatement += "}, {";
+                    query.connectionWhereStatement += "}, {";
                     break;
                 default:
                     throw new SemanticException($"### Compiler Error: Found unexpected and unsupported connector token (operator): \"{Connector}\". ###", Connector.Position);
@@ -60,6 +63,7 @@ public override void Extract(ref DynGraphqlQuery query, ReportType? reportType)
                     query.nwObjWhereStatement += "}] ";
                     query.svcObjWhereStatement += "}] ";
                     query.userObjWhereStatement += "}] ";
+                    query.connectionWhereStatement += "}] ";
                     break;
                 default:
                     throw new SemanticException($"### Compiler Error: Found unexpected and unsupported connector token (suffix): \"{Connector}\" ###", Connector.Position);
diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilter.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilter.cs
index 8e989e6d2..07fa74d88 100644
--- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilter.cs
+++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilter.cs
@@ -7,7 +7,6 @@ abstract class AstNodeFilter : AstNode
         public Token Name { get; set; } = new Token(new Range(), "", TokenKind.Value);
         public Token Operator { get; set; } = new Token(new Range(), "", TokenKind.Value);
         public Token Value { get; set; } = new Token(new Range(), "", TokenKind.Value);
-        private List<string>? ruleFieldNames { get; set; }
 
         protected void CheckOperator(Token isOperator, bool equalsIsExactEquals, params TokenKind[] expectedOperators)
         {
diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterBool.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterBool.cs
index 68f75fbb4..19581c34b 100644
--- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterBool.cs
+++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterBool.cs
@@ -1,9 +1,4 @@
 using FWO.Report.Filter.Exceptions;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
 
 namespace FWO.Report.Filter.Ast
 {
diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs
index 2e5611e3d..7043d2438 100644
--- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs
+++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs
@@ -54,6 +54,7 @@ private DynGraphqlQuery ExtractDestinationPortFilter(DynGraphqlQuery query)
             string queryVarName = AddVariable<int>(query, "dport", Operator.Kind, semanticValue);
             query.ruleWhereStatement += "rule_services: { service: { svcgrp_flats: { serviceBySvcgrpFlatMemberId: { svc_port: {_lte" +
                 ": $" + queryVarName + "}, svc_port_end: {_gte: $" + queryVarName + " } } } } }";
+            query.connectionWhereStatement += $"service_connections: {{service: {{port: {{ _lte: ${queryVarName} }}, port_end: {{ _gte: ${queryVarName} }} }} }}";
             return query;
         }
 
diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs
index 9547d5258..5f51f70e1 100644
--- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs
+++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs
@@ -42,6 +42,7 @@ private DynGraphqlQuery ExtractDestinationFilter(DynGraphqlQuery query)
             {
                 string QueryVarName = AddVariable<string>(query, "dst", Operator.Kind, Value.Text);
                 query.ruleWhereStatement += $"rule_tos: {{ object: {{ objgrp_flats: {{ objectByObjgrpFlatMemberId: {{ obj_name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }} }}";
+                query.connectionWhereStatement += $"nwobject_connections: {{connection_field: {{ _eq: 2 }}, owner_network: {{name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }}";
             }
             return query;
         }
@@ -55,6 +56,7 @@ private DynGraphqlQuery ExtractSourceFilter(DynGraphqlQuery query)
             {
                 string QueryVarName = AddVariable<string>(query, "src", Operator.Kind, Value.Text);
                 query.ruleWhereStatement += $"rule_froms: {{ object: {{ objgrp_flats: {{ objectByObjgrpFlatMemberId: {{ obj_name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }} }}";
+                query.connectionWhereStatement += $"nwobject_connections: {{connection_field: {{ _eq: 1 }}, owner_network: {{name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }}";
             }
             return query;
         }
@@ -145,6 +147,9 @@ private DynGraphqlQuery ExtractIpFilter(DynGraphqlQuery query, string location,
                                 }}
                             }}
                         }}";
+            ipFilterString = $@" ip_end: {{ _gte: ${QueryVarNameFirst1} }} ip: {{ _lte: ${QueryVarNameLast2} }}";
+            int conField = location == "src" ? 1 : 2;
+            query.connectionWhereStatement += $"nwobject_connections: {{connection_field: {{ _eq: {conField} }}, owner_network: {{ {ipFilterString} }} }}";
             return query;
         }
 
diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterReportType.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterReportType.cs
index feb603858..b86611f5b 100644
--- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterReportType.cs
+++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterReportType.cs
@@ -21,6 +21,7 @@ public override void ConvertToSemanticType()
                 "resolvedchangestech" or "resolvedchangetech" => ReportType.ResolvedChangesTech,
                 "natrules" or "nat_rules" => ReportType.NatRules,
                 "recertifications" or "recertification" => ReportType.Recertification,
+                "connections" or "connection" => ReportType.Connections,
                 _ => throw new SemanticException($"Unexpected report type found", Value.Position)
             };
         }
diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs
index cf0d09ce1..c6a7d8b3b 100644
--- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs
+++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs
@@ -1,8 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
+using FWO.Report.Filter;
 
 namespace FWO.Report.Filter.Ast
 {
@@ -52,11 +48,16 @@ private DynGraphqlQuery ExtractFullTextFilter(DynGraphqlQuery query)
             string queryVarName = AddVariable<string>(query, "fullTextFiler", Operator.Kind, semanticValue!);
             string queryOperator = ExtractOperator();
 
-            List<string> ruleFieldNames = new List<string>() { "rule_src", "rule_dst", "rule_svc", "rule_action", "rule_name", "rule_comment", "rule_uid" };  // TODO: add comment later
-            List<string> searchParts = new List<string>();
+            List<string> ruleFieldNames = new () { "rule_src", "rule_dst", "rule_svc", "rule_action", "rule_name", "rule_comment", "rule_uid" };  // TODO: add comment later
+            List<string> ruleSearchParts = new ();
             foreach (string field in ruleFieldNames)
-                searchParts.Add($"{{{field}: {{{queryOperator}: ${queryVarName} }} }} ");
-            query.ruleWhereStatement += $"_or: [ {string.Join(", ", searchParts)} ]";
+                ruleSearchParts.Add($"{{{field}: {{{queryOperator}: ${queryVarName} }} }} ");
+            query.ruleWhereStatement += $"_or: [ {string.Join(", ", ruleSearchParts)} ]";
+            //     List<string> connFieldNames = new () { "name" };
+            //     List<string> connSearchParts = new ();
+            //     foreach (string field in connFieldNames)
+            //         connSearchParts.Add($"{{{field}: {{{queryOperator}: ${queryVarName} }} }} ");
+            //     query.connectionWhereStatement += $"_or: [ {string.Join(", ", connSearchParts)} ]";
             return query;
         }
 
@@ -97,6 +98,7 @@ private DynGraphqlQuery ExtractProtocolFilter(DynGraphqlQuery query)
         {
             string queryVarName = AddVariable<string>(query, "proto", Operator.Kind, semanticValue!);
             query.ruleWhereStatement += $"rule_services: {{service: {{stm_ip_proto: {{ip_proto_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }}";
+            query.connectionWhereStatement += $"service_connections: {{service: {{stm_ip_proto: {{ip_proto_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }}";
             return query;
         }
 
@@ -111,6 +113,7 @@ private DynGraphqlQuery ExtractServiceFilter(DynGraphqlQuery query)
         {
             string queryVarName = AddVariable<string>(query, "svc", Operator.Kind, semanticValue!);
             query.ruleWhereStatement += $"rule_services: {{service: {{svcgrp_flats: {{serviceBySvcgrpFlatMemberId: {{svc_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} }}";
+            query.connectionWhereStatement += $"service_connections: {{service: {{name: {{ {ExtractOperator()}: ${queryVarName} }} }} }}";
             return query;
         }
     }
diff --git a/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs b/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs
index 66b108d67..bab2551a0 100644
--- a/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs
+++ b/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs
@@ -246,7 +246,7 @@ private static void SetConnectionFilter(ref DynGraphqlQuery query, ModellingFilt
             {
                 query.QueryParameters.Add("$appId: Int!");
                 query.QueryVariables["appId"] = modellingFilter.SelectedOwner.Id;
-                query.connectionWhereStatement = $@"app_id: {{ _eq: $appId }}";
+                query.connectionWhereStatement += $@"{{app_id: {{ _eq: $appId }} }}";
             }
         }
 
@@ -303,16 +303,19 @@ public static DynGraphqlQuery GenerateQuery(ReportTemplate filter, AstNode? ast)
             DynGraphqlQuery query = new DynGraphqlQuery(filter.Filter);
 
             query.ruleWhereStatement += "_and: [";
+            query.connectionWhereStatement += "_and: [";
 
             SetFixedFilters(ref query, filter);
 
             query.ruleWhereStatement += "{";
+            query.connectionWhereStatement += "{";
 
             // now we convert the ast into a graphql query:
             if (ast != null)
                 ast.Extract(ref query, (ReportType)filter.ReportParams.ReportType);
 
             query.ruleWhereStatement += "}] ";
+            query.connectionWhereStatement += "}] ";
 
             string paramString = string.Join(" ", query.QueryParameters.ToArray());
 
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index 1801fd02c..910d3316a 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -260,6 +260,9 @@
     [Parameter]
     public Func<InputDataType, IEnumerable<NetworkUser>>? NetworkUserExtractor { get; set; }
 
+    [Parameter]
+    public bool Reload { get; set; } = false;
+
     // [Parameter]
     // public Func<InputDataType, IEnumerable<ModellingAppServer>>? AppServerExtractor { get; set; }
 
@@ -275,7 +278,17 @@
     {
         Content = InitialContent;
         if (StartContentDetailed)
+        {
             await FetchContent(ObjCategory.all);
+        }
+    }
+
+    protected override async Task OnParametersSetAsync()
+    {
+        if(Reload)
+        {
+            Content = InitialContent;
+        }
     }
 
     private string GetIDPrefix(ObjCategory objCategory, RsbTab? tab = null, bool toMgmtObj = false)
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
index 64ec635c7..b4bb40ebd 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
@@ -9,7 +9,7 @@
     {
         <ObjectGroup FetchObjects="FetchObjects" Recert="Recert" Tab="Tab" StartCollapsed="StartCollapsed" StartContentDetailed="StartContentDetailed"
             InputDataType="InputDataType" InitialContent="obj" NameExtractor="NameExtractor" NetworkObjectExtractor="NetworkObjectExtractor"
-            NetworkServiceExtractor="NetworkServiceExtractor" NetworkUserExtractor="NetworkUserExtractor"/>
+            NetworkServiceExtractor="NetworkServiceExtractor" NetworkUserExtractor="NetworkUserExtractor" Reload="Reload"/>
         <div class="mb-1"></div>
     }
 }
@@ -48,4 +48,7 @@
 
     [Parameter]
     public Func<InputDataType, IEnumerable<NetworkUser>>? NetworkUserExtractor { get; set; }
+    
+    [Parameter]
+    public bool Reload { get; set; } = false;
 }
diff --git a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
index 694896d5d..2a51ea2f4 100644
--- a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
+++ b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
@@ -79,7 +79,8 @@
                                     Data="ConnectionsReport"
                                     NameExtractor="own => own.Name" 
                                     NetworkObjectExtractor="own => own.GetAllNetworkObjects()"
-                                    NetworkServiceExtractor="own => own.GetAllServices()"/>
+                                    NetworkServiceExtractor="own => own.GetAllServices()"
+                                    Reload="true"/>
                             </CascadingValue>
                         </div>
                     </Tab>

From 7de6cbc7cd1f3bd70aefe3c969ed07819d84416d Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Thu, 7 Mar 2024 12:22:16 +0100
Subject: [PATCH 26/84] enhance rsb + add comsvc to report

---
 .../files/sql/idempotent/fworch-texts.sql     |   4 +
 .../fragments/appRoleDetails.graphql          |   5 +
 .../fragments/connectionDetails.graphql       |   3 +
 .../fragments/serviceGroupDetails.graphql     |   5 +
 .../modelling/getCommonServices.graphql       |   5 +
 .../FWO.Api.Client/Data/ModellingAppRole.cs   |  17 +++
 .../FWO.Api.Client/Data/ModellingAppServer.cs |  12 +-
 .../Data/ModellingConnection.cs               |   3 +
 .../files/FWO.Api.Client/Data/OwnerReport.cs  |  18 ++-
 .../Queries/ModellingQueries.cs               |   2 +
 .../files/FWO.UI/Pages/Reporting/Report.razor |   5 +-
 .../Reporting/Reports/ConnectionsReport.razor |  11 +-
 .../files/FWO.UI/Shared/ConnectionTable.razor |   7 ++
 .../ui/files/FWO.UI/Shared/ObjectGroup.razor  | 118 +++++++++++-------
 14 files changed, 162 insertions(+), 53 deletions(-)
 create mode 100644 roles/lib/files/FWO.Api.Client/APIcalls/modelling/getCommonServices.graphql

diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index 0657f80d4..7c9ca53ce 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -1140,6 +1140,10 @@ INSERT INTO txt VALUES ('common_service',       'German', 	'Common Service');
 INSERT INTO txt VALUES ('common_service',       'English', 	'Common Service');
 INSERT INTO txt VALUES ('common_services',      'German', 	'Common Services');
 INSERT INTO txt VALUES ('common_services',      'English', 	'Common Services');
+INSERT INTO txt VALUES ('own_common_services',  'German', 	'Eigene Common Services');
+INSERT INTO txt VALUES ('own_common_services',  'English',  'Own Common Services');
+INSERT INTO txt VALUES ('global_common_services','German', 	'Globale Common Services');
+INSERT INTO txt VALUES ('global_common_services','English', 'Global Common Services');
 INSERT INTO txt VALUES ('add_common_service', 	'German',	'Common Service hinzuf&uuml;gen');
 INSERT INTO txt VALUES ('add_common_service', 	'English',	'Add Common Service');
 INSERT INTO txt VALUES ('regular_connection',   'German', 	'Standard-Verbindung');
diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/appRoleDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/appRoleDetails.graphql
index cdc86683a..cb41fdd17 100644
--- a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/appRoleDetails.graphql
+++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/appRoleDetails.graphql
@@ -8,4 +8,9 @@ fragment appRoleDetails on modelling_nwgroup {
   is_deleted
   creator
   creation_date
+  nwobjects: nwobject_nwgroups{
+    owner_network{
+      ...appServerDetails
+    }
+  }
 }
diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/connectionDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/connectionDetails.graphql
index baee5497c..83d5f7856 100644
--- a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/connectionDetails.graphql
+++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/connectionDetails.graphql
@@ -1,6 +1,9 @@
 fragment connectionDetails on modelling_connection {
   id
   app_id
+  owner{
+    name
+  }
   name
   reason
   is_interface
diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/serviceGroupDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/serviceGroupDetails.graphql
index d9af997d4..1508cfaaf 100644
--- a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/serviceGroupDetails.graphql
+++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/serviceGroupDetails.graphql
@@ -6,4 +6,9 @@ fragment serviceGroupDetails on modelling_service_group {
   comment
   creator
   creation_date
+  services: service_service_groups{
+    service{
+      ...serviceDetails
+    }
+  }
 }
diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getCommonServices.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getCommonServices.graphql
new file mode 100644
index 000000000..634233547
--- /dev/null
+++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getCommonServices.graphql
@@ -0,0 +1,5 @@
+query getCommonServices{
+  modelling_connection (where: { common_service: { _eq: true } } order_by: { name: asc }){
+    ...connectionDetails
+  }
+}
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
index a76ff30ae..e4d809547 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
@@ -38,6 +38,18 @@ public override string DisplayWithIcon()
             return $"<span class=\"{Icons.AppRole}\"></span> " + DisplayHtml();
         }
 
+        public NetworkObject ToNetworkObjectGroup()
+        {
+            return new()
+            {
+                Id = Id,
+                Name = Name ?? "",
+                Comment = Comment ?? "",
+                Type = new NetworkObjectType(){ Name = ObjectType.Group },
+                ObjectGroups = ModellingAppRoleWrapper.ResolveAsNetworkObjectGroup(AppServers ?? new List<ModellingAppServerWrapper>())
+            };
+        }
+
         public override bool Sanitize()
         {
             bool shortened = base.Sanitize();
@@ -56,5 +68,10 @@ public static ModellingAppRole[] Resolve(List<ModellingAppRoleWrapper> wrappedLi
         {
             return Array.ConvertAll(wrappedList.ToArray(), wrapper => wrapper.Content);
         }
+
+        public static Group<NetworkObject>[] ResolveAsNetworkObjectGroup(List<ModellingAppServerWrapper> wrappedList)
+        {
+            return Array.ConvertAll(wrappedList.ToArray(), wrapper => new Group<NetworkObject> {Id = wrapper.Content.Id, Object = ModellingAppServer.ToNetworkObject(wrapper.Content)});
+        }
     }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
index 5331868d2..f348c9267 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
@@ -16,7 +16,7 @@ public class ModellingAppServer : ModellingNwObject
 
         public override string Display()
         {
-            return (IsDeleted ? "!" : "") + (InUse ? "" : "*") + DisplayBase.DisplayIpWithName(ToNetworkObject());
+            return (IsDeleted ? "!" : "") + (InUse ? "" : "*") + DisplayBase.DisplayIpWithName(ToNetworkObject(this));
         }
 
         public override string DisplayHtml()
@@ -38,14 +38,14 @@ public override bool Sanitize()
             return shortened;
         }
 
-        public NetworkObject ToNetworkObject()
+        public static NetworkObject ToNetworkObject(ModellingAppServer appServer)
         {
             return new NetworkObject()
             {
-                Id = Id,
-                Name = Name,
-                IP = Ip,
-                IpEnd = Ip
+                Id = appServer.Id,
+                Name = appServer.Name,
+                IP = appServer.Ip,
+                IpEnd = appServer.Ip
             };
         }
 
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
index 3fbb62943..044c8192f 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
@@ -11,6 +11,9 @@ public class ModellingConnection
         [JsonProperty("app_id"), JsonPropertyName("app_id")]
         public int AppId { get; set; }
 
+        [JsonProperty("owner"), JsonPropertyName("owner")]
+        public FwoOwner App { get; set; } = new();
+
         [JsonProperty("name"), JsonPropertyName("name")]
         public string? Name { get; set; } = "";
 
diff --git a/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs b/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs
index 4d4eb790d..9d4c1b87f 100644
--- a/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs
@@ -27,7 +27,23 @@ public List<ModellingAppServer> GetAllAppServers()
 
         public List<NetworkObject> GetAllNetworkObjects()
         {
-            return Array.ConvertAll(GetAllAppServers().ToArray(), x => x.ToNetworkObject()).ToList();
+            List<NetworkObject> allObjects = new();
+            foreach(var conn in Connections)
+            {
+                List<NetworkObject> objList = new();
+                foreach (var objGrp in conn.SourceAppRoles)
+                {
+                    objList.Add(objGrp.Content.ToNetworkObjectGroup());
+                }
+                foreach (var objGrp in conn.DestinationAppRoles)
+                {
+                    objList.Add(objGrp.Content.ToNetworkObjectGroup());
+                }
+                allObjects = allObjects.Union(objList).ToList();
+                allObjects = allObjects.Union(Array.ConvertAll(GetAllAppServers().ToArray(), x => ModellingAppServer.ToNetworkObject(x)).ToList()).ToList();
+            }
+            return allObjects;
+
         }
 
         public List<NetworkService> GetAllServices()
diff --git a/roles/lib/files/FWO.Api.Client/Queries/ModellingQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/ModellingQueries.cs
index 0fab5d514..0911133bb 100644
--- a/roles/lib/files/FWO.Api.Client/Queries/ModellingQueries.cs
+++ b/roles/lib/files/FWO.Api.Client/Queries/ModellingQueries.cs
@@ -28,6 +28,7 @@ public class ModellingQueries : Queries
         public static readonly string getInterfaces;
         public static readonly string getInterfaceById;
         public static readonly string getConnections;
+        public static readonly string getCommonServices;
         public static readonly string newConnection;
         public static readonly string updateConnection;
         public static readonly string deleteConnection;
@@ -110,6 +111,7 @@ static ModellingQueries()
                 getInterfaces = connectionDetailsFragment + File.ReadAllText(QueryPath + "modelling/getInterfaces.graphql");
                 getInterfaceById = connectionDetailsFragment + File.ReadAllText(QueryPath + "modelling/getInterfaceById.graphql");                
                 getConnections = connectionDetailsFragment + File.ReadAllText(QueryPath + "modelling/getConnections.graphql");
+                getCommonServices = connectionDetailsFragment + File.ReadAllText(QueryPath + "modelling/getCommonServices.graphql");
                 newConnection = File.ReadAllText(QueryPath + "modelling/newConnection.graphql");
                 updateConnection = File.ReadAllText(QueryPath + "modelling/updateConnection.graphql");
                 deleteConnection = File.ReadAllText(QueryPath + "modelling/deleteConnection.graphql");
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 3648713ee..d48736755 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -127,7 +127,7 @@
                             break;
 
                         case ReportType.Connections:
-                            <ConnectionsReport AppHandler="appHandler"/>
+                            <ConnectionsReport AppHandler="appHandler" AllCommonServices="globalComSvc"/>
                             break;
 
                         default:
@@ -192,6 +192,7 @@
     private Management[] managementsReport = new Management[0];
     List<int> relevantManagementIds = new();
     private Management? globalStats = null;
+    private List<ModellingConnection>? globalComSvc = null;
     
     private ReportFilters actReportFilters = new ();
     private bool InitDone = false;
@@ -285,6 +286,7 @@
         managementsReport = new Management[] {};
         globalStats = null;
         connectionReport = new();
+        globalComSvc = null;
         reportGenerationDuration = 0;
     }
 
@@ -357,6 +359,7 @@
                     }, token);
                     appHandler = new (apiConnection, userConfig, actReportFilters.ModellingFilter.SelectedOwner, DisplayMessageInUi);
                     await appHandler.Init(connectionReport[0].Connections);
+                    globalComSvc = await apiConnection.SendQueryAsync<List<ModellingConnection>>(ModellingQueries.getCommonServices);
                 }
                 else if(currentReport.ReportType == ReportType.Statistics)
                 {
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
index 10cec6c99..ccd718437 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
@@ -22,14 +22,23 @@
     }
     @if(AppHandler.GetCommonServices().Count > 0)
     {
-        <Collapse Title="@userConfig.GetText("common_services")" Style="@("primary")" StartToggled="false">
+        <Collapse Title="@userConfig.GetText("own_common_services")" Style="@("primary")" StartToggled="false">
             <ConnectionTable Connections="@AppHandler.GetCommonServices()" AppHandler="AppHandler" Readonly="true"/>
         </Collapse>
     }
+    @if(AllCommonServices != null && AllCommonServices.Count > 0)
+    {
+        <Collapse Title="@userConfig.GetText("global_common_services")" Style="@("primary")" StartToggled="false">
+            <ConnectionTable Connections="@AllCommonServices" AppHandler="AppHandler" Readonly="true" ShowAppName="true"/>
+        </Collapse>
+    }
 }
 
 @code
 {
     [Parameter]
     public ModellingAppHandler? AppHandler { get; set; } = null;
+
+    [Parameter]
+    public List<ModellingConnection>? AllCommonServices { get; set; } = null;
 }
diff --git a/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor b/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
index dd677ff14..5e5d45e15 100644
--- a/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
+++ b/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
@@ -32,6 +32,10 @@
                 @(userConfig.GetText(context.GetConnType()))
             </Template>
     </Column>             *@
+    @if(ShowAppName)
+    {
+        <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("owner"))" Field="@(x => x.App.Name)" Sortable="true" Filterable="true" />
+    }        
     <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("name"))" Field="@(x => x.Name)" Sortable="true" Filterable="true" />
     <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("func_reason"))" Field="@(x => x.Reason)" Sortable="true" Filterable="true" />
     <Column TableItem="ModellingConnection" Title="@(userConfig.GetText("source"))" Field="@(x => x.Id)" Sortable="true" Filterable="true" >
@@ -81,6 +85,9 @@
     [Parameter]
     public bool Readonly { get; set; } = false;
 
+    [Parameter]
+    public bool ShowAppName { get; set; } = false;
+
     private string getTableRowClass(ModellingConnection conn)
     {
         @* if(conn.IsInterface)
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index 910d3316a..1317f8d49 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -56,33 +56,46 @@
                             <Detail Title="@(userConfig.GetText("zone"))" Data=@context.Zone?.Name />
                             @if (context.Type.Name == ObjectType.Group && context.ObjectGroups != null && context.ObjectGroupFlats != null)
                             {
-                                <ContentSwap Title1="@(userConfig.GetText("group_members"))" Title2="@(userConfig.GetText("group_members_flat"))">
-                                    <Content1>
-                                        @foreach (Group<NetworkObject> member in context.ObjectGroups)
+                                if(Tab == RsbTab.usedObj || Tab == RsbTab.unusedObj)
+                                {
+                                    foreach (Group<NetworkObject> member in context.ObjectGroups)
+                                    {
+                                        if(member.Object != null)
                                         {
-                                            if(member.Object != null)
+                                            <div><span class=\"{Icons.NwObject}\"></span> @DisplayBase.DisplayIpWithName(member.Object)</div>
+                                        }
+                                    }
+                                }
+                                else
+                                {
+                                    <ContentSwap Title1="@(userConfig.GetText("group_members"))" Title2="@(userConfig.GetText("group_members_flat"))">
+                                        <Content1>
+                                            @foreach (Group<NetworkObject> member in context.ObjectGroups)
                                             {
-                                                @AddLinkToObject(ObjCategory.nobj, member.Object.Id, member.Object.Type.Name, member.Object.Name)
-                                                <br>
+                                                if(member.Object != null)
+                                                {
+                                                    @AddLinkToObject(ObjCategory.nobj, member.Object.Id, member.Object.Type.Name, member.Object.Name)
+                                                    <br>
+                                                }
                                             }
-                                        }
-                                    </Content1>
-                                    <Content2>
-                                        @{ List<long> shownMemberIds = new List<long>(); }
-                                        @foreach (GroupFlat<NetworkObject> member in context.ObjectGroupFlats)
-                                        {
-                                            if(member.Object != null)
+                                        </Content1>
+                                        <Content2>
+                                            @{ List<long> shownMemberIds = new List<long>(); }
+                                            @foreach (GroupFlat<NetworkObject> member in context.ObjectGroupFlats)
                                             {
-                                                if (member.Object.Type.Name == ObjectType.Group || shownMemberIds.Contains(member.Object.Id))
-                                                    continue;
-                                                shownMemberIds.Add(member.Object.Id);
-
-                                                @AddLinkToObject(ObjCategory.nobj, member.Object.Id, member.Object.Type.Name, member.Object.Name)
-                                                <br>
+                                                if(member.Object != null)
+                                                {
+                                                    if (member.Object.Type.Name == ObjectType.Group || shownMemberIds.Contains(member.Object.Id))
+                                                        continue;
+                                                    shownMemberIds.Add(member.Object.Id);
+
+                                                    @AddLinkToObject(ObjCategory.nobj, member.Object.Id, member.Object.Type.Name, member.Object.Name)
+                                                    <br>
+                                                }
                                             }
-                                        }
-                                    </Content2>
-                                </ContentSwap>
+                                        </Content2>
+                                    </ContentSwap>
+                                }
                             }
                             @if(context.CreateTime.Time.Year > 1)
                             {
@@ -128,33 +141,46 @@
                             }
                             @if (context.Type.Name == ObjectType.Group && context.ServiceGroups != null && context.ServiceGroupFlats != null)
                             {
-                                <ContentSwap Title1="@(userConfig.GetText("group_members"))" Title2="@(userConfig.GetText("group_members_flat"))">
-                                    <Content1>
-                                        @foreach (Group<NetworkService> member in context.ServiceGroups)
+                                if(Tab == RsbTab.usedObj || Tab == RsbTab.unusedObj)
+                                {
+                                    foreach (Group<NetworkService> member in context.ServiceGroups)
+                                    {
+                                        if(member.Object != null)
                                         {
-                                            if(member.Object != null)
+                                            <div><span class=\"{Icons.Service}\"></span> @DisplayBase.DisplayService(member.Object, false)</div>
+                                        }
+                                    }
+                                }
+                                else
+                                {
+                                    <ContentSwap Title1="@(userConfig.GetText("group_members"))" Title2="@(userConfig.GetText("group_members_flat"))">
+                                        <Content1>
+                                            @foreach (Group<NetworkService> member in context.ServiceGroups)
                                             {
-                                                @AddLinkToObject(ObjCategory.nsrv, member.Object.Id, member.Object.Type.Name, member.Object.Name)
-                                                <br>
+                                                if(member.Object != null)
+                                                {
+                                                    @AddLinkToObject(ObjCategory.nsrv, member.Object.Id, member.Object.Type.Name, member.Object.Name)
+                                                    <br>
+                                                }
                                             }
-                                        }
-                                    </Content1>
-                                    <Content2>
-                                        @{ List<long> shownMemberIds = new List<long>(); }
-                                        @foreach (GroupFlat<NetworkService> member in context.ServiceGroupFlats)
-                                        {
-                                            if(member.Object != null)
+                                        </Content1>
+                                        <Content2>
+                                            @{ List<long> shownMemberIds = new List<long>(); }
+                                            @foreach (GroupFlat<NetworkService> member in context.ServiceGroupFlats)
                                             {
-                                                if (member.Object.Type.Name == ObjectType.Group || shownMemberIds.Contains(member.Object.Id))
-                                                    continue;
-                                                shownMemberIds.Add(member.Object.Id);
-
-                                                @AddLinkToObject(ObjCategory.nsrv, member.Object.Id, member.Object.Type.Name, member.Object.Name)
-                                                <br>
+                                                if(member.Object != null)
+                                                {
+                                                    if (member.Object.Type.Name == ObjectType.Group || shownMemberIds.Contains(member.Object.Id))
+                                                        continue;
+                                                    shownMemberIds.Add(member.Object.Id);
+
+                                                    @AddLinkToObject(ObjCategory.nsrv, member.Object.Id, member.Object.Type.Name, member.Object.Name)
+                                                    <br>
+                                                }
                                             }
-                                        }
-                                    </Content2>
-                                </ContentSwap>
+                                        </Content2>
+                                    </ContentSwap>
+                                }
                             }
                             @if(context.CreateTime.Time.Year > 1)
                             {
@@ -340,6 +366,10 @@
 
     RenderFragment AddLinkToObject(ObjCategory objCategory, long objId, string type, string name)
     {
+        @* if(Tab == RsbTab.usedObj || Tab == RsbTab.unusedObj)
+        {
+            return @<span class="@ReportBase.GetIconClass(objCategory, type)">@name</span>;
+        } *@
         RsbTab targetTab = Tab == RsbTab.all ? RsbTab.all : RsbTab.report;
         string htmlObjRefPrefix = GetIDPrefix(objCategory, targetTab, true);
 

From 91bb37989d122aa79a51d9454e85cf3ff0cef6c4 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Thu, 7 Mar 2024 16:17:38 +0100
Subject: [PATCH 27/84] split management class

---
 .../fragments/connectionDetails.graphql       |   3 -
 .../modelling/getCommonServices.graphql       |   3 +
 .../files/FWO.Api.Client/Data/Management.cs   | 140 ++-----------
 .../FWO.Api.Client/Data/ManagementReport.cs   | 143 ++++++++++++++
 roles/lib/files/FWO.Report/ReportBase.cs      |   6 +-
 roles/lib/files/FWO.Report/ReportChanges.cs   |  26 +--
 .../lib/files/FWO.Report/ReportDevicesBase.cs |  22 +--
 roles/lib/files/FWO.Report/ReportNatRules.cs  |  22 +--
 roles/lib/files/FWO.Report/ReportRules.cs     | 116 +++++------
 .../lib/files/FWO.Report/ReportStatistics.cs  |  46 ++---
 roles/test/files/FWO.Test/ExportTest.cs       | 184 +++++++++++-------
 .../files/FWO.UI/Pages/Reporting/Report.razor |  22 +--
 .../Reporting/Reports/StatisticsReport.razor  |  30 +--
 .../ui/files/FWO.UI/Shared/ObjectGroup.razor  |   8 +-
 .../FWO.UI/Shared/ObjectGroupCollection.razor |   2 +-
 .../ui/files/FWO.UI/Shared/RightSidebar.razor |  26 +--
 16 files changed, 433 insertions(+), 366 deletions(-)
 create mode 100644 roles/lib/files/FWO.Api.Client/Data/ManagementReport.cs

diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/connectionDetails.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/connectionDetails.graphql
index 83d5f7856..baee5497c 100644
--- a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/connectionDetails.graphql
+++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/fragments/connectionDetails.graphql
@@ -1,9 +1,6 @@
 fragment connectionDetails on modelling_connection {
   id
   app_id
-  owner{
-    name
-  }
   name
   reason
   is_interface
diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getCommonServices.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getCommonServices.graphql
index 634233547..4a732746f 100644
--- a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getCommonServices.graphql
+++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/getCommonServices.graphql
@@ -1,5 +1,8 @@
 query getCommonServices{
   modelling_connection (where: { common_service: { _eq: true } } order_by: { name: asc }){
     ...connectionDetails
+    owner{
+      name
+    }
   }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/Management.cs b/roles/lib/files/FWO.Api.Client/Data/Management.cs
index 5a19baefa..f1c7b107e 100644
--- a/roles/lib/files/FWO.Api.Client/Data/Management.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/Management.cs
@@ -56,24 +56,6 @@ public class Management
         [JsonProperty("devices"), JsonPropertyName("devices")]
         public Device[] Devices { get; set; } = new Device[]{};
 
-        [JsonProperty("networkObjects"), JsonPropertyName("networkObjects")]
-        public NetworkObject[] Objects { get; set; } = new NetworkObject[]{};
-
-        [JsonProperty("serviceObjects"), JsonPropertyName("serviceObjects")]
-        public NetworkService[] Services { get; set; } = new NetworkService[]{};
-
-        [JsonProperty("userObjects"), JsonPropertyName("userObjects")]
-        public NetworkUser[] Users { get; set; } = new NetworkUser[]{};
-
-        [JsonProperty("reportNetworkObjects"), JsonPropertyName("reportNetworkObjects")]
-        public NetworkObject[] ReportObjects { get; set; } = new NetworkObject[]{};
-
-        [JsonProperty("reportServiceObjects"), JsonPropertyName("reportServiceObjects")]
-        public NetworkService[] ReportServices { get; set; } = new NetworkService[]{};
-
-        [JsonProperty("reportUserObjects"), JsonPropertyName("reportUserObjects")]
-        public NetworkUser[] ReportUsers { get; set; } = new NetworkUser[]{};
-
         [JsonProperty("deviceType"), JsonPropertyName("deviceType")]
         public DeviceType DeviceType { get; set; } = new DeviceType();
 
@@ -86,21 +68,6 @@ public class Management
         public bool Delete { get; set; }
         public long ActionId { get; set; }
 
-        //[JsonProperty("rule_id"), JsonPropertyName("rule_id")]
-        public List<long> ReportedRuleIds { get; set; } = new List<long>();
-        public List<long> ReportedNetworkServiceIds { get; set; } = new List<long>();
-
-        [JsonProperty("objects_aggregate"), JsonPropertyName("objects_aggregate")]
-        public ObjectStatistics NetworkObjectStatistics { get; set; } = new ObjectStatistics();
-
-        [JsonProperty("services_aggregate"), JsonPropertyName("services_aggregate")]
-        public ObjectStatistics ServiceObjectStatistics { get; set; } = new ObjectStatistics();
-
-        [JsonProperty("usrs_aggregate"), JsonPropertyName("usrs_aggregate")]
-        public ObjectStatistics UserObjectStatistics { get; set; } = new ObjectStatistics();
-        
-        [JsonProperty("rules_aggregate"), JsonPropertyName("rules_aggregate")]
-        public ObjectStatistics RuleStatistics { get; set; } = new ObjectStatistics();
 
         public Management()
         {}
@@ -118,6 +85,7 @@ public Management(Management management)
             DomainUid = management.DomainUid;
             CloudSubscriptionId = management.CloudSubscriptionId;
             CloudTenantId = management.CloudTenantId;
+            SuperManagerId = management.SuperManagerId;
             ImporterHostname = management.ImporterHostname;
             Port = management.Port;
             ImportDisabled = management.ImportDisabled;
@@ -126,28 +94,19 @@ public Management(Management management)
             Comment = management.Comment;
             DebugLevel = management.DebugLevel;
             Devices = management.Devices;
-            Objects = management.Objects;
-            Services = management.Services;
-            Users = management.Users;
-            ReportObjects = management.ReportObjects;
-            ReportServices = management.ReportServices;
-            ReportUsers = management.ReportUsers;
-            DeviceType = management.DeviceType;
+            if (management.DeviceType != null)
+                DeviceType = new DeviceType(management.DeviceType);
             Import = management.Import;
-            Ignore = management.Ignore;
-            AwaitDevice = management.AwaitDevice;
-            Delete = management.Delete;
-            ActionId = management.ActionId;
-            ReportedRuleIds = management.ReportedRuleIds;
-            SuperManagerId = management.SuperManagerId;
-            ReportedNetworkServiceIds = management.ReportedNetworkServiceIds;
             if (management.Import != null && management.Import.ImportAggregate != null &&
                 management.Import.ImportAggregate.ImportAggregateMax != null &&
                 management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId != null)
+            {
                 RelevantImportId = management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId;
-
-            if (management.DeviceType != null)
-                DeviceType = new DeviceType(management.DeviceType);
+            }
+            Ignore = management.Ignore;
+            AwaitDevice = management.AwaitDevice;
+            Delete = management.Delete;
+            ActionId = management.ActionId;
         }
 
         public string Host()
@@ -163,7 +122,7 @@ public void AssignRuleNumbers()
             }
         }
 
-        public bool Sanitize()
+        public virtual bool Sanitize()
         {
             bool shortened = false;
             Name = Sanitizer.SanitizeMand(Name, ref shortened);
@@ -176,85 +135,10 @@ public bool Sanitize()
             CloudTenantId = Sanitizer.SanitizeOpt(CloudTenantId, ref shortened);
             return shortened;
         }
-    }
-
-    public static class ManagementUtility
-    {
-        public static bool Merge(this Management[] managements, Management[] managementsToMerge)
-        {
-            bool newObjects = false;
-
-            for (int i = 0; i < managementsToMerge.Length; i++)
-                newObjects |= managements[i].Merge(managementsToMerge[i]);
-
-            return newObjects;
-        }
-
-        public static bool Merge(this Management management, Management managementToMerge)
-        {
-            bool newObjects = false;
-
-            if (management.Objects != null && managementToMerge.Objects != null && managementToMerge.Objects.Length > 0)
-            {
-                management.Objects = management.Objects.Concat(managementToMerge.Objects).ToArray();
-                newObjects = true;
-            }
-
-            if (management.Services != null && managementToMerge.Services != null && managementToMerge.Services.Length > 0)
-            {
-                management.Services = management.Services.Concat(managementToMerge.Services).ToArray();
-                newObjects = true;
-            }
-
-            if (management.Users != null && managementToMerge.Users != null && managementToMerge.Users.Length > 0)
-            {
-                management.Users = management.Users.Concat(managementToMerge.Users).ToArray();
-                newObjects = true;
-            }
-
-            if (management.Devices != null && managementToMerge.Devices != null && managementToMerge.Devices.Length > 0)
-            {
-                // important: if any management still returns rules, newObjects is set to true
-                if (management.Devices.Merge(managementToMerge.Devices) == true)
-                    newObjects = true;
-            }
-            return newObjects;
-        }
-
-        public static bool MergeReportObjects(this Management management, Management managementToMerge)
-        {
-            bool newObjects = false;
-
-            if (management.ReportObjects != null && managementToMerge.ReportObjects != null && managementToMerge.ReportObjects.Length > 0)
-            {
-                management.ReportObjects = management.ReportObjects.Concat(managementToMerge.ReportObjects).ToArray();
-                newObjects = true;
-            }
-
-            if (management.ReportServices != null && managementToMerge.ReportServices != null && managementToMerge.ReportServices.Length > 0)
-            {
-                management.ReportServices = management.ReportServices.Concat(managementToMerge.ReportServices).ToArray();
-                newObjects = true;
-            }
-
-            if (management.ReportUsers != null && managementToMerge.ReportUsers != null && managementToMerge.ReportUsers.Length > 0)
-            {
-                management.ReportUsers = management.ReportUsers.Concat(managementToMerge.ReportUsers).ToArray();
-                newObjects = true;
-            }
-
-            if (management.Devices != null && managementToMerge.Devices != null && managementToMerge.Devices.Length > 0)
-            {
-                // important: if any management still returns rules, newObjects is set to true
-                if (management.Devices.Merge(managementToMerge.Devices) == true)
-                    newObjects = true;
-            }
-            return newObjects;
-        }
 
-        public static string NameAndDeviceNames(this Management management, string separator = ", ")
+        public string NameAndDeviceNames(string separator = ", ")
         {
-            return $"{management.Name} [{string.Join(separator, Array.ConvertAll(management.Devices, device => device.Name))}]";
+            return $"{Name} [{string.Join(separator, Array.ConvertAll(Devices, device => device.Name))}]";
         }
     }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/ManagementReport.cs b/roles/lib/files/FWO.Api.Client/Data/ManagementReport.cs
new file mode 100644
index 000000000..5178dcf24
--- /dev/null
+++ b/roles/lib/files/FWO.Api.Client/Data/ManagementReport.cs
@@ -0,0 +1,143 @@
+using Newtonsoft.Json;
+using System.Text.Json.Serialization;
+
+namespace FWO.Api.Data
+{
+    public class ManagementReport : Management
+    {
+        [JsonProperty("networkObjects"), JsonPropertyName("networkObjects")]
+        public NetworkObject[] Objects { get; set; } = new NetworkObject[]{};
+
+        [JsonProperty("serviceObjects"), JsonPropertyName("serviceObjects")]
+        public NetworkService[] Services { get; set; } = new NetworkService[]{};
+
+        [JsonProperty("userObjects"), JsonPropertyName("userObjects")]
+        public NetworkUser[] Users { get; set; } = new NetworkUser[]{};
+
+        [JsonProperty("reportNetworkObjects"), JsonPropertyName("reportNetworkObjects")]
+        public NetworkObject[] ReportObjects { get; set; } = new NetworkObject[]{};
+
+        [JsonProperty("reportServiceObjects"), JsonPropertyName("reportServiceObjects")]
+        public NetworkService[] ReportServices { get; set; } = new NetworkService[]{};
+
+        [JsonProperty("reportUserObjects"), JsonPropertyName("reportUserObjects")]
+        public NetworkUser[] ReportUsers { get; set; } = new NetworkUser[]{};
+
+
+        //[JsonProperty("rule_id"), JsonPropertyName("rule_id")]
+        public List<long> ReportedRuleIds { get; set; } = new List<long>();
+        public List<long> ReportedNetworkServiceIds { get; set; } = new List<long>();
+
+        [JsonProperty("objects_aggregate"), JsonPropertyName("objects_aggregate")]
+        public ObjectStatistics NetworkObjectStatistics { get; set; } = new ObjectStatistics();
+
+        [JsonProperty("services_aggregate"), JsonPropertyName("services_aggregate")]
+        public ObjectStatistics ServiceObjectStatistics { get; set; } = new ObjectStatistics();
+
+        [JsonProperty("usrs_aggregate"), JsonPropertyName("usrs_aggregate")]
+        public ObjectStatistics UserObjectStatistics { get; set; } = new ObjectStatistics();
+        
+        [JsonProperty("rules_aggregate"), JsonPropertyName("rules_aggregate")]
+        public ObjectStatistics RuleStatistics { get; set; } = new ObjectStatistics();
+
+        public ManagementReport()
+        {}
+
+        public ManagementReport(ManagementReport managementReport) : base(managementReport)
+        {
+            Objects = managementReport.Objects;
+            Services = managementReport.Services;
+            Users = managementReport.Users;
+            ReportObjects = managementReport.ReportObjects;
+            ReportServices = managementReport.ReportServices;
+            ReportUsers = managementReport.ReportUsers;
+            ReportedRuleIds = managementReport.ReportedRuleIds;
+            ReportedNetworkServiceIds = managementReport.ReportedNetworkServiceIds;
+            NetworkObjectStatistics = managementReport.NetworkObjectStatistics;
+            ServiceObjectStatistics = managementReport.ServiceObjectStatistics;
+            UserObjectStatistics = managementReport.UserObjectStatistics;
+            RuleStatistics = managementReport.RuleStatistics;
+        }
+
+        public override bool Sanitize()
+        {
+            bool shortened = base.Sanitize();
+            return shortened;
+        }
+    }
+
+    public static class ManagementUtility
+    {
+        public static bool Merge(this ManagementReport[] managements, ManagementReport[] managementsToMerge)
+        {
+            bool newObjects = false;
+
+            for (int i = 0; i < managementsToMerge.Length; i++)
+                newObjects |= managements[i].Merge(managementsToMerge[i]);
+
+            return newObjects;
+        }
+
+        public static bool Merge(this ManagementReport managementReport, ManagementReport managementToMerge)
+        {
+            bool newObjects = false;
+
+            if (managementReport.Objects != null && managementToMerge.Objects != null && managementToMerge.Objects.Length > 0)
+            {
+                managementReport.Objects = managementReport.Objects.Concat(managementToMerge.Objects).ToArray();
+                newObjects = true;
+            }
+
+            if (managementReport.Services != null && managementToMerge.Services != null && managementToMerge.Services.Length > 0)
+            {
+                managementReport.Services = managementReport.Services.Concat(managementToMerge.Services).ToArray();
+                newObjects = true;
+            }
+
+            if (managementReport.Users != null && managementToMerge.Users != null && managementToMerge.Users.Length > 0)
+            {
+                managementReport.Users = managementReport.Users.Concat(managementToMerge.Users).ToArray();
+                newObjects = true;
+            }
+
+            if (managementReport.Devices != null && managementToMerge.Devices != null && managementToMerge.Devices.Length > 0)
+            {
+                // important: if any management still returns rules, newObjects is set to true
+                if (managementReport.Devices.Merge(managementToMerge.Devices) == true)
+                    newObjects = true;
+            }
+            return newObjects;
+        }
+
+        public static bool MergeReportObjects(this ManagementReport managementReport, ManagementReport managementToMerge)
+        {
+            bool newObjects = false;
+
+            if (managementReport.ReportObjects != null && managementToMerge.ReportObjects != null && managementToMerge.ReportObjects.Length > 0)
+            {
+                managementReport.ReportObjects = managementReport.ReportObjects.Concat(managementToMerge.ReportObjects).ToArray();
+                newObjects = true;
+            }
+
+            if (managementReport.ReportServices != null && managementToMerge.ReportServices != null && managementToMerge.ReportServices.Length > 0)
+            {
+                managementReport.ReportServices = managementReport.ReportServices.Concat(managementToMerge.ReportServices).ToArray();
+                newObjects = true;
+            }
+
+            if (managementReport.ReportUsers != null && managementToMerge.ReportUsers != null && managementToMerge.ReportUsers.Length > 0)
+            {
+                managementReport.ReportUsers = managementReport.ReportUsers.Concat(managementToMerge.ReportUsers).ToArray();
+                newObjects = true;
+            }
+
+            if (managementReport.Devices != null && managementToMerge.Devices != null && managementToMerge.Devices.Length > 0)
+            {
+                // important: if any management still returns rules, newObjects is set to true
+                if (managementReport.Devices.Merge(managementToMerge.Devices) == true)
+                    newObjects = true;
+            }
+            return newObjects;
+        }
+    }
+}
diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index 1cc2c3b10..b98e668c1 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -85,7 +85,7 @@ public ReportBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType repor
             ReportType = reportType;
         }
 
-        public virtual Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct)
+        public virtual Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback, CancellationToken ct)
         {
             throw new NotImplementedException();
         }
@@ -94,7 +94,7 @@ public virtual Task GenerateCon(int _, ApiConnection apiConnection, Func<List<Mo
             throw new NotImplementedException();
         }
 
-        public virtual Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback) // to be called when exporting
+        public virtual Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback) // to be called when exporting
         {
             throw new NotImplementedException();
         }
@@ -103,7 +103,7 @@ public virtual Task<bool> GetConObjectsInReport(int objectsPerFetch, ApiConnecti
             throw new NotImplementedException();
         }
 
-        public virtual Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback)
+        public virtual Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
         {
             throw new NotImplementedException();
         }
diff --git a/roles/lib/files/FWO.Report/ReportChanges.cs b/roles/lib/files/FWO.Report/ReportChanges.cs
index 05bca8474..51a460293 100644
--- a/roles/lib/files/FWO.Report/ReportChanges.cs
+++ b/roles/lib/files/FWO.Report/ReportChanges.cs
@@ -15,14 +15,14 @@ public class ReportChanges : ReportDevicesBase
 
         public ReportChanges(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
 
-        public override async Task GenerateMgt(int changesPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct)
+        public override async Task GenerateMgt(int changesPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback, CancellationToken ct)
         {
             Query.QueryVariables["limit"] = changesPerFetch;
             Query.QueryVariables["offset"] = 0;
             bool gotNewObjects = true;
-            Managements = Array.Empty<Management>();
+            ManagementReports = Array.Empty<ManagementReport>();
 
-            Managements = await apiConnection.SendQueryAsync<Management[]>(Query.FullQuery, Query.QueryVariables);
+            ManagementReports = await apiConnection.SendQueryAsync<ManagementReport[]>(Query.FullQuery, Query.QueryVariables);
 
             while (gotNewObjects)
             {
@@ -32,20 +32,20 @@ public override async Task GenerateMgt(int changesPerFetch, ApiConnection apiCon
                     ct.ThrowIfCancellationRequested();
                 }
                 Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + changesPerFetch;
-                gotNewObjects = Managements.Merge(await apiConnection.SendQueryAsync<Management[]>(Query.FullQuery, Query.QueryVariables));
-                await callback(Managements);
+                gotNewObjects = ManagementReports.Merge(await apiConnection.SendQueryAsync<ManagementReport[]>(Query.FullQuery, Query.QueryVariables));
+                await callback(ManagementReports);
             }
         }
 
-        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback)
+        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
         {
-            await callback(Managements);
+            await callback(ManagementReports);
             // currently no further objects to be fetched
             GotObjectsInReport = true;
             return true;
         }
 
-        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback)
+        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
         {
             throw new NotImplementedException();
         }
@@ -55,7 +55,7 @@ public override string SetDescription()
             int managementCounter = 0;
             int deviceCounter = 0;
             int ruleChangeCounter = 0;
-            foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            foreach (var management in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0)))
             {
                 managementCounter++;
@@ -78,7 +78,7 @@ public override string ExportToCsv()
                 report.Append(DisplayReportHeaderCsv());
                 report.AppendLine($"\"management-name\",\"device-name\",\"change-time\",\"change-type\",\"rule-name\",\"source-zone\",\"source\",\"destination-zone\",\"destination\",\"service\",\"action\",\"track\",\"rule-enabled\",\"rule-uid\",\"rule-comment\"");
 
-                foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+                foreach (var management in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                         Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0)))
                 {
                     foreach (Device gateway in management.Devices)
@@ -121,7 +121,7 @@ public override string ExportToHtml()
             StringBuilder report = new StringBuilder();
             RuleChangeDisplayHtml ruleChangeDisplayHtml = new RuleChangeDisplayHtml(userConfig);
 
-            foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            foreach (var management in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0)))
             {
                 report.AppendLine($"<h3>{management.Name}</h3>");
@@ -192,7 +192,7 @@ public override string ExportToJson()
             }
             else if (ReportType.IsChangeReport())
             {
-                return System.Text.Json.JsonSerializer.Serialize(Managements.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true });
+                return System.Text.Json.JsonSerializer.Serialize(ManagementReports.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true });
             }
             else
             {
@@ -206,7 +206,7 @@ private string ExportResolvedChangesToJson()
             report.Append(DisplayReportHeaderJson());
             report.AppendLine("\"managements\": [");
             RuleChangeDisplayJson ruleChangeDisplayJson = new RuleChangeDisplayJson(userConfig);
-            foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            foreach (var management in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0)))
             {
                 report.AppendLine($"{{\"{management.Name}\": {{");
diff --git a/roles/lib/files/FWO.Report/ReportDevicesBase.cs b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
index 0044a32bd..8b5cb76ad 100644
--- a/roles/lib/files/FWO.Report/ReportDevicesBase.cs
+++ b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
@@ -9,17 +9,17 @@ namespace FWO.Report
 {
     public abstract class ReportDevicesBase : ReportBase
     {
-        public Management[] Managements = new Management[] { };
+        public ManagementReport[] ManagementReports = new ManagementReport[] { };
 
         public ReportDevicesBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType reportType) : base (query, UserConfig, reportType)
         {}
 
-        public async Task<Management[]> getRelevantImportIds(ApiConnection apiConnection)
+        public async Task<ManagementReport[]> getRelevantImportIds(ApiConnection apiConnection)
         {
             Dictionary<string, object> ImpIdQueryVariables = new Dictionary<string, object>();
             ImpIdQueryVariables["time"] = Query.ReportTimeString != "" ? Query.ReportTimeString : DateTime.Now.ToString(DynGraphqlQuery.fullTimeFormat);
             ImpIdQueryVariables["mgmIds"] = Query.RelevantManagementIds;
-            return await apiConnection.SendQueryAsync<Management[]>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables);
+            return await apiConnection.SendQueryAsync<ManagementReport[]>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables);
         }
 
         public static async Task<(List<string> unsupportedList, DeviceFilter reducedDeviceFilter)> GetUsageDataUnsupportedDevices(ApiConnection apiConnection, DeviceFilter deviceFilter)
@@ -48,7 +48,7 @@ private static async Task<bool> UsageDataAvailable(ApiConnection apiConnection,
         {
             try
             {
-                return (await apiConnection.SendQueryAsync<AggregateCount>(FWO.Api.Client.Queries.ReportQueries.getUsageDataCount, new {devId = devId})).Aggregate.Count > 0;
+                return (await apiConnection.SendQueryAsync<AggregateCount>(ReportQueries.getUsageDataCount, new {devId = devId})).Aggregate.Count > 0;
             }
             catch(Exception)
             {
@@ -58,7 +58,7 @@ private static async Task<bool> UsageDataAvailable(ApiConnection apiConnection,
 
         public override bool NoRuleFound()
         {
-            foreach(var mgmt in Managements)
+            foreach(var mgmt in ManagementReports)
             {
                 foreach(var dev in mgmt.Devices)
                 {
@@ -78,7 +78,7 @@ public override bool NoRuleFound()
         public override string SetDescription()
         {
             int managementCounter = 0;
-            foreach (var management in Managements.Where(mgt => !mgt.Ignore))
+            foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore))
             {
                 managementCounter++;
             }
@@ -87,14 +87,14 @@ public override string SetDescription()
 
         public string DisplayReportHeaderJson()
         {
-            StringBuilder report = new StringBuilder();
+            StringBuilder report = new ();
             report.AppendLine($"\"report type\": \"{userConfig.GetText(ReportType.ToString())}\",");
             report.AppendLine($"\"report generation date\": \"{DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\",");
             if(!ReportType.IsChangeReport())
             {
                 report.AppendLine($"\"date of configuration shown\": \"{DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\",");
             }
-            report.AppendLine($"\"device filter\": \"{string.Join("; ", Array.ConvertAll(Managements, management => management.NameAndDeviceNames()))}\",");
+            report.AppendLine($"\"device filter\": \"{string.Join("; ", Array.ConvertAll(ManagementReports, m => m.NameAndDeviceNames()))}\",");
             report.AppendLine($"\"other filters\": \"{Query.RawFilter}\",");
             report.AppendLine($"\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\",");
             report.AppendLine($"\"data protection level\": \"For internal use only\",");
@@ -103,14 +103,14 @@ public string DisplayReportHeaderJson()
 
         public string DisplayReportHeaderCsv()
         {
-            StringBuilder report = new StringBuilder();
+            StringBuilder report = new ();
             report.AppendLine($"# report type: {userConfig.GetText(ReportType.ToString())}");
             report.AppendLine($"# report generation date: {DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)");
             if(!ReportType.IsChangeReport())
             {
                 report.AppendLine($"# date of configuration shown: {DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)");
             }
-            report.AppendLine($"# device filter: {string.Join(" ", Array.ConvertAll(Managements.Where(mgt => !mgt.Ignore).ToArray(), management => management.NameAndDeviceNames(" ")))}");
+            report.AppendLine($"# device filter: {string.Join(" ", Array.ConvertAll(ManagementReports.Where(mgt => !mgt.Ignore).ToArray(), m => m.NameAndDeviceNames(" ")))}");
             report.AppendLine($"# other filters: {Query.RawFilter}");
             report.AppendLine($"# report generator: Firewall Orchestrator - https://fwo.cactus.de/en");
             report.AppendLine($"# data protection level: For internal use only");
@@ -138,7 +138,7 @@ protected string GenerateHtmlFrame(string title, string filter, DateTime date, S
                     HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##", userConfig.GetText("date_of_config"));
                     HtmlTemplate = HtmlTemplate.Replace("##GeneratedFor##", ToUtcString(Query.ReportTimeString));
                 }
-                HtmlTemplate = HtmlTemplate.Replace("##DeviceFilter##", string.Join("; ", Array.ConvertAll(Managements.Where(mgt => !mgt.Ignore).ToArray(), management => management.NameAndDeviceNames())));
+                HtmlTemplate = HtmlTemplate.Replace("##DeviceFilter##", string.Join("; ", Array.ConvertAll(ManagementReports.Where(mgt => !mgt.Ignore).ToArray(), m => m.NameAndDeviceNames())));
                 HtmlTemplate = HtmlTemplate.Replace("##Body##", htmlReport.ToString());
                 htmlExport = HtmlTemplate.ToString();
             }
diff --git a/roles/lib/files/FWO.Report/ReportNatRules.cs b/roles/lib/files/FWO.Report/ReportNatRules.cs
index dec73044f..72cad0c22 100644
--- a/roles/lib/files/FWO.Report/ReportNatRules.cs
+++ b/roles/lib/files/FWO.Report/ReportNatRules.cs
@@ -14,15 +14,15 @@ public ReportNatRules(DynGraphqlQuery query, UserConfig userConfig, ReportType r
 
         public override string ExportToHtml()
         {
-            StringBuilder report = new StringBuilder();
-            NatRuleDisplayHtml ruleDisplay = new NatRuleDisplayHtml(userConfig);
+            StringBuilder report = new ();
+            NatRuleDisplayHtml ruleDisplay = new (userConfig);
 
-            foreach (Management management in Managements.Where(mgt => !mgt.Ignore))
+            foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore))
             {
-                report.AppendLine($"<h3>{management.Name}</h3>");
+                report.AppendLine($"<h3>{managementReport.Name}</h3>");
                 report.AppendLine("<hr>");
 
-                foreach (Device device in management.Devices)
+                foreach (Device device in managementReport.Devices)
                 {
                     if (device.Rules != null && device.Rules.Length > 0)
                     {
@@ -81,7 +81,7 @@ public override string ExportToHtml()
                 // show all objects used in this management's rules
 
                 int objNumber = 1;
-                if (management.ReportObjects != null)
+                if (managementReport.ReportObjects != null)
                 {
                     report.AppendLine($"<h4>{userConfig.GetText("network_objects")}</h4>");
                     report.AppendLine("<hr>");
@@ -95,7 +95,7 @@ public override string ExportToHtml()
                     report.AppendLine($"<th>{userConfig.GetText("uid")}</th>");
                     report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                     report.AppendLine("</tr>");
-                    foreach (NetworkObject nwobj in management.ReportObjects)
+                    foreach (NetworkObject nwobj in managementReport.ReportObjects)
                     {
                         report.AppendLine("<tr>");
                         report.AppendLine($"<td>{objNumber++}</td>");
@@ -113,7 +113,7 @@ public override string ExportToHtml()
                     report.AppendLine("</table>");
                 }
 
-                if (management.ReportServices != null)
+                if (managementReport.ReportServices != null)
                 {
                     report.AppendLine($"<h4>{userConfig.GetText("network_services")}</h4>");
                     report.AppendLine("<hr>");
@@ -129,7 +129,7 @@ public override string ExportToHtml()
                     report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                     report.AppendLine("</tr>");
                     objNumber = 1;
-                    foreach (NetworkService svcobj in management.ReportServices)
+                    foreach (NetworkService svcobj in managementReport.ReportServices)
                     {
                         report.AppendLine("<tr>");
                         report.AppendLine($"<td>{objNumber++}</td>");
@@ -151,7 +151,7 @@ public override string ExportToHtml()
                     report.AppendLine("</table>");
                 }
 
-                if (management.ReportUsers != null)
+                if (managementReport.ReportUsers != null)
                 {
                     report.AppendLine($"<h4>{userConfig.GetText("users")}</h4>");
                     report.AppendLine("<hr>");
@@ -165,7 +165,7 @@ public override string ExportToHtml()
                     report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                     report.AppendLine("</tr>");
                     objNumber = 1;
-                    foreach (NetworkUser userobj in management.ReportUsers)
+                    foreach (NetworkUser userobj in managementReport.ReportUsers)
                     {
                         report.AppendLine("<tr>");
                         report.AppendLine($"<td>{objNumber++}</td>");
diff --git a/roles/lib/files/FWO.Report/ReportRules.cs b/roles/lib/files/FWO.Report/ReportRules.cs
index 685bb500e..0ab3d7d5d 100644
--- a/roles/lib/files/FWO.Report/ReportRules.cs
+++ b/roles/lib/files/FWO.Report/ReportRules.cs
@@ -17,15 +17,15 @@ public class ReportRules : ReportDevicesBase
 
         public ReportRules(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
 
-        public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct)
+        public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback, CancellationToken ct)
         {
             Query.QueryVariables["limit"] = rulesPerFetch;
             Query.QueryVariables["offset"] = 0;
             bool gotNewObjects = true;
 
-            Management[] managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
+            ManagementReport[] managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
 
-            Managements = new Management[managementsWithRelevantImportId.Length];
+            ManagementReports = new ManagementReport[managementsWithRelevantImportId.Length];
             int i;
             for (i = 0; i < managementsWithRelevantImportId.Length; i++)
             {
@@ -33,8 +33,8 @@ public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConne
                 Query.QueryVariables["mgmId"] = managementsWithRelevantImportId[i].Id;
                 if (ReportType != ReportType.Recertification)
                     Query.QueryVariables["relevantImportId"] = managementsWithRelevantImportId[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1 /* managment was not yet imported at that time */;
-                Managements[i] = (await apiConnection.SendQueryAsync<Management[]>(Query.FullQuery, Query.QueryVariables))[0];
-                Managements[i].Import = managementsWithRelevantImportId[i].Import;
+                ManagementReports[i] = (await apiConnection.SendQueryAsync<ManagementReport[]>(Query.FullQuery, Query.QueryVariables))[0];
+                ManagementReports[i].Import = managementsWithRelevantImportId[i].Import;
             }
 
             while (gotNewObjects)
@@ -51,27 +51,27 @@ public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConne
                     Query.QueryVariables["mgmId"] = managementsWithRelevantImportId[i].Id;
                     if (ReportType != ReportType.Recertification)
                         Query.QueryVariables["relevantImportId"] = managementsWithRelevantImportId[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1; /* managment was not yet imported at that time */;
-                    gotNewObjects |= Managements[i].Merge((await apiConnection.SendQueryAsync<Management[]>(Query.FullQuery, Query.QueryVariables))[0]);
+                    gotNewObjects |= ManagementReports[i].Merge((await apiConnection.SendQueryAsync<ManagementReport[]>(Query.FullQuery, Query.QueryVariables))[0]);
                 }
-                await callback(Managements);
+                await callback(ManagementReports);
             }
             SetReportedRuleIds();
         }
 
-        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback) // to be called when exporting
+        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback) // to be called when exporting
         {
             bool gotAllObjects = true; //whether the fetch count limit was reached during fetching
 
             if (!GotObjectsInReport)
             {
-                foreach (Management management in Managements)
+                foreach (var managementReport in ManagementReports)
                 {
-                    if (management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId is not null)
+                    if (managementReport.Import.ImportAggregate.ImportAggregateMax.RelevantImportId is not null)
                     {
                         // set query variables for object query
                         var objQueryVariables = new Dictionary<string, object>
                         {
-                            { "mgmIds", management.Id },
+                            { "mgmIds", managementReport.Id },
                             { "limit", objectsPerFetch },
                             { "offset", 0 },
                         };
@@ -86,16 +86,16 @@ public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiC
             return gotAllObjects;
         }
 
-        public override async Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback)
+        public override async Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
         {
             if (!objQueryVariables.ContainsKey("mgmIds") || !objQueryVariables.ContainsKey("limit") || !objQueryVariables.ContainsKey("offset"))
                 throw new ArgumentException("Given objQueryVariables dictionary does not contain variable for management id, limit or offset");
 
             int mid = (int)objQueryVariables.GetValueOrDefault("mgmIds")!;
-            Management management = Managements.FirstOrDefault(m => m.Id == mid) ?? throw new ArgumentException("Given management id does not exist for this report");
+            ManagementReport managementReport = ManagementReports.FirstOrDefault(m => m.Id == mid) ?? throw new ArgumentException("Given management id does not exist for this report");
 
-            objQueryVariables.Add("ruleIds", "{" + string.Join(", ", management.ReportedRuleIds) + "}");
-            objQueryVariables.Add("importId", management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId!);
+            objQueryVariables.Add("ruleIds", "{" + string.Join(", ", managementReport.ReportedRuleIds) + "}");
+            objQueryVariables.Add("importId", managementReport.Import.ImportAggregate.ImportAggregateMax.RelevantImportId!);
 
             string query = "";
             switch (objects)
@@ -113,11 +113,11 @@ public override async Task<bool> GetObjectsForManagementInReport(Dictionary<stri
             bool newObjects = true;
             int fetchCount = 0;
             int elementsPerFetch = (int)objQueryVariables.GetValueOrDefault("limit")!;
-            Management filteredObjects;
-            Management allFilteredObjects = new Management();
+            ManagementReport filteredObjects;
+            ManagementReport allFilteredObjects = new ();
             while (newObjects && ++fetchCount <= maxFetchCycles)
             {
-                filteredObjects = (await apiConnection.SendQueryAsync<Management[]>(query, objQueryVariables))[0];
+                filteredObjects = (await apiConnection.SendQueryAsync<ManagementReport[]>(query, objQueryVariables))[0];
 
                 if (fetchCount == 1)
                 {
@@ -129,15 +129,15 @@ public override async Task<bool> GetObjectsForManagementInReport(Dictionary<stri
                 }
 
                 if (objects == ObjCategory.all || objects == ObjCategory.nobj)
-                    management.ReportObjects = allFilteredObjects.ReportObjects;
+                    managementReport.ReportObjects = allFilteredObjects.ReportObjects;
                 if (objects == ObjCategory.all || objects == ObjCategory.nsrv)
-                    management.ReportServices = allFilteredObjects.ReportServices;
+                    managementReport.ReportServices = allFilteredObjects.ReportServices;
                 if (objects == ObjCategory.all || objects == ObjCategory.user)
-                    management.ReportUsers = allFilteredObjects.ReportUsers;
+                    managementReport.ReportUsers = allFilteredObjects.ReportUsers;
 
                 objQueryVariables["offset"] = (int)objQueryVariables["offset"] + elementsPerFetch;
 
-                await callback(Managements);
+                await callback(ManagementReports);
             }
 
             Log.WriteDebug("Lazy Fetch", $"Fetched sidebar objects in {fetchCount - 1} cycle(s) ({elementsPerFetch} at a time)");
@@ -150,11 +150,11 @@ public override string SetDescription()
             int managementCounter = 0;
             int deviceCounter = 0;
             int ruleCounter = 0;
-            foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0)))
             {
                 managementCounter++;
-                foreach (Device device in management.Devices.Where(dev => dev.Rules != null && dev.Rules.Length > 0))
+                foreach (Device device in managementReport.Devices.Where(dev => dev.Rules != null && dev.Rules.Length > 0))
                 {
                     deviceCounter++;
                     ruleCounter += device.Rules!.Length;
@@ -165,7 +165,7 @@ public override string SetDescription()
 
         private void SetReportedRuleIds()
         {
-            foreach (Management mgt in Managements)
+            foreach (var mgt in ManagementReports)
             {
                 foreach (Device dev in mgt.Devices.Where(d => (d.Rules != null && d.Rules.Length > 0)))
                 {
@@ -182,16 +182,16 @@ public override string ExportToCsv()
         {
             if (ReportType.IsResolvedReport())
             {
-                StringBuilder report = new StringBuilder();
-                RuleDisplayCsv ruleDisplayCsv = new RuleDisplayCsv(userConfig);
+                StringBuilder report = new ();
+                RuleDisplayCsv ruleDisplayCsv = new (userConfig);
 
                 report.Append(DisplayReportHeaderCsv());
                 report.AppendLine($"\"management-name\",\"device-name\",\"rule-number\",\"rule-name\",\"source-zone\",\"source\",\"destination-zone\",\"destination\",\"service\",\"action\",\"track\",\"rule-enabled\",\"rule-uid\",\"rule-comment\"");
 
-                foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+                foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                         Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0)))
                 {
-                    foreach (Device gateway in management.Devices)
+                    foreach (Device gateway in managementReport.Devices)
                     {
                         if (gateway.Rules != null && gateway.Rules.Length > 0)
                         {
@@ -199,7 +199,7 @@ public override string ExportToCsv()
                             {
                                 if (string.IsNullOrEmpty(rule.SectionHeader))
                                 {
-                                    report.Append(ruleDisplayCsv.OutputCsv(management.Name));
+                                    report.Append(ruleDisplayCsv.OutputCsv(managementReport.Name));
                                     report.Append(ruleDisplayCsv.OutputCsv(gateway.Name));
                                     report.Append(ruleDisplayCsv.DisplayNumberCsv(rule));
                                     report.Append(ruleDisplayCsv.DisplayNameCsv(rule));
@@ -243,7 +243,7 @@ public override string ExportToJson()
             }
             else if (ReportType.IsRuleReport())
             {
-                return System.Text.Json.JsonSerializer.Serialize(Managements.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true });
+                return System.Text.Json.JsonSerializer.Serialize(ManagementReports.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true });
             }
             else
             {
@@ -253,16 +253,16 @@ public override string ExportToJson()
 
         private string ExportResolvedRulesToJson()
         {
-            StringBuilder report = new StringBuilder("{");
+            StringBuilder report = new ("{");
             report.Append(DisplayReportHeaderJson());
             report.AppendLine("\"managements\": [");
-            RuleDisplayJson ruleDisplayJson = new RuleDisplayJson(userConfig);
-            foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            RuleDisplayJson ruleDisplayJson = new (userConfig);
+            foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0)))
             {
-                report.AppendLine($"{{\"{management.Name}\": {{");
+                report.AppendLine($"{{\"{managementReport.Name}\": {{");
                 report.AppendLine($"\"gateways\": [");
-                foreach (Device gateway in management.Devices)
+                foreach (Device gateway in managementReport.Devices)
                 {
                     if (gateway.Rules != null && gateway.Rules.Length > 0)
                     {
@@ -311,25 +311,25 @@ private string ExportResolvedRulesToJson()
             report.Append("}"); // EO top
 
             dynamic? json = JsonConvert.DeserializeObject(report.ToString());
-            JsonSerializerSettings settings = new JsonSerializerSettings();
+            JsonSerializerSettings settings = new ();
             settings.Formatting = Formatting.Indented;
-            return Newtonsoft.Json.JsonConvert.SerializeObject(json, settings);            
+            return JsonConvert.SerializeObject(json, settings);            
         }
 
         public override string ExportToHtml()
         {
-            StringBuilder report = new StringBuilder();
-            RuleDisplayHtml ruleDisplayHtml = new RuleDisplayHtml(userConfig);
+            StringBuilder report = new ();
+            RuleDisplayHtml ruleDisplayHtml = new (userConfig);
 
-            foreach (Management management in Managements.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0)))
             {
-                management.AssignRuleNumbers();
+                managementReport.AssignRuleNumbers();
 
-                report.AppendLine($"<h3>{management.Name}</h3>");
+                report.AppendLine($"<h3>{managementReport.Name}</h3>");
                 report.AppendLine("<hr>");
 
-                foreach (Device device in management.Devices)
+                foreach (Device device in managementReport.Devices)
                 {
                     if (device.Rules != null && device.Rules.Length > 0)
                     {
@@ -338,7 +338,7 @@ public override string ExportToHtml()
                 }
 
                 // show all objects used in this management's rules
-                appendObjectsForManagementHtml(ref report, management);
+                appendObjectsForManagementHtml(ref report, managementReport);
             }
 
             return GenerateHtmlFrame(userConfig.GetText(ReportType.ToString()), Query.RawFilter, DateTime.Now, report);
@@ -422,17 +422,17 @@ private void appendRulesForDeviceHtml(ref StringBuilder report, Device device, R
             }
         }
 
-        private void appendObjectsForManagementHtml(ref StringBuilder report, Management management)
+        private void appendObjectsForManagementHtml(ref StringBuilder report, ManagementReport managementReport)
         {
             int objNumber = 1;
-            appendNetworkObjectsForManagementHtml(ref report, ref objNumber, management);
-            appendNetworkServicesForManagementHtml(ref report, ref objNumber, management);
-            appendUsersForManagementHtml(ref report, ref objNumber, management);
+            appendNetworkObjectsForManagementHtml(ref report, ref objNumber, managementReport);
+            appendNetworkServicesForManagementHtml(ref report, ref objNumber, managementReport);
+            appendUsersForManagementHtml(ref report, ref objNumber, managementReport);
         }
 
-        private void appendNetworkObjectsForManagementHtml(ref StringBuilder report, ref int objNumber, Management management)
+        private void appendNetworkObjectsForManagementHtml(ref StringBuilder report, ref int objNumber, ManagementReport managementReport)
         {
-            if (management.ReportObjects != null && !ReportType.IsResolvedReport())
+            if (managementReport.ReportObjects != null && !ReportType.IsResolvedReport())
             {
                 report.AppendLine($"<h4>{userConfig.GetText("network_objects")}</h4>");
                 report.AppendLine("<hr>");
@@ -446,7 +446,7 @@ private void appendNetworkObjectsForManagementHtml(ref StringBuilder report, ref
                 report.AppendLine($"<th>{userConfig.GetText("uid")}</th>");
                 report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                 report.AppendLine("</tr>");
-                foreach (NetworkObject nwobj in management.ReportObjects)
+                foreach (NetworkObject nwobj in managementReport.ReportObjects)
                 {
                     report.AppendLine("<tr>");
                     report.AppendLine($"<td>{objNumber++}</td>");
@@ -465,9 +465,9 @@ private void appendNetworkObjectsForManagementHtml(ref StringBuilder report, ref
             }
         }
 
-        private void appendNetworkServicesForManagementHtml(ref StringBuilder report, ref int objNumber, Management management)
+        private void appendNetworkServicesForManagementHtml(ref StringBuilder report, ref int objNumber, ManagementReport managementReport)
         {
-            if (management.ReportServices != null && !ReportType.IsResolvedReport())
+            if (managementReport.ReportServices != null && !ReportType.IsResolvedReport())
             {
                 report.AppendLine($"<h4>{userConfig.GetText("network_services")}</h4>");
                 report.AppendLine("<hr>");
@@ -483,7 +483,7 @@ private void appendNetworkServicesForManagementHtml(ref StringBuilder report, re
                 report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                 report.AppendLine("</tr>");
                 objNumber = 1;
-                foreach (NetworkService svcobj in management.ReportServices)
+                foreach (NetworkService svcobj in managementReport.ReportServices)
                 {
                     report.AppendLine("<tr>");
                     report.AppendLine($"<td>{objNumber++}</td>");
@@ -506,9 +506,9 @@ private void appendNetworkServicesForManagementHtml(ref StringBuilder report, re
             }
         }
 
-        private void appendUsersForManagementHtml(ref StringBuilder report, ref int objNumber, Management management)
+        private void appendUsersForManagementHtml(ref StringBuilder report, ref int objNumber, ManagementReport managementReport)
         {
-            if (management.ReportUsers != null && !ReportType.IsResolvedReport())
+            if (managementReport.ReportUsers != null && !ReportType.IsResolvedReport())
             {
                 report.AppendLine($"<h4>{userConfig.GetText("users")}</h4>");
                 report.AppendLine("<hr>");
@@ -522,7 +522,7 @@ private void appendUsersForManagementHtml(ref StringBuilder report, ref int objN
                 report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                 report.AppendLine("</tr>");
                 objNumber = 1;
-                foreach (NetworkUser userobj in management.ReportUsers)
+                foreach (NetworkUser userobj in managementReport.ReportUsers)
                 {
                     report.AppendLine("<tr>");
                     report.AppendLine($"<td>{objNumber++}</td>");
diff --git a/roles/lib/files/FWO.Report/ReportStatistics.cs b/roles/lib/files/FWO.Report/ReportStatistics.cs
index 1d4bcfbc0..60b5524b9 100644
--- a/roles/lib/files/FWO.Report/ReportStatistics.cs
+++ b/roles/lib/files/FWO.Report/ReportStatistics.cs
@@ -11,18 +11,18 @@ namespace FWO.Report
     public class ReportStatistics : ReportDevicesBase
     {
         // TODO: Currently generated in Report.razor as well as here, because of export. Remove dupliacte.
-        private Management globalStatisticsManagement = new Management();
+        private ManagementReport globalStatisticsManagement = new ();
 
         public ReportStatistics(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
 
 
-        public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<Management[], Task> callback, CancellationToken ct)
+        public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<ManagementReport[], Task> callback, CancellationToken ct)
         {
-            Management[] managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
+            ManagementReport[] managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
 
-            List<Management> resultList = new List<Management>();
+            List<ManagementReport> resultList = new ();
 
-            foreach (Management relevantMgmt in managementsWithRelevantImportId)
+            foreach (ManagementReport relevantMgmt in managementsWithRelevantImportId)
             {
                 if (ct.IsCancellationRequested)
                 {
@@ -33,12 +33,12 @@ public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<
                 // setting mgmt and relevantImporId QueryVariables 
                 Query.QueryVariables["mgmId"] = relevantMgmt.Id;
                 Query.QueryVariables["relevantImportId"] = relevantMgmt.Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1 /* managment was not yet imported at that time */;
-                resultList.Add((await apiConnection.SendQueryAsync<Management[]>(Query.FullQuery, Query.QueryVariables))[0]);
+                resultList.Add((await apiConnection.SendQueryAsync<ManagementReport[]>(Query.FullQuery, Query.QueryVariables))[0]);
             }
-            Managements = resultList.ToArray();
-            await callback(Managements);
+            ManagementReports = resultList.ToArray();
+            await callback(ManagementReports);
 
-            foreach (Management mgm in Managements.Where(mgt => !mgt.Ignore))
+            foreach (ManagementReport mgm in ManagementReports.Where(mgt => !mgt.Ignore))
             {
                 globalStatisticsManagement.RuleStatistics.ObjectAggregate.ObjectCount += mgm.RuleStatistics.ObjectAggregate.ObjectCount;
                 globalStatisticsManagement.NetworkObjectStatistics.ObjectAggregate.ObjectCount += mgm.NetworkObjectStatistics.ObjectAggregate.ObjectCount;
@@ -47,15 +47,15 @@ public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<
             }
         }
 
-        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback)
+        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
         {
-            await callback(Managements);
+            await callback(ManagementReports);
             // currently no further objects to be fetched
             GotObjectsInReport = true;
             return true;
         }
 
-        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback)
+        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
         {
             return Task.FromResult<bool>(true);
         }
@@ -63,15 +63,15 @@ public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, ob
         public override string ExportToJson()
         {
             globalStatisticsManagement.Name = "global statistics";
-            Management[] combinedManagements = (new Management[] { globalStatisticsManagement }).Concat(Managements.Where(mgt => !mgt.Ignore)).ToArray();
+            ManagementReport[] combinedManagements = (new ManagementReport[] { globalStatisticsManagement }).Concat(ManagementReports.Where(mgt => !mgt.Ignore)).ToArray();
             return JsonSerializer.Serialize(combinedManagements, new JsonSerializerOptions { WriteIndented = true });
         }
 
         public override string ExportToCsv()
         {
-            StringBuilder csvBuilder = new StringBuilder();
+            StringBuilder csvBuilder = new ();
 
-            foreach (Management management in Managements.Where(mgt => !mgt.Ignore))
+            foreach (ManagementReport managementReport in ManagementReports.Where(mgt => !mgt.Ignore))
             {
                 //foreach (var item in collection)
                 //{
@@ -84,7 +84,7 @@ public override string ExportToCsv()
 
         public override string ExportToHtml()
         {
-            StringBuilder report = new StringBuilder();
+            StringBuilder report = new ();
 
             report.AppendLine($"<h3>{userConfig.GetText("glob_no_obj")}</h3>");
             report.AppendLine("<table>");
@@ -103,9 +103,9 @@ public override string ExportToHtml()
             report.AppendLine("</table>");
             report.AppendLine("<hr>");
 
-            foreach (Management management in Managements.Where(mgt => !mgt.Ignore))
+            foreach (ManagementReport managementReport in ManagementReports.Where(mgt => !mgt.Ignore))
             {
-                report.AppendLine($"<h4>{userConfig.GetText("no_of_obj")} - {management.Name}</h4>");
+                report.AppendLine($"<h4>{userConfig.GetText("no_of_obj")} - {managementReport.Name}</h4>");
                 report.AppendLine("<table>");
                 report.AppendLine("<tr>");
                 report.AppendLine($"<th>{userConfig.GetText("network_objects")}</th>");
@@ -114,10 +114,10 @@ public override string ExportToHtml()
                 report.AppendLine($"<th>{userConfig.GetText("rules")}</th>");
                 report.AppendLine("</tr>");
                 report.AppendLine("<tr>");
-                report.AppendLine($"<td>{management.NetworkObjectStatistics.ObjectAggregate.ObjectCount}</td>");
-                report.AppendLine($"<td>{management.ServiceObjectStatistics.ObjectAggregate.ObjectCount}</td>");
-                report.AppendLine($"<td>{management.UserObjectStatistics.ObjectAggregate.ObjectCount}</td>");
-                report.AppendLine($"<td>{management.RuleStatistics.ObjectAggregate.ObjectCount }</td>");
+                report.AppendLine($"<td>{managementReport.NetworkObjectStatistics.ObjectAggregate.ObjectCount}</td>");
+                report.AppendLine($"<td>{managementReport.ServiceObjectStatistics.ObjectAggregate.ObjectCount}</td>");
+                report.AppendLine($"<td>{managementReport.UserObjectStatistics.ObjectAggregate.ObjectCount}</td>");
+                report.AppendLine($"<td>{managementReport.RuleStatistics.ObjectAggregate.ObjectCount }</td>");
                 report.AppendLine("</tr>");
                 report.AppendLine("</table>");
                 report.AppendLine("<br>");
@@ -128,7 +128,7 @@ public override string ExportToHtml()
                 report.AppendLine($"<th>{userConfig.GetText("gateway")}</th>");
                 report.AppendLine($"<th>{userConfig.GetText("rules")}</th>");
                 report.AppendLine("</tr>");
-                foreach (Device device in management.Devices)
+                foreach (Device device in managementReport.Devices)
                 {
                     if (device.RuleStatistics != null)
                     {
diff --git a/roles/test/files/FWO.Test/ExportTest.cs b/roles/test/files/FWO.Test/ExportTest.cs
index 660645cd8..b061d0473 100644
--- a/roles/test/files/FWO.Test/ExportTest.cs
+++ b/roles/test/files/FWO.Test/ExportTest.cs
@@ -52,8 +52,10 @@ public void Initialize()
         public void RulesGenerateHtml()
         {
             Log.WriteInfo("Test Log", "starting rules report html generation");
-            ReportRules reportRules = new ReportRules(query, userConfig, ReportType.Rules);
-            reportRules.Managements = ConstructRuleReport(false);
+            ReportRules reportRules = new (query, userConfig, ReportType.Rules)
+            {
+                ManagementReports = ConstructRuleReport(false)
+            };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Rules Report</title>" +
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
@@ -101,8 +103,10 @@ public void RulesGenerateHtml()
         public void ResolvedRulesGenerateHtml()
         {
             Log.WriteInfo("Test Log", "starting rules report resolved html generation");
-            ReportRules reportRules = new ReportRules(query, userConfig, ReportType.ResolvedRules);
-            reportRules.Managements = ConstructRuleReport(true);
+            ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRules)
+            {
+                ManagementReports = ConstructRuleReport(true)
+            };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Rules Report (resolved)</title>" +
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
@@ -135,8 +139,10 @@ public void ResolvedRulesGenerateHtml()
         public void ResolvedRulesTechGenerateHtml()
         {
             Log.WriteInfo("Test Log", "starting rules report resolved html generation");
-            ReportRules reportRules = new ReportRules(query, userConfig, ReportType.ResolvedRulesTech);
-            reportRules.Managements = ConstructRuleReport(true);
+            ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRulesTech)
+            {
+                ManagementReports = ConstructRuleReport(true)
+            };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Rules Report (technical)</title>" +
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
@@ -169,8 +175,10 @@ public void ResolvedRulesTechGenerateHtml()
         public void UnusedRulesGenerateHtml()
         {
             Log.WriteInfo("Test Log", "starting unused rules report html generation");
-            ReportRules reportRules = new ReportRules(query, userConfig, ReportType.UnusedRules);
-            reportRules.Managements = ConstructRuleReport(false);
+            ReportRules reportRules = new (query, userConfig, ReportType.UnusedRules)
+            {
+                ManagementReports = ConstructRuleReport(false)
+            };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Unused Rules Report</title>" +
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
@@ -218,8 +226,10 @@ public void UnusedRulesGenerateHtml()
         public void RecertReportGenerateHtml()
         {
             Log.WriteInfo("Test Log", "starting recert report html generation");
-            ReportRules reportRecerts = new ReportRules(query, userConfig, ReportType.Recertification);
-            reportRecerts.Managements = ConstructRecertReport();
+            ReportRules reportRecerts = new (query, userConfig, ReportType.Recertification)
+            {
+                ManagementReports = ConstructRecertReport()
+            };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Recertification Report</title>" +
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
@@ -284,8 +294,10 @@ public void RecertReportGenerateHtml()
         public void NatRulesGenerateHtml()
         {
             Log.WriteInfo("Test Log", "starting nat rules report html generation");
-            ReportNatRules reportNatRules = new ReportNatRules(query, userConfig, ReportType.NatRules);
-            reportNatRules.Managements = ConstructNatRuleReport();
+            ReportNatRules reportNatRules = new (query, userConfig, ReportType.NatRules)
+            {
+                ManagementReports = ConstructNatRuleReport()
+            };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>NAT Rules Report</title>" +
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
@@ -332,8 +344,10 @@ public void NatRulesGenerateHtml()
         public void ChangesGenerateHtml()
         {
             Log.WriteInfo("Test Log", "starting changes report html generation");
-            ReportChanges reportChanges = new ReportChanges(query, userConfig, ReportType.Changes);
-            reportChanges.Managements = ConstructChangeReport(false);
+            ReportChanges reportChanges = new (query, userConfig, ReportType.Changes)
+            {
+                ManagementReports = ConstructChangeReport(false)
+            };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Changes Report</title>" +
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
@@ -396,8 +410,10 @@ public void ChangesGenerateHtml()
         public void ResolvedChangesGenerateHtml()
         {
             Log.WriteInfo("Test Log", "starting changes report resolved html generation");
-            ReportChanges reportChanges = new ReportChanges(query, userConfig, ReportType.ResolvedChanges);
-            reportChanges.Managements = ConstructChangeReport(true);
+            ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChanges)
+            {
+                ManagementReports = ConstructChangeReport(true)
+            };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Changes Report (resolved)</title>" +
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
@@ -456,8 +472,10 @@ public void ResolvedChangesGenerateHtml()
         public void ResolvedChangesTechGenerateHtml()
         {
             Log.WriteInfo("Test Log", "starting changes report tech html generation");
-            ReportChanges reportChanges = new ReportChanges(query, userConfig, ReportType.ResolvedChangesTech);
-            reportChanges.Managements = ConstructChangeReport(true);
+            ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChangesTech)
+            {
+                ManagementReports = ConstructChangeReport(true)
+            };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Changes Report (technical)</title>" +
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
@@ -518,8 +536,10 @@ public void ResolvedChangesTechGenerateHtml()
         public void ResolvedRulesGenerateCsv()
         {
             Log.WriteInfo("Test Log", "starting rules report resolved csv generation");
-            ReportRules reportRules = new ReportRules(query, userConfig, ReportType.ResolvedRules);
-            reportRules.Managements = ConstructRuleReport(true);
+            ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRules)
+            {
+                ManagementReports = ConstructRuleReport(true)
+            };
 
             string expectedCsvResult = "# report type: Rules Report (resolved)" +
             "# report generation date: Z (UTC)" +
@@ -538,8 +558,10 @@ public void ResolvedRulesGenerateCsv()
         public void ResolvedRulesTechGenerateCsv()
         {
             Log.WriteInfo("Test Log", "starting rules report tech csv generation");
-            ReportRules reportRules = new ReportRules(query, userConfig, ReportType.ResolvedRulesTech);
-            reportRules.Managements = ConstructRuleReport(true);
+            ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRulesTech)
+            {
+                ManagementReports = ConstructRuleReport(true)
+            };
 
             string expectedCsvResult = "# report type: Rules Report (technical)" +
             "# report generation date: Z (UTC)" +
@@ -558,8 +580,10 @@ public void ResolvedRulesTechGenerateCsv()
         public void ResolvedChangesGenerateCsv()
         {
             Log.WriteInfo("Test Log", "starting changes report resolved csv generation");
-            ReportChanges reportChanges = new ReportChanges(query, userConfig, ReportType.ResolvedChanges);
-            reportChanges.Managements = ConstructChangeReport(true);
+            ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChanges)
+            {
+                ManagementReports = ConstructChangeReport(true)
+            };
 
             string expectedCsvResult = "# report type: Changes Report (resolved)" +
             "# report generation date: Z (UTC)" +
@@ -585,8 +609,10 @@ public void ResolvedChangesGenerateCsv()
         public void ResolvedChangesTechGenerateCsv()
         {
             Log.WriteInfo("Test Log", "starting changes report tech csv generation");
-            ReportChanges reportChanges = new ReportChanges(query, userConfig, ReportType.ResolvedChangesTech);
-            reportChanges.Managements = ConstructChangeReport(true);
+            ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChangesTech)
+            {
+                ManagementReports = ConstructChangeReport(true)
+            };
 
             string expectedCsvResult = "# report type: Changes Report (technical)" +
             "# report generation date: Z (UTC)" +
@@ -607,21 +633,34 @@ public void ResolvedChangesTechGenerateCsv()
         public void RulesGenerateJson()
         {
             Log.WriteInfo("Test Log", "starting rules report json generation");
-            ReportRules reportRules = new ReportRules(query, userConfig, ReportType.Rules);
-            reportRules.Managements = ConstructRuleReport(false);
+            ReportRules reportRules = new (query, userConfig, ReportType.Rules)
+            {
+                ManagementReports = ConstructRuleReport(false)
+            };
 
             string expectedJsonResult = 
-            "[{\"id\": 0,\"name\": \"TestMgt\",\"hostname\": \"\"," +
+            "[{\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": []," +
+            "\"reportNetworkObjects\": [{\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
+            "{\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
+            "{\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}]," +
+            "\"reportServiceObjects\": [{\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," +
+            "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}," +
+            "{\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," +
+            "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}]," +
+            "\"reportUserObjects\": [{\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}," +
+            "{\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}]," +
+            "\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}},\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," +
+            "\"id\": 0,\"name\": \"TestMgt\",\"hostname\": \"\"," +
             "\"import_credential\": {\"id\": 0,\"credential_name\": \"\",\"is_key_pair\": false,\"user\": null,\"secret\": \"\",\"sshPublicKey\": null,\"cloud_client_id\": null,\"cloud_client_secret\": null}," +
             "\"configPath\": \"\",\"domainUid\": \"\",\"cloudSubscriptionId\": \"\",\"cloudTenantId\": \"\",\"superManager\": null,\"importerHostname\": \"\",\"port\": 0,\"importDisabled\": false,\"forceInitialImport\": false,\"hideInUi\": false,\"comment\": null,\"debugLevel\": null," +
             "\"devices\": [{\"id\": 0,\"name\": \"TestDev\",\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
             "\"management\": {\"id\": 0,\"name\": \"\",\"hostname\": \"\"," +
             "\"import_credential\": {\"id\": 0,\"credential_name\": \"\",\"is_key_pair\": false,\"user\": null,\"secret\": \"\",\"sshPublicKey\": null,\"cloud_client_id\": null,\"cloud_client_secret\": null}," +
             "\"configPath\": \"\",\"domainUid\": \"\",\"cloudSubscriptionId\": \"\",\"cloudTenantId\": \"\",\"superManager\": null,\"importerHostname\": \"\",\"port\": 0,\"importDisabled\": false,\"forceInitialImport\": false,\"hideInUi\": false,\"comment\": null,\"debugLevel\": null," +
-            "\"devices\": [],\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": [],\"reportNetworkObjects\": [],\"reportServiceObjects\": [],\"reportUserObjects\": []," +
+            "\"devices\": []," +
             "\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
-            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0,\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}}," +
-            "\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}},\"local_rulebase_name\": null,\"global_rulebase_name\": null,\"package_name\": null,\"importDisabled\": false,\"hideInUi\": false,\"comment\": null," +
+            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0}," +
+            "\"local_rulebase_name\": null,\"global_rulebase_name\": null,\"package_name\": null,\"importDisabled\": false,\"hideInUi\": false,\"comment\": null," +
             "\"rules\": [{\"rule_id\": 0,\"rule_uid\": \"uid1\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"comment1\",\"rule_disabled\": false," +
             "\"rule_services\": [{\"service\": {\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0," +
             "\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," +
@@ -651,19 +690,9 @@ public void RulesGenerateJson()
             "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\"," +
             "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
             "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []},\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"}],\"changelog_rules\": null,\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," +
-            "\"Selected\": false,\"Relevant\": false,\"AwaitMgmt\": false,\"Delete\": false,\"ActionId\": 0}],\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": []," +
-            "\"reportNetworkObjects\": [{\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
-            "{\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
-            "{\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}]," +
-            "\"reportServiceObjects\": [{\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," +
-            "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}," +
-            "{\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," +
-            "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}]," +
-            "\"reportUserObjects\": [{\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}," +
-            "{\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}]," +
+            "\"Selected\": false,\"Relevant\": false,\"AwaitMgmt\": false,\"Delete\": false,\"ActionId\": 0}]," +
             "\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
-            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0,\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": []," +
-            "\"objects_aggregate\": {\"aggregate\": {\"count\": 0}},\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}}]";
+            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0}]";
             // Log.WriteInfo("Test Log", removeLinebreaks((removeGenDate(reportRules.ExportToJson(), true, true))));
             Assert.AreEqual(expectedJsonResult, removeLinebreaks((removeGenDate(reportRules.ExportToJson(), false, true))));
         }
@@ -672,8 +701,10 @@ public void RulesGenerateJson()
         public void ResolvedRulesGenerateJson()
         {
             Log.WriteInfo("Test Log", "starting resolved rules report json generation");
-            ReportRules reportRules = new ReportRules(query, userConfig, ReportType.ResolvedRules);
-            reportRules.Managements = ConstructRuleReport(true);
+            ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRules)
+            {
+                ManagementReports = ConstructRuleReport(true)
+            };
 
             string expectedJsonResult = 
             "{\"report type\": \"Rules Report (resolved)\",\"report generation date\": \"Z (UTC)\"," +
@@ -695,8 +726,10 @@ public void ResolvedRulesGenerateJson()
         public void ResolvedRulesTechGenerateJson()
         {
             Log.WriteInfo("Test Log", "starting resolved rules report tech json generation");
-            ReportRules reportRules = new ReportRules(query, userConfig, ReportType.ResolvedRulesTech);
-            reportRules.Managements = ConstructRuleReport(true);
+            ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRulesTech)
+            {
+                ManagementReports = ConstructRuleReport(true)
+            };
 
             string expectedJsonResult = 
             "{\"report type\": \"Rules Report (technical)\",\"report generation date\": \"Z (UTC)\"," +
@@ -719,21 +752,24 @@ public void ResolvedRulesTechGenerateJson()
         public void ChangesGenerateJson()
         {
             Log.WriteInfo("Test Log", "starting changes report json generation");
-            ReportChanges reportChanges = new ReportChanges(query, userConfig, ReportType.Changes);
-            reportChanges.Managements = ConstructChangeReport(false);
+            ReportChanges reportChanges = new (query, userConfig, ReportType.Changes)
+            {
+                ManagementReports = ConstructChangeReport(false)
+            };
 
             string expectedJsonResult = 
-            "[{\"id\": 0,\"name\": \"TestMgt\",\"hostname\": \"\"," +
+            "[{\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": [],\"reportNetworkObjects\": [],\"reportServiceObjects\": [],\"reportUserObjects\": [],\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}}," +
+            "\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," +
+            "\"id\": 0,\"name\": \"TestMgt\",\"hostname\": \"\"," +
             "\"import_credential\": {\"id\": 0,\"credential_name\": \"\",\"is_key_pair\": false,\"user\": null,\"secret\": \"\",\"sshPublicKey\": null,\"cloud_client_id\": null,\"cloud_client_secret\": null}," +
             "\"configPath\": \"\",\"domainUid\": \"\",\"cloudSubscriptionId\": \"\",\"cloudTenantId\": \"\",\"superManager\": null,\"importerHostname\": \"\",\"port\": 0,\"importDisabled\": false,\"forceInitialImport\": false,\"hideInUi\": false,\"comment\": null,\"debugLevel\": null," +
             "\"devices\": [{\"id\": 0,\"name\": \"TestDev\",\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
             "\"management\": {\"id\": 0,\"name\": \"\",\"hostname\": \"\"," +
             "\"import_credential\": {\"id\": 0,\"credential_name\": \"\",\"is_key_pair\": false,\"user\": null,\"secret\": \"\",\"sshPublicKey\": null,\"cloud_client_id\": null,\"cloud_client_secret\": null}," +
             "\"configPath\": \"\",\"domainUid\": \"\",\"cloudSubscriptionId\": \"\",\"cloudTenantId\": \"\",\"superManager\": null,\"importerHostname\": \"\",\"port\": 0,\"importDisabled\": false,\"forceInitialImport\": false,\"hideInUi\": false,\"comment\": null,\"debugLevel\": null," +
-            "\"devices\": [],\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": [],\"reportNetworkObjects\": [],\"reportServiceObjects\": [],\"reportUserObjects\": []," +
+            "\"devices\": []," +
             "\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
-            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0,\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}}," +
-            "\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}}," +
+            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0}," +
             "\"local_rulebase_name\": null,\"global_rulebase_name\": null,\"package_name\": null,\"importDisabled\": false,\"hideInUi\": false,\"comment\": null,\"rules\": null," +
             "\"changelog_rules\": [{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"I\"," +
             "\"old\": {\"rule_id\": 0,\"rule_uid\": \"\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"\",\"rule_comment\": \"\",\"rule_disabled\": false," +
@@ -809,8 +845,8 @@ public void ChangesGenerateJson()
             "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
             "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," +
             "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 0,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}],\"rules_aggregate\": {\"aggregate\": {\"count\": 0}},\"Selected\": false,\"Relevant\": false,\"AwaitMgmt\": false,\"Delete\": false,\"ActionId\": 0}]," +
-            "\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": [],\"reportNetworkObjects\": [],\"reportServiceObjects\": [],\"reportUserObjects\": [],\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
-            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0,\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}},\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}}]";
+            "\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
+            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0}]";
             Assert.AreEqual(expectedJsonResult, removeLinebreaks((removeGenDate(reportChanges.ExportToJson(), false, true))));
         }
 
@@ -818,8 +854,10 @@ public void ChangesGenerateJson()
         public void ResolvedChangesGenerateJson()
         {
             Log.WriteInfo("Test Log", "starting resolved changes report json generation");
-            ReportChanges reportChanges = new ReportChanges(query, userConfig, ReportType.ResolvedChanges);
-            reportChanges.Managements = ConstructChangeReport(true);
+            ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChanges)
+            {
+                ManagementReports = ConstructChangeReport(true)
+            };
 
             string expectedJsonResult = 
             "{\"report type\": \"Changes Report (resolved)\",\"report generation date\": \"Z (UTC)\",\"device filter\": \"TestMgt [TestDev]\",\"other filters\": \"TestFilter\",\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\",\"data protection level\": \"For internal use only\"," +
@@ -848,8 +886,10 @@ public void ResolvedChangesGenerateJson()
         public void ResolvedChangesTechGenerateJson()
         {
             Log.WriteInfo("Test Log", "starting resolved changes report json generation");
-            ReportChanges reportChanges = new ReportChanges(query, userConfig, ReportType.ResolvedChangesTech);
-            reportChanges.Managements = ConstructChangeReport(true);
+            ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChangesTech)
+            {
+                ManagementReports = ConstructChangeReport(true)
+            };
 
             string expectedJsonResult = 
             "{\"report type\": \"Changes Report (technical)\",\"report generation date\": \"Z (UTC)\",\"device filter\": \"TestMgt [TestDev]\",\"other filters\": \"TestFilter\",\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\",\"data protection level\": \"For internal use only\"," +
@@ -973,13 +1013,13 @@ private Rule InitRule2(bool resolved)
             };
         }
 
-        private Management[] ConstructRuleReport(bool resolved)
+        private ManagementReport[] ConstructRuleReport(bool resolved)
         {
             Rule1 = InitRule1(resolved);
             Rule2 = InitRule2(resolved);
-            return new List<Management>()
+            return new List<ManagementReport>()
             {
-                new Management()
+                new ManagementReport()
                 { 
                     Name = "TestMgt",
                     ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange },
@@ -997,7 +1037,7 @@ private Management[] ConstructRuleReport(bool resolved)
             }.ToArray();
         }
 
-        private Management[] ConstructRecertReport()
+        private ManagementReport[] ConstructRecertReport()
         {
             RecertRule1 = InitRule1(false);
             RecertRule1.Metadata.RuleRecertification = new List<Recertification>()
@@ -1025,9 +1065,9 @@ private Management[] ConstructRecertReport()
                     IpMatch = TestIpRange.Name
                 }
             };
-            return new List<Management>()
+            return new List<ManagementReport>()
             {
-                new Management()
+                new ManagementReport()
                 { 
                     Name = "TestMgt",
                     ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange },
@@ -1045,7 +1085,7 @@ private Management[] ConstructRecertReport()
             }.ToArray();
         }
 
-        private Management[] ConstructNatRuleReport()
+        private ManagementReport[] ConstructNatRuleReport()
         {
             NatRule = InitRule1(false);
             NatRule.NatData = new NatData()
@@ -1068,9 +1108,9 @@ private Management[] ConstructNatRuleReport()
                     new ServiceWrapper(){ Content = TestService2 }
                 }
             };
-            return new List<Management>()
+            return new List<ManagementReport>()
             {
-                new Management()
+                new ManagementReport()
                 { 
                     Name = "TestMgt",
                     ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange, TestIpNew, TestIp1Changed },
@@ -1084,7 +1124,7 @@ private Management[] ConstructNatRuleReport()
             }.ToArray();
         }
 
-        private Management[] ConstructChangeReport(bool resolved)
+        private ManagementReport[] ConstructChangeReport(bool resolved)
         {
             Rule1 = InitRule1(resolved);
             Rule1Changed = InitRule1(resolved);
@@ -1142,9 +1182,9 @@ private Management[] ConstructChangeReport(bool resolved)
                 ChangeImport = new ChangeImport(){ Time = new DateTime(2023,04,05,12,0,0) },
                 OldRule = Rule2
             };
-            return new List<Management>()
+            return new List<ManagementReport>()
             {
-                new Management()
+                new ManagementReport()
                 { 
                     Name = "TestMgt",
                     Devices = new Device[]
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index d48736755..f5a25ee06 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -189,9 +189,9 @@
 
     private List<OwnerReport> connectionReport = new();
     private ModellingAppHandler? appHandler;
-    private Management[] managementsReport = new Management[0];
+    private ManagementReport[] managementsReport = new ManagementReport[0];
     List<int> relevantManagementIds = new();
-    private Management? globalStats = null;
+    private ManagementReport? globalStats = null;
     private List<ModellingConnection>? globalComSvc = null;
     
     private ReportFilters actReportFilters = new ();
@@ -283,7 +283,7 @@
     private void ResetReport()
     {
         // clear report data when switching reportType as we would be missing src/dst/svc information in some cases           
-        managementsReport = new Management[] {};
+        managementsReport = new ManagementReport[] {};
         globalStats = null;
         connectionReport = new();
         globalComSvc = null;
@@ -327,7 +327,7 @@
         selectedItemsChangeReportTable.Clear();
 
         // save original report for exception case
-        Management[] managementsReportOrig = managementsReport;
+        ManagementReport[] managementsReportOrig = managementsReport;
         try
         {
             if (actReportFilters.ReportType.IsDeviceRelatedReport() && !actReportFilters.DeviceFilter.isAnyDeviceFilterSet())
@@ -343,7 +343,7 @@
             relevantManagementIds = actReportFilters.DeviceFilter.getSelectedManagements();
 
             startTime = DateTime.Now;
-            managementsReport = new Management[0]; // reset management data when switching between reports
+            managementsReport = new ManagementReport[0]; // reset management data when switching between reports
             connectionReport = new();
 
             try
@@ -423,7 +423,7 @@
 
     private async Task GenerateStatisticsReport(CancellationToken token)
     {
-        globalStats = new Management();
+        globalStats = new ManagementReport();
         await currentReport.GenerateMgt(0, apiConnection,
             managementsReportIntermediate =>
             {
@@ -431,7 +431,7 @@
                 setRelevantManagements();
                 return InvokeAsync(() =>
                 {
-                    foreach (Management mgm in managementsReport.Where(mgt => !mgt.Ignore))
+                    foreach (var mgm in managementsReport.Where(mgt => !mgt.Ignore))
                     {
                         globalStats.RuleStatistics.ObjectAggregate.ObjectCount += mgm.RuleStatistics.ObjectAggregate.ObjectCount;
                         globalStats.NetworkObjectStatistics.ObjectAggregate.ObjectCount += mgm.NetworkObjectStatistics.ObjectAggregate.ObjectCount;
@@ -443,11 +443,11 @@
             }, token);
     }
 
-    private bool PrepareMetadata(Management[] Managements)
+    private bool PrepareMetadata(ManagementReport[] ManagementReports)
     {
         bool rulesFound = false;
-        foreach (Management management in Managements)
-            foreach (Device device in management.Devices)
+        foreach (var managementReport in ManagementReports)
+            foreach (Device device in managementReport.Devices)
                 if (device.ContainsRules())
                 {
                     rulesFound = true;
@@ -485,7 +485,7 @@
 
     private void setRelevantManagements()
     {
-        foreach (Management mgm in managementsReport)
+        foreach (var mgm in managementsReport)
         {
             mgm.Ignore = !relevantManagementIds.Contains(mgm.Id);
         }
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
index be34bdc5a..732c728d2 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
@@ -7,26 +7,26 @@
 @if (GlobalStats != null)
 {
     <h5>@(userConfig.GetText("glob_no_obj"))</h5>
-    <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Management" Items="new Management[] {GlobalStats}">
-        <Column TableItem="Management" Title="@(userConfig.GetText("network_objects"))" Field="@(Management => Management.NetworkObjectStatistics.ObjectAggregate.ObjectCount)" />
-        <Column TableItem="Management" Title="@(userConfig.GetText("service_objects"))" Field="@(Management => Management.ServiceObjectStatistics.ObjectAggregate.ObjectCount)" />
-        <Column TableItem="Management" Title="@(userConfig.GetText("user_objects"))" Field="@(Management => Management.UserObjectStatistics.ObjectAggregate.ObjectCount)" />
-        <Column TableItem="Management" Title="@(userConfig.GetText("rules"))" Field="@(Management => Management.RuleStatistics.ObjectAggregate.ObjectCount)" />
+    <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="ManagementReport" Items="new ManagementReport[] {GlobalStats}">
+        <Column TableItem="ManagementReport" Title="@(userConfig.GetText("network_objects"))" Field="@(m => m.NetworkObjectStatistics.ObjectAggregate.ObjectCount)" />
+        <Column TableItem="ManagementReport" Title="@(userConfig.GetText("service_objects"))" Field="@(m => m.ServiceObjectStatistics.ObjectAggregate.ObjectCount)" />
+        <Column TableItem="ManagementReport" Title="@(userConfig.GetText("user_objects"))" Field="@(m => m.UserObjectStatistics.ObjectAggregate.ObjectCount)" />
+        <Column TableItem="ManagementReport" Title="@(userConfig.GetText("rules"))" Field="@(m => m.RuleStatistics.ObjectAggregate.ObjectCount)" />
     </Table>
 }
-@foreach (Management management in Managements.Where(mgt => !mgt.Ignore))
+@foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore))
 {
-    <Collapse Title="@management.Name" Style="@("primary")" StartToggled="false">
+    <Collapse Title="@managementReport.Name" Style="@("primary")" StartToggled="false">
         <h6>@(userConfig.GetText("total_no_obj_mgt"))</h6>
-        <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Management" Items="new Management[] {management}" PageSize="0">
-            <Column TableItem="Management" Title="@(userConfig.GetText("network_objects"))" Field="@(Management => Management.NetworkObjectStatistics.ObjectAggregate.ObjectCount)" />
-            <Column TableItem="Management" Title="@(userConfig.GetText("service_objects"))" Field="@(Management => Management.ServiceObjectStatistics.ObjectAggregate.ObjectCount)" />
-            <Column TableItem="Management" Title="@(userConfig.GetText("user_objects"))" Field="@(Management => Management.UserObjectStatistics.ObjectAggregate.ObjectCount)" />
-            <Column TableItem="Management" Title="@(userConfig.GetText("rules"))" Field="@(Management => Management.RuleStatistics.ObjectAggregate.ObjectCount)" />
+        <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="ManagementReport" Items="new ManagementReport[] {managementReport}" PageSize="0">
+            <Column TableItem="ManagementReport" Title="@(userConfig.GetText("network_objects"))" Field="@(m => m.NetworkObjectStatistics.ObjectAggregate.ObjectCount)" />
+            <Column TableItem="ManagementReport" Title="@(userConfig.GetText("service_objects"))" Field="@(m => m.ServiceObjectStatistics.ObjectAggregate.ObjectCount)" />
+            <Column TableItem="ManagementReport" Title="@(userConfig.GetText("user_objects"))" Field="@(m => m.UserObjectStatistics.ObjectAggregate.ObjectCount)" />
+            <Column TableItem="ManagementReport" Title="@(userConfig.GetText("rules"))" Field="@(m => m.RuleStatistics.ObjectAggregate.ObjectCount)" />
         </Table>
 
         <h6>@(userConfig.GetText("no_rules_gtw"))</h6>
-        <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Device" Items="management.Devices" PageSize="0">
+        <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Device" Items="managementReport.Devices" PageSize="0">
             <Column TableItem="Device" Title="@(userConfig.GetText("gateway"))" Field="@(Device => Device.Name)" />
             <Column TableItem="Device" Title="@(userConfig.GetText("no_of_rules"))" Field="@(Device => Device.RuleStatistics.ObjectAggregate.ObjectCount)" />
         </Table>
@@ -36,8 +36,8 @@
 @code
 {
     [Parameter]
-    public Management[] Managements { get; set; } = new Management[]{};
+    public ManagementReport[] ManagementReports { get; set; } = new ManagementReport[]{};
 
     [Parameter]
-    public Management? GlobalStats { get; set; }
+    public ManagementReport? GlobalStats { get; set; }
 }
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index 1317f8d49..b3cbf3530 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -254,7 +254,7 @@
     AnchorNavToRSB? anchorNavToRSB { get; set; }
 
     [Parameter]
-    public Func<RsbTab, ObjCategory, Func<Management[], Task>, long, bool, Task>? FetchObjects { get; set; }
+    public Func<RsbTab, ObjCategory, Func<ManagementReport[], Task>, long, bool, Task>? FetchObjects { get; set; }
 
     [Parameter]
     public bool Recert { get; set; }
@@ -334,7 +334,7 @@
         }
         switch (Content)
         {
-            case Management m:
+            case ManagementReport m:
                 idPref += "m" + m.Id + "-";
                 break;
             case Rule r:
@@ -398,12 +398,12 @@
                 {
                     switch (Content)
                     {
-                        case Management m:
+                        case ManagementReport m:
                             await FetchObjects(Tab, objCategory,
                                 managementsUpdate =>
                                 {
                                     int id = m.Id;
-                                    Management? m_updated = managementsUpdate.FirstOrDefault(mgmt => mgmt.Id == m.Id);
+                                    ManagementReport? m_updated = managementsUpdate.FirstOrDefault(mgmt => mgmt.Id == m.Id);
                                     if (m_updated != null)
                                     {
                                         switch (objCategory)
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
index b4bb40ebd..6640d3c4a 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
@@ -17,7 +17,7 @@
 @code
 {
     [Parameter]
-    public Func<RsbTab, ObjCategory, Func<Management[], Task>, long, bool, Task>? FetchObjects { get; set; }
+    public Func<RsbTab, ObjCategory, Func<ManagementReport[], Task>, long, bool, Task>? FetchObjects { get; set; }
 
     [Parameter]
     public bool Recert { get; set; }
diff --git a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
index 2a51ea2f4..26ee28843 100644
--- a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
+++ b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
@@ -23,7 +23,7 @@
                         </div>
                         <div class="mt-2">
                             <CascadingValue Value="collapseSidebarAll">
-                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.all" InputDataType="Management" Data="managementsAllObjects"
+                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.all" InputDataType="ManagementReport" Data="managementsAllObjects"
                                     NameExtractor="man => man.Name" NetworkObjectExtractor="man => man.Objects"
                                     NetworkServiceExtractor="man => man.Services" NetworkUserExtractor="man => man.Users" />
                             </CascadingValue>
@@ -38,7 +38,7 @@
                         </div>
                         <div class="mt-2">
                             <CascadingValue Value="collapseSidebarReport">
-                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.report" InputDataType="Management" 
+                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.report" InputDataType="ManagementReport" 
                                     Data="ManagementsReport.Where(m => (m.Devices.Where(d => d.Rules != null && d.Rules.Count() > 0).Count() > 0))"
                                     NameExtractor="man => man.Name"
                                     NetworkObjectExtractor="man => man.ReportObjects"
@@ -117,7 +117,7 @@
     public EventCallback<List<Rule>> SelectedRulesChanged { get; set; }
 
     [Parameter]
-    public Management[]? ManagementsReport { get; set; }
+    public ManagementReport[]? ManagementsReport { get; set; }
 
     [Parameter]
     public bool AllTabVisible { get; set; } = true;
@@ -131,7 +131,7 @@
     private CollapseState collapseSidebarAll = new CollapseState();
     private CollapseState collapseSidebarReport = new CollapseState();
     private CollapseState collapseSidebarRule = new CollapseState();
-    private Management[] managementsAllObjects = new Management[0];
+    private ManagementReport[] managementsAllObjects = new ManagementReport[0];
 
     private int intWidth { get { return Width; } set { Width = value; WidthChanged.InvokeAsync(Width);}}
 
@@ -145,7 +145,7 @@
                 if(AllTabVisible)
                 {
                     PaginationVariables paginationVariables = new PaginationVariables() { Limit = 0, Offset = 0 };
-                    managementsAllObjects = await Connection.SendQueryAsync<Management[]>(ObjectQueries.getAllObjectDetails, paginationVariables);
+                    managementsAllObjects = await Connection.SendQueryAsync<ManagementReport[]>(ObjectQueries.getAllObjectDetails, paginationVariables);
                     await InvokeAsync(StateHasChanged);
                 }
             }
@@ -156,11 +156,11 @@
         });
     }
 
-    public async Task FetchContent(RsbTab rsbTab, ObjCategory objType, Func<Management[], Task> callback, long id = 0, bool nat = false)
+    public async Task FetchContent(RsbTab rsbTab, ObjCategory objType, Func<ManagementReport[], Task> callback, long id = 0, bool nat = false)
     {
         Log.WriteDebug("Fetching Content..", $"nat: {nat}");
 
-        Management[] managements = new Management[0];
+        ManagementReport[] managementReports = new ManagementReport[0];
 
         try
         {
@@ -231,30 +231,30 @@
         }
     }
 
-    private async Task FetchObjects(string query, Dictionary<string, object> queryVars, Func<Management[], Task> callback)
+    private async Task FetchObjects(string query, Dictionary<string, object> queryVars, Func<ManagementReport[], Task> callback)
     {
         // lazy fetch all objects for right sidebar
         try
         {
-            Management[] managements = new Management[0];
+            ManagementReport[] managementReports = new ManagementReport[0];
             bool newObjects = true;
             int fetchCount = 0;
 
             while (newObjects && (++fetchCount <= userConfig.MaxInitialFetchesRightSidebar || userConfig.AutoFillRightSidebar))
             {
-                Management[] managementsCurrentFetch = await Connection.SendQueryAsync<Management[]>(query, queryVars);
+                ManagementReport[] managementsCurrentFetch = await Connection.SendQueryAsync<ManagementReport[]>(query, queryVars);
                 if (fetchCount == 1)
                 {
-                    managements = managementsCurrentFetch;
+                    managementReports = managementsCurrentFetch;
                 }
                 else
                 {
-                    newObjects = managements.Merge(managementsCurrentFetch);
+                    newObjects = managementReports.Merge(managementsCurrentFetch);
                 }
 
                 if (queryVars.ContainsKey("offset"))
                     queryVars["offset"] = (int)queryVars["offset"] + userConfig.ElementsPerFetch;
-                await callback(managements);
+                await callback(managementReports);
             }
 
             Log.WriteDebug("Lazy Fetch", $"Fetched sidebar objects in {fetchCount - 1} cycle(s) ({userConfig.ElementsPerFetch} at a time)");

From 4ffdfa5a4872434eafc58c6d3e8834a228b5b7e8 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Thu, 7 Mar 2024 18:59:11 +0100
Subject: [PATCH 28/84] managementreport to list

---
 .../FWO.Api.Client/Data/ManagementReport.cs   | 31 ++++++++------
 roles/lib/files/FWO.Report/ReportBase.cs      |  6 +--
 roles/lib/files/FWO.Report/ReportChanges.cs   | 12 +++---
 .../lib/files/FWO.Report/ReportDevicesBase.cs |  8 ++--
 roles/lib/files/FWO.Report/ReportRules.cs     | 41 +++++++++++--------
 .../lib/files/FWO.Report/ReportStatistics.cs  | 18 ++++----
 roles/test/files/FWO.Test/ExportTest.cs       | 16 ++++----
 .../ui/files/FWO.UI/Pages/Certification.razor | 16 ++++----
 .../files/FWO.UI/Pages/Reporting/Report.razor | 14 +++----
 .../Reporting/Reports/ChangesReport.razor     |  4 +-
 .../Pages/Reporting/Reports/RulesReport.razor |  4 +-
 .../Reporting/Reports/StatisticsReport.razor  | 41 +++++++++++--------
 .../ui/files/FWO.UI/Shared/ObjectGroup.razor  |  2 +-
 .../FWO.UI/Shared/ObjectGroupCollection.razor |  2 +-
 .../ui/files/FWO.UI/Shared/RightSidebar.razor | 20 ++++-----
 15 files changed, 126 insertions(+), 109 deletions(-)

diff --git a/roles/lib/files/FWO.Api.Client/Data/ManagementReport.cs b/roles/lib/files/FWO.Api.Client/Data/ManagementReport.cs
index 5178dcf24..36beefa0c 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ManagementReport.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ManagementReport.cs
@@ -68,13 +68,18 @@ public override bool Sanitize()
 
     public static class ManagementUtility
     {
-        public static bool Merge(this ManagementReport[] managements, ManagementReport[] managementsToMerge)
+        public static bool Merge(this List<ManagementReport> managementReports, List<ManagementReport> managementReportsToMerge)
         {
             bool newObjects = false;
 
-            for (int i = 0; i < managementsToMerge.Length; i++)
-                newObjects |= managements[i].Merge(managementsToMerge[i]);
-
+            foreach(var managementReportToMerge in managementReportsToMerge)
+            {
+                ManagementReport? mgmtToFill = managementReports.FirstOrDefault(m => m.Id == managementReportToMerge.Id);
+                if(mgmtToFill!= null)
+                {
+                    newObjects |= mgmtToFill.Merge(managementReportToMerge);
+                }
+            }
             return newObjects;
         }
 
@@ -109,32 +114,32 @@ public static bool Merge(this ManagementReport managementReport, ManagementRepor
             return newObjects;
         }
 
-        public static bool MergeReportObjects(this ManagementReport managementReport, ManagementReport managementToMerge)
+        public static bool MergeReportObjects(this ManagementReport managementReport, ManagementReport managementReportToMerge)
         {
             bool newObjects = false;
 
-            if (managementReport.ReportObjects != null && managementToMerge.ReportObjects != null && managementToMerge.ReportObjects.Length > 0)
+            if (managementReport.ReportObjects != null && managementReportToMerge.ReportObjects != null && managementReportToMerge.ReportObjects.Length > 0)
             {
-                managementReport.ReportObjects = managementReport.ReportObjects.Concat(managementToMerge.ReportObjects).ToArray();
+                managementReport.ReportObjects = managementReport.ReportObjects.Concat(managementReportToMerge.ReportObjects).ToArray();
                 newObjects = true;
             }
 
-            if (managementReport.ReportServices != null && managementToMerge.ReportServices != null && managementToMerge.ReportServices.Length > 0)
+            if (managementReport.ReportServices != null && managementReportToMerge.ReportServices != null && managementReportToMerge.ReportServices.Length > 0)
             {
-                managementReport.ReportServices = managementReport.ReportServices.Concat(managementToMerge.ReportServices).ToArray();
+                managementReport.ReportServices = managementReport.ReportServices.Concat(managementReportToMerge.ReportServices).ToArray();
                 newObjects = true;
             }
 
-            if (managementReport.ReportUsers != null && managementToMerge.ReportUsers != null && managementToMerge.ReportUsers.Length > 0)
+            if (managementReport.ReportUsers != null && managementReportToMerge.ReportUsers != null && managementReportToMerge.ReportUsers.Length > 0)
             {
-                managementReport.ReportUsers = managementReport.ReportUsers.Concat(managementToMerge.ReportUsers).ToArray();
+                managementReport.ReportUsers = managementReport.ReportUsers.Concat(managementReportToMerge.ReportUsers).ToArray();
                 newObjects = true;
             }
 
-            if (managementReport.Devices != null && managementToMerge.Devices != null && managementToMerge.Devices.Length > 0)
+            if (managementReport.Devices != null && managementReportToMerge.Devices != null && managementReportToMerge.Devices.Length > 0)
             {
                 // important: if any management still returns rules, newObjects is set to true
-                if (managementReport.Devices.Merge(managementToMerge.Devices) == true)
+                if (managementReport.Devices.Merge(managementReportToMerge.Devices) == true)
                     newObjects = true;
             }
             return newObjects;
diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index b98e668c1..275ec67f7 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -85,7 +85,7 @@ public ReportBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType repor
             ReportType = reportType;
         }
 
-        public virtual Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback, CancellationToken ct)
+        public virtual Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback, CancellationToken ct)
         {
             throw new NotImplementedException();
         }
@@ -94,7 +94,7 @@ public virtual Task GenerateCon(int _, ApiConnection apiConnection, Func<List<Mo
             throw new NotImplementedException();
         }
 
-        public virtual Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback) // to be called when exporting
+        public virtual Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback) // to be called when exporting
         {
             throw new NotImplementedException();
         }
@@ -103,7 +103,7 @@ public virtual Task<bool> GetConObjectsInReport(int objectsPerFetch, ApiConnecti
             throw new NotImplementedException();
         }
 
-        public virtual Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
+        public virtual Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
         {
             throw new NotImplementedException();
         }
diff --git a/roles/lib/files/FWO.Report/ReportChanges.cs b/roles/lib/files/FWO.Report/ReportChanges.cs
index 51a460293..f376cd68b 100644
--- a/roles/lib/files/FWO.Report/ReportChanges.cs
+++ b/roles/lib/files/FWO.Report/ReportChanges.cs
@@ -15,14 +15,14 @@ public class ReportChanges : ReportDevicesBase
 
         public ReportChanges(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
 
-        public override async Task GenerateMgt(int changesPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback, CancellationToken ct)
+        public override async Task GenerateMgt(int changesPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback, CancellationToken ct)
         {
             Query.QueryVariables["limit"] = changesPerFetch;
             Query.QueryVariables["offset"] = 0;
             bool gotNewObjects = true;
-            ManagementReports = Array.Empty<ManagementReport>();
+            ManagementReports = new ();
 
-            ManagementReports = await apiConnection.SendQueryAsync<ManagementReport[]>(Query.FullQuery, Query.QueryVariables);
+            ManagementReports = await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables);
 
             while (gotNewObjects)
             {
@@ -32,12 +32,12 @@ public override async Task GenerateMgt(int changesPerFetch, ApiConnection apiCon
                     ct.ThrowIfCancellationRequested();
                 }
                 Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + changesPerFetch;
-                gotNewObjects = ManagementReports.Merge(await apiConnection.SendQueryAsync<ManagementReport[]>(Query.FullQuery, Query.QueryVariables));
+                gotNewObjects = ManagementReports.Merge(await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables));
                 await callback(ManagementReports);
             }
         }
 
-        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
+        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
         {
             await callback(ManagementReports);
             // currently no further objects to be fetched
@@ -45,7 +45,7 @@ public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiC
             return true;
         }
 
-        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
+        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
         {
             throw new NotImplementedException();
         }
diff --git a/roles/lib/files/FWO.Report/ReportDevicesBase.cs b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
index 8b5cb76ad..a6a9e192d 100644
--- a/roles/lib/files/FWO.Report/ReportDevicesBase.cs
+++ b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
@@ -9,17 +9,17 @@ namespace FWO.Report
 {
     public abstract class ReportDevicesBase : ReportBase
     {
-        public ManagementReport[] ManagementReports = new ManagementReport[] { };
+        public List<ManagementReport> ManagementReports = new ();
 
         public ReportDevicesBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType reportType) : base (query, UserConfig, reportType)
         {}
 
-        public async Task<ManagementReport[]> getRelevantImportIds(ApiConnection apiConnection)
+        public async Task<List<Management>> getRelevantImportIds(ApiConnection apiConnection)
         {
             Dictionary<string, object> ImpIdQueryVariables = new Dictionary<string, object>();
             ImpIdQueryVariables["time"] = Query.ReportTimeString != "" ? Query.ReportTimeString : DateTime.Now.ToString(DynGraphqlQuery.fullTimeFormat);
             ImpIdQueryVariables["mgmIds"] = Query.RelevantManagementIds;
-            return await apiConnection.SendQueryAsync<ManagementReport[]>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables);
+            return await apiConnection.SendQueryAsync<List<Management>>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables);
         }
 
         public static async Task<(List<string> unsupportedList, DeviceFilter reducedDeviceFilter)> GetUsageDataUnsupportedDevices(ApiConnection apiConnection, DeviceFilter deviceFilter)
@@ -94,7 +94,7 @@ public string DisplayReportHeaderJson()
             {
                 report.AppendLine($"\"date of configuration shown\": \"{DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\",");
             }
-            report.AppendLine($"\"device filter\": \"{string.Join("; ", Array.ConvertAll(ManagementReports, m => m.NameAndDeviceNames()))}\",");
+            report.AppendLine($"\"device filter\": \"{string.Join("; ", Array.ConvertAll(ManagementReports.ToArray(), m => m.NameAndDeviceNames()))}\",");
             report.AppendLine($"\"other filters\": \"{Query.RawFilter}\",");
             report.AppendLine($"\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\",");
             report.AppendLine($"\"data protection level\": \"For internal use only\",");
diff --git a/roles/lib/files/FWO.Report/ReportRules.cs b/roles/lib/files/FWO.Report/ReportRules.cs
index 0ab3d7d5d..10c90bd85 100644
--- a/roles/lib/files/FWO.Report/ReportRules.cs
+++ b/roles/lib/files/FWO.Report/ReportRules.cs
@@ -17,24 +17,25 @@ public class ReportRules : ReportDevicesBase
 
         public ReportRules(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
 
-        public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback, CancellationToken ct)
+        public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback, CancellationToken ct)
         {
             Query.QueryVariables["limit"] = rulesPerFetch;
             Query.QueryVariables["offset"] = 0;
             bool gotNewObjects = true;
 
-            ManagementReport[] managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
+            List<Management> managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
 
-            ManagementReports = new ManagementReport[managementsWithRelevantImportId.Length];
-            int i;
-            for (i = 0; i < managementsWithRelevantImportId.Length; i++)
+            ManagementReports = new ();
+            foreach(var management in managementsWithRelevantImportId)
             {
-                // setting mgmt and relevantImporId QueryVariables 
-                Query.QueryVariables["mgmId"] = managementsWithRelevantImportId[i].Id;
+                Query.QueryVariables["mgmId"] = management.Id;
                 if (ReportType != ReportType.Recertification)
-                    Query.QueryVariables["relevantImportId"] = managementsWithRelevantImportId[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1 /* managment was not yet imported at that time */;
-                ManagementReports[i] = (await apiConnection.SendQueryAsync<ManagementReport[]>(Query.FullQuery, Query.QueryVariables))[0];
-                ManagementReports[i].Import = managementsWithRelevantImportId[i].Import;
+                {
+                    Query.QueryVariables["relevantImportId"] = management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1 /* managment was not yet imported at that time */;
+                }
+                ManagementReport managementReport = (await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables))[0];
+                managementReport.Import = management.Import;
+                ManagementReports.Add(managementReport);
             }
 
             while (gotNewObjects)
@@ -46,19 +47,25 @@ public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConne
                 }
                 gotNewObjects = false;
                 Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + rulesPerFetch;
-                for (i = 0; i < managementsWithRelevantImportId.Length; i++)
+                foreach(var management in managementsWithRelevantImportId)
                 {
-                    Query.QueryVariables["mgmId"] = managementsWithRelevantImportId[i].Id;
+                    Query.QueryVariables["mgmId"] = management.Id;
                     if (ReportType != ReportType.Recertification)
-                        Query.QueryVariables["relevantImportId"] = managementsWithRelevantImportId[i].Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1; /* managment was not yet imported at that time */;
-                    gotNewObjects |= ManagementReports[i].Merge((await apiConnection.SendQueryAsync<ManagementReport[]>(Query.FullQuery, Query.QueryVariables))[0]);
+                    {
+                        Query.QueryVariables["relevantImportId"] = management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1; /* managment was not yet imported at that time */;
+                    }
+                    ManagementReport? mgtToFill = ManagementReports.FirstOrDefault(m => m.Id == management.Id);
+                    if(mgtToFill != null)
+                    {
+                        gotNewObjects |= mgtToFill.Merge((await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables))[0]);
+                    }
                 }
                 await callback(ManagementReports);
             }
             SetReportedRuleIds();
         }
 
-        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback) // to be called when exporting
+        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback) // to be called when exporting
         {
             bool gotAllObjects = true; //whether the fetch count limit was reached during fetching
 
@@ -86,7 +93,7 @@ public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiC
             return gotAllObjects;
         }
 
-        public override async Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
+        public override async Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
         {
             if (!objQueryVariables.ContainsKey("mgmIds") || !objQueryVariables.ContainsKey("limit") || !objQueryVariables.ContainsKey("offset"))
                 throw new ArgumentException("Given objQueryVariables dictionary does not contain variable for management id, limit or offset");
@@ -117,7 +124,7 @@ public override async Task<bool> GetObjectsForManagementInReport(Dictionary<stri
             ManagementReport allFilteredObjects = new ();
             while (newObjects && ++fetchCount <= maxFetchCycles)
             {
-                filteredObjects = (await apiConnection.SendQueryAsync<ManagementReport[]>(query, objQueryVariables))[0];
+                filteredObjects = (await apiConnection.SendQueryAsync<List<ManagementReport>>(query, objQueryVariables))[0];
 
                 if (fetchCount == 1)
                 {
diff --git a/roles/lib/files/FWO.Report/ReportStatistics.cs b/roles/lib/files/FWO.Report/ReportStatistics.cs
index 60b5524b9..a5156abd7 100644
--- a/roles/lib/files/FWO.Report/ReportStatistics.cs
+++ b/roles/lib/files/FWO.Report/ReportStatistics.cs
@@ -16,13 +16,13 @@ public class ReportStatistics : ReportDevicesBase
         public ReportStatistics(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
 
 
-        public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<ManagementReport[], Task> callback, CancellationToken ct)
+        public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback, CancellationToken ct)
         {
-            ManagementReport[] managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
+            List<Management> managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
 
-            List<ManagementReport> resultList = new ();
+            ManagementReports = new ();
 
-            foreach (ManagementReport relevantMgmt in managementsWithRelevantImportId)
+            foreach (Management relevantMgmt in managementsWithRelevantImportId)
             {
                 if (ct.IsCancellationRequested)
                 {
@@ -33,9 +33,8 @@ public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<
                 // setting mgmt and relevantImporId QueryVariables 
                 Query.QueryVariables["mgmId"] = relevantMgmt.Id;
                 Query.QueryVariables["relevantImportId"] = relevantMgmt.Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1 /* managment was not yet imported at that time */;
-                resultList.Add((await apiConnection.SendQueryAsync<ManagementReport[]>(Query.FullQuery, Query.QueryVariables))[0]);
+                ManagementReports.Add((await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables))[0]);
             }
-            ManagementReports = resultList.ToArray();
             await callback(ManagementReports);
 
             foreach (ManagementReport mgm in ManagementReports.Where(mgt => !mgt.Ignore))
@@ -47,7 +46,7 @@ public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<
             }
         }
 
-        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
+        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
         {
             await callback(ManagementReports);
             // currently no further objects to be fetched
@@ -55,7 +54,7 @@ public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiC
             return true;
         }
 
-        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ManagementReport[], Task> callback)
+        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
         {
             return Task.FromResult<bool>(true);
         }
@@ -63,7 +62,8 @@ public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, ob
         public override string ExportToJson()
         {
             globalStatisticsManagement.Name = "global statistics";
-            ManagementReport[] combinedManagements = (new ManagementReport[] { globalStatisticsManagement }).Concat(ManagementReports.Where(mgt => !mgt.Ignore)).ToArray();
+            List<ManagementReport> combinedManagements = new (){ globalStatisticsManagement };
+            combinedManagements.AddRange(ManagementReports.Where(mgt => !mgt.Ignore));
             return JsonSerializer.Serialize(combinedManagements, new JsonSerializerOptions { WriteIndented = true });
         }
 
diff --git a/roles/test/files/FWO.Test/ExportTest.cs b/roles/test/files/FWO.Test/ExportTest.cs
index b061d0473..eef82916a 100644
--- a/roles/test/files/FWO.Test/ExportTest.cs
+++ b/roles/test/files/FWO.Test/ExportTest.cs
@@ -1013,7 +1013,7 @@ private Rule InitRule2(bool resolved)
             };
         }
 
-        private ManagementReport[] ConstructRuleReport(bool resolved)
+        private List<ManagementReport> ConstructRuleReport(bool resolved)
         {
             Rule1 = InitRule1(resolved);
             Rule2 = InitRule2(resolved);
@@ -1034,10 +1034,10 @@ private ManagementReport[] ConstructRuleReport(bool resolved)
                         } 
                     }
                 }
-            }.ToArray();
+            };
         }
 
-        private ManagementReport[] ConstructRecertReport()
+        private List<ManagementReport> ConstructRecertReport()
         {
             RecertRule1 = InitRule1(false);
             RecertRule1.Metadata.RuleRecertification = new List<Recertification>()
@@ -1082,10 +1082,10 @@ private ManagementReport[] ConstructRecertReport()
                         } 
                     }
                 }
-            }.ToArray();
+            };
         }
 
-        private ManagementReport[] ConstructNatRuleReport()
+        private List<ManagementReport> ConstructNatRuleReport()
         {
             NatRule = InitRule1(false);
             NatRule.NatData = new NatData()
@@ -1121,10 +1121,10 @@ private ManagementReport[] ConstructNatRuleReport()
                         new Device(){ Name = "TestDev", Rules = new Rule[]{ NatRule }} 
                     }
                 }
-            }.ToArray();
+            };
         }
 
-        private ManagementReport[] ConstructChangeReport(bool resolved)
+        private List<ManagementReport> ConstructChangeReport(bool resolved)
         {
             Rule1 = InitRule1(resolved);
             Rule1Changed = InitRule1(resolved);
@@ -1196,7 +1196,7 @@ private ManagementReport[] ConstructChangeReport(bool resolved)
                         }
                     }
                 }
-            }.ToArray();
+            };
         }
 
         private string removeGenDate(string exportString, bool html = false, bool json = false)
diff --git a/roles/ui/files/FWO.UI/Pages/Certification.razor b/roles/ui/files/FWO.UI/Pages/Certification.razor
index 5e3476e44..42f90c165 100644
--- a/roles/ui/files/FWO.UI/Pages/Certification.razor
+++ b/roles/ui/files/FWO.UI/Pages/Certification.razor
@@ -88,7 +88,7 @@
         }
     </div>
     <hr />
-    <RulesReport Recertification="true" ReadonlyMode="readonlyMode" Managements="managements" RulesPerPage="rulesPerPage" 
+    <RulesReport Recertification="true" ReadonlyMode="readonlyMode" Managements="managementsReport" RulesPerPage="rulesPerPage" 
         @bind-SelectedRules="selectedRules" SelectedReportType="ReportType.Recertification"/>
 </div>
 
@@ -138,7 +138,7 @@
     private bool rulesFound = false;
     private CancellationTokenSource tokenSource = new CancellationTokenSource();
 
-    private Management[] managements = new Management[0];
+    private List<ManagementReport> managementsReport = new ();
     
     private bool readonlyMode = false;
     public FwoOwner? selectedOwner = null;
@@ -234,7 +234,7 @@
         readonlyMode = !authenticationStateTask!.Result.User.IsInRole(Roles.Recertifier) || selectedOwner == null;
         selectedRules.Clear();
 
-        Management[] managementsOrig = managements;
+        List<ManagementReport> managementsOrig = managementsReport;
         try
         {
             tokenSource = new CancellationTokenSource();
@@ -248,7 +248,7 @@
             }
 
             prepareReport();
-            managements = new Management[0]; // reset management data when switching between reports
+            managementsReport = new (); // reset management data when switching between reports
 
             try
             {
@@ -257,7 +257,7 @@
                     await currentReport.GenerateMgt(userConfig.ElementsPerFetch, apiConnection,
                     managementsReportIntermediate =>
                     {
-                        managements = managementsReportIntermediate;
+                        managementsReport = managementsReportIntermediate;
                         return InvokeAsync(StateHasChanged);
                     }, token);
                 }
@@ -279,7 +279,7 @@
         catch (Exception exception)
         {
             processing = false;
-            managements = managementsOrig;
+            managementsReport = managementsOrig;
             StateHasChanged();
             DisplayMessageInUi(exception, userConfig.GetText("generate_report"), "", true);
         }
@@ -312,7 +312,7 @@
     private void postProcessReport()
     {
         rulesFound = false;
-        foreach (Management management in managements)
+        foreach (var management in managementsReport)
         {
             foreach (Device device in management.Devices)
             {
@@ -380,7 +380,7 @@
         // collect selected recerts + decerts
         Certifications = new List<Rule>();
 
-        foreach (Management management in managements)
+        foreach (var management in managementsReport)
         {
             foreach (Device device in management.Devices)
             {
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index f5a25ee06..e54c1a648 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -187,10 +187,10 @@
     private List<Rule> selectedItemsRuleReportTable = new List<Rule>();
     private List<RuleChange> selectedItemsChangeReportTable = new List<RuleChange>();
 
-    private List<OwnerReport> connectionReport = new();
+    private List<OwnerReport> connectionReport = new ();
     private ModellingAppHandler? appHandler;
-    private ManagementReport[] managementsReport = new ManagementReport[0];
-    List<int> relevantManagementIds = new();
+    private List<ManagementReport> managementsReport = new ();
+    List<int> relevantManagementIds = new ();
     private ManagementReport? globalStats = null;
     private List<ModellingConnection>? globalComSvc = null;
     
@@ -283,7 +283,7 @@
     private void ResetReport()
     {
         // clear report data when switching reportType as we would be missing src/dst/svc information in some cases           
-        managementsReport = new ManagementReport[] {};
+        managementsReport = new ();
         globalStats = null;
         connectionReport = new();
         globalComSvc = null;
@@ -327,7 +327,7 @@
         selectedItemsChangeReportTable.Clear();
 
         // save original report for exception case
-        ManagementReport[] managementsReportOrig = managementsReport;
+        List<ManagementReport> managementsReportOrig = managementsReport;
         try
         {
             if (actReportFilters.ReportType.IsDeviceRelatedReport() && !actReportFilters.DeviceFilter.isAnyDeviceFilterSet())
@@ -343,7 +343,7 @@
             relevantManagementIds = actReportFilters.DeviceFilter.getSelectedManagements();
 
             startTime = DateTime.Now;
-            managementsReport = new ManagementReport[0]; // reset management data when switching between reports
+            managementsReport = new(); // reset management data when switching between reports
             connectionReport = new();
 
             try
@@ -443,7 +443,7 @@
             }, token);
     }
 
-    private bool PrepareMetadata(ManagementReport[] ManagementReports)
+    private bool PrepareMetadata(List<ManagementReport> ManagementReports)
     {
         bool rulesFound = false;
         foreach (var managementReport in ManagementReports)
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ChangesReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ChangesReport.razor
index 89ef048f7..65b15870d 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ChangesReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ChangesReport.razor
@@ -4,7 +4,7 @@
 
 @inject UserConfig userConfig
 
-@foreach (Management management in Managements)
+@foreach (var management in Managements)
 {
     @if (management.Devices.Where(device => device.RuleChanges != null && device.RuleChanges.Count() > 0).Count() > 0)
     {
@@ -131,7 +131,7 @@
     public int RulesPerPage { get; set; }
 
     [Parameter]
-    public Management[] Managements { get; set; } = new Management[]{};
+    public List<ManagementReport> Managements { get; set; } = new ();
 
     [Parameter]
     public ReportType SelectedReportType { get; set; }
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor
index 3810eebfe..b71fa2ff1 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor
@@ -4,7 +4,7 @@
 
 @inject UserConfig userConfig
 
-@foreach (Management management in Managements)
+@foreach (var management in Managements)
 {
     @if (management.Devices.Where(device => device.Rules != null && device.Rules.Count() > 0).Count() > 0)
     {
@@ -251,7 +251,7 @@
     public int Width { get; set; }
 
     [Parameter]
-    public Management[] Managements { get; set; } = new Management[]{};
+    public List<ManagementReport> Managements { get; set; } = new ();
 
     private bool RecertificationHistory { get; set; } = false;
     private ITable<Rule>? reportTable;
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
index 732c728d2..942493801 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
@@ -7,36 +7,41 @@
 @if (GlobalStats != null)
 {
     <h5>@(userConfig.GetText("glob_no_obj"))</h5>
-    <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="ManagementReport" Items="new ManagementReport[] {GlobalStats}">
-        <Column TableItem="ManagementReport" Title="@(userConfig.GetText("network_objects"))" Field="@(m => m.NetworkObjectStatistics.ObjectAggregate.ObjectCount)" />
-        <Column TableItem="ManagementReport" Title="@(userConfig.GetText("service_objects"))" Field="@(m => m.ServiceObjectStatistics.ObjectAggregate.ObjectCount)" />
-        <Column TableItem="ManagementReport" Title="@(userConfig.GetText("user_objects"))" Field="@(m => m.UserObjectStatistics.ObjectAggregate.ObjectCount)" />
-        <Column TableItem="ManagementReport" Title="@(userConfig.GetText("rules"))" Field="@(m => m.RuleStatistics.ObjectAggregate.ObjectCount)" />
-    </Table>
-}
-@foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore))
-{
-    <Collapse Title="@managementReport.Name" Style="@("primary")" StartToggled="false">
-        <h6>@(userConfig.GetText("total_no_obj_mgt"))</h6>
-        <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="ManagementReport" Items="new ManagementReport[] {managementReport}" PageSize="0">
+    <div class="d-flex">
+        <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="ManagementReport" Items="new List<ManagementReport> {GlobalStats}">
             <Column TableItem="ManagementReport" Title="@(userConfig.GetText("network_objects"))" Field="@(m => m.NetworkObjectStatistics.ObjectAggregate.ObjectCount)" />
             <Column TableItem="ManagementReport" Title="@(userConfig.GetText("service_objects"))" Field="@(m => m.ServiceObjectStatistics.ObjectAggregate.ObjectCount)" />
             <Column TableItem="ManagementReport" Title="@(userConfig.GetText("user_objects"))" Field="@(m => m.UserObjectStatistics.ObjectAggregate.ObjectCount)" />
             <Column TableItem="ManagementReport" Title="@(userConfig.GetText("rules"))" Field="@(m => m.RuleStatistics.ObjectAggregate.ObjectCount)" />
         </Table>
-
+    </div>
+}
+@foreach (var managementReport in Managements.Where(mgt => !mgt.Ignore))
+{
+    <Collapse Title="@managementReport.Name" Style="@("primary")" StartToggled="false">
+        <h6>@(userConfig.GetText("total_no_obj_mgt"))</h6>
+        <div class="d-flex">
+            <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="ManagementReport" Items="new List<ManagementReport> {managementReport}" PageSize="0">
+                <Column TableItem="ManagementReport" Title="@(userConfig.GetText("network_objects"))" Field="@(m => m.NetworkObjectStatistics.ObjectAggregate.ObjectCount)" />
+                <Column TableItem="ManagementReport" Title="@(userConfig.GetText("service_objects"))" Field="@(m => m.ServiceObjectStatistics.ObjectAggregate.ObjectCount)" />
+                <Column TableItem="ManagementReport" Title="@(userConfig.GetText("user_objects"))" Field="@(m => m.UserObjectStatistics.ObjectAggregate.ObjectCount)" />
+                <Column TableItem="ManagementReport" Title="@(userConfig.GetText("rules"))" Field="@(m => m.RuleStatistics.ObjectAggregate.ObjectCount)" />
+            </Table>
+        </div>
         <h6>@(userConfig.GetText("no_rules_gtw"))</h6>
-        <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Device" Items="managementReport.Devices" PageSize="0">
-            <Column TableItem="Device" Title="@(userConfig.GetText("gateway"))" Field="@(Device => Device.Name)" />
-            <Column TableItem="Device" Title="@(userConfig.GetText("no_of_rules"))" Field="@(Device => Device.RuleStatistics.ObjectAggregate.ObjectCount)" />
-        </Table>
+        <div class="d-flex">
+            <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Device" Items="managementReport.Devices" PageSize="0">
+                <Column TableItem="Device" Title="@(userConfig.GetText("gateway"))" Field="@(Device => Device.Name)" />
+                <Column TableItem="Device" Title="@(userConfig.GetText("no_of_rules"))" Field="@(Device => Device.RuleStatistics.ObjectAggregate.ObjectCount)" />
+            </Table>
+        </div>
     </Collapse>
 }
 
 @code
 {
     [Parameter]
-    public ManagementReport[] ManagementReports { get; set; } = new ManagementReport[]{};
+    public List<ManagementReport> Managements { get; set; } = new ();
 
     [Parameter]
     public ManagementReport? GlobalStats { get; set; }
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index b3cbf3530..caaaa28cc 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -254,7 +254,7 @@
     AnchorNavToRSB? anchorNavToRSB { get; set; }
 
     [Parameter]
-    public Func<RsbTab, ObjCategory, Func<ManagementReport[], Task>, long, bool, Task>? FetchObjects { get; set; }
+    public Func<RsbTab, ObjCategory, Func<List<ManagementReport>, Task>, long, bool, Task>? FetchObjects { get; set; }
 
     [Parameter]
     public bool Recert { get; set; }
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
index 6640d3c4a..944aadf88 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
@@ -17,7 +17,7 @@
 @code
 {
     [Parameter]
-    public Func<RsbTab, ObjCategory, Func<ManagementReport[], Task>, long, bool, Task>? FetchObjects { get; set; }
+    public Func<RsbTab, ObjCategory, Func<List<ManagementReport>, Task>, long, bool, Task>? FetchObjects { get; set; }
 
     [Parameter]
     public bool Recert { get; set; }
diff --git a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
index 26ee28843..466c3142e 100644
--- a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
+++ b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
@@ -30,7 +30,7 @@
                         </div>
                     </Tab>
                 }
-                @if(ManagementsReport != null && ManagementsReport.Length > 0 && (CurrentReport?.ReportType.IsDeviceRelatedReport() ?? false))
+                @if(ManagementsReport != null && ManagementsReport.Count > 0 && (CurrentReport?.ReportType.IsDeviceRelatedReport() ?? false))
                 {
                     <Tab Title="@(userConfig.GetText("report"))">
                         <div class="d-md-flex justify-content-md-end sticky-marker-45">
@@ -117,7 +117,7 @@
     public EventCallback<List<Rule>> SelectedRulesChanged { get; set; }
 
     [Parameter]
-    public ManagementReport[]? ManagementsReport { get; set; }
+    public List<ManagementReport>? ManagementsReport { get; set; }
 
     [Parameter]
     public bool AllTabVisible { get; set; } = true;
@@ -126,12 +126,12 @@
     public ReportType SelectedReportType  { get; set; } = ReportType.Rules;
 
     [Parameter]
-    public List<OwnerReport>? ConnectionsReport  { get; set; }
+    public List<OwnerReport>? ConnectionsReport { get; set; }
         
     private CollapseState collapseSidebarAll = new CollapseState();
     private CollapseState collapseSidebarReport = new CollapseState();
     private CollapseState collapseSidebarRule = new CollapseState();
-    private ManagementReport[] managementsAllObjects = new ManagementReport[0];
+    private List<ManagementReport> managementsAllObjects = new ();
 
     private int intWidth { get { return Width; } set { Width = value; WidthChanged.InvokeAsync(Width);}}
 
@@ -145,7 +145,7 @@
                 if(AllTabVisible)
                 {
                     PaginationVariables paginationVariables = new PaginationVariables() { Limit = 0, Offset = 0 };
-                    managementsAllObjects = await Connection.SendQueryAsync<ManagementReport[]>(ObjectQueries.getAllObjectDetails, paginationVariables);
+                    managementsAllObjects = await Connection.SendQueryAsync<List<ManagementReport>>(ObjectQueries.getAllObjectDetails, paginationVariables);
                     await InvokeAsync(StateHasChanged);
                 }
             }
@@ -156,11 +156,11 @@
         });
     }
 
-    public async Task FetchContent(RsbTab rsbTab, ObjCategory objType, Func<ManagementReport[], Task> callback, long id = 0, bool nat = false)
+    public async Task FetchContent(RsbTab rsbTab, ObjCategory objType, Func<List<ManagementReport>, Task> callback, long id = 0, bool nat = false)
     {
         Log.WriteDebug("Fetching Content..", $"nat: {nat}");
 
-        ManagementReport[] managementReports = new ManagementReport[0];
+        List<ManagementReport> managementReports = new ();
 
         try
         {
@@ -231,18 +231,18 @@
         }
     }
 
-    private async Task FetchObjects(string query, Dictionary<string, object> queryVars, Func<ManagementReport[], Task> callback)
+    private async Task FetchObjects(string query, Dictionary<string, object> queryVars, Func<List<ManagementReport>, Task> callback)
     {
         // lazy fetch all objects for right sidebar
         try
         {
-            ManagementReport[] managementReports = new ManagementReport[0];
+            List<ManagementReport> managementReports = new ();
             bool newObjects = true;
             int fetchCount = 0;
 
             while (newObjects && (++fetchCount <= userConfig.MaxInitialFetchesRightSidebar || userConfig.AutoFillRightSidebar))
             {
-                ManagementReport[] managementsCurrentFetch = await Connection.SendQueryAsync<ManagementReport[]>(query, queryVars);
+                List<ManagementReport> managementsCurrentFetch = await Connection.SendQueryAsync<List<ManagementReport>>(query, queryVars);
                 if (fetchCount == 1)
                 {
                     managementReports = managementsCurrentFetch;

From f041f171e942c5510426887cb929eb250ac58edb Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Fri, 8 Mar 2024 21:09:38 +0100
Subject: [PATCH 29/84] edit service fixes

---
 .../files/FWO.Api.Client/Data/DisplayBase.cs  |  4 ++
 .../Pages/NetworkModelling/EditService.razor  | 46 ++++++++++++++-----
 .../Services/ModellingServiceHandler.cs       | 16 +++++--
 3 files changed, 52 insertions(+), 14 deletions(-)

diff --git a/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs b/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
index 9c747b664..17307b5d0 100644
--- a/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
@@ -31,6 +31,10 @@ public static StringBuilder DisplayService(NetworkService service, bool isTechRe
                 {
                     result.Append($" ({ports}/{service.Protocol?.Name})");
                 }
+                else if (service.Protocol?.Name != null)
+                {
+                    result.Append($" ({service.Protocol?.Name})");
+                }
             }
             return result;
         }
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
index 0b13b1ca2..acf911f64 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
@@ -5,7 +5,7 @@
 @inject ApiConnection apiConnection
 @inject UserConfig userConfig
 
-@if(Display && InitComplete)
+@if(Display && InitComplete && ServiceHandler != null)
 {
     <PopUp Title="@(AddMode ? userConfig.GetText("add_service") : userConfig.GetText("edit_service"))" Size=PopupSize.Large Show="@Display" OnClose="Cancel">
         <Body>
@@ -13,22 +13,25 @@
                 <label class="col-sm-2 col-form-label col-form-label-sm">@(userConfig.GetText("name")):</label>
                 <input type="text" class="col-sm-7" @bind="ServiceHandler.ActService.Name" />
             </div>
-            <div class="form-group row mt-2">
-                <label class="col-sm-2 col-form-label col-form-label-sm">@(userConfig.GetText("port"))*:</label>
-                <input type="number" min="1" max="65535" class="col-sm-3" @bind="ServiceHandler.ActService.Port" />
-                <label class="col-sm-1 col-form-label col-form-label-sm"> - </label>
-                <input type="number" min="1" max="65535" class=" col-sm-3" @bind="ServiceHandler.ActService.PortEnd" />
-            </div>
             <div class="form-group row mt-2">
                 <label class="col-sm-2 col-form-label col-form-label-sm">@(userConfig.GetText("protocol"))*:</label>
                 <div class="col-sm-7">
-                    <Dropdown ElementType="NetworkProtocol" @bind-SelectedElement="ServiceHandler.ActService.Protocol" ElementToString="@(p => p.Name)" Elements="ipProtos" Nullable="true">
+                    <Dropdown ElementType="NetworkProtocol" @bind-SelectedElement="ServiceHandler.ActService.Protocol" ElementToString="@(p => p.Name)" Elements="ipProtos" Nullable="false">
                         <ElementTemplate Context="proto">
                             @proto.Name
                         </ElementTemplate>
                     </Dropdown>
                 </div>
             </div>
+            @if(!(bool)ServiceHandler.ActService.Protocol?.Name.ToLower().StartsWith("esp"))
+            {
+                <div class="form-group row mt-2">
+                    <label class="col-sm-2 col-form-label col-form-label-sm">@(userConfig.GetText("port"))*:</label>
+                    <input type="number" min="1" max="65535" class="col-sm-3" @bind="ServiceHandler.ActService.Port" />
+                    <label class="col-sm-1 col-form-label col-form-label-sm"> - </label>
+                    <input type="number" min="1" max="65535" class=" col-sm-3" @bind="ServiceHandler.ActService.PortEnd" />
+                </div>
+            }
         </Body>
         <Footer>
             <div class="btn-group">
@@ -67,7 +70,7 @@
     public EventCallback<bool> DisplayChanged { get; set; }
 
     [Parameter]
-    public ModellingServiceHandler ServiceHandler { get; set; }
+    public ModellingServiceHandler? ServiceHandler { get; set; }
 
     [Parameter]
     public bool AddMode { get; set; } = false;
@@ -76,7 +79,7 @@
     public bool AsAdmin { get; set; } = false;
 
 
-    private List<NetworkProtocol> ipProtos = new List<NetworkProtocol>();
+    private List<NetworkProtocol> ipProtos = new ();
     private bool InitComplete = false;
 
     protected override async Task OnInitializedAsync()
@@ -93,9 +96,24 @@
         }
     }
 
+    protected override void OnParametersSet()
+    {
+        try
+        {
+            if(AddMode && ServiceHandler != null && (ServiceHandler.ActService.Protocol == null || ServiceHandler.ActService.Protocol.Id == 0) && ipProtos.Count > 0)
+            {
+                ServiceHandler.ActService.Protocol = ipProtos.First();
+            }
+        }
+        catch (Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("fetch_data"), "", true);
+        }
+    }
+
     private void Cancel()
     {
-        ServiceHandler.Reset();
+        ServiceHandler?.Reset();
         Close();
     }
 
@@ -126,6 +144,12 @@
             ListOut.Add(new NetworkProtocol(icmp));
             ListIn.Remove(icmp);
         }
+        IpProtocol? esp = ListIn.Find(x => x.Name.ToLower() == "esp");
+        if(esp != null)
+        {
+            ListOut.Add(new NetworkProtocol(esp){ Name = esp.Name + "/IPsec(vpn)" });
+            ListIn.Remove(esp);
+        }
         if(!userConfig.ReducedProtocolSet)
         {
             foreach(var proto in ListIn.OrderBy(x => x.Name).ToList())
diff --git a/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
index f85013578..f98375d07 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
@@ -63,13 +63,23 @@ public void Reset()
 
         private bool CheckService()
         {
-            if(ActService.Protocol == null || ActService.Protocol.Id == 0 || ActService.Port == null)
+            if(ActService.Protocol == null || ActService.Protocol.Id == 0)
             {
                 DisplayMessageInUi(null, userConfig.GetText("edit_service"), userConfig.GetText("E5102"), true);
                 return false;
             }
-            if(ActService.Port < 1 || ActService.Port > 65535 || (ActService.PortEnd != null && 
-                (ActService.PortEnd < 1 || ActService.PortEnd > 65535 || ActService.PortEnd < ActService.Port)))
+            if(ActService.Protocol.Name.ToLower().StartsWith("esp"))
+            {
+                ActService.Port = null;
+                ActService.PortEnd = null;
+            }
+            else if(ActService.Port == null)
+            {
+                DisplayMessageInUi(null, userConfig.GetText("edit_service"), userConfig.GetText("E5102"), true);
+                return false;
+            }
+            if(ActService.Port < 1 || ActService.Port > 65535 ||
+                (ActService.PortEnd != null &&  (ActService.PortEnd < 1 || ActService.PortEnd > 65535 || ActService.PortEnd < ActService.Port)))
             {
                 DisplayMessageInUi(null, userConfig.GetText("edit_service"), userConfig.GetText("E5103"), true);
                 return false;

From 3ccd8528997f0c5954b57a3cb8e3ecfe798f2603 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Sat, 9 Mar 2024 12:49:10 +0100
Subject: [PATCH 30/84] introduce reportData class

---
 .../Data/ModellingConnection.cs               |   4 +
 .../files/FWO.Api.Client/Data/OwnerReport.cs  |   9 ++
 .../files/FWO.Api.Client/Data/ReportData.cs   |  22 +++
 roles/lib/files/FWO.Report/ReportBase.cs      |  54 ++++++-
 roles/lib/files/FWO.Report/ReportChanges.cs   |  19 ++-
 .../lib/files/FWO.Report/ReportConnections.cs |  60 ++++++--
 .../lib/files/FWO.Report/ReportDevicesBase.cs |  40 +----
 roles/lib/files/FWO.Report/ReportNatRules.cs  |   2 +-
 .../lib/files/FWO.Report/ReportOwnersBase.cs  |  21 ++-
 roles/lib/files/FWO.Report/ReportRules.cs     |  26 ++--
 .../lib/files/FWO.Report/ReportStatistics.cs  |  16 +-
 .../ImportChangeNotifier.cs                   |   2 +-
 .../FWO.Middleware.Server/RecertCheck.cs      |   2 +-
 .../FWO.Middleware.Server/ReportScheduler.cs  |   6 +-
 roles/test/files/FWO.Test/ExportTest.cs       | 144 ++++++++++--------
 .../files/FWO.Test/SimulatedUserConfig.cs     |   4 +-
 .../files/FWO.UI/Pages/Reporting/Report.razor |  87 ++++++-----
 .../Reporting/Reports/StatisticsReport.razor  |   4 +-
 .../ui/files/FWO.UI/Shared/RightSidebar.razor |  14 +-
 19 files changed, 321 insertions(+), 215 deletions(-)
 create mode 100644 roles/lib/files/FWO.Api.Client/Data/ReportData.cs

diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
index 044c8192f..3672ddfee 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
@@ -61,11 +61,15 @@ public class ModellingConnection
         public bool SrcFromInterface { get; set; } = false;
         public bool DstFromInterface { get; set; } = false;
 
+        public int OrderNumber { get; set; } = 0;
+
+
         public ModellingConnection()
         {}
 
         public ModellingConnection(ModellingConnection conn)
         {
+           OrderNumber = conn.OrderNumber;
            Id = conn.Id;
            AppId = conn.AppId;
            Name = conn.Name;
diff --git a/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs b/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs
index 9d4c1b87f..f5fb054d1 100644
--- a/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs
@@ -14,6 +14,15 @@ public OwnerReport(OwnerReport report)
             Connections = new (report.Connections);
         }
 
+        public void AssignConnectionNumbers()
+        {
+            int connNumber = 1;
+            foreach (var conn in Connections)
+            {
+                conn.OrderNumber = connNumber++;
+            }
+        }
+
         public List<ModellingAppServer> GetAllAppServers()
         {
             List<ModellingAppServer> allAppServers = new();
diff --git a/roles/lib/files/FWO.Api.Client/Data/ReportData.cs b/roles/lib/files/FWO.Api.Client/Data/ReportData.cs
new file mode 100644
index 000000000..52e86e152
--- /dev/null
+++ b/roles/lib/files/FWO.Api.Client/Data/ReportData.cs
@@ -0,0 +1,22 @@
+namespace FWO.Api.Data
+{
+    public class ReportData
+    {
+        public List<ManagementReport> ManagementData = new();
+        public List<OwnerReport> OwnerData = new();
+        public List<ModellingConnection> GlobalComSvc = new();
+        public ManagementReport GlobalStats = new();
+
+
+        public ReportData()
+        {}
+
+        public ReportData(ReportData reportData)
+        {
+            ManagementData = reportData.ManagementData;
+            OwnerData = reportData.OwnerData;
+            GlobalComSvc = reportData.GlobalComSvc;
+            GlobalStats = reportData.GlobalStats;
+        }
+    }
+}
diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index 275ec67f7..eaf750fd1 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -28,7 +28,7 @@ public enum ObjCategory
 
     public abstract class ReportBase
     {
-        protected StringBuilder HtmlTemplate = new StringBuilder($@"
+        protected StringBuilder HtmlTemplate = new ($@"
 <!DOCTYPE html>
 <html>
 <head>
@@ -61,7 +61,7 @@ public abstract class ReportBase
         <p>Filter: ##Filter##</p>
         <p>##Date-of-Config##: ##GeneratedFor## (UTC)</p>
         <p>##GeneratedOn##: ##Date## (UTC)</p>
-        <p>Devices: ##DeviceFilter##</p>
+        <p>##OtherFilters##</p>
         <hr>
         ##Body##
     </body>
@@ -70,11 +70,12 @@ public abstract class ReportBase
         public readonly DynGraphqlQuery Query;
         protected UserConfig userConfig;
         public ReportType ReportType;
+        public ReportData ReportData;
 
         protected string htmlExport = "";
 
         // Pdf converter
-        protected static readonly SynchronizedConverter converter = new SynchronizedConverter(new PdfTools());
+        protected static readonly SynchronizedConverter converter = new (new PdfTools());
         public bool GotObjectsInReport { get; protected set; } = false;
 
 
@@ -89,6 +90,7 @@ public virtual Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection,
         {
             throw new NotImplementedException();
         }
+
         public virtual Task GenerateCon(int _, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback, CancellationToken ct)
         {
             throw new NotImplementedException();
@@ -98,6 +100,7 @@ public virtual Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnecti
         {
             throw new NotImplementedException();
         }
+
         public virtual Task<bool> GetConObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback) // to be called when exporting
         {
             throw new NotImplementedException();
@@ -142,7 +145,50 @@ public static ReportBase ConstructReport(ReportTemplate reportFilter, UserConfig
             };
         }
 
-        public string ToUtcString(string? timestring)
+        protected string GenerateHtmlFrame(string title, string filter, DateTime date, StringBuilder htmlReport, string? deviceFilter = null, string? ownerFilter = null)
+        {
+            if (string.IsNullOrEmpty(htmlExport))
+            {
+                HtmlTemplate = HtmlTemplate.Replace("##Title##", title);
+                HtmlTemplate = HtmlTemplate.Replace("##Filter##", filter);
+                HtmlTemplate = HtmlTemplate.Replace("##GeneratedOn##", userConfig.GetText("generated_on"));
+                HtmlTemplate = HtmlTemplate.Replace("##Date##", date.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK"));
+                if(ReportType.IsChangeReport())
+                {
+                    string timeRange = $"{userConfig.GetText("change_time")}: " +
+                        $"{userConfig.GetText("from")}: {ToUtcString(Query.QueryVariables["start"]?.ToString())}, " +
+                        $"{userConfig.GetText("until")}: {ToUtcString(Query.QueryVariables["stop"]?.ToString())}";
+                    HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##: ##GeneratedFor##", timeRange);
+                }
+                else if(ReportType.IsRuleReport() || ReportType == ReportType.Statistics)
+                {
+                    HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##", userConfig.GetText("date_of_config"));
+                    HtmlTemplate = HtmlTemplate.Replace("##GeneratedFor##", ToUtcString(Query.ReportTimeString));
+                }
+                else
+                {
+                    HtmlTemplate = HtmlTemplate.Replace("<p>##Date-of-Config##: ##GeneratedFor## (UTC)</p>", "");
+                }
+
+                if(deviceFilter != null)
+                {
+                    HtmlTemplate = HtmlTemplate.Replace("##OtherFilters##", userConfig.GetText("devices") + ": " + deviceFilter);
+                }
+                else if (ownerFilter != null)
+                {
+                    HtmlTemplate = HtmlTemplate.Replace("##OtherFilters##", userConfig.GetText("owners") + ": " + ownerFilter);
+                }
+                else
+                {
+                    HtmlTemplate = HtmlTemplate.Replace("<p>##OtherFilters##</p>", "");
+                }
+                HtmlTemplate = HtmlTemplate.Replace("##Body##", htmlReport.ToString());
+                htmlExport = HtmlTemplate.ToString();
+            }
+            return htmlExport;
+        }
+
+        public static string ToUtcString(string? timestring)
         {
             try
             {
diff --git a/roles/lib/files/FWO.Report/ReportChanges.cs b/roles/lib/files/FWO.Report/ReportChanges.cs
index f376cd68b..edc05b0c9 100644
--- a/roles/lib/files/FWO.Report/ReportChanges.cs
+++ b/roles/lib/files/FWO.Report/ReportChanges.cs
@@ -20,9 +20,8 @@ public override async Task GenerateMgt(int changesPerFetch, ApiConnection apiCon
             Query.QueryVariables["limit"] = changesPerFetch;
             Query.QueryVariables["offset"] = 0;
             bool gotNewObjects = true;
-            ManagementReports = new ();
 
-            ManagementReports = await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables);
+            ReportData.ManagementData = await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables);
 
             while (gotNewObjects)
             {
@@ -32,14 +31,14 @@ public override async Task GenerateMgt(int changesPerFetch, ApiConnection apiCon
                     ct.ThrowIfCancellationRequested();
                 }
                 Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + changesPerFetch;
-                gotNewObjects = ManagementReports.Merge(await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables));
-                await callback(ManagementReports);
+                gotNewObjects = ReportData.ManagementData.Merge(await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables));
+                await callback(ReportData.ManagementData);
             }
         }
 
         public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
         {
-            await callback(ManagementReports);
+            await callback(ReportData.ManagementData);
             // currently no further objects to be fetched
             GotObjectsInReport = true;
             return true;
@@ -55,7 +54,7 @@ public override string SetDescription()
             int managementCounter = 0;
             int deviceCounter = 0;
             int ruleChangeCounter = 0;
-            foreach (var management in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            foreach (var management in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0)))
             {
                 managementCounter++;
@@ -78,7 +77,7 @@ public override string ExportToCsv()
                 report.Append(DisplayReportHeaderCsv());
                 report.AppendLine($"\"management-name\",\"device-name\",\"change-time\",\"change-type\",\"rule-name\",\"source-zone\",\"source\",\"destination-zone\",\"destination\",\"service\",\"action\",\"track\",\"rule-enabled\",\"rule-uid\",\"rule-comment\"");
 
-                foreach (var management in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+                foreach (var management in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                         Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0)))
                 {
                     foreach (Device gateway in management.Devices)
@@ -121,7 +120,7 @@ public override string ExportToHtml()
             StringBuilder report = new StringBuilder();
             RuleChangeDisplayHtml ruleChangeDisplayHtml = new RuleChangeDisplayHtml(userConfig);
 
-            foreach (var management in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            foreach (var management in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0)))
             {
                 report.AppendLine($"<h3>{management.Name}</h3>");
@@ -192,7 +191,7 @@ public override string ExportToJson()
             }
             else if (ReportType.IsChangeReport())
             {
-                return System.Text.Json.JsonSerializer.Serialize(ManagementReports.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true });
+                return System.Text.Json.JsonSerializer.Serialize(ReportData.ManagementData.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true });
             }
             else
             {
@@ -206,7 +205,7 @@ private string ExportResolvedChangesToJson()
             report.Append(DisplayReportHeaderJson());
             report.AppendLine("\"managements\": [");
             RuleChangeDisplayJson ruleChangeDisplayJson = new RuleChangeDisplayJson(userConfig);
-            foreach (var management in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            foreach (var management in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0)))
             {
                 report.AppendLine($"{{\"{management.Name}\": {{");
diff --git a/roles/lib/files/FWO.Report/ReportConnections.cs b/roles/lib/files/FWO.Report/ReportConnections.cs
index 7b156e3a5..de31d0275 100644
--- a/roles/lib/files/FWO.Report/ReportConnections.cs
+++ b/roles/lib/files/FWO.Report/ReportConnections.cs
@@ -2,6 +2,7 @@
 using FWO.Api.Client;
 using FWO.Report.Filter;
 using FWO.Config.Api;
+using System.Text;
 using FWO.Logging;
 
 namespace FWO.Report
@@ -29,45 +30,72 @@ public override async Task GenerateCon(int connectionsPerFetch, ApiConnection ap
             //     Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + connectionsPerFetch;
             //     List<ModellingConnection> newConnections = await apiConnection.SendQueryAsync<List<ModellingConnection>>(Query.FullQuery, Query.QueryVariables);
             //     gotNewObjects = newConnections.Count > 0;
-            //     OwnersReport.Connections.AddRange(newConnections);
+            //     ReportData.OwnerData.Connections.AddRange(newConnections);
 
             await callback(conns);
 
             // }
-            OwnersReport.Add(new(){ Connections = conns });
+            //ReportData.OwnerData.Add(new(){ Connections = conns });
         }
 
         public override async Task<bool> GetConObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback)
         {
-            await callback (OwnersReport[0].Connections);
+            await callback (ReportData.OwnerData[0].Connections);
             // currently no further objects to be fetched
             GotObjectsInReport = true;
             return true;
         }
 
-        public override string SetDescription()
+        public override string ExportToHtml()
         {
-            int counter = 0;
-            foreach(var owner in OwnersReport)
+            StringBuilder report = new ();
+            foreach (var ownerReport in ReportData.OwnerData)
             {
-                counter += owner.Connections.Count;
+                ownerReport.AssignConnectionNumbers();
+
+
+                report.AppendLine($"<h3>{ownerReport.Name}</h3>");
+                report.AppendLine("<hr>");
+                report.AppendLine("<table>");
+                AppendConnectionHeadlineHtml(ref report);
+                foreach (var connection in ownerReport.Connections)
+                {
+                    report.AppendLine("<tr>");
+                    report.AppendLine($"<td>{connection.OrderNumber}</td>");
+                    report.AppendLine($"<td>{connection.Id}</td>");
+                    report.AppendLine($"<td>{connection.Name}</td>");
+                    report.AppendLine($"<td>{connection.Reason}</td>");
+
+
+                }
+
+                // show all objects used in this management's rules
             }
-            return $"{counter} {userConfig.GetText("connections")}";
-        }
 
-        public override string ExportToJson()
-        {
-            return "";
+            return GenerateHtmlFrame(userConfig.GetText(ReportType.ToString()), Query.RawFilter, DateTime.Now, report);
         }
 
-        public override string ExportToCsv()
+        private void AppendConnectionHeadlineHtml(ref StringBuilder report)
         {
-            throw new NotImplementedException();
+            report.AppendLine("<tr>");
+            report.AppendLine($"<th>{userConfig.GetText("number")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("id")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("name")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("func_reason")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("source")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("services")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("destination")}</th>");
+            report.AppendLine("</tr>");
         }
 
-        public override string ExportToHtml()
+        public override string SetDescription()
         {
-            return "";
+            int counter = 0;
+            foreach(var owner in ReportData.OwnerData)
+            {
+                counter += owner.Connections.Count;
+            }
+            return $"{counter} {userConfig.GetText("connections")}";
         }
     }
 }
diff --git a/roles/lib/files/FWO.Report/ReportDevicesBase.cs b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
index a6a9e192d..bfc591b25 100644
--- a/roles/lib/files/FWO.Report/ReportDevicesBase.cs
+++ b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
@@ -9,14 +9,12 @@ namespace FWO.Report
 {
     public abstract class ReportDevicesBase : ReportBase
     {
-        public List<ManagementReport> ManagementReports = new ();
-
         public ReportDevicesBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType reportType) : base (query, UserConfig, reportType)
         {}
 
         public async Task<List<Management>> getRelevantImportIds(ApiConnection apiConnection)
         {
-            Dictionary<string, object> ImpIdQueryVariables = new Dictionary<string, object>();
+            Dictionary<string, object> ImpIdQueryVariables = new ();
             ImpIdQueryVariables["time"] = Query.ReportTimeString != "" ? Query.ReportTimeString : DateTime.Now.ToString(DynGraphqlQuery.fullTimeFormat);
             ImpIdQueryVariables["mgmIds"] = Query.RelevantManagementIds;
             return await apiConnection.SendQueryAsync<List<Management>>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables);
@@ -24,8 +22,8 @@ public async Task<List<Management>> getRelevantImportIds(ApiConnection apiConnec
 
         public static async Task<(List<string> unsupportedList, DeviceFilter reducedDeviceFilter)> GetUsageDataUnsupportedDevices(ApiConnection apiConnection, DeviceFilter deviceFilter)
         {
-            List<string> unsupportedList = new List<string>();
-            DeviceFilter reducedDeviceFilter = new DeviceFilter(deviceFilter);
+            List<string> unsupportedList = new ();
+            DeviceFilter reducedDeviceFilter = new (deviceFilter);
             foreach (ManagementSelect management in reducedDeviceFilter.Managements)
             {
                 foreach (DeviceSelect device in management.Devices)
@@ -58,7 +56,7 @@ private static async Task<bool> UsageDataAvailable(ApiConnection apiConnection,
 
         public override bool NoRuleFound()
         {
-            foreach(var mgmt in ManagementReports)
+            foreach(var mgmt in ReportData.ManagementData)
             {
                 foreach(var dev in mgmt.Devices)
                 {
@@ -78,7 +76,7 @@ public override bool NoRuleFound()
         public override string SetDescription()
         {
             int managementCounter = 0;
-            foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore))
+            foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore))
             {
                 managementCounter++;
             }
@@ -94,7 +92,7 @@ public string DisplayReportHeaderJson()
             {
                 report.AppendLine($"\"date of configuration shown\": \"{DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)\",");
             }
-            report.AppendLine($"\"device filter\": \"{string.Join("; ", Array.ConvertAll(ManagementReports.ToArray(), m => m.NameAndDeviceNames()))}\",");
+            report.AppendLine($"\"device filter\": \"{string.Join("; ", Array.ConvertAll(ReportData.ManagementData.ToArray(), m => m.NameAndDeviceNames()))}\",");
             report.AppendLine($"\"other filters\": \"{Query.RawFilter}\",");
             report.AppendLine($"\"report generator\": \"Firewall Orchestrator - https://fwo.cactus.de/en\",");
             report.AppendLine($"\"data protection level\": \"For internal use only\",");
@@ -110,7 +108,7 @@ public string DisplayReportHeaderCsv()
             {
                 report.AppendLine($"# date of configuration shown: {DateTime.Parse(Query.ReportTimeString).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK")} (UTC)");
             }
-            report.AppendLine($"# device filter: {string.Join(" ", Array.ConvertAll(ManagementReports.Where(mgt => !mgt.Ignore).ToArray(), m => m.NameAndDeviceNames(" ")))}");
+            report.AppendLine($"# device filter: {string.Join(" ", Array.ConvertAll(ReportData.ManagementData.Where(mgt => !mgt.Ignore).ToArray(), m => m.NameAndDeviceNames(" ")))}");
             report.AppendLine($"# other filters: {Query.RawFilter}");
             report.AppendLine($"# report generator: Firewall Orchestrator - https://fwo.cactus.de/en");
             report.AppendLine($"# data protection level: For internal use only");
@@ -120,29 +118,7 @@ public string DisplayReportHeaderCsv()
 
         protected string GenerateHtmlFrame(string title, string filter, DateTime date, StringBuilder htmlReport)
         {
-            if (string.IsNullOrEmpty(htmlExport))
-            {
-                HtmlTemplate = HtmlTemplate.Replace("##Title##", title);
-                HtmlTemplate = HtmlTemplate.Replace("##Filter##", filter);
-                HtmlTemplate = HtmlTemplate.Replace("##GeneratedOn##", userConfig.GetText("generated_on"));
-                HtmlTemplate = HtmlTemplate.Replace("##Date##", date.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK"));
-                if(ReportType.IsChangeReport())
-                {
-                    string timeRange = $"{userConfig.GetText("change_time")}: " +
-                        $"{userConfig.GetText("from")}: {ToUtcString(Query.QueryVariables["start"]?.ToString())}, " +
-                        $"{userConfig.GetText("until")}: {ToUtcString(Query.QueryVariables["stop"]?.ToString())}";
-                    HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##: ##GeneratedFor##", timeRange);
-                }
-                else
-                {
-                    HtmlTemplate = HtmlTemplate.Replace("##Date-of-Config##", userConfig.GetText("date_of_config"));
-                    HtmlTemplate = HtmlTemplate.Replace("##GeneratedFor##", ToUtcString(Query.ReportTimeString));
-                }
-                HtmlTemplate = HtmlTemplate.Replace("##DeviceFilter##", string.Join("; ", Array.ConvertAll(ManagementReports.Where(mgt => !mgt.Ignore).ToArray(), m => m.NameAndDeviceNames())));
-                HtmlTemplate = HtmlTemplate.Replace("##Body##", htmlReport.ToString());
-                htmlExport = HtmlTemplate.ToString();
-            }
-            return htmlExport;
+            return GenerateHtmlFrame(title, filter, date, htmlReport, string.Join("; ", Array.ConvertAll(ReportData.ManagementData.Where(mgt => !mgt.Ignore).ToArray(), m => m.NameAndDeviceNames())));
         }
     }
 }
diff --git a/roles/lib/files/FWO.Report/ReportNatRules.cs b/roles/lib/files/FWO.Report/ReportNatRules.cs
index 72cad0c22..a9d66130d 100644
--- a/roles/lib/files/FWO.Report/ReportNatRules.cs
+++ b/roles/lib/files/FWO.Report/ReportNatRules.cs
@@ -17,7 +17,7 @@ public override string ExportToHtml()
             StringBuilder report = new ();
             NatRuleDisplayHtml ruleDisplay = new (userConfig);
 
-            foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore))
+            foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore))
             {
                 report.AppendLine($"<h3>{managementReport.Name}</h3>");
                 report.AppendLine("<hr>");
diff --git a/roles/lib/files/FWO.Report/ReportOwnersBase.cs b/roles/lib/files/FWO.Report/ReportOwnersBase.cs
index 9d0fdcbab..33f3e4090 100644
--- a/roles/lib/files/FWO.Report/ReportOwnersBase.cs
+++ b/roles/lib/files/FWO.Report/ReportOwnersBase.cs
@@ -1,19 +1,34 @@
 using FWO.Api.Data;
 using FWO.Report.Filter;
 using FWO.Config.Api;
+using System.Text.Json;
+using System.Text;
 
 namespace FWO.Report
 {
     public abstract class ReportOwnersBase : ReportBase
     {
-        public List<OwnerReport> OwnersReport = new();
-
         public ReportOwnersBase(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType)
         {}
 
+        public override string ExportToJson()
+        {
+            return JsonSerializer.Serialize(ReportData.OwnerData, new JsonSerializerOptions { WriteIndented = true });;
+        }
+
+        public override string ExportToCsv()
+        {
+            throw new NotImplementedException();
+        }
+
         public override string SetDescription()
         {
-            return $"{OwnersReport.Count} {userConfig.GetText("owners")}";
+            return $"{ReportData.OwnerData.Count} {userConfig.GetText("owners")}";
+        }
+
+        protected string GenerateHtmlFrame(string title, string filter, DateTime date, StringBuilder htmlReport)
+        {
+            return GenerateHtmlFrame(title, filter, date, htmlReport, null, string.Join("; ", Array.ConvertAll(ReportData.OwnerData.ToArray(), m => m.Name)));
         }
     }
 }
diff --git a/roles/lib/files/FWO.Report/ReportRules.cs b/roles/lib/files/FWO.Report/ReportRules.cs
index 10c90bd85..0d0078d89 100644
--- a/roles/lib/files/FWO.Report/ReportRules.cs
+++ b/roles/lib/files/FWO.Report/ReportRules.cs
@@ -25,7 +25,7 @@ public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConne
 
             List<Management> managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
 
-            ManagementReports = new ();
+            ReportData.ManagementData = new ();
             foreach(var management in managementsWithRelevantImportId)
             {
                 Query.QueryVariables["mgmId"] = management.Id;
@@ -35,7 +35,7 @@ public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConne
                 }
                 ManagementReport managementReport = (await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables))[0];
                 managementReport.Import = management.Import;
-                ManagementReports.Add(managementReport);
+                ReportData.ManagementData.Add(managementReport);
             }
 
             while (gotNewObjects)
@@ -54,13 +54,13 @@ public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConne
                     {
                         Query.QueryVariables["relevantImportId"] = management.Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1; /* managment was not yet imported at that time */;
                     }
-                    ManagementReport? mgtToFill = ManagementReports.FirstOrDefault(m => m.Id == management.Id);
+                    ManagementReport? mgtToFill = ReportData.ManagementData.FirstOrDefault(m => m.Id == management.Id);
                     if(mgtToFill != null)
                     {
                         gotNewObjects |= mgtToFill.Merge((await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables))[0]);
                     }
                 }
-                await callback(ManagementReports);
+                await callback(ReportData.ManagementData);
             }
             SetReportedRuleIds();
         }
@@ -71,7 +71,7 @@ public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiC
 
             if (!GotObjectsInReport)
             {
-                foreach (var managementReport in ManagementReports)
+                foreach (var managementReport in ReportData.ManagementData)
                 {
                     if (managementReport.Import.ImportAggregate.ImportAggregateMax.RelevantImportId is not null)
                     {
@@ -99,7 +99,7 @@ public override async Task<bool> GetObjectsForManagementInReport(Dictionary<stri
                 throw new ArgumentException("Given objQueryVariables dictionary does not contain variable for management id, limit or offset");
 
             int mid = (int)objQueryVariables.GetValueOrDefault("mgmIds")!;
-            ManagementReport managementReport = ManagementReports.FirstOrDefault(m => m.Id == mid) ?? throw new ArgumentException("Given management id does not exist for this report");
+            ManagementReport managementReport = ReportData.ManagementData.FirstOrDefault(m => m.Id == mid) ?? throw new ArgumentException("Given management id does not exist for this report");
 
             objQueryVariables.Add("ruleIds", "{" + string.Join(", ", managementReport.ReportedRuleIds) + "}");
             objQueryVariables.Add("importId", managementReport.Import.ImportAggregate.ImportAggregateMax.RelevantImportId!);
@@ -144,7 +144,7 @@ public override async Task<bool> GetObjectsForManagementInReport(Dictionary<stri
 
                 objQueryVariables["offset"] = (int)objQueryVariables["offset"] + elementsPerFetch;
 
-                await callback(ManagementReports);
+                await callback(ReportData.ManagementData);
             }
 
             Log.WriteDebug("Lazy Fetch", $"Fetched sidebar objects in {fetchCount - 1} cycle(s) ({elementsPerFetch} at a time)");
@@ -157,7 +157,7 @@ public override string SetDescription()
             int managementCounter = 0;
             int deviceCounter = 0;
             int ruleCounter = 0;
-            foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0)))
             {
                 managementCounter++;
@@ -172,7 +172,7 @@ public override string SetDescription()
 
         private void SetReportedRuleIds()
         {
-            foreach (var mgt in ManagementReports)
+            foreach (var mgt in ReportData.ManagementData)
             {
                 foreach (Device dev in mgt.Devices.Where(d => (d.Rules != null && d.Rules.Length > 0)))
                 {
@@ -195,7 +195,7 @@ public override string ExportToCsv()
                 report.Append(DisplayReportHeaderCsv());
                 report.AppendLine($"\"management-name\",\"device-name\",\"rule-number\",\"rule-name\",\"source-zone\",\"source\",\"destination-zone\",\"destination\",\"service\",\"action\",\"track\",\"rule-enabled\",\"rule-uid\",\"rule-comment\"");
 
-                foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+                foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                         Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0)))
                 {
                     foreach (Device gateway in managementReport.Devices)
@@ -250,7 +250,7 @@ public override string ExportToJson()
             }
             else if (ReportType.IsRuleReport())
             {
-                return System.Text.Json.JsonSerializer.Serialize(ManagementReports.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true });
+                return System.Text.Json.JsonSerializer.Serialize(ReportData.ManagementData.Where(mgt => !mgt.Ignore), new JsonSerializerOptions { WriteIndented = true });
             }
             else
             {
@@ -264,7 +264,7 @@ private string ExportResolvedRulesToJson()
             report.Append(DisplayReportHeaderJson());
             report.AppendLine("\"managements\": [");
             RuleDisplayJson ruleDisplayJson = new (userConfig);
-            foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0)))
             {
                 report.AppendLine($"{{\"{managementReport.Name}\": {{");
@@ -328,7 +328,7 @@ public override string ExportToHtml()
             StringBuilder report = new ();
             RuleDisplayHtml ruleDisplayHtml = new (userConfig);
 
-            foreach (var managementReport in ManagementReports.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
+            foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                     Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0)))
             {
                 managementReport.AssignRuleNumbers();
diff --git a/roles/lib/files/FWO.Report/ReportStatistics.cs b/roles/lib/files/FWO.Report/ReportStatistics.cs
index a5156abd7..dd8208daa 100644
--- a/roles/lib/files/FWO.Report/ReportStatistics.cs
+++ b/roles/lib/files/FWO.Report/ReportStatistics.cs
@@ -20,7 +20,7 @@ public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<
         {
             List<Management> managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
 
-            ManagementReports = new ();
+            ReportData.ManagementData = new ();
 
             foreach (Management relevantMgmt in managementsWithRelevantImportId)
             {
@@ -33,11 +33,11 @@ public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<
                 // setting mgmt and relevantImporId QueryVariables 
                 Query.QueryVariables["mgmId"] = relevantMgmt.Id;
                 Query.QueryVariables["relevantImportId"] = relevantMgmt.Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1 /* managment was not yet imported at that time */;
-                ManagementReports.Add((await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables))[0]);
+                ReportData.ManagementData.Add((await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables))[0]);
             }
-            await callback(ManagementReports);
+            await callback(ReportData.ManagementData);
 
-            foreach (ManagementReport mgm in ManagementReports.Where(mgt => !mgt.Ignore))
+            foreach (ManagementReport mgm in ReportData.ManagementData.Where(mgt => !mgt.Ignore))
             {
                 globalStatisticsManagement.RuleStatistics.ObjectAggregate.ObjectCount += mgm.RuleStatistics.ObjectAggregate.ObjectCount;
                 globalStatisticsManagement.NetworkObjectStatistics.ObjectAggregate.ObjectCount += mgm.NetworkObjectStatistics.ObjectAggregate.ObjectCount;
@@ -48,7 +48,7 @@ public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<
 
         public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
         {
-            await callback(ManagementReports);
+            await callback(ReportData.ManagementData);
             // currently no further objects to be fetched
             GotObjectsInReport = true;
             return true;
@@ -63,7 +63,7 @@ public override string ExportToJson()
         {
             globalStatisticsManagement.Name = "global statistics";
             List<ManagementReport> combinedManagements = new (){ globalStatisticsManagement };
-            combinedManagements.AddRange(ManagementReports.Where(mgt => !mgt.Ignore));
+            combinedManagements.AddRange(ReportData.ManagementData.Where(mgt => !mgt.Ignore));
             return JsonSerializer.Serialize(combinedManagements, new JsonSerializerOptions { WriteIndented = true });
         }
 
@@ -71,7 +71,7 @@ public override string ExportToCsv()
         {
             StringBuilder csvBuilder = new ();
 
-            foreach (ManagementReport managementReport in ManagementReports.Where(mgt => !mgt.Ignore))
+            foreach (ManagementReport managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore))
             {
                 //foreach (var item in collection)
                 //{
@@ -103,7 +103,7 @@ public override string ExportToHtml()
             report.AppendLine("</table>");
             report.AppendLine("<hr>");
 
-            foreach (ManagementReport managementReport in ManagementReports.Where(mgt => !mgt.Ignore))
+            foreach (ManagementReport managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore))
             {
                 report.AppendLine($"<h4>{userConfig.GetText("no_of_obj")} - {managementReport.Name}</h4>");
                 report.AppendLine("<table>");
diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
index 7f9173a3a..1abaa1447 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
@@ -125,7 +125,7 @@ private async Task GenerateChangeReport()
 
                 changeReport = ReportBase.ConstructReport(new ReportTemplate("", await SetFilters()), userConfig);
 
-                Management[] managements = Array.Empty<Management>();
+                List<ManagementReport> managements = new();
 
                 await changeReport.GenerateMgt(int.MaxValue, apiConnection,
                 managementsReportIntermediate =>
diff --git a/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs b/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
index 9842780f9..7ae51f0bb 100644
--- a/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
@@ -170,7 +170,7 @@ private async Task<List<Rule>> generateRecertificationReport(ApiConnection apiCo
                 };
                 ReportBase? currentReport = ReportBase.ConstructReport(new ReportTemplate("", reportParams), userConfig);
 
-                Management[] managements = new Management[0];
+                List<ManagementReport> managements = new ();
 
                 await currentReport.GenerateMgt(int.MaxValue, apiConnection,
                 managementsReportIntermediate =>
diff --git a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
index 8a7127e68..c7b07678b 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
@@ -148,7 +148,7 @@ private Task GenerateReport(ReportSchedule reportSchedule, DateTime dateTimeNowR
                     ReportBase report = ReportBase.ConstructReport(reportSchedule.Template, userConfig);
                     if(report.ReportType.IsDeviceRelatedReport())
                     {
-                        Management[] managementsReport = Array.Empty<Management>();
+                        List<ManagementReport> managementsReport = new ();
                         await report.GenerateMgt(int.MaxValue, apiConnectionUserContext, 
                             managementsReportIntermediate =>
                             {
@@ -258,12 +258,12 @@ private static async Task SaveReport(ReportFile reportFile, string desc, ApiConn
             }
         }
 
-        private static void SetRelevantManagements(ref Management[] managementsReport, DeviceFilter deviceFilter)
+        private static void SetRelevantManagements(ref List<ManagementReport> managementsReport, DeviceFilter deviceFilter)
         {
             if (deviceFilter.isAnyDeviceFilterSet())
             {
                 List<int> relevantManagements = deviceFilter.getSelectedManagements();
-                foreach (Management mgm in managementsReport)
+                foreach (var mgm in managementsReport)
                 {
                     mgm.Ignore = !relevantManagements.Contains(mgm.Id);
                 }
diff --git a/roles/test/files/FWO.Test/ExportTest.cs b/roles/test/files/FWO.Test/ExportTest.cs
index eef82916a..649e9b340 100644
--- a/roles/test/files/FWO.Test/ExportTest.cs
+++ b/roles/test/files/FWO.Test/ExportTest.cs
@@ -54,7 +54,7 @@ public void RulesGenerateHtml()
             Log.WriteInfo("Test Log", "starting rules report html generation");
             ReportRules reportRules = new (query, userConfig, ReportType.Rules)
             {
-                ManagementReports = ConstructRuleReport(false)
+                ReportData = ConstructRuleReport(false)
             };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Rules Report</title>" +
@@ -105,7 +105,7 @@ public void ResolvedRulesGenerateHtml()
             Log.WriteInfo("Test Log", "starting rules report resolved html generation");
             ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRules)
             {
-                ManagementReports = ConstructRuleReport(true)
+                ReportData = ConstructRuleReport(true)
             };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Rules Report (resolved)</title>" +
@@ -141,7 +141,7 @@ public void ResolvedRulesTechGenerateHtml()
             Log.WriteInfo("Test Log", "starting rules report resolved html generation");
             ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRulesTech)
             {
-                ManagementReports = ConstructRuleReport(true)
+                ReportData = ConstructRuleReport(true)
             };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Rules Report (technical)</title>" +
@@ -177,7 +177,7 @@ public void UnusedRulesGenerateHtml()
             Log.WriteInfo("Test Log", "starting unused rules report html generation");
             ReportRules reportRules = new (query, userConfig, ReportType.UnusedRules)
             {
-                ManagementReports = ConstructRuleReport(false)
+                ReportData = ConstructRuleReport(false)
             };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Unused Rules Report</title>" +
@@ -228,7 +228,7 @@ public void RecertReportGenerateHtml()
             Log.WriteInfo("Test Log", "starting recert report html generation");
             ReportRules reportRecerts = new (query, userConfig, ReportType.Recertification)
             {
-                ManagementReports = ConstructRecertReport()
+                ReportData = ConstructRecertReport()
             };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Recertification Report</title>" +
@@ -296,7 +296,7 @@ public void NatRulesGenerateHtml()
             Log.WriteInfo("Test Log", "starting nat rules report html generation");
             ReportNatRules reportNatRules = new (query, userConfig, ReportType.NatRules)
             {
-                ManagementReports = ConstructNatRuleReport()
+                ReportData = ConstructNatRuleReport()
             };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>NAT Rules Report</title>" +
@@ -346,7 +346,7 @@ public void ChangesGenerateHtml()
             Log.WriteInfo("Test Log", "starting changes report html generation");
             ReportChanges reportChanges = new (query, userConfig, ReportType.Changes)
             {
-                ManagementReports = ConstructChangeReport(false)
+                ReportData = ConstructChangeReport(false)
             };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Changes Report</title>" +
@@ -412,7 +412,7 @@ public void ResolvedChangesGenerateHtml()
             Log.WriteInfo("Test Log", "starting changes report resolved html generation");
             ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChanges)
             {
-                ManagementReports = ConstructChangeReport(true)
+                ReportData = ConstructChangeReport(true)
             };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Changes Report (resolved)</title>" +
@@ -474,7 +474,7 @@ public void ResolvedChangesTechGenerateHtml()
             Log.WriteInfo("Test Log", "starting changes report tech html generation");
             ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChangesTech)
             {
-                ManagementReports = ConstructChangeReport(true)
+                ReportData = ConstructChangeReport(true)
             };
 
             string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Changes Report (technical)</title>" +
@@ -538,7 +538,7 @@ public void ResolvedRulesGenerateCsv()
             Log.WriteInfo("Test Log", "starting rules report resolved csv generation");
             ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRules)
             {
-                ManagementReports = ConstructRuleReport(true)
+                ReportData = ConstructRuleReport(true)
             };
 
             string expectedCsvResult = "# report type: Rules Report (resolved)" +
@@ -560,7 +560,7 @@ public void ResolvedRulesTechGenerateCsv()
             Log.WriteInfo("Test Log", "starting rules report tech csv generation");
             ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRulesTech)
             {
-                ManagementReports = ConstructRuleReport(true)
+                ReportData = ConstructRuleReport(true)
             };
 
             string expectedCsvResult = "# report type: Rules Report (technical)" +
@@ -582,7 +582,7 @@ public void ResolvedChangesGenerateCsv()
             Log.WriteInfo("Test Log", "starting changes report resolved csv generation");
             ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChanges)
             {
-                ManagementReports = ConstructChangeReport(true)
+                ReportData = ConstructChangeReport(true)
             };
 
             string expectedCsvResult = "# report type: Changes Report (resolved)" +
@@ -611,7 +611,7 @@ public void ResolvedChangesTechGenerateCsv()
             Log.WriteInfo("Test Log", "starting changes report tech csv generation");
             ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChangesTech)
             {
-                ManagementReports = ConstructChangeReport(true)
+                ReportData = ConstructChangeReport(true)
             };
 
             string expectedCsvResult = "# report type: Changes Report (technical)" +
@@ -635,7 +635,7 @@ public void RulesGenerateJson()
             Log.WriteInfo("Test Log", "starting rules report json generation");
             ReportRules reportRules = new (query, userConfig, ReportType.Rules)
             {
-                ManagementReports = ConstructRuleReport(false)
+                ReportData = ConstructRuleReport(false)
             };
 
             string expectedJsonResult = 
@@ -703,7 +703,7 @@ public void ResolvedRulesGenerateJson()
             Log.WriteInfo("Test Log", "starting resolved rules report json generation");
             ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRules)
             {
-                ManagementReports = ConstructRuleReport(true)
+                ReportData = ConstructRuleReport(true)
             };
 
             string expectedJsonResult = 
@@ -728,7 +728,7 @@ public void ResolvedRulesTechGenerateJson()
             Log.WriteInfo("Test Log", "starting resolved rules report tech json generation");
             ReportRules reportRules = new (query, userConfig, ReportType.ResolvedRulesTech)
             {
-                ManagementReports = ConstructRuleReport(true)
+                ReportData = ConstructRuleReport(true)
             };
 
             string expectedJsonResult = 
@@ -754,7 +754,7 @@ public void ChangesGenerateJson()
             Log.WriteInfo("Test Log", "starting changes report json generation");
             ReportChanges reportChanges = new (query, userConfig, ReportType.Changes)
             {
-                ManagementReports = ConstructChangeReport(false)
+                ReportData = ConstructChangeReport(false)
             };
 
             string expectedJsonResult = 
@@ -856,7 +856,7 @@ public void ResolvedChangesGenerateJson()
             Log.WriteInfo("Test Log", "starting resolved changes report json generation");
             ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChanges)
             {
-                ManagementReports = ConstructChangeReport(true)
+                ReportData = ConstructChangeReport(true)
             };
 
             string expectedJsonResult = 
@@ -888,7 +888,7 @@ public void ResolvedChangesTechGenerateJson()
             Log.WriteInfo("Test Log", "starting resolved changes report json generation");
             ReportChanges reportChanges = new (query, userConfig, ReportType.ResolvedChangesTech)
             {
-                ManagementReports = ConstructChangeReport(true)
+                ReportData = ConstructChangeReport(true)
             };
 
             string expectedJsonResult = 
@@ -1013,31 +1013,34 @@ private Rule InitRule2(bool resolved)
             };
         }
 
-        private List<ManagementReport> ConstructRuleReport(bool resolved)
+        private ReportData ConstructRuleReport(bool resolved)
         {
             Rule1 = InitRule1(resolved);
             Rule2 = InitRule2(resolved);
-            return new List<ManagementReport>()
+            return new ReportData()
             {
-                new ManagementReport()
-                { 
-                    Name = "TestMgt",
-                    ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange },
-                    ReportServices = new NetworkService[]{ TestService1, TestService2 },
-                    ReportUsers = new NetworkUser[]{ TestUser1, TestUser2 },
-                    Devices = new Device[]
+                ManagementData = new List<ManagementReport>()
+                {
+                    new ManagementReport()
                     { 
-                        new Device()
+                        Name = "TestMgt",
+                        ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange },
+                        ReportServices = new NetworkService[]{ TestService1, TestService2 },
+                        ReportUsers = new NetworkUser[]{ TestUser1, TestUser2 },
+                        Devices = new Device[]
                         { 
-                            Name = "TestDev",
-                            Rules = new Rule[]{ Rule1, Rule2 }
-                        } 
+                            new Device()
+                            { 
+                                Name = "TestDev",
+                                Rules = new Rule[]{ Rule1, Rule2 }
+                            } 
+                        }
                     }
                 }
             };
         }
 
-        private List<ManagementReport> ConstructRecertReport()
+        private ReportData ConstructRecertReport()
         {
             RecertRule1 = InitRule1(false);
             RecertRule1.Metadata.RuleRecertification = new List<Recertification>()
@@ -1065,27 +1068,30 @@ private List<ManagementReport> ConstructRecertReport()
                     IpMatch = TestIpRange.Name
                 }
             };
-            return new List<ManagementReport>()
+            return new ReportData()
             {
-                new ManagementReport()
-                { 
-                    Name = "TestMgt",
-                    ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange },
-                    ReportServices = new NetworkService[]{ TestService1, TestService2 },
-                    ReportUsers = new NetworkUser[]{ TestUser1, TestUser2 },
-                    Devices = new Device[]
+                ManagementData = new List<ManagementReport>()
+                {
+                    new ManagementReport()
                     { 
-                        new Device()
+                        Name = "TestMgt",
+                        ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange },
+                        ReportServices = new NetworkService[]{ TestService1, TestService2 },
+                        ReportUsers = new NetworkUser[]{ TestUser1, TestUser2 },
+                        Devices = new Device[]
                         { 
-                            Name = "TestDev", 
-                            Rules = new Rule[]{ RecertRule1, RecertRule2 }
-                        } 
+                            new Device()
+                            { 
+                                Name = "TestDev", 
+                                Rules = new Rule[]{ RecertRule1, RecertRule2 }
+                            } 
+                        }
                     }
                 }
             };
         }
 
-        private List<ManagementReport> ConstructNatRuleReport()
+        private ReportData ConstructNatRuleReport()
         {
             NatRule = InitRule1(false);
             NatRule.NatData = new NatData()
@@ -1108,23 +1114,26 @@ private List<ManagementReport> ConstructNatRuleReport()
                     new ServiceWrapper(){ Content = TestService2 }
                 }
             };
-            return new List<ManagementReport>()
+            return new ReportData()
             {
-                new ManagementReport()
-                { 
-                    Name = "TestMgt",
-                    ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange, TestIpNew, TestIp1Changed },
-                    ReportServices = new NetworkService[]{ TestService1, TestService2 },
-                    ReportUsers = new NetworkUser[]{ TestUser2 },
-                    Devices = new Device[]
+                ManagementData = new List<ManagementReport>()
+                {
+                    new ManagementReport()
                     { 
-                        new Device(){ Name = "TestDev", Rules = new Rule[]{ NatRule }} 
+                        Name = "TestMgt",
+                        ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange, TestIpNew, TestIp1Changed },
+                        ReportServices = new NetworkService[]{ TestService1, TestService2 },
+                        ReportUsers = new NetworkUser[]{ TestUser2 },
+                        Devices = new Device[]
+                        { 
+                            new Device(){ Name = "TestDev", Rules = new Rule[]{ NatRule }} 
+                        }
                     }
                 }
             };
         }
 
-        private List<ManagementReport> ConstructChangeReport(bool resolved)
+        private ReportData ConstructChangeReport(bool resolved)
         {
             Rule1 = InitRule1(resolved);
             Rule1Changed = InitRule1(resolved);
@@ -1182,17 +1191,20 @@ private List<ManagementReport> ConstructChangeReport(bool resolved)
                 ChangeImport = new ChangeImport(){ Time = new DateTime(2023,04,05,12,0,0) },
                 OldRule = Rule2
             };
-            return new List<ManagementReport>()
+            return new ReportData()
             {
-                new ManagementReport()
-                { 
-                    Name = "TestMgt",
-                    Devices = new Device[]
-                    {
-                        new Device()
-                        { 
-                            Name = "TestDev",
-                            RuleChanges = new RuleChange[]{ ruleChange1, ruleChange2, ruleChange3, ruleChange4 }
+                ManagementData = new List<ManagementReport>()
+                {
+                    new ManagementReport()
+                    { 
+                        Name = "TestMgt",
+                        Devices = new Device[]
+                        {
+                            new Device()
+                            { 
+                                Name = "TestDev",
+                                RuleChanges = new RuleChange[]{ ruleChange1, ruleChange2, ruleChange3, ruleChange4 }
+                            }
                         }
                     }
                 }
diff --git a/roles/test/files/FWO.Test/SimulatedUserConfig.cs b/roles/test/files/FWO.Test/SimulatedUserConfig.cs
index d184a455d..c7264d728 100644
--- a/roles/test/files/FWO.Test/SimulatedUserConfig.cs
+++ b/roles/test/files/FWO.Test/SimulatedUserConfig.cs
@@ -56,7 +56,9 @@ internal class SimulatedUserConfig : UserConfig
             {"until","until"},
             {"C9001","This object was..."},
             {"C9002","This App Server was..."},
-            {"is_in_use","Is in use"}
+            {"is_in_use","Is in use"},
+            {"devices","Devices"},
+            {"owners","Owners"}
         };
 
         public override string GetText(string key)
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index e54c1a648..7a9b1dee5 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -111,23 +111,23 @@
                         case ReportType.Recertification:
                         case ReportType.UnusedRules:
                         case ReportType.NatRules:
-                            <RulesReport Managements="managementsReport" SelectedReportType="actReportFilters.ReportType" RulesPerPage="rulesPerPage" 
+                            <RulesReport Managements="currentReport.ReportData.ManagementData" SelectedReportType="actReportFilters.ReportType" RulesPerPage="rulesPerPage" 
                                 @bind-SelectedRules="selectedItemsRuleReportTable" />
                             break;
 
                         case ReportType.Changes:
                         case ReportType.ResolvedChanges:
                         case ReportType.ResolvedChangesTech:
-                            <ChangesReport Managements="managementsReport" SelectedReportType="actReportFilters.ReportType" RulesPerPage="rulesPerPage"
+                            <ChangesReport Managements="currentReport.ReportData.ManagementData" SelectedReportType="actReportFilters.ReportType" RulesPerPage="rulesPerPage"
                                 @bind-SelectedRuleChanges="selectedItemsChangeReportTable" />
                             break;
 
                         case ReportType.Statistics:
-                            <StatisticsReport Managements="managementsReport" GlobalStats="globalStats"/>
+                            <StatisticsReport Managements="currentReport.ReportData.ManagementData" GlobalStats="currentReport.ReportData.GlobalStats"/>
                             break;
 
                         case ReportType.Connections:
-                            <ConnectionsReport AppHandler="appHandler" AllCommonServices="globalComSvc"/>
+                            <ConnectionsReport AppHandler="appHandler" AllCommonServices="currentReport.ReportData.GlobalComSvc"/>
                             break;
 
                         default:
@@ -154,8 +154,7 @@
 
     @* ==== RIGHT SIDEBAR ==== *@
     <RightSidebar @bind-Width="sidebarRightWidth" Tabset="rsbTabset" AnchorNavToRSB="anchorNavToRSB" CurrentReport="currentReport"
-        @bind-SelectedRules="selectedItemsRuleReportTable" ManagementsReport="actReportFilters.ReportType.IsDeviceRelatedReport() ? managementsReport : null" 
-        ConnectionsReport="actReportFilters.ReportType.IsModellingReport() ? connectionReport : null"
+        @bind-SelectedRules="selectedItemsRuleReportTable" 
         AllTabVisible="(tenantFilteringAllowed && actReportFilters.SelectedTenant == null)"
         SelectedReportType = "actReportFilters.ReportType"/>
     <AnchorNavToRSB @ref="anchorNavToRSB" TabSet="rsbTabset" />
@@ -187,12 +186,8 @@
     private List<Rule> selectedItemsRuleReportTable = new List<Rule>();
     private List<RuleChange> selectedItemsChangeReportTable = new List<RuleChange>();
 
-    private List<OwnerReport> connectionReport = new ();
     private ModellingAppHandler? appHandler;
-    private List<ManagementReport> managementsReport = new ();
     List<int> relevantManagementIds = new ();
-    private ManagementReport? globalStats = null;
-    private List<ModellingConnection>? globalComSvc = null;
     
     private ReportFilters actReportFilters = new ();
     private bool InitDone = false;
@@ -282,11 +277,11 @@
 
     private void ResetReport()
     {
-        // clear report data when switching reportType as we would be missing src/dst/svc information in some cases           
-        managementsReport = new ();
-        globalStats = null;
-        connectionReport = new();
-        globalComSvc = null;
+        // clear report data when switching reportType as we would be missing src/dst/svc information in some cases
+        if (currentReport != null)
+        {
+            currentReport.ReportData = new ();
+        }
         reportGenerationDuration = 0;
     }
 
@@ -327,7 +322,7 @@
         selectedItemsChangeReportTable.Clear();
 
         // save original report for exception case
-        List<ManagementReport> managementsReportOrig = managementsReport;
+        List<ManagementReport> managementsReportOrig = currentReport?.ReportData.ManagementData ?? new();
         try
         {
             if (actReportFilters.ReportType.IsDeviceRelatedReport() && !actReportFilters.DeviceFilter.isAnyDeviceFilterSet())
@@ -336,30 +331,16 @@
                 return;
             }
             processing = true;
+            startTime = DateTime.Now;
 
             await PrepareReportGeneration();
-
-            // save selected managements before resetting
-            relevantManagementIds = actReportFilters.DeviceFilter.getSelectedManagements();
-
-            startTime = DateTime.Now;
-            managementsReport = new(); // reset management data when switching between reports
-            connectionReport = new();
+            ResetReport(); // reset management data when switching between reports
 
             try
             {
                 if(currentReport.ReportType.IsModellingReport())
                 {
-                    connectionReport.Add(new OwnerReport(){ Name = actReportFilters.ModellingFilter.SelectedOwner.Name });
-                    await currentReport.GenerateCon(userConfig.ElementsPerFetch, apiConnection,
-                    connectionReportIntermediate =>
-                    {
-                        connectionReport[0].Connections = connectionReportIntermediate;
-                        return InvokeAsync(StateHasChanged);
-                    }, token);
-                    appHandler = new (apiConnection, userConfig, actReportFilters.ModellingFilter.SelectedOwner, DisplayMessageInUi);
-                    await appHandler.Init(connectionReport[0].Connections);
-                    globalComSvc = await apiConnection.SendQueryAsync<List<ModellingConnection>>(ModellingQueries.getCommonServices);
+                    await GenerateConnectionsReport(token);
                 }
                 else if(currentReport.ReportType == ReportType.Statistics)
                 {
@@ -370,13 +351,13 @@
                     await currentReport.GenerateMgt(userConfig.ElementsPerFetch, apiConnection,
                     managementsReportIntermediate =>
                     {
-                        managementsReport = managementsReportIntermediate;
+                        currentReport.ReportData.ManagementData = managementsReportIntermediate;
                         setRelevantManagements();
                         return InvokeAsync(StateHasChanged);
                     }, token);
                     if (currentReport.ReportType == ReportType.Recertification)
                     {
-                        PrepareMetadata(managementsReport);
+                        PrepareMetadata(currentReport.ReportData.ManagementData);
                     }
                 }
             }
@@ -392,7 +373,7 @@
         catch (Exception exception)
         {
             processing = false;
-            managementsReport = managementsReportOrig;
+            currentReport.ReportData.ManagementData = managementsReportOrig;
             reportTemplateControl.Uncollapse();
             await InvokeAsync(StateHasChanged);
             DisplayMessageInUi(exception, userConfig.GetText("generate_report"), "", true);
@@ -419,24 +400,42 @@
         }
 
         currentReport = ReportBase.ConstructReport(ConstructReportTemplate(), userConfig);
+
+        // save selected managements before resetting
+        relevantManagementIds = actReportFilters.DeviceFilter.getSelectedManagements();
+    }
+
+    private async Task GenerateConnectionsReport(CancellationToken token)
+    {
+        currentReport.ReportData.OwnerData.Add(new OwnerReport(){ Name = actReportFilters.ModellingFilter.SelectedOwner.Name });
+        await currentReport.GenerateCon(userConfig.ElementsPerFetch, apiConnection,
+        connIntermediate =>
+        {
+            currentReport.ReportData.OwnerData[0].Connections = connIntermediate;
+            return InvokeAsync(StateHasChanged);
+        }, token);
+        appHandler = new (apiConnection, userConfig, actReportFilters.ModellingFilter.SelectedOwner, DisplayMessageInUi);
+        await appHandler.Init(currentReport.ReportData.OwnerData[0].Connections);
+        currentReport.ReportData.GlobalComSvc = await apiConnection.SendQueryAsync<List<ModellingConnection>>(ModellingQueries.getCommonServices);
+
     }
 
     private async Task GenerateStatisticsReport(CancellationToken token)
     {
-        globalStats = new ManagementReport();
+        currentReport.ReportData.GlobalStats = new ();
         await currentReport.GenerateMgt(0, apiConnection,
             managementsReportIntermediate =>
             {
-                managementsReport = managementsReportIntermediate;
+                currentReport.ReportData.ManagementData = managementsReportIntermediate;
                 setRelevantManagements();
                 return InvokeAsync(() =>
                 {
-                    foreach (var mgm in managementsReport.Where(mgt => !mgt.Ignore))
+                    foreach (var mgm in currentReport.ReportData.ManagementData.Where(mgt => !mgt.Ignore))
                     {
-                        globalStats.RuleStatistics.ObjectAggregate.ObjectCount += mgm.RuleStatistics.ObjectAggregate.ObjectCount;
-                        globalStats.NetworkObjectStatistics.ObjectAggregate.ObjectCount += mgm.NetworkObjectStatistics.ObjectAggregate.ObjectCount;
-                        globalStats.ServiceObjectStatistics.ObjectAggregate.ObjectCount += mgm.ServiceObjectStatistics.ObjectAggregate.ObjectCount;
-                        globalStats.UserObjectStatistics.ObjectAggregate.ObjectCount += mgm.UserObjectStatistics.ObjectAggregate.ObjectCount;
+                        currentReport.ReportData.GlobalStats.RuleStatistics.ObjectAggregate.ObjectCount += mgm.RuleStatistics.ObjectAggregate.ObjectCount;
+                        currentReport.ReportData.GlobalStats.NetworkObjectStatistics.ObjectAggregate.ObjectCount += mgm.NetworkObjectStatistics.ObjectAggregate.ObjectCount;
+                        currentReport.ReportData.GlobalStats.ServiceObjectStatistics.ObjectAggregate.ObjectCount += mgm.ServiceObjectStatistics.ObjectAggregate.ObjectCount;
+                        currentReport.ReportData.GlobalStats.UserObjectStatistics.ObjectAggregate.ObjectCount += mgm.UserObjectStatistics.ObjectAggregate.ObjectCount;
                     }
                     StateHasChanged();
                 });
@@ -485,7 +484,7 @@
 
     private void setRelevantManagements()
     {
-        foreach (var mgm in managementsReport)
+        foreach (var mgm in currentReport.ReportData.ManagementData)
         {
             mgm.Ignore = !relevantManagementIds.Contains(mgm.Id);
         }
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
index 942493801..a8ad2e91e 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
@@ -4,7 +4,7 @@
 
 @inject UserConfig userConfig
 
-@if (GlobalStats != null)
+@if (Managements.Count > 0)
 {
     <h5>@(userConfig.GetText("glob_no_obj"))</h5>
     <div class="d-flex">
@@ -44,5 +44,5 @@
     public List<ManagementReport> Managements { get; set; } = new ();
 
     [Parameter]
-    public ManagementReport? GlobalStats { get; set; }
+    public ManagementReport GlobalStats { get; set; } = new ();
 }
diff --git a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
index 466c3142e..7fe414cf3 100644
--- a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
+++ b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
@@ -30,7 +30,7 @@
                         </div>
                     </Tab>
                 }
-                @if(ManagementsReport != null && ManagementsReport.Count > 0 && (CurrentReport?.ReportType.IsDeviceRelatedReport() ?? false))
+                @if(CurrentReport?.ReportData.ManagementData.Count > 0 && (CurrentReport?.ReportType.IsRuleReport() ?? false))
                 {
                     <Tab Title="@(userConfig.GetText("report"))">
                         <div class="d-md-flex justify-content-md-end sticky-marker-45">
@@ -39,7 +39,7 @@
                         <div class="mt-2">
                             <CascadingValue Value="collapseSidebarReport">
                                 <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.report" InputDataType="ManagementReport" 
-                                    Data="ManagementsReport.Where(m => (m.Devices.Where(d => d.Rules != null && d.Rules.Count() > 0).Count() > 0))"
+                                    Data="CurrentReport.ReportData.ManagementData.Where(m => (m.Devices.Where(d => d.Rules != null && d.Rules.Count() > 0).Count() > 0))"
                                     NameExtractor="man => man.Name"
                                     NetworkObjectExtractor="man => man.ReportObjects"
                                     NetworkServiceExtractor="man => man.ReportServices"
@@ -67,7 +67,7 @@
                         </div>
                     </Tab>
                 }
-                @if(ConnectionsReport != null && ConnectionsReport.Count > 0 && (CurrentReport?.ReportType.IsModellingReport() ?? false))
+                @if(CurrentReport?.ReportData.OwnerData.Count > 0 && (CurrentReport?.ReportType.IsModellingReport() ?? false))
                 {
                     <Tab Title="@(userConfig.GetText("used_objects"))">
                         <div class="d-md-flex justify-content-md-end sticky-marker-45">
@@ -76,7 +76,7 @@
                         <div class="mt-2">
                             <CascadingValue Value="collapseSidebarReport">
                                 <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.usedObj" InputDataType="OwnerReport" 
-                                    Data="ConnectionsReport"
+                                    Data="CurrentReport.ReportData.OwnerData"
                                     NameExtractor="own => own.Name" 
                                     NetworkObjectExtractor="own => own.GetAllNetworkObjects()"
                                     NetworkServiceExtractor="own => own.GetAllServices()"
@@ -116,17 +116,11 @@
     [Parameter]
     public EventCallback<List<Rule>> SelectedRulesChanged { get; set; }
 
-    [Parameter]
-    public List<ManagementReport>? ManagementsReport { get; set; }
-
     [Parameter]
     public bool AllTabVisible { get; set; } = true;
 
     [Parameter]
     public ReportType SelectedReportType  { get; set; } = ReportType.Rules;
-
-    [Parameter]
-    public List<OwnerReport>? ConnectionsReport { get; set; }
         
     private CollapseState collapseSidebarAll = new CollapseState();
     private CollapseState collapseSidebarReport = new CollapseState();

From ceb362d0d9175210ff4b4ee367811c89319532f5 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Mon, 11 Mar 2024 12:51:25 +0100
Subject: [PATCH 31/84] restructure mgt classes

---
 roles/lib/files/FWO.Api.Client/Data/Device.cs |  71 -----------
 .../files/FWO.Api.Client/Data/Management.cs   |  13 --
 .../FWO.Api.Client/Data/ModellingFilter.cs    |   9 +-
 .../lib/files/FWO.Report/Data/DeviceReport.cs |  99 +++++++++++++++
 .../Data/ManagementReport.cs                  |  60 +++++++--
 .../Data/OwnerReport.cs                       |  36 +++++-
 .../Data/ReportData.cs                        |   4 +-
 .../FWO.Report/Display/NatRuleDisplayHtml.cs  |   1 +
 .../Display/RuleChangeDisplayHtml.cs          |   1 +
 .../FWO.Report/Display/RuleDisplayHtml.cs     |  19 +--
 roles/lib/files/FWO.Report/ReportBase.cs      |  40 +++---
 roles/lib/files/FWO.Report/ReportChanges.cs   |  29 ++---
 .../lib/files/FWO.Report/ReportConnections.cs |  62 ++++++----
 .../lib/files/FWO.Report/ReportDevicesBase.cs |   4 +-
 roles/lib/files/FWO.Report/ReportNatRules.cs  |  10 +-
 .../lib/files/FWO.Report/ReportOwnersBase.cs  |   4 +-
 roles/lib/files/FWO.Report/ReportRules.cs     |  36 +++---
 .../lib/files/FWO.Report/ReportStatistics.cs  |  16 +--
 .../ImportChangeNotifier.cs                   |  22 ++--
 .../FWO.Middleware.Server/RecertCheck.cs      |  14 +--
 .../FWO.Middleware.Server/ReportScheduler.cs  |  19 ++-
 roles/test/files/FWO.Test/ExportTest.cs       | 116 ++++++++----------
 .../ui/files/FWO.UI/Pages/Certification.razor |  12 +-
 .../files/FWO.UI/Pages/Reporting/Report.razor |  42 ++++---
 .../FWO.UI/Pages/Reporting/ReportExport.razor |   9 +-
 .../Reporting/Reports/ChangesReport.razor     |   3 +-
 .../Reporting/Reports/ConnectionsReport.razor |   1 +
 .../Pages/Reporting/Reports/RulesReport.razor |   3 +-
 .../Reporting/Reports/StatisticsReport.razor  |   7 +-
 .../ui/files/FWO.UI/Shared/ObjectGroup.razor  |  30 ++---
 .../FWO.UI/Shared/ObjectGroupCollection.razor |   2 +-
 .../ui/files/FWO.UI/Shared/RightSidebar.razor |  14 +--
 32 files changed, 437 insertions(+), 371 deletions(-)
 create mode 100644 roles/lib/files/FWO.Report/Data/DeviceReport.cs
 rename roles/lib/files/{FWO.Api.Client => FWO.Report}/Data/ManagementReport.cs (74%)
 rename roles/lib/files/{FWO.Api.Client => FWO.Report}/Data/OwnerReport.cs (54%)
 rename roles/lib/files/{FWO.Api.Client => FWO.Report}/Data/ReportData.cs (92%)

diff --git a/roles/lib/files/FWO.Api.Client/Data/Device.cs b/roles/lib/files/FWO.Api.Client/Data/Device.cs
index 8205b7468..067fcfb83 100644
--- a/roles/lib/files/FWO.Api.Client/Data/Device.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/Device.cs
@@ -35,15 +35,6 @@ public class Device
         [JsonProperty("comment"), JsonPropertyName("comment")]
         public string? Comment { get; set; }
 
-        [JsonProperty("rules"), JsonPropertyName("rules")]
-        public Rule[]? Rules { get; set; }
-
-        [JsonProperty("changelog_rules"), JsonPropertyName("changelog_rules")]
-        public RuleChange[]? RuleChanges { get; set; }
-
-        [JsonProperty("rules_aggregate"), JsonPropertyName("rules_aggregate")]
-        public ObjectStatistics RuleStatistics { get; set; } = new ObjectStatistics();
-
         public bool Selected { get; set; } = false;
         public bool Relevant { get; set; }
         public bool AwaitMgmt { get; set; }
@@ -71,22 +62,6 @@ public Device(Device device)
             ActionId = device.ActionId;
         }
 
-        public void AssignRuleNumbers()
-        {
-            if (Rules != null)
-            {
-                int ruleNumber = 1;
-
-                foreach (Rule rule in Rules)
-                {
-                    if (string.IsNullOrEmpty(rule.SectionHeader)) // Not a section header
-                    {
-                        rule.DisplayOrderNumber = ruleNumber++;
-                    }
-                }
-            }
-        }
-
         public bool Sanitize()
         {
             bool shortened = false;
@@ -97,51 +72,5 @@ public bool Sanitize()
             Comment = Sanitizer.SanitizeCommentOpt(Comment, ref shortened);
             return shortened;
         }
-        
-        public bool ContainsRules()
-        {
-            return (Rules != null && Rules.Count()>0);
-        }
-    }
-
-
-    public static class DeviceUtility
-    {
-        // adding rules fetched in slices
-        public static bool Merge(this Device[] devices, Device[] devicesToMerge)
-        {
-            bool newObjects = false;
-
-            for (int i = 0; i < devices.Length && i < devicesToMerge.Length; i++)
-            {
-                if (devices[i].Id == devicesToMerge[i].Id)
-                {
-                    try
-                    {
-                        if (devices[i].Rules != null && devicesToMerge[i].Rules != null && devicesToMerge[i].Rules?.Length > 0)
-                        {
-                            devices[i].Rules = devices[i].Rules?.Concat(devicesToMerge[i].Rules!).ToArray();
-                            newObjects = true;
-                        }
-                        if (devices[i].RuleChanges != null && devicesToMerge[i].RuleChanges != null && devicesToMerge[i].RuleChanges?.Length > 0)
-                        {
-                            devices[i].RuleChanges = devices[i].RuleChanges!.Concat(devicesToMerge[i].RuleChanges!).ToArray();
-                            newObjects = true;
-                        }
-                        if (devices[i].RuleStatistics != null && devicesToMerge[i].RuleStatistics != null)
-                            devices[i].RuleStatistics.ObjectAggregate.ObjectCount += devicesToMerge[i].RuleStatistics.ObjectAggregate.ObjectCount; // correct ??
-                    }
-                    catch (NullReferenceException)
-                    {
-                        throw new ArgumentNullException("Rules is null");
-                    }
-                }
-                else
-                {
-                    throw new NotSupportedException("Devices have to be in the same order in oder to merge.");
-                }
-            }
-            return newObjects;
-        }
     }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/Management.cs b/roles/lib/files/FWO.Api.Client/Data/Management.cs
index f1c7b107e..25454925b 100644
--- a/roles/lib/files/FWO.Api.Client/Data/Management.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/Management.cs
@@ -114,14 +114,6 @@ public string Host()
             return Hostname + ":" + Port;
         }
         
-        public void AssignRuleNumbers()
-        {
-            foreach (Device device in Devices)
-            {
-                device.AssignRuleNumbers();
-            }
-        }
-
         public virtual bool Sanitize()
         {
             bool shortened = false;
@@ -135,10 +127,5 @@ public virtual bool Sanitize()
             CloudTenantId = Sanitizer.SanitizeOpt(CloudTenantId, ref shortened);
             return shortened;
         }
-
-        public string NameAndDeviceNames(string separator = ", ")
-        {
-            return $"{Name} [{string.Join(separator, Array.ConvertAll(Devices, device => device.Name))}]";
-        }
     }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingFilter.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingFilter.cs
index de3650ad3..e4917b1e1 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingFilter.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingFilter.cs
@@ -2,7 +2,12 @@ namespace FWO.Api.Data
 {
     public class ModellingFilter
     {
-        public FwoOwner SelectedOwner {get; set;} = new ();
+        public List<FwoOwner> SelectedOwners {get; set;} = new ();
+        public FwoOwner SelectedOwner 
+        {
+            get { return SelectedOwners.FirstOrDefault() ?? new(); }
+            set { SelectedOwners = new() { value }; }
+        }
 
 
         public ModellingFilter()
@@ -10,7 +15,7 @@ public ModellingFilter()
 
         public ModellingFilter(ModellingFilter modellingFilter)
         {
-            SelectedOwner = modellingFilter.SelectedOwner;
+            SelectedOwners = modellingFilter.SelectedOwners;
         }
     }
 }
diff --git a/roles/lib/files/FWO.Report/Data/DeviceReport.cs b/roles/lib/files/FWO.Report/Data/DeviceReport.cs
new file mode 100644
index 000000000..aaef40b39
--- /dev/null
+++ b/roles/lib/files/FWO.Report/Data/DeviceReport.cs
@@ -0,0 +1,99 @@
+using System.Text.Json.Serialization; 
+using Newtonsoft.Json;
+using FWO.Api.Data;
+
+namespace FWO.Report
+{
+    public class DeviceReport // : Device
+    {
+        [JsonProperty("id"), JsonPropertyName("id")]
+        public int Id { get; set; }
+
+        [JsonProperty("name"), JsonPropertyName("name")]
+        public string? Name { get; set; }
+
+        [JsonProperty("rules"), JsonPropertyName("rules")]
+        public Rule[]? Rules { get; set; }
+
+        [JsonProperty("changelog_rules"), JsonPropertyName("changelog_rules")]
+        public RuleChange[]? RuleChanges { get; set; }
+
+        [JsonProperty("rules_aggregate"), JsonPropertyName("rules_aggregate")]
+        public ObjectStatistics RuleStatistics { get; set; } = new ObjectStatistics();
+
+
+        public DeviceReport()
+        { }
+
+        public DeviceReport(DeviceReport device)
+        {
+            Id = device.Id;
+            Name = device.Name;
+            Rules = device.Rules;
+            RuleChanges = device.RuleChanges;
+            RuleStatistics = device.RuleStatistics;
+        }
+
+        public void AssignRuleNumbers()
+        {
+            if (Rules != null)
+            {
+                int ruleNumber = 1;
+
+                foreach (Rule rule in Rules)
+                {
+                    if (string.IsNullOrEmpty(rule.SectionHeader)) // Not a section header
+                    {
+                        rule.DisplayOrderNumber = ruleNumber++;
+                    }
+                }
+            }
+        }
+        
+        public bool ContainsRules()
+        {
+            return Rules != null && Rules.Count() >0 ;
+        }
+    }
+
+
+    public static class DeviceUtility
+    {
+        // adding rules fetched in slices
+        public static bool Merge(this DeviceReport[] devices, DeviceReport[] devicesToMerge)
+        {
+            bool newObjects = false;
+
+            for (int i = 0; i < devices.Length && i < devicesToMerge.Length; i++)
+            {
+                if (devices[i].Id == devicesToMerge[i].Id)
+                {
+                    try
+                    {
+                        if (devices[i].Rules != null && devicesToMerge[i].Rules != null && devicesToMerge[i].Rules?.Length > 0)
+                        {
+                            devices[i].Rules = devices[i].Rules?.Concat(devicesToMerge[i].Rules!).ToArray();
+                            newObjects = true;
+                        }
+                        if (devices[i].RuleChanges != null && devicesToMerge[i].RuleChanges != null && devicesToMerge[i].RuleChanges?.Length > 0)
+                        {
+                            devices[i].RuleChanges = devices[i].RuleChanges!.Concat(devicesToMerge[i].RuleChanges!).ToArray();
+                            newObjects = true;
+                        }
+                        if (devices[i].RuleStatistics != null && devicesToMerge[i].RuleStatistics != null)
+                            devices[i].RuleStatistics.ObjectAggregate.ObjectCount += devicesToMerge[i].RuleStatistics.ObjectAggregate.ObjectCount; // correct ??
+                    }
+                    catch (NullReferenceException)
+                    {
+                        throw new ArgumentNullException("Rules is null");
+                    }
+                }
+                else
+                {
+                    throw new NotSupportedException("Devices have to be in the same order in oder to merge.");
+                }
+            }
+            return newObjects;
+        }
+    }
+}
diff --git a/roles/lib/files/FWO.Api.Client/Data/ManagementReport.cs b/roles/lib/files/FWO.Report/Data/ManagementReport.cs
similarity index 74%
rename from roles/lib/files/FWO.Api.Client/Data/ManagementReport.cs
rename to roles/lib/files/FWO.Report/Data/ManagementReport.cs
index 36beefa0c..08bf5b180 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ManagementReport.cs
+++ b/roles/lib/files/FWO.Report/Data/ManagementReport.cs
@@ -1,27 +1,42 @@
 using Newtonsoft.Json;
 using System.Text.Json.Serialization;
+using FWO.Api.Data;
 
-namespace FWO.Api.Data
+namespace FWO.Report
 {
-    public class ManagementReport : Management
+    public class ManagementReport
     {
+        [JsonProperty("id"), JsonPropertyName("id")]
+        public int Id { get; set; }
+
+        [JsonProperty("name"), JsonPropertyName("name")]
+        public string Name { get; set; } = "";
+
+        [JsonProperty("devices"), JsonPropertyName("devices")]
+        public DeviceReport[] Devices { get; set; } = Array.Empty<DeviceReport>();
+
+        [JsonProperty("import"), JsonPropertyName("import")]
+        public Import Import { get; set; } = new Import();
+
+        public long? RelevantImportId { get; set; }
+
         [JsonProperty("networkObjects"), JsonPropertyName("networkObjects")]
-        public NetworkObject[] Objects { get; set; } = new NetworkObject[]{};
+        public NetworkObject[] Objects { get; set; } = Array.Empty<NetworkObject>();
 
         [JsonProperty("serviceObjects"), JsonPropertyName("serviceObjects")]
-        public NetworkService[] Services { get; set; } = new NetworkService[]{};
+        public NetworkService[] Services { get; set; } = Array.Empty<NetworkService>();
 
         [JsonProperty("userObjects"), JsonPropertyName("userObjects")]
-        public NetworkUser[] Users { get; set; } = new NetworkUser[]{};
+        public NetworkUser[] Users { get; set; } = Array.Empty<NetworkUser>();
 
         [JsonProperty("reportNetworkObjects"), JsonPropertyName("reportNetworkObjects")]
-        public NetworkObject[] ReportObjects { get; set; } = new NetworkObject[]{};
+        public NetworkObject[] ReportObjects { get; set; } = Array.Empty<NetworkObject>();
 
         [JsonProperty("reportServiceObjects"), JsonPropertyName("reportServiceObjects")]
-        public NetworkService[] ReportServices { get; set; } = new NetworkService[]{};
+        public NetworkService[] ReportServices { get; set; } = Array.Empty<NetworkService>();
 
         [JsonProperty("reportUserObjects"), JsonPropertyName("reportUserObjects")]
-        public NetworkUser[] ReportUsers { get; set; } = new NetworkUser[]{};
+        public NetworkUser[] ReportUsers { get; set; } = Array.Empty<NetworkUser>();
 
 
         //[JsonProperty("rule_id"), JsonPropertyName("rule_id")]
@@ -40,11 +55,24 @@ public class ManagementReport : Management
         [JsonProperty("rules_aggregate"), JsonPropertyName("rules_aggregate")]
         public ObjectStatistics RuleStatistics { get; set; } = new ObjectStatistics();
 
+        public bool Ignore { get; set; }
+
+
         public ManagementReport()
         {}
 
-        public ManagementReport(ManagementReport managementReport) : base(managementReport)
+        public ManagementReport(ManagementReport managementReport)
         {
+            Id = managementReport.Id;
+            Name = managementReport.Name;
+            Devices = managementReport.Devices;
+            Import = managementReport.Import;
+            if (managementReport.Import != null && managementReport.Import.ImportAggregate != null &&
+                managementReport.Import.ImportAggregate.ImportAggregateMax != null &&
+                managementReport.Import.ImportAggregate.ImportAggregateMax.RelevantImportId != null)
+            {
+                RelevantImportId = managementReport.Import.ImportAggregate.ImportAggregateMax.RelevantImportId;
+            }
             Objects = managementReport.Objects;
             Services = managementReport.Services;
             Users = managementReport.Users;
@@ -57,12 +85,20 @@ public ManagementReport(ManagementReport managementReport) : base(managementRepo
             ServiceObjectStatistics = managementReport.ServiceObjectStatistics;
             UserObjectStatistics = managementReport.UserObjectStatistics;
             RuleStatistics = managementReport.RuleStatistics;
+            Ignore = managementReport.Ignore;
+        }
+
+        public void AssignRuleNumbers()
+        {
+            foreach (var device in Devices)
+            {
+                device.AssignRuleNumbers();
+            }
         }
 
-        public override bool Sanitize()
+        public string NameAndDeviceNames(string separator = ", ")
         {
-            bool shortened = base.Sanitize();
-            return shortened;
+            return $"{Name} [{string.Join(separator, Array.ConvertAll(Devices, device => device.Name))}]";
         }
     }
 
diff --git a/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs b/roles/lib/files/FWO.Report/Data/OwnerReport.cs
similarity index 54%
rename from roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs
rename to roles/lib/files/FWO.Report/Data/OwnerReport.cs
index f5fb054d1..c602d486c 100644
--- a/roles/lib/files/FWO.Api.Client/Data/OwnerReport.cs
+++ b/roles/lib/files/FWO.Report/Data/OwnerReport.cs
@@ -1,9 +1,14 @@
-namespace FWO.Api.Data
+using FWO.Api.Data;
+
+namespace FWO.Report
 {
     public class OwnerReport
     {
         public string Name = "";
         public List<ModellingConnection> Connections { get; set; } = new ();
+        public List<ModellingConnection> RegularConnections { get; set; } = new ();
+        public List<ModellingConnection> Interfaces { get; set; } = new ();
+        public List<ModellingConnection> CommonServices { get; set; } = new ();
 
         public OwnerReport()
         {}
@@ -14,10 +19,10 @@ public OwnerReport(OwnerReport report)
             Connections = new (report.Connections);
         }
 
-        public void AssignConnectionNumbers()
+        public static void AssignConnectionNumbers(List<ModellingConnection> connections)
         {
             int connNumber = 1;
-            foreach (var conn in Connections)
+            foreach (var conn in connections)
             {
                 conn.OrderNumber = connNumber++;
             }
@@ -49,8 +54,8 @@ public List<NetworkObject> GetAllNetworkObjects()
                     objList.Add(objGrp.Content.ToNetworkObjectGroup());
                 }
                 allObjects = allObjects.Union(objList).ToList();
-                allObjects = allObjects.Union(Array.ConvertAll(GetAllAppServers().ToArray(), x => ModellingAppServer.ToNetworkObject(x)).ToList()).ToList();
             }
+            allObjects = allObjects.Union(Array.ConvertAll(GetAllAppServers().ToArray(), x => ModellingAppServer.ToNetworkObject(x)).ToList()).ToList();
             return allObjects;
 
         }
@@ -70,5 +75,28 @@ public List<NetworkService> GetAllServices()
             }
             return allServices;
         }
+
+        public static List<string> GetSrcNames(ModellingConnection conn)
+        {
+            List<string> names = ModellingNwGroupWrapper.Resolve(conn.SourceNwGroups).ToList().ConvertAll(s => s.DisplayHtml());
+            names.AddRange(ModellingAppRoleWrapper.Resolve(conn.SourceAppRoles).ToList().ConvertAll(s => s.DisplayHtml()));
+            names.AddRange(ModellingAppServerWrapper.Resolve(conn.SourceAppServers).ToList().ConvertAll(s => s.DisplayHtml()));
+            return names;
+        }
+        
+        public static List<string> GetDstNames(ModellingConnection conn)
+        {
+            List<string> names = ModellingNwGroupWrapper.Resolve(conn.DestinationNwGroups).ToList().ConvertAll(s => s.DisplayHtml());
+            names.AddRange(ModellingAppRoleWrapper.Resolve(conn.DestinationAppRoles).ToList().ConvertAll(s => s.DisplayHtml()));
+            names.AddRange(ModellingAppServerWrapper.Resolve(conn.DestinationAppServers).ToList().ConvertAll(s => s.DisplayHtml()));
+            return names;
+        }
+
+        public static List<string> GetSvcNames(ModellingConnection conn)
+        {
+            List<string> names = ModellingServiceGroupWrapper.Resolve(conn.ServiceGroups).ToList().ConvertAll(s => s.DisplayHtml());
+            names.AddRange(ModellingServiceWrapper.Resolve(conn.Services).ToList().ConvertAll(s => s.DisplayHtml()));
+            return names;
+        }
     }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/ReportData.cs b/roles/lib/files/FWO.Report/Data/ReportData.cs
similarity index 92%
rename from roles/lib/files/FWO.Api.Client/Data/ReportData.cs
rename to roles/lib/files/FWO.Report/Data/ReportData.cs
index 52e86e152..d41fd6528 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ReportData.cs
+++ b/roles/lib/files/FWO.Report/Data/ReportData.cs
@@ -1,4 +1,6 @@
-namespace FWO.Api.Data
+using FWO.Api.Data;
+
+namespace FWO.Report
 {
     public class ReportData
     {
diff --git a/roles/lib/files/FWO.Report/Display/NatRuleDisplayHtml.cs b/roles/lib/files/FWO.Report/Display/NatRuleDisplayHtml.cs
index 3a73385f7..fc78fa81e 100644
--- a/roles/lib/files/FWO.Report/Display/NatRuleDisplayHtml.cs
+++ b/roles/lib/files/FWO.Report/Display/NatRuleDisplayHtml.cs
@@ -1,6 +1,7 @@
 using FWO.Api.Data;
 using FWO.Config.Api;
 using System.Text;
+using FWO.Report;
 using FWO.Report.Filter;
 
 namespace FWO.Ui.Display
diff --git a/roles/lib/files/FWO.Report/Display/RuleChangeDisplayHtml.cs b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayHtml.cs
index 6ebd167e4..7b36a96e3 100644
--- a/roles/lib/files/FWO.Report/Display/RuleChangeDisplayHtml.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayHtml.cs
@@ -1,6 +1,7 @@
 using FWO.Api.Data;
 using FWO.Logging;
 using FWO.Config.Api;
+using FWO.Report;
 using FWO.Report.Filter;
 
 namespace FWO.Ui.Display
diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs
index c84f0d2b0..b525f7437 100644
--- a/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs
@@ -6,13 +6,6 @@
 
 namespace FWO.Ui.Display
 {
-    public enum OutputLocation
-    {
-        export,
-        report,
-        certification
-    }
-
     public class RuleDisplayHtml: RuleDisplayBase
     {
         public RuleDisplayHtml(UserConfig userConfig) : base(userConfig)
@@ -92,26 +85,20 @@ public string DisplayLastRecertifier(Rule rule)
             return string.Join("", Array.ConvertAll<Recertification, string>(rule.Metadata.RuleRecertification.ToArray(), recert => getLastRecertifierDisplayString(countString(rule.Metadata.RuleRecertification.Count > 1, ++count), recert).ToString()));
         }
 
-        protected string ConstructLink(string type, string symbol, long id, string name, OutputLocation location, int mgmtId, string style, ReportType reportType = ReportType.Rules)
-        {
-            string link = location == OutputLocation.export ? $"#" : $"{location}/generation#goto-report-m{mgmtId}-";
-            return $"<span class=\"{symbol}\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"{link}{type}{id}\" target=\"_top\" style=\"{style}\">{name}</a>";
-        }
-
         protected string NetworkLocationToHtml(NetworkLocation networkLocation, int mgmtId, OutputLocation location, string style, ReportType reportType)
         {
             return DisplayNetworkLocation(networkLocation, reportType, 
                 reportType.IsResolvedReport() || networkLocation.User == null ? null :
-                ConstructLink("user", ReportBase.GetIconClass(ObjCategory.user, networkLocation.User?.Type.Name), networkLocation.User!.Id, networkLocation.User.Name, location, mgmtId, style, reportType),
+                ReportBase.ConstructLink("user", ReportBase.GetIconClass(ObjCategory.user, networkLocation.User?.Type.Name), networkLocation.User!.Id, networkLocation.User.Name, location, mgmtId, style),
                 reportType.IsResolvedReport() ? null :
-                ConstructLink("nwobj", ReportBase.GetIconClass(ObjCategory.nobj, networkLocation.Object.Type.Name), networkLocation.Object.Id, networkLocation.Object.Name, location, mgmtId, style, reportType)
+                ReportBase.ConstructLink("nwobj", ReportBase.GetIconClass(ObjCategory.nobj, networkLocation.Object.Type.Name), networkLocation.Object.Id, networkLocation.Object.Name, location, mgmtId, style)
                 ).ToString();
         }
 
         protected string ServiceToHtml(NetworkService service, int mgmtId, OutputLocation location, string style, ReportType reportType)
         {
             return DisplayService(service, reportType, reportType.IsResolvedReport() ? null : 
-                ConstructLink("svc", ReportBase.GetIconClass(ObjCategory.nsrv, service.Type.Name), service.Id, service.Name, location, mgmtId, style, reportType)).ToString();
+                ReportBase.ConstructLink("svc", ReportBase.GetIconClass(ObjCategory.nsrv, service.Type.Name), service.Id, service.Name, location, mgmtId, style)).ToString();
         }
 
         private string DisplaySourceOrDestination(Rule rule, OutputLocation location, ReportType reportType, string style, bool isSource)
diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index eaf750fd1..688ba5b6e 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -22,8 +22,14 @@ public enum ObjCategory
         all = 0,
         nobj = 1, 
         nsrv = 2, 
-        user = 3 //,
-        // appSvc = 4
+        user = 3
+    }
+
+    public enum OutputLocation
+    {
+        export,
+        report,
+        certification
     }
 
     public abstract class ReportBase
@@ -70,7 +76,7 @@ public abstract class ReportBase
         public readonly DynGraphqlQuery Query;
         protected UserConfig userConfig;
         public ReportType ReportType;
-        public ReportData ReportData;
+        public ReportData ReportData = new();
 
         protected string htmlExport = "";
 
@@ -86,27 +92,11 @@ public ReportBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType repor
             ReportType = reportType;
         }
 
-        public virtual Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback, CancellationToken ct)
-        {
-            throw new NotImplementedException();
-        }
-
-        public virtual Task GenerateCon(int _, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback, CancellationToken ct)
-        {
-            throw new NotImplementedException();
-        }
-
-        public virtual Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback) // to be called when exporting
-        {
-            throw new NotImplementedException();
-        }
+        public abstract Task Generate(int rulesPerFetch, ApiConnection apiConnection, Func<ReportData, Task> callback, CancellationToken ct);
 
-        public virtual Task<bool> GetConObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback) // to be called when exporting
-        {
-            throw new NotImplementedException();
-        }
+        public abstract Task<bool> GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ReportData, Task> callback); // to be called when exporting
 
-        public virtual Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
+        public virtual Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ReportData, Task> callback)
         {
             throw new NotImplementedException();
         }
@@ -188,6 +178,12 @@ protected string GenerateHtmlFrame(string title, string filter, DateTime date, S
             return htmlExport;
         }
 
+        public static string ConstructLink(string type, string symbol, long id, string name, OutputLocation location, int mgmtId, string style)
+        {
+            string link = location == OutputLocation.export ? $"#" : $"{location}/generation#goto-report-m{mgmtId}-";
+            return $"<span class=\"{symbol}\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"{link}{type}{id}\" target=\"_top\" style=\"{style}\">{name}</a>";
+        }
+
         public static string ToUtcString(string? timestring)
         {
             try
diff --git a/roles/lib/files/FWO.Report/ReportChanges.cs b/roles/lib/files/FWO.Report/ReportChanges.cs
index edc05b0c9..531a85201 100644
--- a/roles/lib/files/FWO.Report/ReportChanges.cs
+++ b/roles/lib/files/FWO.Report/ReportChanges.cs
@@ -7,6 +7,7 @@
 using FWO.Logging;
 using System.Text.Json;
 using Newtonsoft.Json;
+
 namespace FWO.Report
 {
     public class ReportChanges : ReportDevicesBase
@@ -15,7 +16,7 @@ public class ReportChanges : ReportDevicesBase
 
         public ReportChanges(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
 
-        public override async Task GenerateMgt(int changesPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback, CancellationToken ct)
+        public override async Task Generate(int changesPerFetch, ApiConnection apiConnection, Func<ReportData, Task> callback, CancellationToken ct)
         {
             Query.QueryVariables["limit"] = changesPerFetch;
             Query.QueryVariables["offset"] = 0;
@@ -32,19 +33,19 @@ public override async Task GenerateMgt(int changesPerFetch, ApiConnection apiCon
                 }
                 Query.QueryVariables["offset"] = (int)Query.QueryVariables["offset"] + changesPerFetch;
                 gotNewObjects = ReportData.ManagementData.Merge(await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables));
-                await callback(ReportData.ManagementData);
+                await callback(ReportData);
             }
         }
 
-        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
+        public override async Task<bool> GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ReportData, Task> callback)
         {
-            await callback(ReportData.ManagementData);
+            await callback(ReportData);
             // currently no further objects to be fetched
             GotObjectsInReport = true;
             return true;
         }
 
-        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
+        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ReportData, Task> callback)
         {
             throw new NotImplementedException();
         }
@@ -58,7 +59,7 @@ public override string SetDescription()
                     Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0)))
             {
                 managementCounter++;
-                foreach (Device device in management.Devices.Where(dev => dev.RuleChanges != null && dev.RuleChanges.Length > 0))
+                foreach (var device in management.Devices.Where(dev => dev.RuleChanges != null && dev.RuleChanges.Length > 0))
                 {
                     deviceCounter++;
                     ruleChangeCounter += device.RuleChanges!.Length;
@@ -80,11 +81,11 @@ public override string ExportToCsv()
                 foreach (var management in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                         Array.Exists(mgt.Devices, device => device.RuleChanges != null && device.RuleChanges.Length > 0)))
                 {
-                    foreach (Device gateway in management.Devices)
+                    foreach (var gateway in management.Devices)
                     {
                         if (gateway.RuleChanges != null && gateway.RuleChanges.Length > 0)
                         {
-                            foreach (RuleChange ruleChange in gateway.RuleChanges)
+                            foreach (var ruleChange in gateway.RuleChanges)
                             {
                                 report.Append(ruleChangeDisplayCsv.OutputCsv(management.Name));
                                 report.Append(ruleChangeDisplayCsv.OutputCsv(gateway.Name));
@@ -126,7 +127,7 @@ public override string ExportToHtml()
                 report.AppendLine($"<h3>{management.Name}</h3>");
                 report.AppendLine("<hr>");
 
-                foreach (Device device in management.Devices)
+                foreach (var device in management.Devices)
                 {
                     report.AppendLine($"<h4>{device.Name}</h4>");
                     report.AppendLine("<hr>");
@@ -150,7 +151,7 @@ public override string ExportToHtml()
 
                     if (device.RuleChanges != null)
                     {
-                        foreach (RuleChange ruleChange in device.RuleChanges)
+                        foreach (var ruleChange in device.RuleChanges)
                         {
                             report.AppendLine("<tr>");
                             report.AppendLine($"<td>{ruleChangeDisplayHtml.DisplayChangeTime(ruleChange)}</td>");
@@ -210,12 +211,12 @@ private string ExportResolvedChangesToJson()
             {
                 report.AppendLine($"{{\"{management.Name}\": {{");
                 report.AppendLine($"\"gateways\": [");
-                foreach (Device gateway in management.Devices)
+                foreach (var gateway in management.Devices)
                 {
                     if (gateway.RuleChanges != null && gateway.RuleChanges.Length > 0)
                     {
                         report.Append($"{{\"{gateway.Name}\": {{\n\"rule changes\": [");
-                        foreach (RuleChange ruleChange in gateway.RuleChanges)
+                        foreach (var ruleChange in gateway.RuleChanges)
                         {
                             report.Append("{");
                             report.Append(ruleChangeDisplayJson.DisplayChangeTime(ruleChange));
@@ -253,9 +254,9 @@ private string ExportResolvedChangesToJson()
             report.Append("}"); // EO top
 
             dynamic? json = JsonConvert.DeserializeObject(report.ToString());
-            JsonSerializerSettings settings = new JsonSerializerSettings();
+            JsonSerializerSettings settings = new ();
             settings.Formatting = Formatting.Indented;
-            return Newtonsoft.Json.JsonConvert.SerializeObject(json, settings);            
+            return JsonConvert.SerializeObject(json, settings);            
         }
     }
 }
diff --git a/roles/lib/files/FWO.Report/ReportConnections.cs b/roles/lib/files/FWO.Report/ReportConnections.cs
index de31d0275..3dfb31aad 100644
--- a/roles/lib/files/FWO.Report/ReportConnections.cs
+++ b/roles/lib/files/FWO.Report/ReportConnections.cs
@@ -11,14 +11,13 @@ public class ReportConnections : ReportOwnersBase
     {
         public ReportConnections(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) { }
 
-        public override async Task GenerateCon(int connectionsPerFetch, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback, CancellationToken ct)
+        public override async Task Generate(int connectionsPerFetch, ApiConnection apiConnection, Func<ReportData, Task> callback, CancellationToken ct)
         {
-            List<ModellingConnection> conns = new();
             // Query.QueryVariables["limit"] = connectionsPerFetch;
             // Query.QueryVariables["offset"] = 0;
             // bool gotNewObjects = true;
 
-            conns = await apiConnection.SendQueryAsync<List<ModellingConnection>>(Query.FullQuery, Query.QueryVariables);
+            List<ModellingConnection> conns = await apiConnection.SendQueryAsync<List<ModellingConnection>>(Query.FullQuery, Query.QueryVariables);
 
             // while (gotNewObjects)
             // {
@@ -32,15 +31,16 @@ public override async Task GenerateCon(int connectionsPerFetch, ApiConnection ap
             //     gotNewObjects = newConnections.Count > 0;
             //     ReportData.OwnerData.Connections.AddRange(newConnections);
 
-            await callback(conns);
+            ReportData reportData = new() { OwnerData = new() { new(){ Connections = conns } } };
+            await callback(reportData);
 
             // }
             //ReportData.OwnerData.Add(new(){ Connections = conns });
         }
 
-        public override async Task<bool> GetConObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ModellingConnection>, Task> callback)
+        public override async Task<bool> GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ReportData, Task> callback)
         {
-            await callback (ReportData.OwnerData[0].Connections);
+            await callback (ReportData);
             // currently no further objects to be fetched
             GotObjectsInReport = true;
             return true;
@@ -51,30 +51,48 @@ public override string ExportToHtml()
             StringBuilder report = new ();
             foreach (var ownerReport in ReportData.OwnerData)
             {
-                ownerReport.AssignConnectionNumbers();
-
-
                 report.AppendLine($"<h3>{ownerReport.Name}</h3>");
-                report.AppendLine("<hr>");
-                report.AppendLine("<table>");
-                AppendConnectionHeadlineHtml(ref report);
-                foreach (var connection in ownerReport.Connections)
+                if(ownerReport.RegularConnections.Count > 0)
                 {
-                    report.AppendLine("<tr>");
-                    report.AppendLine($"<td>{connection.OrderNumber}</td>");
-                    report.AppendLine($"<td>{connection.Id}</td>");
-                    report.AppendLine($"<td>{connection.Name}</td>");
-                    report.AppendLine($"<td>{connection.Reason}</td>");
-
-
+                    report.AppendLine($"<h4>{userConfig.GetText("connections")}</h4>");
+                    AppendConnectionsGroupHtml(ownerReport.RegularConnections, ref report);
+                }
+                if(ownerReport.Interfaces.Count > 0)
+                {
+                    report.AppendLine($"<h4>{userConfig.GetText("interfaces")}</h4>");
+                    AppendConnectionsGroupHtml(ownerReport.Interfaces, ref report);
+                }
+                if(ownerReport.CommonServices.Count > 0)
+                {
+                    report.AppendLine($"<h4>{userConfig.GetText("common_services")}</h4>");
+                    AppendConnectionsGroupHtml(ownerReport.CommonServices, ref report);
                 }
 
-                // show all objects used in this management's rules
+                // show all objects used
             }
-
             return GenerateHtmlFrame(userConfig.GetText(ReportType.ToString()), Query.RawFilter, DateTime.Now, report);
         }
 
+        private void AppendConnectionsGroupHtml(List<ModellingConnection> connections, ref StringBuilder report)
+        {
+            OwnerReport.AssignConnectionNumbers(connections);
+            report.AppendLine("<table>");
+            AppendConnectionHeadlineHtml(ref report);
+            foreach (var connection in connections)
+            {
+                report.AppendLine("<tr>");
+                report.AppendLine($"<td>{connection.OrderNumber}</td>");
+                report.AppendLine($"<td>{connection.Id}</td>");
+                report.AppendLine($"<td>{connection.Name}</td>");
+                report.AppendLine($"<td>{connection.Reason}</td>");
+                report.AppendLine($"<td>{String.Join("<br>", OwnerReport.GetSrcNames(connection))}</td>");
+                report.AppendLine($"<td>{String.Join("<br>", OwnerReport.GetSvcNames(connection))}</td>");
+                report.AppendLine($"<td>{String.Join("<br>", OwnerReport.GetDstNames(connection))}</td>");
+            }
+            report.AppendLine("</table>");
+            report.AppendLine("<hr>");
+        }
+
         private void AppendConnectionHeadlineHtml(ref StringBuilder report)
         {
             report.AppendLine("<tr>");
diff --git a/roles/lib/files/FWO.Report/ReportDevicesBase.cs b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
index bfc591b25..29834f720 100644
--- a/roles/lib/files/FWO.Report/ReportDevicesBase.cs
+++ b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
@@ -12,12 +12,12 @@ public abstract class ReportDevicesBase : ReportBase
         public ReportDevicesBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType reportType) : base (query, UserConfig, reportType)
         {}
 
-        public async Task<List<Management>> getRelevantImportIds(ApiConnection apiConnection)
+        public async Task<List<ManagementReport>> getRelevantImportIds(ApiConnection apiConnection)
         {
             Dictionary<string, object> ImpIdQueryVariables = new ();
             ImpIdQueryVariables["time"] = Query.ReportTimeString != "" ? Query.ReportTimeString : DateTime.Now.ToString(DynGraphqlQuery.fullTimeFormat);
             ImpIdQueryVariables["mgmIds"] = Query.RelevantManagementIds;
-            return await apiConnection.SendQueryAsync<List<Management>>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables);
+            return await apiConnection.SendQueryAsync<List<ManagementReport>>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables);
         }
 
         public static async Task<(List<string> unsupportedList, DeviceFilter reducedDeviceFilter)> GetUsageDataUnsupportedDevices(ApiConnection apiConnection, DeviceFilter deviceFilter)
diff --git a/roles/lib/files/FWO.Report/ReportNatRules.cs b/roles/lib/files/FWO.Report/ReportNatRules.cs
index a9d66130d..0e5fadc1b 100644
--- a/roles/lib/files/FWO.Report/ReportNatRules.cs
+++ b/roles/lib/files/FWO.Report/ReportNatRules.cs
@@ -22,7 +22,7 @@ public override string ExportToHtml()
                 report.AppendLine($"<h3>{managementReport.Name}</h3>");
                 report.AppendLine("<hr>");
 
-                foreach (Device device in managementReport.Devices)
+                foreach (var device in managementReport.Devices)
                 {
                     if (device.Rules != null && device.Rules.Length > 0)
                     {
@@ -46,7 +46,7 @@ public override string ExportToHtml()
                         report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                         report.AppendLine("</tr>");
 
-                        foreach (Rule rule in device.Rules)
+                        foreach (var rule in device.Rules)
                         {
                             if (string.IsNullOrEmpty(rule.SectionHeader))
                             {
@@ -95,7 +95,7 @@ public override string ExportToHtml()
                     report.AppendLine($"<th>{userConfig.GetText("uid")}</th>");
                     report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                     report.AppendLine("</tr>");
-                    foreach (NetworkObject nwobj in managementReport.ReportObjects)
+                    foreach (var nwobj in managementReport.ReportObjects)
                     {
                         report.AppendLine("<tr>");
                         report.AppendLine($"<td>{objNumber++}</td>");
@@ -129,7 +129,7 @@ public override string ExportToHtml()
                     report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                     report.AppendLine("</tr>");
                     objNumber = 1;
-                    foreach (NetworkService svcobj in managementReport.ReportServices)
+                    foreach (var svcobj in managementReport.ReportServices)
                     {
                         report.AppendLine("<tr>");
                         report.AppendLine($"<td>{objNumber++}</td>");
@@ -165,7 +165,7 @@ public override string ExportToHtml()
                     report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                     report.AppendLine("</tr>");
                     objNumber = 1;
-                    foreach (NetworkUser userobj in managementReport.ReportUsers)
+                    foreach (var userobj in managementReport.ReportUsers)
                     {
                         report.AppendLine("<tr>");
                         report.AppendLine($"<td>{objNumber++}</td>");
diff --git a/roles/lib/files/FWO.Report/ReportOwnersBase.cs b/roles/lib/files/FWO.Report/ReportOwnersBase.cs
index 33f3e4090..d352d32d2 100644
--- a/roles/lib/files/FWO.Report/ReportOwnersBase.cs
+++ b/roles/lib/files/FWO.Report/ReportOwnersBase.cs
@@ -13,7 +13,7 @@ public ReportOwnersBase(DynGraphqlQuery query, UserConfig userConfig, ReportType
 
         public override string ExportToJson()
         {
-            return JsonSerializer.Serialize(ReportData.OwnerData, new JsonSerializerOptions { WriteIndented = true });;
+            return JsonSerializer.Serialize(ReportData.OwnerData, new JsonSerializerOptions { WriteIndented = true });
         }
 
         public override string ExportToCsv()
@@ -28,7 +28,7 @@ public override string SetDescription()
 
         protected string GenerateHtmlFrame(string title, string filter, DateTime date, StringBuilder htmlReport)
         {
-            return GenerateHtmlFrame(title, filter, date, htmlReport, null, string.Join("; ", Array.ConvertAll(ReportData.OwnerData.ToArray(), m => m.Name)));
+            return GenerateHtmlFrame(title, filter, date, htmlReport, null, string.Join("; ", Array.ConvertAll(ReportData.OwnerData.ToArray(), o => o.Name)));
         }
     }
 }
diff --git a/roles/lib/files/FWO.Report/ReportRules.cs b/roles/lib/files/FWO.Report/ReportRules.cs
index 0d0078d89..c9d30baaf 100644
--- a/roles/lib/files/FWO.Report/ReportRules.cs
+++ b/roles/lib/files/FWO.Report/ReportRules.cs
@@ -17,13 +17,13 @@ public class ReportRules : ReportDevicesBase
 
         public ReportRules(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
 
-        public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback, CancellationToken ct)
+        public override async Task Generate(int rulesPerFetch, ApiConnection apiConnection, Func<ReportData, Task> callback, CancellationToken ct)
         {
             Query.QueryVariables["limit"] = rulesPerFetch;
             Query.QueryVariables["offset"] = 0;
             bool gotNewObjects = true;
 
-            List<Management> managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
+            List<ManagementReport> managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
 
             ReportData.ManagementData = new ();
             foreach(var management in managementsWithRelevantImportId)
@@ -60,12 +60,12 @@ public override async Task GenerateMgt(int rulesPerFetch, ApiConnection apiConne
                         gotNewObjects |= mgtToFill.Merge((await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables))[0]);
                     }
                 }
-                await callback(ReportData.ManagementData);
+                await callback(ReportData);
             }
             SetReportedRuleIds();
         }
 
-        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback) // to be called when exporting
+        public override async Task<bool> GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ReportData, Task> callback) // to be called when exporting
         {
             bool gotAllObjects = true; //whether the fetch count limit was reached during fetching
 
@@ -93,7 +93,7 @@ public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiC
             return gotAllObjects;
         }
 
-        public override async Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
+        public override async Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ReportData, Task> callback)
         {
             if (!objQueryVariables.ContainsKey("mgmIds") || !objQueryVariables.ContainsKey("limit") || !objQueryVariables.ContainsKey("offset"))
                 throw new ArgumentException("Given objQueryVariables dictionary does not contain variable for management id, limit or offset");
@@ -144,7 +144,7 @@ public override async Task<bool> GetObjectsForManagementInReport(Dictionary<stri
 
                 objQueryVariables["offset"] = (int)objQueryVariables["offset"] + elementsPerFetch;
 
-                await callback(ReportData.ManagementData);
+                await callback(ReportData);
             }
 
             Log.WriteDebug("Lazy Fetch", $"Fetched sidebar objects in {fetchCount - 1} cycle(s) ({elementsPerFetch} at a time)");
@@ -161,7 +161,7 @@ public override string SetDescription()
                     Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0)))
             {
                 managementCounter++;
-                foreach (Device device in managementReport.Devices.Where(dev => dev.Rules != null && dev.Rules.Length > 0))
+                foreach (var device in managementReport.Devices.Where(dev => dev.Rules != null && dev.Rules.Length > 0))
                 {
                     deviceCounter++;
                     ruleCounter += device.Rules!.Length;
@@ -174,7 +174,7 @@ private void SetReportedRuleIds()
         {
             foreach (var mgt in ReportData.ManagementData)
             {
-                foreach (Device dev in mgt.Devices.Where(d => (d.Rules != null && d.Rules.Length > 0)))
+                foreach (var dev in mgt.Devices.Where(d => (d.Rules != null && d.Rules.Length > 0)))
                 {
                     foreach (Rule rule in dev.Rules)
                     {
@@ -198,11 +198,11 @@ public override string ExportToCsv()
                 foreach (var managementReport in ReportData.ManagementData.Where(mgt => !mgt.Ignore && mgt.Devices != null &&
                         Array.Exists(mgt.Devices, device => device.Rules != null && device.Rules.Length > 0)))
                 {
-                    foreach (Device gateway in managementReport.Devices)
+                    foreach (var gateway in managementReport.Devices)
                     {
                         if (gateway.Rules != null && gateway.Rules.Length > 0)
                         {
-                            foreach (Rule rule in gateway.Rules)
+                            foreach (var rule in gateway.Rules)
                             {
                                 if (string.IsNullOrEmpty(rule.SectionHeader))
                                 {
@@ -269,12 +269,12 @@ private string ExportResolvedRulesToJson()
             {
                 report.AppendLine($"{{\"{managementReport.Name}\": {{");
                 report.AppendLine($"\"gateways\": [");
-                foreach (Device gateway in managementReport.Devices)
+                foreach (var gateway in managementReport.Devices)
                 {
                     if (gateway.Rules != null && gateway.Rules.Length > 0)
                     {
                         report.Append($"{{\"{gateway.Name}\": {{\n\"rules\": [");
-                        foreach (Rule rule in gateway.Rules)
+                        foreach (var rule in gateway.Rules)
                         {
                             report.Append("{");
                             if (string.IsNullOrEmpty(rule.SectionHeader))
@@ -336,7 +336,7 @@ public override string ExportToHtml()
                 report.AppendLine($"<h3>{managementReport.Name}</h3>");
                 report.AppendLine("<hr>");
 
-                foreach (Device device in managementReport.Devices)
+                foreach (var device in managementReport.Devices)
                 {
                     if (device.Rules != null && device.Rules.Length > 0)
                     {
@@ -380,7 +380,7 @@ private void appendRuleHeadlineHtml(ref StringBuilder report)
             report.AppendLine("</tr>");
         }
 
-        private void appendRulesForDeviceHtml(ref StringBuilder report, Device device, RuleDisplayHtml ruleDisplayHtml)
+        private void appendRulesForDeviceHtml(ref StringBuilder report, DeviceReport device, RuleDisplayHtml ruleDisplayHtml)
         {
             if (device.ContainsRules())
             {
@@ -388,7 +388,7 @@ private void appendRulesForDeviceHtml(ref StringBuilder report, Device device, R
                 report.AppendLine("<hr>");
                 report.AppendLine("<table>");
                 appendRuleHeadlineHtml(ref report);
-                foreach (Rule rule in device.Rules!)
+                foreach (var rule in device.Rules!)
                 {
                     if (string.IsNullOrEmpty(rule.SectionHeader))
                     {
@@ -453,7 +453,7 @@ private void appendNetworkObjectsForManagementHtml(ref StringBuilder report, ref
                 report.AppendLine($"<th>{userConfig.GetText("uid")}</th>");
                 report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                 report.AppendLine("</tr>");
-                foreach (NetworkObject nwobj in managementReport.ReportObjects)
+                foreach (var nwobj in managementReport.ReportObjects)
                 {
                     report.AppendLine("<tr>");
                     report.AppendLine($"<td>{objNumber++}</td>");
@@ -490,7 +490,7 @@ private void appendNetworkServicesForManagementHtml(ref StringBuilder report, re
                 report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                 report.AppendLine("</tr>");
                 objNumber = 1;
-                foreach (NetworkService svcobj in managementReport.ReportServices)
+                foreach (var svcobj in managementReport.ReportServices)
                 {
                     report.AppendLine("<tr>");
                     report.AppendLine($"<td>{objNumber++}</td>");
@@ -529,7 +529,7 @@ private void appendUsersForManagementHtml(ref StringBuilder report, ref int objN
                 report.AppendLine($"<th>{userConfig.GetText("comment")}</th>");
                 report.AppendLine("</tr>");
                 objNumber = 1;
-                foreach (NetworkUser userobj in managementReport.ReportUsers)
+                foreach (var userobj in managementReport.ReportUsers)
                 {
                     report.AppendLine("<tr>");
                     report.AppendLine($"<td>{objNumber++}</td>");
diff --git a/roles/lib/files/FWO.Report/ReportStatistics.cs b/roles/lib/files/FWO.Report/ReportStatistics.cs
index dd8208daa..5d8b30e13 100644
--- a/roles/lib/files/FWO.Report/ReportStatistics.cs
+++ b/roles/lib/files/FWO.Report/ReportStatistics.cs
@@ -16,13 +16,13 @@ public class ReportStatistics : ReportDevicesBase
         public ReportStatistics(DynGraphqlQuery query, UserConfig userConfig, ReportType reportType) : base(query, userConfig, reportType) {}
 
 
-        public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback, CancellationToken ct)
+        public override async Task Generate(int _, ApiConnection apiConnection, Func<ReportData, Task> callback, CancellationToken ct)
         {
-            List<Management> managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
+            List<ManagementReport> managementsWithRelevantImportId = await getRelevantImportIds(apiConnection);
 
             ReportData.ManagementData = new ();
 
-            foreach (Management relevantMgmt in managementsWithRelevantImportId)
+            foreach (var relevantMgmt in managementsWithRelevantImportId)
             {
                 if (ct.IsCancellationRequested)
                 {
@@ -35,7 +35,7 @@ public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<
                 Query.QueryVariables["relevantImportId"] = relevantMgmt.Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? -1 /* managment was not yet imported at that time */;
                 ReportData.ManagementData.Add((await apiConnection.SendQueryAsync<List<ManagementReport>>(Query.FullQuery, Query.QueryVariables))[0]);
             }
-            await callback(ReportData.ManagementData);
+            await callback(ReportData);
 
             foreach (ManagementReport mgm in ReportData.ManagementData.Where(mgt => !mgt.Ignore))
             {
@@ -46,15 +46,15 @@ public override async Task GenerateMgt(int _, ApiConnection apiConnection, Func<
             }
         }
 
-        public override async Task<bool> GetMgtObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
+        public override async Task<bool> GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<ReportData, Task> callback)
         {
-            await callback(ReportData.ManagementData);
+            await callback(ReportData);
             // currently no further objects to be fetched
             GotObjectsInReport = true;
             return true;
         }
 
-        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<List<ManagementReport>, Task> callback)
+        public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<ReportData, Task> callback)
         {
             return Task.FromResult<bool>(true);
         }
@@ -128,7 +128,7 @@ public override string ExportToHtml()
                 report.AppendLine($"<th>{userConfig.GetText("gateway")}</th>");
                 report.AppendLine($"<th>{userConfig.GetText("rules")}</th>");
                 report.AppendLine("</tr>");
-                foreach (Device device in managementReport.Devices)
+                foreach (var device in managementReport.Devices)
                 {
                     if (device.RuleStatistics != null)
                     {
diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
index 1abaa1447..b56d7cf5f 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
@@ -124,19 +124,17 @@ private async Task GenerateChangeReport()
                 UserConfig userConfig = new(globalConfig);
 
                 changeReport = ReportBase.ConstructReport(new ReportTemplate("", await SetFilters()), userConfig);
-
-                List<ManagementReport> managements = new();
-
-                await changeReport.GenerateMgt(int.MaxValue, apiConnection,
-                managementsReportIntermediate =>
-                {
-                    managements = managementsReportIntermediate;
-                    foreach (Management mgm in managements)
+                ReportData reportData = new();
+                await changeReport.Generate(int.MaxValue, apiConnection,
+                    rep =>
                     {
-                        mgm.Ignore = !deviceFilter.getSelectedManagements().Contains(mgm.Id);
-                    }
-                    return Task.CompletedTask;
-                }, token);
+                        reportData.ManagementData = rep.ManagementData;
+                        foreach (var mgm in reportData.ManagementData)
+                        {
+                            mgm.Ignore = !deviceFilter.getSelectedManagements().Contains(mgm.Id);
+                        }
+                        return Task.CompletedTask;
+                    }, token);
             }
             catch (Exception exception)
             {
diff --git a/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs b/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
index 7ae51f0bb..eaa5b612e 100644
--- a/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
@@ -170,22 +170,22 @@ private async Task<List<Rule>> generateRecertificationReport(ApiConnection apiCo
                 };
                 ReportBase? currentReport = ReportBase.ConstructReport(new ReportTemplate("", reportParams), userConfig);
 
-                List<ManagementReport> managements = new ();
+                ReportData reportData = new ();
 
-                await currentReport.GenerateMgt(int.MaxValue, apiConnection,
-                managementsReportIntermediate =>
+                await currentReport.Generate(int.MaxValue, apiConnection,
+                rep =>
                 {
-                    managements = managementsReportIntermediate;
+                    reportData.ManagementData = rep.ManagementData;
                     return Task.CompletedTask;
                 }, token);
 
-                foreach (Management management in managements)
+                foreach (var management in reportData.ManagementData)
                 {
-                    foreach (Device device in management.Devices)
+                    foreach (var device in management.Devices)
                     {
                         if (device.ContainsRules())
                         {
-                            foreach (Rule rule in device.Rules!)
+                            foreach (var rule in device.Rules!)
                             {
                                 rule.Metadata.UpdateRecertPeriods(owner.RecertInterval ?? globalConfig.RecertificationPeriod, 0);
                                 rule.DeviceName = device.Name ?? "";
diff --git a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
index c7b07678b..20daf8bbe 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
@@ -148,27 +148,24 @@ private Task GenerateReport(ReportSchedule reportSchedule, DateTime dateTimeNowR
                     ReportBase report = ReportBase.ConstructReport(reportSchedule.Template, userConfig);
                     if(report.ReportType.IsDeviceRelatedReport())
                     {
-                        List<ManagementReport> managementsReport = new ();
-                        await report.GenerateMgt(int.MaxValue, apiConnectionUserContext, 
-                            managementsReportIntermediate =>
+                        await report.Generate(int.MaxValue, apiConnectionUserContext, 
+                            rep =>
                             {
-                                managementsReport = managementsReportIntermediate;
-                                SetRelevantManagements(ref managementsReport, reportSchedule.Template.ReportParams.DeviceFilter);
+                                report.ReportData.ManagementData = rep.ManagementData;
+                                SetRelevantManagements(ref report.ReportData.ManagementData, reportSchedule.Template.ReportParams.DeviceFilter);
                                 return Task.CompletedTask;
                             }, token);
-                        await report.GetMgtObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask);
                     }
                     else
                     {
-                        List<ModellingConnection> connectionReport = new();
-                        await report.GenerateCon(int.MaxValue, apiConnectionUserContext,
-                            connectionReportIntermediate =>
+                        await report.Generate(int.MaxValue, apiConnectionUserContext,
+                            rep =>
                             {
-                                connectionReport = connectionReportIntermediate;
+                                report.ReportData.OwnerData = rep.OwnerData;
                                 return Task.CompletedTask;
                             }, token);
-                        //await report.GetConObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask);
                     }
+                    await report.GetObjectsInReport(int.MaxValue, apiConnectionUserContext, _ => Task.CompletedTask);
                     WriteReportFile(report, reportSchedule.OutputFormat, reportFile);
                     await SaveReport(reportFile, report.SetDescription(), apiConnectionUserContext);
                     Log.WriteInfo("Report Scheduling", $"Scheduled report \"{reportSchedule.Name}\" with id \"{reportSchedule.Id}\" for user \"{reportSchedule.Owner.Name}\" with id \"{reportSchedule.Owner.DbId}\" successfully generated.");
diff --git a/roles/test/files/FWO.Test/ExportTest.cs b/roles/test/files/FWO.Test/ExportTest.cs
index 649e9b340..52c9e4ddf 100644
--- a/roles/test/files/FWO.Test/ExportTest.cs
+++ b/roles/test/files/FWO.Test/ExportTest.cs
@@ -639,28 +639,8 @@ public void RulesGenerateJson()
             };
 
             string expectedJsonResult = 
-            "[{\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": []," +
-            "\"reportNetworkObjects\": [{\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
-            "{\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
-            "{\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}]," +
-            "\"reportServiceObjects\": [{\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," +
-            "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}," +
-            "{\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," +
-            "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}]," +
-            "\"reportUserObjects\": [{\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}," +
-            "{\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}]," +
-            "\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}},\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," +
-            "\"id\": 0,\"name\": \"TestMgt\",\"hostname\": \"\"," +
-            "\"import_credential\": {\"id\": 0,\"credential_name\": \"\",\"is_key_pair\": false,\"user\": null,\"secret\": \"\",\"sshPublicKey\": null,\"cloud_client_id\": null,\"cloud_client_secret\": null}," +
-            "\"configPath\": \"\",\"domainUid\": \"\",\"cloudSubscriptionId\": \"\",\"cloudTenantId\": \"\",\"superManager\": null,\"importerHostname\": \"\",\"port\": 0,\"importDisabled\": false,\"forceInitialImport\": false,\"hideInUi\": false,\"comment\": null,\"debugLevel\": null," +
-            "\"devices\": [{\"id\": 0,\"name\": \"TestDev\",\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
-            "\"management\": {\"id\": 0,\"name\": \"\",\"hostname\": \"\"," +
-            "\"import_credential\": {\"id\": 0,\"credential_name\": \"\",\"is_key_pair\": false,\"user\": null,\"secret\": \"\",\"sshPublicKey\": null,\"cloud_client_id\": null,\"cloud_client_secret\": null}," +
-            "\"configPath\": \"\",\"domainUid\": \"\",\"cloudSubscriptionId\": \"\",\"cloudTenantId\": \"\",\"superManager\": null,\"importerHostname\": \"\",\"port\": 0,\"importDisabled\": false,\"forceInitialImport\": false,\"hideInUi\": false,\"comment\": null,\"debugLevel\": null," +
-            "\"devices\": []," +
-            "\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
-            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0}," +
-            "\"local_rulebase_name\": null,\"global_rulebase_name\": null,\"package_name\": null,\"importDisabled\": false,\"hideInUi\": false,\"comment\": null," +
+            "[{\"id\": 0,\"name\": \"TestMgt\"," +
+            "\"devices\": [{\"id\": 0,\"name\": \"TestDev\"," +
             "\"rules\": [{\"rule_id\": 0,\"rule_uid\": \"uid1\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"comment1\",\"rule_disabled\": false," +
             "\"rule_services\": [{\"service\": {\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0," +
             "\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," +
@@ -689,10 +669,20 @@ public void RulesGenerateJson()
             "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," +
             "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\"," +
             "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
-            "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []},\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"}],\"changelog_rules\": null,\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," +
-            "\"Selected\": false,\"Relevant\": false,\"AwaitMgmt\": false,\"Delete\": false,\"ActionId\": 0}]," +
-            "\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
-            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0}]";
+            "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []},\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"}],\"changelog_rules\": null,\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}}]," +
+            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null," +
+            "\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": []," +
+            "\"reportNetworkObjects\": [{\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
+            "{\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
+            "{\"obj_id\": 3,\"obj_name\": \"TestIpRange\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"ip_range\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}]," +
+            "\"reportServiceObjects\": [{\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," +
+            "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}," +
+            "{\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," +
+            "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}]," +
+            "\"reportUserObjects\": [{\"user_id\": 1,\"user_uid\": \"\",\"user_name\": \"TestUser1\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}," +
+            "{\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}]," +
+            "\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}},\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," +
+            "\"Ignore\": false}]";
             // Log.WriteInfo("Test Log", removeLinebreaks((removeGenDate(reportRules.ExportToJson(), true, true))));
             Assert.AreEqual(expectedJsonResult, removeLinebreaks((removeGenDate(reportRules.ExportToJson(), false, true))));
         }
@@ -758,19 +748,9 @@ public void ChangesGenerateJson()
             };
 
             string expectedJsonResult = 
-            "[{\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": [],\"reportNetworkObjects\": [],\"reportServiceObjects\": [],\"reportUserObjects\": [],\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}}," +
-            "\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," +
-            "\"id\": 0,\"name\": \"TestMgt\",\"hostname\": \"\"," +
-            "\"import_credential\": {\"id\": 0,\"credential_name\": \"\",\"is_key_pair\": false,\"user\": null,\"secret\": \"\",\"sshPublicKey\": null,\"cloud_client_id\": null,\"cloud_client_secret\": null}," +
-            "\"configPath\": \"\",\"domainUid\": \"\",\"cloudSubscriptionId\": \"\",\"cloudTenantId\": \"\",\"superManager\": null,\"importerHostname\": \"\",\"port\": 0,\"importDisabled\": false,\"forceInitialImport\": false,\"hideInUi\": false,\"comment\": null,\"debugLevel\": null," +
-            "\"devices\": [{\"id\": 0,\"name\": \"TestDev\",\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
-            "\"management\": {\"id\": 0,\"name\": \"\",\"hostname\": \"\"," +
-            "\"import_credential\": {\"id\": 0,\"credential_name\": \"\",\"is_key_pair\": false,\"user\": null,\"secret\": \"\",\"sshPublicKey\": null,\"cloud_client_id\": null,\"cloud_client_secret\": null}," +
-            "\"configPath\": \"\",\"domainUid\": \"\",\"cloudSubscriptionId\": \"\",\"cloudTenantId\": \"\",\"superManager\": null,\"importerHostname\": \"\",\"port\": 0,\"importDisabled\": false,\"forceInitialImport\": false,\"hideInUi\": false,\"comment\": null,\"debugLevel\": null," +
-            "\"devices\": []," +
-            "\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
-            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0}," +
-            "\"local_rulebase_name\": null,\"global_rulebase_name\": null,\"package_name\": null,\"importDisabled\": false,\"hideInUi\": false,\"comment\": null,\"rules\": null," +
+            "[{\"id\": 0,\"name\": \"TestMgt\"," +
+            "\"devices\": [{\"id\": 0,\"name\": \"TestDev\"," +
+            "\"rules\": null," +
             "\"changelog_rules\": [{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"I\"," +
             "\"old\": {\"rule_id\": 0,\"rule_uid\": \"\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"\",\"rule_comment\": \"\",\"rule_disabled\": false," +
             "\"rule_services\": [],\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_tos\": [],\"rule_action\": \"\",\"rule_track\": \"\",\"section_header\": \"\"," +
@@ -844,9 +824,11 @@ public void ChangesGenerateJson()
             "\"rule_services\": [],\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_tos\": [],\"rule_action\": \"\",\"rule_track\": \"\",\"section_header\": \"\"," +
             "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
             "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," +
-            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 0,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}],\"rules_aggregate\": {\"aggregate\": {\"count\": 0}},\"Selected\": false,\"Relevant\": false,\"AwaitMgmt\": false,\"Delete\": false,\"ActionId\": 0}]," +
-            "\"deviceType\": {\"id\": 0,\"name\": \"\",\"version\": \"\",\"manufacturer\": \"\",\"isPureRoutingDevice\": false,\"isManagement\": false}," +
-            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null,\"Ignore\": false,\"AwaitDevice\": false,\"Delete\": false,\"ActionId\": 0}]";
+            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 0,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}],\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}}]," +
+            "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null," +
+            "\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": [],\"reportNetworkObjects\": [],\"reportServiceObjects\": [],\"reportUserObjects\": [],\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}}," +
+            "\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," +
+            "\"Ignore\": false}]";
             Assert.AreEqual(expectedJsonResult, removeLinebreaks((removeGenDate(reportChanges.ExportToJson(), false, true))));
         }
 
@@ -1021,15 +1003,15 @@ private ReportData ConstructRuleReport(bool resolved)
             {
                 ManagementData = new List<ManagementReport>()
                 {
-                    new ManagementReport()
+                    new ()
                     { 
                         Name = "TestMgt",
                         ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange },
                         ReportServices = new NetworkService[]{ TestService1, TestService2 },
                         ReportUsers = new NetworkUser[]{ TestUser1, TestUser2 },
-                        Devices = new Device[]
+                        Devices = new DeviceReport[]
                         { 
-                            new Device()
+                            new ()
                             { 
                                 Name = "TestDev",
                                 Rules = new Rule[]{ Rule1, Rule2 }
@@ -1045,13 +1027,13 @@ private ReportData ConstructRecertReport()
             RecertRule1 = InitRule1(false);
             RecertRule1.Metadata.RuleRecertification = new List<Recertification>()
             {
-                new Recertification()
+                new ()
                 {
                     NextRecertDate  = DateTime.Now.AddDays(5),
                     FwoOwner = new FwoOwner(){ Name = "TestOwner1" },
                     IpMatch = TestIp1.Name
                 },
-                new Recertification()
+                new ()
                 {
                     NextRecertDate  = DateTime.Now.AddDays(-5),
                     FwoOwner = new FwoOwner(){ Name = "TestOwner2" },
@@ -1061,7 +1043,7 @@ private ReportData ConstructRecertReport()
             RecertRule2 = InitRule2(false);
             RecertRule2.Metadata.RuleRecertification = new List<Recertification>()
             {
-                new Recertification()
+                new ()
                 {
                     NextRecertDate  = DateTime.Now,
                     FwoOwner = new FwoOwner(){ Name = "TestOwner1" },
@@ -1072,15 +1054,15 @@ private ReportData ConstructRecertReport()
             {
                 ManagementData = new List<ManagementReport>()
                 {
-                    new ManagementReport()
+                    new ()
                     { 
                         Name = "TestMgt",
                         ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange },
                         ReportServices = new NetworkService[]{ TestService1, TestService2 },
                         ReportUsers = new NetworkUser[]{ TestUser1, TestUser2 },
-                        Devices = new Device[]
+                        Devices = new DeviceReport[]
                         { 
-                            new Device()
+                            new ()
                             { 
                                 Name = "TestDev", 
                                 Rules = new Rule[]{ RecertRule1, RecertRule2 }
@@ -1099,34 +1081,34 @@ private ReportData ConstructNatRuleReport()
                 TranslatedSourceNegated = false,
                 TranslatedFroms = new NetworkLocation[]
                 {
-                    new NetworkLocation(TestUser2, TestIp1Changed)
+                    new (TestUser2, TestIp1Changed)
                 },
                 TranslatedDestinationNegated = true,
                 TranslatedTos = new NetworkLocation[]
                 {
-                    new NetworkLocation(new NetworkUser(), TestIp1Changed),
-                    new NetworkLocation(new NetworkUser(), TestIpNew)
+                    new (new NetworkUser(), TestIp1Changed),
+                    new (new NetworkUser(), TestIpNew)
                 },
                 TranslatedServiceNegated = false,
                 TranslatedServices = new ServiceWrapper[]
                 {
-                    new ServiceWrapper(){ Content = TestService1 },
-                    new ServiceWrapper(){ Content = TestService2 }
+                    new (){ Content = TestService1 },
+                    new (){ Content = TestService2 }
                 }
             };
             return new ReportData()
             {
                 ManagementData = new List<ManagementReport>()
                 {
-                    new ManagementReport()
+                    new ()
                     { 
                         Name = "TestMgt",
                         ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange, TestIpNew, TestIp1Changed },
                         ReportServices = new NetworkService[]{ TestService1, TestService2 },
                         ReportUsers = new NetworkUser[]{ TestUser2 },
-                        Devices = new Device[]
+                        Devices = new DeviceReport[]
                         { 
-                            new Device(){ Name = "TestDev", Rules = new Rule[]{ NatRule }} 
+                            new (){ Name = "TestDev", Rules = new Rule[]{ NatRule }} 
                         }
                     }
                 }
@@ -1142,10 +1124,10 @@ private ReportData ConstructChangeReport(bool resolved)
             if(resolved)
             {
                 Rule1Changed.Froms[0].Object.ObjectGroupFlats[0].Object = TestIp1Changed;
-                Rule1Changed.Tos = new NetworkLocation[]{new NetworkLocation(new NetworkUser(), new NetworkObject(){ObjectGroupFlats = new GroupFlat<NetworkObject>[]
+                Rule1Changed.Tos = new NetworkLocation[]{new (new NetworkUser(), new NetworkObject(){ObjectGroupFlats = new GroupFlat<NetworkObject>[]
                 {
-                    new GroupFlat<NetworkObject>(){ Object = TestIpRange },
-                    new GroupFlat<NetworkObject>(){ Object = TestIpNew }
+                    new (){ Object = TestIpRange },
+                    new (){ Object = TestIpNew }
                 }})};  
             }
             else
@@ -1153,8 +1135,8 @@ private ReportData ConstructChangeReport(bool resolved)
                 Rule1Changed.Froms[0].Object = TestIp1Changed;
                 Rule1Changed.Tos = new NetworkLocation[]
                 {
-                    new NetworkLocation(new NetworkUser(), TestIpRange),
-                    new NetworkLocation(new NetworkUser(), TestIpNew)
+                    new (new NetworkUser(), TestIpRange),
+                    new (new NetworkUser(), TestIpNew)
                 };
             }
             Rule1Changed.Uid = "";
@@ -1195,12 +1177,12 @@ private ReportData ConstructChangeReport(bool resolved)
             {
                 ManagementData = new List<ManagementReport>()
                 {
-                    new ManagementReport()
+                    new ()
                     { 
                         Name = "TestMgt",
-                        Devices = new Device[]
+                        Devices = new DeviceReport[]
                         {
-                            new Device()
+                            new ()
                             { 
                                 Name = "TestDev",
                                 RuleChanges = new RuleChange[]{ ruleChange1, ruleChange2, ruleChange3, ruleChange4 }
diff --git a/roles/ui/files/FWO.UI/Pages/Certification.razor b/roles/ui/files/FWO.UI/Pages/Certification.razor
index 42f90c165..27e4c8764 100644
--- a/roles/ui/files/FWO.UI/Pages/Certification.razor
+++ b/roles/ui/files/FWO.UI/Pages/Certification.razor
@@ -254,10 +254,10 @@
             {
                 if(currentReport != null)
                 {
-                    await currentReport.GenerateMgt(userConfig.ElementsPerFetch, apiConnection,
+                    await currentReport.Generate(userConfig.ElementsPerFetch, apiConnection,
                     managementsReportIntermediate =>
                     {
-                        managementsReport = managementsReportIntermediate;
+                        managementsReport = managementsReportIntermediate.ManagementData;
                         return InvokeAsync(StateHasChanged);
                     }, token);
                 }
@@ -314,12 +314,12 @@
         rulesFound = false;
         foreach (var management in managementsReport)
         {
-            foreach (Device device in management.Devices)
+            foreach (var device in management.Devices)
             {
                 if (device.ContainsRules())
                 {
                     rulesFound = true;
-                    foreach (Rule rule in device.Rules!)
+                    foreach (var rule in device.Rules!)
                     {
                         rule.Metadata.UpdateRecertPeriods(userConfig.RecertificationPeriod, userConfig.RecertificationNoticePeriod);
                     }
@@ -382,11 +382,11 @@
 
         foreach (var management in managementsReport)
         {
-            foreach (Device device in management.Devices)
+            foreach (var device in management.Devices)
             {
                 if(device.Rules != null)
                 {
-                    foreach (Rule rule in device.Rules)
+                    foreach (var rule in device.Rules)
                     {
                         if(rule.Metadata.Recert || rule.Metadata.ToBeRemoved)
                         {
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 7a9b1dee5..6e27978f7 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -348,10 +348,10 @@
                 }
                 else
                 {
-                    await currentReport.GenerateMgt(userConfig.ElementsPerFetch, apiConnection,
+                    await currentReport.Generate(userConfig.ElementsPerFetch, apiConnection,
                     managementsReportIntermediate =>
                     {
-                        currentReport.ReportData.ManagementData = managementsReportIntermediate;
+                        currentReport.ReportData.ManagementData = managementsReportIntermediate.ManagementData;
                         setRelevantManagements();
                         return InvokeAsync(StateHasChanged);
                     }, token);
@@ -407,26 +407,38 @@
 
     private async Task GenerateConnectionsReport(CancellationToken token)
     {
-        currentReport.ReportData.OwnerData.Add(new OwnerReport(){ Name = actReportFilters.ModellingFilter.SelectedOwner.Name });
-        await currentReport.GenerateCon(userConfig.ElementsPerFetch, apiConnection,
-        connIntermediate =>
+        foreach(var selectedOwner in actReportFilters.ModellingFilter.SelectedOwners.Where(o => o.Id > 0))
         {
-            currentReport.ReportData.OwnerData[0].Connections = connIntermediate;
-            return InvokeAsync(StateHasChanged);
-        }, token);
-        appHandler = new (apiConnection, userConfig, actReportFilters.ModellingFilter.SelectedOwner, DisplayMessageInUi);
-        await appHandler.Init(currentReport.ReportData.OwnerData[0].Connections);
+            OwnerReport actOwnerData = new(){ Name = selectedOwner.Name };
+            currentReport.ReportData.OwnerData.Add(actOwnerData);
+            await currentReport.Generate(userConfig.ElementsPerFetch, apiConnection,
+            connIntermediate =>
+            {
+                actOwnerData.Connections = connIntermediate.OwnerData.First().Connections;
+                return InvokeAsync(StateHasChanged);
+            }, token);
+
+            await PrepareReportData(selectedOwner, actOwnerData);
+        }
         currentReport.ReportData.GlobalComSvc = await apiConnection.SendQueryAsync<List<ModellingConnection>>(ModellingQueries.getCommonServices);
+    }
 
+    async Task PrepareReportData(FwoOwner selectedOwner, OwnerReport ownerData)
+    {
+        appHandler = new (apiConnection, userConfig, selectedOwner, DisplayMessageInUi);
+        await appHandler.Init(ownerData.Connections);
+        ownerData.RegularConnections = appHandler.GetRegularConnections();
+        ownerData.Interfaces = appHandler.GetInterfaces();
+        ownerData.CommonServices = appHandler.GetCommonServices();
     }
 
     private async Task GenerateStatisticsReport(CancellationToken token)
     {
         currentReport.ReportData.GlobalStats = new ();
-        await currentReport.GenerateMgt(0, apiConnection,
+        await currentReport.Generate(0, apiConnection,
             managementsReportIntermediate =>
             {
-                currentReport.ReportData.ManagementData = managementsReportIntermediate;
+                currentReport.ReportData.ManagementData = managementsReportIntermediate.ManagementData;
                 setRelevantManagements();
                 return InvokeAsync(() =>
                 {
@@ -446,11 +458,11 @@
     {
         bool rulesFound = false;
         foreach (var managementReport in ManagementReports)
-            foreach (Device device in managementReport.Devices)
+            foreach (var device in managementReport.Devices)
                 if (device.ContainsRules())
                 {
                     rulesFound = true;
-                    foreach (Rule rule in device.Rules!)
+                    foreach (var rule in device.Rules!)
                     {
                         rule.Metadata.UpdateRecertPeriods(userConfig.RecertificationPeriod, userConfig.RecertificationNoticePeriod);
                     }
@@ -534,7 +546,7 @@
             ReportType.Statistics,
             ReportType.Connections
         };
-        foreach (ReportType reportType in orderedReportTypeList)
+        foreach (var reportType in orderedReportTypeList)
         {
             ReportType? foundType = ListIn.Find(x => x == reportType);
             if (foundType != null)
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportExport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportExport.razor
index cce58a681..b47aaa3d2 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportExport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportExport.razor
@@ -150,14 +150,7 @@
                 {
                     if (!ReportToExport.GotObjectsInReport)
                     {
-                        if((bool)ReportToExport?.ReportType.IsModellingReport())
-                        {
-                            await ReportToExport.GetConObjectsInReport(int.MaxValue, apiConnection, _ => Task.CompletedTask);
-                        }
-                        else
-                        {
-                            await ReportToExport.GetMgtObjectsInReport(int.MaxValue, apiConnection, _ => Task.CompletedTask);
-                        }
+                        await ReportToExport.GetObjectsInReport(int.MaxValue, apiConnection, _ => Task.CompletedTask);
                     }
 
                     if (ExportHtml)
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ChangesReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ChangesReport.razor
index 65b15870d..baa95d165 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ChangesReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ChangesReport.razor
@@ -1,5 +1,6 @@
 @using FWO.Ui.Display
 @using FWO.Config.Api
+@using FWO.Report
 @using FWO.Report.Filter
 
 @inject UserConfig userConfig
@@ -10,7 +11,7 @@
     {
         <Collapse Title="@management.Name" Style="@("primary")" StartToggled="false">
 
-            @foreach (Device device in management.Devices)
+            @foreach (var device in management.Devices)
             {
                 @if (device.RuleChanges != null && device.RuleChanges.Length > 0 && ruleChangeDisplayHtml != null && SelectedRuleChanges != null)
                 {
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
index ccd718437..84582e732 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
@@ -1,5 +1,6 @@
 @using FWO.Ui.Display
 @using FWO.Config.Api
+@using FWO.Report
 @using FWO.Report.Filter
 
 @inject UserConfig userConfig
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor
index b71fa2ff1..0be409f5f 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/RulesReport.razor
@@ -1,5 +1,6 @@
 @using FWO.Ui.Display
 @using FWO.Config.Api
+@using FWO.Report
 @using FWO.Report.Filter
 
 @inject UserConfig userConfig
@@ -12,7 +13,7 @@
 
         <Collapse Title="@management.Name" Style="@("primary")" StartToggled="false">
 
-            @foreach (Device device in management.Devices)
+            @foreach (var device in management.Devices)
             {
                 @if (device.Rules != null && device.Rules.Length > 0 && ruleDisplay != null)
                 {
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
index a8ad2e91e..8eda99b83 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/StatisticsReport.razor
@@ -1,5 +1,6 @@
 @using FWO.Ui.Display
 @using FWO.Config.Api
+@using FWO.Report
 @using FWO.Report.Filter
 
 @inject UserConfig userConfig
@@ -30,9 +31,9 @@
         </div>
         <h6>@(userConfig.GetText("no_rules_gtw"))</h6>
         <div class="d-flex">
-            <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="Device" Items="managementReport.Devices" PageSize="0">
-                <Column TableItem="Device" Title="@(userConfig.GetText("gateway"))" Field="@(Device => Device.Name)" />
-                <Column TableItem="Device" Title="@(userConfig.GetText("no_of_rules"))" Field="@(Device => Device.RuleStatistics.ObjectAggregate.ObjectCount)" />
+            <Table style="font-size:small" TableClass="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="DeviceReport" Items="managementReport.Devices" PageSize="0">
+                <Column TableItem="DeviceReport" Title="@(userConfig.GetText("gateway"))" Field="@(d => d.Name)" />
+                <Column TableItem="DeviceReport" Title="@(userConfig.GetText("no_of_rules"))" Field="@(d => d.RuleStatistics.ObjectAggregate.ObjectCount)" />
             </Table>
         </div>
     </Collapse>
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index caaaa28cc..ab2c54caa 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -42,7 +42,8 @@
             @if(NetworkObjectExtractor != null)
             {
                 <Collapse Title="@(userConfig.GetText("network_objects"))" StartToggled="StartCollapsed"  OnOpen="() => HandleUncollapse(ObjCategory.nobj)">
-                    <Table style="font-size:small" class="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="NetworkObject" Items="@NetworkObjectExtractor(Content)" PageSize="PageSize" ColumnReorder="true">
+                    <Table style="font-size:small" class="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="NetworkObject"
+                            Items="@NetworkObjectExtractor(Content)" PageSize="PageSize" ColumnReorder="true">
                         <Column TableItem="NetworkObject" Title="@(userConfig.GetText("name"))" Field="@(x => x.Name)" Class="word-break">
                             <Template>
                                 <span class="@ReportBase.GetIconClass(ObjCategory.nobj, context.Type.Name)">&nbsp;</span>
@@ -106,22 +107,11 @@
                     </Table>
                 </Collapse>
             }
-            @* @if(AppServerExtractor != null)
-            {
-                <Collapse Title="@(userConfig.GetText("app_servers"))" StartToggled="StartCollapsed" OnOpen="() => HandleUncollapse(ObjCategory.appSvc)">
-                    <Table style="font-size:small" class="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="ModellingAppServer" Items="@AppServerExtractor(Content)" PageSize="PageSize" ColumnReorder="true">
-                        <Column TableItem="ModellingAppServer" Title="@(userConfig.GetText("name"))" Field="@(x => x.Name)" Class="word-break">
-                            <Template>
-                                @((MarkupString)context.DisplayHtml())
-                            </Template>
-                        </Column>
-                    </Table>
-                </Collapse>
-            } *@
             @if(NetworkServiceExtractor != null)
             {
                 <Collapse Title="@(userConfig.GetText("services"))" StartToggled="StartCollapsed" OnOpen="() => HandleUncollapse(ObjCategory.nsrv)">
-                    <Table style="font-size:small" class="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="NetworkService" Items="@NetworkServiceExtractor(Content)" PageSize="PageSize" ColumnReorder="true">
+                    <Table style="font-size:small" class="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="NetworkService"
+                            Items="@NetworkServiceExtractor(Content)" PageSize="PageSize" ColumnReorder="true">
                         <Column TableItem="NetworkService" Title="@(userConfig.GetText("name"))" Field="@(x => x.Name)" Class="word-break">
                             <Template>
                                 <span class="@ReportBase.GetIconClass(ObjCategory.nsrv, context.Type.Name)">&nbsp;</span>
@@ -194,7 +184,8 @@
             @if(NetworkUserExtractor != null)
             {
                 <Collapse Title="@(userConfig.GetText("users"))" StartToggled="StartCollapsed" OnOpen="() => HandleUncollapse(ObjCategory.user)">
-                    <Table style="font-size:small" class="table table-bordered table-sm th-bg-secondary table-responsive" TableItem="NetworkUser" Items="@NetworkUserExtractor(Content)" PageSize="PageSize" ColumnReorder="true">
+                    <Table style="font-size:small" class="table table-bordered table-sm th-bg-secondary table-responsive"
+                            TableItem="NetworkUser" Items="@NetworkUserExtractor(Content)" PageSize="PageSize" ColumnReorder="true">
                         <Column TableItem="NetworkUser" Title="@(userConfig.GetText("name"))" Field="@(x => x.Name)" Class="word-break">
                             <Template>
                                 <span class="@ReportBase.GetIconClass(ObjCategory.user, context.Type.Name)">&nbsp;</span>
@@ -254,7 +245,7 @@
     AnchorNavToRSB? anchorNavToRSB { get; set; }
 
     [Parameter]
-    public Func<RsbTab, ObjCategory, Func<List<ManagementReport>, Task>, long, bool, Task>? FetchObjects { get; set; }
+    public Func<RsbTab, ObjCategory, Func<ReportData, Task>, long, bool, Task>? FetchObjects { get; set; }
 
     [Parameter]
     public bool Recert { get; set; }
@@ -392,7 +383,8 @@
             if (Tab == RsbTab.rule && objCategory != ObjCategory.all)
                 return;
 
-            if (objCategory == ObjCategory.all && !ContentIsDetailed || objCategory == ObjCategory.nobj && !nobjDetailed || objCategory == ObjCategory.nsrv && !nsrvDetailed || objCategory == ObjCategory.user && !userDetailed)
+            if (objCategory == ObjCategory.all && !ContentIsDetailed || objCategory == ObjCategory.nobj && !nobjDetailed ||
+                objCategory == ObjCategory.nsrv && !nsrvDetailed || objCategory == ObjCategory.user && !userDetailed)
             {
                 if(FetchObjects != null)
                 {
@@ -403,7 +395,7 @@
                                 managementsUpdate =>
                                 {
                                     int id = m.Id;
-                                    ManagementReport? m_updated = managementsUpdate.FirstOrDefault(mgmt => mgmt.Id == m.Id);
+                                    ManagementReport? m_updated = managementsUpdate.ManagementData.FirstOrDefault(mgmt => mgmt.Id == m.Id);
                                     if (m_updated != null)
                                     {
                                         switch (objCategory)
@@ -429,7 +421,7 @@
                             await FetchObjects(Tab, objCategory,
                                 managementsUpdate =>
                                 {
-                                    Rule? r_updated = managementsUpdate.SelectMany(m => m.Devices).SelectMany(d => d.Rules ?? new Rule[0]).FirstOrDefault();
+                                    Rule? r_updated = managementsUpdate.ManagementData.SelectMany(m => m.Devices).SelectMany(d => d.Rules ?? new Rule[0]).FirstOrDefault();
                                     if (r_updated != null)
                                     {
                                         r_updated.DeviceName = r.DeviceName;
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
index 944aadf88..930bb1ed6 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
@@ -17,7 +17,7 @@
 @code
 {
     [Parameter]
-    public Func<RsbTab, ObjCategory, Func<List<ManagementReport>, Task>, long, bool, Task>? FetchObjects { get; set; }
+    public Func<RsbTab, ObjCategory, Func<ReportData, Task>, long, bool, Task>? FetchObjects { get; set; }
 
     [Parameter]
     public bool Recert { get; set; }
diff --git a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
index 7fe414cf3..63a703857 100644
--- a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
+++ b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
@@ -150,12 +150,10 @@
         });
     }
 
-    public async Task FetchContent(RsbTab rsbTab, ObjCategory objType, Func<List<ManagementReport>, Task> callback, long id = 0, bool nat = false)
+    public async Task FetchContent(RsbTab rsbTab, ObjCategory objType, Func<ReportData, Task> callback, long id = 0, bool nat = false)
     {
         Log.WriteDebug("Fetching Content..", $"nat: {nat}");
 
-        List<ManagementReport> managementReports = new ();
-
         try
         {
             string query = "";
@@ -225,12 +223,12 @@
         }
     }
 
-    private async Task FetchObjects(string query, Dictionary<string, object> queryVars, Func<List<ManagementReport>, Task> callback)
+    private async Task FetchObjects(string query, Dictionary<string, object> queryVars, Func<ReportData, Task> callback)
     {
         // lazy fetch all objects for right sidebar
         try
         {
-            List<ManagementReport> managementReports = new ();
+            ReportData reportData = new();
             bool newObjects = true;
             int fetchCount = 0;
 
@@ -239,16 +237,16 @@
                 List<ManagementReport> managementsCurrentFetch = await Connection.SendQueryAsync<List<ManagementReport>>(query, queryVars);
                 if (fetchCount == 1)
                 {
-                    managementReports = managementsCurrentFetch;
+                    reportData.ManagementData = managementsCurrentFetch;
                 }
                 else
                 {
-                    newObjects = managementReports.Merge(managementsCurrentFetch);
+                    newObjects = reportData.ManagementData.Merge(managementsCurrentFetch);
                 }
 
                 if (queryVars.ContainsKey("offset"))
                     queryVars["offset"] = (int)queryVars["offset"] + userConfig.ElementsPerFetch;
-                await callback(managementReports);
+                await callback(reportData);
             }
 
             Log.WriteDebug("Lazy Fetch", $"Fetched sidebar objects in {fetchCount - 1} cycle(s) ({userConfig.ElementsPerFetch} at a time)");

From 26dfdc56c9dd3a047726fd7988e6cd222849997a Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Mon, 11 Mar 2024 13:29:50 +0100
Subject: [PATCH 32/84] .

---
 .../files/importer/nsx4ff/nsx_network.py      |  2 +-
 .../files/importer/nsx4ff/nsx_rule.py         | 26 +------------------
 2 files changed, 2 insertions(+), 26 deletions(-)

diff --git a/roles/importer/files/importer/nsx4ff/nsx_network.py b/roles/importer/files/importer/nsx4ff/nsx_network.py
index 759508483..894406e8b 100644
--- a/roles/importer/files/importer/nsx4ff/nsx_network.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_network.py
@@ -125,7 +125,7 @@ def lookup_obj_uid(obj_uid, obj_list, import_id, type='network'):
         refs, names = add_ip_obj([obj_uid], obj_list, import_id)
         return refs ## assuming only one object here
     elif type=='service':
-        logger.warning("could not find service object " + str(svc_uid))
+        logger.warning("could not find service object " + str(obj_uid))
     else:
         logger.warning("unknown object type '" + type + "' for object " + str(obj_uid))
     return None
diff --git a/roles/importer/files/importer/nsx4ff/nsx_rule.py b/roles/importer/files/importer/nsx4ff/nsx_rule.py
index 464cd6038..cdbc0e429 100644
--- a/roles/importer/files/importer/nsx4ff/nsx_rule.py
+++ b/roles/importer/files/importer/nsx4ff/nsx_rule.py
@@ -51,12 +51,11 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={}
                     if 'destinations_excluded' in rule_orig and rule_orig['destinations_excluded']:
                         rule["rule_dst_neg"] = True
                     rule.update({
-                        "rule_svc_neg": False,     # not possible to negate the svc field on Palo
+                        "rule_svc_neg": False,     # not possible to negate the svc field on NSX
                         "rulebase_name": os.path.basename(rule_orig['parent_path']),
                         "rule_name": rule_orig['relative_path'],
                         'rule_type': 'access',
                         'rule_num': rule_number,
-                        #'rule_installon': rule_orig['@vsys'],
                         'parent_rule_id': None,
                         'rule_time': None,
                         'rule_implied': False,
@@ -82,27 +81,17 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={}
                         rule['rule_action'] = "accept"
                         rule['rule_type'] = 'nat'
 
-                    # TODO: should either duplicate the rule for each zone to zone pair
-                    # or much better allow for n:m rule:zone mappings --> change of DB necessary
-                    # # instead we are just picking the last one!!!
-                    # for z in rule_orig['from']['member']:
-                    #     rule.update({'rule_from_zone': z})
-                    # for z in rule_orig['to']['member']:
-                    #     rule.update({'rule_to_zone': z})
-
                     if 'logged' in rule_orig and rule_orig['logged']:
                         rule['rule_track'] = 'log'
                     else:
                         rule['rule_track'] = 'none'
 
                     if "source_groups" in rule_orig:
-                        #rule['rule_src_refs'] = ','.join(rule_orig["source_groups"])
                         rule['rule_src_refs'], rule["rule_src"] = parse_obj_list(rule_orig["source_groups"], import_id, config2import['network_objects'], rule["rule_uid"])
                     else:
                         logger.warning("found undefined source in rule: " + str(rule_orig))
 
                     if "destination_groups" in rule_orig:
-                        #rule['rule_dst_refs'] = ','.join(rule_orig["destination_groups"])
                         rule['rule_dst_refs'], rule["rule_dst"] = parse_obj_list(rule_orig["destination_groups"], import_id, config2import['network_objects'], rule["rule_uid"])
                     else:
                         logger.warning("found undefined destination in rule: " + str(rule_orig))
@@ -110,21 +99,8 @@ def normalize_access_rules(full_config, config2import, import_id, mgm_details={}
                     services = []
                     if "services" in rule_orig:
                         services = rule_orig["services"]
-                        # if services[0] == 'application-default' or services[0] == 'any':
-                        #     services =  []
-                    # apps = []
-                    # if 'application' in rule_orig:
-                    #     # no services given but applications - parse apps
-                    #     if 'member' in rule_orig['application']:
-                    #         # apps = ['any']  ## TEMP before app parsing
-                    #         apps = rule_orig["application"]["member"]
-                    #     else:
-                    #         apps = [rule_orig["application"]]
-                    #     if apps[0] == 'any':
-                    #         apps = []
                     
                     if services != [ "ANY" ]:
-                        # rule['rule_svc_refs'], rule["rule_svc"] = parse_svc_list(apps + services, import_id, config2import['service_objects'], rule["rule_uid"], type='service')
                         rule['rule_svc_refs'], rule["rule_svc"] = parse_svc_list(services, import_id, config2import['service_objects'], rule["rule_uid"], type='service')
 
                     rule_number += 1

From ef9282704ff4a9f7665787f55d2213c5f71ea2dd Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Mon, 11 Mar 2024 13:33:53 +0100
Subject: [PATCH 33/84] doc

---
 documentation/revision-history-develop.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/documentation/revision-history-develop.md b/documentation/revision-history-develop.md
index 807bdaae8..746a18dff 100644
--- a/documentation/revision-history-develop.md
+++ b/documentation/revision-history-develop.md
@@ -179,3 +179,6 @@ bugfix release:
 # 8.0.1 - 20.02.2024 DEVELOP
 - iconify modelling
 - add missing config values
+
+# 8.0.2 - 11.03.2024 DEVELOP
+- first version of NSX import module

From 1205b0743aa774cfe7d6c7ee0001f2b281ac12d0 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Mon, 11 Mar 2024 16:06:34 +0100
Subject: [PATCH 34/84] solves #2354

---
 roles/ui/files/FWO.UI/Shared/SettingsLayout.razor | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
index 65b64d745..2b46254b7 100644
--- a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
@@ -142,9 +142,12 @@
                 <h5>@(userConfig.GetText("personal"))</h5>
             </li>
             <li class="nav-item px-2">
-                <NavLink class="nav-link" href="settings/password">
-                    <span class="@Icons.Login"></span> @(userConfig.GetText("password"))
-                </NavLink>
+                @if (userConfig.User.Dn.EndsWith("dc=fworch,dc=internal"))
+                {
+                    <NavLink class="nav-link" href="settings/password">
+                        <span class="@Icons.Login"></span> @(userConfig.GetText("password"))
+                    </NavLink>
+                }
                 <NavLink class="nav-link" href="settings/language">
                     <span class="@Icons.Language"></span> @(userConfig.GetText("language"))
                 </NavLink>

From baa04d255d9ab548863b676eb9c4660974cbefe4 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Mon, 11 Mar 2024 19:01:46 +0100
Subject: [PATCH 35/84] further on with export

---
 .../FWO.Api.Client/Data/ModellingAppRole.cs   |  2 +
 .../FWO.Api.Client/Data/ModellingAppServer.cs |  2 +
 .../FWO.Api.Client/Data/ModellingObject.cs    |  1 +
 .../FWO.Api.Client/Data/ModellingService.cs   |  2 +
 .../FWO.Api.Client/Data/NetworkObject.cs      |  2 +
 .../FWO.Api.Client/Data/NetworkService.cs     |  2 +
 .../lib/files/FWO.Report/Data/OwnerReport.cs  | 67 ++++++++++++---
 .../FWO.Report/Display/RuleDisplayHtml.cs     |  6 +-
 roles/lib/files/FWO.Report/ReportBase.cs      | 19 +++--
 .../lib/files/FWO.Report/ReportConnections.cs | 74 +++++++++++++++--
 .../lib/files/FWO.Report/ReportDevicesBase.cs |  5 ++
 roles/test/files/FWO.Test/ExportTest.cs       | 81 +++++++++++++------
 .../files/FWO.Test/SimulatedUserConfig.cs     |  1 +
 .../Pages/NetworkModelling/EditService.razor  |  2 +-
 roles/ui/files/FWO.UI/Shared/Dropdown.razor   |  2 +-
 .../ui/files/FWO.UI/Shared/ObjectGroup.razor  |  6 +-
 16 files changed, 217 insertions(+), 57 deletions(-)

diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
index e4d809547..ce837bcbb 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
@@ -25,6 +25,7 @@ public ModellingNwGroup ToBase()
             return new ModellingNwGroup()
             {
                 Id = Id,
+                Number = Number,
                 GroupType = GroupType,
                 IdString = IdString,
                 Name = Name,
@@ -43,6 +44,7 @@ public NetworkObject ToNetworkObjectGroup()
             return new()
             {
                 Id = Id,
+                Number = Number,
                 Name = Name ?? "",
                 Comment = Comment ?? "",
                 Type = new NetworkObjectType(){ Name = ObjectType.Group },
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
index f348c9267..13e846dd6 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
@@ -43,6 +43,7 @@ public static NetworkObject ToNetworkObject(ModellingAppServer appServer)
             return new NetworkObject()
             {
                 Id = appServer.Id,
+                Number = appServer.Number,
                 Name = appServer.Name,
                 IP = appServer.Ip,
                 IpEnd = appServer.Ip
@@ -55,6 +56,7 @@ public ModellingAppServer()
         public ModellingAppServer(ModellingAppServer appServer)
         {
             Id = appServer.Id;
+            Number = appServer.Number;
             AppId = appServer.AppId;
             Name = appServer.Name;
             IsDeleted = appServer.IsDeleted;
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingObject.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingObject.cs
index d95122b06..3953c5156 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingObject.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingObject.cs
@@ -12,6 +12,7 @@ public class ModellingObject
         public int? AppId { get; set; }
 
         public string TooltipText = "";
+        public long Number;
 
         public virtual string Display()
         {
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs
index c38efa758..ef6374fca 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingService.cs
@@ -24,6 +24,7 @@ public ModellingService()
         public ModellingService(ModellingService service)
         {
             Id = service.Id;
+            Number = service.Number;
             AppId = service.AppId;
             Name = service.Name;
             Port = service.Port;
@@ -48,6 +49,7 @@ public static NetworkService ToNetworkService(ModellingService service)
             return new NetworkService()
             {
                 Id = service.Id,
+                Number = service.Number,
                 Name = service?.Name ?? "",
                 DestinationPort = service?.Port,
                 DestinationPortEnd = service?.PortEnd,
diff --git a/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs b/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs
index ecb54920b..320dcbd8d 100644
--- a/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs
@@ -53,6 +53,8 @@ public class NetworkObject
         [JsonProperty("objgrp_flats"), JsonPropertyName("objgrp_flats")]
         public GroupFlat<NetworkObject>[] ObjectGroupFlats { get; set; } = new GroupFlat<NetworkObject>[]{};
 
+        public long Number;
+
         public override bool Equals(object? obj)
         {
             return obj switch
diff --git a/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs b/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs
index f5588ff72..4dab29e86 100644
--- a/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs
@@ -74,6 +74,8 @@ public class NetworkService
         [JsonProperty("svcgrp_flats"), JsonPropertyName("svcgrp_flats")]
         public GroupFlat<NetworkService>[] ServiceGroupFlats { get; set; } = new GroupFlat<NetworkService>[]{};
 
+        public long Number;
+
         public override bool Equals(object? obj)
         {
             return obj switch
diff --git a/roles/lib/files/FWO.Report/Data/OwnerReport.cs b/roles/lib/files/FWO.Report/Data/OwnerReport.cs
index c602d486c..201f244cf 100644
--- a/roles/lib/files/FWO.Report/Data/OwnerReport.cs
+++ b/roles/lib/files/FWO.Report/Data/OwnerReport.cs
@@ -10,6 +10,9 @@ public class OwnerReport
         public List<ModellingConnection> Interfaces { get; set; } = new ();
         public List<ModellingConnection> CommonServices { get; set; } = new ();
 
+        public List<NetworkObject> AllObjects = new();
+        public List<NetworkService> AllServices = new();
+
         public OwnerReport()
         {}
 
@@ -28,6 +31,24 @@ public static void AssignConnectionNumbers(List<ModellingConnection> connections
             }
         }
 
+        public void PrepareObjectData()
+        {
+            AllObjects = GetAllNetworkObjects();
+            SetObjectNumbers(ref AllObjects);
+            AllServices = GetAllServices();
+            SetSvcNumbers(ref AllServices);
+        }
+
+        public long ResolveObjNumber(ModellingNwObject networkObject)
+        {
+            return AllObjects.FirstOrDefault(x => x.Name == networkObject.Name)?.Number ?? 0;
+        }
+
+        public long ResolveSvcNumber(ModellingSvcObject serviceObject)
+        {
+            return AllServices.FirstOrDefault(x => x.Name == serviceObject.Name)?.Number ?? 0;
+        }
+
         public List<ModellingAppServer> GetAllAppServers()
         {
             List<ModellingAppServer> allAppServers = new();
@@ -57,7 +78,6 @@ public List<NetworkObject> GetAllNetworkObjects()
             }
             allObjects = allObjects.Union(Array.ConvertAll(GetAllAppServers().ToArray(), x => ModellingAppServer.ToNetworkObject(x)).ToList()).ToList();
             return allObjects;
-
         }
 
         public List<NetworkService> GetAllServices()
@@ -76,27 +96,50 @@ public List<NetworkService> GetAllServices()
             return allServices;
         }
 
-        public static List<string> GetSrcNames(ModellingConnection conn)
+        public List<string> GetSrcNames(ModellingConnection conn)
         {
-            List<string> names = ModellingNwGroupWrapper.Resolve(conn.SourceNwGroups).ToList().ConvertAll(s => s.DisplayHtml());
-            names.AddRange(ModellingAppRoleWrapper.Resolve(conn.SourceAppRoles).ToList().ConvertAll(s => s.DisplayHtml()));
-            names.AddRange(ModellingAppServerWrapper.Resolve(conn.SourceAppServers).ToList().ConvertAll(s => s.DisplayHtml()));
+            List<string> names = ModellingNwGroupWrapper.Resolve(conn.SourceNwGroups).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s)));
+            names.AddRange(ModellingAppRoleWrapper.Resolve(conn.SourceAppRoles).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s))));
+            names.AddRange(ModellingAppServerWrapper.Resolve(conn.SourceAppServers).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s))));
             return names;
         }
         
-        public static List<string> GetDstNames(ModellingConnection conn)
+        public List<string> GetDstNames(ModellingConnection conn)
         {
-            List<string> names = ModellingNwGroupWrapper.Resolve(conn.DestinationNwGroups).ToList().ConvertAll(s => s.DisplayHtml());
-            names.AddRange(ModellingAppRoleWrapper.Resolve(conn.DestinationAppRoles).ToList().ConvertAll(s => s.DisplayHtml()));
-            names.AddRange(ModellingAppServerWrapper.Resolve(conn.DestinationAppServers).ToList().ConvertAll(s => s.DisplayHtml()));
+            List<string> names = ModellingNwGroupWrapper.Resolve(conn.DestinationNwGroups).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s)));
+            names.AddRange(ModellingAppRoleWrapper.Resolve(conn.DestinationAppRoles).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s))));
+            names.AddRange(ModellingAppServerWrapper.Resolve(conn.DestinationAppServers).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s))));
             return names;
         }
 
-        public static List<string> GetSvcNames(ModellingConnection conn)
+        public List<string> GetSvcNames(ModellingConnection conn)
         {
-            List<string> names = ModellingServiceGroupWrapper.Resolve(conn.ServiceGroups).ToList().ConvertAll(s => s.DisplayHtml());
-            names.AddRange(ModellingServiceWrapper.Resolve(conn.Services).ToList().ConvertAll(s => s.DisplayHtml()));
+            List<string> names = ModellingServiceGroupWrapper.Resolve(conn.ServiceGroups).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.Svc, ResolveSvcNumber(s)));
+            names.AddRange(ModellingServiceWrapper.Resolve(conn.Services).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.Svc, ResolveSvcNumber(s))));
             return names;
         }
+
+        private void SetSvcNumbers(ref List<NetworkService> svcList)
+        {
+            long number = 1;
+            foreach(var svc in svcList)
+            {
+                svc.Number = number++;
+            }
+        }
+
+        private void SetObjectNumbers(ref List<NetworkObject> objList)
+        {
+            long number = 1;
+            foreach(var obj in objList)
+            {
+                obj.Number = number++;
+            }
+        }
+
+        private static string ConstructOutput(ModellingObject inputObj, string type, long objNumber)
+        {
+            return ReportBase.ConstructLink(type, "", objNumber, inputObj.Display(), OutputLocation.export, $"a{inputObj.AppId}", "");
+        }
     }
 }
diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs
index b525f7437..9ca58b704 100644
--- a/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs
@@ -89,16 +89,16 @@ protected string NetworkLocationToHtml(NetworkLocation networkLocation, int mgmt
         {
             return DisplayNetworkLocation(networkLocation, reportType, 
                 reportType.IsResolvedReport() || networkLocation.User == null ? null :
-                ReportBase.ConstructLink("user", ReportBase.GetIconClass(ObjCategory.user, networkLocation.User?.Type.Name), networkLocation.User!.Id, networkLocation.User.Name, location, mgmtId, style),
+                ReportDevicesBase.ConstructLink(ObjCatString.User, ReportBase.GetIconClass(ObjCategory.user, networkLocation.User?.Type.Name), networkLocation.User!.Id, networkLocation.User.Name, location, mgmtId, style),
                 reportType.IsResolvedReport() ? null :
-                ReportBase.ConstructLink("nwobj", ReportBase.GetIconClass(ObjCategory.nobj, networkLocation.Object.Type.Name), networkLocation.Object.Id, networkLocation.Object.Name, location, mgmtId, style)
+                ReportDevicesBase.ConstructLink(ObjCatString.NwObj, ReportBase.GetIconClass(ObjCategory.nobj, networkLocation.Object.Type.Name), networkLocation.Object.Id, networkLocation.Object.Name, location, mgmtId, style)
                 ).ToString();
         }
 
         protected string ServiceToHtml(NetworkService service, int mgmtId, OutputLocation location, string style, ReportType reportType)
         {
             return DisplayService(service, reportType, reportType.IsResolvedReport() ? null : 
-                ReportBase.ConstructLink("svc", ReportBase.GetIconClass(ObjCategory.nsrv, service.Type.Name), service.Id, service.Name, location, mgmtId, style)).ToString();
+                ReportDevicesBase.ConstructLink(ObjCatString.Svc, ReportBase.GetIconClass(ObjCategory.nsrv, service.Type.Name), service.Id, service.Name, location, mgmtId, style)).ToString();
         }
 
         private string DisplaySourceOrDestination(Rule rule, OutputLocation location, ReportType reportType, string style, bool isSource)
diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index 688ba5b6e..ef743410b 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -25,6 +25,13 @@ public enum ObjCategory
         user = 3
     }
 
+    public struct ObjCatString
+    {
+        public const string NwObj = "nwobj";
+        public const string Svc = "svc";
+        public const string User = "user";
+    }
+
     public enum OutputLocation
     {
         export,
@@ -135,6 +142,12 @@ public static ReportBase ConstructReport(ReportTemplate reportFilter, UserConfig
             };
         }
 
+        public static string ConstructLink(string type, string symbol, long id, string name, OutputLocation location, string reportId, string style)
+        {
+            string link = location == OutputLocation.export ? $"#" : $"{location}/generation#goto-report-{reportId}-";
+            return $"<span class=\"{symbol}\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"{link}{type}{id}\" target=\"_top\" style=\"{style}\">{name}</a>";
+        }
+
         protected string GenerateHtmlFrame(string title, string filter, DateTime date, StringBuilder htmlReport, string? deviceFilter = null, string? ownerFilter = null)
         {
             if (string.IsNullOrEmpty(htmlExport))
@@ -178,12 +191,6 @@ protected string GenerateHtmlFrame(string title, string filter, DateTime date, S
             return htmlExport;
         }
 
-        public static string ConstructLink(string type, string symbol, long id, string name, OutputLocation location, int mgmtId, string style)
-        {
-            string link = location == OutputLocation.export ? $"#" : $"{location}/generation#goto-report-m{mgmtId}-";
-            return $"<span class=\"{symbol}\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"{link}{type}{id}\" target=\"_top\" style=\"{style}\">{name}</a>";
-        }
-
         public static string ToUtcString(string? timestring)
         {
             try
diff --git a/roles/lib/files/FWO.Report/ReportConnections.cs b/roles/lib/files/FWO.Report/ReportConnections.cs
index 3dfb31aad..a8c49099f 100644
--- a/roles/lib/files/FWO.Report/ReportConnections.cs
+++ b/roles/lib/files/FWO.Report/ReportConnections.cs
@@ -51,29 +51,31 @@ public override string ExportToHtml()
             StringBuilder report = new ();
             foreach (var ownerReport in ReportData.OwnerData)
             {
+                ownerReport.PrepareObjectData();
                 report.AppendLine($"<h3>{ownerReport.Name}</h3>");
                 if(ownerReport.RegularConnections.Count > 0)
                 {
                     report.AppendLine($"<h4>{userConfig.GetText("connections")}</h4>");
-                    AppendConnectionsGroupHtml(ownerReport.RegularConnections, ref report);
+                    AppendConnectionsGroupHtml(ownerReport.RegularConnections, ownerReport, ref report);
                 }
                 if(ownerReport.Interfaces.Count > 0)
                 {
                     report.AppendLine($"<h4>{userConfig.GetText("interfaces")}</h4>");
-                    AppendConnectionsGroupHtml(ownerReport.Interfaces, ref report);
+                    AppendConnectionsGroupHtml(ownerReport.Interfaces, ownerReport, ref report);
                 }
                 if(ownerReport.CommonServices.Count > 0)
                 {
                     report.AppendLine($"<h4>{userConfig.GetText("common_services")}</h4>");
-                    AppendConnectionsGroupHtml(ownerReport.CommonServices, ref report);
+                    AppendConnectionsGroupHtml(ownerReport.CommonServices, ownerReport, ref report);
                 }
 
-                // show all objects used
+                AppendNetworkObjectsHtml(ownerReport.AllObjects, ref report);
+                AppendNetworkServicesHtml(ownerReport.AllServices, ref report);
             }
             return GenerateHtmlFrame(userConfig.GetText(ReportType.ToString()), Query.RawFilter, DateTime.Now, report);
         }
 
-        private void AppendConnectionsGroupHtml(List<ModellingConnection> connections, ref StringBuilder report)
+        private void AppendConnectionsGroupHtml(List<ModellingConnection> connections, OwnerReport ownerReport, ref StringBuilder report)
         {
             OwnerReport.AssignConnectionNumbers(connections);
             report.AppendLine("<table>");
@@ -85,9 +87,9 @@ private void AppendConnectionsGroupHtml(List<ModellingConnection> connections, r
                 report.AppendLine($"<td>{connection.Id}</td>");
                 report.AppendLine($"<td>{connection.Name}</td>");
                 report.AppendLine($"<td>{connection.Reason}</td>");
-                report.AppendLine($"<td>{String.Join("<br>", OwnerReport.GetSrcNames(connection))}</td>");
-                report.AppendLine($"<td>{String.Join("<br>", OwnerReport.GetSvcNames(connection))}</td>");
-                report.AppendLine($"<td>{String.Join("<br>", OwnerReport.GetDstNames(connection))}</td>");
+                report.AppendLine($"<td>{String.Join("<br>", ownerReport.GetSrcNames(connection))}</td>");
+                report.AppendLine($"<td>{String.Join("<br>", ownerReport.GetSvcNames(connection))}</td>");
+                report.AppendLine($"<td>{String.Join("<br>", ownerReport.GetDstNames(connection))}</td>");
             }
             report.AppendLine("</table>");
             report.AppendLine("<hr>");
@@ -106,6 +108,62 @@ private void AppendConnectionHeadlineHtml(ref StringBuilder report)
             report.AppendLine("</tr>");
         }
 
+        private void AppendNetworkObjectsHtml(List<NetworkObject> networkObjects, ref StringBuilder report)
+        {
+            report.AppendLine($"<h4>{userConfig.GetText("network_objects")}</h4>");
+            report.AppendLine("<table>");
+            AppendNWObjHeadlineHtml(ref report);
+            foreach (var nwObj in networkObjects)
+            {
+                report.AppendLine("<tr>");
+                report.AppendLine($"<td>{nwObj.Number}</td>");
+                report.AppendLine($"<td>{nwObj.Id}</td>");
+                report.AppendLine($"<td>{nwObj.Name}</td>");
+                report.AppendLine($"<td>{nwObj.IP}</td>");
+            }
+            report.AppendLine("</table>");
+            report.AppendLine("<hr>");
+        }
+
+        private void AppendNWObjHeadlineHtml(ref StringBuilder report)
+        {
+            report.AppendLine("<tr>");
+            report.AppendLine($"<th>{userConfig.GetText("number")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("id")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("name")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("ip")}</th>");
+            report.AppendLine("</tr>");
+        }
+
+        private void AppendNetworkServicesHtml(List<NetworkService> networkServices, ref StringBuilder report)
+        {
+            report.AppendLine($"<h4>{userConfig.GetText("network_services")}</h4>");
+            report.AppendLine("<table>");
+            AppendNWSvcHeadlineHtml(ref report);
+            foreach (var svc in networkServices)
+            {
+                report.AppendLine("<tr>");
+                report.AppendLine($"<td>{svc.Number}</td>");
+                report.AppendLine($"<td>{svc.Id}</td>");
+                report.AppendLine($"<td>{svc.Name}</td>");
+                report.AppendLine($"<td>{svc.Protocol.Name}</td>");
+                report.AppendLine($"<td>{svc.DestinationPort}</td>");
+            }
+            report.AppendLine("</table>");
+            report.AppendLine("<hr>");
+        }
+
+        private void AppendNWSvcHeadlineHtml(ref StringBuilder report)
+        {
+            report.AppendLine("<tr>");
+            report.AppendLine($"<th>{userConfig.GetText("number")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("id")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("name")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("protocol")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("port")}</th>");
+            report.AppendLine("</tr>");
+        }
+
         public override string SetDescription()
         {
             int counter = 0;
diff --git a/roles/lib/files/FWO.Report/ReportDevicesBase.cs b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
index 29834f720..9eb20728c 100644
--- a/roles/lib/files/FWO.Report/ReportDevicesBase.cs
+++ b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
@@ -116,6 +116,11 @@ public string DisplayReportHeaderCsv()
             return $"{report}";
         }
 
+        public static string ConstructLink(string type, string symbol, long id, string name, OutputLocation location, int mgmtId, string style)
+        {
+            return ConstructLink(type, symbol, id, name, location, $"m{mgmtId}", style);
+        }
+
         protected string GenerateHtmlFrame(string title, string filter, DateTime date, StringBuilder htmlReport)
         {
             return GenerateHtmlFrame(title, filter, date, htmlReport, string.Join("; ", Array.ConvertAll(ReportData.ManagementData.Where(mgt => !mgt.Ignore).ToArray(), m => m.NameAndDeviceNames())));
diff --git a/roles/test/files/FWO.Test/ExportTest.cs b/roles/test/files/FWO.Test/ExportTest.cs
index 52c9e4ddf..fab23d6ed 100644
--- a/roles/test/files/FWO.Test/ExportTest.cs
+++ b/roles/test/files/FWO.Test/ExportTest.cs
@@ -96,7 +96,7 @@ public void RulesGenerateHtml()
             "<tr><td>1</td><td>TestUser1</td><td><a name=user1>TestUser1</a></td><td></td><td></td><td></td></tr>" +
             "<tr><td>2</td><td>TestUser2</td><td><a name=user2>TestUser2</a></td><td></td><td></td><td></td></tr>" +
             "</table></body></html>";
-            Assert.AreEqual(expectedHtmlResult, removeLinebreaks((removeGenDate(reportRules.ExportToHtml(), true))));
+            Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRules.ExportToHtml(), true)));
         }
 
         [Test]
@@ -132,7 +132,7 @@ public void ResolvedRulesGenerateHtml()
             "<td>not<br>TestService2 (6666-7777/UDP)</td>" +
             "<td>deny</td><td>none</td><td><b>Y</b></td><td>uid2:123</td><td>comment2</td></tr></table>" +
             "</body></html>";
-            Assert.AreEqual(expectedHtmlResult, removeLinebreaks((removeGenDate(reportRules.ExportToHtml(), true))));
+            Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRules.ExportToHtml(), true)));
         }
 
         [Test]
@@ -168,7 +168,7 @@ public void ResolvedRulesTechGenerateHtml()
             "<td>not<br>6666-7777/UDP</td>" +
             "<td>deny</td><td>none</td><td><b>Y</b></td><td>uid2:123</td><td>comment2</td></tr></table>" +
             "</body></html>";
-            Assert.AreEqual(expectedHtmlResult, removeLinebreaks((removeGenDate(reportRules.ExportToHtml(), true))));
+            Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRules.ExportToHtml(), true)));
         }
 
         [Test]
@@ -219,7 +219,7 @@ public void UnusedRulesGenerateHtml()
             "<tr><td>1</td><td>TestUser1</td><td><a name=user1>TestUser1</a></td><td></td><td></td><td></td></tr>" +
             "<tr><td>2</td><td>TestUser2</td><td><a name=user2>TestUser2</a></td><td></td><td></td><td></td></tr>" +
             "</table></body></html>";
-            Assert.AreEqual(expectedHtmlResult, removeLinebreaks((removeGenDate(reportRules.ExportToHtml(), true))));
+            Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRules.ExportToHtml(), true)));
         }
 
         [Test]
@@ -287,7 +287,7 @@ public void RecertReportGenerateHtml()
             "<tr><td>1</td><td>TestUser1</td><td><a name=user1>TestUser1</a></td><td></td><td></td><td></td></tr>" +
             "<tr><td>2</td><td>TestUser2</td><td><a name=user2>TestUser2</a></td><td></td><td></td><td></td></tr>" +
             "</table></body></html>";
-            Assert.AreEqual(expectedHtmlResult, removeLinebreaks((removeGenDate(reportRecerts.ExportToHtml(), true))));
+            Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRecerts.ExportToHtml(), true)));
         }
 
         [Test]
@@ -337,7 +337,7 @@ public void NatRulesGenerateHtml()
             "<h4>Users</h4><hr><table><tr><th>No.</th><th>Name</th><th>Type</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
             "<tr><td>1</td><td>TestUser2</td><td><a name=user2>TestUser2</a></td><td></td><td></td><td></td></tr>" +
             "</table></table></body></html>";
-            Assert.AreEqual(expectedHtmlResult, removeLinebreaks((removeGenDate(reportNatRules.ExportToHtml(), true))));
+            Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportNatRules.ExportToHtml(), true)));
         }
 
         [Test]
@@ -403,7 +403,7 @@ public void ChangesGenerateHtml()
             "<td><p style=\"color: red; text-decoration: line-through red;\">uid2:123</p></td>" +
             "<td><p style=\"color: red; text-decoration: line-through red;\">comment2</p></td></tr></table>" +
             "</body></html>";
-            Assert.AreEqual(expectedHtmlResult, removeLinebreaks((removeGenDate(reportChanges.ExportToHtml(), true))));
+            Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportChanges.ExportToHtml(), true)));
         }
 
         [Test]
@@ -465,7 +465,7 @@ public void ResolvedChangesGenerateHtml()
             "<td><p style=\"color: red; text-decoration: line-through red;\">uid2:123</p></td>" +
             "<td><p style=\"color: red; text-decoration: line-through red;\">comment2</p></td></tr></table>" +
             "</body></html>";
-            Assert.AreEqual(expectedHtmlResult, removeLinebreaks((removeGenDate(reportChanges.ExportToHtml(), true))));
+            Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportChanges.ExportToHtml(), true)));
         }
 
         [Test]
@@ -528,9 +528,30 @@ public void ResolvedChangesTechGenerateHtml()
             "<td><p style=\"color: red; text-decoration: line-through red;\">uid2:123</p></td>" +
             "<td><p style=\"color: red; text-decoration: line-through red;\">comment2</p></td></tr></table>" +
             "</body></html>";
-            Assert.AreEqual(expectedHtmlResult, removeLinebreaks((removeGenDate(reportChanges.ExportToHtml(), true))));
+            Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportChanges.ExportToHtml(), true)));
         }
 
+        [Test]
+        public void ConnectionsGenerateHtml()
+        {
+            Log.WriteInfo("Test Log", "starting connection report html generation");
+            ReportConnections reportConnections = new (query, userConfig, ReportType.Connections)
+            {
+                ReportData = ConstructConnectionReport(false)
+            };
+
+            string expectedHtmlResult = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"/><title>Connections Report</title>" +
+            "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
+            "<body>" +
+            "<h2>Connections Report</h2>" +
+            "<p>Filter: TestFilter</p>" +
+            "<p>Generated on: Z (UTC)</p>" +
+            "<p>Owners: TestOwner</p><hr>" +
+            "<h3>TestOwner</h3>" +
+
+            "</body></html>";
+            Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportConnections.ExportToHtml(), true)));
+        }
 
         [Test]
         public void ResolvedRulesGenerateCsv()
@@ -684,7 +705,7 @@ public void RulesGenerateJson()
             "\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}},\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," +
             "\"Ignore\": false}]";
             // Log.WriteInfo("Test Log", removeLinebreaks((removeGenDate(reportRules.ExportToJson(), true, true))));
-            Assert.AreEqual(expectedJsonResult, removeLinebreaks((removeGenDate(reportRules.ExportToJson(), false, true))));
+            Assert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportRules.ExportToJson(), false, true)));
         }
 
         [Test]
@@ -709,7 +730,7 @@ public void ResolvedRulesGenerateJson()
             "\"source\": [\"TestUser1@TestIp1 (1.2.3.4/32)\",\"TestUser1@TestIp2 (127.0.0.1/32)\"],\"destination zone\": \"\",\"destination negated\": true," +
             "\"destination\": [\"TestUser2@TestIpRange (1.2.3.4-1.2.3.5)\"],\"service negated\": true," +
             "\"service\": [\"TestService2 (6666-7777/UDP)\"],\"action\": \"deny\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid2:123\",\"comment\": \"comment2\"}]}}]}}]}";
-            Assert.AreEqual(expectedJsonResult, removeLinebreaks((removeGenDate(reportRules.ExportToJson(), false, true))));
+            Assert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportRules.ExportToJson(), false, true)));
         }
 
        [Test]
@@ -735,7 +756,7 @@ public void ResolvedRulesTechGenerateJson()
             "\"source\": [\"TestUser1@1.2.3.4/32\",\"TestUser1@127.0.0.1/32\"],\"destination zone\": \"\"," +
             "\"destination negated\": true,\"destination\": [\"TestUser2@1.2.3.4-1.2.3.5\"],\"service negated\": true," +
             "\"service\": [\"6666-7777/UDP\"],\"action\": \"deny\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid2:123\",\"comment\": \"comment2\"}]}}]}}]}";
-            Assert.AreEqual(expectedJsonResult, removeLinebreaks((removeGenDate(reportRules.ExportToJson(), false, true))));
+            Assert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportRules.ExportToJson(), false, true)));
         }
 
         [Test]
@@ -829,7 +850,7 @@ public void ChangesGenerateJson()
             "\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": [],\"reportNetworkObjects\": [],\"reportServiceObjects\": [],\"reportUserObjects\": [],\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}}," +
             "\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," +
             "\"Ignore\": false}]";
-            Assert.AreEqual(expectedJsonResult, removeLinebreaks((removeGenDate(reportChanges.ExportToJson(), false, true))));
+            Assert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportChanges.ExportToJson(), false, true)));
         }
 
         [Test]
@@ -861,7 +882,7 @@ public void ResolvedChangesGenerateJson()
             "\"destination zone\": \"\",\"destination negated\": true,\"destination\": [\"TestUser2@TestIpRange (1.2.3.4-1.2.3.5)\"]," +
             "\"service negated\": true,\"service\": [\"TestService2 (6666-7777/UDP)\"],\"action\": \"deny\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid2:123\",\"comment\": \"comment2\"}]}}]}}]}";
             // Log.WriteInfo("Test Log", removeLinebreaks((removeGenDate(reportChanges.ExportToJson(), false, true))));
-            Assert.AreEqual(expectedJsonResult, removeLinebreaks((removeGenDate(reportChanges.ExportToJson(), false, true))));
+            Assert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportChanges.ExportToJson(), false, true)));
         }
 
         [Test]
@@ -892,7 +913,7 @@ public void ResolvedChangesTechGenerateJson()
             "\"source zone\": \"\",\"source negated\": true,\"source\": [\"TestUser1@1.2.3.4/32\",\"TestUser1@127.0.0.1/32\"]," +
             "\"destination zone\": \"\",\"destination negated\": true,\"destination\": [\"TestUser2@1.2.3.4-1.2.3.5\"]," +
             "\"service negated\": true,\"service\": [\"6666-7777/UDP\"],\"action\": \"deny\",\"tracking\": \"none\",\"disabled\": false,\"rule uid\": \"uid2:123\",\"comment\": \"comment2\"}]}}]}}]}";
-            Assert.AreEqual(expectedJsonResult, removeLinebreaks((removeGenDate(reportChanges.ExportToJson(), false, true))));
+            Assert.AreEqual(expectedJsonResult, removeLinebreaks(removeGenDate(reportChanges.ExportToJson(), false, true)));
         }
 
 
@@ -1004,18 +1025,18 @@ private ReportData ConstructRuleReport(bool resolved)
                 ManagementData = new List<ManagementReport>()
                 {
                     new ()
-                    { 
+                    {
                         Name = "TestMgt",
                         ReportObjects = new NetworkObject[]{ TestIp1, TestIp2, TestIpRange },
                         ReportServices = new NetworkService[]{ TestService1, TestService2 },
                         ReportUsers = new NetworkUser[]{ TestUser1, TestUser2 },
                         Devices = new DeviceReport[]
-                        { 
+                        {
                             new ()
-                            { 
+                            {
                                 Name = "TestDev",
                                 Rules = new Rule[]{ Rule1, Rule2 }
-                            } 
+                            }
                         }
                     }
                 }
@@ -1147,27 +1168,27 @@ private ReportData ConstructChangeReport(bool resolved)
             Rule2Changed.ServiceNegated = false;
             Rule2Changed.Disabled = true;
 
-            RuleChange ruleChange1 = new RuleChange()
+            RuleChange ruleChange1 = new ()
             {
                 ChangeAction = 'I',
                 ChangeImport = new ChangeImport(){ Time = new DateTime(2023,04,05,12,0,0) },
                 NewRule = Rule1
             };
-            RuleChange ruleChange2 = new RuleChange()
+            RuleChange ruleChange2 = new ()
             {
                 ChangeAction = 'C',
                 ChangeImport = new ChangeImport(){ Time = new DateTime(2023,04,05,12,0,0) },
                 OldRule = Rule1,
                 NewRule = Rule1Changed
             };
-            RuleChange ruleChange3 = new RuleChange()
+            RuleChange ruleChange3 = new ()
             {
                 ChangeAction = 'C',
                 ChangeImport = new ChangeImport(){ Time = new DateTime(2023,04,05,12,0,0) },
                 OldRule = Rule2,
                 NewRule = Rule2Changed
             };
-            RuleChange ruleChange4 = new RuleChange()
+            RuleChange ruleChange4 = new ()
             {
                 ChangeAction = 'D',
                 ChangeImport = new ChangeImport(){ Time = new DateTime(2023,04,05,12,0,0) },
@@ -1193,6 +1214,20 @@ private ReportData ConstructChangeReport(bool resolved)
             };
         }
 
+        private ReportData ConstructConnectionReport(bool resolved)
+        {
+            return new ReportData()
+            {
+                OwnerData = new List<OwnerReport>()
+                {
+                    new ()
+                    {
+                        Name = "TestOwner",
+                    }
+                }
+            };
+        }
+
         private string removeGenDate(string exportString, bool html = false, bool json = false)
         {
             string dateText = html ? "<p>Generated on: " : "report generation date" + (json ? "\"" : "") + ": " + (json ? "\"" : "");
diff --git a/roles/test/files/FWO.Test/SimulatedUserConfig.cs b/roles/test/files/FWO.Test/SimulatedUserConfig.cs
index c7264d728..23de82cb3 100644
--- a/roles/test/files/FWO.Test/SimulatedUserConfig.cs
+++ b/roles/test/files/FWO.Test/SimulatedUserConfig.cs
@@ -15,6 +15,7 @@ internal class SimulatedUserConfig : UserConfig
             {"Changes","Changes Report"},
             {"ResolvedChanges","Changes Report (resolved)"},
             {"ResolvedChangesTech","Changes Report (technical)"},
+            {"Connections","Connections Report"},
             {"date_of_config","Time of configuration"},
             {"generated_on","Generated on"},
             {"negated","not"},
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
index acf911f64..ced903a9c 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
@@ -147,7 +147,7 @@
         IpProtocol? esp = ListIn.Find(x => x.Name.ToLower() == "esp");
         if(esp != null)
         {
-            ListOut.Add(new NetworkProtocol(esp){ Name = esp.Name + "/IPsec(vpn)" });
+            ListOut.Add(new NetworkProtocol(esp));
             ListIn.Remove(esp);
         }
         if(!userConfig.ReducedProtocolSet)
diff --git a/roles/ui/files/FWO.UI/Shared/Dropdown.razor b/roles/ui/files/FWO.UI/Shared/Dropdown.razor
index 5a34431ae..59aaa00a1 100644
--- a/roles/ui/files/FWO.UI/Shared/Dropdown.razor
+++ b/roles/ui/files/FWO.UI/Shared/Dropdown.razor
@@ -8,7 +8,7 @@
 
 <div id="@($"dropdown-{Id}")" class="input-group @(Small ? "input-group-sm" : "")">
 	<label id="@($"dropdown-input-prepend-{Id}")" class="input-group-text d-flex justify-content-center" style="width: 40px;" for="@($"dropdown-input-{Id}")">
-		<span id="@($"dropdown-input-prepend-icon-{Id}")" class="@Icons.Search"></span>
+		<span id="@($"dropdown-input-prepend-icon-{Id}")" class="@Icons.CollapseDown"></span>
 	</label>
 	<input type="text" id="@($"dropdown-input-{Id}")" class="@InputClass form-control" style="@($"width: calc(100% - {40 + AppendWidth}px);")" @onclick="ShowMenu" @onfocus="ClearFilter" @oninput="Filter" @bind="searchValue" />
 	@if (Append != null)
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index ab2c54caa..cda19bdcb 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -338,13 +338,13 @@
         switch (objCategory)
         {
             case ObjCategory.nobj:
-                idPref += "nwobj";
+                idPref += ObjCatString.NwObj;
                 break;
             case ObjCategory.nsrv:
-                idPref += "svc";
+                idPref += ObjCatString.Svc;
                 break;
             case ObjCategory.user:
-                idPref += "user";
+                idPref += ObjCatString.User;
                 break;
         }
 

From 0d7c98115336857ad48a2c55bcfdc7f4690b6bcb Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 12 Mar 2024 20:02:50 +0100
Subject: [PATCH 36/84] fixes, test + doku

---
 .../files/sql/idempotent/fworch-texts.sql     |  46 +++--
 .../lib/files/FWO.Report/Data/OwnerReport.cs  |  36 +++-
 roles/lib/files/FWO.Report/ReportBase.cs      |   4 +-
 .../lib/files/FWO.Report/ReportConnections.cs |  41 +++-
 roles/lib/files/FWO.Report/ReportNatRules.cs  |  12 +-
 roles/lib/files/FWO.Report/ReportRules.cs     |  12 +-
 roles/test/files/FWO.Test/ExportTest.cs       | 193 +++++++++++++-----
 .../files/FWO.Test/SimulatedUserConfig.cs     |  14 +-
 .../Help/HelpReportingLeftSidebar.cshtml      |   1 +
 .../ui/files/FWO.UI/Shared/ObjectGroup.razor  |   6 +-
 10 files changed, 266 insertions(+), 99 deletions(-)

diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index 7c9ca53ce..18511ab4c 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -650,6 +650,10 @@ INSERT INTO txt VALUES ('delete_unused_rule',	'German', 	'Unbenutzte Regel l&oum
 INSERT INTO txt VALUES ('delete_unused_rule',   'English', 	'Delete unused rule');
 INSERT INTO txt VALUES ('delete_unused_rules',	'German', 	'Unbenutzte Regeln l&ouml;schen');
 INSERT INTO txt VALUES ('delete_unused_rules',  'English', 	'Delete unused rules');
+INSERT INTO txt VALUES ('network',              'German', 	'Netzwerk');
+INSERT INTO txt VALUES ('network',              'English', 	'network');
+INSERT INTO txt VALUES ('ip_range',             'German', 	'Ip-Bereich');
+INSERT INTO txt VALUES ('ip_range',             'English', 	'Ip Range');
 
 -- schedule
 INSERT INTO txt VALUES ('schedule', 			'German',	'Terminplan');
@@ -2656,10 +2660,11 @@ INSERT INTO txt VALUES ('H1101', 'German',  '<li> Alle Filter sind schreibungsun
     <li> Alle Filterausdr&uuml;cke m&uuml;ssen logisch mit den Operatoren: and, or, not miteinander kombiniert werden.</li>
     <li> Klammern k&ouml;nnen genutzt werden, um die Filterausdr&uuml;cke zu strukturieren.</li>
     <li> Anf&uuml;hrungszeichen (") k&ouml;nnen optional f&uuml;r Wertdefinitionen genutzt werden. Wenn Leerzeichen im Wert vorkommen (z.B. f&uuml;r Datum/Zeit-Werte), m&uuml;ssen sie genutzt werden.</li>
-    <li> Ein Gateway muss ausgew&auml;hlt werden. Dies kann manuell oder &uuml;ber die linke Randleiste, von wo die Auswahl automatisch in den Filter integriert wird, erfolgen.</li>
+    <li> Muss ein Gateway ausgew&auml;hlt werden, kann dies manuell oder &uuml;ber die linke Randleiste, von wo die Auswahl automatisch in den Filter integriert wird, erfolgen.</li>
     <li> Zeitfilterung funktioniert zur Zeit nur f&uuml;r Zeitpunkte vor dem letzten Import, der einen Config Change gefunden hat. </li>
     <li> Regeln werden immer in voller Tiefe durchsucht, d.h. alle Gruppen in Quell-, Ziel- und Dienstfeldern werden aufgel&ouml;st.
         Zur Zeit gibt es noch keine M&ouml;glichkeit, nur auf der obersten Regelebene zu suchen.</li>
+    <li> Auch Verbindungen k&ouml;nnen mit den entsprechenden Schl&uuml;sselw&ouml;rtern f&uuml;r Quelle, Dienst und Ziel durchsucht werden.</li>
 ');
 INSERT INTO txt VALUES ('H1101', 'English', '<li> All filtering is case insensitive.</li>
     <li> There are multiple variants for most keywords, e.g. DestinationPort filters can be written as:
@@ -2667,10 +2672,11 @@ INSERT INTO txt VALUES ('H1101', 'English', '<li> All filtering is case insensit
     <li> All filter statements must be logically combined using either: and, or, not.</li>
     <li> Brackets can be used for structuring the filter statement.</li>
     <li> Quotation marks (") can be used optionally for the value definition. If there are white spaces in the value (e.g. for date/time values) the quotation marks have to be used.</li>
-    <li> A gateway has to be selected. This can be done manually or via the left sidebar, from where the selection is automatically integrated to the filter.</li>
+    <li> If a gateway has to be selected, this can be done manually or via the left sidebar, from where the selection is automatically integrated to the filter.</li>
     <li> Time filtering currently only works for points in time before the last import that found a config change. </li>
     <li> Rules are always deep-searched, meaning all groups in source, destination and service fields are resolved.
         There is currently no option to only search at the rule top-level.</li>
+    <li> Also connections can be filtered with the respective keywords for source, service and destination.</li>
 ');
 INSERT INTO txt VALUES ('H1102', 'German',  'Folgende Report-Typen stehen zur Auswahl:
 <ul>
@@ -2686,6 +2692,8 @@ INSERT INTO txt VALUES ('H1102', 'German',  'Folgende Report-Typen stehen zur Au
     <li>&Auml;nderungen (aufgel&ouml;st) - Anzeige von &Auml;nderungen in einem bestimmten Zeitraum, wobei s&auml;mtliche Gruppen in Quelle, Ziel und Dienst aufgel&ouml;st werden. Default-Report-Zeitraum: dieses Jahr</li>
     <li>&Auml;nderungen (technisch)- wie der aufgel&ouml;ste &Auml;nderungs-Report, nur dass Objektnamen nicht angezeigt werden. Default-Report-Zeitraum: dieses Jahr</li>
     <li>Statistik - Anzeige von Statistikdaten &uuml;ber Anzahl von Objekten und Regeln. Default-Report-Zeitpunkt: jetzt</li>
+    <li>Verbindungen - Anzeige aller in einer Applikation modellierten Verbindungen, Schnittstellen und eigener Common Services mit zus&auml;tzlicher Auflistung aller hierin verwendeter Netzwerk- und Serviceobjekte.
+        Hinzu kommt eine Liste aller globalen Common Services.</li>
 </ul>
 ');
 INSERT INTO txt VALUES ('H1102', 'English',  'Choose from the following report types:
@@ -2701,6 +2709,8 @@ INSERT INTO txt VALUES ('H1102', 'English',  'Choose from the following report t
     <li>Changes (resolved) - display all changes in a defined time interval but not showing any group structure but only resolved group content. Default report interval: this year</li>
     <li>Changes (technical) - display all changes in a defined time interval resolving groups and not showing object names. Default report interval: this year</li>
     <li>Statistics - display statistical data on the number of objects and rules. Default report time: now</li>
+    <li>Connections - display of all connections, interfaces and Common Services modelled in an application with additional lists of all network and service objects used here.
+        Additionally a list of all global Common Services is given.</li>
 </ul>
 ');
 INSERT INTO txt VALUES ('H1111', 'German',  '<li>gateway (gw, firewall, fw, device, dev): Zus&auml;tzlich zu der in der <a href="/help/reporting/leftside">Linken Randleiste</a> zu t&auml;tigenden Auswahl spezifischer Devices
@@ -2816,12 +2826,12 @@ INSERT INTO txt VALUES ('H1303', 'English', 'After clicking the "Export Report"
 INSERT INTO txt VALUES ('H1401', 'German',  'Im unteren Teil der Hauptseite werden die Ausgabedaten des generierten Reports dargestellt.
     Unerw&uuml;nschte Spalten k&ouml;nnen mit der jeweiligen "-" Schaltfl&auml;che ausgeblendet werden.
     Wenn dargestellt, k&ouml;nnen die Spalten auch zum Sortieren oder Filtern genutzt werden.<br>
-    Die zur Verf&uuml;gung stehenden Datenspalten sind:
+    Die in regelbasierten Reports zur Verf&uuml;gung stehenden Datenspalten sind:
 ');
 INSERT INTO txt VALUES ('H1401', 'English', 'In the lower part of the main page the output data of the generated report is displayed.
     Unwanted columns can be removed by clicking on the respective "-" button. 
     If diplayed the columns can be used for sorting or filtering.<br>
-    The available data columns are:
+    The available data columns in rule based reports are:
 ');
 INSERT INTO txt VALUES ('H1402', 'German',  '<li>Nummer</li><li>Name</li><li>Quellzone</li><li>Quelle</li><li>Zielzone</li>
     <li>Ziel</li><li>Dienste</li><li>Aktion</li><li>Logging</li><li>Aktiviert</li><li>UID</li><li>Kommentar</li>
@@ -2831,18 +2841,20 @@ INSERT INTO txt VALUES ('H1402', 'English', '<li>Number</li><li>Name</li><li>Sou
 ');
 INSERT INTO txt VALUES ('H1403', 'German',  'Zus&auml;tzlich werden in einzelnen Reporttypen weitere Spalten dargestellt:
     <ul>
-        <li>Changes report: &Auml;nderungszeit, &Auml;nderungstyp (Regelnummerierung entf&auml;llt daf&uuml;r)</li>
+        <li>Changes Report: &Auml;nderungszeit, &Auml;nderungstyp (Regelnummerierung entf&auml;llt daf&uuml;r)</li>
         <li>Unbenutzte-Regel-Report: Letzter Treffer</li>
         <li>NAT-Regel-Report: Umgesetzte Quelle, Umgesetztes Ziel, Umgesetzte Dienste</li>
         <li>Rezertifizierungs-Report: Datum n&auml;chste Rezertifizierung, Eigent&uuml;mer, IP-Adress-&Uuml;bereinstimmung, Letzter Treffer</li>
+        <li>Verbindungs-Report: Hier werden die Spalten Nummer, Name, Fachliche Begr&uuml;ndung, Quelle, Dienst und Ziel angeboten</li>
     </ul>
 ');
 INSERT INTO txt VALUES ('H1403', 'English', 'Additionally in the different Report Types further columns are displayed:
     <ul>
-        <li>Changes report: Change Time, Change Type (but no rule numbering)</li>
+        <li>Changes Report: Change Time, Change Type (but no rule numbering)</li>
         <li>Unused Rules Report: Last Hit</li>
         <li>NAT Rules Report: Translated Source, Translated Destination, Translated Services</li>
         <li>Recertification Report: Next Recertification Date, Owner, IP address match, Last Hit</li>
+        <li>Connections report: Here the columns Number, Name, Functional Reason, Source, Service and Destination are offered.</li>
     </ul>
 ');
 
@@ -2910,16 +2922,22 @@ INSERT INTO txt VALUES ('H1511', 'English', 'Only for Recertification Report: Re
     <li>Show any rules: If flag is set, rules with Ip 0.0.0.0 in source or destination are shown.
         When deselecting an excluding statement is added to the filter line.</li></ul>
 ');
-INSERT INTO txt VALUES ('H1601', 'German',  'Die rechte Randleiste hat drei Reiter: Unter "Alle" werden alle aktuell abgeholten Objekte dargestellt,
+INSERT INTO txt VALUES ('H1512', 'German',  'Nur beim Verbindungs-Report: Eigent&uuml;mer: Hier kann aus den dem Nutzer zur Modellierung zugeordneten Eigent&uuml;merschaften ausgew&auml;hlt werden. 
+');
+INSERT INTO txt VALUES ('H1512', 'English', 'Only for Connections Report: Owner: Select the modelling owner out of the ownerships related to the user.
+');
+INSERT INTO txt VALUES ('H1601', 'German',  'Die rechte Randleiste hat mehrere Reiter, die je nach Report eingeblendet werden: F&uuml;r regelbasierte Reports werden unter "Alle" s&auml;mtliche aktuell abgeholten Objekte dargestellt,
     w&auml;hrend unter "Report" nur die Objekte der im Report vorkommenden Regeln gezeigt werden.
     Im Reiter "Regel" sind dann nur die Objekte der in der Reportausgabe ausgew&auml;hlten Regeln dargestellt.<br>
     ("Alle"- und "Regel"-Reiter werden mit derselben Funktionalit&auml;t auch im Rezertifizierungsdialog angeboten).<br>
+    In eigent&uuml;merbasierten Reports erscheint der Reiter "Benutzte Objekte", in dem alle in den Verbindungen verwendeten Objekte aufgelistet werden.<br>
     Folgende Daten werden soweit verf&uuml;gbar dargestellt, gruppiert nach den ausgew&auml;hlten Devices:
 ');
-INSERT INTO txt VALUES ('H1601', 'English', 'There are three Tabs shown in the right sidebar: The "All" tab displays all currently fetched objects,
+INSERT INTO txt VALUES ('H1601', 'English', 'There are several tabs shown in the right sidebar, depending on the report type: In rule based reports the "All" tab displays all currently fetched objects,
     whereas in the "Report" tab only the objects of the rules of the report are shown.
     In the "Rule" tab only objects of rules selected in the report output are dispalyed.<br>
     ("All" and "Rule" tab are also offered in the Recertification dialogue with the same functionality).<br>
+    In owner based reports the Tab "Used Objects" is displayed, where all objects used in the connections are listed.<br>
     The following data are displayed if available, grouped by the selected devices:
 ');
 INSERT INTO txt VALUES ('H1602', 'German',  '<li>Netzwerkobjekte: Name, Typ, IP, Zone, ggf. Gruppenmitglieder, zuletzt ge&auml;ndert, Kommentar</li>
@@ -5466,23 +5484,27 @@ INSERT INTO txt VALUES ('H8717', 'English', '<H4>7) Activate Planning phase</H4>
 
 INSERT INTO txt VALUES ('H9001', 'German',  'Insbesondere in gr&ouml;sseren Netzwerken besteht der Bedarf, die vielf&auml;ltigen Verbindungen zwischen den Teilnehmern zu modellieren,
     um sie so einer weitergehenden Verwaltung zug&auml;nglich zu machen. Dieses Modul stellt die Hilfsmittel, bereits vorhandene <a href="/help/modelling/applications">Applikationen</a> von anderen Systemen zu importieren
-    und ihre Elemente nach vorgegebenen Kriterien zu verkn&uuml;pfen. Dadurch wird ein Kommunikationsprofil erzeugt, bestehend aus einem Satz von <a href="/help/modelling/connections">Verbindungen und Schnittstellen</a>.<br>
+    und ihre Elemente nach vorgegebenen Kriterien zu verkn&uuml;pfen. Dadurch wird ein Kommunikationsprofil erzeugt, bestehend aus einem Satz von <a href="/help/modelling/connections">Verbindungen und Schnittstellen</a>.<br><br>
     Zur Definition der Schnittstellen und Verbindungen wird auf der linken Seite eine Bibliothek bereitgestellt, in der zun&auml;chst die zur Applikation zugeordneten 
     (in der Regel aus Fremdsystemen <a href="/help/settings/modelling">importierten</a>) Host-Adressen (App-Server) angeboten werden. Diese k&ouml;nnen im ersten Schritt zu App-Rollen geb&uuml;ndelt werden (sh. <a href="/help/modelling/networkobjects">Netzwerkobjekte</a>).
     Die App-Rollen (und je nach <a href="/help/settings/modelling">Modellierungseinstellungen</a> auch die App-Server selbst) k&ouml;nnen dann als Quelle oder Ziel in die zu erstellende Verbindung &uuml;bertragen werden.
     Hinzu k&ouml;nnen noch weitere Objekte (z. B. Netzwerke) kommen, und es k&ouml;nnen (interne und externe) Schnittstellen eingebunden werden.<br>
     Desweiteren werden in der Bibliothek vordefinierte (vom Administrator eingestellte) <a href="/help/modelling/services">Dienste</a> angeboten. Diese k&ouml;nnen durch selbst definierte Dienste erg&auml;nzt, 
-    als Dienstgruppen geb&uuml;ndelt und dann in den zu definierenden Verbindungen verwendet werden.
+    als Dienstgruppen geb&uuml;ndelt und dann in den zu definierenden Verbindungen verwendet werden.<br><br>
+    F&uuml;r das erstellte Kommunikationsprofil kann per Knopfdruck automatisch ein Verbindungs-Report erstellt werden. Er wird dann in dem <a href="/help/reporting">Report-Modul</a> dargestellt. 
+    Dort stehen dann die vom Report-Modul bereitgestellten Funktionalit&auml;ten zur weiteren Eingrenzung mittels zus&auml;tzlicher Filter, Erzeugung von Vorlagen und Terminen, sowie der Archivierung zur Verf&uuml;gung.
 ');
 INSERT INTO txt VALUES ('H9001', 'English', 'Especially in greater networks there is the demand to model the connections between the participants,
     with the aim of further administration. This module provides tools to import already existing <a href="/help/modelling/applications">applications</a> from other systems
-    and to connect their elements by predefined criteria. By doing this a communication profile is created, composed by a set of <a href="/help/modelling/connections">connections and interfaces</a>.<br>
+    and to connect their elements by predefined criteria. By doing this a communication profile is created, composed by a set of <a href="/help/modelling/connections">connections and interfaces</a>.<br><br>
     To define interfaces and connections a library is provided on the left side, where at the beginning the host addresses (App Server) associated to the application 
     (which usually are <a href="/help/settings/modelling">imported</a> from external systems) are offered. They can in a first step be bundled to App Roles (see <a href="/help/modelling/networkobjects">Network Objects</a>).
     These App Roles (and depending on the <a href="/help/settings/modelling">Modelling Settings</a> also the App Servers themselves) can be used as source or destination in the connections to be created.
     Additionally further objects (e.g. networks) and (internal or external) interfaces can be integrated.<br>
     Furthermore the library offers predefined <a href="/help/modelling/services">Services</a> (inserted by the administrator). They can be complemented by self defined services, bundled as Service Groups,
-    and used in the connections.
+    and used in the connections.<br><br>
+    For the communication profile a Connections Report can be created automatically. It is displayed in the <a href="/help/reporting">Report module</a>.
+    Here the reporting functionalities for further filtering, creation of templates and schedules, as well as archiving can be used.
 ');
 INSERT INTO txt VALUES ('H9011', 'German',  'Eine Applikation ist aus Sicht des Firewall Orchestrators ein Beh&auml;lter, in dem aus zugeordneten Host-Adressen ein Kommunikationsprofil erstellt wird.
     Sie wird in der Regel extern aus den Anforderungen und Gegebenheiten der jeweiligen Unternehmung definiert und kann &uuml;ber eine Importschnittstelle in den Firewall Orchestrator importiert
diff --git a/roles/lib/files/FWO.Report/Data/OwnerReport.cs b/roles/lib/files/FWO.Report/Data/OwnerReport.cs
index 201f244cf..41bd4c8c6 100644
--- a/roles/lib/files/FWO.Report/Data/OwnerReport.cs
+++ b/roles/lib/files/FWO.Report/Data/OwnerReport.cs
@@ -19,7 +19,12 @@ public OwnerReport()
         public OwnerReport(OwnerReport report)
         {
             Name = report.Name;
-            Connections = new (report.Connections);
+            Connections = report.Connections;
+            RegularConnections = report.RegularConnections;
+            Interfaces = report.Interfaces;
+            CommonServices = report.CommonServices;
+            AllObjects = report.AllObjects;
+            AllServices = report.AllServices;
         }
 
         public static void AssignConnectionNumbers(List<ModellingConnection> connections)
@@ -96,7 +101,30 @@ public List<NetworkService> GetAllServices()
             return allServices;
         }
 
-        public List<string> GetSrcNames(ModellingConnection conn)
+        public static List<string> GetSrcNames(ModellingConnection conn)
+        {
+            List<string> names = ModellingNwGroupWrapper.Resolve(conn.SourceNwGroups).ToList().ConvertAll(s => s.DisplayHtml());
+            names.AddRange(ModellingAppRoleWrapper.Resolve(conn.SourceAppRoles).ToList().ConvertAll(s => s.DisplayHtml()));
+            names.AddRange(ModellingAppServerWrapper.Resolve(conn.SourceAppServers).ToList().ConvertAll(s => s.DisplayHtml()));
+            return names;
+        }
+
+        public static List<string> GetDstNames(ModellingConnection conn)
+        {
+            List<string> names = ModellingNwGroupWrapper.Resolve(conn.DestinationNwGroups).ToList().ConvertAll(s => s.DisplayHtml());
+            names.AddRange(ModellingAppRoleWrapper.Resolve(conn.DestinationAppRoles).ToList().ConvertAll(s => s.DisplayHtml()));
+            names.AddRange(ModellingAppServerWrapper.Resolve(conn.DestinationAppServers).ToList().ConvertAll(s => s.DisplayHtml()));
+            return names;
+        }
+
+        public static List<string> GetSvcNames(ModellingConnection conn)
+        {
+            List<string> names = ModellingServiceGroupWrapper.Resolve(conn.ServiceGroups).ToList().ConvertAll(s => s.DisplayHtml());
+            names.AddRange(ModellingServiceWrapper.Resolve(conn.Services).ToList().ConvertAll(s => s.DisplayHtml()));
+            return names;
+        }
+
+        public List<string> GetLinkedSrcNames(ModellingConnection conn)
         {
             List<string> names = ModellingNwGroupWrapper.Resolve(conn.SourceNwGroups).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s)));
             names.AddRange(ModellingAppRoleWrapper.Resolve(conn.SourceAppRoles).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s))));
@@ -104,7 +132,7 @@ public List<string> GetSrcNames(ModellingConnection conn)
             return names;
         }
         
-        public List<string> GetDstNames(ModellingConnection conn)
+        public List<string> GetLinkedDstNames(ModellingConnection conn)
         {
             List<string> names = ModellingNwGroupWrapper.Resolve(conn.DestinationNwGroups).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s)));
             names.AddRange(ModellingAppRoleWrapper.Resolve(conn.DestinationAppRoles).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.NwObj, ResolveObjNumber(s))));
@@ -112,7 +140,7 @@ public List<string> GetDstNames(ModellingConnection conn)
             return names;
         }
 
-        public List<string> GetSvcNames(ModellingConnection conn)
+        public List<string> GetLinkedSvcNames(ModellingConnection conn)
         {
             List<string> names = ModellingServiceGroupWrapper.Resolve(conn.ServiceGroups).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.Svc, ResolveSvcNumber(s)));
             names.AddRange(ModellingServiceWrapper.Resolve(conn.Services).ToList().ConvertAll(s => ConstructOutput(s, ObjCatString.Svc, ResolveSvcNumber(s))));
diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index ef743410b..8ed6f01a8 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -71,10 +71,10 @@ public abstract class ReportBase
     </head>
     <body>
         <h2>##Title##</h2>
-        <p>Filter: ##Filter##</p>
         <p>##Date-of-Config##: ##GeneratedFor## (UTC)</p>
         <p>##GeneratedOn##: ##Date## (UTC)</p>
         <p>##OtherFilters##</p>
+        <p>##Filter##</p>
         <hr>
         ##Body##
     </body>
@@ -153,7 +153,7 @@ protected string GenerateHtmlFrame(string title, string filter, DateTime date, S
             if (string.IsNullOrEmpty(htmlExport))
             {
                 HtmlTemplate = HtmlTemplate.Replace("##Title##", title);
-                HtmlTemplate = HtmlTemplate.Replace("##Filter##", filter);
+                HtmlTemplate = HtmlTemplate.Replace("##Filter##", userConfig.GetText("filter") + ": " + filter);
                 HtmlTemplate = HtmlTemplate.Replace("##GeneratedOn##", userConfig.GetText("generated_on"));
                 HtmlTemplate = HtmlTemplate.Replace("##Date##", date.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssK"));
                 if(ReportType.IsChangeReport())
diff --git a/roles/lib/files/FWO.Report/ReportConnections.cs b/roles/lib/files/FWO.Report/ReportConnections.cs
index a8c49099f..8122f897c 100644
--- a/roles/lib/files/FWO.Report/ReportConnections.cs
+++ b/roles/lib/files/FWO.Report/ReportConnections.cs
@@ -65,41 +65,64 @@ public override string ExportToHtml()
                 }
                 if(ownerReport.CommonServices.Count > 0)
                 {
-                    report.AppendLine($"<h4>{userConfig.GetText("common_services")}</h4>");
+                    report.AppendLine($"<h4>{userConfig.GetText("own_common_services")}</h4>");
                     AppendConnectionsGroupHtml(ownerReport.CommonServices, ownerReport, ref report);
                 }
 
                 AppendNetworkObjectsHtml(ownerReport.AllObjects, ref report);
                 AppendNetworkServicesHtml(ownerReport.AllServices, ref report);
             }
+            if(ReportData.GlobalComSvc.Count > 0)
+            {
+                report.AppendLine($"<h3>{userConfig.GetText("global_common_services")}</h3>");
+                AppendConnectionsGroupHtml(ReportData.GlobalComSvc, null, ref report);
+            }
             return GenerateHtmlFrame(userConfig.GetText(ReportType.ToString()), Query.RawFilter, DateTime.Now, report);
         }
 
-        private void AppendConnectionsGroupHtml(List<ModellingConnection> connections, OwnerReport ownerReport, ref StringBuilder report)
+        private void AppendConnectionsGroupHtml(List<ModellingConnection> connections, OwnerReport? ownerReport, ref StringBuilder report)
         {
             OwnerReport.AssignConnectionNumbers(connections);
+            bool IsGlobalComSvc = ownerReport == null;
             report.AppendLine("<table>");
-            AppendConnectionHeadlineHtml(ref report);
+            AppendConnectionHeadlineHtml(ref report, IsGlobalComSvc);
             foreach (var connection in connections)
             {
                 report.AppendLine("<tr>");
                 report.AppendLine($"<td>{connection.OrderNumber}</td>");
                 report.AppendLine($"<td>{connection.Id}</td>");
+                if(IsGlobalComSvc)
+                {
+                    report.AppendLine($"<td>{connection.App.Name}</td>");
+                }
                 report.AppendLine($"<td>{connection.Name}</td>");
                 report.AppendLine($"<td>{connection.Reason}</td>");
-                report.AppendLine($"<td>{String.Join("<br>", ownerReport.GetSrcNames(connection))}</td>");
-                report.AppendLine($"<td>{String.Join("<br>", ownerReport.GetSvcNames(connection))}</td>");
-                report.AppendLine($"<td>{String.Join("<br>", ownerReport.GetDstNames(connection))}</td>");
+                if(IsGlobalComSvc)
+                {
+                    report.AppendLine($"<td>{String.Join("<br>", OwnerReport.GetSrcNames(connection))}</td>");
+                    report.AppendLine($"<td>{String.Join("<br>", OwnerReport.GetSvcNames(connection))}</td>");
+                    report.AppendLine($"<td>{String.Join("<br>", OwnerReport.GetDstNames(connection))}</td>");
+                }
+                else
+                {
+                    report.AppendLine($"<td>{String.Join("<br>", ownerReport.GetLinkedSrcNames(connection))}</td>");
+                    report.AppendLine($"<td>{String.Join("<br>", ownerReport.GetLinkedSvcNames(connection))}</td>");
+                    report.AppendLine($"<td>{String.Join("<br>", ownerReport.GetLinkedDstNames(connection))}</td>");
+                }
             }
             report.AppendLine("</table>");
             report.AppendLine("<hr>");
         }
 
-        private void AppendConnectionHeadlineHtml(ref StringBuilder report)
+        private void AppendConnectionHeadlineHtml(ref StringBuilder report, bool showOwnerName)
         {
             report.AppendLine("<tr>");
             report.AppendLine($"<th>{userConfig.GetText("number")}</th>");
             report.AppendLine($"<th>{userConfig.GetText("id")}</th>");
+            if(showOwnerName)
+            {
+                report.AppendLine($"<th>{userConfig.GetText("owner")}</th>");
+            }
             report.AppendLine($"<th>{userConfig.GetText("name")}</th>");
             report.AppendLine($"<th>{userConfig.GetText("func_reason")}</th>");
             report.AppendLine($"<th>{userConfig.GetText("source")}</th>");
@@ -118,7 +141,7 @@ private void AppendNetworkObjectsHtml(List<NetworkObject> networkObjects, ref St
                 report.AppendLine("<tr>");
                 report.AppendLine($"<td>{nwObj.Number}</td>");
                 report.AppendLine($"<td>{nwObj.Id}</td>");
-                report.AppendLine($"<td>{nwObj.Name}</td>");
+                report.AppendLine($"<td><a name={ObjCatString.NwObj}{nwObj.Number}>{nwObj.Name}</a></td>");
                 report.AppendLine($"<td>{nwObj.IP}</td>");
             }
             report.AppendLine("</table>");
@@ -145,7 +168,7 @@ private void AppendNetworkServicesHtml(List<NetworkService> networkServices, ref
                 report.AppendLine("<tr>");
                 report.AppendLine($"<td>{svc.Number}</td>");
                 report.AppendLine($"<td>{svc.Id}</td>");
-                report.AppendLine($"<td>{svc.Name}</td>");
+                report.AppendLine($"<td><a name={ObjCatString.Svc}{svc.Number}>{svc.Name}</a></td>");
                 report.AppendLine($"<td>{svc.Protocol.Name}</td>");
                 report.AppendLine($"<td>{svc.DestinationPort}</td>");
             }
diff --git a/roles/lib/files/FWO.Report/ReportNatRules.cs b/roles/lib/files/FWO.Report/ReportNatRules.cs
index 0e5fadc1b..1c07faa86 100644
--- a/roles/lib/files/FWO.Report/ReportNatRules.cs
+++ b/roles/lib/files/FWO.Report/ReportNatRules.cs
@@ -99,8 +99,8 @@ public override string ExportToHtml()
                     {
                         report.AppendLine("<tr>");
                         report.AppendLine($"<td>{objNumber++}</td>");
-                        report.AppendLine($"<td><a name=nwobj{nwobj.Id}>{nwobj.Name}</a></td>");
-                        report.AppendLine($"<td>{nwobj.Type.Name}</td>");
+                        report.AppendLine($"<td><a name={ObjCatString.NwObj}{nwobj.Id}>{nwobj.Name}</a></td>");
+                        report.AppendLine($"<td>{(nwobj.Type.Name != "" ? userConfig.GetText(nwobj.Type.Name) : "")}</td>");
                         report.AppendLine($"<td>{NwObjDisplay.DisplayIp(nwobj.IP, nwobj.IpEnd, nwobj.Type.Name)}</td>");
                         if (nwobj.MemberNames != null && nwobj.MemberNames.Contains("|"))
                             report.AppendLine($"<td>{string.Join("<br>", nwobj.MemberNames.Split('|'))}</td>");
@@ -133,8 +133,8 @@ public override string ExportToHtml()
                     {
                         report.AppendLine("<tr>");
                         report.AppendLine($"<td>{objNumber++}</td>");
-                        report.AppendLine($"<td>{svcobj.Name}</td>");
-                        report.AppendLine($"<td><a name=svc{svcobj.Id}>{svcobj.Name}</a></td>");
+                        report.AppendLine($"<td><a name={ObjCatString.Svc}{svcobj.Id}>{svcobj.Name}</a></td>");
+                        report.AppendLine($"<td>{(svcobj.Type.Name != "" ? userConfig.GetText(svcobj.Type.Name) : "")}</td>");
                         report.AppendLine($"<td>{((svcobj.Type.Name!=ObjectType.Group && svcobj.Protocol!=null)?svcobj.Protocol.Name:"")}</td>");
                         if (svcobj.DestinationPortEnd != null && svcobj.DestinationPortEnd != svcobj.DestinationPort)
                             report.AppendLine($"<td>{svcobj.DestinationPort}-{svcobj.DestinationPortEnd}</td>");
@@ -169,8 +169,8 @@ public override string ExportToHtml()
                     {
                         report.AppendLine("<tr>");
                         report.AppendLine($"<td>{objNumber++}</td>");
-                        report.AppendLine($"<td>{userobj.Name}</td>");
-                        report.AppendLine($"<td><a name=user{userobj.Id}>{userobj.Name}</a></td>");
+                        report.AppendLine($"<td><a name={ObjCatString.User}{userobj.Id}>{userobj.Name}</a></td>");
+                        report.AppendLine($"<td>{(userobj.Type.Name != "" ? userConfig.GetText(userobj.Type.Name) : "")}</td>");
                         if (userobj.MemberNames != null && userobj.MemberNames.Contains("|"))
                             report.AppendLine($"<td>{string.Join("<br>", userobj.MemberNames.Split('|'))}</td>");
                         else
diff --git a/roles/lib/files/FWO.Report/ReportRules.cs b/roles/lib/files/FWO.Report/ReportRules.cs
index c9d30baaf..3d6d35b67 100644
--- a/roles/lib/files/FWO.Report/ReportRules.cs
+++ b/roles/lib/files/FWO.Report/ReportRules.cs
@@ -457,8 +457,8 @@ private void appendNetworkObjectsForManagementHtml(ref StringBuilder report, ref
                 {
                     report.AppendLine("<tr>");
                     report.AppendLine($"<td>{objNumber++}</td>");
-                    report.AppendLine($"<td><a name=nwobj{nwobj.Id}>{nwobj.Name}</a></td>");
-                    report.AppendLine($"<td>{nwobj.Type.Name}</td>");
+                    report.AppendLine($"<td><a name={ObjCatString.NwObj}{nwobj.Id}>{nwobj.Name}</a></td>");
+                    report.AppendLine($"<td>{(nwobj.Type.Name != "" ? userConfig.GetText(nwobj.Type.Name) : "")}</td>");
                     report.AppendLine($"<td>{NwObjDisplay.DisplayIp(nwobj.IP, nwobj.IpEnd, nwobj.Type.Name)}</td>");
                     if (nwobj.MemberNames != null && nwobj.MemberNames.Contains('|'))
                         report.AppendLine($"<td>{string.Join("<br>", nwobj.MemberNames.Split('|'))}</td>");
@@ -494,8 +494,8 @@ private void appendNetworkServicesForManagementHtml(ref StringBuilder report, re
                 {
                     report.AppendLine("<tr>");
                     report.AppendLine($"<td>{objNumber++}</td>");
-                    report.AppendLine($"<td>{svcobj.Name}</td>");
-                    report.AppendLine($"<td><a name=svc{svcobj.Id}>{svcobj.Name}</a></td>");
+                    report.AppendLine($"<td><a name={ObjCatString.Svc}{svcobj.Id}>{svcobj.Name}</a></td>");
+                    report.AppendLine($"<td>{(svcobj.Type.Name != "" ? userConfig.GetText(svcobj.Type.Name) : "")}</td>");
                     report.AppendLine($"<td>{((svcobj.Type.Name!=ObjectType.Group && svcobj.Protocol != null) ? svcobj.Protocol.Name : "")}</td>");
                     if (svcobj.DestinationPortEnd != null && svcobj.DestinationPortEnd != svcobj.DestinationPort)
                         report.AppendLine($"<td>{svcobj.DestinationPort}-{svcobj.DestinationPortEnd}</td>");
@@ -533,8 +533,8 @@ private void appendUsersForManagementHtml(ref StringBuilder report, ref int objN
                 {
                     report.AppendLine("<tr>");
                     report.AppendLine($"<td>{objNumber++}</td>");
-                    report.AppendLine($"<td>{userobj.Name}</td>");
-                    report.AppendLine($"<td><a name=user{userobj.Id}>{userobj.Name}</a></td>");
+                    report.AppendLine($"<td><a name={ObjCatString.User}{userobj.Id}>{userobj.Name}</a></td>");
+                    report.AppendLine($"<td>{(userobj.Type.Name != "" ? userConfig.GetText(userobj.Type.Name) : "")}</td>");
                     if (userobj.MemberNames != null && userobj.MemberNames.Contains("|"))
                         report.AppendLine($"<td>{string.Join("<br>", userobj.MemberNames.Split('|'))}</td>");
                     else
diff --git a/roles/test/files/FWO.Test/ExportTest.cs b/roles/test/files/FWO.Test/ExportTest.cs
index fab23d6ed..9328e73cc 100644
--- a/roles/test/files/FWO.Test/ExportTest.cs
+++ b/roles/test/files/FWO.Test/ExportTest.cs
@@ -61,10 +61,10 @@ public void RulesGenerateHtml()
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
             "<body>" +
             "<h2>Rules Report</h2>" +
-            "<p>Filter: TestFilter</p>" +
             "<p>Time of configuration: 2023-04-20T15:50:04Z (UTC)</p>" +
             "<p>Generated on: Z (UTC)</p>" +
-            "<p>Devices: TestMgt [TestDev]</p><hr>" +
+            "<p>Devices: TestMgt [TestDev]</p>" +
+            "<p>Filter: TestFilter</p><hr>" +
             "<h3>TestMgt</h3><hr>" +
             "<h4>TestDev</h4><hr>" +
             "<table><tr><th>No.</th><th>Name</th><th>Source Zone</th><th>Source</th><th>Destination Zone</th><th>Destination</th><th>Services</th><th>Action</th><th>Track</th><th>Enabled</th><th>Uid</th><th>Comment</th></tr>" +
@@ -82,19 +82,19 @@ public void RulesGenerateHtml()
             "<td>deny</td><td>none</td><td><b>Y</b></td><td>uid2:123</td><td>comment2</td></tr></table>" +
             "<h4>Network Objects</h4><hr>" +
             "<table><tr><th>No.</th><th>Name</th><th>Type</th><th>IP Address</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td><a name=nwobj1>TestIp1</a></td><td>network</td><td>1.2.3.4/32</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>2</td><td><a name=nwobj2>TestIp2</a></td><td>network</td><td>127.0.0.1/32</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>3</td><td><a name=nwobj3>TestIpRange</a></td><td>ip_range</td><td>1.2.3.4-1.2.3.5</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=nwobj1>TestIp1</a></td><td>Network</td><td>1.2.3.4/32</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>2</td><td><a name=nwobj2>TestIp2</a></td><td>Network</td><td>127.0.0.1/32</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>3</td><td><a name=nwobj3>TestIpRange</a></td><td>IP Range</td><td>1.2.3.4-1.2.3.5</td><td></td><td></td><td></td></tr>" +
             "</table>" +
             "<h4>Network Services</h4><hr>" +
             "<table><tr><th>No.</th><th>Name</th><th>Type</th><th>Protocol</th><th>Port</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td>TestService1</td><td><a name=svc1>TestService1</a></td><td>TCP</td><td>443</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>2</td><td>TestService2</td><td><a name=svc2>TestService2</a></td><td>UDP</td><td>6666-7777</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=svc1>TestService1</a></td><td></td><td>TCP</td><td>443</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>2</td><td><a name=svc2>TestService2</a></td><td></td><td>UDP</td><td>6666-7777</td><td></td><td></td><td></td></tr>" +
             "</table>" +
             "<h4>Users</h4><hr>" +
             "<table><tr><th>No.</th><th>Name</th><th>Type</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td>TestUser1</td><td><a name=user1>TestUser1</a></td><td></td><td></td><td></td></tr>" +
-            "<tr><td>2</td><td>TestUser2</td><td><a name=user2>TestUser2</a></td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=user1>TestUser1</a></td><td></td><td></td><td></td><td></td></tr>" +
+            "<tr><td>2</td><td><a name=user2>TestUser2</a></td><td>Group</td><td></td><td></td><td></td></tr>" +
             "</table></body></html>";
             Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRules.ExportToHtml(), true)));
         }
@@ -112,10 +112,10 @@ public void ResolvedRulesGenerateHtml()
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
             "<body>" +
             "<h2>Rules Report (resolved)</h2>" +
-            "<p>Filter: TestFilter</p>" +
             "<p>Time of configuration: 2023-04-20T15:50:04Z (UTC)</p>" +
             "<p>Generated on: Z (UTC)</p>" +
-            "<p>Devices: TestMgt [TestDev]</p><hr>" +
+            "<p>Devices: TestMgt [TestDev]</p>" +
+            "<p>Filter: TestFilter</p><hr>" +
             "<h3>TestMgt</h3><hr>" +
             "<h4>TestDev</h4><hr>" +
             "<table><tr><th>No.</th><th>Name</th><th>Source Zone</th><th>Source</th><th>Destination Zone</th><th>Destination</th><th>Services</th><th>Action</th><th>Track</th><th>Enabled</th><th>Uid</th><th>Comment</th></tr>" +
@@ -148,10 +148,10 @@ public void ResolvedRulesTechGenerateHtml()
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
             "<body>" +
             "<h2>Rules Report (technical)</h2>" +
-            "<p>Filter: TestFilter</p>" +
             "<p>Time of configuration: 2023-04-20T15:50:04Z (UTC)</p>" +
             "<p>Generated on: Z (UTC)</p>" +
-            "<p>Devices: TestMgt [TestDev]</p><hr>" +
+            "<p>Devices: TestMgt [TestDev]</p>" +
+            "<p>Filter: TestFilter</p><hr>" +
             "<h3>TestMgt</h3><hr>" +
             "<h4>TestDev</h4><hr>" +
             "<table><tr><th>No.</th><th>Name</th><th>Source Zone</th><th>Source</th><th>Destination Zone</th><th>Destination</th><th>Services</th><th>Action</th><th>Track</th><th>Enabled</th><th>Uid</th><th>Comment</th></tr>" +
@@ -184,10 +184,10 @@ public void UnusedRulesGenerateHtml()
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
             "<body>" +
             "<h2>Unused Rules Report</h2>" +
-            "<p>Filter: TestFilter</p>" +
             "<p>Time of configuration: 2023-04-20T15:50:04Z (UTC)</p>" +
             "<p>Generated on: Z (UTC)</p>" +
-            "<p>Devices: TestMgt [TestDev]</p><hr>" +
+            "<p>Devices: TestMgt [TestDev]</p>" +
+            "<p>Filter: TestFilter</p><hr>" +
             "<h3>TestMgt</h3><hr>" +
             "<h4>TestDev</h4><hr>" +
             "<table><tr><th>No.</th><th>Last Hit</th><th>Name</th><th>Source Zone</th><th>Source</th><th>Destination Zone</th><th>Destination</th><th>Services</th><th>Action</th><th>Track</th><th>Enabled</th><th>Uid</th><th>Comment</th></tr>" +
@@ -205,19 +205,19 @@ public void UnusedRulesGenerateHtml()
             "<td>deny</td><td>none</td><td><b>Y</b></td><td>uid2:123</td><td>comment2</td></tr></table>" +
             "<h4>Network Objects</h4><hr>" +
             "<table><tr><th>No.</th><th>Name</th><th>Type</th><th>IP Address</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td><a name=nwobj1>TestIp1</a></td><td>network</td><td>1.2.3.4/32</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>2</td><td><a name=nwobj2>TestIp2</a></td><td>network</td><td>127.0.0.1/32</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>3</td><td><a name=nwobj3>TestIpRange</a></td><td>ip_range</td><td>1.2.3.4-1.2.3.5</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=nwobj1>TestIp1</a></td><td>Network</td><td>1.2.3.4/32</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>2</td><td><a name=nwobj2>TestIp2</a></td><td>Network</td><td>127.0.0.1/32</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>3</td><td><a name=nwobj3>TestIpRange</a></td><td>IP Range</td><td>1.2.3.4-1.2.3.5</td><td></td><td></td><td></td></tr>" +
             "</table>" +
             "<h4>Network Services</h4><hr>" +
             "<table><tr><th>No.</th><th>Name</th><th>Type</th><th>Protocol</th><th>Port</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td>TestService1</td><td><a name=svc1>TestService1</a></td><td>TCP</td><td>443</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>2</td><td>TestService2</td><td><a name=svc2>TestService2</a></td><td>UDP</td><td>6666-7777</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=svc1>TestService1</a></td><td></td><td>TCP</td><td>443</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>2</td><td><a name=svc2>TestService2</a></td><td></td><td>UDP</td><td>6666-7777</td><td></td><td></td><td></td></tr>" +
             "</table>" +
             "<h4>Users</h4><hr>" +
             "<table><tr><th>No.</th><th>Name</th><th>Type</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td>TestUser1</td><td><a name=user1>TestUser1</a></td><td></td><td></td><td></td></tr>" +
-            "<tr><td>2</td><td>TestUser2</td><td><a name=user2>TestUser2</a></td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=user1>TestUser1</a></td><td></td><td></td><td></td><td></td></tr>" +
+            "<tr><td>2</td><td><a name=user2>TestUser2</a></td><td>Group</td><td></td><td></td><td></td></tr>" +
             "</table></body></html>";
             Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRules.ExportToHtml(), true)));
         }
@@ -235,10 +235,10 @@ public void RecertReportGenerateHtml()
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
             "<body>" +
             "<h2>Recertification Report</h2>" +
-            "<p>Filter: TestFilter</p>" +
             "<p>Time of configuration: 2023-04-20T15:50:04Z (UTC)</p>" +
             "<p>Generated on: Z (UTC)</p>" +
-            "<p>Devices: TestMgt [TestDev]</p><hr>" +
+            "<p>Devices: TestMgt [TestDev]</p>" +
+            "<p>Filter: TestFilter</p><hr>" +
             "<h3>TestMgt</h3><hr>" +
             "<h4>TestDev</h4><hr>" +
             "<table><tr><th>No.</th><th>Next Recertification Date</th><th>Owner</th><th>IP address match</th><th>Last Hit</th><th>Name</th><th>Source Zone</th><th>Source</th><th>Destination Zone</th><th>Destination</th><th>Services</th><th>Action</th><th>Track</th><th>Enabled</th><th>Uid</th><th>Comment</th></tr>" +
@@ -275,17 +275,17 @@ public void RecertReportGenerateHtml()
             "<td>uid2:123</td>" +
             "<td>comment2</td></tr></table>" +
             "<h4>Network Objects</h4><hr><table><tr><th>No.</th><th>Name</th><th>Type</th><th>IP Address</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td><a name=nwobj1>TestIp1</a></td><td>network</td><td>1.2.3.4/32</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>2</td><td><a name=nwobj2>TestIp2</a></td><td>network</td><td>127.0.0.1/32</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>3</td><td><a name=nwobj3>TestIpRange</a></td><td>ip_range</td><td>1.2.3.4-1.2.3.5</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=nwobj1>TestIp1</a></td><td>Network</td><td>1.2.3.4/32</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>2</td><td><a name=nwobj2>TestIp2</a></td><td>Network</td><td>127.0.0.1/32</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>3</td><td><a name=nwobj3>TestIpRange</a></td><td>IP Range</td><td>1.2.3.4-1.2.3.5</td><td></td><td></td><td></td></tr>" +
             "</table>" +
             "<h4>Network Services</h4><hr><table><tr><th>No.</th><th>Name</th><th>Type</th><th>Protocol</th><th>Port</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td>TestService1</td><td><a name=svc1>TestService1</a></td><td>TCP</td><td>443</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>2</td><td>TestService2</td><td><a name=svc2>TestService2</a></td><td>UDP</td><td>6666-7777</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=svc1>TestService1</a></td><td></td><td>TCP</td><td>443</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>2</td><td><a name=svc2>TestService2</a></td><td></td><td>UDP</td><td>6666-7777</td><td></td><td></td><td></td></tr>" +
             "</table>" +
             "<h4>Users</h4><hr><table><tr><th>No.</th><th>Name</th><th>Type</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td>TestUser1</td><td><a name=user1>TestUser1</a></td><td></td><td></td><td></td></tr>" +
-            "<tr><td>2</td><td>TestUser2</td><td><a name=user2>TestUser2</a></td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=user1>TestUser1</a></td><td></td><td></td><td></td><td></td></tr>" +
+            "<tr><td>2</td><td><a name=user2>TestUser2</a></td><td>Group</td><td></td><td></td><td></td></tr>" +
             "</table></body></html>";
             Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportRecerts.ExportToHtml(), true)));
         }
@@ -303,10 +303,10 @@ public void NatRulesGenerateHtml()
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
             "<body>" +
             "<h2>NAT Rules Report</h2>" +
-            "<p>Filter: TestFilter</p>" +
             "<p>Time of configuration: 2023-04-20T15:50:04Z (UTC)</p>" +
             "<p>Generated on: Z (UTC)</p>" +
-            "<p>Devices: TestMgt [TestDev]</p><hr>" +
+            "<p>Devices: TestMgt [TestDev]</p>" +
+            "<p>Filter: TestFilter</p><hr>" +
             "<h3>TestMgt</h3><hr>" +
             "<h4>TestDev</h4><hr>" +
             "<table><tr><th>No.</th><th>Name</th><th>Source Zone</th><th>Source</th><th>Destination Zone</th><th>Destination</th><th>Services</th><th>Translated Source</th><th>Translated Destination</th><th>Translated Services</th><th>Enabled</th><th>Uid</th><th>Comment</th></tr>" +
@@ -324,18 +324,18 @@ public void NatRulesGenerateHtml()
             "<td>uid1</td>" +
             "<td>comment1</td></tr></table>" +
             "<h4>Network Objects</h4><hr><table><tr><th>No.</th><th>Name</th><th>Type</th><th>IP Address</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td><a name=nwobj1>TestIp1</a></td><td>network</td><td>1.2.3.4/32</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>2</td><td><a name=nwobj2>TestIp2</a></td><td>network</td><td>127.0.0.1/32</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>3</td><td><a name=nwobj3>TestIpRange</a></td><td>ip_range</td><td>1.2.3.4-1.2.3.5</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>4</td><td><a name=nwobj4>TestIpNew</a></td><td>network</td><td>10.0.6.0/24</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>5</td><td><a name=nwobj5>TestIp1Changed</a></td><td>host</td><td>2.3.4.5</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=nwobj1>TestIp1</a></td><td>Network</td><td>1.2.3.4/32</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>2</td><td><a name=nwobj2>TestIp2</a></td><td>Network</td><td>127.0.0.1/32</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>3</td><td><a name=nwobj3>TestIpRange</a></td><td>IP Range</td><td>1.2.3.4-1.2.3.5</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>4</td><td><a name=nwobj4>TestIpNew</a></td><td>Network</td><td>10.0.6.0/24</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>5</td><td><a name=nwobj5>TestIp1Changed</a></td><td>Host</td><td>2.3.4.5</td><td></td><td></td><td></td></tr>" +
             "</table>" +
             "<h4>Network Services</h4><hr><table><tr><th>No.</th><th>Name</th><th>Type</th><th>Protocol</th><th>Port</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td>TestService1</td><td><a name=svc1>TestService1</a></td><td>TCP</td><td>443</td><td></td><td></td><td></td></tr>" +
-            "<tr><td>2</td><td>TestService2</td><td><a name=svc2>TestService2</a></td><td>UDP</td><td>6666-7777</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=svc1>TestService1</a></td><td></td><td>TCP</td><td>443</td><td></td><td></td><td></td></tr>" +
+            "<tr><td>2</td><td><a name=svc2>TestService2</a></td><td></td><td>UDP</td><td>6666-7777</td><td></td><td></td><td></td></tr>" +
             "</table>" +
             "<h4>Users</h4><hr><table><tr><th>No.</th><th>Name</th><th>Type</th><th>Members</th><th>Uid</th><th>Comment</th></tr>" +
-            "<tr><td>1</td><td>TestUser2</td><td><a name=user2>TestUser2</a></td><td></td><td></td><td></td></tr>" +
+            "<tr><td>1</td><td><a name=user2>TestUser2</a></td><td>Group</td><td></td><td></td><td></td></tr>" +
             "</table></table></body></html>";
             Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportNatRules.ExportToHtml(), true)));
         }
@@ -353,10 +353,10 @@ public void ChangesGenerateHtml()
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
             "<body>" +
             "<h2>Changes Report</h2>" +
-            "<p>Filter: TestFilter</p>" +
             "<p>Change Time: from: 2023-04-19T15:00:04Z, until: 2023-04-20T15:00:04Z (UTC)</p>" +
             "<p>Generated on: Z (UTC)</p>" +
-            "<p>Devices: TestMgt [TestDev]</p><hr>" +
+            "<p>Devices: TestMgt [TestDev]</p>" +
+            "<p>Filter: TestFilter</p><hr>" +
             "<h3>TestMgt</h3><hr>" +
             "<h4>TestDev</h4><hr>" +
             "<table><tr><th>Change Time</th><th>Change Type</th><th>Name</th><th>Source Zone</th><th>Source</th><th>Destination Zone</th><th>Destination</th><th>Services</th><th>Action</th><th>Track</th><th>Enabled</th><th>Uid</th><th>Comment</th></tr>" +
@@ -419,10 +419,10 @@ public void ResolvedChangesGenerateHtml()
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
             "<body>" +
             "<h2>Changes Report (resolved)</h2>" +
-            "<p>Filter: TestFilter</p>" +
             "<p>Change Time: from: 2023-04-19T15:00:04Z, until: 2023-04-20T15:00:04Z (UTC)</p>" +
             "<p>Generated on: Z (UTC)</p>" +
-            "<p>Devices: TestMgt [TestDev]</p><hr>" +
+            "<p>Devices: TestMgt [TestDev]</p>" +
+            "<p>Filter: TestFilter</p><hr>" +
             "<h3>TestMgt</h3><hr>" +
             "<h4>TestDev</h4><hr>" +
             "<table><tr><th>Change Time</th><th>Change Type</th><th>Name</th><th>Source Zone</th><th>Source</th><th>Destination Zone</th><th>Destination</th><th>Services</th><th>Action</th><th>Track</th><th>Enabled</th><th>Uid</th><th>Comment</th></tr>" +
@@ -481,10 +481,10 @@ public void ResolvedChangesTechGenerateHtml()
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
             "<body>" +
             "<h2>Changes Report (technical)</h2>" +
-            "<p>Filter: TestFilter</p>" +
             "<p>Change Time: from: 2023-04-19T15:00:04Z, until: 2023-04-20T15:00:04Z (UTC)</p>" +
             "<p>Generated on: Z (UTC)</p>" +
-            "<p>Devices: TestMgt [TestDev]</p><hr>" +
+            "<p>Devices: TestMgt [TestDev]</p>" +
+            "<p>Filter: TestFilter</p><hr>" +
             "<h3>TestMgt</h3><hr>" +
             "<h4>TestDev</h4><hr>" +
             "<table><tr><th>Change Time</th><th>Change Type</th><th>Name</th><th>Source Zone</th><th>Source</th><th>Destination Zone</th><th>Destination</th><th>Services</th><th>Action</th><th>Track</th><th>Enabled</th><th>Uid</th><th>Comment</th></tr>" +
@@ -544,11 +544,54 @@ public void ConnectionsGenerateHtml()
             "<style>table {font-family: arial, sans-serif;font-size: 10px;border-collapse: collapse;width: 100 %;}td {border: 1px solid #000000;text-align: left;padding: 3px;}th {border: 1px solid #000000;text-align: left;padding: 3px;background-color: #dddddd;}</style></head>" +
             "<body>" +
             "<h2>Connections Report</h2>" +
-            "<p>Filter: TestFilter</p>" +
             "<p>Generated on: Z (UTC)</p>" +
-            "<p>Owners: TestOwner</p><hr>" +
+            "<p>Owners: TestOwner</p>" +
+            "<p>Filter: TestFilter</p><hr>" +
             "<h3>TestOwner</h3>" +
-
+            "<h4>Connections</h4><table>" +
+            "<tr><th>No.</th><th>Id</th><th>Name</th><th>Functional Reason</th><th>Source</th><th>Services</th><th>Destination</th></tr>" +
+            "<tr><td>1</td><td>101</td><td>Conn1</td><td></td>" +
+            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj3\" target=\"_top\" style=\"\">AppServer1 (1.0.0.0)</a></td>" +
+            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc1\" target=\"_top\" style=\"\">ServiceGroup1</a><br>" +
+            "<span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc2\" target=\"_top\" style=\"\">Service1 (1234/TCP)</a></td>" +
+            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj1\" target=\"_top\" style=\"\">AppRole1 ()</a></td></table><hr>" +
+            "<h4>Interfaces</h4><table>" +
+            "<tr><th>No.</th><th>Id</th><th>Name</th><th>Functional Reason</th><th>Source</th><th>Services</th><th>Destination</th></tr>" +
+            "<tr><td>1</td><td>102</td><td>Inter2</td><td></td><td></td>" +
+            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc3\" target=\"_top\" style=\"\"></a><br>" +
+            "<span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc4\" target=\"_top\" style=\"\">Service2 (2345/UDP)</a></td>" +
+            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj2\" target=\"_top\" style=\"\"> ()</a><br>" +
+            "<span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj4\" target=\"_top\" style=\"\">AppServer2 (2.0.0.0)</a></td></table><hr>" +
+            "<h4>Own Common Services</h4><table>" +
+            "<tr><th>No.</th><th>Id</th><th>Name</th><th>Functional Reason</th><th>Source</th><th>Services</th><th>Destination</th></tr>" +
+            "<tr><td>1</td><td>103</td><td>ComSvc3</td><td></td>" +
+            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj3\" target=\"_top\" style=\"\">AppServer1 (1.0.0.0)</a></td>" +
+            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc3\" target=\"_top\" style=\"\"></a><br>" +
+            "<span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc4\" target=\"_top\" style=\"\">Service2 (2345/UDP)</a></td>" +
+            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj4\" target=\"_top\" style=\"\">AppServer2 (2.0.0.0)</a></td></table><hr>" +
+
+            "<h4>Network Objects</h4>" +
+            "<table><tr><th>No.</th><th>Id</th><th>Name</th><th>Ip</th></tr>" +
+            "<tr><td>1</td><td>21</td><td><a name=nwobj1>AppRole1</a></td><td></td>" +
+            "<tr><td>2</td><td>0</td><td><a name=nwobj2></a></td><td></td>" +
+            "<tr><td>3</td><td>11</td><td><a name=nwobj3>AppServer1</a></td><td>1.0.0.0</td>" +
+            "<tr><td>4</td><td>12</td><td><a name=nwobj4>AppServer2</a></td><td>2.0.0.0</td>" +
+            "</table><hr>" +
+            "<h4>Network Services</h4>" +
+            "<table><tr><th>No.</th><th>Id</th><th>Name</th><th>Protocol</th><th>Port</th></tr>" +
+            "<tr><td>1</td><td>41</td><td><a name=svc1>ServiceGroup1</a></td><td></td><td></td>" +
+            "<tr><td>2</td><td>31</td><td><a name=svc2>Service1</a></td><td>TCP</td><td>1234</td>" +
+            "<tr><td>3</td><td>0</td><td><a name=svc3></a></td><td></td><td></td>" +
+            "<tr><td>4</td><td>32</td><td><a name=svc4>Service2</a></td><td>UDP</td><td>2345</td>" +
+            "</table><hr>" +
+
+            "<h3>Global Common Services</h3><table>" +
+            "<tr><th>No.</th><th>Id</th><th>Owner</th><th>Name</th><th>Functional Reason</th><th>Source</th><th>Services</th><th>Destination</th></tr>" +
+            "<tr><td>1</td><td>103</td><td>App1</td><td>ComSvc3</td><td></td>" +
+            "<td><span class=\"\" ><span class=\"\" ><span class=\"\">AppServer1 (1.0.0.0)</span></span></span></td>" +
+            "<td><span></span><br>" +
+            "<span>Service2 (2345/UDP)</span></td>" +
+            "<td><span class=\"\" ><span class=\"\" ><span class=\"\">AppServer2 (2.0.0.0)</span></span></span></td></table><hr>" +
             "</body></html>";
             Assert.AreEqual(expectedHtmlResult, removeLinebreaks(removeGenDate(reportConnections.ExportToHtml(), true)));
         }
@@ -1214,21 +1257,59 @@ private ReportData ConstructChangeReport(bool resolved)
             };
         }
 
-        private ReportData ConstructConnectionReport(bool resolved)
+        private static ReportData ConstructConnectionReport(bool resolved)
         {
-            return new ReportData()
+            ModellingAppServer AppServer1 = new() {Id = 11, Number = 1, Name = "AppServer1", Ip = "1.0.0.0"};
+            ModellingAppServer AppServer2 = new() {Id = 12, Number = 2, Name = "AppServer2", Ip = "2.0.0.0"};
+            ModellingAppRole AppRole1 = new() { Id = 21, Number = 3, Name = "AppRole1", Comment = "CommAR1", AppServers = new() { new() { Content = AppServer1 } } };
+            ModellingService Service1 = new() { Id = 31, Number = 1, Name = "Service1", Port = 1234, Protocol = new() { Name = "TCP" } };
+            ModellingService Service2 = new() { Id = 32, Number = 2, Name = "Service2", Port = 2345, Protocol = new() { Name = "UDP" } };
+            ModellingServiceGroup ServiceGroup1 = new() { Id = 41, Number = 3, Name = "ServiceGroup1", Comment = "CommSG1", Services = new(){ new() { Content = Service1 } } };
+            ModellingConnection Conn1 = new() 
+            { 
+                Id = 101, Name = "Conn1", 
+                SourceAppServers = new(){ new() { Content = AppServer1 } },
+                DestinationAppRoles = new(){ new() { Content = AppRole1 } },
+                Services = new(){ new() { Content = Service1 } },
+                ServiceGroups = new(){ new() { Content = ServiceGroup1 } }
+            };
+            ModellingConnection Inter2 = new() 
+            { 
+                Id = 102, Name = "Inter2", 
+                DestinationAppServers = new(){ new() { Content = AppServer2 } },
+                DestinationAppRoles = new(){ new() {} },
+                Services = new(){ new() { Content = Service2 } },
+                ServiceGroups = new(){ new() {} }
+            };
+            ModellingConnection ComSvc3 = new() 
+            { 
+                Id = 103, Name = "ComSvc3", App = new(){ Name = "App1" },
+                SourceAppServers = new(){ new() { Content = AppServer1 } },
+                DestinationAppServers = new(){ new() { Content = AppServer2 } },
+                Services = new(){ new() { Content = Service2 } },
+                ServiceGroups = new(){ new() {} }
+            };
+
+            ReportData reportData = new ()
             {
-                OwnerData = new List<OwnerReport>()
+                OwnerData = new ()
                 {
                     new ()
                     {
                         Name = "TestOwner",
+                        Connections = new(){ Conn1, Inter2, ComSvc3 },
+                        RegularConnections = new(){ Conn1 },
+                        Interfaces = new(){ Inter2 },
+                        CommonServices = new(){ ComSvc3 },
                     }
-                }
+                },
+                GlobalComSvc = new(){ ComSvc3 }
             };
+            reportData.OwnerData.First().PrepareObjectData();
+            return reportData;
         }
 
-        private string removeGenDate(string exportString, bool html = false, bool json = false)
+        private static string removeGenDate(string exportString, bool html = false, bool json = false)
         {
             string dateText = html ? "<p>Generated on: " : "report generation date" + (json ? "\"" : "") + ": " + (json ? "\"" : "");
             int startGenTime = exportString.IndexOf(dateText);
@@ -1239,7 +1320,7 @@ private string removeGenDate(string exportString, bool html = false, bool json =
             return exportString;
         }
 
-        private string removeLinebreaks(string exportString)
+        private static string removeLinebreaks(string exportString)
         {
             while(exportString.Contains("\n "))
             {
diff --git a/roles/test/files/FWO.Test/SimulatedUserConfig.cs b/roles/test/files/FWO.Test/SimulatedUserConfig.cs
index 23de82cb3..0e00ffbbc 100644
--- a/roles/test/files/FWO.Test/SimulatedUserConfig.cs
+++ b/roles/test/files/FWO.Test/SimulatedUserConfig.cs
@@ -59,7 +59,19 @@ internal class SimulatedUserConfig : UserConfig
             {"C9002","This App Server was..."},
             {"is_in_use","Is in use"},
             {"devices","Devices"},
-            {"owners","Owners"}
+            {"owners","Owners"},
+            {"filter","Filter"},
+            {"id","Id"},
+            {"ip","Ip"},
+            {"group","Group"},
+            {"host","Host"},
+            {"network","Network"},
+            {"ip_range","IP Range"},
+            {"connections","Connections"},
+            {"interfaces","Interfaces"},
+            {"own_common_services","Own Common Services"},
+            {"global_common_services","Global Common Services"},
+            {"func_reason","Functional Reason"}
         };
 
         public override string GetText(string key)
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpReportingLeftSidebar.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpReportingLeftSidebar.cshtml
index 3f2d6990f..79b7601d6 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpReportingLeftSidebar.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpReportingLeftSidebar.cshtml
@@ -31,5 +31,6 @@
         <li>@(Html.Raw(userConfig.GetText("H1510")))</li>
         <li>@(Html.Raw(userConfig.GetText("H1511")))</li>
         <li>@(Html.Raw(userConfig.GetText("H1503")))</li>
+        <li>@(Html.Raw(userConfig.GetText("H1512")))</li>
     </ul>
 </div>
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index cda19bdcb..d21e8d7b6 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -51,7 +51,7 @@
                             </Template>
                         </Column>
                         <DetailTemplate TableItem="NetworkObject">
-                            <Detail Title="@(userConfig.GetText("type"))" Data=@context.Type.Name />
+                            <Detail Title="@(userConfig.GetText("type"))" Data=@userConfig.GetText(context.Type.Name) />
                             <Detail Title="@(userConfig.GetText("uid"))" Data=@context.Uid />
                             <Detail Title="@(userConfig.GetText("ip"))" Data=@NwObjDisplay.DisplayIp(context.IP, context.IpEnd, context.Type.Name) />
                             <Detail Title="@(userConfig.GetText("zone"))" Data=@context.Zone?.Name />
@@ -119,7 +119,7 @@
                             </Template>
                         </Column>
                         <DetailTemplate TableItem="NetworkService">
-                            <Detail Title="@(userConfig.GetText("type"))" Data=@context.Type.Name />
+                            <Detail Title="@(userConfig.GetText("type"))" Data=@userConfig.GetText(context.Type.Name) />
                             <Detail Title="@(userConfig.GetText("uid"))" Data=@context.Uid />
                             @if (context.Type.Name != ObjectType.Group)
                             {
@@ -193,7 +193,7 @@
                             </Template>
                         </Column>
                         <DetailTemplate TableItem="NetworkUser">
-                            <Detail Title="@(userConfig.GetText("type"))" Data=@context.Type?.Name />
+                            <Detail Title="@(userConfig.GetText("type"))" Data=@(context.Type != null ? userConfig.GetText(context.Type?.Name) : "") />
                             <Detail Title="@(userConfig.GetText("uid"))" Data=@context.Uid />
                             <Detail Title="@(userConfig.GetText("real_name"))" Data=@($"{context.FirstName} {context.LastName}") />
                             @if (context.Type != null && context.Type.Name == ObjectType.Group && context.UserGroups != null && context.UserGroupFlats != null)

From c9b6e9e99de1b610581121a22a358badab591b60 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Wed, 13 Mar 2024 13:37:39 +0100
Subject: [PATCH 37/84] fixes

---
 .../FWO.Api.Client/Data/ModellingAppRole.cs   |  4 +-
 .../Data/ModellingServiceGroup.cs             |  4 +-
 .../FWO.Api.Client/Data/NetworkObject.cs      | 12 +++++
 .../FWO.Api.Client/Data/NetworkService.cs     | 12 +++++
 .../files/FWO.Api.Client/Data/NetworkUser.cs  | 38 +++++----------
 .../lib/files/FWO.Report/Data/OwnerReport.cs  | 48 ++++++++++++++-----
 .../lib/files/FWO.Report/ReportConnections.cs |  4 ++
 roles/lib/files/FWO.Report/ReportNatRules.cs  | 15 ++----
 roles/lib/files/FWO.Report/ReportRules.cs     | 15 ++----
 roles/test/files/FWO.Test/ExportTest.cs       | 26 +++++-----
 .../ui/files/FWO.UI/Shared/ObjectGroup.razor  |  6 +--
 11 files changed, 103 insertions(+), 81 deletions(-)

diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
index ce837bcbb..5a8774e30 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
@@ -41,6 +41,7 @@ public override string DisplayWithIcon()
 
         public NetworkObject ToNetworkObjectGroup()
         {
+            Group<NetworkObject>[] objectGroups = ModellingAppRoleWrapper.ResolveAsNetworkObjectGroup(AppServers ?? new List<ModellingAppServerWrapper>());
             return new()
             {
                 Id = Id,
@@ -48,7 +49,8 @@ public NetworkObject ToNetworkObjectGroup()
                 Name = Name ?? "",
                 Comment = Comment ?? "",
                 Type = new NetworkObjectType(){ Name = ObjectType.Group },
-                ObjectGroups = ModellingAppRoleWrapper.ResolveAsNetworkObjectGroup(AppServers ?? new List<ModellingAppServerWrapper>())
+                ObjectGroups = objectGroups,
+                MemberNames = string.Join("|", Array.ConvertAll(objectGroups, o => o.Object?.Name))
             };
         }
 
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
index fb932cd0e..3ab8778e4 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
@@ -25,13 +25,15 @@ public override string DisplayWithIcon()
 
         public NetworkService ToNetworkServiceGroup()
         {
+            Group<NetworkService>[] serviceGroups = ModellingServiceGroupWrapper.ResolveAsNetworkServiceGroup(Services ?? new List<ModellingServiceWrapper>());
             return new()
             {
                 Id = Id,
                 Name = Name ?? "",
                 Comment = Comment ?? "",
                 Type = new NetworkServiceType(){ Name = ObjectType.Group },
-                ServiceGroups = ModellingServiceGroupWrapper.ResolveAsNetworkServiceGroup(Services ?? new List<ModellingServiceWrapper>())
+                ServiceGroups = serviceGroups,
+                MemberNames = string.Join("|", Array.ConvertAll(serviceGroups, o => o.Object?.Name))
             };
         }
 
diff --git a/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs b/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs
index 320dcbd8d..6ebeb3076 100644
--- a/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/NetworkObject.cs
@@ -68,5 +68,17 @@ public override int GetHashCode()
         {
             return Id.GetHashCode();
         }
+
+        public string MemberNamesAsHtml()
+        {
+            if (MemberNames != null && MemberNames.Contains("|"))
+            {
+                return $"<td>{string.Join("<br>", MemberNames.Split('|'))}</td>";
+            }
+            else
+            {
+                return $"<td>{MemberNames}</td>";
+            }
+        }
     }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs b/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs
index 4dab29e86..5397a9c9e 100644
--- a/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/NetworkService.cs
@@ -89,5 +89,17 @@ public override int GetHashCode()
         {
             return Id.GetHashCode();
         }
+
+        public string MemberNamesAsHtml()
+        {
+            if (MemberNames != null && MemberNames.Contains("|"))
+            {
+                return $"<td>{string.Join("<br>", MemberNames.Split('|'))}</td>";
+            }
+            else
+            {
+                return $"<td>{MemberNames}</td>";
+            }
+        }
     }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/NetworkUser.cs b/roles/lib/files/FWO.Api.Client/Data/NetworkUser.cs
index b45aa6c12..22b1dcf6c 100644
--- a/roles/lib/files/FWO.Api.Client/Data/NetworkUser.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/NetworkUser.cs
@@ -64,32 +64,16 @@ public override int GetHashCode()
             return Id.GetHashCode();
         }
 
-        //  user_id
-        //  user_uid
-        //  user_name
-        //  user_comment
-        //  user_lastname
-        //  user_firstname
-        //  usr_typ_id
-        //  stm_usr_typ {
-        //    usr_typ_name
-        //  }
-        //  user_member_names
-        //  user_member_refs
-        //  usergrps {
-        //    id: usergrp_id
-        //    byId: usrByUsergrpMemberId {
-        //      user_id
-        //      user_name
-        //    }
-        //  }
-        //  usergrp_flats {
-        //    flat_id: usergrp_flat_id
-        //    byFlatId: usrByUsergrpFlatMemberId {
-        //      user_id
-        //      user_name
-        //    }
-        //  }
-
+        public string MemberNamesAsHtml()
+        {
+            if (MemberNames != null && MemberNames.Contains("|"))
+            {
+                return $"<td>{string.Join("<br>", MemberNames.Split('|'))}</td>";
+            }
+            else
+            {
+                return $"<td>{MemberNames}</td>";
+            }
+        }
     }
 }
diff --git a/roles/lib/files/FWO.Report/Data/OwnerReport.cs b/roles/lib/files/FWO.Report/Data/OwnerReport.cs
index 41bd4c8c6..fd19f4431 100644
--- a/roles/lib/files/FWO.Report/Data/OwnerReport.cs
+++ b/roles/lib/files/FWO.Report/Data/OwnerReport.cs
@@ -38,9 +38,9 @@ public static void AssignConnectionNumbers(List<ModellingConnection> connections
 
         public void PrepareObjectData()
         {
-            AllObjects = GetAllNetworkObjects();
+            AllObjects = GetAllNetworkObjects(true);
             SetObjectNumbers(ref AllObjects);
-            AllServices = GetAllServices();
+            AllServices = GetAllServices(true);
             SetSvcNumbers(ref AllServices);
         }
 
@@ -65,27 +65,40 @@ public List<ModellingAppServer> GetAllAppServers()
             return allAppServers;
         }
 
-        public List<NetworkObject> GetAllNetworkObjects()
+        public List<NetworkObject> GetAllNetworkObjects(bool resolved = false)
         {
             List<NetworkObject> allObjects = new();
             foreach(var conn in Connections)
             {
                 List<NetworkObject> objList = new();
-                foreach (var objGrp in conn.SourceAppRoles)
-                {
-                    objList.Add(objGrp.Content.ToNetworkObjectGroup());
-                }
-                foreach (var objGrp in conn.DestinationAppRoles)
-                {
-                    objList.Add(objGrp.Content.ToNetworkObjectGroup());
-                }
+                GetObjectsFromAR(conn.SourceAppRoles, ref objList, resolved);
+                GetObjectsFromAR(conn.DestinationAppRoles, ref objList, resolved);
                 allObjects = allObjects.Union(objList).ToList();
             }
             allObjects = allObjects.Union(Array.ConvertAll(GetAllAppServers().ToArray(), x => ModellingAppServer.ToNetworkObject(x)).ToList()).ToList();
             return allObjects;
         }
 
-        public List<NetworkService> GetAllServices()
+        private static void GetObjectsFromAR(List<ModellingAppRoleWrapper> appRoles, ref List<NetworkObject> objectList, bool resolved = false)
+        {
+            foreach (var objGrp in appRoles)
+            {
+                objectList.Add(objGrp.Content.ToNetworkObjectGroup());
+                if(resolved)
+                {
+                    NetworkObject objectGroup = objGrp.Content.ToNetworkObjectGroup();
+                    foreach(var obj in objectGroup.ObjectGroups)
+                    {
+                        if(obj.Object != null)
+                        {
+                            objectList.Add(obj.Object);
+                        }
+                    }
+                }
+            }
+        }
+
+        public List<NetworkService> GetAllServices(bool resolved = false)
         {
             List<NetworkService> allServices = new();
             foreach(var conn in Connections)
@@ -93,7 +106,18 @@ public List<NetworkService> GetAllServices()
                 List<NetworkService> svcList = new();
                 foreach (var svcGrp in conn.ServiceGroups)
                 {
+                    NetworkService serviceGroup = svcGrp.Content.ToNetworkServiceGroup();
                     svcList.Add(svcGrp.Content.ToNetworkServiceGroup());
+                    if(resolved)
+                    {
+                        foreach(var svc in serviceGroup.ServiceGroups)
+                        {
+                            if(svc.Object != null)
+                            {
+                                svcList.Add(svc.Object);
+                            }
+                        }
+                    }
                 }
                 allServices = allServices.Union(svcList).ToList();
                 allServices = allServices.Union(ModellingServiceWrapper.ResolveAsNetworkServices(conn.Services).ToList()).ToList();
diff --git a/roles/lib/files/FWO.Report/ReportConnections.cs b/roles/lib/files/FWO.Report/ReportConnections.cs
index 8122f897c..49be4f77c 100644
--- a/roles/lib/files/FWO.Report/ReportConnections.cs
+++ b/roles/lib/files/FWO.Report/ReportConnections.cs
@@ -143,6 +143,7 @@ private void AppendNetworkObjectsHtml(List<NetworkObject> networkObjects, ref St
                 report.AppendLine($"<td>{nwObj.Id}</td>");
                 report.AppendLine($"<td><a name={ObjCatString.NwObj}{nwObj.Number}>{nwObj.Name}</a></td>");
                 report.AppendLine($"<td>{nwObj.IP}</td>");
+                report.AppendLine(nwObj.MemberNamesAsHtml());
             }
             report.AppendLine("</table>");
             report.AppendLine("<hr>");
@@ -155,6 +156,7 @@ private void AppendNWObjHeadlineHtml(ref StringBuilder report)
             report.AppendLine($"<th>{userConfig.GetText("id")}</th>");
             report.AppendLine($"<th>{userConfig.GetText("name")}</th>");
             report.AppendLine($"<th>{userConfig.GetText("ip")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("members")}</th>");
             report.AppendLine("</tr>");
         }
 
@@ -171,6 +173,7 @@ private void AppendNetworkServicesHtml(List<NetworkService> networkServices, ref
                 report.AppendLine($"<td><a name={ObjCatString.Svc}{svc.Number}>{svc.Name}</a></td>");
                 report.AppendLine($"<td>{svc.Protocol.Name}</td>");
                 report.AppendLine($"<td>{svc.DestinationPort}</td>");
+                report.AppendLine(svc.MemberNamesAsHtml());
             }
             report.AppendLine("</table>");
             report.AppendLine("<hr>");
@@ -184,6 +187,7 @@ private void AppendNWSvcHeadlineHtml(ref StringBuilder report)
             report.AppendLine($"<th>{userConfig.GetText("name")}</th>");
             report.AppendLine($"<th>{userConfig.GetText("protocol")}</th>");
             report.AppendLine($"<th>{userConfig.GetText("port")}</th>");
+            report.AppendLine($"<th>{userConfig.GetText("members")}</th>");
             report.AppendLine("</tr>");
         }
 
diff --git a/roles/lib/files/FWO.Report/ReportNatRules.cs b/roles/lib/files/FWO.Report/ReportNatRules.cs
index 1c07faa86..2b752b72b 100644
--- a/roles/lib/files/FWO.Report/ReportNatRules.cs
+++ b/roles/lib/files/FWO.Report/ReportNatRules.cs
@@ -102,10 +102,7 @@ public override string ExportToHtml()
                         report.AppendLine($"<td><a name={ObjCatString.NwObj}{nwobj.Id}>{nwobj.Name}</a></td>");
                         report.AppendLine($"<td>{(nwobj.Type.Name != "" ? userConfig.GetText(nwobj.Type.Name) : "")}</td>");
                         report.AppendLine($"<td>{NwObjDisplay.DisplayIp(nwobj.IP, nwobj.IpEnd, nwobj.Type.Name)}</td>");
-                        if (nwobj.MemberNames != null && nwobj.MemberNames.Contains("|"))
-                            report.AppendLine($"<td>{string.Join("<br>", nwobj.MemberNames.Split('|'))}</td>");
-                        else
-                            report.AppendLine($"<td>{nwobj.MemberNames}</td>");
+                        report.AppendLine(nwobj.MemberNamesAsHtml());
                         report.AppendLine($"<td>{nwobj.Uid}</td>");
                         report.AppendLine($"<td>{nwobj.Comment}</td>");
                         report.AppendLine("</tr>");
@@ -140,10 +137,7 @@ public override string ExportToHtml()
                             report.AppendLine($"<td>{svcobj.DestinationPort}-{svcobj.DestinationPortEnd}</td>");
                         else
                             report.AppendLine($"<td>{svcobj.DestinationPort}</td>");
-                        if (svcobj.MemberNames != null && svcobj.MemberNames.Contains("|"))
-                            report.AppendLine($"<td>{string.Join("<br>", svcobj.MemberNames.Split('|'))}</td>");
-                        else 
-                            report.AppendLine($"<td>{svcobj.MemberNames}</td>");
+                        report.AppendLine(svcobj.MemberNamesAsHtml());
                         report.AppendLine($"<td>{svcobj.Uid}</td>");
                         report.AppendLine($"<td>{svcobj.Comment}</td>");
                         report.AppendLine("</tr>");
@@ -171,10 +165,7 @@ public override string ExportToHtml()
                         report.AppendLine($"<td>{objNumber++}</td>");
                         report.AppendLine($"<td><a name={ObjCatString.User}{userobj.Id}>{userobj.Name}</a></td>");
                         report.AppendLine($"<td>{(userobj.Type.Name != "" ? userConfig.GetText(userobj.Type.Name) : "")}</td>");
-                        if (userobj.MemberNames != null && userobj.MemberNames.Contains("|"))
-                            report.AppendLine($"<td>{string.Join("<br>", userobj.MemberNames.Split('|'))}</td>");
-                        else
-                            report.AppendLine($"<td>{userobj.MemberNames}</td>");
+                        report.AppendLine(userobj.MemberNamesAsHtml());
                         report.AppendLine($"<td>{userobj.Uid}</td>");
                         report.AppendLine($"<td>{userobj.Comment}</td>");
                         report.AppendLine("</tr>");
diff --git a/roles/lib/files/FWO.Report/ReportRules.cs b/roles/lib/files/FWO.Report/ReportRules.cs
index 3d6d35b67..0c74eaf14 100644
--- a/roles/lib/files/FWO.Report/ReportRules.cs
+++ b/roles/lib/files/FWO.Report/ReportRules.cs
@@ -460,10 +460,7 @@ private void appendNetworkObjectsForManagementHtml(ref StringBuilder report, ref
                     report.AppendLine($"<td><a name={ObjCatString.NwObj}{nwobj.Id}>{nwobj.Name}</a></td>");
                     report.AppendLine($"<td>{(nwobj.Type.Name != "" ? userConfig.GetText(nwobj.Type.Name) : "")}</td>");
                     report.AppendLine($"<td>{NwObjDisplay.DisplayIp(nwobj.IP, nwobj.IpEnd, nwobj.Type.Name)}</td>");
-                    if (nwobj.MemberNames != null && nwobj.MemberNames.Contains('|'))
-                        report.AppendLine($"<td>{string.Join("<br>", nwobj.MemberNames.Split('|'))}</td>");
-                    else
-                        report.AppendLine($"<td>{nwobj.MemberNames}</td>");
+                    report.AppendLine(nwobj.MemberNamesAsHtml());
                     report.AppendLine($"<td>{nwobj.Uid}</td>");
                     report.AppendLine($"<td>{nwobj.Comment}</td>");
                     report.AppendLine("</tr>");
@@ -501,10 +498,7 @@ private void appendNetworkServicesForManagementHtml(ref StringBuilder report, re
                         report.AppendLine($"<td>{svcobj.DestinationPort}-{svcobj.DestinationPortEnd}</td>");
                     else
                         report.AppendLine($"<td>{svcobj.DestinationPort}</td>");
-                    if (svcobj.MemberNames != null && svcobj.MemberNames.Contains("|"))
-                        report.AppendLine($"<td>{string.Join("<br>", svcobj.MemberNames.Split('|'))}</td>");
-                    else
-                        report.AppendLine($"<td>{svcobj.MemberNames}</td>");
+                    report.AppendLine(svcobj.MemberNamesAsHtml());
                     report.AppendLine($"<td>{svcobj.Uid}</td>");
                     report.AppendLine($"<td>{svcobj.Comment}</td>");
                     report.AppendLine("</tr>");
@@ -535,10 +529,7 @@ private void appendUsersForManagementHtml(ref StringBuilder report, ref int objN
                     report.AppendLine($"<td>{objNumber++}</td>");
                     report.AppendLine($"<td><a name={ObjCatString.User}{userobj.Id}>{userobj.Name}</a></td>");
                     report.AppendLine($"<td>{(userobj.Type.Name != "" ? userConfig.GetText(userobj.Type.Name) : "")}</td>");
-                    if (userobj.MemberNames != null && userobj.MemberNames.Contains("|"))
-                        report.AppendLine($"<td>{string.Join("<br>", userobj.MemberNames.Split('|'))}</td>");
-                    else
-                        report.AppendLine($"<td>{userobj.MemberNames}</td>");
+                    report.AppendLine(userobj.MemberNamesAsHtml());
                     report.AppendLine($"<td>{userobj.Uid}</td>");
                     report.AppendLine($"<td>{userobj.Comment}</td>");
                     report.AppendLine("</tr>");
diff --git a/roles/test/files/FWO.Test/ExportTest.cs b/roles/test/files/FWO.Test/ExportTest.cs
index 9328e73cc..48d4af80d 100644
--- a/roles/test/files/FWO.Test/ExportTest.cs
+++ b/roles/test/files/FWO.Test/ExportTest.cs
@@ -551,7 +551,7 @@ public void ConnectionsGenerateHtml()
             "<h4>Connections</h4><table>" +
             "<tr><th>No.</th><th>Id</th><th>Name</th><th>Functional Reason</th><th>Source</th><th>Services</th><th>Destination</th></tr>" +
             "<tr><td>1</td><td>101</td><td>Conn1</td><td></td>" +
-            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj3\" target=\"_top\" style=\"\">AppServer1 (1.0.0.0)</a></td>" +
+            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj2\" target=\"_top\" style=\"\">AppServer1 (1.0.0.0)</a></td>" +
             "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc1\" target=\"_top\" style=\"\">ServiceGroup1</a><br>" +
             "<span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc2\" target=\"_top\" style=\"\">Service1 (1234/TCP)</a></td>" +
             "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj1\" target=\"_top\" style=\"\">AppRole1 ()</a></td></table><hr>" +
@@ -560,29 +560,29 @@ public void ConnectionsGenerateHtml()
             "<tr><td>1</td><td>102</td><td>Inter2</td><td></td><td></td>" +
             "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc3\" target=\"_top\" style=\"\"></a><br>" +
             "<span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc4\" target=\"_top\" style=\"\">Service2 (2345/UDP)</a></td>" +
-            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj2\" target=\"_top\" style=\"\"> ()</a><br>" +
+            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj3\" target=\"_top\" style=\"\"> ()</a><br>" +
             "<span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj4\" target=\"_top\" style=\"\">AppServer2 (2.0.0.0)</a></td></table><hr>" +
             "<h4>Own Common Services</h4><table>" +
             "<tr><th>No.</th><th>Id</th><th>Name</th><th>Functional Reason</th><th>Source</th><th>Services</th><th>Destination</th></tr>" +
             "<tr><td>1</td><td>103</td><td>ComSvc3</td><td></td>" +
-            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj3\" target=\"_top\" style=\"\">AppServer1 (1.0.0.0)</a></td>" +
+            "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj2\" target=\"_top\" style=\"\">AppServer1 (1.0.0.0)</a></td>" +
             "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc3\" target=\"_top\" style=\"\"></a><br>" +
             "<span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#svc4\" target=\"_top\" style=\"\">Service2 (2345/UDP)</a></td>" +
             "<td><span class=\"\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"#nwobj4\" target=\"_top\" style=\"\">AppServer2 (2.0.0.0)</a></td></table><hr>" +
 
             "<h4>Network Objects</h4>" +
-            "<table><tr><th>No.</th><th>Id</th><th>Name</th><th>Ip</th></tr>" +
-            "<tr><td>1</td><td>21</td><td><a name=nwobj1>AppRole1</a></td><td></td>" +
-            "<tr><td>2</td><td>0</td><td><a name=nwobj2></a></td><td></td>" +
-            "<tr><td>3</td><td>11</td><td><a name=nwobj3>AppServer1</a></td><td>1.0.0.0</td>" +
-            "<tr><td>4</td><td>12</td><td><a name=nwobj4>AppServer2</a></td><td>2.0.0.0</td>" +
+            "<table><tr><th>No.</th><th>Id</th><th>Name</th><th>Ip</th><th>Members</th></tr>" +
+            "<tr><td>1</td><td>21</td><td><a name=nwobj1>AppRole1</a></td><td></td><td>AppServer1</td>" +
+            "<tr><td>2</td><td>11</td><td><a name=nwobj2>AppServer1</a></td><td>1.0.0.0</td><td></td>" +
+            "<tr><td>3</td><td>0</td><td><a name=nwobj3></a></td><td></td><td></td>" +
+            "<tr><td>4</td><td>12</td><td><a name=nwobj4>AppServer2</a></td><td>2.0.0.0</td><td></td>" +
             "</table><hr>" +
             "<h4>Network Services</h4>" +
-            "<table><tr><th>No.</th><th>Id</th><th>Name</th><th>Protocol</th><th>Port</th></tr>" +
-            "<tr><td>1</td><td>41</td><td><a name=svc1>ServiceGroup1</a></td><td></td><td></td>" +
-            "<tr><td>2</td><td>31</td><td><a name=svc2>Service1</a></td><td>TCP</td><td>1234</td>" +
-            "<tr><td>3</td><td>0</td><td><a name=svc3></a></td><td></td><td></td>" +
-            "<tr><td>4</td><td>32</td><td><a name=svc4>Service2</a></td><td>UDP</td><td>2345</td>" +
+            "<table><tr><th>No.</th><th>Id</th><th>Name</th><th>Protocol</th><th>Port</th><th>Members</th></tr>" +
+            "<tr><td>1</td><td>41</td><td><a name=svc1>ServiceGroup1</a></td><td></td><td></td><td>Service1</td>" +
+            "<tr><td>2</td><td>31</td><td><a name=svc2>Service1</a></td><td>TCP</td><td>1234</td><td></td>" +
+            "<tr><td>3</td><td>0</td><td><a name=svc3></a></td><td></td><td></td><td></td>" +
+            "<tr><td>4</td><td>32</td><td><a name=svc4>Service2</a></td><td>UDP</td><td>2345</td><td></td>" +
             "</table><hr>" +
 
             "<h3>Global Common Services</h3><table>" +
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index d21e8d7b6..605bdd462 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -51,7 +51,7 @@
                             </Template>
                         </Column>
                         <DetailTemplate TableItem="NetworkObject">
-                            <Detail Title="@(userConfig.GetText("type"))" Data=@userConfig.GetText(context.Type.Name) />
+                            <Detail Title="@(userConfig.GetText("type"))" Data=@(context.Type != null && context.Type.Name != "" ? userConfig.GetText(context.Type.Name) : "") />
                             <Detail Title="@(userConfig.GetText("uid"))" Data=@context.Uid />
                             <Detail Title="@(userConfig.GetText("ip"))" Data=@NwObjDisplay.DisplayIp(context.IP, context.IpEnd, context.Type.Name) />
                             <Detail Title="@(userConfig.GetText("zone"))" Data=@context.Zone?.Name />
@@ -119,7 +119,7 @@
                             </Template>
                         </Column>
                         <DetailTemplate TableItem="NetworkService">
-                            <Detail Title="@(userConfig.GetText("type"))" Data=@userConfig.GetText(context.Type.Name) />
+                            <Detail Title="@(userConfig.GetText("type"))" Data=@(context.Type != null && context.Type.Name != "" ? userConfig.GetText(context.Type.Name) : "") />
                             <Detail Title="@(userConfig.GetText("uid"))" Data=@context.Uid />
                             @if (context.Type.Name != ObjectType.Group)
                             {
@@ -193,7 +193,7 @@
                             </Template>
                         </Column>
                         <DetailTemplate TableItem="NetworkUser">
-                            <Detail Title="@(userConfig.GetText("type"))" Data=@(context.Type != null ? userConfig.GetText(context.Type?.Name) : "") />
+                            <Detail Title="@(userConfig.GetText("type"))" Data=@(context.Type != null && context.Type.Name != "" ? userConfig.GetText(context.Type.Name) : "") />
                             <Detail Title="@(userConfig.GetText("uid"))" Data=@context.Uid />
                             <Detail Title="@(userConfig.GetText("real_name"))" Data=@($"{context.FirstName} {context.LastName}") />
                             @if (context.Type != null && context.Type.Name == ObjectType.Group && context.UserGroups != null && context.UserGroupFlats != null)

From 635e05edc43e57d7a28da58f0b5e5089776e4f7a Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Thu, 14 Mar 2024 13:30:43 +0100
Subject: [PATCH 38/84] fix customize modelling sample script exclude RES lines

---
 .../files/FWO.UI/Shared/SettingsLayout.razor  |  2 +-
 .../modelling/convertNwObjDataExample.py      | 78 ++++++++++---------
 2 files changed, 41 insertions(+), 39 deletions(-)

diff --git a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
index 2b46254b7..8d95179cf 100644
--- a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
@@ -142,7 +142,7 @@
                 <h5>@(userConfig.GetText("personal"))</h5>
             </li>
             <li class="nav-item px-2">
-                @if (userConfig.User.Dn.EndsWith("dc=fworch,dc=internal"))
+                @if (userConfig.User.Dn.EndsWith(GlobalConst.kLdapInternalPostfix))
                 {
                     <NavLink class="nav-link" href="settings/password">
                         <span class="@Icons.Login"></span> @(userConfig.GetText("password"))
diff --git a/scripts/customizing/modelling/convertNwObjDataExample.py b/scripts/customizing/modelling/convertNwObjDataExample.py
index a43a18e14..1fc77983d 100644
--- a/scripts/customizing/modelling/convertNwObjDataExample.py
+++ b/scripts/customizing/modelling/convertNwObjDataExample.py
@@ -120,44 +120,46 @@ def extractSocketInfo(asset, services):
     normSubnetData = { "subnets": {}, "zones": {}, "areas": {} }
     snId = 0
     for subnet in subnetAr:
-        naId = subnet['Subnetzname'][2:4]
-        subnetIp = subnet['Subnetzadresse']
-        netmask = subnet['Subnetzmaske']
-        cidr = str(ipaddress.ip_network(subnetIp + '/' + netmask))
-        
-        nameParts = subnet['Subnetzname'].split('.')
-        zoneName = nameParts[1]
-        if len(nameParts)>=3:
-            subnetName = nameParts[2]
-        else:
-            subnetName = ""
-
-        zoneNamePartsDots = nameParts[0].split('.')
-
-        zoneNamePartsUnderscore = zoneNamePartsDots[0].split('_')
-        zoneId = zoneNamePartsUnderscore[0][2:7]
-        areaName = '_'.join(zoneNamePartsUnderscore[1:])
-        normSubnet = {
-            "na-id": naId,
-            "na-name": areaName,
-            "zone-id": zoneId,
-            "zone-name": zoneName,
-            "ip": cidr,
-            "name": subnetName
-        }
-        normSubnetData['subnets'].update({ snId: normSubnet})
-        snId += 1;
-
-        # filling areas
-        if not naId in normSubnetData['areas']:
-            normSubnetData['areas'].update({ naId: {"area-name": areaName, "area-id": naId, "subnets": [], "zones": [] }})
-        normSubnetData['areas'][naId]['subnets'].append({"ip": cidr, "name": subnetName })
-        normSubnetData['areas'][naId]['zones'].append({"zone-id": zoneId, "zone-name": zoneName })
-
-        # filling zones
-        if not zoneId in normSubnetData['zones']:
-            normSubnetData['zones'].update({ zoneId: { "zone-name": zoneName, "subnets": [] }})
-        normSubnetData['zones'][zoneId]['subnets'].append({"ip": cidr, "name": subnetName })
+        # ignore all "reserved" subnets whose name starts with "RES"
+        if not subnet['Subnetzname'].startswith('RES'):
+            naId = subnet['Subnetzname'][2:4]
+            subnetIp = subnet['Subnetzadresse']
+            netmask = subnet['Subnetzmaske']
+            cidr = str(ipaddress.ip_network(subnetIp + '/' + netmask))
+            
+            nameParts = subnet['Subnetzname'].split('.')
+            zoneName = nameParts[1]
+            if len(nameParts)>=3:
+                subnetName = nameParts[2]
+            else:
+                subnetName = ""
+
+            zoneNamePartsDots = nameParts[0].split('.')
+
+            zoneNamePartsUnderscore = zoneNamePartsDots[0].split('_')
+            zoneId = zoneNamePartsUnderscore[0][2:7]
+            areaName = '_'.join(zoneNamePartsUnderscore[1:])
+            normSubnet = {
+                "na-id": naId,
+                "na-name": areaName,
+                "zone-id": zoneId,
+                "zone-name": zoneName,
+                "ip": cidr,
+                "name": subnetName
+            }
+            normSubnetData['subnets'].update({ snId: normSubnet})
+            snId += 1;
+
+            # filling areas
+            if not naId in normSubnetData['areas']:
+                normSubnetData['areas'].update({ naId: {"area-name": areaName, "area-id": naId, "subnets": [], "zones": [] }})
+            normSubnetData['areas'][naId]['subnets'].append({"ip": cidr, "name": subnetName })
+            normSubnetData['areas'][naId]['zones'].append({"zone-id": zoneId, "zone-name": zoneName })
+
+            # filling zones
+            if not zoneId in normSubnetData['zones']:
+                normSubnetData['zones'].update({ zoneId: { "zone-name": zoneName, "subnets": [] }})
+            normSubnetData['zones'][zoneId]['subnets'].append({"ip": cidr, "name": subnetName })
 
     # transform output
     transfSubnetData = { "areas": [] }

From 432aa061a6ef42341bedb961628a7ba0cfc49ffe Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Thu, 14 Mar 2024 13:31:59 +0100
Subject: [PATCH 39/84] fix: public key not mandatory for creds

---
 .../FWO.Api.Client/APIcalls/device/updateCredential.graphql     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/device/updateCredential.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/device/updateCredential.graphql
index bfe99e178..2b3f562ea 100644
--- a/roles/lib/files/FWO.Api.Client/APIcalls/device/updateCredential.graphql
+++ b/roles/lib/files/FWO.Api.Client/APIcalls/device/updateCredential.graphql
@@ -2,7 +2,7 @@ mutation updateCredential(
   $id: Int!
   $username: String!
   $secret: String!
-  $sshPublicKey: String!
+  $sshPublicKey: String
   $credential_name: String!
   $isKeyPair: Boolean
   $cloudClientId: String

From 0c11d3056fbb810cfaad4f0c5e2389f165a53bbc Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Thu, 14 Mar 2024 13:32:31 +0100
Subject: [PATCH 40/84] doc: how to add a project to a dotnet solution

---
 .../developer-docs/csharp/blazor/blazorTable/README.md      | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/documentation/developer-docs/csharp/blazor/blazorTable/README.md b/documentation/developer-docs/csharp/blazor/blazorTable/README.md
index c1bde0e1a..53aae6b83 100644
--- a/documentation/developer-docs/csharp/blazor/blazorTable/README.md
+++ b/documentation/developer-docs/csharp/blazor/blazorTable/README.md
@@ -1,2 +1,8 @@
 -  [Github Site](https://github.com/IvanJosipovic/BlazorTable)
 -  [Feature Site](https://blazortable.netlify.app/)
+- adding a project to the solution
+
+            tim@acantha22:~/dev/firewall-orchestrator/roles$ dotnet sln FWO.sln add lib/files/FWO.Encryption/FWO.Encryption.csproj
+            Project `lib/files/FWO.Encryption/FWO.Encryption.csproj` added to the solution.
+            tim@acantha22:~/dev/firewall-orchestrator/roles$ 
+            
\ No newline at end of file

From 8ff813ff77e529ef3d0352d7de1aaae752260371 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Thu, 14 Mar 2024 13:54:11 +0100
Subject: [PATCH 41/84] fixes

---
 .../Ast/AstNodeFilterNetwork.cs               | 11 ++---
 .../Ast/AstNodeFilterString.cs                | 41 +++++++++++++++----
 .../Reporting/ReportTemplateComponent.razor   |  2 +-
 .../ui/files/FWO.UI/Shared/RightSidebar.razor |  2 +-
 4 files changed, 39 insertions(+), 17 deletions(-)

diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs
index 5f51f70e1..014f849ec 100644
--- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs
+++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterNetwork.cs
@@ -1,10 +1,5 @@
 using NetTools;
-using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Net;
-using System.Text;
-using System.Threading.Tasks;
 using FWO.Logging;
 
 namespace FWO.Report.Filter.Ast
@@ -42,7 +37,8 @@ private DynGraphqlQuery ExtractDestinationFilter(DynGraphqlQuery query)
             {
                 string QueryVarName = AddVariable<string>(query, "dst", Operator.Kind, Value.Text);
                 query.ruleWhereStatement += $"rule_tos: {{ object: {{ objgrp_flats: {{ objectByObjgrpFlatMemberId: {{ obj_name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }} }}";
-                query.connectionWhereStatement += $"nwobject_connections: {{connection_field: {{ _eq: 2 }}, owner_network: {{name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }}";
+                query.connectionWhereStatement += $"_or: [ {{ nwobject_connections: {{connection_field: {{ _eq: 2 }}, owner_network: {{name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }}, " +
+                    $"{{ nwgroup_connections: {{connection_field: {{ _eq: 2 }}, nwgroup: {{ name: {{ {ExtractOperator()}: ${QueryVarName} }}  }} }} }} ]";
             }
             return query;
         }
@@ -56,7 +52,8 @@ private DynGraphqlQuery ExtractSourceFilter(DynGraphqlQuery query)
             {
                 string QueryVarName = AddVariable<string>(query, "src", Operator.Kind, Value.Text);
                 query.ruleWhereStatement += $"rule_froms: {{ object: {{ objgrp_flats: {{ objectByObjgrpFlatMemberId: {{ obj_name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }} }}";
-                query.connectionWhereStatement += $"nwobject_connections: {{connection_field: {{ _eq: 1 }}, owner_network: {{name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }}";
+                query.connectionWhereStatement += $"_or: [ {{ nwobject_connections: {{connection_field: {{ _eq: 1 }}, owner_network: {{name: {{ {ExtractOperator()}: ${QueryVarName} }} }} }} }}, " +
+                    $"{{ nwgroup_connections: {{connection_field: {{ _eq: 1 }}, nwgroup: {{ name: {{ {ExtractOperator()}: ${QueryVarName} }}  }} }} }} ]";
             }
             return query;
         }
diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs
index c6a7d8b3b..f22701fbd 100644
--- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs
+++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs
@@ -48,16 +48,41 @@ private DynGraphqlQuery ExtractFullTextFilter(DynGraphqlQuery query)
             string queryVarName = AddVariable<string>(query, "fullTextFiler", Operator.Kind, semanticValue!);
             string queryOperator = ExtractOperator();
 
-            List<string> ruleFieldNames = new () { "rule_src", "rule_dst", "rule_svc", "rule_action", "rule_name", "rule_comment", "rule_uid" };  // TODO: add comment later
+            List<string> ruleFieldNames = new () { "rule_src", "rule_dst", "rule_svc", "rule_action", "rule_name", "rule_comment", "rule_uid" };
             List<string> ruleSearchParts = new ();
             foreach (string field in ruleFieldNames)
+            {
                 ruleSearchParts.Add($"{{{field}: {{{queryOperator}: ${queryVarName} }} }} ");
+            }
             query.ruleWhereStatement += $"_or: [ {string.Join(", ", ruleSearchParts)} ]";
-            //     List<string> connFieldNames = new () { "name" };
-            //     List<string> connSearchParts = new ();
-            //     foreach (string field in connFieldNames)
-            //         connSearchParts.Add($"{{{field}: {{{queryOperator}: ${queryVarName} }} }} ");
-            //     query.connectionWhereStatement += $"_or: [ {string.Join(", ", connSearchParts)} ]";
+
+            List<string> connFieldNames = new () { "name", "reason" /*, "creator" */ };
+            List<string> nwobjFieldNames = new () { "name" /*, "creator" */ };
+            List<string> nwGroupFieldNames = new () { "id_string", "name", "comment" /*, "creator" */ };
+            List<string> svcFieldNames = new () { "name" };
+            List<string> svcGroupFieldNames = new () { "name", "comment" /*, "creator" */ };
+            List<string> connSearchParts = new ();
+            foreach (string field in connFieldNames)
+            {
+                connSearchParts.Add($"{{{field}: {{{queryOperator}: ${queryVarName} }} }} ");
+            }
+            foreach (string field in nwobjFieldNames)
+            {
+                connSearchParts.Add($"{{ nwobject_connections: {{owner_network: {{{field}: {{{queryOperator}: ${queryVarName} }} }} }} }} ");
+            }
+            foreach (string field in nwGroupFieldNames)
+            {
+                connSearchParts.Add($"{{ nwgroup_connections: {{nwgroup: {{{field}: {{{queryOperator}: ${queryVarName} }} }} }} }} ");
+            }
+            foreach (string field in svcFieldNames)
+            {
+                connSearchParts.Add($"{{ service_connections: {{service: {{{field}: {{{queryOperator}: ${queryVarName} }} }} }} }} ");
+            }
+            foreach (string field in svcGroupFieldNames)
+            {
+                connSearchParts.Add($"{{ service_group_connections: {{service_group: {{{field}: {{{queryOperator}: ${queryVarName} }} }} }} }} ");
+            }
+            query.connectionWhereStatement += $"_or: [ {string.Join(", ", connSearchParts)} ]";
             return query;
         }
 
@@ -112,8 +137,8 @@ private DynGraphqlQuery ExtractActionFilter(DynGraphqlQuery query)
         private DynGraphqlQuery ExtractServiceFilter(DynGraphqlQuery query)
         {
             string queryVarName = AddVariable<string>(query, "svc", Operator.Kind, semanticValue!);
-            query.ruleWhereStatement += $"rule_services: {{service: {{svcgrp_flats: {{serviceBySvcgrpFlatMemberId: {{svc_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} }}";
-            query.connectionWhereStatement += $"service_connections: {{service: {{name: {{ {ExtractOperator()}: ${queryVarName} }} }} }}";
+            query.ruleWhereStatement += $"rule_services: {{ service: {{svcgrp_flats: {{serviceBySvcgrpFlatMemberId: {{svc_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} }} ";
+            query.connectionWhereStatement += $"_or: [ {{ service_connections: {{service: {{name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }}, {{ service_group_connections: {{service_group: {{name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} ]";
             return query;
         }
     }
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
index cc15c5c8d..afbd3a166 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
@@ -146,7 +146,7 @@
 
 <ConfirmDelete @bind-Display="ShowDeleteTemplateDialog" PerformAction="DeleteTemplate" Title="@(userConfig.GetText("report_template"))" 
     DeleteMessage="@(userConfig.GetText("U1002") + " " + reportTemplateInEdit.Name + " ?")"
-    AllowedRoles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}")"/>
+    AllowedRoles="@($"{Roles.Admin}, {Roles.FwAdmin}, {Roles.Reporter}, {Roles.ReporterViewAll}, {Roles.Modeller}")"/>
 
 
 @code
diff --git a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
index 63a703857..7f07edf74 100644
--- a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
+++ b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
@@ -75,7 +75,7 @@
                         </div>
                         <div class="mt-2">
                             <CascadingValue Value="collapseSidebarReport">
-                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.usedObj" InputDataType="OwnerReport" 
+                                <ObjectGroupCollection FetchObjects="FetchContent" Recert="false" Tab="RsbTab.usedObj" StartCollapsed="false" InputDataType="OwnerReport" 
                                     Data="CurrentReport.ReportData.OwnerData"
                                     NameExtractor="own => own.Name" 
                                     NetworkObjectExtractor="own => own.GetAllNetworkObjects()"

From c3a62c5cc73d53c9ce0bba99ad8fab06e3a4cc1b Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Thu, 14 Mar 2024 17:13:17 +0100
Subject: [PATCH 42/84] adding global consts

---
 roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
index 34b63ba5b..3735502cc 100644
--- a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
@@ -5,6 +5,9 @@ namespace FWO.Api.Data
     /// </summary>
     public struct GlobalConst
     {
+        public const string kFwoBaseDir = "/usr/local/fworch";
+        public const string kMainKeyFile = kFwoBaseDir + "/etc/secrets/main_key";
+
         public const string kEnglish = "English";
 
         public const int kSidebarLeftWidth = 300;
@@ -25,5 +28,8 @@ public struct GlobalConst
         public const string kManual = "manual";
         public const string kModellerGroup = "ModellerGroup_";
         public const string kImportChangeNotify = "importChangeNotify";
+
+        public const string kLdapInternalPostfix = "dc=fworch,dc=internal";
+
     }
 }

From f20d2ade26577b1e1183f48a6e601897a4bf80d2 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Fri, 15 Mar 2024 12:36:42 +0100
Subject: [PATCH 43/84] maybe this already helps

---
 .../FWO.UI/Pages/NetworkModelling/NetworkModelling.razor   | 4 ++--
 roles/ui/files/FWO.UI/Pages/Reporting/Report.razor         | 7 +++----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
index 45f57cad1..213b7026a 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/NetworkModelling.razor
@@ -123,13 +123,13 @@ else
         {
             if(!tabSelected)
             {
-                appHandler.InitActiveTab();
                 tabSelected = true;
+                appHandler.InitActiveTab();
             }
             else if(restoreTab)
             {
-                appHandler.RestoreTab();
                 restoreTab = false;
+                appHandler.RestoreTab();
             }
         }
     }
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 6e27978f7..02b8f779f 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -262,8 +262,8 @@
     {
         if(autoGenerateReport)
         {
-            await GenerateReport();
             autoGenerateReport = false;
+            await GenerateReport();
         }
     }
 
@@ -384,9 +384,6 @@
 
     private async Task PrepareReportGeneration()
     {
-        // collapse report templates
-        reportTemplateControl.Collapse();
-
         // check for unsupported devices
         if(actReportFilters.ReportType == ReportType.UnusedRules)
         {
@@ -472,6 +469,8 @@
 
     private void PostProcess()
     {
+        reportTemplateControl.Collapse();
+
         if(actReportFilters.ReportType.IsDeviceRelatedReport() && currentReport.NoRuleFound())
         {
             if(currentReport is ReportRules || currentReport is ReportNatRules)

From d4d889455e138aab69ed44488b0f52ac20f763eb Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Mon, 18 Mar 2024 10:10:04 +0100
Subject: [PATCH 44/84] hotfix deletionof demo devices

---
 roles/sample-data/tasks/create-devices.yml | 15 ++++++--
 roles/test/handlers/main.yml               | 40 ++--------------------
 roles/test/tasks/test-importer.yml         |  1 -
 3 files changed, 14 insertions(+), 42 deletions(-)

diff --git a/roles/sample-data/tasks/create-devices.yml b/roles/sample-data/tasks/create-devices.yml
index e79434b41..0ed571f52 100644
--- a/roles/sample-data/tasks/create-devices.yml
+++ b/roles/sample-data/tasks/create-devices.yml
@@ -5,6 +5,15 @@
     importer_hostname: "{{ hostvars[inventory_hostname].ansible_hostname }}"
   when: importer_hostname == 'localhost'
 
+- name: default credential id = -1 (test)
+  set_fact:
+    credential_id: -1
+
+- name: pick the correct credential id
+  set_fact:
+    credential_id: 0
+  when: sample_role_purpose is not match('test')
+
 - block: # demo & test
 
     - name: insert sample fortiOS management
@@ -14,7 +23,7 @@
           DO $do$ BEGIN 
           IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_fortigate_name }}') THEN 
           insert into management (dev_typ_id,mgm_name,import_credential_id,ssh_hostname,do_not_import,importer_hostname) 
-          VALUES (24,'{{ sample_fortigate_name }}',-1,'{{ demo_fos_uri }}',false,'{{ importer_hostname }}'); 
+          VALUES (24,'{{ sample_fortigate_name }}',{{ credential_id }},'{{ demo_fos_uri }}',false,'{{ importer_hostname }}'); 
           END IF; END $do$ 
 
     - name: insert sample fortiOS gateway
@@ -40,7 +49,7 @@
             IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_checkpoint_name }}') THEN 
               insert into management 
                 (dev_typ_id,mgm_name,import_credential_id,ssh_hostname,do_not_import,importer_hostname) 
-                VALUES (9,'{{ sample_checkpoint_name }}',-1,'{{ demo_cpr8x_uri }}',false,'{{ importer_hostname }}'); 
+                VALUES (9,'{{ sample_checkpoint_name }}',{{ credential_id }},'{{ demo_cpr8x_uri }}',false,'{{ importer_hostname }}'); 
             END IF;
           END $do$ 
 
@@ -66,7 +75,7 @@
           DO $do$ BEGIN 
           IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_checkpoint_name }}') THEN 
           insert into management (dev_typ_id,mgm_name,import_credential_id,ssh_hostname,do_not_import,importer_hostname) 
-          VALUES (9,'{{ sample_checkpoint_name }}',-1,'{{ sample_checkpoint_uri }}',false,'dummy importer hostname'); 
+          VALUES (9,'{{ sample_checkpoint_name }}',{{ credential_id }},'{{ sample_checkpoint_uri }}',false,'dummy importer hostname'); 
           END IF; END $do$ 
 
     - name: insert test check point R8x gateway {{ sample_checkpoint_name }}
diff --git a/roles/test/handlers/main.yml b/roles/test/handlers/main.yml
index 7a838b6c7..45cb0a591 100644
--- a/roles/test/handlers/main.yml
+++ b/roles/test/handlers/main.yml
@@ -15,24 +15,6 @@
   listen: "test importer handler"
 
 - block:
-  - name: delete test fortinet gateway
-    postgresql_query:
-      db: "{{ fworch_db_name }}"
-      query: >
-        DO $do$ BEGIN 
-        DELETE FROM device WHERE dev_name='{{ test_fortigate_name }}'; 
-        END $do$ 
-    listen: "test importer handler"
-
-  - name: delete test fortinet management
-    postgresql_query:
-      db: "{{ fworch_db_name }}"
-      query: >
-        DO $do$ BEGIN 
-        DELETE FROM management WHERE mgm_name='{{ test_fortigate_name }}'; 
-        END $do$
-    listen: "test importer handler"
-
   - name: delete test checkpoint R8x credentials cascading to deletion of mgmt and gw 
     postgresql_query:
       db: "{{ fworch_db_name }}"
@@ -42,30 +24,12 @@
         END $do$ 
     listen: "test importer handler"
 
-  - name: delete tenant tenant1
-    postgresql_query:
-      db: "{{ fworch_db_name }}"
-      query: >
-        DO $do$ BEGIN 
-        DELETE FROM tenant WHERE tenant_name='tenant1{{ sample_postfix }}'; 
-        END $do$
-    listen: "test importer handler"
-
-  # - name: delete devices for tenant tenant1
-  #   postgresql_query:
-  #     db: "{{ fworch_db_name }}"
-  #     query: >
-  #       DO $do$ BEGIN 
-  #       DELETE FROM tenant_to_device WHERE tenant_id=(SELECT tenant_id FROM tenant WHERE tenant_name='tenant1{{ sample_postfix }}'); 
-  #       END $do$
-  #   listen: "test importer handler"
-
-  - name: delete tenant tenant2
+  - name: delete tenants tenant1_test and tenant2_test
     postgresql_query:
       db: "{{ fworch_db_name }}"
       query: >
         DO $do$ BEGIN 
-        DELETE FROM tenant WHERE tenant_name='tenant2{{ sample_postfix }}'; 
+        DELETE FROM tenant WHERE tenant_name='tenant1{{ test_postfix }} OR tenant_name='tenant2{{ test_postfix }}'; 
         END $do$
     listen: "test importer handler"
 
diff --git a/roles/test/tasks/test-importer.yml b/roles/test/tasks/test-importer.yml
index d96ca4040..da38ce3a4 100644
--- a/roles/test/tasks/test-importer.yml
+++ b/roles/test/tasks/test-importer.yml
@@ -24,7 +24,6 @@
   become_user: "{{ fworch_user }}"
   environment: "{{ proxy_env }}"
 
-
 - name: make test fortigate import
   command: "python3 ./import-mgm.py -f -s -m{{ test_fortigate_mgm_id.query_result.0.mgm_id }}"
   args:

From a008136e00fb4a2e5ffbd0995fc8bd1ad1e56574 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Mon, 18 Mar 2024 10:14:25 +0100
Subject: [PATCH 45/84] fix2

---
 roles/test/handlers/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/test/handlers/main.yml b/roles/test/handlers/main.yml
index 45cb0a591..257308696 100644
--- a/roles/test/handlers/main.yml
+++ b/roles/test/handlers/main.yml
@@ -29,7 +29,7 @@
       db: "{{ fworch_db_name }}"
       query: >
         DO $do$ BEGIN 
-        DELETE FROM tenant WHERE tenant_name='tenant1{{ test_postfix }} OR tenant_name='tenant2{{ test_postfix }}'; 
+        DELETE FROM tenant WHERE tenant_name='tenant1{{ test_postfix }}' OR tenant_name='tenant2{{ test_postfix }}'; 
         END $do$
     listen: "test importer handler"
 

From 973ad41be7c77c1b4d389a1743ed9345967fbb10 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Mon, 18 Mar 2024 12:44:07 +0100
Subject: [PATCH 46/84] some fixes

---
 .../files/sql/idempotent/fworch-texts.sql     |   4 +
 roles/lib/files/FWO.Api.Client/Data/Icons.cs  |   1 +
 .../Pages/NetworkModelling/EditAppRole.razor  |  91 ++++++++----
 .../Pages/NetworkModelling/EditConn.razor     | 137 ++++++++++++++----
 .../NetworkModelling/EditConnLeftSide.razor   |  17 ++-
 .../Pages/NetworkModelling/EditService.razor  |  22 +--
 .../NetworkModelling/EditServiceGroup.razor   |  99 +++++++++----
 .../NetworkModelling/ManualAppServer.razor    |   2 +-
 .../Services/ModellingAppRoleHandler.cs       |   4 +-
 .../Services/ModellingConnectionHandler.cs    |  34 ++++-
 .../FWO.UI/Services/ModellingHandlerBase.cs   |   7 +-
 .../Services/ModellingServiceGroupHandler.cs  |   5 +-
 .../files/FWO.UI/Shared/ConnectionTable.razor |   2 +-
 roles/ui/files/FWO.UI/wwwroot/css/site.css    |   9 ++
 14 files changed, 318 insertions(+), 116 deletions(-)

diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index 18511ab4c..a0bb00b99 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -1068,6 +1068,8 @@ INSERT INTO txt VALUES ('save_app_role', 	    'German',	'App Rolle speichern');
 INSERT INTO txt VALUES ('save_app_role', 	    'English',	'Save App Role');
 INSERT INTO txt VALUES ('delete_app_role', 	    'German',	'App Rolle l&ouml;schen');
 INSERT INTO txt VALUES ('delete_app_role', 	    'English',	'Delete App Role');
+INSERT INTO txt VALUES ('display_app_role',     'German',	'App Rolle darstellen');
+INSERT INTO txt VALUES ('display_app_role',     'English',	'Display App Role');
 INSERT INTO txt VALUES ('to_app_role', 	        'German',	'Zu App Rolle');
 INSERT INTO txt VALUES ('to_app_role', 	        'English',	'To App Role');
 INSERT INTO txt VALUES ('add_service', 	        'German',	'Dienst hinzuf&uuml;gen');
@@ -1106,6 +1108,8 @@ INSERT INTO txt VALUES ('save_service_group', 	'German',	'Dienstgruppe speichern
 INSERT INTO txt VALUES ('save_service_group', 	'English',	'Save Service Group');
 INSERT INTO txt VALUES ('delete_service_group', 'German',	'Dienstgruppe l&ouml;schen');
 INSERT INTO txt VALUES ('delete_service_group', 'English',	'Delete Service Group');
+INSERT INTO txt VALUES ('display_service_group','German',	'Dienstgruppe darstellen');
+INSERT INTO txt VALUES ('display_service_group','English',	'Display Service Group');
 INSERT INTO txt VALUES ('add_app_server', 	    'German',	'Neuer App Server');
 INSERT INTO txt VALUES ('add_app_server', 	    'English',	'New App Server');
 INSERT INTO txt VALUES ('edit_app_server', 	    'German',	'App Server bearbeiten');
diff --git a/roles/lib/files/FWO.Api.Client/Data/Icons.cs b/roles/lib/files/FWO.Api.Client/Data/Icons.cs
index 4cb039bb1..138dc398b 100644
--- a/roles/lib/files/FWO.Api.Client/Data/Icons.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/Icons.cs
@@ -15,6 +15,7 @@ public struct Icons
         public const string Edit = "oi oi-wrench";
         public const string Delete = "oi oi-trash";
         public const string Search = "oi oi-magnifying-glass";
+        public const string Display = "oi oi-eye";
         public const string Use = "oi oi-arrow-thick-right";
         public const string Unuse = "oi oi-arrow-thick-left";
         public const string Close = "oi oi-x";
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
index f1b88e31d..95769cbf1 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
@@ -6,20 +6,24 @@
 
 @if (Display)
 {
-    <PopUp Title="@(AddMode ? userConfig.GetText("add_app_role") : userConfig.GetText("edit_app_role"))" Size=PopupSize.XLarge Show="@Display" OnClose="Close">
+    <PopUp Title="@(AppRoleHandler.ReadOnly ? "" : (AddMode ? userConfig.GetText("add_app_role") : userConfig.GetText("edit_app_role")))"
+            Size="@(AppRoleHandler.ReadOnly ? PopupSize.Small : PopupSize.XLarge)" Show="@Display" OnClose="Close">
         <Body>
             <div class="row">
-                <div class="col-sm-6">
-                    <EditAppRoleLeftSide @bind-Container="Container" @bind-Width="sidebarLeftWidth" @bind-AppRoleHandler="AppRoleHandler"/>
-                </div>
-                <div class="col-sm-6">
+                @if(!AppRoleHandler.ReadOnly)
+                {
+                    <div class="col-sm-6">
+                        <EditAppRoleLeftSide @bind-Container="Container" @bind-Width="sidebarLeftWidth" @bind-AppRoleHandler="AppRoleHandler"/>
+                    </div>
+                }
+                <div class="@(AppRoleHandler.ReadOnly ? "col-sm-12" : "col-sm-6")">
                     <h3>@(userConfig.GetText("app_role"))</h3>
                     <div class="col-sm-11 border rounded m-2 p-2">
                         @if(AppRoleHandler.NamingConvention.NetworkAreaRequired)
                         {
                             <div class="form-group row">
                                 <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("area"))*:</label>
-                                @if(AddMode)
+                                @if(AddMode && ! AppRoleHandler.ReadOnly)
                                 {
                                     <div class="col-sm-8">
                                         <Dropdown ElementType="ModellingNetworkArea" SelectedElement="AppRoleHandler.ActAppRole.Area" ElementToString="@(a => a.Display())" 
@@ -38,7 +42,11 @@
                         }
                         <div class="form-group row mt-2">
                             <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("id"))*:</label>
-                            @if(AppRoleHandler.NamingConvention.NetworkAreaRequired)
+                            @if(AppRoleHandler.ReadOnly)
+                            {
+                                <label class="col-sm-8">@AppRoleHandler.ActAppRole.IdString</label>
+                            }
+                            else if(AppRoleHandler.NamingConvention.NetworkAreaRequired)
                             {
                                 <input type="text" class="col-sm-4" readonly @bind="AppRoleHandler.ActAppRole.ManagedIdString.CombinedFixPart" />
                                 <span class="col-sm-1">@AppRoleHandler.ActAppRole.ManagedIdString.Separator</span>
@@ -51,31 +59,55 @@
                         </div>
                         <div class="form-group row mt-2">
                             <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("name"))*:</label>
-                            <input type="text" class="col-sm-8" @bind="AppRoleHandler.ActAppRole.Name" />
+                            @if(AppRoleHandler.ReadOnly)
+                            {
+                                <label class="col-sm-8">@AppRoleHandler.ActAppRole.Name</label>
+                            }
+                            else
+                            {
+                                <input type="text" class="col-sm-8" @bind="AppRoleHandler.ActAppRole.Name" />
+                            }
                         </div>
                         <div class="form-group row mt-2">
                             <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("comment")):</label>
-                            <input type="text" class="col-sm-8" @bind="AppRoleHandler.ActAppRole.Comment" />
+                            @if(AppRoleHandler.ReadOnly)
+                            {
+                                <label class="col-sm-8">@AppRoleHandler.ActAppRole.Comment</label>
+                            }
+                            else
+                            {
+                                <input type="text" class="col-sm-8" @bind="AppRoleHandler.ActAppRole.Comment" />
+                            }
                         </div>
                         <br>
                         <div class="col-sm-12">
                             <h6>@(userConfig.GetText("app_server"))</h6>
-                            <div class="minheight-dropzone bg-secondary dropzone" 
-                                ondragover="event.preventDefault();"
-                                ondragstart="event.dataTransfer.setData('', event.target.id);"
-                                @ondrop="HandleServerDrop">
-                                <EditList ElementType="ModellingAppServer" Elements="ModellingAppServerWrapper.Resolve(AppRoleHandler.ActAppRole.AppServers)" ElementsToAdd="AppRoleHandler.AppServerToAdd" ElementsToDelete="AppRoleHandler.AppServerToDelete" StdLayout="false">
-                                    <Display>
-                                        <div class="row">
-                                            <div class="col-sm-12 ms-2 bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
-                                        </div>
-                                    </Display>
-                                </EditList>
-                            </div>
+                            @if(AppRoleHandler.ReadOnly)
+                            {
+                                foreach(var appserver in ModellingAppServerWrapper.Resolve(AppRoleHandler.ActAppRole.AppServers))
+                                {
+                                    <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)appserver.DisplayWithIcon())</div>
+                                }
+                            }
+                            else
+                            {
+                                <div class="minheight-dropzone bg-secondary dropzone" 
+                                    ondragover="event.preventDefault();"
+                                    ondragstart="event.dataTransfer.setData('', event.target.id);"
+                                    @ondrop="HandleServerDrop">
+                                    <EditList ElementType="ModellingAppServer" Elements="ModellingAppServerWrapper.Resolve(AppRoleHandler.ActAppRole.AppServers)" ElementsToAdd="AppRoleHandler.AppServerToAdd" ElementsToDelete="AppRoleHandler.AppServerToDelete" StdLayout="false">
+                                        <Display>
+                                            <div class="row">
+                                                <div class="col-sm-12 ms-2 bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
+                                            </div>
+                                        </Display>
+                                    </EditList>
+                                </div>
+                            }
                         </div>
                         @if(!AddMode)
                         {
-                            <label class="col-sm-12 small">@(userConfig.GetText("created_by")): @(AppRoleHandler.ActAppRole.Creator), @(userConfig.GetText("creation_date")): @(AppRoleHandler.ActAppRole.CreationDate)</label>
+                            <label class="col-sm-12 small mt-2">@(userConfig.GetText("created_by")): @(AppRoleHandler.ActAppRole.Creator), @(userConfig.GetText("creation_date")): @(AppRoleHandler.ActAppRole.CreationDate)</label>
                         }
                     </div>
                 </div>
@@ -83,15 +115,22 @@
         </Body>
         <Footer>
             <div class="btn-group">
-                @if(AppRoleHandler.IsOwner)
+                @if(AppRoleHandler.ReadOnly)
                 {
-                    <button type="button" class="btn btn-sm btn-primary" @onclick="async () => {if(await AppRoleHandler.Save()) Close();}">@(userConfig.GetText("save"))</button>
+                    <button type="button" class="btn btn-sm btn-primary" @onclick="Close">@(userConfig.GetText("ok"))</button>
                 }
                 else
                 {
-                    <button type="button" class="btn btn-sm btn-primary" disabled>@(userConfig.GetText("save"))</button>
+                    @if(AppRoleHandler.IsOwner)
+                    {
+                        <button type="button" class="btn btn-sm btn-primary" @onclick="async () => {if(await AppRoleHandler.Save()) Close();}">@(userConfig.GetText("save"))</button>
+                    }
+                    else
+                    {
+                        <button type="button" class="btn btn-sm btn-primary" disabled>@(userConfig.GetText("save"))</button>
+                    }
+                    <button type="button" class="btn btn-sm btn-secondary" @onclick="Close">@(userConfig.GetText("cancel"))</button>
                 }
-                <button type="button" class="btn btn-sm btn-secondary" @onclick="Close">@(userConfig.GetText("cancel"))</button>
             </div>
         </Footer>
     </PopUp>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
index bbc92c6e4..fb9734ea2 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
@@ -19,11 +19,25 @@
             <div class="col-sm-11 border rounded m-2 p-2">
                 <div class="form-group row me-auto">
                     <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("title"))*:</label>
-                    <input type="text" class="col-sm-9" @bind="ConnHandler.ActConn.Name" />
+                    @if(ConnHandler.ReadOnly)
+                    {
+                        <label class="col-sm-9">@ConnHandler.ActConn.Name</label>
+                    }
+                    else
+                    {
+                        <input type="text" class="col-sm-9" @bind="ConnHandler.ActConn.Name" />
+                    }
                 </div>
                 <div class="form-group row mt-2 me-auto">
                     <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("func_reason"))*:</label>
-                    <textarea rows="3" type="text" class="col-sm-9" @bind="ConnHandler.ActConn.Reason" />
+                    @if(ConnHandler.ReadOnly)
+                    {
+                        <label class="col-sm-9">@ConnHandler.ActConn.Reason</label>
+                    }
+                    else
+                    {
+                        <textarea rows="3" type="text" class="col-sm-9" @bind="ConnHandler.ActConn.Reason" />
+                    }
                 </div>
                 <br>
                 <div class="form-group row">
@@ -33,15 +47,29 @@
                         {
                             foreach(var src in ModellingNwGroupWrapper.Resolve(ConnHandler.ActConn.SourceNwGroups))
                             {
-                                <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)src.DisplayWithIcon(ConnHandler.ActConn.SrcFromInterface))</div>
+                                <div class="col-sm-10">
+                                    <div class="ml-13 border form-control form-control-sm bg-transparent">@((MarkupString)src.DisplayWithIcon(ConnHandler.ActConn.SrcFromInterface))</div>
+                                </div>
                             }
                             foreach(var src in ModellingAppRoleWrapper.Resolve(ConnHandler.ActConn.SourceAppRoles))
                             {
-                                <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)src.DisplayWithIcon(ConnHandler.ActConn.SrcFromInterface))</div>
+                                <div class="col-sm-12 me-auto">
+                                    <div class="row">
+                                        <div class="col-sm-10">
+                                            <div class="ml-13 border form-control form-control-sm bg-transparent">@((MarkupString)src.DisplayWithIcon(ConnHandler.ActConn.SrcFromInterface))</div>
+                                        </div>
+                                        <div class="col-sm-1">
+                                            <button type="button" class="btn btn-sm btn-primary" @onclick="() => {ConnHandler.DisplayAppRole(src); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                                                @(ConnHandler.DisplayButton("display_app_role", Icons.Display))</button>
+                                        </div>
+                                    </div>
+                                </div>
                             }
                             foreach(var src in ModellingAppServerWrapper.Resolve(ConnHandler.ActConn.SourceAppServers))
                             {
-                                <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)src.DisplayWithIcon(ConnHandler.ActConn.SrcFromInterface))</div>
+                                <div class="col-sm-10">
+                                    <div class="ml-13 border form-control form-control-sm bg-transparent">@((MarkupString)src.DisplayWithIcon(ConnHandler.ActConn.SrcFromInterface))</div>
+                                </div>
                             }
                         }
                         else 
@@ -50,24 +78,30 @@
                                 ondragover="event.preventDefault();"
                                 ondragstart="event.dataTransfer.setData('', event.target.id);"
                                 @ondrop="HandleSrcDrop">
-                                <EditList ElementType="ModellingNwGroup" Elements="ModellingNwGroupWrapper.Resolve(ConnHandler.ActConn.SourceNwGroups)" ElementsToAdd="ConnHandler.SrcNwGroupsToAdd" ElementsToDelete="ConnHandler.SrcNwGroupsToDelete" StdLayout="false" AfterRemoveAction="ConnHandler.CalcVisibility">
+                                <EditList ElementType="ModellingNwGroup" Elements="ModellingNwGroupWrapper.Resolve(ConnHandler.ActConn.SourceNwGroups)"
+                                        ElementsToAdd="ConnHandler.SrcNwGroupsToAdd" ElementsToDelete="ConnHandler.SrcNwGroupsToDelete" StdLayout="false" 
+                                        AfterRemoveAction="() => {ConnHandler.CalcVisibility(); StateHasChanged(); return true;}">
                                     <Display>
                                         <div class="row">
-                                            <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
+                                            <div class="ml-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
                                         </div>
                                     </Display>
                                 </EditList>
-                                <EditList ElementType="ModellingAppRole" Elements="ModellingAppRoleWrapper.Resolve(ConnHandler.ActConn.SourceAppRoles)" ElementsToAdd="ConnHandler.SrcAppRolesToAdd" ElementsToDelete="ConnHandler.SrcAppRolesToDelete" StdLayout="false" AfterRemoveAction="ConnHandler.CalcVisibility">
+                                <EditList ElementType="ModellingAppRole" Elements="ModellingAppRoleWrapper.Resolve(ConnHandler.ActConn.SourceAppRoles)"
+                                        ElementsToAdd="ConnHandler.SrcAppRolesToAdd" ElementsToDelete="ConnHandler.SrcAppRolesToDelete" StdLayout="false"
+                                        AfterRemoveAction="() => {ConnHandler.CalcVisibility(); StateHasChanged(); return true;}">
                                     <Display>
                                         <div class="row">
-                                            <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
+                                            <div class="ml-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
                                         </div>
                                     </Display>
                                 </EditList>
-                                <EditList ElementType="ModellingAppServer" Elements="ModellingAppServerWrapper.Resolve(ConnHandler.ActConn.SourceAppServers)" ElementsToAdd="ConnHandler.SrcAppServerToAdd" ElementsToDelete="ConnHandler.SrcAppServerToDelete" StdLayout="false" AfterRemoveAction="ConnHandler.CalcVisibility">
+                                <EditList ElementType="ModellingAppServer" Elements="ModellingAppServerWrapper.Resolve(ConnHandler.ActConn.SourceAppServers)"
+                                        ElementsToAdd="ConnHandler.SrcAppServerToAdd" ElementsToDelete="ConnHandler.SrcAppServerToDelete" StdLayout="false"
+                                        AfterRemoveAction="() => {ConnHandler.CalcVisibility(); StateHasChanged(); return true;}">
                                     <Display>
                                         <div class="row">
-                                            <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
+                                            <div class="ml-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
                                         </div>
                                     </Display>
                                 </EditList>
@@ -80,11 +114,23 @@
                         {
                             foreach(var grp in ModellingServiceGroupWrapper.Resolve(ConnHandler.ActConn.ServiceGroups))
                             {
-                                <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)grp.DisplayWithIcon(ConnHandler.ActConn.UsedInterfaceId != null))</div>
+                                <div class="col-sm-12 me-auto">
+                                    <div class="row">
+                                        <div class="col-sm-10">
+                                            <div class="ml-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)grp.DisplayWithIcon(ConnHandler.ActConn.UsedInterfaceId != null))</div>
+                                        </div>
+                                        <div class="col-sm-1">
+                                            <button type="button" class="btn btn-sm btn-primary" @onclick="() => {ConnHandler.DisplayServiceGroup(grp); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                                                @(ConnHandler.DisplayButton("display_service_group", Icons.Display))</button>
+                                        </div>
+                                    </div>
+                                </div>
                             }
                             foreach(var svc in ModellingServiceWrapper.Resolve(ConnHandler.ActConn.Services))
                             {
-                                <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)svc.DisplayWithIcon(ConnHandler.ActConn.UsedInterfaceId != null))</div>
+                                <div class="col-sm-10">
+                                    <div class="ml-13 border form-control form-control-sm bg-transparent">@((MarkupString)svc.DisplayWithIcon(ConnHandler.ActConn.UsedInterfaceId != null))</div>
+                                </div>
                             }
                         }
                         else 
@@ -93,17 +139,21 @@
                                 ondragover="event.preventDefault();"
                                 ondragstart="event.dataTransfer.setData('', event.target.id);"
                                 @ondrop="HandleSvcDrop">
-                                <EditList ElementType="ModellingServiceGroup" Elements="ModellingServiceGroupWrapper.Resolve(ConnHandler.ActConn.ServiceGroups)" ElementsToAdd="ConnHandler.SvcGrpToAdd" ElementsToDelete="ConnHandler.SvcGrpToDelete" StdLayout="false" AfterRemoveAction="ConnHandler.CalcVisibility">
+                                <EditList ElementType="ModellingServiceGroup" Elements="ModellingServiceGroupWrapper.Resolve(ConnHandler.ActConn.ServiceGroups)"
+                                        ElementsToAdd="ConnHandler.SvcGrpToAdd" ElementsToDelete="ConnHandler.SvcGrpToDelete" StdLayout="false" 
+                                        AfterRemoveAction="() => {ConnHandler.CalcVisibility(); StateHasChanged(); return true;}">
                                     <Display>
                                         <div class="row">
-                                            <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
+                                            <div class="ml-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
                                         </div>
                                     </Display>
                                 </EditList>
-                                <EditList ElementType="ModellingService" Elements="ModellingServiceWrapper.Resolve(ConnHandler.ActConn.Services)" ElementsToAdd="ConnHandler.SvcToAdd" ElementsToDelete="ConnHandler.SvcToDelete" StdLayout="false" AfterRemoveAction="ConnHandler.CalcVisibility">
+                                <EditList ElementType="ModellingService" Elements="ModellingServiceWrapper.Resolve(ConnHandler.ActConn.Services)"
+                                        ElementsToAdd="ConnHandler.SvcToAdd" ElementsToDelete="ConnHandler.SvcToDelete" StdLayout="false"
+                                        AfterRemoveAction="() => {ConnHandler.CalcVisibility(); StateHasChanged(); return true;}">
                                     <Display>
                                         <div class="row">
-                                            <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
+                                            <div class="ml-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
                                         </div>
                                     </Display>
                                 </EditList>
@@ -116,15 +166,29 @@
                         {
                             foreach(var dst in ModellingNwGroupWrapper.Resolve(ConnHandler.ActConn.DestinationNwGroups))
                             {
-                                <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)dst.DisplayWithIcon(ConnHandler.ActConn.DstFromInterface))</div>
+                                <div class="col-sm-10">
+                                    <div class="ml-13 border form-control form-control-sm bg-transparent">@((MarkupString)dst.DisplayWithIcon(ConnHandler.ActConn.DstFromInterface))</div>
+                                </div>
                             }
                             foreach(var dst in ModellingAppRoleWrapper.Resolve(ConnHandler.ActConn.DestinationAppRoles))
                             {
-                                <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)dst.DisplayWithIcon(ConnHandler.ActConn.DstFromInterface))</div>
+                                <div class="col-sm-12 me-auto">
+                                    <div class="row">
+                                        <div class="col-sm-10">
+                                            <div class="ml-13 border form-control form-control-sm bg-transparent">@((MarkupString)dst.DisplayWithIcon(ConnHandler.ActConn.DstFromInterface))</div>
+                                        </div>
+                                        <div class="col-sm-1">
+                                            <button type="button" class="btn btn-sm btn-primary" @onclick="() => {ConnHandler.DisplayAppRole(dst); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                                                @(ConnHandler.DisplayButton("display_app_role", Icons.Display))</button>
+                                        </div>
+                                    </div>
+                                </div>
                             }
                             foreach(var dst in ModellingAppServerWrapper.Resolve(ConnHandler.ActConn.DestinationAppServers))
                             {
-                                <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)dst.DisplayWithIcon(ConnHandler.ActConn.DstFromInterface))</div>
+                                <div class="col-sm-10">
+                                    <div class="ml-13 border form-control form-control-sm bg-transparent">@((MarkupString)dst.DisplayWithIcon(ConnHandler.ActConn.DstFromInterface))</div>
+                                </div>
                             }
                         }
                         else 
@@ -133,24 +197,30 @@
                                 ondragover="event.preventDefault();"
                                 ondragstart="event.dataTransfer.setData('', event.target.id);"
                                 @ondrop="HandleDstDrop">
-                                <EditList ElementType="ModellingNwGroup" Elements="ModellingNwGroupWrapper.Resolve(ConnHandler.ActConn.DestinationNwGroups)" ElementsToAdd="ConnHandler.DstNwGroupsToAdd" ElementsToDelete="ConnHandler.DstNwGroupsToDelete" StdLayout="false" AfterRemoveAction="ConnHandler.CalcVisibility">
+                                <EditList ElementType="ModellingNwGroup" Elements="ModellingNwGroupWrapper.Resolve(ConnHandler.ActConn.DestinationNwGroups)" 
+                                        ElementsToAdd="ConnHandler.DstNwGroupsToAdd" ElementsToDelete="ConnHandler.DstNwGroupsToDelete" StdLayout="false"
+                                        AfterRemoveAction="() => {ConnHandler.CalcVisibility(); StateHasChanged(); return true;}">
                                     <Display>
                                         <div class="row">
-                                            <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
+                                            <div class="ml-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
                                         </div>
                                     </Display>
                                 </EditList>
-                                <EditList ElementType="ModellingAppRole" Elements="ModellingAppRoleWrapper.Resolve(ConnHandler.ActConn.DestinationAppRoles)" ElementsToAdd="ConnHandler.DstAppRolesToAdd" ElementsToDelete="ConnHandler.DstAppRolesToDelete" StdLayout="false" AfterRemoveAction="ConnHandler.CalcVisibility">
+                                <EditList ElementType="ModellingAppRole" Elements="ModellingAppRoleWrapper.Resolve(ConnHandler.ActConn.DestinationAppRoles)"
+                                        ElementsToAdd="ConnHandler.DstAppRolesToAdd" ElementsToDelete="ConnHandler.DstAppRolesToDelete" StdLayout="false"
+                                        AfterRemoveAction="() => {ConnHandler.CalcVisibility(); StateHasChanged(); return true;}">
                                     <Display>
                                         <div class="row">
-                                            <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
+                                            <div class="ml-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
                                         </div>
                                     </Display>
                                 </EditList>
-                                <EditList ElementType="ModellingAppServer" Elements="ModellingAppServerWrapper.Resolve(ConnHandler.ActConn.DestinationAppServers)" ElementsToAdd="ConnHandler.DstAppServerToAdd" ElementsToDelete="ConnHandler.DstAppServerToDelete" StdLayout="false" AfterRemoveAction="ConnHandler.CalcVisibility">
+                                <EditList ElementType="ModellingAppServer" Elements="ModellingAppServerWrapper.Resolve(ConnHandler.ActConn.DestinationAppServers)"
+                                        ElementsToAdd="ConnHandler.DstAppServerToAdd" ElementsToDelete="ConnHandler.DstAppServerToDelete" StdLayout="false"
+                                        AfterRemoveAction="() => {ConnHandler.CalcVisibility(); StateHasChanged(); return true;}">
                                     <Display>
                                         <div class="row">
-                                            <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
+                                            <div class="ml-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
                                         </div>
                                     </Display>
                                 </EditList>
@@ -164,8 +234,12 @@
                     <label class="col-sm-12 small">@(userConfig.GetText("created_by")): @(ConnHandler.ActConn.Creator), @(userConfig.GetText("creation_date")): @(ConnHandler.ActConn.CreationDate)</label>
                 }
             </div>
-            <div class="mh-13 btn-group">
-                @if(!ConnHandler.ReadOnly)
+            <div class="ml-13 btn-group">
+                @if(ConnHandler.ReadOnly)
+                {
+                    <button type="button" class="btn btn-sm btn-primary" @onclick="Cancel">@(userConfig.GetText("ok"))</button>
+                }
+                else
                 {
                     @if(ConnHandler.IsOwner)
                     {
@@ -175,10 +249,7 @@
                     {
                         <button type="button" class="btn btn-sm btn-primary" disabled>@(userConfig.GetText("save"))</button>
                     }
-                }
-                <button type="button" class="btn btn-sm btn-secondary" @onclick="Cancel">@(userConfig.GetText("cancel"))</button>
-                @if(!ConnHandler.ReadOnly)
-                {
+                    <button type="button" class="btn btn-sm btn-secondary" @onclick="Cancel">@(userConfig.GetText("cancel"))</button>
                     @if(ConnHandler.ActConn.UsedInterfaceId != null)
                     {
                         <button type="button" class="btn btn-sm btn-danger" @onclick="() => ConnHandler.RemoveInterf()">@(ConnHandler.DisplayButton("remove_interface", Icons.Unuse, "interface"))</button>
@@ -187,6 +258,8 @@
             </div>
     </div>
     <InProgress Display="workInProgress"/>
+    <EditServiceGroup @bind-Display="ConnHandler.EditSvcGrpMode" @bind-SvcGroupHandler="ConnHandler.SvcGrpHandler" AddMode="false"/>
+    <EditAppRole @bind-Display="ConnHandler.EditAppRoleMode" @bind-AppRoleHandler="ConnHandler.AppRoleHandler" AddMode="false"/>
 }
 
 @code
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
index 0114d4e05..57d740b08 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
@@ -33,8 +33,11 @@
             </div>
         </div>
         <div class="btn-group mt-1">
-            <button type="button" class="btn btn-sm btn-success" @onclick="SearchNwObject">
-                @(ConnHandler.DisplayButton("search_nw_object", Icons.Search))</button>
+            @if(ConnHandler.Application.CommSvcPossible)
+            {
+                <button type="button" class="btn btn-sm btn-success" @onclick="SearchNwObject">
+                    @(ConnHandler.DisplayButton("search_nw_object", Icons.Search))</button>
+            }
             <button type="button" class="btn btn-sm btn-success" @onclick="() => {ConnHandler.CreateAppRole(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
                 @(ConnHandler.DisplayButton("add_app_role", Icons.Add))</button>
             @if(selectedNwElems.Count == 1)
@@ -99,7 +102,14 @@
                 {
                     @if(selectedSvcElems[0].Key == (int)ModellingTypes.ObjectType.ServiceGroup)
                     {
-                        if(!ResolveSvcGrp(selectedSvcElems[0].Value)?.IsGlobal ?? true)
+                        if(ResolveSvcGrp(selectedSvcElems[0].Value)?.IsGlobal ?? true)
+                        {
+                            <button type="button" class="btn btn-sm btn-primary" @onclick="() =>
+                                {ConnHandler.DisplayServiceGroup(ResolveSvcGrp(selectedSvcElems[0].Value));
+                                ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                                @(ConnHandler.DisplayButton("display_service_group", Icons.Display))</button>
+                        }
+                        else
                         {
                             <button type="button" class="btn btn-sm btn-warning" @onclick="() =>
                                 {ConnHandler.EditServiceGroup(ResolveSvcGrp(selectedSvcElems[0].Value));
@@ -317,6 +327,7 @@
         {
             ConnHandler.ServicesToConn(services);
         }
+        selectedSvcElems = new();
     }
 
     private bool HandleNwDragStart(DragEventArgs e, KeyValuePair<int, long> selectedNwElem)
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
index ced903a9c..b2e443f44 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditService.razor
@@ -11,27 +11,27 @@
         <Body>
             <div class="form-group row">
                 <label class="col-sm-2 col-form-label col-form-label-sm">@(userConfig.GetText("name")):</label>
-                <input type="text" class="col-sm-7" @bind="ServiceHandler.ActService.Name" />
+                <input type="text" class="col-sm-8" @bind="ServiceHandler.ActService.Name" />
             </div>
             <div class="form-group row mt-2">
                 <label class="col-sm-2 col-form-label col-form-label-sm">@(userConfig.GetText("protocol"))*:</label>
-                <div class="col-sm-7">
+                <div class="col-sm-3">
                     <Dropdown ElementType="NetworkProtocol" @bind-SelectedElement="ServiceHandler.ActService.Protocol" ElementToString="@(p => p.Name)" Elements="ipProtos" Nullable="false">
                         <ElementTemplate Context="proto">
                             @proto.Name
                         </ElementTemplate>
                     </Dropdown>
                 </div>
+                @if(!(bool)ServiceHandler.ActService.Protocol?.Name.ToLower().StartsWith("esp"))
+                {
+                    <div class="form-group row col-sm-6">
+                        <label class="col-sm-2 col-form-label col-form-label-sm">@(userConfig.GetText("port"))*:</label>
+                        <input type="number" min="1" max="65535" class="col-sm-4" @bind="ServiceHandler.ActService.Port" />
+                        <label class="col-sm-1 col-form-label col-form-label-sm"> - </label>
+                        <input type="number" min="1" max="65535" class=" col-sm-4" @bind="ServiceHandler.ActService.PortEnd" />
+                    </div>
+                }
             </div>
-            @if(!(bool)ServiceHandler.ActService.Protocol?.Name.ToLower().StartsWith("esp"))
-            {
-                <div class="form-group row mt-2">
-                    <label class="col-sm-2 col-form-label col-form-label-sm">@(userConfig.GetText("port"))*:</label>
-                    <input type="number" min="1" max="65535" class="col-sm-3" @bind="ServiceHandler.ActService.Port" />
-                    <label class="col-sm-1 col-form-label col-form-label-sm"> - </label>
-                    <input type="number" min="1" max="65535" class=" col-sm-3" @bind="ServiceHandler.ActService.PortEnd" />
-                </div>
-            }
         </Body>
         <Footer>
             <div class="btn-group">
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor
index cbf2c3a61..248f68ce8 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditServiceGroup.razor
@@ -6,42 +6,70 @@
 
 @if (Display)
 {
-    <PopUp Title="@(AddMode ? userConfig.GetText("add_service_group") : userConfig.GetText("edit_service_group"))" Size=PopupSize.XLarge Show="@Display" OnClose="Close">
+    <PopUp Title="@(SvcGroupHandler.ReadOnly ? "" : (AddMode ? userConfig.GetText("add_service_group") : userConfig.GetText("edit_service_group")))"
+            Size="@(SvcGroupHandler.ReadOnly ? PopupSize.Small : PopupSize.XLarge)" Show="@Display" OnClose="Close">
         <Body>
             <div class="row">
-                <div class="col-sm-6">
-                    <EditServiceGroupLeftSide @bind-Container="Container" @bind-Width="sidebarLeftWidth" @bind-SvcGroupHandler="SvcGroupHandler" AsAdmin="AsAdmin"/>
-                </div>
-                <div class="col-sm-6">
+                @if(!SvcGroupHandler.ReadOnly)
+                {
+                    <div class="col-sm-6">
+                        <EditServiceGroupLeftSide @bind-Container="Container" @bind-Width="sidebarLeftWidth" @bind-SvcGroupHandler="SvcGroupHandler" AsAdmin="AsAdmin"/>
+                    </div>
+                }
+                <div class="@(SvcGroupHandler.ReadOnly ? "col-sm-12" : "col-sm-6")">
                     <h3>@(userConfig.GetText("services_group"))</h3>
                     <div class="col-sm-11 border rounded m-2 p-2">
                         <div class="form-group row">
                             <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("name"))*:</label>
-                            <input type="text" class="col-sm-8" @bind="SvcGroupHandler.ActServiceGroup.Name" />
+                            @if(SvcGroupHandler.ReadOnly)
+                            {
+                                <label class="col-sm-8">@SvcGroupHandler.ActServiceGroup.Name</label>
+                            }
+                            else
+                            {
+                                <input type="text" class="col-sm-8" @bind="SvcGroupHandler.ActServiceGroup.Name" />
+                            }
                         </div>
                         <div class="form-group row mt-2">
                             <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("comment")):</label>
-                            <input type="text" class=" col-sm-8" @bind="SvcGroupHandler.ActServiceGroup.Comment" />
+                            @if(SvcGroupHandler.ReadOnly)
+                            {
+                                <label class="col-sm-8">@SvcGroupHandler.ActServiceGroup.Comment</label>
+                            }
+                            else
+                            {
+                                <input type="text" class=" col-sm-8" @bind="SvcGroupHandler.ActServiceGroup.Comment" />
+                            }
                         </div>
                         <div class="col-sm-12">
                             <br>
                             <h6>@(userConfig.GetText("services"))</h6>
-                            <div class="minheight-dropzone bg-secondary dropzone" dropzone="move"
-                                ondragover="event.preventDefault();"
-                                ondragstart="event.dataTransfer.setData('', event.target.id);"
-                                @ondrop="HandleSvcDrop">
-                                <EditList ElementType="ModellingService" Elements="Array.ConvertAll(SvcGroupHandler.ActServiceGroup.Services.ToArray(), wrapper => wrapper.Content)" ElementsToAdd="SvcGroupHandler.SvcToAdd" ElementsToDelete="SvcGroupHandler.SvcToDelete" StdLayout="false">
-                                    <Display>
-                                        <div class="row">
-                                            <div class="col-sm-12 ms-2 bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
-                                        </div>
-                                    </Display>
-                                </EditList>
-                            </div>                            
+                            @if(SvcGroupHandler.ReadOnly)
+                            {
+                                foreach(var svc in ModellingServiceWrapper.Resolve(SvcGroupHandler.ActServiceGroup.Services))
+                                {
+                                    <div class="mh-13 col-sm-12 border form-control form-control-sm bg-transparent">@((MarkupString)svc.DisplayWithIcon())</div>
+                                }
+                            }
+                            else
+                            {
+                                <div class="minheight-dropzone bg-secondary dropzone" dropzone="move"
+                                    ondragover="event.preventDefault();"
+                                    ondragstart="event.dataTransfer.setData('', event.target.id);"
+                                    @ondrop="HandleSvcDrop">
+                                    <EditList ElementType="ModellingService" Elements="Array.ConvertAll(SvcGroupHandler.ActServiceGroup.Services.ToArray(), wrapper => wrapper.Content)" ElementsToAdd="SvcGroupHandler.SvcToAdd" ElementsToDelete="SvcGroupHandler.SvcToDelete" StdLayout="false">
+                                        <Display>
+                                            <div class="row">
+                                                <div class="col-sm-12 ms-2 bg-transparent">@((MarkupString)context.DisplayWithIcon())</div>
+                                            </div>
+                                        </Display>
+                                    </EditList>
+                                </div>  
+                            }                          
                         </div>
                         @if(!AddMode)
                         {
-                            <label class="col-sm-12 small">@(userConfig.GetText("created_by")): @(SvcGroupHandler.ActServiceGroup.Creator), @(userConfig.GetText("creation_date")): @(SvcGroupHandler.ActServiceGroup.CreationDate)</label>
+                            <label class="col-sm-12 mt-2 small">@(userConfig.GetText("created_by")): @(SvcGroupHandler.ActServiceGroup.Creator), @(userConfig.GetText("creation_date")): @(SvcGroupHandler.ActServiceGroup.CreationDate)</label>
                         }
                     </div>
                 </div>
@@ -49,22 +77,29 @@
         </Body>
         <Footer>
             <div class="btn-group">
-                @if(SvcGroupHandler.IsOwner)
+                @if(SvcGroupHandler.ReadOnly)
                 {
-                    <AuthorizeView Roles="@(AsAdmin? Roles.Admin : Roles.Modeller)">
-                        <Authorized>
-                            <button type="button" class="btn btn-sm btn-primary" @onclick="async () => {workInProgress = true; if(await SvcGroupHandler.Save()) Close(); else workInProgress = false;}">@(userConfig.GetText("save"))</button>
-                        </Authorized>
-                        <NotAuthorized>
-                            <button type="button" class="btn btn-sm btn-primary" disabled>@(userConfig.GetText("save"))</button>
-                        </NotAuthorized> 
-                    </AuthorizeView>
+                    <button type="button" class="btn btn-sm btn-primary" @onclick="Close">@(userConfig.GetText("ok"))</button>
                 }
                 else
                 {
-                    <button type="button" class="btn btn-sm btn-primary" disabled>@(userConfig.GetText("save"))</button>
-                }                    
-                <button type="button" class="btn btn-sm btn-secondary" @onclick="Close">@(userConfig.GetText("cancel"))</button>
+                    @if(SvcGroupHandler.IsOwner)
+                    {
+                        <AuthorizeView Roles="@(AsAdmin? Roles.Admin : Roles.Modeller)">
+                            <Authorized>
+                                <button type="button" class="btn btn-sm btn-primary" @onclick="async () => {workInProgress = true; if(await SvcGroupHandler.Save()) Close(); else workInProgress = false;}">@(userConfig.GetText("save"))</button>
+                            </Authorized>
+                            <NotAuthorized>
+                                <button type="button" class="btn btn-sm btn-primary" disabled>@(userConfig.GetText("save"))</button>
+                            </NotAuthorized> 
+                        </AuthorizeView>
+                    }
+                    else
+                    {
+                        <button type="button" class="btn btn-sm btn-primary" disabled>@(userConfig.GetText("save"))</button>
+                    }                    
+                    <button type="button" class="btn btn-sm btn-secondary" @onclick="Close">@(userConfig.GetText("cancel"))</button>
+                }
             </div>
         </Footer>
     </PopUp>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
index 9675f2716..c6c90743f 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ManualAppServer.razor
@@ -52,7 +52,7 @@
         }
     </Body>
     <Footer>
-        <button type="button" class="btn btn-sm btn-secondary" @onclick="Close">@(userConfig.GetText("cancel"))</button>
+        <button type="button" class="btn btn-sm btn-primary" @onclick="Close">@(userConfig.GetText("ok"))</button>
     </Footer>
 </PopUp>
 <EditAppServer @bind-Display="appServerListHandler.EditAppServerMode" AppServerHandler="appServerListHandler.AppServerHandler" AddMode="appServerListHandler.AddAppServerMode"/>
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
index d6367052c..13a8c2cf6 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
@@ -22,17 +22,19 @@ public class ModellingAppRoleHandler : ModellingHandlerBase
         public ModellingNamingConvention NamingConvention = new();
 
         private ModellingManagedIdString OrigId = new();
+        public bool ReadOnly = false;
 
 
         public ModellingAppRoleHandler(ApiConnection apiConnection, UserConfig userConfig, FwoOwner application, 
             List<ModellingAppRole> appRoles, ModellingAppRole appRole, List<ModellingAppServer> availableAppServers,
-            List<KeyValuePair<int, long>> availableNwElems, bool addMode, Action<Exception?, string, string, bool> displayMessageInUi, bool isOwner = true)
+            List<KeyValuePair<int, long>> availableNwElems, bool addMode, Action<Exception?, string, string, bool> displayMessageInUi, bool isOwner = true, bool readOnly = false)
             : base (apiConnection, userConfig, application, addMode, displayMessageInUi, isOwner)
         {
             AppRoles = appRoles;
             AvailableAppServers = availableAppServers;
             AvailableNwElems = availableNwElems;
             ActAppRole = appRole;
+            ReadOnly = readOnly;
             ApplyNamingConvention(application.ExtAppId);
         }
 
diff --git a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
index 6d1fe8d7c..3cdfb90ad 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
@@ -47,6 +47,7 @@ public class ModellingConnectionHandler : ModellingHandlerBase
         public bool AddAppRoleMode = false;
         public bool EditAppRoleMode = false;
         public bool DeleteAppRoleMode = false;
+        public bool DisplayAppRoleMode = false;
 
         public ModellingServiceHandler? ServiceHandler;
         public List<ModellingService> SvcToDelete { get; set; } = new();
@@ -60,6 +61,7 @@ public class ModellingConnectionHandler : ModellingHandlerBase
         public bool AddSvcGrpMode = false;
         public bool EditSvcGrpMode = false;
         public bool DeleteSvcGrpMode = false;
+        public bool DisplaySvcGrpMode = false;
 
         private List<FwoOwner> allApps = new();
         private ModellingAppRole actAppRole = new();
@@ -315,6 +317,7 @@ public void NwGroupToDestination(List<ModellingNwGroup> nwGroups)
 
         public void CreateAppRole()
         {
+            DisplayAppRoleMode = false;
             AddAppRoleMode = true;
             HandleAppRole(new ModellingAppRole(){});
         }
@@ -323,6 +326,17 @@ public void EditAppRole(ModellingAppRole? appRole)
         {
             if(appRole != null)
             {
+                DisplayAppRoleMode = false;
+                AddAppRoleMode = false;
+                HandleAppRole(appRole);
+            }
+        }
+
+        public void DisplayAppRole(ModellingAppRole? appRole)
+        {
+            if(appRole != null)
+            {
+                DisplayAppRoleMode = true;
                 AddAppRoleMode = false;
                 HandleAppRole(appRole);
             }
@@ -333,7 +347,7 @@ public void HandleAppRole(ModellingAppRole appRole)
             try
             {
                 AppRoleHandler = new ModellingAppRoleHandler(apiConnection, userConfig, Application, AvailableAppRoles,
-                    appRole, AvailableAppServers, AvailableNwElems, AddAppRoleMode, DisplayMessageInUi, IsOwner);
+                    appRole, AvailableAppServers, AvailableNwElems, AddAppRoleMode, DisplayMessageInUi, IsOwner, DisplayAppRoleMode);
                 EditAppRoleMode = true;
             }
             catch (Exception exception)
@@ -426,6 +440,7 @@ public void AppRolesToDestination(List<ModellingAppRole> appRoles)
 
         public void CreateServiceGroup()
         {
+            DisplaySvcGrpMode = false;
             AddSvcGrpMode = true;
             HandleServiceGroup(new ModellingServiceGroup(){});
         }
@@ -434,6 +449,17 @@ public void EditServiceGroup(ModellingServiceGroup? serviceGroup)
         {
             if(serviceGroup != null)
             {
+                DisplaySvcGrpMode = false;
+                AddSvcGrpMode = false;
+                HandleServiceGroup(serviceGroup);
+            }
+        }
+
+        public void DisplayServiceGroup(ModellingServiceGroup? serviceGroup)
+        {
+            if(serviceGroup != null)
+            {
+                DisplaySvcGrpMode = true;
                 AddSvcGrpMode = false;
                 HandleServiceGroup(serviceGroup);
             }
@@ -444,7 +470,7 @@ public void HandleServiceGroup(ModellingServiceGroup serviceGroup)
             try
             {
                 SvcGrpHandler = new ModellingServiceGroupHandler(apiConnection, userConfig, Application, AvailableServiceGroups,
-                    serviceGroup, AvailableServices, AvailableSvcElems, AddSvcGrpMode, DisplayMessageInUi, IsOwner);
+                    serviceGroup, AvailableServices, AvailableSvcElems, AddSvcGrpMode, DisplayMessageInUi, IsOwner, DisplaySvcGrpMode);
                 EditSvcGrpMode = true;
             }
             catch (Exception exception)
@@ -530,7 +556,7 @@ public void EditService(ModellingService? service)
                 HandleService(service);
             }
         }
-
+        
         public void HandleService(ModellingService service)
         {
             try
@@ -1024,9 +1050,11 @@ public void Close()
             AddAppRoleMode = false;
             EditAppRoleMode = false;
             DeleteAppRoleMode = false;
+            DisplayAppRoleMode = false;
             AddSvcGrpMode = false;
             EditSvcGrpMode = false;
             DeleteSvcGrpMode = false;
+            DisplaySvcGrpMode = false;
             AddServiceMode = false;
             EditServiceMode = false;
             DeleteServiceMode = false;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
index b9f5a4952..788231706 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
@@ -37,11 +37,10 @@ public MarkupString DisplayButton(string text, string icon, string iconText = ""
         {
             string tooltip = userConfig.ModIconify ? $"data-toggle=\"tooltip\" title=\"{@userConfig.PureLine(text)}\"" : "";
             string iconToDisplay = $"<span class=\"{icon}\" {@tooltip}/>";
-            string objIconToDisplay = $"<span class=\"{objIcon}\"/>";
+            string iconTextPart = iconText != "" ? " <span class=\"stdtext\">" + userConfig.GetText(iconText) + "</span>" : "";
+            string objIconToDisplay = objIcon != "" ? $" <span class=\"{objIcon}\"/>" : "";
             
-            return (MarkupString)(userConfig.ModIconify ? 
-                iconToDisplay + (iconText != "" ? " " + userConfig.GetText(iconText) : "") + (objIcon != "" ? " " + objIconToDisplay : "")
-                : userConfig.GetText(text));
+            return (MarkupString)(userConfig.ModIconify ? iconToDisplay + iconTextPart + objIconToDisplay : userConfig.GetText(text));
         }
 
         protected async Task LogChange(ModellingTypes.ChangeType changeType, ModellingTypes.ObjectType objectType, long objId, string text, int? applicationId)
diff --git a/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
index a75fec3c9..38221b0e7 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
@@ -17,12 +17,12 @@ public class ModellingServiceGroupHandler : ModellingHandlerBase
         public bool AddServiceMode = false;
         public bool EditServiceMode = false;
         public bool DeleteServiceMode = false;
-        private ModellingService actService = new();
+        public bool ReadOnly = false;
 
 
         public ModellingServiceGroupHandler(ApiConnection apiConnection, UserConfig userConfig, FwoOwner application, 
             List<ModellingServiceGroup> serviceGroups, ModellingServiceGroup serviceGroup, List<ModellingService> availableServices,
-            List<KeyValuePair<int, int>> availableSvcElems, bool addMode, Action<Exception?, string, string, bool> displayMessageInUi, bool isOwner = true)
+            List<KeyValuePair<int, int>> availableSvcElems, bool addMode, Action<Exception?, string, string, bool> displayMessageInUi, bool isOwner = true, bool readOnly = false)
             : base (apiConnection, userConfig, application, addMode, displayMessageInUi, isOwner)
         {
             ServiceGroups = serviceGroups;
@@ -30,6 +30,7 @@ public ModellingServiceGroupHandler(ApiConnection apiConnection, UserConfig user
             ActServiceGroup.AppId = application.Id;
             AvailableServices = availableServices;
             AvailableSvcElems = availableSvcElems;
+            ReadOnly = readOnly;
         }
 
         public void ServicesToSvcGroup(List<ModellingService> services)
diff --git a/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor b/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
index 5e5d45e15..bb5f93171 100644
--- a/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
+++ b/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
@@ -14,7 +14,7 @@
             <Template>
                 <div class="btn-group">
                     <button type="button" class="btn btn-sm btn-primary" @onclick="async () => 
-                        { await AppHandler.ShowDetails(context); await AppHandlerChanged.InvokeAsync(AppHandler); }">@(AppHandler.DisplayButton("details", Icons.Search))</button>
+                        { await AppHandler.ShowDetails(context); await AppHandlerChanged.InvokeAsync(AppHandler); }">@(AppHandler.DisplayButton("details", Icons.Display))</button>
                     @if(AppActive)
                     {
                         <button type="button" class="btn btn-sm btn-warning" @onclick="async () => 
diff --git a/roles/ui/files/FWO.UI/wwwroot/css/site.css b/roles/ui/files/FWO.UI/wwwroot/css/site.css
index 2e1b7d56b..952f1ab6d 100644
--- a/roles/ui/files/FWO.UI/wwwroot/css/site.css
+++ b/roles/ui/files/FWO.UI/wwwroot/css/site.css
@@ -10,6 +10,10 @@ body {
     font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;
 }
 
+.stdtext {
+    font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;
+}
+
 a,
 .btn-link {
     color: #0366d6;
@@ -207,6 +211,11 @@ h5 {
     margin-right: 13px;
 }
 
+/* add left margin 13px */
+.ml-13 {
+    margin-left: 13px;
+}
+
 /* add margin 20px */
 .pad-10 {
     padding: 10px;

From d0d422351a15701a1bfdf3e9082705ab07d41390 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Mon, 18 Mar 2024 20:47:53 +0100
Subject: [PATCH 47/84] make demo user groups modellers

---
 .../tree_roles_for_sample_operators.ldif.j2          | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/roles/sample-auth-data/templates/tree_roles_for_sample_operators.ldif.j2 b/roles/sample-auth-data/templates/tree_roles_for_sample_operators.ldif.j2
index a3eb758d4..29acc66b0 100644
--- a/roles/sample-auth-data/templates/tree_roles_for_sample_operators.ldif.j2
+++ b/roles/sample-auth-data/templates/tree_roles_for_sample_operators.ldif.j2
@@ -21,3 +21,15 @@ dn: cn=recertifier,ou=role,{{ openldap_path }}
 changetype: modify
 add: uniquemember
 uniquemember: cn=ownergroup_D{{ sample_postfix }},ou=group,{{ openldap_path }}
+
+
+dn: cn=modeller,ou=role,{{ openldap_path }}
+changetype: modify
+add: uniquemember
+uniquemember: cn=ownergroup_F{{ sample_postfix }},ou=group,{{ openldap_path }}
+
+
+dn: cn=modeller,ou=role,{{ openldap_path }}
+changetype: modify
+add: uniquemember
+uniquemember: cn=ownergroup_D{{ sample_postfix }},ou=group,{{ openldap_path }}

From f38387d5ab6ebc3194e2a440f50784f3d8d34c75 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Mon, 18 Mar 2024 21:18:10 +0100
Subject: [PATCH 48/84] common areas

---
 .../files/sql/creation/fworch-fill-stm.sql    |  1 +
 .../files/sql/idempotent/fworch-texts.sql     |  8 ++
 .../Data/ModellingConnection.cs               |  8 +-
 .../FWO.Api.Client/Data/ModellingTypes.cs     | 18 ++--
 .../files/FWO.Config.Api/Data/ConfigData.cs   |  3 +
 .../Pages/Help/HelpSettingsModelling.cshtml   |  1 +
 .../NetworkModelling/EditConnLeftSide.razor   | 42 +++++----
 .../NetworkModelling/PredefServices.razor     | 14 +--
 .../NetworkModelling/SearchNwObject.razor     | 35 ++++---
 .../Pages/NetworkModelling/ShowHistory.razor  |  2 +-
 .../Pages/Settings/SettingsModelling.razor    | 60 +++++++++++-
 .../FWO.UI/Services/ModellingAppHandler.cs    |  2 +-
 .../Services/ModellingAppRoleHandler.cs       | 12 +--
 .../Services/ModellingAppServerHandler.cs     |  4 +-
 .../Services/ModellingAppServerListHandler.cs |  6 +-
 .../Services/ModellingConnectionHandler.cs    | 94 ++++++++++++++-----
 .../FWO.UI/Services/ModellingHandlerBase.cs   | 14 ++-
 .../Services/ModellingServiceGroupHandler.cs  | 12 +--
 .../Services/ModellingServiceHandler.cs       |  6 +-
 19 files changed, 239 insertions(+), 103 deletions(-)

diff --git a/roles/database/files/sql/creation/fworch-fill-stm.sql b/roles/database/files/sql/creation/fworch-fill-stm.sql
index 41d9d2471..22bc5c81f 100644
--- a/roles/database/files/sql/creation/fworch-fill-stm.sql
+++ b/roles/database/files/sql/creation/fworch-fill-stm.sql
@@ -81,6 +81,7 @@ insert into config (config_key, config_value, config_user) VALUES ('importSubnet
 insert into config (config_key, config_value, config_user) VALUES ('importAppDataPath', '[]', 0);
 insert into config (config_key, config_value, config_user) VALUES ('importSubnetDataPath', '', 0);
 insert into config (config_key, config_value, config_user) VALUES ('modNamingConvention', '{"networkAreaRequired":false,"useAppPart":false,"fixedPartLength":0,"freePartLength":0,"networkAreaPattern":"","appRolePattern":""}', 0);
+insert into config (config_key, config_value, config_user) VALUES ('modCommonAreas', '[]', 0);
 insert into config (config_key, config_value, config_user) VALUES ('modIconify', 'True', 0);
 insert into config (config_key, config_value, config_user) VALUES ('reducedProtocolSet', 'True', 0);
 insert into config (config_key, config_value, config_user) VALUES ('overviewDisplayLines', '3', 0);
diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index a0bb00b99..0cf4363fd 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -1130,6 +1130,8 @@ INSERT INTO txt VALUES ('object_id',            'German', 	'Objekt-Id');
 INSERT INTO txt VALUES ('object_id',            'English', 	'Object Id');
 INSERT INTO txt VALUES ('predef_services',      'German', 	'Vordefinierte Dienste');
 INSERT INTO txt VALUES ('predef_services',      'English', 	'Predefined Services');
+INSERT INTO txt VALUES ('common_areas',         'German', 	'Gemeinsame Netzwerkareas');
+INSERT INTO txt VALUES ('common_areas',         'English', 	'Common Network Areas');
 INSERT INTO txt VALUES ('search_interface',     'German', 	'Schnittstelle suchen');
 INSERT INTO txt VALUES ('search_interface',     'English', 	'Search Interface');
 INSERT INTO txt VALUES ('used_interface',       'German', 	'Genutzte Schnittstelle');
@@ -4435,6 +4437,12 @@ INSERT INTO txt VALUES ('H5618', 'German',  'Nutzung von Piktogrammen: Vorzugswe
 INSERT INTO txt VALUES ('H5618', 'English', 'Prefer use of Icons: Use icons where reasonnable. Generally set by the administrator but can be overwritten in the personal settings of the user.');
 INSERT INTO txt VALUES ('H5619', 'German',  'Eigent&uuml;mernamen verwenden: Der Name des Eigent&uuml;mers fliesst in den mittleren Teil der Namenskonvention f&uuml;r App-Rollen ein.');
 INSERT INTO txt VALUES ('H5619', 'English', 'Use Owner Name: The name of the owner is used in the middle part of the naming convention for App Roles.');
+INSERT INTO txt VALUES ('H5620', 'German',  'Gemeinsame Netzwerkareas: Vom Administrator vorgegebene Netzwerkareas, welche von allen Verbindungen genutzt werden d&uuml;rfen.
+    Sie sind in der Bibliothek immer sichtbar und stehen dann nicht mehr in der Liste der auszuw&auml;hlenden Areas f&uuml;r Common Services.
+');
+INSERT INTO txt VALUES ('H5620', 'English', 'Common Network Areas: Network areas defined by the administrator, which are permitted to be used by all connections.
+    They are visible in the object library and are not offered in the list of available areas for Common Services. 
+');
 INSERT INTO txt VALUES ('H5621', 'German',  'Ein Modellierer kann einige pers&ouml;nliche Voreinstellungen f&uuml;r die Darstellung der Modellierung &uuml;berschreiben.
     Ausgangswert ist der vom Admin in den <a href="/help/settings/modelling">Modellierungseinstellungen</a> gesetzte Wert.
 ');
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
index 3672ddfee..d9cb308ff 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingConnection.cs
@@ -149,21 +149,21 @@ public void ExtractNwGroups()
             SourceNwGroups = new();
             foreach(var nwGroup in SourceAppRoles)
             {
-                if(nwGroup.Content.GroupType != (int)ModellingTypes.ObjectType.AppRole)
+                if(nwGroup.Content.GroupType != (int)ModellingTypes.ModObjectType.AppRole)
                 {
                     SourceNwGroups.Add(new ModellingNwGroupWrapper() { Content = nwGroup.Content.ToBase() });
                 }
             }
-            SourceAppRoles = SourceAppRoles.Where(nwGroup => nwGroup.Content.GroupType == (int)ModellingTypes.ObjectType.AppRole).ToList();
+            SourceAppRoles = SourceAppRoles.Where(nwGroup => nwGroup.Content.GroupType == (int)ModellingTypes.ModObjectType.AppRole).ToList();
             DestinationNwGroups = new();
             foreach(var nwGroup in DestinationAppRoles)
             {
-                if(nwGroup.Content.GroupType != (int)ModellingTypes.ObjectType.AppRole)
+                if(nwGroup.Content.GroupType != (int)ModellingTypes.ModObjectType.AppRole)
                 {
                     DestinationNwGroups.Add(new ModellingNwGroupWrapper() { Content = nwGroup.Content.ToBase() });
                 }
             }
-            DestinationAppRoles = DestinationAppRoles.Where(nwGroup => nwGroup.Content.GroupType == (int)ModellingTypes.ObjectType.AppRole).ToList();
+            DestinationAppRoles = DestinationAppRoles.Where(nwGroup => nwGroup.Content.GroupType == (int)ModellingTypes.ModObjectType.AppRole).ToList();
         }
 
         public bool Sanitize()
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingTypes.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingTypes.cs
index 6e5639442..ebe37745b 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingTypes.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingTypes.cs
@@ -19,7 +19,7 @@ public enum ChangeType
             Reactivate = 7
         }
 
-        public enum ObjectType
+        public enum ModObjectType
         {
             Connection = 1,
 
@@ -35,26 +35,26 @@ public enum ObjectType
             ServiceGroup = 31,
         }
 
-        public static bool IsNwGroup(this ObjectType objectType)
+        public static bool IsNwGroup(this ModObjectType objectType)
         {
             switch(objectType)
             {
-                case ObjectType.AppRole:
-                case ObjectType.AppZone:
-                case ObjectType.NetworkZone:
-                case ObjectType.NetworkArea:
+                case ModObjectType.AppRole:
+                case ModObjectType.AppZone:
+                case ModObjectType.NetworkZone:
+                case ModObjectType.NetworkArea:
                     return true;
                 default: 
                     return false;
             }
         }
 
-        public static bool IsNwObject(this ObjectType objectType)
+        public static bool IsNwObject(this ModObjectType objectType)
         {
             switch(objectType)
             {
-                case ObjectType.AppServer:
-                case ObjectType.Network:
+                case ModObjectType.AppServer:
+                case ModObjectType.Network:
                     return true;
                 default: 
                     return false;
diff --git a/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs b/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
index 004020017..d38c1228e 100644
--- a/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
+++ b/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
@@ -246,6 +246,9 @@ public class ConfigData : ICloneable
         [JsonProperty("modIconify"), JsonPropertyName("modIconify")]
         public bool ModIconify { get; set; } = true;
 
+        [JsonProperty("modCommonAreas"), JsonPropertyName("modCommonAreas")]
+        public string ModCommonAreas { get; set; } = "";
+
 
         public ConfigData(bool editable = false)
         {
diff --git a/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml
index a1beff12d..0715f82cb 100644
--- a/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml
+++ b/roles/ui/files/FWO.UI/Pages/Help/HelpSettingsModelling.cshtml
@@ -18,6 +18,7 @@
     @(Html.Raw(userConfig.GetText("general")))
     <ul>
         <li>@(Html.Raw(userConfig.GetText("H5602")))</li>
+        <li>@(Html.Raw(userConfig.GetText("H5620")))</li>
         <li>@(Html.Raw(userConfig.GetText("H5603")))</li>
         <li>@(Html.Raw(userConfig.GetText("H5604")))</li>
         <li>@(Html.Raw(userConfig.GetText("H5605")))</li>
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
index 57d740b08..29bdf499e 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
@@ -42,7 +42,7 @@
                 @(ConnHandler.DisplayButton("add_app_role", Icons.Add))</button>
             @if(selectedNwElems.Count == 1)
             {
-                @if(selectedNwElems[0].Key == (int)ModellingTypes.ObjectType.AppRole)
+                @if(selectedNwElems[0].Key == (int)ModellingTypes.ModObjectType.AppRole)
                 {
                     if(!(ResolveAppRole(selectedNwElems[0].Value)?.IsDeleted ?? true))
                     {
@@ -55,16 +55,17 @@
                             @(ConnHandler.DisplayButton("delete", Icons.Delete))</button>
                     }
                 }
-                else if(selectedNwElems[0].Key == (int)ModellingTypes.ObjectType.AppServer)
+                else if(selectedNwElems[0].Key == (int)ModellingTypes.ModObjectType.AppServer)
                 {
 
                 }
                 else
                 {
-                    if(!(ResolveNwGroupObject(selectedNwElems[0].Value)?.IsDeleted ?? true))
+                    ModellingNwGroup? nwGroup = ResolveNwGroupObject(selectedNwElems[0].Value);
+                    if(nwGroup != null && !nwGroup.IsDeleted && ConnHandler.AvailableCommonAreas.FirstOrDefault(x => x.Content.Id == nwGroup.Id) == null)
                     {
                         <button type="button" class="btn btn-sm btn-danger" @onclick="() => 
-                            {ConnHandler.RequestRemoveNwGrpObject(ResolveNwGroupObject(selectedNwElems[0].Value));
+                            {ConnHandler.RequestRemoveNwGrpObject(nwGroup);
                             selectedNwElems = new(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
                             @(ConnHandler.DisplayButton("remove", Icons.Delete))</button>
                     }
@@ -100,7 +101,7 @@
                 }
                 @if(selectedSvcElems.Count == 1)
                 {
-                    @if(selectedSvcElems[0].Key == (int)ModellingTypes.ObjectType.ServiceGroup)
+                    @if(selectedSvcElems[0].Key == (int)ModellingTypes.ModObjectType.ServiceGroup)
                     {
                         if(ResolveSvcGrp(selectedSvcElems[0].Value)?.IsGlobal ?? true)
                         {
@@ -235,7 +236,7 @@
         List<ModellingAppServer> appServers = new();
         foreach(var elem in selectedNwElems)
         {
-            if(elem.Key == (int)ModellingTypes.ObjectType.AppRole)
+            if(elem.Key == (int)ModellingTypes.ModObjectType.AppRole)
             {
                 ModellingAppRole? AppRole = ResolveAppRole(elem.Value);
                 if(AppRole != null)
@@ -243,7 +244,7 @@
                     appRoles.Add(AppRole);
                 }
             }
-            else if(ModellingTypes.IsNwGroup((ModellingTypes.ObjectType)elem.Key))
+            else if(ModellingTypes.IsNwGroup((ModellingTypes.ModObjectType)elem.Key))
             {
                 ModellingNwGroup? nwGroup = ResolveNwGroupObject(elem.Value);
                 if(nwGroup != null)
@@ -251,7 +252,7 @@
                     nwGroups.Add(nwGroup);
                 }
             }
-            else if(elem.Key == (int)ModellingTypes.ObjectType.AppServer)
+            else if(elem.Key == (int)ModellingTypes.ModObjectType.AppServer)
             {
                 ModellingAppServer? appServer = ResolveAppServer(elem.Value);
                 if(appServer != null)
@@ -302,7 +303,7 @@
         List<ModellingService> services = new();
         foreach(var elem in selectedSvcElems)
         {
-            if(elem.Key == (int)ModellingTypes.ObjectType.ServiceGroup)
+            if(elem.Key == (int)ModellingTypes.ModObjectType.ServiceGroup)
             {
                 ModellingServiceGroup? svcGrp = ResolveSvcGrp(elem.Value);
                 if (svcGrp != null)
@@ -339,7 +340,7 @@
         Container.Clear();
         foreach(var elem in selectedNwElems)
         {
-            if(elem.Key == (int)ModellingTypes.ObjectType.AppRole)
+            if(elem.Key == (int)ModellingTypes.ModObjectType.AppRole)
             {
                 ModellingAppRole? AppRole = ResolveAppRole(elem.Value);
                 if(AppRole != null)
@@ -347,7 +348,7 @@
                     Container.AppRoleElements.Add(AppRole);
                 }
             }
-            else if(ModellingTypes.IsNwGroup((ModellingTypes.ObjectType)elem.Key))
+            else if(ModellingTypes.IsNwGroup((ModellingTypes.ModObjectType)elem.Key))
             {
                 ModellingNwGroup? nwGroup = ResolveNwGroupObject(elem.Value);
                 if(nwGroup != null)
@@ -355,7 +356,7 @@
                     Container.NwGroupElements.Add(nwGroup);
                 }
             }
-            else if(elem.Key == (int)ModellingTypes.ObjectType.AppServer)
+            else if(elem.Key == (int)ModellingTypes.ModObjectType.AppServer)
             {
                 ModellingAppServer? appServer = ResolveAppServer(elem.Value);
                 if(appServer != null)
@@ -377,7 +378,7 @@
         Container.Clear();
         foreach(var elem in selectedSvcElems)
         {
-            if(elem.Key == (int)ModellingTypes.ObjectType.ServiceGroup)
+            if(elem.Key == (int)ModellingTypes.ModObjectType.ServiceGroup)
             {
                 ModellingServiceGroup? svcGrp = ResolveSvcGrp(elem.Value);
                 if (svcGrp != null)
@@ -418,15 +419,15 @@
 
     private ModellingNwObject? ResolveNwObject(KeyValuePair<int, long> selectedObj)
     {
-        if(selectedObj.Key == (int)ModellingTypes.ObjectType.AppRole)
+        if(selectedObj.Key == (int)ModellingTypes.ModObjectType.AppRole)
         {
             return ResolveAppRole(selectedObj.Value);
         }
-        else if(ModellingTypes.IsNwGroup((ModellingTypes.ObjectType)selectedObj.Key))
+        else if(ModellingTypes.IsNwGroup((ModellingTypes.ModObjectType)selectedObj.Key))
         {
             return ResolveNwGroupObject(selectedObj.Value);
         }
-        else if(selectedObj.Key == (int)ModellingTypes.ObjectType.AppServer)
+        else if(selectedObj.Key == (int)ModellingTypes.ModObjectType.AppServer)
         {
             return ResolveAppServer(selectedObj.Value);
         }
@@ -456,16 +457,21 @@
 
     private ModellingNwGroup? ResolveNwGroupObject(long selectedId)
     {
+        ModellingNwGroupWrapper? comArea = ConnHandler.AvailableCommonAreas.FirstOrDefault(x => x.Content.Id == selectedId);
+        if(comArea != null)
+        {
+            return comArea.Content;
+        }
         return ConnHandler.AvailableSelectedObjects.FirstOrDefault(x => x.Content.Id == selectedId)?.Content;
     }
 
     private ModellingSvcObject? ResolveSvcObject(KeyValuePair<int, int> selectedObj)
     {
-        if(selectedObj.Key == (int)ModellingTypes.ObjectType.ServiceGroup)
+        if(selectedObj.Key == (int)ModellingTypes.ModObjectType.ServiceGroup)
         {
             return ResolveSvcGrp(selectedObj.Value);
         }
-        else if(selectedObj.Key == (int)ModellingTypes.ObjectType.Service)
+        else if(selectedObj.Key == (int)ModellingTypes.ModObjectType.Service)
         {
             return ResolveSvc(selectedObj.Value);
         }
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/PredefServices.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/PredefServices.razor
index cb9063cee..56cf4fc4d 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/PredefServices.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/PredefServices.razor
@@ -11,19 +11,19 @@
     <Body>
         @if (Display)
         {
-            <button type="button" class="btn btn-sm btn-success ms-5 mb-2" @onclick="CreateServiceGroup">@(userConfig.GetText("add_service_group"))</button>
+            <button type="button" class="btn btn-sm btn-success ms-5 mb-2" @onclick="CreateServiceGroup">@(ModellingHandlerBase.DisplayButton(userConfig, "add_service_group", Icons.Add))</button>
             <div class="vheight75">
                 <Table class="table table-bordered th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ModellingServiceGroup" Items="PredefServiceGroups" PageSize="0" ColumnReorder="true">
                     <Column TableItem="ModellingServiceGroup" Title="@(userConfig.GetText("actions"))" Field="(x => x.Id)" Sortable="false" Filterable="false">
                         <Template>
                             <div class="btn-group">
-                                <button type="button" class="btn btn-sm btn-warning" @onclick="() => EditServiceGroup(context)">@(userConfig.GetText("edit"))</button>
+                                <button type="button" class="btn btn-sm btn-warning" @onclick="() => EditServiceGroup(context)">@(ModellingHandlerBase.DisplayButton(userConfig, "edit", Icons.Edit))</button>
                                 <AuthorizeView Roles="@Roles.Admin" Context="ctx">
                                     <Authorized>
-                                        <button type="button" class="btn btn-sm btn-danger" @onclick="async () => await RequestDeleteServiceGrp(context)">@(userConfig.GetText("delete"))</button>
+                                        <button type="button" class="btn btn-sm btn-danger" @onclick="async () => await RequestDeleteServiceGrp(context)">@(ModellingHandlerBase.DisplayButton(userConfig, "delete", Icons.Delete))</button>
                                     </Authorized>
                                     <NotAuthorized>
-                                        <button type="button" disabled class="btn btn-sm btn-danger">@(userConfig.GetText("delete"))</button>
+                                        <button type="button" disabled class="btn btn-sm btn-danger">@(ModellingHandlerBase.DisplayButton(userConfig, "delete", Icons.Delete))</button>
                                     </NotAuthorized> 
                                 </AuthorizeView>
                             </div>
@@ -91,13 +91,13 @@
             AvailableServices = await apiConnection.SendQueryAsync<List<ModellingService>>(ModellingQueries.getGlobalServices);
             foreach(var svcGrp in PredefServiceGroups)
             {
-                AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ObjectType.ServiceGroup, svcGrp.Id));
+                AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ModObjectType.ServiceGroup, svcGrp.Id));
             }
             if(userConfig.AllowServiceInConn)
             {
                 foreach(var svc in AvailableServices)
                 {
-                    AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ObjectType.Service, svc.Id));
+                    AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ModObjectType.Service, svc.Id));
                 }
             }
         }
@@ -167,7 +167,7 @@
             apiConnection.SetRole(Roles.Admin);
             if((await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.deleteServiceGroup, new { id = ActServiceGroup.Id })).AffectedRows > 0)
             {
-                await ModellingHandlerBase.LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ObjectType.ServiceGroup, ActServiceGroup.Id,
+                await ModellingHandlerBase.LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ModObjectType.ServiceGroup, ActServiceGroup.Id,
                     $"Deleted Predefined Service Group: {ActServiceGroup.Display()}", apiConnection, userConfig, null, DisplayMessageInUi);
                 PredefServiceGroups.Remove(ActServiceGroup);
                 DeleteSvcGrpMode = false;
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor
index 97f36e70e..2f981f125 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor
@@ -1,4 +1,5 @@
 @using FWO.Config.Api
+@using System.Text.Json
 
 @attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.Modeller}")]
 
@@ -11,14 +12,14 @@
         {
             <div class="form-group row col-sm-12">
                 <label class="col-form-label col-sm-4">@(userConfig.GetText("object_type")):</label>
-                @if(singleType)
+                @if(singleType || CommonAreaMode)
                 {
                     <label class="col-form-label text-primary col-sm-8">@userConfig.GetText(selectedType.ToString())</label>
                 }
                 else
                 {
                     <div class="col-sm-6">
-                        <Dropdown ElementType="ModellingTypes.ObjectType" ElementToString="@(a => userConfig.GetText(a.ToString()))" @bind-SelectedElement="selectedType" Elements="availableTypes">
+                        <Dropdown ElementType="ModellingTypes.ModObjectType" ElementToString="@(a => userConfig.GetText(a.ToString()))" @bind-SelectedElement="selectedType" Elements="availableTypes">
                             <ElementTemplate Context="type">
                                 @userConfig.GetText(type.ToString())
                             </ElementTemplate>
@@ -46,7 +47,7 @@
         <div class="btn-group">
             @if(selectedObject != null)
             {
-                <AuthorizeView Roles="@Roles.Modeller">
+                <AuthorizeView Roles="@(CommonAreaMode ? Roles.Admin : Roles.Modeller)">
                     <Authorized>
                         <button type="button" class="btn btn-sm btn-success" @onclick="AddObject">@(userConfig.GetText("select"))</button>
                     </Authorized>
@@ -84,9 +85,12 @@
     [Parameter]
     public Func<bool> Refresh { get; set; } = DefaultInit.DoNothingSync;
 
+    [Parameter]
+    public bool CommonAreaMode { get; set; } = false;
+
 
-    private List<ModellingTypes.ObjectType> availableTypes = new(){ ModellingTypes.ObjectType.NetworkArea };
-    private ModellingTypes.ObjectType selectedType = ModellingTypes.ObjectType.NetworkArea;
+    private List<ModellingTypes.ModObjectType> availableTypes = new(){ ModellingTypes.ModObjectType.NetworkArea };
+    private ModellingTypes.ModObjectType selectedType = ModellingTypes.ModObjectType.NetworkArea;
     private bool singleType = false;
     private bool typeSelected = false;
     private List<ModellingNwGroup> nwObjects = new();
@@ -122,8 +126,12 @@
                 grpType = (int)selectedType
             };
             List<ModellingNwGroup> allNwObjects = await apiConnection.SendQueryAsync<List<ModellingNwGroup>>(FWO.Api.Client.Queries.ModellingQueries.getNwGroupObjects, Variables);
-            List<ModellingNwGroupWrapper> selectedObjects = await apiConnection.SendQueryAsync<List<ModellingNwGroupWrapper>>(ModellingQueries.getSelectedNwGroupObjects, new { appId = Application.Id });
-            nwObjects = allNwObjects.Where(o => selectedObjects.FirstOrDefault(sel => sel.Content.Id == o.Id) == null).ToList();
+            if(userConfig.ModCommonAreas != "")
+            {
+                List<long> commonAreaIds = JsonSerializer.Deserialize<List<long>>(userConfig.ModCommonAreas) ?? new();
+                allNwObjects = allNwObjects.Where(o => !commonAreaIds.Contains(o.Id)).ToList();
+            }
+            nwObjects = allNwObjects.Where(o => ObjectList.FirstOrDefault(sel => sel.Content.Id == o.Id) == null).ToList();
             typeSelected = true;
         }
         catch (Exception exception)
@@ -138,12 +146,15 @@
         {
             if(selectedObject != null)
             {
-                var Variables = new
+                if(!CommonAreaMode)
                 {
-                    appId = Application.Id,
-                    nwGroupId = selectedObject?.Id
-                };
-                await apiConnection.SendQueryAsync<NewReturning>(FWO.Api.Client.Queries.ModellingQueries.addSelectedNwGroupObject, Variables);
+                    var Variables = new
+                    {
+                        appId = Application.Id,
+                        nwGroupId = selectedObject?.Id
+                    };
+                    await apiConnection.SendQueryAsync<NewReturning>(FWO.Api.Client.Queries.ModellingQueries.addSelectedNwGroupObject, Variables);
+                }
                 ObjectList.Add(new ModellingNwGroupWrapper(){ Content = selectedObject ?? throw new Exception("No Object selected.") });
                 await ObjectListChanged.InvokeAsync(ObjectList);
                 Refresh();
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ShowHistory.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ShowHistory.razor
index 1bf665573..05e2b555a 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/ShowHistory.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/ShowHistory.razor
@@ -34,7 +34,7 @@
                     </Column>
                     <Column TableItem="ModellingHistoryEntry" Title="@(userConfig.GetText("object_type"))" Field="@(x => x.ObjectType)" Sortable="true">
                         <Template>
-                            @(userConfig.GetText(Enum.GetName(typeof(ModellingTypes.ObjectType), context.ObjectType)))
+                            @(userConfig.GetText(Enum.GetName(typeof(ModellingTypes.ModObjectType), context.ObjectType)))
                         </Template>
                     </Column>
                     <Column TableItem="ModellingHistoryEntry" Title="@(userConfig.GetText("object_id"))" Field="@(x => x.ObjectId)" Sortable="true" Filterable="true" />
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
index a4ce9066e..016467f77 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
@@ -22,7 +22,6 @@
 {
     <button type="button" class="btn btn-sm btn-dark ms-5" data-toggle="tooltip" title="@(userConfig.PureLine("H5602"))"
         @onclick="PredefServices">@(userConfig.GetText("predef_services"))</button>
-
     <form onsubmit="return false">
         <div class="form-group row mt-2">
             <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5603"))">
@@ -57,6 +56,23 @@
             </div>
         </div>
         <hr />
+        <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5620"))">
+            <label class="col-form-label col-sm-4">@userConfig.GetText("common_areas"):</label>
+            <div class="col-sm-6">
+                <EditList ElementType="ModellingNwGroupWrapper" Elements="commonAreas.ToArray()" ElementsToAdd="AreasToAdd" ElementsToDelete="AreasToDelete" StdLayout="false">
+                    <Display>
+                        <div class="row">
+                            <div class="col-sm-12 border bg-transparent">@((MarkupString)context.Content.DisplayHtml())</div>
+                        </div>
+                    </Display>
+                </EditList>
+                <div class="row col-sm-12 mt-1">
+                    <button type="button" class="col-sm-2 btn btn-sm btn-primary" @onclick="SearchArea" @onclick:preventDefault>
+                        @(ModellingHandlerBase.DisplayButton(userConfig, "add_common_area", Icons.Add))</button>
+                </div>
+            </div>
+        </div>
+        <hr />
         <div class="form-group row">
             <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5606"))">
                 <label class="col-form-label col-sm-8">@(userConfig.GetText("networkAreaRequired")):</label>
@@ -102,7 +118,7 @@
                 </EditList>
                 <div class="row col-sm-12 mt-1">
                     <input type="text" class="col-sm-10" @bind="actPath" />
-                    <button type="button" class="col-sm-2 btn btn-sm btn-primary" @onclick="AddPath" @onclick:preventDefault>@(userConfig.GetText("add"))</button>
+                    <button type="button" class="col-sm-2 btn btn-sm btn-primary" @onclick="AddPath" @onclick:preventDefault>@(ModellingHandlerBase.DisplayButton(userConfig, "add", Icons.Add))</button>
                 </div>
             </div>
         </div>
@@ -147,7 +163,7 @@ else
     </div>
 }
 <PredefServices @bind-Display="predefServices"/>
-
+<SearchNwObject @bind-Display="searchArea" @bind-ObjectList="commonAreas" CommonAreaMode="true"/>
 
 
 @code
@@ -160,7 +176,13 @@ else
     private List<string> PathsToAdd = new();
     private List<string> PathsToDelete = new();
     private string actPath = "";
+    private List<ModellingNwGroup> allAreas = new();
+    private List<long> commonAreaIds = new();
+    private List<ModellingNwGroupWrapper> commonAreas = new();
+    private List<ModellingNwGroupWrapper> AreasToAdd = new();
+    private List<ModellingNwGroupWrapper> AreasToDelete = new();
     private bool predefServices = false;
+    private bool searchArea = false;
     private ModellingNamingConvention namingConvention = new();
 
 
@@ -171,6 +193,8 @@ else
             configData = await globalConfig.GetEditableConfig();
             appDataPaths = JsonSerializer.Deserialize<List<string>>(configData.ImportAppDataPath) ?? new();
             namingConvention = JsonSerializer.Deserialize<ModellingNamingConvention>(configData.ModNamingConvention) ?? new();
+            allAreas = await apiConnection.SendQueryAsync<List<ModellingNwGroup>>(FWO.Api.Client.Queries.ModellingQueries.getNwGroupObjects, new { grpType = (int)ModellingTypes.ModObjectType.NetworkArea });
+            RefreshAreas();
         }
         catch (Exception exception)
         {
@@ -178,6 +202,23 @@ else
         }
     }
 
+    private void RefreshAreas()
+    {
+        if(configData.ModCommonAreas != "")
+        {
+            commonAreaIds = JsonSerializer.Deserialize<List<long>>(configData.ModCommonAreas) ?? new();
+        }
+        commonAreas = new();
+        foreach(var areaId in commonAreaIds)
+        {
+            ModellingNwGroup? area = allAreas.FirstOrDefault(a => a.Id == areaId);
+            if(area != null)
+            {
+                commonAreas.Add(new () { Content = area });
+            }
+        }
+    }
+
     private void AddPath()
     {
         if(actPath != "")
@@ -192,6 +233,11 @@ else
         predefServices = true;
     }
 
+    private void SearchArea()
+    {
+        searchArea = true;
+    }
+
     private async Task Save()
     {
         try
@@ -208,9 +254,17 @@ else
                 }
                 configData.ImportAppDataPath = JsonSerializer.Serialize(appDataPaths);
                 configData.ModNamingConvention = JsonSerializer.Serialize(namingConvention);
+                commonAreaIds = commonAreas.ConvertAll(x => x.Content.Id);
+                foreach(var area in AreasToDelete)
+                {
+                    commonAreaIds.Remove(area.Content.Id);
+                }
+                configData.ModCommonAreas = JsonSerializer.Serialize(commonAreaIds);
                 await globalConfig.WriteToDatabase(configData, apiConnection);
                 PathsToDelete = new();
                 PathsToAdd = new();
+                AreasToDelete = new();
+                RefreshAreas();
                 DisplayMessageInUi(null, userConfig.GetText("modelling_settings"), userConfig.GetText("U5301"), false);
             }
             else
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
index 2ca29e7b8..a862464f6 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
@@ -200,7 +200,7 @@ public async Task DeleteConnection()
             {
                 if((await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.deleteConnection, new { id = actConn.Id })).AffectedRows > 0)
                 {
-                    await LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ObjectType.Connection, actConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ModObjectType.Connection, actConn.Id,
                         $"Deleted {(actConn.IsInterface? "Interface" : "Connection")}: {actConn.Name}", Application.Id);
                     Connections.Remove(actConn);
                     DeleteConnMode = false;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
index 13a8c2cf6..745ccb958 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
@@ -206,7 +206,7 @@ private async Task AddAppRoleToDb()
                 if (returnIds != null)
                 {
                     ActAppRole.Id = returnIds[0].NewId;
-                    await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ObjectType.AppRole, ActAppRole.Id,
+                    await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ModObjectType.AppRole, ActAppRole.Id,
                         $"New App Role: {ActAppRole.Display()}", Application.Id);
                     foreach(var appServer in ActAppRole.AppServers)
                     {
@@ -216,13 +216,13 @@ await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ObjectType.AppR
                             nwGroupId = ActAppRole.Id
                         };
                         await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.addNwObjectToNwGroup, Vars);
-                        await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ObjectType.AppRole, ActAppRole.Id,
+                        await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ModObjectType.AppRole, ActAppRole.Id,
                             $"Added App Server {appServer.Content.Display()} to App Role: {ActAppRole.Display()}", Application.Id);
                     }
                     ActAppRole.Creator = userConfig.User.Name;
                     ActAppRole.CreationDate = DateTime.Now;
                     AppRoles.Add(ActAppRole);
-                    AvailableNwElems.Add(new KeyValuePair<int, long>((int)ModellingTypes.ObjectType.AppRole, ActAppRole.Id));
+                    AvailableNwElems.Add(new KeyValuePair<int, long>((int)ModellingTypes.ModObjectType.AppRole, ActAppRole.Id));
                 }
             }
             catch (Exception exception)
@@ -244,7 +244,7 @@ private async Task UpdateAppRoleInDb()
                     comment = ActAppRole.Comment
                 };
                 await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.updateAppRole, Variables);
-                await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ObjectType.AppRole, ActAppRole.Id,
+                await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ModObjectType.AppRole, ActAppRole.Id,
                     $"Updated App Role: {ActAppRole.Display()}", Application.Id);
                 foreach(var appServer in AppServerToDelete)
                 {
@@ -254,7 +254,7 @@ await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ObjectType.AppR
                         nwGroupId = ActAppRole.Id
                     };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.removeNwObjectFromNwGroup, Vars);
-                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ObjectType.AppRole, ActAppRole.Id,
+                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ModObjectType.AppRole, ActAppRole.Id,
                         $"Removed App Server {appServer.Display()} from App Role: {ActAppRole.Display()}", Application.Id);
                 }
                 foreach(var appServer in AppServerToAdd)
@@ -265,7 +265,7 @@ await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ObjectType.Ap
                         nwGroupId = ActAppRole.Id
                     };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.addNwObjectToNwGroup, Vars);
-                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ObjectType.AppRole, ActAppRole.Id,
+                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ModObjectType.AppRole, ActAppRole.Id,
                         $"Added App Server {appServer.Display()} to App Role: {ActAppRole.Display()}", Application.Id);
                 }
             }
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
index c7e2bff13..47aa0d072 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
@@ -98,7 +98,7 @@ private async Task<bool> AddAppServerToDb()
                 if (returnIds != null)
                 {
                     ActAppServer.Id = returnIds[0].NewId;
-                    await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ObjectType.AppServer, ActAppServer.Id,
+                    await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ModObjectType.AppServer, ActAppServer.Id,
                         $"New App Server: {ActAppServer.Display()}", Application.Id);
                     AvailableAppServers.Add(ActAppServer);
                 }
@@ -131,7 +131,7 @@ private async Task<bool> UpdateAppServerInDb()
                     importSource = GlobalConst.kManual  // todo
                 };
                 await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.updateAppServer, Variables);
-                await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ObjectType.AppServer, ActAppServer.Id,
+                await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ModObjectType.AppServer, ActAppServer.Id,
                     $"Updated App Server: {ActAppServer.Display()}", Application.Id);
                 return true;
             }
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs
index 6da6e5dfd..364f0367f 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs
@@ -79,14 +79,14 @@ public async Task DeleteAppServer()
                 if(await CheckAppServerInUse(actAppServer))
                 {
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.setAppServerDeletedState, new { id = actAppServer.Id, deleted = true });
-                    await LogChange(ModellingTypes.ChangeType.MarkDeleted, ModellingTypes.ObjectType.AppServer, actAppServer.Id,
+                    await LogChange(ModellingTypes.ChangeType.MarkDeleted, ModellingTypes.ModObjectType.AppServer, actAppServer.Id,
                         $"Mark App Server as deleted: {actAppServer.Display()}", Application.Id);
                     actAppServer.IsDeleted = true;
                     ManualAppServers[ManualAppServers.FindIndex(x => x.Id == actAppServer.Id)] = actAppServer;
                 }
                 else if((await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.deleteAppServer, new { id = actAppServer.Id })).AffectedRows > 0)
                 {
-                    await LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ObjectType.AppServer, actAppServer.Id,
+                    await LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ModObjectType.AppServer, actAppServer.Id,
                         $"Deleted App Server: {actAppServer.Display()}", Application.Id);
                     ManualAppServers.Remove(actAppServer);
                 }
@@ -113,7 +113,7 @@ public async Task ReactivateAppServer()
                 if(actAppServer.IsDeleted)
                 {
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.setAppServerDeletedState, new { id = actAppServer.Id, deleted = false });
-                    await LogChange(ModellingTypes.ChangeType.Reactivate, ModellingTypes.ObjectType.AppServer, actAppServer.Id,
+                    await LogChange(ModellingTypes.ChangeType.Reactivate, ModellingTypes.ModObjectType.AppServer, actAppServer.Id,
                         $"Reactivate App Server: {actAppServer.Display()}", Application.Id);
                     actAppServer.IsDeleted = false;
                     ManualAppServers[ManualAppServers.FindIndex(x => x.Id == actAppServer.Id)] = actAppServer;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
index 3cdfb90ad..97e8de48c 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
@@ -2,6 +2,7 @@
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using System.Text.Json;
 
 
 namespace FWO.Ui.Services
@@ -14,6 +15,7 @@ public class ModellingConnectionHandler : ModellingHandlerBase
         public List<ModellingAppServer> AvailableAppServers { get; set; } = new();
         public List<ModellingAppRole> AvailableAppRoles { get; set; } = new();
         public List<ModellingNwGroupWrapper> AvailableSelectedObjects { get; set; } = new();
+        public List<ModellingNwGroupWrapper> AvailableCommonAreas { get; set; } = new();
         public List<KeyValuePair<int, long>> AvailableNwElems { get; set; } = new();
         public List<ModellingServiceGroup> AvailableServiceGroups { get; set; } = new();
         public List<ModellingService> AvailableServices { get; set; } = new();
@@ -87,26 +89,68 @@ public async Task Init()
             try
             {
                 PreselectedInterfaces = ModellingConnectionWrapper.Resolve(await apiConnection.SendQueryAsync<List<ModellingConnectionWrapper>>(ModellingQueries.getSelectedConnections, new { appId = Application.Id })).ToList();
+                await InitAvailableNWObjects();
+                await InitAvailableSvcObjects();
+                RefreshSelectedNwObjects();
+                InterfaceName = await ExtractUsedInterface(ActConn);
+                allApps = await apiConnection.SendQueryAsync<List<FwoOwner>>(OwnerQueries.getOwnersWithConn);
+            }
+            catch (Exception exception)
+            {
+                DisplayMessageInUi(exception, userConfig.GetText("fetch_data"), "", true);
+            }
+        }
+
+        public async Task InitAvailableNWObjects()
+        {
+            try
+            {
                 AvailableAppServers = await apiConnection.SendQueryAsync<List<ModellingAppServer>>(ModellingQueries.getAppServers, new { appId = Application.Id });
                 AvailableAppRoles = await apiConnection.SendQueryAsync<List<ModellingAppRole>>(ModellingQueries.getAppRoles, new { appId = Application.Id });
+
+                List<ModellingNwGroup> allAreas = await apiConnection.SendQueryAsync<List<ModellingNwGroup>>(ModellingQueries.getNwGroupObjects, new { grpType = (int)ModellingTypes.ModObjectType.NetworkArea });
+                List<long> commonAreaIds = new();
+                if(userConfig.ModCommonAreas != "")
+                {
+                    commonAreaIds = JsonSerializer.Deserialize<List<long>>(userConfig.ModCommonAreas) ?? new();
+                }
+                AvailableCommonAreas = new();
+                foreach(var areaId in commonAreaIds)
+                {
+                    ModellingNwGroup? area = allAreas.FirstOrDefault(a => a.Id == areaId);
+                    if(area != null)
+                    {
+                        AvailableCommonAreas.Add(new () { Content = area });
+                    }
+                }
+                
                 AvailableSelectedObjects = await apiConnection.SendQueryAsync<List<ModellingNwGroupWrapper>>(ModellingQueries.getSelectedNwGroupObjects, new { appId = Application.Id });
+                AvailableSelectedObjects = AvailableSelectedObjects.Where(x => !AvailableCommonAreas.Contains(x)).ToList();
+            }
+            catch (Exception exception)
+            {
+                DisplayMessageInUi(exception, userConfig.GetText("fetch_data"), "", true);
+            }
+        }
+
+        public async Task InitAvailableSvcObjects()
+        {
+            try
+            {
                 AvailableServiceGroups = (await apiConnection.SendQueryAsync<List<ModellingServiceGroup>>(ModellingQueries.getGlobalServiceGroups)).Where(x => x.AppId != Application.Id).ToList();
                 AvailableServiceGroups.AddRange(await apiConnection.SendQueryAsync<List<ModellingServiceGroup>>(ModellingQueries.getServiceGroupsForApp, new { appId = Application.Id }));
                 AvailableServices = await apiConnection.SendQueryAsync<List<ModellingService>>(ModellingQueries.getServicesForApp, new { appId = Application.Id });
                 foreach(var svcGrp in AvailableServiceGroups)
                 {
-                    AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ObjectType.ServiceGroup, svcGrp.Id));
+                    AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ModObjectType.ServiceGroup, svcGrp.Id));
                 }
                 if(userConfig.AllowServiceInConn)
                 {
                     foreach(var svc in AvailableServices)
                     {
-                        AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ObjectType.Service, svc.Id));
+                        AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ModObjectType.Service, svc.Id));
                     }
                 }
-                RefreshSelectedNwObjects();
-                InterfaceName = await ExtractUsedInterface(ActConn);
-                allApps = await apiConnection.SendQueryAsync<List<FwoOwner>>(OwnerQueries.getOwnersWithConn);
             }
             catch (Exception exception)
             {
@@ -131,19 +175,23 @@ public string DisplayInterface(ModellingConnection? inter)
         public bool RefreshSelectedNwObjects()
         {
             AvailableNwElems = new();
+            foreach(var obj in AvailableCommonAreas)
+            {
+                AvailableNwElems.Add(new KeyValuePair<int, long>(obj.Content.GroupType, obj.Content.Id));
+            }
             foreach(var obj in AvailableSelectedObjects)
             {
                 AvailableNwElems.Add(new KeyValuePair<int, long>(obj.Content.GroupType, obj.Content.Id));
             }
             foreach(var appRole in AvailableAppRoles)
             {
-                AvailableNwElems.Add(new KeyValuePair<int, long>((int)ModellingTypes.ObjectType.AppRole, appRole.Id));
+                AvailableNwElems.Add(new KeyValuePair<int, long>((int)ModellingTypes.ModObjectType.AppRole, appRole.Id));
             }
             if(userConfig.AllowServerInConn)
             {
                 foreach(var appServer in AvailableAppServers.Where(x => !x.IsDeleted))
                 {
-                    AvailableNwElems.Add(new KeyValuePair<int, long>((int)ModellingTypes.ObjectType.AppServer, appServer.Id));
+                    AvailableNwElems.Add(new KeyValuePair<int, long>((int)ModellingTypes.ModObjectType.AppServer, appServer.Id));
                 }
             }
             return true;
@@ -394,10 +442,10 @@ public async Task DeleteAppRole()
             {
                 if((await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.deleteNwGroup, new { id = actAppRole.Id })).AffectedRows > 0)
                 {
-                    await LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ObjectType.AppRole, actAppRole.Id,
+                    await LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ModObjectType.AppRole, actAppRole.Id,
                         $"Deleted App Role: {actAppRole.Display()}", Application.Id);
                     AvailableAppRoles.Remove(actAppRole);
-                    AvailableNwElems.Remove(AvailableNwElems.FirstOrDefault(x => x.Key == (int)ModellingTypes.ObjectType.AppRole && x.Value == actAppRole.Id));
+                    AvailableNwElems.Remove(AvailableNwElems.FirstOrDefault(x => x.Key == (int)ModellingTypes.ModObjectType.AppRole && x.Value == actAppRole.Id));
                     DeleteAppRoleMode = false;
                 }
             }
@@ -517,10 +565,10 @@ public async Task DeleteServiceGroup()
             {
                 if((await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.deleteServiceGroup, new { id = actServiceGroup.Id })).AffectedRows > 0)
                 {
-                    await LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ObjectType.ServiceGroup, actServiceGroup.Id,
+                    await LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ModObjectType.ServiceGroup, actServiceGroup.Id,
                         $"Deleted Service Group: {actServiceGroup.Display()}", Application.Id);
                     AvailableServiceGroups.Remove(actServiceGroup);
-                    AvailableSvcElems.Remove(AvailableSvcElems.FirstOrDefault(x => x.Key == (int)ModellingTypes.ObjectType.ServiceGroup && x.Value == actServiceGroup.Id));
+                    AvailableSvcElems.Remove(AvailableSvcElems.FirstOrDefault(x => x.Key == (int)ModellingTypes.ModObjectType.ServiceGroup && x.Value == actServiceGroup.Id));
                     DeleteSvcGrpMode = false;
                 }
             }
@@ -825,7 +873,7 @@ private async Task AddConnectionToDb()
                 if (returnIds != null)
                 {
                     ActConn.Id = returnIds[0].NewId;
-                    await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                         $"New {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}", Application.Id);
                     if(ActConn.UsedInterfaceId == null || ActConn.DstFromInterface)
                     {
@@ -873,7 +921,7 @@ private async Task UpdateConnectionInDb()
                     commonSvc = ActConn.IsCommonService
                 };
                 await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.updateConnection, Variables);
-                await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                     $"Updated {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}", Application.Id);
 
                 if(ActConn.UsedInterfaceId == null || ActConn.DstFromInterface)
@@ -911,21 +959,21 @@ private async Task AddNwObjects(List<ModellingAppServer> appServers, List<Modell
                 {
                     var Variables = new { nwObjectId = appServer.Id, connectionId = ActConn.Id, connectionField = (int)field };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.addAppServerToConnection, Variables);
-                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                         $"Added App Server {appServer.Display()} to {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}: {field}", Application.Id);
                 }
                 foreach(var appRole in appRoles)
                 {
                     var Variables = new { nwGroupId = appRole.Id, connectionId = ActConn.Id, connectionField = (int)field };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.addNwGroupToConnection, Variables);
-                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                         $"Added App Role {appRole.Display()} to {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}: {field}", Application.Id);
                 }
                 foreach(var nwGroup in nwGroups)
                 {
                     var Variables = new { nwGroupId = nwGroup.Id, connectionId = ActConn.Id, connectionField = (int)field };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.addNwGroupToConnection, Variables);
-                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                         $"Added Object {nwGroup.Display()} to {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}: {field}", Application.Id);
                 }
             }
@@ -943,21 +991,21 @@ private async Task RemoveNwObjects(List<ModellingAppServer> appServers, List<Mod
                 {
                     var Variables = new { nwObjectId = appServer.Id, connectionId = ActConn.Id, connectionField = (int)field };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.removeAppServerFromConnection, Variables);
-                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                         $"Removed App Server {appServer.Display()} from {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}: {field}", Application.Id);
                 }
                 foreach(var appRole in appRoles)
                 {
                     var Variables = new { nwGroupId = appRole.Id, connectionId = ActConn.Id, connectionField = (int)field };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.removeNwGroupFromConnection, Variables);
-                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                         $"Removed App Role {appRole.Display()} from {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}: {field}", Application.Id);
                 }
                 foreach(var nwGroup in nwGroups)
                 {
                     var Variables = new { nwGroupId = nwGroup.Id, connectionId = ActConn.Id, connectionField = (int)field };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.removeNwGroupFromConnection, Variables);
-                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                         $"Removed Object {nwGroup.Display()} from {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}: {field}", Application.Id);
                 }
             }
@@ -975,14 +1023,14 @@ private async Task AddSvcObjects(List<ModellingService> services, List<Modelling
                 {
                     var svcParams = new { serviceId = service.Id, connectionId = ActConn.Id };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.addServiceToConnection, svcParams);
-                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                         $"Added Service {service.Display()} to {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}", Application.Id);
                 }
                 foreach(var serviceGrp in serviceGroups)
                 {
                     var svcGrpParams = new { serviceGroupId = serviceGrp.Id, connectionId = ActConn.Id };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.addServiceGroupToConnection, svcGrpParams);
-                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                         $"Added Service Group {serviceGrp.Display()} to {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}", Application.Id);
                 }
             }
@@ -1000,14 +1048,14 @@ private async Task RemoveSvcObjects()
                 {
                     var svcParams = new { serviceId = service.Id, connectionId = ActConn.Id };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.removeServiceFromConnection, svcParams);
-                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                         $"Removed Service {service.Display()} from {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}", Application.Id);
                 }
                 foreach(var serviceGrp in SvcGrpToDelete)
                 {
                     var svcGrpParams = new { serviceGroupId = serviceGrp.Id, connectionId = ActConn.Id };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.removeServiceGroupFromConnection, svcGrpParams);
-                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ObjectType.Connection, ActConn.Id,
+                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ModObjectType.Connection, ActConn.Id,
                         $"Removed Service Group {serviceGrp.Display()} from {(ActConn.IsInterface? "Interface" : "Connection")}: {ActConn.Name}", Application.Id);
                 }
             }
diff --git a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
index 788231706..0f7850f61 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
@@ -34,16 +34,20 @@ public ModellingHandlerBase(ApiConnection apiConnection, UserConfig userConfig,
         }
         
         public MarkupString DisplayButton(string text, string icon, string iconText = "", string objIcon = "")
+        {
+            return DisplayButton(userConfig, text, icon, iconText, objIcon);
+        }
+
+        public static MarkupString DisplayButton(UserConfig userConfig, string text, string icon, string iconText = "", string objIcon = "")
         {
             string tooltip = userConfig.ModIconify ? $"data-toggle=\"tooltip\" title=\"{@userConfig.PureLine(text)}\"" : "";
             string iconToDisplay = $"<span class=\"{icon}\" {@tooltip}/>";
             string iconTextPart = iconText != "" ? " <span class=\"stdtext\">" + userConfig.GetText(iconText) + "</span>" : "";
             string objIconToDisplay = objIcon != "" ? $" <span class=\"{objIcon}\"/>" : "";
-            
             return (MarkupString)(userConfig.ModIconify ? iconToDisplay + iconTextPart + objIconToDisplay : userConfig.GetText(text));
         }
 
-        protected async Task LogChange(ModellingTypes.ChangeType changeType, ModellingTypes.ObjectType objectType, long objId, string text, int? applicationId)
+        protected async Task LogChange(ModellingTypes.ChangeType changeType, ModellingTypes.ModObjectType objectType, long objId, string text, int? applicationId)
         {
             try
             {
@@ -64,7 +68,7 @@ protected async Task LogChange(ModellingTypes.ChangeType changeType, ModellingTy
             }
         }
 
-        public static async Task LogChange(ModellingTypes.ChangeType changeType, ModellingTypes.ObjectType objectType, long objId, string text,
+        public static async Task LogChange(ModellingTypes.ChangeType changeType, ModellingTypes.ModObjectType objectType, long objId, string text,
             ApiConnection apiConnection, UserConfig userConfig, int? applicationId, Action<Exception?, string, string, bool> displayMessageInUi)
         {
             try
@@ -124,10 +128,10 @@ public async Task<bool> DeleteService(List<ModellingService> availableServices,
             {
                 if((await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.deleteService, new { id = actService.Id })).AffectedRows > 0)
                 {
-                    await LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ObjectType.Service, actService.Id,
+                    await LogChange(ModellingTypes.ChangeType.Delete, ModellingTypes.ModObjectType.Service, actService.Id,
                         $"Deleted Service: {actService.Display()}", Application.Id);
                     availableServices.Remove(actService);
-                    availableSvcElems?.Remove(availableSvcElems.FirstOrDefault(x => x.Key == (int)ModellingTypes.ObjectType.Service && x.Value == actService.Id));
+                    availableSvcElems?.Remove(availableSvcElems.FirstOrDefault(x => x.Key == (int)ModellingTypes.ModObjectType.Service && x.Value == actService.Id));
                     return false;
                 }
             }
diff --git a/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
index 38221b0e7..f1b189ccb 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
@@ -153,7 +153,7 @@ private async Task AddServiceGroupToDb()
                 if (returnIds != null)
                 {
                     ActServiceGroup.Id = returnIds[0].NewId;
-                    await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ObjectType.ServiceGroup, ActServiceGroup.Id,
+                    await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ModObjectType.ServiceGroup, ActServiceGroup.Id,
                         $"New Service Group: {ActServiceGroup.Display()}", Application.Id);
                     foreach(var service in ActServiceGroup.Services)
                     {
@@ -163,13 +163,13 @@ await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ObjectType.Serv
                             serviceGroupId = ActServiceGroup.Id
                         };
                         await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.addServiceToServiceGroup, svcParams);
-                        await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ObjectType.ServiceGroup, ActServiceGroup.Id,
+                        await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ModObjectType.ServiceGroup, ActServiceGroup.Id,
                             $"Added Service {service.Content.Display()} to Service Group: {ActServiceGroup.Display()}", Application.Id);
                     }
                     ActServiceGroup.Creator = userConfig.User.Name;
                     ActServiceGroup.CreationDate = DateTime.Now;
                     ServiceGroups.Add(ActServiceGroup);
-                    AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ObjectType.ServiceGroup, ActServiceGroup.Id));
+                    AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ModObjectType.ServiceGroup, ActServiceGroup.Id));
                 }
             }
             catch (Exception exception)
@@ -189,7 +189,7 @@ private async Task UpdateServiceGroupInDb()
                     comment = ActServiceGroup.Comment,
                 };
                 await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.updateServiceGroup, svcGrpParams);
-                await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ObjectType.ServiceGroup, ActServiceGroup.Id,
+                await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ModObjectType.ServiceGroup, ActServiceGroup.Id,
                     $"Updated Service Group: {ActServiceGroup.Display()}", Application.Id);
                 foreach(var service in SvcToDelete)
                 {
@@ -199,7 +199,7 @@ await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ObjectType.Serv
                         serviceGroupId = ActServiceGroup.Id
                     };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.removeServiceFromServiceGroup, svcParams);
-                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ObjectType.ServiceGroup, ActServiceGroup.Id,
+                    await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ModObjectType.ServiceGroup, ActServiceGroup.Id,
                         $"Removed Service {service.Display()} from Service Group: {ActServiceGroup.Display()}", Application.Id);
                 }
                 foreach(var service in SvcToAdd)
@@ -210,7 +210,7 @@ await LogChange(ModellingTypes.ChangeType.Unassign, ModellingTypes.ObjectType.Se
                         serviceGroupId = ActServiceGroup.Id
                     };
                     await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.addServiceToServiceGroup, svcParams);
-                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ObjectType.ServiceGroup, ActServiceGroup.Id,
+                    await LogChange(ModellingTypes.ChangeType.Assign, ModellingTypes.ModObjectType.ServiceGroup, ActServiceGroup.Id,
                         $"Added Service {service.Display()} to Service Group: {ActServiceGroup.Display()}", Application.Id);
                 }
             }
diff --git a/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
index f98375d07..a8311cf63 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
@@ -105,10 +105,10 @@ private async Task AddServiceToDb()
                 if (returnIds != null)
                 {
                     ActService.Id = returnIds[0].NewId;
-                    await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ObjectType.Service, ActService.Id,
+                    await LogChange(ModellingTypes.ChangeType.Insert, ModellingTypes.ModObjectType.Service, ActService.Id,
                         $"New Service: {ActService.Display()}", Application.Id);
                     AvailableServices.Add(ActService);
-                    AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ObjectType.Service, ActService.Id));
+                    AvailableSvcElems.Add(new KeyValuePair<int, int>((int)ModellingTypes.ModObjectType.Service, ActService.Id));
                 }
             }
             catch (Exception exception)
@@ -130,7 +130,7 @@ private async Task UpdateServiceInDb()
                     protoId = ActService.Protocol?.Id
                 };
                 await apiConnection.SendQueryAsync<ReturnId>(ModellingQueries.updateService, Variables);
-                await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ObjectType.Service, ActService.Id,
+                await LogChange(ModellingTypes.ChangeType.Update, ModellingTypes.ModObjectType.Service, ActService.Id,
                     $"Updated Service: {ActService.Display()}", Application.Id);
             }
             catch (Exception exception)

From 6b70ef2b528bf41ef801af63fde281d0ac8d1d23 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 19 Mar 2024 12:02:50 +0100
Subject: [PATCH 49/84] 2 fixes

---
 roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs | 4 ++++
 roles/ui/files/FWO.UI/Shared/ObjectGroup.razor            | 6 ++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
index a8311cf63..db60f9d28 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
@@ -68,6 +68,10 @@ private bool CheckService()
                 DisplayMessageInUi(null, userConfig.GetText("edit_service"), userConfig.GetText("E5102"), true);
                 return false;
             }
+            if(ActService.PortEnd == null)
+            {
+                ActService.PortEnd = ActService.Port;
+            }
             if(ActService.Protocol.Name.ToLower().StartsWith("esp"))
             {
                 ActService.Port = null;
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index 605bdd462..927b44dc5 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -123,8 +123,10 @@
                             <Detail Title="@(userConfig.GetText("uid"))" Data=@context.Uid />
                             @if (context.Type.Name != ObjectType.Group)
                             {
-                                <Detail Title="@(userConfig.GetText("source_port"))" Data=@(context.SourcePort == context.SourcePortEnd ? context.SourcePort.ToString() : $"{context.SourcePort.ToString()}-{context.SourcePortEnd.ToString()}") />
-                                <Detail Title="@(userConfig.GetText("destination_port"))" Data=@(context.DestinationPort == context.DestinationPortEnd ? context.DestinationPort.ToString() : $"{context.DestinationPort.ToString()}-{context.DestinationPortEnd.ToString()}") />
+                                <Detail Title="@(userConfig.GetText("source_port"))" Data=@(context.SourcePort == context.SourcePortEnd || context.SourcePortEnd.ToString() == "" ? 
+                                    context.SourcePort.ToString() : $"{context.SourcePort.ToString()}-{context.SourcePortEnd.ToString()}") />
+                                <Detail Title="@(userConfig.GetText("destination_port"))" Data=@(context.DestinationPort == context.DestinationPortEnd || context.DestinationPortEnd.ToString() == "" ? 
+                                    context.DestinationPort.ToString() : $"{context.DestinationPort.ToString()}-{context.DestinationPortEnd.ToString()}") />
                                 <Detail Title="@(userConfig.GetText("protocol"))" Data=@context.Protocol?.Name />
                                 <Detail Title="@(userConfig.GetText("code"))" Data=@context.Code />
                                 <Detail Title="@(userConfig.GetText("timeout"))" Data=@context.Timeout.ToString() />

From ca73457e765bdcf4d42ddb75985cfe08699070ff Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 19 Mar 2024 15:31:47 +0100
Subject: [PATCH 50/84] display interfaces

---
 .../files/sql/idempotent/fworch-texts.sql     |  2 +
 .../Pages/NetworkModelling/EditConn.razor     | 21 ++++++++--
 .../NetworkModelling/EditConnLeftSide.razor   |  7 +++-
 .../NetworkModelling/EditConnPopup.razor      | 39 +++++++++++++++++++
 .../Services/ModellingConnectionHandler.cs    | 11 ++++++
 .../FWO.UI/Services/ModellingHandlerBase.cs   | 20 ++++++++++
 6 files changed, 96 insertions(+), 4 deletions(-)
 create mode 100644 roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnPopup.razor

diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index 0cf4363fd..1f42083af 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -1092,6 +1092,8 @@ INSERT INTO txt VALUES ('provided_interfaces', 	'German',	'Bereitgestellte Schni
 INSERT INTO txt VALUES ('provided_interfaces', 	'English',	'Provided Interfaces');
 INSERT INTO txt VALUES ('remove_interface', 	'German',	'Schnittstelle entfernen');
 INSERT INTO txt VALUES ('remove_interface', 	'English',	'Remove Interface');
+INSERT INTO txt VALUES ('display_interface',    'German',	'Schnittstelle darstellen');
+INSERT INTO txt VALUES ('display_interface',    'English',	'Display Interface');
 INSERT INTO txt VALUES ('use',                  'German', 	'Benutzen');
 INSERT INTO txt VALUES ('use',                  'English', 	'Use');
 INSERT INTO txt VALUES ('services_group', 	    'German',	'Dienstgruppe');
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
index fb9734ea2..16caa417f 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
@@ -12,9 +12,18 @@
     }
     <div style="margin-left: @($"{(ConnHandler.ReadOnly ? 0 : sidebarLeftWidth) + 10}px");">
         <h3>@(ConnHandler.ActConn.IsInterface ? userConfig.GetText("interface") : (ConnHandler.ActConn.IsCommonService ? userConfig.GetText("common_service") : userConfig.GetText("connection")))</h3>
-            @if(ConnHandler.ActConn.UsedInterfaceId != null)
+            @if(ConnHandler.ActConn.UsedInterfaceId != null && !PopupMode)
             {
-                <label class="col-sm-12">@(userConfig.GetText("used_interface")): @ConnHandler.InterfaceName</label>
+                <div class="col-sm-12 me-auto">
+                    <div class="d-flex flex-row">
+                        <label class="">@(userConfig.GetText("used_interface")): </label>
+                        <h5 class="ml-13">@ConnHandler.InterfaceName</h5>
+                        <button type="button" class="btn btn-sm btn-primary ml-13" @onclick="async () =>
+                            {await ConnHandler.DisplaySelectedInterface(await ConnHandler.GetUsedInterface(ConnHandler.ActConn) ?? new());
+                            await ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                            @(ConnHandler.DisplayButton("display_interface", Icons.Display))</button>
+                    </div>
+                </div>
             }
             <div class="col-sm-11 border rounded m-2 p-2">
                 <div class="form-group row me-auto">
@@ -235,7 +244,9 @@
                 }
             </div>
             <div class="ml-13 btn-group">
-                @if(ConnHandler.ReadOnly)
+                @if(PopupMode)
+                {}
+                else if(ConnHandler.ReadOnly)
                 {
                     <button type="button" class="btn btn-sm btn-primary" @onclick="Cancel">@(userConfig.GetText("ok"))</button>
                 }
@@ -260,6 +271,7 @@
     <InProgress Display="workInProgress"/>
     <EditServiceGroup @bind-Display="ConnHandler.EditSvcGrpMode" @bind-SvcGroupHandler="ConnHandler.SvcGrpHandler" AddMode="false"/>
     <EditAppRole @bind-Display="ConnHandler.EditAppRoleMode" @bind-AppRoleHandler="ConnHandler.AppRoleHandler" AddMode="false"/>
+    <EditConnPopup @bind-Display="ConnHandler.DisplaySelectedInterfaceMode" ConnHandler="ConnHandler.IntConnHandler"/>
 }
 
 @code
@@ -282,6 +294,9 @@
     [Parameter]
     public Func<bool> ClosingAction { get; set; } = DefaultInit.DoNothingSync;
 
+    [Parameter]
+    public bool PopupMode { get; set; } = false;
+
 
     private ModellingDnDContainer Container { get; set; } = new();
     private int sidebarInitWidth = GlobalConst.kSidebarLeftWidth + 300;
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
index 29bdf499e..8240e5062 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
@@ -70,7 +70,6 @@
                             @(ConnHandler.DisplayButton("remove", Icons.Delete))</button>
                     }
                 }
-
             }
         </div>
         <br><br>
@@ -166,6 +165,10 @@
                         {ConnHandler.RequestRemovePreselectedInterface(selectedInterfaces[0]);
                         selectedInterfaces = new(); ConnHandlerChanged.InvokeAsync(ConnHandler);}">
                         @(ConnHandler.DisplayButton("remove", Icons.Delete))</button>
+                    <button type="button" class="btn btn-sm btn-primary" @onclick="async () =>
+                        {await ConnHandler.DisplaySelectedInterface(selectedInterfaces[0]);
+                        await ConnHandlerChanged.InvokeAsync(ConnHandler);}">
+                        @(ConnHandler.DisplayButton("display_interface", Icons.Display))</button>
                 }
             </div>
             <br>
@@ -189,6 +192,8 @@
     Application="ConnHandler.Application" Refresh="ConnHandler.RefreshSelectedNwObjects"/>
 <ConfirmDelete @bind-Display="ConnHandler.RemoveNwObjectMode" PerformAction="async () => await WrapAsync(ConnHandler.RemoveNwGrpObject)"
     Title="@userConfig.GetText("remove_nw_object")" DeleteMessage="@ConnHandler.Message" AllowedRoles="@Roles.Modeller" Remove="true" Enabled="ConnHandler.IsOwner"/>
+<EditConnPopup @bind-Display="ConnHandler.DisplaySelectedInterfaceMode" ConnHandler="ConnHandler.IntConnHandler"/>
+
 
 @code
 {
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnPopup.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnPopup.razor
new file mode 100644
index 000000000..f31e43fb3
--- /dev/null
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnPopup.razor
@@ -0,0 +1,39 @@
+@using FWO.Config.Api
+
+@inject ApiConnection apiConnection
+@inject UserConfig userConfig
+
+
+<PopUp Title="@ConnHandler?.Application.Name" Show="@Display" Size=PopupSize.XLarge OnClose="Close">
+    <Body>
+        @if (Display)
+        {
+            <EditConn Display="true" ConnHandler="ConnHandler" PopupMode="true"/>
+        }
+    </Body>
+    <Footer>
+        <button type="button" class="btn btn-sm btn-primary" @onclick="Close">@(userConfig.GetText("ok"))</button>
+    </Footer>
+</PopUp>
+
+
+@code
+{
+    [CascadingParameter]
+    Action<Exception?, string, string, bool> DisplayMessageInUi { get; set; } = DefaultInit.DoNothing;
+
+    [Parameter]
+    public bool Display { get; set; } = false;
+
+    [Parameter]
+    public EventCallback<bool> DisplayChanged { get; set; }
+
+    [Parameter]
+    public ModellingConnectionHandler ConnHandler { get; set; }
+
+    private void Close()
+    {
+        Display = false;
+        DisplayChanged.InvokeAsync(Display);
+    }
+}
diff --git a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
index 97e8de48c..bd8a9e390 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
@@ -31,6 +31,8 @@ public class ModellingConnectionHandler : ModellingHandlerBase
         public bool SearchNWObjectMode = false;
         public bool RemoveNwObjectMode = false;
         public bool RemovePreselectedInterfaceMode = false;
+        public bool DisplaySelectedInterfaceMode = false;
+        public ModellingConnectionHandler? IntConnHandler;
 
         public List<ModellingAppServer> SrcAppServerToAdd { get; set; } = new();
         public List<ModellingAppServer> SrcAppServerToDelete { get; set; } = new();
@@ -271,6 +273,14 @@ public async Task RemovePreselectedInterface()
             }
         }
 
+        public async Task DisplaySelectedInterface(ModellingConnection interf)
+        {
+            FwoOwner? app = allApps.FirstOrDefault(x => x.Id == interf.AppId);
+            IntConnHandler = new ModellingConnectionHandler(apiConnection, userConfig, app ?? new(), Connections, interf, false, true, DisplayMessageInUi, false);
+            await IntConnHandler.Init();
+            DisplaySelectedInterfaceMode = true;
+        }
+
         public void AppServerToSource(List<ModellingAppServer> srcAppServers)
         {
             if(!SrcDropForbidden())
@@ -1095,6 +1105,7 @@ public void Close()
             SearchNWObjectMode = false;
             RemoveNwObjectMode = false;
             RemovePreselectedInterfaceMode = false;
+            DisplaySelectedInterfaceMode = false;
             AddAppRoleMode = false;
             EditAppRoleMode = false;
             DeleteAppRoleMode = false;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
index 0f7850f61..f1eafe883 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
@@ -179,6 +179,26 @@ public async Task<string> ExtractUsedInterface(ModellingConnection conn)
             return interfaceName;
         }
 
+        public async Task<ModellingConnection?> GetUsedInterface(ModellingConnection conn)
+        {
+            try
+            {
+                if(conn.UsedInterfaceId != null)
+                {
+                    List<ModellingConnection> interf = await apiConnection.SendQueryAsync<List<ModellingConnection>>(ModellingQueries.getInterfaceById, new {intId = conn.UsedInterfaceId});
+                    if(interf.Count > 0)
+                    {
+                        return interf[0];
+                    }
+                }
+            }
+            catch (Exception exception)
+            {
+                DisplayMessageInUi(exception, userConfig.GetText("fetch_data"), "", true);
+            }
+            return null;
+        }
+
         protected async Task<bool> CheckAppServerInUse(ModellingAppServer appServer)
         {
             try

From 55f6c46a7f3c27bce19dc8f06adfe7e28c8b1b6e Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Wed, 20 Mar 2024 21:24:01 +0100
Subject: [PATCH 51/84] add internet area

---
 .../modelling/convertNwObjDataExample.py      | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/scripts/customizing/modelling/convertNwObjDataExample.py b/scripts/customizing/modelling/convertNwObjDataExample.py
index 1fc77983d..2c6078566 100644
--- a/scripts/customizing/modelling/convertNwObjDataExample.py
+++ b/scripts/customizing/modelling/convertNwObjDataExample.py
@@ -119,6 +119,7 @@ def extractSocketInfo(asset, services):
 
     normSubnetData = { "subnets": {}, "zones": {}, "areas": {} }
     snId = 0
+
     for subnet in subnetAr:
         # ignore all "reserved" subnets whose name starts with "RES"
         if not subnet['Subnetzname'].startswith('RES'):
@@ -169,6 +170,27 @@ def extractSocketInfo(asset, services):
         transfarea = { "name": areaName, "id_string": areaIdString, "subnets": area['subnets'] }
         transfSubnetData['areas'].append(transfarea)
 
+    # add Internet as NA00_Internet
+        
+    internetSubnets = ['0.0.0.0/5', '8.0.0.0/7', '11.0.0.0/8', '12.0.0.0/6', '16.0.0.0/4', '32.0.0.0/3', '64.0.0.0/2', 
+                       '128.0.0.0/3', '160.0.0.0/5', '168.0.0.0/6', '172.0.0.0/12', '172.32.0.0/11', '172.64.0.0/10', 
+                       '172.128.0.0/9', '173.0.0.0/8', '174.0.0.0/7', '176.0.0.0/4', '192.0.0.0/9', '192.128.0.0/11', 
+                       '192.160.0.0/13', '192.169.0.0/16', '192.170.0.0/15', '192.172.0.0/14', '192.176.0.0/12', 
+                       '192.192.0.0/10', '193.0.0.0/8', '194.0.0.0/7', '196.0.0.0/6', '200.0.0.0/5', '208.0.0.0/4', 
+                       '224.0.0.0/3']
+    internetDicts = []
+    
+    for net in internetSubnets:
+        internetDicts.append({'ip': net, 'name': 'inet'})
+
+    transfSubnetData['areas'].append({
+        'name': 'Internet',
+        'id_string': 'NA00',
+        'subnets': internetDicts
+        })
+    # open: what about ipv6 addresses?
+    # open: what about the companies own public ip addresses?
+
     path = os.path.dirname(__file__)
     fileOut = path + '/' + Path(os.path.basename(__file__)).stem + ".json"
     logger.info("dumping into file " + fileOut)

From 248819269b4c465004a745396e4cacbe2e8f26bf Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Thu, 21 Mar 2024 07:21:09 +0100
Subject: [PATCH 52/84] cleanup script

---
 .../modelling/convertNwObjDataExample.py      | 32 +++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/scripts/customizing/modelling/convertNwObjDataExample.py b/scripts/customizing/modelling/convertNwObjDataExample.py
index 2c6078566..222cb07a0 100644
--- a/scripts/customizing/modelling/convertNwObjDataExample.py
+++ b/scripts/customizing/modelling/convertNwObjDataExample.py
@@ -86,6 +86,19 @@ def extractSocketInfo(asset, services):
     return sockets
 
 
+def generatePublicIPv4NetworksAsInternetArea():
+    internetSubnets = ['0.0.0.0/5', '8.0.0.0/7', '11.0.0.0/8', '12.0.0.0/6', '16.0.0.0/4', '32.0.0.0/3', '64.0.0.0/2', 
+                       '128.0.0.0/3', '160.0.0.0/5', '168.0.0.0/6', '172.0.0.0/12', '172.32.0.0/11', '172.64.0.0/10', 
+                       '172.128.0.0/9', '173.0.0.0/8', '174.0.0.0/7', '176.0.0.0/4', '192.0.0.0/9', '192.128.0.0/11', 
+                       '192.160.0.0/13', '192.169.0.0/16', '192.170.0.0/15', '192.172.0.0/14', '192.176.0.0/12', 
+                       '192.192.0.0/10', '193.0.0.0/8', '194.0.0.0/7', '196.0.0.0/6', '200.0.0.0/5', '208.0.0.0/4', 
+                       '224.0.0.0/3']
+    internetDicts = []
+    for net in internetSubnets:
+        internetDicts.append({'ip': net, 'name': 'inet'})
+    return internetDicts
+
+
 if __name__ == "__main__": 
     parser = argparse.ArgumentParser(
         description='Read configuration from FW management via API calls')
@@ -171,25 +184,12 @@ def extractSocketInfo(asset, services):
         transfSubnetData['areas'].append(transfarea)
 
     # add Internet as NA00_Internet
-        
-    internetSubnets = ['0.0.0.0/5', '8.0.0.0/7', '11.0.0.0/8', '12.0.0.0/6', '16.0.0.0/4', '32.0.0.0/3', '64.0.0.0/2', 
-                       '128.0.0.0/3', '160.0.0.0/5', '168.0.0.0/6', '172.0.0.0/12', '172.32.0.0/11', '172.64.0.0/10', 
-                       '172.128.0.0/9', '173.0.0.0/8', '174.0.0.0/7', '176.0.0.0/4', '192.0.0.0/9', '192.128.0.0/11', 
-                       '192.160.0.0/13', '192.169.0.0/16', '192.170.0.0/15', '192.172.0.0/14', '192.176.0.0/12', 
-                       '192.192.0.0/10', '193.0.0.0/8', '194.0.0.0/7', '196.0.0.0/6', '200.0.0.0/5', '208.0.0.0/4', 
-                       '224.0.0.0/3']
-    internetDicts = []
-    
-    for net in internetSubnets:
-        internetDicts.append({'ip': net, 'name': 'inet'})
-
-    transfSubnetData['areas'].append({
+    transfSubnetData['areas'].append( {
         'name': 'Internet',
         'id_string': 'NA00',
-        'subnets': internetDicts
-        })
+        'subnets': generatePublicIPv4NetworksAsInternetArea() } )        
     # open: what about ipv6 addresses?
-    # open: what about the companies own public ip addresses?
+    # open: what about the companies own public ip addresses - should they be excluded here?
 
     path = os.path.dirname(__file__)
     fileOut = path + '/' + Path(os.path.basename(__file__)).stem + ".json"

From ea2808186925a37a9e8b654f569c3498592ba3bc Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Thu, 21 Mar 2024 13:17:45 +0100
Subject: [PATCH 53/84] quick fixes

---
 roles/database/files/sql/idempotent/fworch-texts.sql  |  4 ++--
 .../FWO.UI/Pages/NetworkModelling/EditAppRole.razor   |  2 +-
 .../FWO.UI/Pages/NetworkModelling/EditConn.razor      |  2 +-
 roles/ui/files/FWO.UI/Pages/Reporting/Report.razor    | 11 +++++++----
 .../Reporting/ReportModellingParamSelection.razor     |  2 +-
 .../Pages/Reporting/ReportTemplateComponent.razor     |  7 +++++--
 6 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index 1f42083af..c540fe21d 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -1762,8 +1762,8 @@ INSERT INTO txt VALUES ('customize_texts',		'German', 	'Texte anpassen');
 INSERT INTO txt VALUES ('customize_texts',		'English', 	'Customize Texts');
 INSERT INTO txt VALUES ('ignore_helptexts',		'German', 	'Hilfetexte ignorieren');
 INSERT INTO txt VALUES ('ignore_helptexts',		'English', 	'Ignore help texts');
-INSERT INTO txt VALUES ('case_sensitive',		'German', 	'');
-INSERT INTO txt VALUES ('case_sensitive',		'English', 	'Schreibungsabh&auml;ngig');
+INSERT INTO txt VALUES ('case_sensitive',		'German', 	'Schreibungsabh&auml;ngig');
+INSERT INTO txt VALUES ('case_sensitive',		'English', 	'Case Sensitive');
 INSERT INTO txt VALUES ('key',                  'German', 	'Schl&uuml;ssel');
 INSERT INTO txt VALUES ('key',                  'English', 	'Key');
 INSERT INTO txt VALUES ('text',                 'German', 	'Text');
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
index 95769cbf1..1ca69fd6a 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditAppRole.razor
@@ -23,7 +23,7 @@
                         {
                             <div class="form-group row">
                                 <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("area"))*:</label>
-                                @if(AddMode && ! AppRoleHandler.ReadOnly)
+                                @if(AddMode && !AppRoleHandler.ReadOnly)
                                 {
                                     <div class="col-sm-8">
                                         <Dropdown ElementType="ModellingNetworkArea" SelectedElement="AppRoleHandler.ActAppRole.Area" ElementToString="@(a => a.Display())" 
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
index 16caa417f..2c808a2ab 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConn.razor
@@ -270,7 +270,7 @@
     </div>
     <InProgress Display="workInProgress"/>
     <EditServiceGroup @bind-Display="ConnHandler.EditSvcGrpMode" @bind-SvcGroupHandler="ConnHandler.SvcGrpHandler" AddMode="false"/>
-    <EditAppRole @bind-Display="ConnHandler.EditAppRoleMode" @bind-AppRoleHandler="ConnHandler.AppRoleHandler" AddMode="false"/>
+    <EditAppRole @bind-Display="ConnHandler.DisplayAppRoleMode" @bind-AppRoleHandler="ConnHandler.AppRoleHandler" AddMode="false"/>
     <EditConnPopup @bind-Display="ConnHandler.DisplaySelectedInterfaceMode" ConnHandler="ConnHandler.IntConnHandler"/>
 }
 
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 02b8f779f..f740a18b3 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -238,11 +238,14 @@
             {
                 actReportFilters.Init(userConfig, false);
                 injectedAppId = appId;
-                List<FwoOwner> owners = await apiConnection.SendQueryAsync<List<FwoOwner>>(Api.Client.Queries.OwnerQueries.getEditableOwners, new { appIds = appId });
-                if(owners.Count > 0)
+                if(showModellingReports)
                 {
-                    actReportFilters.ModellingFilter.SelectedOwner = owners.First();
-                    autoGenerateReport = true;
+                    List<FwoOwner> owners = await apiConnection.SendQueryAsync<List<FwoOwner>>(Api.Client.Queries.OwnerQueries.getEditableOwners, new { appIds = appId });
+                    if(owners.Count > 0)
+                    {
+                        actReportFilters.ModellingFilter.SelectedOwner = owners.First();
+                        autoGenerateReport = true;
+                    }
                 }
             }
             else
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor
index c8f3fa872..40c6ba2fa 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportModellingParamSelection.razor
@@ -6,7 +6,7 @@
 
 <div class="p-3">
     <h5 class="text-left">@(userConfig.GetText("owner"))</h5>
-    <Dropdown ElementType="FwoOwner" ElementToString="@(o => o.Display(userConfig.GetText("common_service")))" Nullable="true" 
+    <Dropdown ElementType="FwoOwner" ElementToString="@(o => o.Display(userConfig.GetText("common_service")))" Nullable="false" 
             @bind-SelectedElement="ModellingFilter.SelectedOwner" Elements="ownerList">
         <ElementTemplate Context="owner">
             @owner.Display(userConfig.GetText("common_service"))
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
index afbd3a166..a9c05d98d 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/ReportTemplateComponent.razor
@@ -121,7 +121,7 @@
                 <div class="form-group row mt-2">
                     <label class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("owner")):</label>
                     <div class="col-sm-8">
-                        <Dropdown ElementType="FwoOwner" ElementToString="@(o => o.Display(userConfig.GetText("common_service")))" Nullable="true" 
+                        <Dropdown ElementType="FwoOwner" ElementToString="@(o => o.Display(userConfig.GetText("common_service")))" Nullable="false" 
                                 @bind-SelectedElement="reportTemplateInEdit.ReportParams.ModellingFilter.SelectedOwner" Elements="modOwnerList">
                             <ElementTemplate Context="owner">
                                 @(owner.Display(userConfig.GetText("common_service")))
@@ -191,7 +191,10 @@
     {
         await RefreshTemplates();
         recertOwnerList = await apiConnection.SendQueryAsync<List<FwoOwner>>(FWO.Api.Client.Queries.OwnerQueries.getOwners);
-        modOwnerList = await ModellingHandlerBase.GetOwnApps(authenticationStateTask, userConfig, apiConnection, DisplayMessageInUi);
+        if(showModellingReports)
+        {
+            modOwnerList = await ModellingHandlerBase.GetOwnApps(authenticationStateTask, userConfig, apiConnection, DisplayMessageInUi);
+        }
     }
 
     public async Task RefreshTemplates()

From c8f6f91695e3d7f1fde8a48194dbf0aaa60ce494 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Fri, 22 Mar 2024 15:33:49 +0100
Subject: [PATCH 54/84] some fixes + cleanup

---
 .../FWO.Report.Filter/Ast/AstNodeFilterInt.cs |  3 +-
 .../Ast/AstNodeFilterString.cs                |  9 ++-
 .../lib/files/FWO.Report/ReportConnections.cs | 10 ++-
 .../files/FWO.UI/Pages/Reporting/Report.razor | 61 ++++++++++---------
 .../Reporting/Reports/ConnectionsReport.razor | 23 ++++---
 roles/ui/files/FWO.UI/Shared/TabSet.razor     |  4 +-
 roles/ui/files/FWO.UI/wwwroot/css/site.css    |  2 +-
 7 files changed, 64 insertions(+), 48 deletions(-)

diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs
index 7043d2438..efa418c73 100644
--- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs
+++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterInt.cs
@@ -54,7 +54,8 @@ private DynGraphqlQuery ExtractDestinationPortFilter(DynGraphqlQuery query)
             string queryVarName = AddVariable<int>(query, "dport", Operator.Kind, semanticValue);
             query.ruleWhereStatement += "rule_services: { service: { svcgrp_flats: { serviceBySvcgrpFlatMemberId: { svc_port: {_lte" +
                 ": $" + queryVarName + "}, svc_port_end: {_gte: $" + queryVarName + " } } } } }";
-            query.connectionWhereStatement += $"service_connections: {{service: {{port: {{ _lte: ${queryVarName} }}, port_end: {{ _gte: ${queryVarName} }} }} }}";
+            query.connectionWhereStatement += $"_or: [ {{ service_connections: {{service: {{ port: {{ _lte: ${queryVarName} }}, port_end: {{ _gte: ${queryVarName} }} }} }} }}, " +
+                $"{{ service_group_connections: {{service_group: {{ service_service_groups: {{ service: {{ port: {{ _lte: ${queryVarName} }}, port_end: {{ _gte: ${queryVarName} }} }} }} }} }} }} ]";
             return query;
         }
 
diff --git a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs
index f22701fbd..cf9ba9041 100644
--- a/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs
+++ b/roles/lib/files/FWO.Report.Filter/Ast/AstNodeFilterString.cs
@@ -123,7 +123,8 @@ private DynGraphqlQuery ExtractProtocolFilter(DynGraphqlQuery query)
         {
             string queryVarName = AddVariable<string>(query, "proto", Operator.Kind, semanticValue!);
             query.ruleWhereStatement += $"rule_services: {{service: {{stm_ip_proto: {{ip_proto_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }}";
-            query.connectionWhereStatement += $"service_connections: {{service: {{stm_ip_proto: {{ip_proto_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }}";
+            query.connectionWhereStatement += $"_or: [ {{ service_connections: {{service: {{stm_ip_proto: {{ip_proto_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} }}, " +
+                $"{{ service_group_connections: {{service_group: {{ service_service_groups: {{ service: {{ stm_ip_proto: {{ip_proto_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} }} }} }} ]";
             return query;
         }
 
@@ -137,8 +138,10 @@ private DynGraphqlQuery ExtractActionFilter(DynGraphqlQuery query)
         private DynGraphqlQuery ExtractServiceFilter(DynGraphqlQuery query)
         {
             string queryVarName = AddVariable<string>(query, "svc", Operator.Kind, semanticValue!);
-            query.ruleWhereStatement += $"rule_services: {{ service: {{svcgrp_flats: {{serviceBySvcgrpFlatMemberId: {{svc_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} }} ";
-            query.connectionWhereStatement += $"_or: [ {{ service_connections: {{service: {{name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }}, {{ service_group_connections: {{service_group: {{name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} ]";
+            query.ruleWhereStatement += $"rule_services: {{ service: {{ svcgrp_flats: {{ serviceBySvcgrpFlatMemberId: {{ svc_name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} }} ";
+            query.connectionWhereStatement += $"_or: [ {{ service_connections: {{ service: {{ name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }}, " +
+                $"{{ service_group_connections: {{service_group: {{ _or: [ {{ name: {{ {ExtractOperator()}: ${queryVarName} }} }}, " +
+                $"{{ service_service_groups: {{ service: {{ name: {{ {ExtractOperator()}: ${queryVarName} }} }} }} }} ] }} }} }} ]";
             return query;
         }
     }
diff --git a/roles/lib/files/FWO.Report/ReportConnections.cs b/roles/lib/files/FWO.Report/ReportConnections.cs
index 49be4f77c..3b98c1c81 100644
--- a/roles/lib/files/FWO.Report/ReportConnections.cs
+++ b/roles/lib/files/FWO.Report/ReportConnections.cs
@@ -135,7 +135,10 @@ private void AppendNetworkObjectsHtml(List<NetworkObject> networkObjects, ref St
         {
             report.AppendLine($"<h4>{userConfig.GetText("network_objects")}</h4>");
             report.AppendLine("<table>");
-            AppendNWObjHeadlineHtml(ref report);
+            if(networkObjects.Count > 0)
+            {
+                AppendNWObjHeadlineHtml(ref report);
+            }
             foreach (var nwObj in networkObjects)
             {
                 report.AppendLine("<tr>");
@@ -164,7 +167,10 @@ private void AppendNetworkServicesHtml(List<NetworkService> networkServices, ref
         {
             report.AppendLine($"<h4>{userConfig.GetText("network_services")}</h4>");
             report.AppendLine("<table>");
-            AppendNWSvcHeadlineHtml(ref report);
+            if(networkServices.Count > 0)
+            {
+                AppendNWSvcHeadlineHtml(ref report);
+            }
             foreach (var svc in networkServices)
             {
                 report.AppendLine("<tr>");
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index f740a18b3..540b7e6f0 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -127,7 +127,7 @@
                             break;
 
                         case ReportType.Connections:
-                            <ConnectionsReport AppHandler="appHandler" AllCommonServices="currentReport.ReportData.GlobalComSvc"/>
+                            <ConnectionsReport AppHandlers="appHandlers" AllCommonServices="currentReport.ReportData.GlobalComSvc"/>
                             break;
 
                         default:
@@ -136,18 +136,15 @@
                 }
             </div>
         </div>
-        @if (currentReport != null)
+        @if (currentReport != null && reportGenerationDuration != 0)
         {
-            if (reportGenerationDuration != 0)
+            if (reportGenerationDuration < 600)
             {
-                if (reportGenerationDuration < 600)
-                {
-                    <small>@(userConfig.GetText("report_duration")) @reportGenerationDuration.ToString("0.00") @(userConfig.GetText("seconds")).</small>
-                }
-                else
-                {
-                    <small> @(userConfig.GetText("report_duration")) @((reportGenerationDuration/60.0).ToString("0.00")) @(userConfig.GetText("minutes")).</small>
-                }
+                <small>@(userConfig.GetText("report_duration")) @reportGenerationDuration.ToString("0.00") @(userConfig.GetText("seconds")).</small>
+            }
+            else
+            {
+                <small> @(userConfig.GetText("report_duration")) @((reportGenerationDuration/60.0).ToString("0.00")) @(userConfig.GetText("minutes")).</small>
             }
         }
     </div>
@@ -158,7 +155,6 @@
         AllTabVisible="(tenantFilteringAllowed && actReportFilters.SelectedTenant == null)"
         SelectedReportType = "actReportFilters.ReportType"/>
     <AnchorNavToRSB @ref="anchorNavToRSB" TabSet="rsbTabset" />
-
 }
 
 @* ==== POPUPS ==== *@
@@ -179,14 +175,13 @@
     public string? AppId { get; set; }
 
     public double reportGenerationDuration;
-    DateTime startTime = DateTime.Now;
     private bool processing = false;
     private CancellationTokenSource tokenSource = new CancellationTokenSource();
 
     private List<Rule> selectedItemsRuleReportTable = new List<Rule>();
     private List<RuleChange> selectedItemsChangeReportTable = new List<RuleChange>();
 
-    private ModellingAppHandler? appHandler;
+    private List<ModellingAppHandler> appHandlers = new();
     List<int> relevantManagementIds = new ();
     
     private ReportFilters actReportFilters = new ();
@@ -285,6 +280,7 @@
         {
             currentReport.ReportData = new ();
         }
+        appHandlers = new();
         reportGenerationDuration = 0;
     }
 
@@ -320,12 +316,9 @@
         tokenSource = new CancellationTokenSource();
         var token = tokenSource.Token;
 
-        // clear selected rules
-        selectedItemsRuleReportTable.Clear();
-        selectedItemsChangeReportTable.Clear();
-
         // save original report for exception case
-        List<ManagementReport> managementsReportOrig = currentReport?.ReportData.ManagementData ?? new();
+        ReportData reportOrig = currentReport?.ReportData ?? new();
+
         try
         {
             if (actReportFilters.ReportType.IsDeviceRelatedReport() && !actReportFilters.DeviceFilter.isAnyDeviceFilterSet())
@@ -334,10 +327,7 @@
                 return;
             }
             processing = true;
-            startTime = DateTime.Now;
-
             await PrepareReportGeneration();
-            ResetReport(); // reset management data when switching between reports
 
             try
             {
@@ -371,18 +361,22 @@
 
             processing = false;
             PostProcess();
-            await InvokeAsync(StateHasChanged);
         }
         catch (Exception exception)
         {
             processing = false;
-            currentReport.ReportData.ManagementData = managementsReportOrig;
+            if(currentReport != null)
+            {
+                currentReport.ReportData = reportOrig;
+            }
             reportTemplateControl.Uncollapse();
             await InvokeAsync(StateHasChanged);
             DisplayMessageInUi(exception, userConfig.GetText("generate_report"), "", true);
         }
         watch.Stop();
         reportGenerationDuration = watch.ElapsedMilliseconds/1000.0;
+        await InvokeAsync(StateHasChanged);
+        Log.WriteDebug("Report Generation", $"Generation Time: {reportGenerationDuration} s.");
     }
 
     private async Task PrepareReportGeneration()
@@ -401,13 +395,20 @@
 
         currentReport = ReportBase.ConstructReport(ConstructReportTemplate(), userConfig);
 
+        // clear selected rules
+        selectedItemsRuleReportTable.Clear();
+        selectedItemsChangeReportTable.Clear();
+
         // save selected managements before resetting
         relevantManagementIds = actReportFilters.DeviceFilter.getSelectedManagements();
+
+         // reset report data when switching between reports
+        ResetReport();
     }
 
     private async Task GenerateConnectionsReport(CancellationToken token)
     {
-        foreach(var selectedOwner in actReportFilters.ModellingFilter.SelectedOwners.Where(o => o.Id > 0))
+        foreach(var selectedOwner in actReportFilters.ModellingFilter.SelectedOwners)
         {
             OwnerReport actOwnerData = new(){ Name = selectedOwner.Name };
             currentReport.ReportData.OwnerData.Add(actOwnerData);
@@ -425,11 +426,12 @@
 
     async Task PrepareReportData(FwoOwner selectedOwner, OwnerReport ownerData)
     {
-        appHandler = new (apiConnection, userConfig, selectedOwner, DisplayMessageInUi);
+        ModellingAppHandler appHandler = new (apiConnection, userConfig, selectedOwner, DisplayMessageInUi);
         await appHandler.Init(ownerData.Connections);
         ownerData.RegularConnections = appHandler.GetRegularConnections();
         ownerData.Interfaces = appHandler.GetInterfaces();
         ownerData.CommonServices = appHandler.GetCommonServices();
+        appHandlers.Add(appHandler);
     }
 
     private async Task GenerateStatisticsReport(CancellationToken token)
@@ -458,7 +460,9 @@
     {
         bool rulesFound = false;
         foreach (var managementReport in ManagementReports)
+        {
             foreach (var device in managementReport.Devices)
+            {
                 if (device.ContainsRules())
                 {
                     rulesFound = true;
@@ -467,6 +471,8 @@
                         rule.Metadata.UpdateRecertPeriods(userConfig.RecertificationPeriod, userConfig.RecertificationNoticePeriod);
                     }
                 }
+            }
+        }
         return rulesFound;
     }
 
@@ -485,9 +491,6 @@
                 DisplayMessageInUi(null, userConfig.GetText("generate_report"), userConfig.GetText("E4003"), true);
             }
         }
-        
-        Log.WriteDebug("Report Generation", $"Generation Time: {DateTime.Now - startTime}.");
-        rsbTabset?.SetActiveTab(1);
     }
 
     private void CancelGeneration()
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
index 84582e732..7ea61d938 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/ConnectionsReport.razor
@@ -5,32 +5,35 @@
 
 @inject UserConfig userConfig
 
-@if(AppHandler != null)
+@foreach(var appHandler in AppHandlers)
 {
-    <H5>@AppHandler.Application.Display(userConfig.GetText("common_service"))</H5>
+    <H5>@appHandler.Application.Display(userConfig.GetText("common_service"))</H5>
 
-    @if(AppHandler.GetRegularConnections().Count > 0)
+    @if(appHandler.GetRegularConnections().Count > 0)
     {
         <Collapse Title="@userConfig.GetText("connections")" Style="@("primary")" StartToggled="false">
-            <ConnectionTable Connections="@AppHandler.GetRegularConnections()" AppHandler="AppHandler" Readonly="true"/>
+            <ConnectionTable Connections="@appHandler.GetRegularConnections()" AppHandler="appHandler" Readonly="true"/>
         </Collapse>
     }
-    @if(AppHandler.GetInterfaces().Count > 0)
+    @if(appHandler.GetInterfaces().Count > 0)
     {
         <Collapse Title="@userConfig.GetText("interfaces")" Style="@("primary")" StartToggled="false">
-            <ConnectionTable Connections="@AppHandler.GetInterfaces()" AppHandler="AppHandler" Readonly="true"/>
+            <ConnectionTable Connections="@appHandler.GetInterfaces()" AppHandler="appHandler" Readonly="true"/>
         </Collapse>
     }
-    @if(AppHandler.GetCommonServices().Count > 0)
+    @if(appHandler.GetCommonServices().Count > 0)
     {
         <Collapse Title="@userConfig.GetText("own_common_services")" Style="@("primary")" StartToggled="false">
-            <ConnectionTable Connections="@AppHandler.GetCommonServices()" AppHandler="AppHandler" Readonly="true"/>
+            <ConnectionTable Connections="@appHandler.GetCommonServices()" AppHandler="appHandler" Readonly="true"/>
         </Collapse>
     }
+}
+@if(AppHandlers.Count > 0)
+{
     @if(AllCommonServices != null && AllCommonServices.Count > 0)
     {
         <Collapse Title="@userConfig.GetText("global_common_services")" Style="@("primary")" StartToggled="false">
-            <ConnectionTable Connections="@AllCommonServices" AppHandler="AppHandler" Readonly="true" ShowAppName="true"/>
+            <ConnectionTable Connections="@AllCommonServices" AppHandler="AppHandlers.First()" Readonly="true" ShowAppName="true"/>
         </Collapse>
     }
 }
@@ -38,7 +41,7 @@
 @code
 {
     [Parameter]
-    public ModellingAppHandler? AppHandler { get; set; } = null;
+    public List<ModellingAppHandler> AppHandlers { get; set; } = null;
 
     [Parameter]
     public List<ModellingConnection>? AllCommonServices { get; set; } = null;
diff --git a/roles/ui/files/FWO.UI/Shared/TabSet.razor b/roles/ui/files/FWO.UI/Shared/TabSet.razor
index 1027834a7..95e5ba520 100644
--- a/roles/ui/files/FWO.UI/Shared/TabSet.razor
+++ b/roles/ui/files/FWO.UI/Shared/TabSet.razor
@@ -48,11 +48,11 @@
 
     internal void AddTab(Tab tab, int pos = -1)
     {
-        if (ActiveTab == null)
+        Tabs.Insert(pos >= 0 && pos <= Tabs.Count ? pos : Tabs.Count, tab);
+        if (ActiveTab == null || Tabs.Count == 1)
         {
             SetActiveTab(tab);
         }
-        Tabs.Insert(pos >= 0 && pos <= Tabs.Count ? pos : Tabs.Count, tab);
         StateHasChanged();
     }
 
diff --git a/roles/ui/files/FWO.UI/wwwroot/css/site.css b/roles/ui/files/FWO.UI/wwwroot/css/site.css
index 952f1ab6d..eec40722f 100644
--- a/roles/ui/files/FWO.UI/wwwroot/css/site.css
+++ b/roles/ui/files/FWO.UI/wwwroot/css/site.css
@@ -284,8 +284,8 @@ h5 {
     height: 100%;
     width: 4px;
     background-color: black;
-    z-index: 20;
     border-style: double;
+    cursor: ew-resize;
 }
 
 .sidebar-min-max-button {

From 825c369921567e8aea604f8bd90e5399261735a2 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Sun, 24 Mar 2024 15:55:39 +0100
Subject: [PATCH 55/84] improve ip handling

---
 .../APIcalls/modelling/newAppServer.graphql   |   3 +-
 .../files/FWO.Api.Client/Data/DisplayBase.cs  | 134 +++++++++++-------
 .../FWO.Api.Client/Data/ModellingAppServer.cs |   9 +-
 .../FWO.Middleware.Server/AppDataImport.cs    |   4 +-
 roles/test/files/FWO.Test/DisplayBaseTest.cs  |  68 +++++++++
 .../Services/ModellingAppServerHandler.cs     |   3 +-
 6 files changed, 164 insertions(+), 57 deletions(-)
 create mode 100644 roles/test/files/FWO.Test/DisplayBaseTest.cs

diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAppServer.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAppServer.graphql
index bc4eae35a..8a2bf3edf 100644
--- a/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAppServer.graphql
+++ b/roles/lib/files/FWO.Api.Client/APIcalls/modelling/newAppServer.graphql
@@ -2,13 +2,14 @@ mutation newAppServer(
   $name: String
   $appId: Int
   $ip: cidr
+  $ipEnd: cidr
   $importSource: String
   ) {
   insert_owner_network(objects: {
     name: $name
     owner_id: $appId
     ip: $ip
-    ip_end: $ip
+    ip_end: $ipEnd
     import_source: $importSource
     is_deleted: false
     nw_type: 10
diff --git a/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs b/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
index 17307b5d0..7a1356b0b 100644
--- a/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
@@ -2,7 +2,6 @@
 using NetTools;
 using FWO.Logging;
 using System.Net;
-using System.Text.RegularExpressions;
 
 namespace FWO.Api.Data
 {
@@ -10,14 +9,21 @@ public static class DisplayBase
     {
         public static StringBuilder DisplayService(NetworkService service, bool isTechReport, string? serviceName = null)
         {
-            StringBuilder result = new StringBuilder();
+            StringBuilder result = new ();
             string ports = service.DestinationPortEnd == null || service.DestinationPortEnd == 0 || service.DestinationPort == service.DestinationPortEnd ?
                 $"{service.DestinationPort}" : $"{service.DestinationPort}-{service.DestinationPortEnd}";
             if (isTechReport)
             {
                 if (service.DestinationPort == null)
                 {
-                    result.Append($"{service.Name}");
+                    if (service.Protocol?.Name != null)
+                    {
+                        result.Append($"{service.Protocol?.Name}");
+                    }
+                    else
+                    {
+                        result.Append($"{service.Name}");
+                    }
                 }
                 else
                 {
@@ -41,18 +47,21 @@ public static StringBuilder DisplayService(NetworkService service, bool isTechRe
 
         public static string DisplayIpWithName(NetworkObject elem)
         {
-            string ip = DisplayIp(elem.IP, elem.IpEnd);
             if(elem.Name != null && elem.Name != "")
             {
-                return elem.Name + " (" + ip + ")";
+                return elem.Name + DisplayIp(elem.IP, elem.IpEnd, true);
             }
-            return ip;
+            return DisplayIp(elem.IP, elem.IpEnd);
         }
 
         public static string DisplayIp(string ip1, string ip2, bool inBrackets = false)
         {
             try
             {
+                if (ip2 == "")
+                {
+                    ip2 = ip1;
+                }
                 string nwObjType = AutoDetectType(ip1, ip2);
                 return DisplayIp(ip1, ip2, nwObjType, inBrackets);
             }
@@ -66,72 +75,88 @@ public static string DisplayIp(string ip1, string ip2, bool inBrackets = false)
         public static string DisplayIp(string ip1, string ip2, string nwObjType, bool inBrackets = false)
         {
             string result = "";
-            IPAddressRange IpRange;
-            string IpStart;
-            string IpEnd;
             if (nwObjType != ObjectType.Group)
             {
-                if (ip2 == null)
+                if (!IsV4Address(ip1) && !IsV6Address(ip1))
+                {
+                    Log.WriteError("Ip displaying", $"Found undefined IP family: {ip1} - {ip2}");
+                }
+                else if (IsV4Address(ip1) == IsV6Address(ip2))
                 {
-                    Log.WriteError("Ip displaying", $"Found undefined IpEnd {ip2}");
+                    Log.WriteError("Ip displaying", $"Found mixed IP family: {ip1} - {ip2}");
                 }
                 else
                 {
-                    if (!isV4Address(ip1) && !isV6Address(ip1))
+                    if (ip2 == "")
                     {
-                        Log.WriteError("Ip displaying", $"Found undefined IP family: {ip1} - {ip2}");
+                        ip2 = ip1;
                     }
-                    else
-                    {
-                        if (isV4Address(ip1))
-                        {
-                            IpStart = ip1.Replace("/32", "");
-                            IpEnd = ip2.Replace("/32", "");
-                        }
-                        else
-                        {
-                            IpStart = ip1.Replace("/128", "");
-                            IpEnd = ip2.Replace("/128", "");
-                        }
+                    string IpStart = StripOffUnnecessaryNetmask(ip1);
+                    string IpEnd = StripOffUnnecessaryNetmask(ip2);
 
-                        try
+                    try
+                    {
+                        result = inBrackets ? " (" : "";
+                        if (nwObjType == ObjectType.Network)
                         {
-                            IpRange = new IPAddressRange(IPAddress.Parse(IpStart), IPAddress.Parse(IpEnd));
-                            if (IpRange != null)
+                            if(GetNetmask(IpStart) == "")
                             {
-                                result = inBrackets ? " (" : "";
-                                if (nwObjType == ObjectType.Network)
-                                {
-                                    result += IpRange.ToCidrString();
-                                }
-                                else
+                                IPAddressRange ipRange = new (IPAddress.Parse(IpStart), IPAddress.Parse(IpEnd));
+                                if (ipRange != null)
                                 {
-                                    result += IpStart;
-                                    if (nwObjType.Contains(ObjectType.IPRange))
-                                    {
-                                        result += $"-{IpEnd}";
-                                    }
+                                    result += ipRange.ToCidrString();
                                 }
-                                result += inBrackets ? ")" : "";
+                            }
+                            else
+                            {
+                                result += IpStart;
                             }
                         }
-                        catch (Exception exc)
+                        else
                         {
-                            Log.WriteError("Ip displaying", $"Wrong ip format {IpStart} - {IpEnd}\nMessage: {exc.Message}");
+                            result += IpStart;
+                            if (nwObjType == ObjectType.IPRange)
+                            {
+                                result += $"-{IpEnd}";
+                            }
                         }
+                        result += inBrackets ? ")" : "";
+                    }
+                    catch (Exception exc)
+                    {
+                        Log.WriteError("Ip displaying", $"Wrong ip format {IpStart} - {IpEnd}\nMessage: {exc.Message}");
                     }
                 }
             }
             return result;
         }
 
+        public static string GetNetmask(string ip)
+        {
+            int pos = ip.LastIndexOf("/");
+            if (pos > -1 && ip.Length > pos + 1)
+            {
+                return ip[(pos + 1)..];
+            }
+            return "";
+        }
+
         private static string StripOffNetmask(string ip)
         {
-            Match match = Regex.Match(ip, @"^([\d\.\:]+)\/");
-            if (match.Success)
+            int pos = ip.LastIndexOf("/");
+            if (pos > -1 && ip.Length > pos + 1)
+            {
+                return ip[..pos];
+            }
+            return ip;
+        }
+
+        private static string StripOffUnnecessaryNetmask(string ip)
+        {
+            string netmask = GetNetmask(ip);
+            if (IsV4Address(ip) && netmask == "32" || IsV6Address(ip) && netmask == "128")
             {
-                string matchedString = match.Value;
-                return matchedString.Remove( matchedString.Length - 1 );
+                return StripOffNetmask(ip);
             }
             return ip;
         }
@@ -152,10 +177,17 @@ private static bool SpanSingleNetwork(string ipInStart, string ipInEnd)
             return true;
         }
 
-        private static string AutoDetectType(string ip1, string ip2)
+        public static string AutoDetectType(string ip1, string ip2)
         {
+            ip1 = StripOffUnnecessaryNetmask(ip1);
+            ip2 = StripOffUnnecessaryNetmask(ip2);
             if (ip1 == ip2)
             {
+                string netmask = GetNetmask(ip1);
+                if(netmask != "")
+                {
+                    return ObjectType.Network;
+                }
                 return ObjectType.Host;
             }
             if (SpanSingleNetwork(ip1, ip2))
@@ -165,14 +197,14 @@ private static string AutoDetectType(string ip1, string ip2)
             return ObjectType.IPRange;
         }
 
-        private static bool isV6Address(string ip)
+        private static bool IsV6Address(string ip)
         {
-            return ip.Contains(":");
+            return ip.Contains(':');
         }
 
-        private static bool isV4Address(string ip)
+        private static bool IsV4Address(string ip)
         {
-            return ip.Contains(".");
+            return ip.Contains('.');
         }
     }
 }
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
index 13e846dd6..5fa878125 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppServer.cs
@@ -8,6 +8,9 @@ public class ModellingAppServer : ModellingNwObject
         [JsonProperty("ip"), JsonPropertyName("ip")]
         public string Ip { get; set; } = "";
 
+        [JsonProperty("ip_end"), JsonPropertyName("ip_end")]
+        public string IpEnd { get; set; } = "";
+
         [JsonProperty("import_source"), JsonPropertyName("import_source")]
         public string ImportSource { get; set; } = "";
 
@@ -34,6 +37,7 @@ public override bool Sanitize()
         {
             bool shortened = base.Sanitize();
             Ip = Sanitizer.SanitizeCidrMand(Ip, ref shortened);
+            IpEnd = Sanitizer.SanitizeCidrMand(IpEnd, ref shortened);
             ImportSource = Sanitizer.SanitizeMand(ImportSource, ref shortened);
             return shortened;
         }
@@ -46,7 +50,7 @@ public static NetworkObject ToNetworkObject(ModellingAppServer appServer)
                 Number = appServer.Number,
                 Name = appServer.Name,
                 IP = appServer.Ip,
-                IpEnd = appServer.Ip
+                IpEnd = appServer.IpEnd
             };
         }
 
@@ -61,6 +65,7 @@ public ModellingAppServer(ModellingAppServer appServer)
             Name = appServer.Name;
             IsDeleted = appServer.IsDeleted;
             Ip = appServer.Ip;
+            IpEnd = appServer.IpEnd;
             ImportSource = appServer.ImportSource;
             InUse = appServer.InUse;
         }
@@ -70,7 +75,7 @@ public override bool Equals(object? obj)
             return obj switch
             {
                 ModellingAppServer apps => Id == apps.Id && AppId == apps.AppId && Name == apps.Name && IsDeleted == apps.IsDeleted
-                    && Ip == apps.Ip && ImportSource == apps.ImportSource && InUse == apps.InUse,
+                    && Ip == apps.Ip && IpEnd == apps.IpEnd && ImportSource == apps.ImportSource && InUse == apps.InUse,
                 _ => base.Equals(obj),
             };
         }
diff --git a/roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs b/roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs
index d0cba9cbf..0dbb859b8 100644
--- a/roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs
@@ -352,8 +352,8 @@ private async Task<bool> NewAppServer(ModellingImportAppServer incomingAppServer
                 {
                     name = incomingAppServer.Name,
                     appId = appID,
-                    ip = IpAsCidr(incomingAppServer.Ip),  // todo ?
-                    // subnet = incomingAppServer.Subnet,
+                    ip = IpAsCidr(incomingAppServer.Ip),
+                    ipEnd = incomingAppServer.IpEnd != "" ? IpAsCidr(incomingAppServer.IpEnd) : IpAsCidr(incomingAppServer.Ip),
                     importSource = impSource
                 };
                 await apiConnection.SendQueryAsync<NewReturning>(Api.Client.Queries.ModellingQueries.newAppServer, Variables);
diff --git a/roles/test/files/FWO.Test/DisplayBaseTest.cs b/roles/test/files/FWO.Test/DisplayBaseTest.cs
new file mode 100644
index 000000000..a9509f427
--- /dev/null
+++ b/roles/test/files/FWO.Test/DisplayBaseTest.cs
@@ -0,0 +1,68 @@
+using NUnit.Framework;
+using FWO.Api.Data;
+
+namespace FWO.Test
+{
+    [TestFixture]
+    [Parallelizable]
+    internal class DisplayBaseTest
+    {
+
+        static readonly string ip1 = "1.0.0.0";
+        static readonly string ip2 = "1.0.0.0/32";
+        static readonly string ip3 = "1.0.0.3/32";
+        static readonly string ip4 = "1.0.1.3/32";
+        static readonly string ip5 = "1.0.0.0/24";
+        static readonly string ip6 = "1.0.0.0/31";
+        static readonly string ip7 = "1.0.0.2/31";
+
+        static readonly string ip11 = ":a:";
+        static readonly string ip12 = ":a:/128";
+        static readonly string ip13 = ":a:/111";
+
+        static readonly NetworkService serv1 = new(){ Name = "Serv1", DestinationPort = 1000, Protocol = new(){ Name="TCP" }};
+        static readonly NetworkService serv2 = new(){ Name = "Serv2", DestinationPort = 1000, DestinationPortEnd = 2000, Protocol = new(){ Name="UDP" }};
+        static readonly NetworkService serv3 = new(){ Name = "Serv3", Protocol = new(){ Name="ESP" }};
+
+        [SetUp]
+        public void Initialize()
+        {}
+
+        [Test]
+        public void TestGetNetmask()
+        {
+            Assert.AreEqual("", DisplayBase.GetNetmask(ip1));
+            Assert.AreEqual("32", DisplayBase.GetNetmask(ip2));
+            Assert.AreEqual("24", DisplayBase.GetNetmask(ip5));
+            Assert.AreEqual("", DisplayBase.GetNetmask(ip11));
+            Assert.AreEqual("111", DisplayBase.GetNetmask(ip13));
+        }
+
+        [Test]
+        public void TestAutoDetectType()
+        {
+            Assert.AreEqual(ObjectType.Host, DisplayBase.AutoDetectType(ip1, ip1));
+            Assert.AreEqual(ObjectType.Host, DisplayBase.AutoDetectType(ip1, ip2));
+            Assert.AreEqual(ObjectType.Network, DisplayBase.AutoDetectType(ip2, ip3));
+            Assert.AreEqual(ObjectType.IPRange, DisplayBase.AutoDetectType(ip2, ip4));
+            Assert.AreEqual(ObjectType.Network, DisplayBase.AutoDetectType(ip5, ip5));
+            // Assert.AreEqual(ObjectType.Network, DisplayBase.AutoDetectType(ip6, ip7)); // should detect this?
+            Assert.AreEqual(ObjectType.IPRange, DisplayBase.AutoDetectType(ip6, ip7));
+
+            Assert.AreEqual(ObjectType.Host, DisplayBase.AutoDetectType(ip11, ip11));
+            Assert.AreEqual(ObjectType.Host, DisplayBase.AutoDetectType(ip11, ip12));
+            Assert.AreEqual(ObjectType.Network, DisplayBase.AutoDetectType(ip13, ip13));
+        }
+
+        [Test]
+        public void TestDisplayService()
+        {
+            Assert.AreEqual("Serv1 (1000/TCP)", DisplayBase.DisplayService(serv1, false).ToString());
+            Assert.AreEqual("Serv2 (1000-2000/UDP)", DisplayBase.DisplayService(serv2, false).ToString());
+            Assert.AreEqual("Serv3 (ESP)", DisplayBase.DisplayService(serv3, false).ToString());
+            Assert.AreEqual("NewName (1000/TCP)", DisplayBase.DisplayService(serv1, false, "NewName").ToString());
+            Assert.AreEqual("1000-2000/UDP", DisplayBase.DisplayService(serv2, true).ToString());
+            Assert.AreEqual("ESP", DisplayBase.DisplayService(serv3, true).ToString());
+        }
+    }
+}
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
index 47aa0d072..2b6fe4e16 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
@@ -91,7 +91,8 @@ private async Task<bool> AddAppServerToDb()
                 {
                     name = ActAppServer.Name,
                     appId = Application.Id,
-                    ip = IPAddressRange.Parse(ActAppServer.Ip).ToCidrString(),   // todo ?
+                    ip = IPAddressRange.Parse(ActAppServer.Ip).ToCidrString(),
+                    ipEnd = ActAppServer.IpEnd != "" ? IPAddressRange.Parse(ActAppServer.IpEnd).ToCidrString() : IPAddressRange.Parse(ActAppServer.Ip).ToCidrString(),
                     importSource = GlobalConst.kManual  // todo
                 };
                 ReturnId[]? returnIds = (await apiConnection.SendQueryAsync<NewReturning>(ModellingQueries.newAppServer, Variables)).ReturnIds;

From 41794616a38567f2e6d3452e4e20cbb3953a3838 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Mon, 25 Mar 2024 09:07:32 +0100
Subject: [PATCH 56/84] manage common area use

---
 .../files/sql/idempotent/fworch-texts.sql     |  8 ++-
 .../files/FWO.Config.Api/Data/CommonArea.cs   | 32 ++++++++++++
 .../NetworkModelling/SearchNwObject.razor     | 13 +++--
 .../Pages/Settings/SettingsModelling.razor    | 51 ++++++++++++++-----
 roles/ui/files/FWO.UI/Services/DefaultInit.cs |  1 +
 .../Services/ModellingConnectionHandler.cs    | 16 +++---
 6 files changed, 96 insertions(+), 25 deletions(-)
 create mode 100644 roles/lib/files/FWO.Config.Api/Data/CommonArea.cs

diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index c540fe21d..fea67e90d 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -1808,6 +1808,10 @@ INSERT INTO txt VALUES ('modelling_settings',   'German', 	'Modellierungseinstel
 INSERT INTO txt VALUES ('modelling_settings',   'English', 	'Modelling Settings');
 INSERT INTO txt VALUES ('modIconify',           'German', 	'Nutzung von Piktogrammen');
 INSERT INTO txt VALUES ('modIconify',           'English', 	'Prefer use of Icons');
+INSERT INTO txt VALUES ('use_in_src',           'German', 	'in Quelle');
+INSERT INTO txt VALUES ('use_in_src',           'English', 	'in Source');
+INSERT INTO txt VALUES ('use_in_dst',           'German', 	'in Ziel');
+INSERT INTO txt VALUES ('use_in_dst',           'English', 	'in Destination');
 
 -- monitoring
 INSERT INTO txt VALUES ('open_alerts',          'German', 	'Offene Alarme');
@@ -4441,9 +4445,11 @@ INSERT INTO txt VALUES ('H5619', 'German',  'Eigent&uuml;mernamen verwenden: Der
 INSERT INTO txt VALUES ('H5619', 'English', 'Use Owner Name: The name of the owner is used in the middle part of the naming convention for App Roles.');
 INSERT INTO txt VALUES ('H5620', 'German',  'Gemeinsame Netzwerkareas: Vom Administrator vorgegebene Netzwerkareas, welche von allen Verbindungen genutzt werden d&uuml;rfen.
     Sie sind in der Bibliothek immer sichtbar und stehen dann nicht mehr in der Liste der auszuw&auml;hlenden Areas f&uuml;r Common Services.
+    Die beiden Auswahlfelder "in Quelle" und "in Ziel" legen fest, wo die Netzwerkarea genutzt werden darf.
 ');
 INSERT INTO txt VALUES ('H5620', 'English', 'Common Network Areas: Network areas defined by the administrator, which are permitted to be used by all connections.
-    They are visible in the object library and are not offered in the list of available areas for Common Services. 
+    They are visible in the object library and are not offered in the list of available areas for Common Services.
+    The flags "in Source" and "in Destination" determine, where the Common Network Area are allowed to be used.
 ');
 INSERT INTO txt VALUES ('H5621', 'German',  'Ein Modellierer kann einige pers&ouml;nliche Voreinstellungen f&uuml;r die Darstellung der Modellierung &uuml;berschreiben.
     Ausgangswert ist der vom Admin in den <a href="/help/settings/modelling">Modellierungseinstellungen</a> gesetzte Wert.
diff --git a/roles/lib/files/FWO.Config.Api/Data/CommonArea.cs b/roles/lib/files/FWO.Config.Api/Data/CommonArea.cs
new file mode 100644
index 000000000..37e7983c0
--- /dev/null
+++ b/roles/lib/files/FWO.Config.Api/Data/CommonArea.cs
@@ -0,0 +1,32 @@
+using Newtonsoft.Json;
+using System.Text.Json.Serialization;
+using FWO.Api.Data;
+
+namespace FWO.Config.Api.Data
+{
+    public class CommonAreaConfig
+    {
+        [JsonProperty("area_id"), JsonPropertyName("area_id")]
+        public long AreaId { get; set; } = 0;
+
+        [JsonProperty("use_in_src"), JsonPropertyName("use_in_src")]
+        public bool UseInSrc { get; set; } = true;
+
+        [JsonProperty("use_in_dst"), JsonPropertyName("use_in_dst")]
+        public bool UseInDst { get; set; } = true;
+    }
+
+    public class CommonArea
+    {
+        public ModellingNwGroupWrapper Area { get; set; } = new();
+
+        public bool UseInSrc { get; set; } = true;
+
+        public bool UseInDst { get; set; } = true;
+
+        public CommonAreaConfig ToConfigItem()
+        {
+            return new(){ AreaId = Area.Content.Id, UseInSrc = UseInSrc, UseInDst = UseInDst};
+        }
+    }
+}
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor
index 2f981f125..17c49c102 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/SearchNwObject.razor
@@ -1,4 +1,5 @@
 @using FWO.Config.Api
+@using FWO.Config.Api.Data
 @using System.Text.Json
 
 @attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.Modeller}")]
@@ -33,7 +34,7 @@
                 <div class="form-group row col-sm-12">
                     <label class="col-sm-4 col-form-label col-form-label-sm">@(userConfig.GetText("network_objects")):</label>
                     <div class="col-sm-8">
-                        <Dropdown ElementType="ModellingNwGroup" @bind-SelectedElement="selectedObject" ElementToString="@(o => o.Display())" Elements="nwObjects" Nullable="true">
+                        <Dropdown ElementType="ModellingNwGroup" @bind-SelectedElement="selectedObject" ElementToString="@(o => o.Display())" Elements="remainingNwObjects" Nullable="true">
                             <ElementTemplate Context="obj">
                                 @((MarkupString)obj.DisplayHtml())
                             </ElementTemplate>
@@ -85,6 +86,9 @@
     [Parameter]
     public Func<bool> Refresh { get; set; } = DefaultInit.DoNothingSync;
 
+    [Parameter]
+    public Func<ModellingNwGroup, bool> Add { get; set; } = DefaultInit.DoNothingSync;
+
     [Parameter]
     public bool CommonAreaMode { get; set; } = false;
 
@@ -93,7 +97,7 @@
     private ModellingTypes.ModObjectType selectedType = ModellingTypes.ModObjectType.NetworkArea;
     private bool singleType = false;
     private bool typeSelected = false;
-    private List<ModellingNwGroup> nwObjects = new();
+    private List<ModellingNwGroup> remainingNwObjects = new();
     private ModellingNwGroup? selectedObject;
     private bool FirstTry = true;
 
@@ -128,10 +132,10 @@
             List<ModellingNwGroup> allNwObjects = await apiConnection.SendQueryAsync<List<ModellingNwGroup>>(FWO.Api.Client.Queries.ModellingQueries.getNwGroupObjects, Variables);
             if(userConfig.ModCommonAreas != "")
             {
-                List<long> commonAreaIds = JsonSerializer.Deserialize<List<long>>(userConfig.ModCommonAreas) ?? new();
+                List<long> commonAreaIds = JsonSerializer.Deserialize<List<CommonAreaConfig>>(userConfig.ModCommonAreas)?.ConvertAll(x => x.AreaId) ?? new();
                 allNwObjects = allNwObjects.Where(o => !commonAreaIds.Contains(o.Id)).ToList();
             }
-            nwObjects = allNwObjects.Where(o => ObjectList.FirstOrDefault(sel => sel.Content.Id == o.Id) == null).ToList();
+            remainingNwObjects = allNwObjects.Where(o => ObjectList.FirstOrDefault(sel => sel.Content.Id == o.Id) == null).ToList();
             typeSelected = true;
         }
         catch (Exception exception)
@@ -157,6 +161,7 @@
                 }
                 ObjectList.Add(new ModellingNwGroupWrapper(){ Content = selectedObject ?? throw new Exception("No Object selected.") });
                 await ObjectListChanged.InvokeAsync(ObjectList);
+                Add(selectedObject);
                 Refresh();
                 Close();
             }
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
index 016467f77..2296dc7c7 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
@@ -59,10 +59,22 @@
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5620"))">
             <label class="col-form-label col-sm-4">@userConfig.GetText("common_areas"):</label>
             <div class="col-sm-6">
-                <EditList ElementType="ModellingNwGroupWrapper" Elements="commonAreas.ToArray()" ElementsToAdd="AreasToAdd" ElementsToDelete="AreasToDelete" StdLayout="false">
+                <EditList ElementType="CommonArea" Elements="commonAreas.ToArray()" ElementsToDelete="AreasToDelete" StdLayout="false">
                     <Display>
                         <div class="row">
-                            <div class="col-sm-12 border bg-transparent">@((MarkupString)context.Content.DisplayHtml())</div>
+                            <div class="col-sm-4 border bg-transparent">@((MarkupString)context.Area.Content.DisplayHtml())</div>
+                            <div class="col-sm-4">
+                                <label class="col-form-label col-sm-10">@(userConfig.GetText("use_in_src")):</label>
+                                <div class="col-sm-1">
+                                    <input type="checkbox" class="w-100" @bind="context.UseInSrc">
+                                </div>
+                            </div>
+                            <div class="col-sm-4">
+                                <label class="col-form-label col-sm-10">@(userConfig.GetText("use_in_dst")):</label>
+                                <div class="col-sm-1">
+                                    <input type="checkbox" class="w-100" @bind="context.UseInDst">
+                                </div>
+                            </div>
                         </div>
                     </Display>
                 </EditList>
@@ -163,7 +175,7 @@ else
     </div>
 }
 <PredefServices @bind-Display="predefServices"/>
-<SearchNwObject @bind-Display="searchArea" @bind-ObjectList="commonAreas" CommonAreaMode="true"/>
+<SearchNwObject @bind-Display="searchArea" ObjectList="pureAreaList" Add="AddArea" CommonAreaMode="true"/>
 
 
 @code
@@ -177,10 +189,10 @@ else
     private List<string> PathsToDelete = new();
     private string actPath = "";
     private List<ModellingNwGroup> allAreas = new();
-    private List<long> commonAreaIds = new();
-    private List<ModellingNwGroupWrapper> commonAreas = new();
-    private List<ModellingNwGroupWrapper> AreasToAdd = new();
-    private List<ModellingNwGroupWrapper> AreasToDelete = new();
+    private List<ModellingNwGroupWrapper> pureAreaList = new();
+    private List<CommonAreaConfig> commAreaConfigItems = new();
+    private List<CommonArea> commonAreas = new();
+    private List<CommonArea> AreasToDelete = new();
     private bool predefServices = false;
     private bool searchArea = false;
     private ModellingNamingConvention namingConvention = new();
@@ -206,17 +218,24 @@ else
     {
         if(configData.ModCommonAreas != "")
         {
-            commonAreaIds = JsonSerializer.Deserialize<List<long>>(configData.ModCommonAreas) ?? new();
+            commAreaConfigItems = JsonSerializer.Deserialize<List<CommonAreaConfig>>(configData.ModCommonAreas) ?? new();
         }
         commonAreas = new();
-        foreach(var areaId in commonAreaIds)
+        foreach(var areaInfo in commAreaConfigItems)
         {
-            ModellingNwGroup? area = allAreas.FirstOrDefault(a => a.Id == areaId);
+            ModellingNwGroup? area = allAreas.FirstOrDefault(a => a.Id == areaInfo.AreaId);
             if(area != null)
             {
-                commonAreas.Add(new () { Content = area });
+                commonAreas.Add(new () { Area = new() {Content = area}, UseInSrc = areaInfo.UseInSrc, UseInDst = areaInfo.UseInDst });
             }
         }
+        pureAreaList = commonAreas.ConvertAll(x => x.Area);
+    }
+
+    public bool AddArea(ModellingNwGroup area)
+    {
+        commonAreas.Add(new () { Area = new() {Content = area} });
+        return true;
     }
 
     private void AddPath()
@@ -254,12 +273,16 @@ else
                 }
                 configData.ImportAppDataPath = JsonSerializer.Serialize(appDataPaths);
                 configData.ModNamingConvention = JsonSerializer.Serialize(namingConvention);
-                commonAreaIds = commonAreas.ConvertAll(x => x.Content.Id);
+                commAreaConfigItems = commonAreas.ConvertAll(x => x.ToConfigItem());
                 foreach(var area in AreasToDelete)
                 {
-                    commonAreaIds.Remove(area.Content.Id);
+                    CommonAreaConfig? existingItem = commAreaConfigItems.FirstOrDefault(x => x.AreaId == area.Area.Content.Id);
+                    if (existingItem != null)
+                    {
+                        commAreaConfigItems.Remove(existingItem);
+                    }
                 }
-                configData.ModCommonAreas = JsonSerializer.Serialize(commonAreaIds);
+                configData.ModCommonAreas = JsonSerializer.Serialize(commAreaConfigItems);
                 await globalConfig.WriteToDatabase(configData, apiConnection);
                 PathsToDelete = new();
                 PathsToAdd = new();
diff --git a/roles/ui/files/FWO.UI/Services/DefaultInit.cs b/roles/ui/files/FWO.UI/Services/DefaultInit.cs
index 747d066e1..1917c68ef 100644
--- a/roles/ui/files/FWO.UI/Services/DefaultInit.cs
+++ b/roles/ui/files/FWO.UI/Services/DefaultInit.cs
@@ -14,5 +14,6 @@ public static void DoNothing(Exception? e, string t, string m, bool E) {}
 
 
         public static bool DoNothingSync() { return false; }
+        public static bool DoNothingSync(ModellingNwGroup _) { return false; }
     }
 }
diff --git a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
index bd8a9e390..e3cbe9d2f 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
@@ -1,4 +1,5 @@
 using FWO.Config.Api;
+using FWO.Config.Api.Data;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
@@ -16,6 +17,7 @@ public class ModellingConnectionHandler : ModellingHandlerBase
         public List<ModellingAppRole> AvailableAppRoles { get; set; } = new();
         public List<ModellingNwGroupWrapper> AvailableSelectedObjects { get; set; } = new();
         public List<ModellingNwGroupWrapper> AvailableCommonAreas { get; set; } = new();
+        public List<CommonAreaConfig> CommonAreaConfigItems { get; set; } = new();
         public List<KeyValuePair<int, long>> AvailableNwElems { get; set; } = new();
         public List<ModellingServiceGroup> AvailableServiceGroups { get; set; } = new();
         public List<ModellingService> AvailableServices { get; set; } = new();
@@ -111,15 +113,15 @@ public async Task InitAvailableNWObjects()
                 AvailableAppRoles = await apiConnection.SendQueryAsync<List<ModellingAppRole>>(ModellingQueries.getAppRoles, new { appId = Application.Id });
 
                 List<ModellingNwGroup> allAreas = await apiConnection.SendQueryAsync<List<ModellingNwGroup>>(ModellingQueries.getNwGroupObjects, new { grpType = (int)ModellingTypes.ModObjectType.NetworkArea });
-                List<long> commonAreaIds = new();
+                CommonAreaConfigItems = new();
                 if(userConfig.ModCommonAreas != "")
                 {
-                    commonAreaIds = JsonSerializer.Deserialize<List<long>>(userConfig.ModCommonAreas) ?? new();
+                    CommonAreaConfigItems = JsonSerializer.Deserialize<List<CommonAreaConfig>>(userConfig.ModCommonAreas) ?? new();
                 }
                 AvailableCommonAreas = new();
-                foreach(var areaId in commonAreaIds)
+                foreach(var comAreaConfig in CommonAreaConfigItems)
                 {
-                    ModellingNwGroup? area = allAreas.FirstOrDefault(a => a.Id == areaId);
+                    ModellingNwGroup? area = allAreas.FirstOrDefault(a => a.Id == comAreaConfig.AreaId);
                     if(area != null)
                     {
                         AvailableCommonAreas.Add(new () { Content = area });
@@ -349,7 +351,8 @@ public void NwGroupToSource(List<ModellingNwGroup> nwGroups)
             {
                 foreach(var nwGroup in nwGroups)
                 {
-                    if(ActConn.SourceNwGroups.FirstOrDefault(w => w.Content.Id == nwGroup.Id) == null && !SrcNwGroupsToAdd.Contains(nwGroup))
+                    if(ActConn.SourceNwGroups.FirstOrDefault(w => w.Content.Id == nwGroup.Id) == null && !SrcNwGroupsToAdd.Contains(nwGroup) &&
+                        (CommonAreaConfigItems.FirstOrDefault(x => x.AreaId == nwGroup.Id)?.UseInSrc ?? true))
                     {
                         SrcNwGroupsToAdd.Add(nwGroup);
                     }
@@ -364,7 +367,8 @@ public void NwGroupToDestination(List<ModellingNwGroup> nwGroups)
             {
                 foreach(var nwGroup in nwGroups)
                 {
-                    if(ActConn.DestinationNwGroups.FirstOrDefault(w => w.Content.Id == nwGroup.Id) == null && !DstNwGroupsToAdd.Contains(nwGroup))
+                    if(ActConn.DestinationNwGroups.FirstOrDefault(w => w.Content.Id == nwGroup.Id) == null && !DstNwGroupsToAdd.Contains(nwGroup) &&
+                        (CommonAreaConfigItems.FirstOrDefault(x => x.AreaId == nwGroup.Id)?.UseInDst ?? true))
                     {
                         DstNwGroupsToAdd.Add(nwGroup);
                     }

From fcef842b9262207b933fdb82622435415d3c35e4 Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Mon, 25 Mar 2024 10:01:23 +0100
Subject: [PATCH 57/84] layout adjustment

---
 .../Pages/Settings/SettingsModelling.razor    | 30 +++++++++++--------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
index 2296dc7c7..6d9cb3c6f 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
@@ -24,13 +24,13 @@
         @onclick="PredefServices">@(userConfig.GetText("predef_services"))</button>
     <form onsubmit="return false">
         <div class="form-group row mt-2">
-            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5603"))">
+            <div class="row col-sm-4 align-items-center" data-toggle="tooltip" title="@(userConfig.PureLine("H5603"))">
                 <label class="col-form-label col-sm-8">@(userConfig.GetText("allowServerInConn")):</label>
                 <div class="col-sm-2">
                     <input type="checkbox" class="w-100" @bind="configData!.AllowServerInConn">
                 </div>
             </div>
-            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5604"))">
+            <div class="row col-sm-4 align-items-center" data-toggle="tooltip" title="@(userConfig.PureLine("H5604"))">
                 <label class="col-form-label col-sm-8">@(userConfig.GetText("allowServiceInConn")):</label>
                 <div class="col-sm-2">
                     <input type="checkbox" class="w-100" @bind="configData!.AllowServiceInConn">
@@ -42,13 +42,13 @@
                 <label class="col-form-label col-sm-8">@(userConfig.GetText("overviewDisplayLines"))*:</label>
                 <input type="number" min="0" class="col-sm-3" @bind="configData!.OverviewDisplayLines" />
             </div>
-            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5618"))">
+            <div class="row col-sm-4 align-items-center" data-toggle="tooltip" title="@(userConfig.PureLine("H5618"))">
                 <label class="col-form-label col-sm-8">@(userConfig.GetText("modIconify"))*:</label>
                 <div class="col-sm-2">
                     <input type="checkbox" class="w-100" @bind="configData!.ModIconify">
                 </div>
             </div>
-            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5617"))">
+            <div class="row col-sm-4 align-items-center" data-toggle="tooltip" title="@(userConfig.PureLine("H5617"))">
                 <label class="col-form-label col-sm-8">@(userConfig.GetText("reducedProtocolSet")):</label>
                 <div class="col-sm-2">
                     <input type="checkbox" class="w-100" @bind="configData!.ReducedProtocolSet">
@@ -61,18 +61,22 @@
             <div class="col-sm-6">
                 <EditList ElementType="CommonArea" Elements="commonAreas.ToArray()" ElementsToDelete="AreasToDelete" StdLayout="false">
                     <Display>
-                        <div class="row">
+                        <div class="row align-items-center">
                             <div class="col-sm-4 border bg-transparent">@((MarkupString)context.Area.Content.DisplayHtml())</div>
                             <div class="col-sm-4">
-                                <label class="col-form-label col-sm-10">@(userConfig.GetText("use_in_src")):</label>
-                                <div class="col-sm-1">
-                                    <input type="checkbox" class="w-100" @bind="context.UseInSrc">
+                                <div class="row align-items-center">
+                                    <div class="col-form-label col-sm-8">@(userConfig.GetText("use_in_src")):</div>
+                                    <div class="col-sm-3">
+                                        <input type="checkbox" class="w-100" @bind="context.UseInSrc">
+                                    </div>
                                 </div>
                             </div>
                             <div class="col-sm-4">
-                                <label class="col-form-label col-sm-10">@(userConfig.GetText("use_in_dst")):</label>
-                                <div class="col-sm-1">
-                                    <input type="checkbox" class="w-100" @bind="context.UseInDst">
+                                <div class="row align-items-center">
+                                    <div class="col-form-label col-sm-8">@(userConfig.GetText("use_in_dst")):</div>
+                                    <div class="col-sm-3">
+                                        <input type="checkbox" class="w-100" @bind="context.UseInDst">
+                                    </div>
                                 </div>
                             </div>
                         </div>
@@ -86,7 +90,7 @@
         </div>
         <hr />
         <div class="form-group row">
-            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5606"))">
+            <div class="row col-sm-4 align-items-center" data-toggle="tooltip" title="@(userConfig.PureLine("H5606"))">
                 <label class="col-form-label col-sm-8">@(userConfig.GetText("networkAreaRequired")):</label>
                 <div class="col-sm-2">
                     <input type="checkbox" @bind="namingConvention.NetworkAreaRequired">
@@ -106,7 +110,7 @@
                 <label class="col-form-label col-sm-5">@userConfig.GetText("fixedPartLength"):</label>
                 <input type="number" min="0" class="col-sm-4" @bind="namingConvention.FixedPartLength" />
              </div>
-            <div class="row col-sm-4" data-toggle="tooltip" title="@(userConfig.PureLine("H5619"))">
+            <div class="row col-sm-4 align-items-center" data-toggle="tooltip" title="@(userConfig.PureLine("H5619"))">
                 <label class="col-form-label col-sm-8">@(userConfig.GetText("useAppPart")):</label>
                 <div class="col-sm-2">
                     <input type="checkbox" @bind="namingConvention.UseAppPart">

From 7b7234e8107b8921a5d854f801167274a1fbe77b Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Mon, 25 Mar 2024 18:27:04 +0100
Subject: [PATCH 58/84] schedulers to partial config update

---
 ...ubscribeImportAppDataConfigChanges.graphql |  2 +-
 ...subscribeImportNotifyConfigChanges.graphql |  6 ++++++
 ...cribeImportSubnetDataConfigChanges.graphql |  2 +-
 .../FWO.Api.Client/Queries/ConfigQueries.cs   |  9 +++++++-
 roles/lib/files/FWO.Config.Api/Config.cs      | 16 +++++++++++---
 .../AutoDiscoverScheduler.cs                  |  8 ++++---
 .../DailyCheckScheduler.cs                    |  8 ++++---
 .../ImportAppDataScheduler.cs                 |  7 +++++--
 .../ImportChangeNotifyScheduler.cs            | 11 ++++++----
 .../ImportSubnetDataScheduler.cs              |  7 +++++--
 .../FWO.Middleware.Server/SchedulerBase.cs    | 21 +++++++++++++++----
 11 files changed, 73 insertions(+), 24 deletions(-)
 create mode 100644 roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportNotifyConfigChanges.graphql

diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportAppDataConfigChanges.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportAppDataConfigChanges.graphql
index 856c8adb9..d5bf5b205 100644
--- a/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportAppDataConfigChanges.graphql
+++ b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportAppDataConfigChanges.graphql
@@ -1,5 +1,5 @@
 subscription subscribeImportAppDataConfigChanges {
-  config (where: { _or: [{config_key: {_eq: "importAppDataSleepTime"}}, {config_key: {_eq: "importAppDataStartAt"}} , {config_key: {_eq: "importAppDataPath"}}]}, limit: 2){
+  config (where: { _or: [{config_key: {_eq: "importAppDataSleepTime"}}, {config_key: {_eq: "importAppDataStartAt"}} , {config_key: {_eq: "importAppDataPath"}}]}, limit: 3){
     config_key
     config_value
   }
diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportNotifyConfigChanges.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportNotifyConfigChanges.graphql
new file mode 100644
index 000000000..039551618
--- /dev/null
+++ b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportNotifyConfigChanges.graphql
@@ -0,0 +1,6 @@
+subscription subscribeImportNotifyConfigChanges {
+  config (where: { _or: [{config_key: {_eq: "impChangeNotifySleepTime"}}, {config_key: {_eq: "impChangeNotifyStartAt"}}, {config_key: {_eq: "impChangeNotifyActive"}} ]}, limit: 3){
+    config_key
+    config_value
+  }
+}
diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportSubnetDataConfigChanges.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportSubnetDataConfigChanges.graphql
index 2ff2aea9a..c0d9dc8a9 100644
--- a/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportSubnetDataConfigChanges.graphql
+++ b/roles/lib/files/FWO.Api.Client/APIcalls/config/subscribeImportSubnetDataConfigChanges.graphql
@@ -1,5 +1,5 @@
 subscription subscribeImportSubnetDataConfigChanges {
-  config (where: { _or: [{config_key: {_eq: "importSubnetDataSleepTime"}}, {config_key: {_eq: "importSubnetDataStartAt"}}, {config_key: {_eq: "importSubnetDataPath"}} ]}, limit: 2){
+  config (where: { _or: [{config_key: {_eq: "importSubnetDataSleepTime"}}, {config_key: {_eq: "importSubnetDataStartAt"}}, {config_key: {_eq: "importSubnetDataPath"}} ]}, limit: 3){
     config_key
     config_value
   }
diff --git a/roles/lib/files/FWO.Api.Client/Queries/ConfigQueries.cs b/roles/lib/files/FWO.Api.Client/Queries/ConfigQueries.cs
index a27b35a0b..13bd5cec7 100644
--- a/roles/lib/files/FWO.Api.Client/Queries/ConfigQueries.cs
+++ b/roles/lib/files/FWO.Api.Client/Queries/ConfigQueries.cs
@@ -18,6 +18,10 @@ public class ConfigQueries : Queries
         public static readonly string getConfigItemByKey;
         public static readonly string subscribeAutodiscoveryConfigChanges;
         public static readonly string subscribeDailyCheckConfigChanges;
+        public static readonly string subscribeImportAppDataConfigChanges;
+        public static readonly string subscribeImportSubnetDataConfigChanges;
+        public static readonly string subscribeImportNotifyConfigChanges;
+
 
         static ConfigQueries()
         {
@@ -29,14 +33,17 @@ static ConfigQueries()
                 getCustomTextsPerLanguage = File.ReadAllText(QueryPath + "config/getCustomTextsPerLanguage.graphql");
                 upsertCustomText = File.ReadAllText(QueryPath + "config/upsertCustomText.graphql");
                 deleteCustomText = File.ReadAllText(QueryPath + "config/deleteCustomText.graphql");
+                getConfigSubscription = File.ReadAllText(QueryPath + "config/getConfigSubscription.graphql");
                 addConfigItem = File.ReadAllText(QueryPath + "config/addConfigItem.graphql");
                 updateConfigItem = File.ReadAllText(QueryPath + "config/updateConfigItem.graphql");
                 getConfigItemsByUser = File.ReadAllText(QueryPath + "config/getConfigItemsByUser.graphql");
                 getConfigItemByKey = File.ReadAllText(QueryPath + "config/getConfigItemByKey.graphql");
                 upsertConfigItem = File.ReadAllText(QueryPath + "config/upsertConfigItem.graphql");
                 subscribeAutodiscoveryConfigChanges = File.ReadAllText(QueryPath + "config/subscribeAutodiscoveryConfigChanges.graphql");
-                getConfigSubscription = File.ReadAllText(QueryPath + "config/getConfigSubscription.graphql");
                 subscribeDailyCheckConfigChanges = File.ReadAllText(QueryPath + "config/subscribeDailyCheckConfigChanges.graphql");
+                subscribeImportAppDataConfigChanges = File.ReadAllText(QueryPath + "config/subscribeImportAppDataConfigChanges.graphql");
+                subscribeImportSubnetDataConfigChanges = File.ReadAllText(QueryPath + "config/subscribeImportSubnetDataConfigChanges.graphql");
+                subscribeImportNotifyConfigChanges = File.ReadAllText(QueryPath + "config/subscribeImportNotifyConfigChanges.graphql");
             }
             catch (Exception exception)
             {
diff --git a/roles/lib/files/FWO.Config.Api/Config.cs b/roles/lib/files/FWO.Config.Api/Config.cs
index 2b163058a..38c5a963b 100644
--- a/roles/lib/files/FWO.Config.Api/Config.cs
+++ b/roles/lib/files/FWO.Config.Api/Config.cs
@@ -48,20 +48,30 @@ public async Task SetUserId(ApiConnection apiConnection, int userId, bool waitFo
         }
 
         protected void SubscriptionUpdateHandler(ConfigItem[] configItems)
+        {
+            HandleUpdate(configItems, false);
+        }
+
+        public void SubscriptionPartialUpdateHandler(ConfigItem[] configItems)
+        {
+            HandleUpdate(configItems, true);
+        }
+
+        protected void HandleUpdate(ConfigItem[] configItems, bool partialUpdate)
         {
             semaphoreSlim.Wait();
             try
             {
                 Log.WriteDebug("Config subscription update", "New config values received from config subscription");
                 RawConfigItems = configItems;
-                Update(configItems);
+                Update(configItems, partialUpdate);
                 OnChange?.Invoke(this, configItems);
                 Initialized = true;
             }
             finally { semaphoreSlim.Release(); }
         }
 
-        protected void Update(ConfigItem[] configItems)
+        protected void Update(ConfigItem[] configItems, bool partialUpdate = false)
         {
             foreach (PropertyInfo property in GetType().GetProperties())
             {
@@ -86,7 +96,7 @@ protected void Update(ConfigItem[] configItems)
                             Log.WriteError("Load Config Items", $"Config item with key \"{key}\" could not be loaded. Using default value.", exception);
                         }
                     }
-                    else
+                    else if (!partialUpdate)
                     {
                         // If this is a global config 
                         if (UserId == 0) 
diff --git a/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs
index 0bb30313d..eeff275dd 100644
--- a/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs
@@ -28,16 +28,18 @@ public static async Task<AutoDiscoverScheduler> CreateAsync(ApiConnection apiCon
             return new AutoDiscoverScheduler(apiConnection, globalConfig);
         }
     
-        private AutoDiscoverScheduler(ApiConnection apiConnection, GlobalConfig globalConfig) : base(apiConnection, globalConfig)
+        private AutoDiscoverScheduler(ApiConnection apiConnection, GlobalConfig globalConfig)
+            : base(apiConnection, globalConfig, ConfigQueries.subscribeAutodiscoveryConfigChanges)
         {}
 
 		/// <summary>
 		/// set scheduling timer from config values
 		/// </summary>
-        protected override void GlobalConfig_OnChange(Config.Api.Config globalConfig, ConfigItem[] _)
+        protected override void OnGlobalConfigChange(List<ConfigItem> config)
         {
-            AutoDiscoverTimer.Interval = globalConfig.AutoDiscoverSleepTime * GlobalConst.kHoursToMilliseconds;
             ScheduleTimer.Stop();
+            globalConfig.SubscriptionPartialUpdateHandler(config.ToArray());
+            AutoDiscoverTimer.Interval = globalConfig.AutoDiscoverSleepTime * GlobalConst.kHoursToMilliseconds;
             StartScheduleTimer();
         }
 
diff --git a/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs
index cfe26026e..4b332f1a0 100644
--- a/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs
@@ -30,7 +30,8 @@ public static async Task<DailyCheckScheduler> CreateAsync(ApiConnection apiConne
             return new DailyCheckScheduler(apiConnection, config);
         }
 
-        private DailyCheckScheduler(ApiConnection apiConnection, GlobalConfig globalConfig) : base(apiConnection, globalConfig)
+        private DailyCheckScheduler(ApiConnection apiConnection, GlobalConfig globalConfig)
+            : base(apiConnection, globalConfig, ConfigQueries.subscribeDailyCheckConfigChanges)
         {
             if(globalConfig.RecRefreshStartup)
             {
@@ -41,10 +42,11 @@ private DailyCheckScheduler(ApiConnection apiConnection, GlobalConfig globalConf
 		/// <summary>
 		/// set scheduling timer from fixed value
 		/// </summary>
-        protected override void GlobalConfig_OnChange(Config.Api.Config globalConfig, ConfigItem[] _)
+        protected override void OnGlobalConfigChange(List<ConfigItem> config)
         {
-            DailyCheckTimer.Interval = DailyCheckSleepTime;
             DailyCheckScheduleTimer.Stop();
+            globalConfig.SubscriptionPartialUpdateHandler(config.ToArray());
+            DailyCheckTimer.Interval = DailyCheckSleepTime;
             StartScheduleTimer();
         }
 
diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportAppDataScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ImportAppDataScheduler.cs
index 3a87bf02d..3002f358f 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ImportAppDataScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ImportAppDataScheduler.cs
@@ -1,4 +1,5 @@
 using FWO.Api.Client;
+using FWO.Api.Client.Queries;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Config.Api.Data;
@@ -24,15 +25,17 @@ public static async Task<ImportAppDataScheduler> CreateAsync(ApiConnection apiCo
             return new ImportAppDataScheduler(apiConnection, globalConfig);
         }
     
-        private ImportAppDataScheduler(ApiConnection apiConnection, GlobalConfig globalConfig) : base(apiConnection, globalConfig)
+        private ImportAppDataScheduler(ApiConnection apiConnection, GlobalConfig globalConfig)
+            : base(apiConnection, globalConfig, ConfigQueries.subscribeImportAppDataConfigChanges)
         {}
 
 		/// <summary>
 		/// set scheduling timer from config values
 		/// </summary>
-        protected override void GlobalConfig_OnChange(Config.Api.Config globalConfig, ConfigItem[] _)
+        protected override void OnGlobalConfigChange(List<ConfigItem> config)
         {
             ScheduleTimer.Stop();
+            globalConfig.SubscriptionPartialUpdateHandler(config.ToArray());
             if(globalConfig.ImportAppDataSleepTime > 0)
             {
                 ImportAppDataTimer.Interval = globalConfig.ImportAppDataSleepTime * GlobalConst.kHoursToMilliseconds;
diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifyScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifyScheduler.cs
index 09a51d82a..c1cbef731 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifyScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifyScheduler.cs
@@ -1,4 +1,5 @@
 using FWO.Api.Client;
+using FWO.Api.Client.Queries;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Config.Api.Data;
@@ -24,16 +25,18 @@ public static async Task<ImportChangeNotifyScheduler> CreateAsync(ApiConnection
             return new ImportChangeNotifyScheduler(apiConnection, globalConfig);
         }
     
-        private ImportChangeNotifyScheduler(ApiConnection apiConnection, GlobalConfig globalConfig) : base(apiConnection, globalConfig)
+        private ImportChangeNotifyScheduler(ApiConnection apiConnection, GlobalConfig globalConfig)
+            : base(apiConnection, globalConfig, ConfigQueries.subscribeImportNotifyConfigChanges)
         {}
 
 		/// <summary>
 		/// set scheduling timer from config values
 		/// </summary>
-        protected override void GlobalConfig_OnChange(Config.Api.Config globalConfig, ConfigItem[] _)
+        protected override void OnGlobalConfigChange(List<ConfigItem> config)
         {
             ScheduleTimer.Stop();
-            if(globalConfig.ImpChangeNotifySleepTime > 0)
+            globalConfig.SubscriptionPartialUpdateHandler(config.ToArray());
+            if(globalConfig.ImpChangeNotifyActive && globalConfig.ImpChangeNotifySleepTime > 0)
             {
                 ImportChangeNotifyTimer.Interval = globalConfig.ImpChangeNotifySleepTime * 1000; // convert seconds to milliseconds
                 StartScheduleTimer();
@@ -45,7 +48,7 @@ protected override void GlobalConfig_OnChange(Config.Api.Config globalConfig, Co
 		/// </summary>
         protected override void StartScheduleTimer()
         {
-            if (globalConfig.ImpChangeNotifySleepTime > 0)
+            if (globalConfig.ImpChangeNotifyActive && globalConfig.ImpChangeNotifySleepTime > 0)
             {
                 DateTime startTime = DateTime.Now;
                 try
diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportSubnetDataScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ImportSubnetDataScheduler.cs
index 2ccb56d6b..2a526c6bb 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ImportSubnetDataScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ImportSubnetDataScheduler.cs
@@ -1,4 +1,5 @@
 using FWO.Api.Client;
+using FWO.Api.Client.Queries;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Config.Api.Data;
@@ -24,15 +25,17 @@ public static async Task<ImportSubnetDataScheduler> CreateAsync(ApiConnection ap
             return new ImportSubnetDataScheduler(apiConnection, globalConfig);
         }
     
-        private ImportSubnetDataScheduler(ApiConnection apiConnection, GlobalConfig globalConfig) : base(apiConnection, globalConfig)
+        private ImportSubnetDataScheduler(ApiConnection apiConnection, GlobalConfig globalConfig)
+            : base(apiConnection, globalConfig, ConfigQueries.subscribeImportSubnetDataConfigChanges)
         {}
 
 		/// <summary>
 		/// set scheduling timer from config values
 		/// </summary>
-        protected override void GlobalConfig_OnChange(Config.Api.Config globalConfig, ConfigItem[] _)
+        protected override void OnGlobalConfigChange(List<ConfigItem> config)
         {
             ScheduleTimer.Stop();
+            globalConfig.SubscriptionPartialUpdateHandler(config.ToArray());
             if (globalConfig.ImportSubnetDataSleepTime > 0)
             {
                 ImportSubnetDataTimer.Interval = globalConfig.ImportSubnetDataSleepTime * GlobalConst.kHoursToMilliseconds;
diff --git a/roles/middleware/files/FWO.Middleware.Server/SchedulerBase.cs b/roles/middleware/files/FWO.Middleware.Server/SchedulerBase.cs
index d5c9db240..011288c04 100644
--- a/roles/middleware/files/FWO.Middleware.Server/SchedulerBase.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/SchedulerBase.cs
@@ -23,30 +23,43 @@ public abstract class SchedulerBase
 		/// </summary>
         protected GlobalConfig globalConfig;
 
+		/// <summary>
+		/// Global config change subscription
+		/// </summary>
+        protected GraphQlApiSubscription<List<ConfigItem>>? ConfigDataSubscription;
+
         private List<Alert> openAlerts = new();
 
     
 		/// <summary>
 		/// Constructor starting the Schedule timer
 		/// </summary>
-        protected SchedulerBase(ApiConnection apiConnection, GlobalConfig globalConfig)
+        protected SchedulerBase(ApiConnection apiConnection, GlobalConfig globalConfig, string configDataSubscription)
         {
             this.apiConnection = apiConnection;
             this.globalConfig = globalConfig;
-            globalConfig.OnChange += GlobalConfig_OnChange;
-            StartScheduleTimer();
+            ConfigDataSubscription = apiConnection.GetSubscription<List<ConfigItem>>(ApiExceptionHandler, OnGlobalConfigChange, configDataSubscription);
         }
 
 		/// <summary>
 		/// set scheduling timer from config values, to be overwritten for specific scheduler
 		/// </summary>
-        protected abstract void GlobalConfig_OnChange(Config.Api.Config globalConfig, ConfigItem[] _);
+        protected abstract void OnGlobalConfigChange(List<ConfigItem> _);
 
 		/// <summary>
 		/// start the scheduling timer, to be overwritten for specific scheduler
 		/// </summary>
         protected abstract void StartScheduleTimer();
 
+		/// <summary>
+		/// subscription exception handling
+		/// </summary>
+        protected static void ApiExceptionHandler(Exception exception)
+        {
+            Log.WriteError("Import App Data Config", "Api subscription lead to exception. Retry subscription.", exception);
+            // Subscription will be restored if no exception is thrown here
+        }
+
 		/// <summary>
 		/// set an alert in error case with 
 		/// </summary>

From 14546fcd1660d18247928d8eb98f5bc3f20e826d Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Mon, 25 Mar 2024 19:35:25 +0100
Subject: [PATCH 59/84] display dates for scheduled start times

---
 .../Pages/Settings/SettingsDefaults.razor     | 11 +++-
 .../Pages/Settings/SettingsImport.razor       | 11 +++-
 .../Pages/Settings/SettingsModelling.razor    | 61 ++++++++++++-------
 3 files changed, 56 insertions(+), 27 deletions(-)

diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor
index 54350ce87..7f9e26dd3 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor
@@ -114,8 +114,11 @@
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5427"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("autoDiscoverStartAt")):</label>
-            <div class="col-sm-2">
-                <input type="time" step="60" class="form-control form-control-sm w-100" @bind="configData!.AutoDiscoverStartAt" />
+            <div class="col-sm-4">
+                <div class="row">
+                    <input type="time" step="60" class="ml-13 col-sm-5" @bind="startTime" />
+                    <input type="date" class="col-sm-5" @bind="startDate" />
+                </div>
             </div>
         </div>
         <hr />
@@ -183,6 +186,8 @@ else
 
     private ConfigData? configData;
     private Language selectedLanguage = new Language();
+    private DateTime startDate = DateTime.Today;
+    private DateTime startTime = DateTime.Now.AddSeconds(-DateTime.Now.Second);
 
     protected override async Task OnInitializedAsync()
     {
@@ -190,6 +195,7 @@ else
         {
             configData = await globalConfig.GetEditableConfig();
             selectedLanguage = globalConfig.uiLanguages.FirstOrDefault(l => l.Name == configData.DefaultLanguage) ?? new Language();
+            startDate = startTime = configData.AutoDiscoverStartAt;
         }
         catch (Exception exception)
         {
@@ -204,6 +210,7 @@ else
             if (configData != null)
             {
                 configData.DefaultLanguage = selectedLanguage.Name;
+                configData.AutoDiscoverStartAt = startDate.Date.Add(startTime.TimeOfDay);
                 await globalConfig.WriteToDatabase(configData, apiConnection);
                 DisplayMessageInUi(null, userConfig.GetText("change_default"), userConfig.GetText("U5301"), false);
             }
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor
index f289c7203..b38811088 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor
@@ -69,8 +69,11 @@
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5486"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("impChangeNotifyStartAt")):</label>
-            <div class="col-sm-2">
-                <input type="time" step="60" class="form-control form-control-sm w-100" @bind="configData!.ImpChangeNotifyStartAt" />
+            <div class="col-sm-4">
+                <div class="row">
+                    <input type="time" step="60" class="ml-13 col-sm-5" @bind="startTime" />
+                    <input type="date" class="col-sm-5" @bind="startDate" />
+                </div>
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5487"))">
@@ -119,6 +122,8 @@ else
     private ConfigData? configData;
     private Language selectedLanguage = new Language();
     private ImpChangeNotificationType selectedImpChgNotType;
+    private DateTime startDate = DateTime.Today;
+    private DateTime startTime = DateTime.Now.AddSeconds(-DateTime.Now.Second);
 
     protected override async Task OnInitializedAsync()
     {
@@ -127,6 +132,7 @@ else
             configData = await globalConfig.GetEditableConfig();
             selectedLanguage = globalConfig.uiLanguages.FirstOrDefault(l => l.Name == configData.DefaultLanguage) ?? new Language();
             selectedImpChgNotType = (ImpChangeNotificationType)configData.ImpChangeNotifyType;
+            startDate = startTime = configData.ImpChangeNotifyStartAt;
         }
         catch (Exception exception)
         {
@@ -142,6 +148,7 @@ else
             {
                 configData.DefaultLanguage = selectedLanguage.Name;
                 configData.ImpChangeNotifyType = (int)selectedImpChgNotType;
+                configData.ImpChangeNotifyStartAt = startDate.Date.Add(startTime.TimeOfDay);
                 await globalConfig.WriteToDatabase(configData, apiConnection);
                 DisplayMessageInUi(null, userConfig.GetText("change_default"), userConfig.GetText("U5301"), false);
             }
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
index 6d9cb3c6f..88a820c01 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsModelling.razor
@@ -144,7 +144,8 @@
         </div>
         <div class="form-group row mt-2" data-toggle="tooltip" title="@(userConfig.PureLine("H5613"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("importAppDataStartAt")):</label>
-            <input type="time" step="60" class="col-sm-2" @bind="configData!.ImportAppDataStartAt" />
+            <input type="time" step="60" class="col-sm-2" @bind="appDataTime" />
+            <input type="date" class="col-sm-2" @bind="appDataDate" />
         </div>
         <hr />
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5614"))">
@@ -157,7 +158,8 @@
         </div>
         <div class="form-group row mt-2" data-toggle="tooltip" title="@(userConfig.PureLine("H5616"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("importSubnetDataStartAt")):</label>
-            <input type="time" step="60" class="col-sm-2" @bind="configData!.ImportSubnetDataStartAt" />
+            <input type="time" step="60" class="col-sm-2" @bind="subnetDataTime" />
+            <input type="date" class="col-sm-2" @bind="subnetDataDate" />
         </div>
     </form>
     <hr />
@@ -200,7 +202,10 @@ else
     private bool predefServices = false;
     private bool searchArea = false;
     private ModellingNamingConvention namingConvention = new();
-
+    private DateTime appDataDate = DateTime.Today;
+    private DateTime appDataTime = DateTime.Now.AddSeconds(-DateTime.Now.Second);
+    private DateTime subnetDataDate = DateTime.Today;
+    private DateTime subnetDataTime = DateTime.Now.AddSeconds(-DateTime.Now.Second);
 
     protected override async Task OnInitializedAsync()
     {
@@ -211,6 +216,8 @@ else
             namingConvention = JsonSerializer.Deserialize<ModellingNamingConvention>(configData.ModNamingConvention) ?? new();
             allAreas = await apiConnection.SendQueryAsync<List<ModellingNwGroup>>(FWO.Api.Client.Queries.ModellingQueries.getNwGroupObjects, new { grpType = (int)ModellingTypes.ModObjectType.NetworkArea });
             RefreshAreas();
+            appDataDate = appDataTime = configData.ImportAppDataStartAt;
+            subnetDataDate = subnetDataTime = configData.ImportSubnetDataStartAt;
         }
         catch (Exception exception)
         {
@@ -267,27 +274,9 @@ else
         {
             if (configData != null)
             {
-                foreach(var path in PathsToDelete)
-                {
-                    appDataPaths.Remove(path);
-                }
-                foreach(var path in PathsToAdd)
-                {
-                    appDataPaths.Add(path);
-                }
-                configData.ImportAppDataPath = JsonSerializer.Serialize(appDataPaths);
-                configData.ModNamingConvention = JsonSerializer.Serialize(namingConvention);
-                commAreaConfigItems = commonAreas.ConvertAll(x => x.ToConfigItem());
-                foreach(var area in AreasToDelete)
-                {
-                    CommonAreaConfig? existingItem = commAreaConfigItems.FirstOrDefault(x => x.AreaId == area.Area.Content.Id);
-                    if (existingItem != null)
-                    {
-                        commAreaConfigItems.Remove(existingItem);
-                    }
-                }
-                configData.ModCommonAreas = JsonSerializer.Serialize(commAreaConfigItems);
+                PrepareConfigData();
                 await globalConfig.WriteToDatabase(configData, apiConnection);
+
                 PathsToDelete = new();
                 PathsToAdd = new();
                 AreasToDelete = new();
@@ -304,4 +293,30 @@ else
             DisplayMessageInUi(exception, userConfig.GetText("modelling_settings"), "", true);
         }
     }
+
+    private void PrepareConfigData()
+    {
+        foreach(var path in PathsToDelete)
+        {
+            appDataPaths.Remove(path);
+        }
+        foreach(var path in PathsToAdd)
+        {
+            appDataPaths.Add(path);
+        }
+        configData.ImportAppDataPath = JsonSerializer.Serialize(appDataPaths);
+        configData.ModNamingConvention = JsonSerializer.Serialize(namingConvention);
+        commAreaConfigItems = commonAreas.ConvertAll(x => x.ToConfigItem());
+        foreach(var area in AreasToDelete)
+        {
+            CommonAreaConfig? existingItem = commAreaConfigItems.FirstOrDefault(x => x.AreaId == area.Area.Content.Id);
+            if (existingItem != null)
+            {
+                commAreaConfigItems.Remove(existingItem);
+            }
+        }
+        configData.ModCommonAreas = JsonSerializer.Serialize(commAreaConfigItems);
+        configData.ImportAppDataStartAt = appDataDate.Date.Add(appDataTime.TimeOfDay);
+        configData.ImportSubnetDataStartAt = subnetDataDate.Date.Add(subnetDataTime.TimeOfDay);
+    }
 }

From 9e1d16842612d8f3a77c6cd128d3e433c05e886a Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Mon, 25 Mar 2024 19:46:55 +0100
Subject: [PATCH 60/84] areaS

---
 roles/database/files/sql/idempotent/fworch-texts.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index fea67e90d..8d95effcb 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -4449,7 +4449,7 @@ INSERT INTO txt VALUES ('H5620', 'German',  'Gemeinsame Netzwerkareas: Vom Admin
 ');
 INSERT INTO txt VALUES ('H5620', 'English', 'Common Network Areas: Network areas defined by the administrator, which are permitted to be used by all connections.
     They are visible in the object library and are not offered in the list of available areas for Common Services.
-    The flags "in Source" and "in Destination" determine, where the Common Network Area are allowed to be used.
+    The flags "in Source" and "in Destination" determine, where the Common Network Areas are allowed to be used.
 ');
 INSERT INTO txt VALUES ('H5621', 'German',  'Ein Modellierer kann einige pers&ouml;nliche Voreinstellungen f&uuml;r die Darstellung der Modellierung &uuml;berschreiben.
     Ausgangswert ist der vom Admin in den <a href="/help/settings/modelling">Modellierungseinstellungen</a> gesetzte Wert.

From 745d4daf37d862ec43aea8c01a209d2eb65fe6ef Mon Sep 17 00:00:00 2001
From: abarz722 <achim.barz@gmx.de>
Date: Tue, 26 Mar 2024 09:11:14 +0100
Subject: [PATCH 61/84] layout alignments

---
 .../Pages/Settings/SettingsDefaults.razor     | 38 +++++++++----------
 .../Pages/Settings/SettingsImport.razor       | 20 +++++-----
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor
index 7f9e26dd3..f6b5e4050 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsDefaults.razor
@@ -21,7 +21,7 @@
     <form onsubmit="return false">
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5411"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("default_language"))*:</label>
-            <div class="col-sm-4">
+            <div class="col-sm-2">
                 <Dropdown ElementType="Language" ElementToString="@(l => userConfig.GetText(l.Name))" @bind-SelectedElement="selectedLanguage" Elements="globalConfig.uiLanguages">
                     <ElementTemplate Context="language">
                         @(userConfig.GetText(language.Name))
@@ -32,37 +32,37 @@
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5449"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("sessionTimeout")):</label>
             <div class="col-sm-2">
-                <input type="number" min="1" class="form-control form-control-sm w-100" @bind="configData!.SessionTimeout" />
+                <input type="number" min="1" @bind="configData!.SessionTimeout" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5450"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("sessionTimeoutNoticePeriod")):</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.SessionTimeoutNoticePeriod" />
+                <input type="number" min="0" @bind="configData!.SessionTimeoutNoticePeriod" />
             </div>
         </div>
         @* <div class="form-group row">
             <label for="maxMessages" class="col-form-label col-sm-4">@(userConfig.GetText("maxMessages"))*:</label>
             <div class="col-sm-2">
-                <input id="maxMessages" type="number" class="form-control form-control-sm w-100" @bind="configData!.MaxMessages">
+                <input id="maxMessages" type="number" @bind="configData!.MaxMessages">
             </div>
         </div> *@
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5423"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("messageViewTime"))*:</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.MessageViewTime">
+                <input type="number" min="0" @bind="configData!.MessageViewTime">
             </div>
         </div>
         <hr />
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5412"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("elementsPerFetch"))*:</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.ElementsPerFetch" />
+                <input type="number" min="0" @bind="configData!.ElementsPerFetch" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5414"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("autoFillRightSidebar")):</label>
-            <div class="col-sm-2">
+            <div class="col-sm-1">
                 <input type="checkbox" class="w-100" @bind="configData!.AutoFillRightSidebar">
             </div>
         </div>
@@ -71,45 +71,45 @@
             <div class="col-sm-2">
                 @if (configData!.AutoFillRightSidebar)
                 {
-                    <input disabled type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.MaxInitialFetchesRightSidebar" />
+                    <input disabled type="number" min="0" @bind="configData!.MaxInitialFetchesRightSidebar" />
                 }
                 else
                 {
-                    <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.MaxInitialFetchesRightSidebar" />
+                    <input type="number" min="0" @bind="configData!.MaxInitialFetchesRightSidebar" />
                 }
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5422"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("minCollapseAllDevices"))*:</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.MinCollapseAllDevices">
+                <input type="number" min="0" @bind="configData!.MinCollapseAllDevices">
             </div>
         </div>
         <hr />
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5447"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("unusedTolerance"))*:</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.UnusedTolerance" />
+                <input type="number" min="0" @bind="configData!.UnusedTolerance" />
             </div>
         </div>
             <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5448"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("creationTolerance"))*:</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.CreationTolerance" />
+                <input type="number" min="0" @bind="configData!.CreationTolerance" />
             </div>
         </div>
         <hr />
             <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5415"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("dataRetentionTime")):</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.DataRetentionTime" />
+                <input type="number" min="0" @bind="configData!.DataRetentionTime" />
             </div>
         </div>
         <hr />
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5426"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("autoDiscoverSleepTime")):</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.AutoDiscoverSleepTime" />
+                <input type="number" min="0" @bind="configData!.AutoDiscoverSleepTime" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5427"))">
@@ -125,31 +125,31 @@
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5424"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("dailyCheckStartAt")):</label>
             <div class="col-sm-2">
-                <input type="time" step="60" class="form-control form-control-sm w-100" @bind="configData!.DailyCheckStartAt" />
+                <input type="time" step="60" @bind="configData!.DailyCheckStartAt" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5452"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("maxImportDuration")):</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.MaxImportDuration" />
+                <input type="number" min="0" @bind="configData!.MaxImportDuration" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5453"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("maxImportInterval")):</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.MaxImportInterval" />
+                <input type="number" min="0" @bind="configData!.MaxImportInterval" />
             </div>
         </div>
         <hr />
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5565"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("reqAllowManualOwnerAdmin")):</label>
-            <div class="col-sm-2">
+            <div class="col-sm-1">
                 <input type="checkbox" class="w-100" @bind="configData!.AllowManualOwnerAdmin">
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5454"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("ruleOwnershipMode")):</label>
-            <div class="col-sm-4">
+            <div class="col-sm-2">
                 <Dropdown @bind-SelectedElement="configData!.RuleOwnershipMode" ElementToString="@(o => userConfig.GetText(o.ToString()))" Elements="Enum.GetValues(typeof(RuleOwnershipMode)).Cast<RuleOwnershipMode>()" >
                     <ElementTemplate Context="opt">
                         @(userConfig.GetText(opt.ToString()))
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor
index b38811088..b8c11c8fd 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsImport.razor
@@ -22,37 +22,37 @@
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5496"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("importSleepTime")):</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.ImportSleepTime" />
+                <input type="number" min="0" @bind="configData!.ImportSleepTime" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5497"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("importCheckCertificates")):</label>
-            <div class="col-sm-2">
+            <div class="col-sm-1">
                 <input type="checkbox" class="w-100" @bind="configData!.ImportCheckCertificates" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5498"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("importSuppressCertificateWarnings")):</label>
-            <div class="col-sm-2">
+            <div class="col-sm-1">
                 <input type="checkbox" class="w-100" @bind="configData!.ImportSuppressCertificateWarnings" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5499"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("fwApiElementsPerFetch")):</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.FwApiElementsPerFetch" />
+                <input type="number" min="0" @bind="configData!.FwApiElementsPerFetch" />
             </div>
         </div>
         <hr />
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5483"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("impChangeNotifyActive")):</label>
-            <div class="col-sm-2">
+            <div class="col-sm-1">
                 <input type="checkbox" class="w-100" @bind="configData!.ImpChangeNotifyActive" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5484"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("impChangeNotifyType")):</label>
-            <div class="col-sm-4">
+            <div class="col-sm-2">
                 <Dropdown @bind-SelectedElement="selectedImpChgNotType" ElementToString="@(i => userConfig.GetText(i.ToString()))"
                         Elements="Enum.GetValues(typeof(ImpChangeNotificationType)).Cast<ImpChangeNotificationType>()" >
                     <ElementTemplate Context="type">
@@ -64,7 +64,7 @@
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5485"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("impChangeNotifySleepTime")):</label>
             <div class="col-sm-2">
-                <input type="number" min="0" class="form-control form-control-sm w-100" @bind="configData!.ImpChangeNotifySleepTime" />
+                <input type="number" min="0" @bind="configData!.ImpChangeNotifySleepTime" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5486"))">
@@ -79,19 +79,19 @@
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5487"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("impChangeNotifyRecipients")):</label>
             <div class="col-sm-7" data-toggle="tooltip" title="@(userConfig.GetText("U5320"))">
-                <input type="text" class="form-control form-control-sm w-1000" @bind="configData!.ImpChangeNotifyRecipients" />
+                <input type="text" @bind="configData!.ImpChangeNotifyRecipients" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5488"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("impChangeNotifySubject")):</label>
             <div class="col-sm-7">
-                <input type="text" class="form-control form-control-sm w-1000" @bind="configData!.ImpChangeNotifySubject" />
+                <input type="text" @bind="configData!.ImpChangeNotifySubject" />
             </div>
         </div>
         <div class="form-group row" data-toggle="tooltip" title="@(userConfig.PureLine("H5489"))">
             <label class="col-form-label col-sm-4">@(userConfig.GetText("impChangeNotifyBody")):</label>
             <div class="col-sm-7">
-                <textarea rows="6" cols="60" name="text" class="form-control form-control-sm" placeholder=@(userConfig.GetText("impChangeNotifyBody")) @bind="configData!.ImpChangeNotifyBody"></textarea>
+                <textarea rows="6" cols="60" name="text" placeholder=@(userConfig.GetText("impChangeNotifyBody")) @bind="configData!.ImpChangeNotifyBody"></textarea>
             </div>
         </div>
     </form>

From 7e67de6660b404cd68a50c7214a2caace34e7592 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Tue, 26 Mar 2024 10:13:30 +0100
Subject: [PATCH 62/84] daily check optimization

---
 .../files/FWO.Middleware.Server/DailyCheckScheduler.cs        | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs
index cfe26026e..505311bd1 100644
--- a/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs
@@ -34,7 +34,9 @@ private DailyCheckScheduler(ApiConnection apiConnection, GlobalConfig globalConf
         {
             if(globalConfig.RecRefreshStartup)
             {
+                #pragma warning disable CS4014
                 RefreshRecert(); // no need to wait
+                #pragma warning restore CS4014
             }
         }
 
@@ -137,7 +139,7 @@ private async Task CheckDemoData()
                 }
             }
 
-            List<ImportCredential> credentials = await apiConnection.SendQueryAsync<List<ImportCredential>>(DeviceQueries.getCredentials);
+            List<ImportCredential> credentials = await apiConnection.SendQueryAsync<List<ImportCredential>>(DeviceQueries.getCredentialsWithoutSecrets);
             bool sampleCredentialExisting = false;
             foreach (var credential in credentials)
             {

From dec1a4e6823d0e93a323f98e16bddd826c8ea948 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Wed, 27 Mar 2024 21:45:01 +0100
Subject: [PATCH 63/84] add maintenance page during upgrade

---
 roles/final-display/tasks/main.yml            |  13 -----
 roles/{cleanup => finalize}/tasks/main.yml    |  30 +++++++---
 .../tasks/run-upgrades.yml                    |   0
 .../tasks/upgrade/5.6.2.yml                   |   0
 .../tasks/upgrade/5.6.5.yml                   |   0
 roles/prepare/files/maintenance-info.html     |  39 +++++++++++++
 roles/prepare/files/men-at-work.jpg           | Bin 0 -> 70823 bytes
 roles/prepare/tasks/main.yml                  |  55 ++++++++++++++++++
 .../prepare/templates/httpd-maintenance.conf  |  28 +++++++++
 roles/test/tasks/main.yml                     |   8 +++
 site.yml                                      |  53 +++++++++--------
 11 files changed, 179 insertions(+), 47 deletions(-)
 delete mode 100644 roles/final-display/tasks/main.yml
 rename roles/{cleanup => finalize}/tasks/main.yml (86%)
 rename roles/{cleanup => finalize}/tasks/run-upgrades.yml (100%)
 rename roles/{cleanup => finalize}/tasks/upgrade/5.6.2.yml (100%)
 rename roles/{cleanup => finalize}/tasks/upgrade/5.6.5.yml (100%)
 create mode 100644 roles/prepare/files/maintenance-info.html
 create mode 100644 roles/prepare/files/men-at-work.jpg
 create mode 100644 roles/prepare/tasks/main.yml
 create mode 100644 roles/prepare/templates/httpd-maintenance.conf

diff --git a/roles/final-display/tasks/main.yml b/roles/final-display/tasks/main.yml
deleted file mode 100644
index eeea7e6b6..000000000
--- a/roles/final-display/tasks/main.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-
-- name: show listener status
-  import_tasks: scripts/show-fworch-listeners.yml
-  become: true
-
-- name: display secrets for this installation
-  debug:
-    msg:
-      - "Your initial UI admin password is '{{ admin_password }}'"
-      - "Your api hasura admin secret is '{{ api_hasura_admin_secret }}'"
-  when: |
-    admin_password is defined and 
-    api_hasura_admin_secret is defined
diff --git a/roles/cleanup/tasks/main.yml b/roles/finalize/tasks/main.yml
similarity index 86%
rename from roles/cleanup/tasks/main.yml
rename to roles/finalize/tasks/main.yml
index 5591ebcdd..d6d938c49 100644
--- a/roles/cleanup/tasks/main.yml
+++ b/roles/finalize/tasks/main.yml
@@ -55,13 +55,12 @@
     - "scripts/customizing/api/*.py"
 
 # Do general cleanup
-
-- name: delete ldif files
-  file:
-    path: "{{  middleware_ldif_dir }}"
-    state: absent
-  become: true
-  when: "'middlewareserver' in group_names"
+# - name: delete ldif files
+#   file:
+#     path: "{{  middleware_ldif_dir }}"
+#     state: absent
+#   become: true
+#   when: "'middlewareserver' in group_names"
 
 - name: restart UI to display new product version
   ansible.builtin.systemd:
@@ -113,3 +112,20 @@
   loop:
     - "{{ product_name }}-importer-legacy"
     - "{{ product_name }}-importer-api"
+
+- name: remove maint website dir
+  file:
+    path: "{{ fworch_home }}/maint-website"
+    state: absent
+  become: true
+
+- name: deactivate maintenance web site
+  command: "a2dissite {{ product_name }}-maintenance"
+  ignore_errors: true
+  become: true
+
+- name: restart apache without maintenance site
+  service:
+    name: "{{ webserver_package_name }}"
+    state: restarted
+  become: true
diff --git a/roles/cleanup/tasks/run-upgrades.yml b/roles/finalize/tasks/run-upgrades.yml
similarity index 100%
rename from roles/cleanup/tasks/run-upgrades.yml
rename to roles/finalize/tasks/run-upgrades.yml
diff --git a/roles/cleanup/tasks/upgrade/5.6.2.yml b/roles/finalize/tasks/upgrade/5.6.2.yml
similarity index 100%
rename from roles/cleanup/tasks/upgrade/5.6.2.yml
rename to roles/finalize/tasks/upgrade/5.6.2.yml
diff --git a/roles/cleanup/tasks/upgrade/5.6.5.yml b/roles/finalize/tasks/upgrade/5.6.5.yml
similarity index 100%
rename from roles/cleanup/tasks/upgrade/5.6.5.yml
rename to roles/finalize/tasks/upgrade/5.6.5.yml
diff --git a/roles/prepare/files/maintenance-info.html b/roles/prepare/files/maintenance-info.html
new file mode 100644
index 000000000..4a8362790
--- /dev/null
+++ b/roles/prepare/files/maintenance-info.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Under Maintenance</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            margin: 0;
+            padding: 0;
+            background-color: #f4f4f4;
+            text-align: center;
+        }
+        .container {
+            max-width: 600px;
+            margin: 50px auto;
+            padding: 20px;
+            background-color: #fff;
+            border-radius: 8px;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+        }
+        h1 {
+            color: #333;
+        }
+        p {
+            color: #666;
+            line-height: 1.6;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>Firewall Orchestrator is under maintenance</h1>
+        <p>Sorry for the inconvenience. Please try again in 10 minutes.</p>
+        <img src="men-at-work.jpg" alt="Maintenance Image" width="600px">
+    </div>
+</body>
+</html>
diff --git a/roles/prepare/files/men-at-work.jpg b/roles/prepare/files/men-at-work.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..b3fa3799806876020fbfff488e3b57e3384dbaf7
GIT binary patch
literal 70823
zcmeFZ2UHZ@moM6g<RCdpYI2gCL6qE0kS6C$Ln9zrK!PHfCN;5%5}FJW8bky{az>&A
zQOOb&5CloD{l1z1_-5|BH+Nl~wdT$ot9l)&I-#mg*n9tedtc37eFBhy)j(<hEG#U5
z2Ie2&Y5|}Oz`ph~{rttor0clXe<plfTpU~id_qD3d;$VO;v2+-M5IIn1SI4nq&LXO
z$jJzaDJUt(C^31mpOs+!EQx&`A5)Nwh=2(5*Z<9Q)d3*Kzovp6j*UeQxJHhJO^$Wd
z4PgGOtJko9cKDwX4lX_c79Qbs>}#0oHe>+6^=sFOvG8z6aB#8luyFub*RZeS;Np=}
z;8RkwsX%NU!V2Fki4XuK?%F>|rlO@6^<-BvG&ZqIO-nDBn4F?f*7F+Y;1N?peAV}^
zqvJGqno{2_9^RnpQ&ilEX@Tiy%Xt6NJf;`_)B-*M=CUR^7UuugaIO=RV4A*;h4b?=
zIi?2`Y$A7YA-0~BR5U<Q{U<4fZ^kF^Xz2_L?ZT1~1$9ebso9nEyu|R8JNK8xy^HD_
zuI2&6*jSiH$0i3T0(P|k*JF+od){7u3}E;Kpx~ZYq`gA{0Nj5J(8zZ_x5RurtQr6o
zFt}*n2a6Se+x&ZP5A1B_Z>n-(h>_9e*GcOfaO|!!C$Ovx5uE%Ai_}wlVVt)>p>Au2
zGC_#3Zd0_&KR3(=Ef+dc6R8)J`4lcxYjbHy(Mx#57=7U2`z9xuZVy7O2vL{@K8>6@
zc+KC0w(vE4YWA%uiR~T9uvXC0chkH1CkzsHZ_OzXtn@Mxz+wXz8A_S!TlNBRu3y+r
zG&1NsxvNs2vI|9%su&8TIuZUT3n&?^FWmHLY~%%J=r!JQn1>H`)~)drlBsTSw18$(
zu;z4#^7I(8J1MvbqxCqh0Cv1+vxy<m*^L2@<UJ&kQ@Bo&Bem$z)vZ%$cm@QLaeOA@
zj%@+BrgEmf{Q24)0Eq{HfO3~5?im39AkhKfxQ7n8^_T+ycn1I^-yT0{0VDx_-|d)T
z^=BLScWTFur*pN9xl;=%)b;dM0eWk4MSH9s(ByFlPOt-|J{Wn!!t?IW(3hQ0CC?UV
z_~=_qFPKuFYA<i@LiK1%yy;TJ>!(XH{khx@O`=>Txw3Q$N1;#@Ln?}=YvF|VRI##)
zFhW8h_3jHbXDi{iYaChVLdONt9xm#_ItU*-r$2)^I|z}UGK{~FJC|m13ar&C@E|G4
z)^tiew)N#&RT+iuu=9GfYM0njEl%a1Sm@`&!bqyV4<tSjKOpe<C`LTAC@PmsMj3s4
z)AcB0F`oOFm&+WBvDqp7VR9h?aw46j`P5O^4<SCzFs<$s>y|kQ3jL(Yftaj7Ulzr<
zbPClJ)rOO!HLJ_Ng*{T`hM>I=11pYVrrv{*@F(%MTCYjBbb8o&XH<&I5~m!1;oaTy
zmT@-pYrOG@Ud^os1cY~1wJO+Pktq}X@3eL9RE>5w++0qW7Iw1bJYuTOKUbC<JyT)o
zIN4xjzVn|kasSP-0JsisdwF;a7+T0zw7H>ucJm(fb_l~`QPR_a_t>moa&kLFk2l6<
zv4z}&E*>jL?Rd%?SD&~5`sFsbJ&2#Sdp-QSB=KLBeEV3}y>InmsqCLh{#D6eCI7Bu
zGNg~PC-7tBv%gFJUCI9i%`-pij3eTs4LdUK)t`spL%i{xD}y-k{SiBZ;*&1A>Q0&S
zAq@#85B1b-dDX&sZiiNSHNi$6&RqXcUrFlm629ee+Ol<+;>P}k9>(S5S<Kaql3WKK
z<(AlvTmiV9QXX&nl2NZ&Q}me@a1;iD*uAD?<VEGj+CIS|(5(~0?kDT+U0&vkdc4zd
zqgR0Sk4_Dto_Z%d1X{%6HHO!_Z&ESxL`6nM!35Dm8X!)R0)kpZYBD)FxrvGrFI1@U
zhfu`Zx}aMo?X&_bqzooRh978B-Mp!Q40lcRj!8tblp?FRHR8m@Z8@rapDN-wnX5fa
zhB3Tt_UZJ`Y^=BpmB}TWQ8k}5D=ay5c~!+rtdbYX5wx_tWF@fbXO_mPigeb~N=+*s
z;RDC0K-IWFA}~Me)#k3bo(8O^)E+w8?{q;?1>Vvx#L78LQ3=w18$h9Et0Qu>I!yE_
z>(1f-488y3iTBql#LRsw<zkN`EDHdx3IHd7G`VXE#{)o52B2P*RllK2-2rg8129h7
zys2=<7=V@hdv3?O=~gneT?r-&li&r*;YYV>4dW>_``d~hQ%tY0NTsS(``k|Wm^$7Y
zJ)_~p#CKL~Ic;i}Z))ANWf-T)YgiI@=Mn9|izmFc?Ake1f!&WG(`}ToU?4q&-ZAq4
zXlB!Yq0JG`?|<%IjxVq+0W@7V?21nK@$l<q=<V%Sol!2#q)cTRYK*p#Wa;y;VhY`P
z3L{Ql5ES?`eFc(nyMC~qq(>9cjXX2yb-UIp=1e1!eWxKNPgje`(L{fGbAnKWa9F`%
z+~1g*Go}{djY~LPVYSr;gUq`zv=_z7ucp<^c2d&D$pRfWQxl+3NI$-7vN+3nMo;zc
z32#xu=$RckVGvhQQA*xd#~q~v_!e9)qJ~<)kFMq7H3NnmwvyDd>k~$;Adcdg8>|zX
zmi*-s<=3Ik!Z(wD^OyJ!eP@iI@t-v^e(8_zyERCsr-Z2?Pq~?pFql`tM!A~&9aV}2
zNBX34ucKSJ)Rfww)`WvI4}7&a`SBLGs$wg3X4j_QWhUazdCfzOmFy?suDdO1JcrE<
zK)LDy4pg;KKsh*Z3cuU(8%)nvTh#?v$+M>acGX<4=q)U&uUyKQ<`h}}IW4W!ZqZZI
zG?^(Pu(LKg8eB~d{Ya;TpV<lMCBqedEE0|dXC<}`oqOV>#cU)%cl-W*+m?eu#Ev0t
zm2^anj3BW0(}sguDI%bOa+5u%T1?DJu_HQsoX>Z%XUhU0oNYwXxPnKnkf1LvnP#^p
z9)VfkQyCJ;=^SCyRn=-xKb`?ptBM*_iO>CF6;};{s}5sYxUqb#13(-NAUt4Vk18Yl
z1Q2Bf@b~*9FhApe4CsFhc+NH<9r(BgfDHs(YmL%a+Pc>Ke|Y<!mtg-F0_HUmg;H^7
z)n|*X{7L#)R)>0gZu=r@;~2@XrY+4c=|y$CASb=l)U*-@?2Sr%moF%3m6;1*b*zz#
zJJ6TPCGu&nwF)s%eugc{kDOj|j+3hr6=0n1=mN)cxUCUHN0<O9+u<q?YL2y6bQ^G_
zQ7+>*dBSNK69-hpkwq_K3LzN1y2M*Jkw#smarJTwDlZI$+=wD}3q0D;w`iLpI*;Er
zTg}rFEhw$L%e-UI!`Mkt24m8j@K)B+S*nVFi(45GyO5sCgM)4idmx}HjsdvnJV!c9
zg19e1Tl!hlAijCzXc?1G#;t3<>MMB}eae*zedZ995la}t&kQUu2ue;Xwky`2nO3Ws
zx9kfLu0`=}l=}x3qx7j>YF4bJDv7%bO83v*cIc8-&75*Gjm8Yq@N@$dL+<sPV}De^
z`?qo;Mv?wcS2%s|uX%L(LK^4<=y~98RBr%WM|jN^^y27FlW)-w?}&18@`?sKI220o
zF?X>mMdJ|*YrolZ3m<vdU(ri&PejmDokbzuwc(8>gQ(P^K%ZU0fw^k2Bi!?P09*+=
z@VV5?TFJ{)zA%0O_020$6PW=<3Bx<?+^si~A|ak2AQ49#VYUkL;IOPcUbLd)?lY4%
zG!bpn6T9QL0#@@laSM0q9y!wpxn1koeP%jyFKq)?DK_G9XF|-K;Ayx@UIr)n!U3vs
z)1@J>b=DV&{CrFs6H}fh02b0-iP}61{BaZeO-t)04QXQ+Yc)Nt#OjcB&#;Z&W`W38
z{zL01<H}JTpRDMCTbzxvPy}UlzS0ypO@nuuHg!^#UqmG+FW~xc=QU0O@sujrFf(eq
z=y-11v|<M}^~`>F6_&~GR{8(Ui1>9l04V-POZeZ_k?_jCme-i#68my0R+|o+3-xq1
z=^~u*1nv#3>m;WTr&Y3x&#N^q%5_h=^F;5>VsCgM^ms>vip6C0HP&ybk2sMhs`shB
za{Ru`WLn)v+6im~L-Op79`C&#XnZO)jHBKF<`rn3D@l92AO?z&jk_84q;{GB-yvY4
zvQo-|AOA};NY2xNcX;tpR8%EnX#T|`ix<6_>03=ACA0$eTDMGkGcD@kg<sk;*n0Jf
zcdo%<5kqv7MCm^-XMoGzhvh(!jl?L#)G$ZGEH`Qr-w@i{)$$bFpE%{mRP30Os^XXv
zw$|Ktc-nI~9v-1KLCnOTkTh*@GPAD<6hVBRRGsSUkl9e~=APbQ9o(lbPD4z(m5b;h
zTLnCwrz)YFi|6O1sIiY6xD;;c=M6X&mJ(d)h!8gwgIDs)==bn2A?bz<10{S!K)W6^
z0HNe4<$Q`4w7Q3t@#1z!2mK@OjUBAb*Y+{XZ4bJ1aqoVVk$ddGbePhNYxVy04B)ss
zmS2lka*@Ctd-R&*4*g#xlOB%heEPfOUzIRtA4}))&zwsD{x11fC4ZItyOO{Mv&;U^
z&A(1z{ay0ER`Y*9L(=aOA^yVx3Te`L*@@x#h4KB=YcV4t-}s(e_*oN{STvTM#=o#z
zZXmY;@k*zUPIGO$n348r;XWF8^OS-A@|9V!L7^FhiYts!-?ZLRySleKD{-|}{XvW%
zOrokvRC3-UVW^w4!q3$DTHNT1!&Bz|<-Jq)>YnmG>Hx49B(Fh4J@A+}I!^ig!x<JM
zZF`4+)fu4f(ayD=75Sc=F%dGFs54)F#~$$|a^BlOF`C(QWNeWc%kuYG)~uc{wM4&^
z7^OMYt#v+KDW9k|6A|j27;JIuk0L-PzhvYRYa^R!kkolM30v2ZkFJIglvhmp%4^*o
z(5ZUxktyhd6_bebht1=s`e1cq@m_76&*1|el;zjG#pv);lbHqA)4`yud!i{Y6PTzd
zgg!YrIkT$ocH&p}=VlV&5!#UX`6831ST|BoVwmQOX`ux5Y;xkF+QeZ~rb$u$esO`=
z9x|d&e^^-j^-E*)h2JlY{@TDVwPVAXb*p&aJ#|x2*K{84(f#%z*Pc^UwaG;@362Pz
zFVZVUG8oL$q(1B4<+g+w(R1FB6;2uCN{#izVME+eU=%^BG~(eAc0Q0k8|6t_a27I4
zEdl~(Y{lHlCbgzTv>s%<#U)I`=6{n{yqe~CBgW4aArrwCcV9+Tn+e!Q&wO8Zj>7cr
z+z|u&J|vb>DqWv6x+Giuuyp8$nY6;IU?5?-P%#nh1Ww%MwVrQJ90^opq?fv@T4xTq
zU0xA<jvJXlR%x3|B?yg6MR7Cmq|)YmaCEz8E8$tc72v9=Q@pR<o(u}L`*Ei(nAM~`
zNx)izMyPZqwF(Z8=hrTWFx#^WnbJc=kCLCjd>~OxB-~GZ1JpYDpG_^2psv5{xoH{Y
zTVn9MrPKV9>!z40a&!q@^rN%n<_AG}8ks6VQ@BQ)%B6m<><cX)?Pi77t2vzohKd$=
z`r`F=#Sqz^;AVe&Pq6r1odzINC%-G`wvliH$Gpp_3=*MhS2+G&<NsD|<lGzCU6BZ8
zFTZ|le?usJh%FZmkBj!mc43N~xbN9hc8HMy>5+MMKw%cyOvfcQ(awan4d0}OU?jVr
zCeJs<VwEzOJ=lmRRrOP2xn_W)OO<&Ah-s>%V+{{uEvR}8S`kh~)gQ|EGWvS`5RHPY
zzZMk_p67@@*Xz1p$8DP~G9fBwE}}_ML$p&vGZL`!!}IKW@ZJ=GnrXCN%a5KToFUpN
zS^;Zai@M;uUSr3Dmcdh^b7rXAaCTZ`y;%uQOvOWG-65VRn81rqVGX<Uw}65)w%Zl=
zD_k<pYT;F)?Cir1A$3$$Q=Lq@5I*Pjg42El$Au2_X@&-<H6CUCcy-U|^D<3e^Iw|z
z*{Z^g$UIW`k_e<hmJ^$JzFaGFTB=BhDLhm_Nx(qiWtHaV#?}qTbG^i^aINk|f-X4N
ziL@MjZ%v+iT7go5G>XZE>l&}CiujJ)j=<Yx8nuWfbZ(@YdJY`k)~mF|b!Hn;fh>e(
z6;9rG7Ro(C1z)<WTT971^@eoPOh9{(SCj<A%@n|Umg+e1Rr53d%p%C1;y}-cmCVca
zSIP6wB43!*?awywOYOdmYfn3i&e)Wn)jAb4h^c%?6_1JF^h`tYF`Izp4MdPM_QBl@
zsVaq{ZYiAPsAa5aU!7@3?wa|LqG@XtGfu6|>n^s4<=83Z7r8p^uZP{x)jfebpt&4P
zL$f+xi<`VXHN2N9x1aE>KY_%SJ@aB{D)4yCjTrCexYJ2q9OG^Zt6rPSeD4W;K@-v_
z(DO=+s$1N@Ylbx*Zo7T0SNQ0OJzZc&9bCc2)bB1n%ylJ4V2^s{n0qGVGOUS7-ehN8
zaHFn|WNW#i8|$RxtrIPwe|_Uj>#Ey~)jp@sw$h4V+-&7Siz%iynw_?PU8hMe(uvc=
z@ss279n&f6G=AKv=@F=y6_t^dHe@jH$3ZNEYIJx`vXxJj(6wNW2Q-b8^U(&K6_e%P
zLlyH8lL}8ICh7LuB@MUo1zhtoTTkxk+pvV6s}cDg@uT#4Uc|=eM5CyX;UDxuRF-4=
z!|qbRXFB&<jJWoTbMDgH6C2xoRQftDykEPkcDGyd>_)*Y^tL7^TQ^TNC&!QoW)n_M
zB53$e!}>V>uMsi-gn*6BXkoaf<^ryQQNt!qe7Q{3pG{LVy<Nks*~5rQd~{X&N~|*M
zg+wL4R_r9!VYazME_geyZWG5@-?=k7S5JBkBRFcCH0{<VO+JJVXS)$7JA;t3;T+Y&
z*bUD)^GL1$Qb)m*);<-0g?xP|DFZl)(yqW^wbEeI%rt?mJ2|7l4OiVhQm~G%wL!*$
zv`=*-X!pP)(c)CPE7zoRhNESxSGW<QD|OCb^e7?|i#oWVt=HJ3P^3X8FWH*g$Et=Y
z#QqiFu7pUnq+Vaoj<~k<Lvy=qGK3NZ2n_B79+9=!K%ssE{vASeI4fA0`FGC|{LJCA
zlj~5U;H@^tDf4Bus>RHK<zujfQ&31uX6Fp=;zN5nGmMUAdmp2qMO0ywH=5d)P~a=R
zyaeM$qY1)_;`Q_;r=)lEG2-(cp3a8_%ao0z<n$TUT!mjn2o_!iic~i7$4$y{R|I>u
z%i1wv=~qx|Y<)nEI&%s>HlSKpX4oON=M$<}aj6|{EIwqo*U{fUBof!cAG<jdi6`>J
z$ehNbV(GiqgP4Sv_}bmG0htIyC22)YnTs)*CspiY<>Iybo@2N9G+a2Ea@L_vqzzn&
zqI%jjH)AJT?Hp+p+WrSw{QtmJ{{m+*?2g}!&HQ44{}uU}=u3M_usXRFO!D-CJd<;P
znlSoQWvw?g4ansI6JOrt_f{@&xtoUiuFeEbxepV*>E5x87v0Knzs6X(kTHPD%gR(Q
zS>*-H?inM*$~A4vyh0qEZ_4n+#36-hpKm%&?dZe3Ya*3xkPp3=dCmuy8F{2fwwd8!
zkx<-gB$*l}MoHcBa`+rge}R?H;@<FrC^Q<$iJ%Wc=0Y{QvHTwkk>M-@B*>kF8BU2?
zKRp}h)3+a+MVWs`ZQW|$_m0x35=IWY55+hy5-JtG#V~G8S3Zri;IH!SutUt!LL*c^
z*_oBk#PNMv9wqU#5FrB3n`L=&r9B(r6I8PTPI}wK#1`($v8?Z3<6H)`-l2`Ywh!2D
z7_565qlJ1a4H`GOaU2bV8iIA_y{n&B64ChuPWXv7jAhPG*}2L#@}c+g-+jM)pgU^g
z*NfYDo0=t8@ls4`3%R8Ec$(URD!pLaEMX>>T5ca9UGM9${;E7K3c_F=1wrz4H_xZX
zxr%|1JPpNg%i0@7viYT{c4!`z`r0yw9+7&}b4HQ356IJA(5Sl@sW|z<<n)U3e9HMi
z8|+xkzYVebcSc1rMi}}%kl?@Dz(3=Yc+Z4Cc0!48Dk8Ec{hg48+(>iYBH<za*@34q
zh6&}8^bGVM-f1f!xQ0TI-Rw@#7xg}M?R9cWUbusbgM<B0@JZBr{e;%7DHpvN6n$1I
ziXMr~ErHs=Rfgx8-r4X!t?+nQE^WlEt1=>t$}DeWmEhiko28t})92SK4NqC0B*>IS
zq#17OG&sEJ*bS2ITw(lia<R~U8o#G%FBxrVgn<b$%lbTKeV4>6^dkjcgJ?f&9<>!F
z?JDKj#)VI);H|*32rXIP(gMfa-W_Sb(x58<m$_!I-DcR&MIF#;LkqvQ|9E(!8Cxku
z3?`Fi$J{U#8u&akszbN8^c?BN6z{(y;oDb3KMWmL+R24O-@de`M`PA?H_QT`t+bZ1
zNgNB(bUq)A)ib%S4(1k4=uqzxXprxU5wBKsi-NI~VeD{hl9}}`d^xg(Wee`XlVg<Q
zBK3isZ)eEUxaHm)zi?`VNlCO$5zTJ8n#Fd)pLmbjE}!XV?tIlVuqyC<8Z*bc&@Oca
zP?Wr(v1ZR7?;=mwG&wELUBdNkOv_tlY1O+kj$^DuT6mHmwp~+3iYwL7y;@CMm5r-8
zQ~U&>w~YS*6j077`8_s=&Cq5S{pUgF-%fM;_iWxzMS<wiPF5ze(>t}<MidfjG&`}<
z9}3X-=y{5|)99OifUF<Ffvt}Bhd>Ml##-}kVHhn83w7Z3X*FxE+Pi8HBGd-~U*Cop
zGpSbhj@%fHwAVw#k*uW`vvC;-n6JFMWEoqn{~;zMrcfs@scx+}7vJX1bZc>HIlahi
z3dO4ig@$ki_Pi3Tbc*}v%x?D`14ewrAQ8dOOxI}No0+?Dp{fRWLH@}6C%E6Zrg}EK
zXZ6YhIg<oC(<18+b0EP7V|^D2oj+oIfg|=J@iK7G^C;5NZAzZUKj*k&*Nz0m;L=C!
z^+ga$wYHlJXg84+yVX^}UmB$FkcDukU1V0OT0$})@mzIFF@T7nJPSH8_tlfPuTX?{
z`I5GM9LJot9Rrb^VepaNYdv4kMAFG?H{UF5gq2--IIrSLroQFMi2+GwTg0Wa<ebU0
zYB!u!_)&&iv1tb<REIE@F05XV^$hv#U0+-2jGMk^*)(}vC>iV=y>hFVXN@%nB70X5
zMHOhXdVK~$HylK)Z)9!9hC(cON+ze3>uH=TD6>xGD@ornUd<rjOHVcmdQLIrsvOFm
zdsng$!}CLmtK4gJT%+e09&m1b82^G1GV5e>!}ZS)_kM*vG4J;GGXsBZ;P2W$MWs;^
zOidl>o=-snVj-IRI8nB_k~29DR7G3evW__u?(?qCcK9_u=ox@r@pQzk;_vZRbEZRN
zC4{_W-DKiia0%(_4|4;0D0C6iIYTn*K#FMt2&F;AC!6WaZaAOR*x_FM;oC3n1$=($
zx`q&7#VLK$0jip@fv%ftEJN#N?J|p^Wn^JXb`V)OZJEgj=mWV0Lvcuy79{FZZ~yVB
z(*xDrH#>}<VuG%n;Cv<eBt9i-n&7MNl(H@kjdVMDKJ(lYdUns|`BT*mGm~oW%;^$g
z*hje^FI%hqU)ug0p_oMf!<zq8i(boAyQVWE-|3^&_KE*RdaU%6l|<1~&LVH7M9MnD
zmgn!j+dYpn@^8obyQ#HL#hea~wkTB?PhvN`&A~CVD^Ns?(mz{E)~qWZ&%TUdJyt7$
zc%jgs@O(n8P)H&*t9_fqy(!&~c0CIxsPSP!pWMo~r5!t;88cw>$Wl*v&G+af1AoZ$
zZ7PgaP4nUENN4D}?8}8`=n}`6f~nJ9)IQkPPXb4{X-DARlSOvDI(|95>>5rNIR-Yb
zPC4|SB<cROdI7N5{~HkS{zLS`>t--5=QY|wu`FNBb&b>kp7)fKbSG)aRY_gW5<CN(
zx$1Ue9MQw0oj@^BRu<W2^>=B&POfI|Ba{ZoOsvD@E$izqv|*2*JQ%TKy8T>2X39YY
z?5T6BQ-Y4vKHyeuK%Hl%`b6~25ypuYfhfx5wG6u=qVr<t;61b4qvD7>g}`Z--p?1I
z(7wWh#W+IGii96+i&XphjdHSu{+e}~XE-!!J%>{`aT{esv}3w7LV3>wF38B958E?5
zi4tm&uPhE-5;D!}<kwQm%qn?X8W*F3Lm6ZA`H>n0btVt=+0vxFR&i2pC~Q}eJSjTX
z?(I~a2wzXl{mP)%WwCeunlylGo$|dZ4gv7QnL7$F4U|iYRt9N!9@|)pu+t^w(W6AE
z4wL1{a>HyRO=dA^h{2cmly_$()(T2lTmQOe-+F0|NQlA}w1z*Y5KCP=OJ5L6l7CLs
zQ^0-S=m%oU?e1<%NC82Gb7oEM{%IfGrKe#jA$)||(GxoLuJ6Jn5x1r+H{}Rw3GC_Y
z(JW$q5+7wwPBzM$k>x4LO9Vpla#<Czv$G*e$|`_mi-P>LgssHj+B)F0z8K}rNk%TF
zol~jWxGTWCS>gQCV*NBZZD*NA-rN---u{w!?gNuaF-TVY6dTACIq#0%oK=C5>w69T
z&qR3q3rvq$9{wyHa7HMtkC2*^Y*uibJ}RpyDtlsDGK9<8=V_Q>>=i&jX##cySb`^R
zlaao50hV!3Z<~4XH6~fPc}wla#lCW}St8%K{iBKVI@IW-V$&Z<=--^1kiGw@t>013
zn}H`ES8`f@obkM&MHb4m0dbLHD-eeoDwnlV*sLCCNIqjV5o&d;udP-zOO#CwY2+E3
z5n#7>t?(^5exWX|)}P4XYS4~P+adJW8qkiD-ExEHRGgt?taPtV)m|kuaHgI8qFd?9
zwKz5O{{0qnvFFydrM_}Mt^g0FOKFKU$C|O<W9<RH1DvL?@^x>>9FgG$t6=3r0Lh@$
zKIwGcrX+QWo|-!J&S-u>$Qh2jnZ)L%)vB06bv&i<Q#tO1)xg0kz{RWpqh;Kuzx&Wj
z&s6M3?@u52gh-{O=^)+an*lIS%#sRvJ(&Zwmj%^;-F6Tkj-6(HaLt$V(Rp{ZU5!~A
z_!ZUON9N|EE5Nt9Nu>Mi8~D*}DzmIBz{&Jl^mJZk%t!snOxh)GkvCrL9BHv?hxOdM
z>3TeB2(W=l-846&PhyW-IZwcKwQPfNj$s7KJZL)ia&R3n_r9LOmn$(U;c=pEbD2rm
zLxSFXM;OK)Dkzhh#_`kglbrncg7x2l>3$a_4e)1SOa-U#-~h-ulS^QznfHO)(Gapn
z)5c(v4YI!%P^Db@Zi8PI9zDVXerJo&!W&Z+LZ$q82!>7#rVbmkNayw{urN{71Es8e
zp^X)tK#sH$KMbLoI$TBNjvVN~=hKOyso`MNmO6G^@ziFj?0|IsZ3+YRfMQoEoj$|U
z;&GNIaKBsJ4i)<?Qh^(%+wP_}OJR=7F<&dt)8m)uQ{V#yG1ym&=GSQbmaU$P0<T}s
zK_4&O^40NX<ridOy|)XGSlg^&d3I-hgqa3@;41X!`XhbZ`ztN7R{*y!_mep}KwuCr
zhV3eJ4fvHU8MbiT|MzC_^B4P_!Mb(|lvBi3Qn?q2ock0Na?*Cm`Gv;ho6B@HBdXzZ
z)jOxo9YcSE%beT0!_yaqA9kwa&Xm@EJ&}Y9l^`6?>EVOwO(5j~s9UCKp~NUh{;m^j
zbxXXW>r9ZW;;>1ocklJaYUNWyDnpSt+QPC%$e7lb7h0~FKgLPpVY`I+hCQO$Zv(Xn
z%K~!J1wEcW8ywQ+Myl4S+Qr!>4cOYLNswEF$}(6b4Hy?4Qaf&EFZg`T%&jx<(K53v
z58$fJy_|cSS;bWD+VM`N(6vJJ&dQKp8acnj>5iG-hHX#UMB5dBWQvoQ0}bU9$PIt|
z3$Xl~M(nTi;g4$*pAQEcBEXduFGnkQiU)Lbw_1W{#d-u)-uryq>TY$+Ow~4VW!;gx
z)mmIO@%e`4C-bNK?=Wn-yQ6FdE&S>rO3>EMp#_ZZEJvbc(bVz^z$<W}v>+B!iJ>Xv
zPsT|UczGtqNuMMK@+@__<m1Y|82+ZxNB58e3?k<w08^-_q_RnJa;Vyp)0Rb70R>eA
zUPuPC=?69qja(G+xMUnZsj!~MEe~~Oc#ivua3R!#;rab>0{Q_?UhZ)R3&Vuh)iSM9
zkK(=~;gKW^sk<L0zop-As(bYjH#d1ZU+8l)U)`sF8KgJ*q|+K?(qG^5ACR7CBx=|a
zXs>ANJFBL6r(&#ARk_xH5i9Iz@>p^_qe_7cArx%0CaH`ML>t_?^UGBNdPVK*+yp<w
zlu~5Y#MjB$UJC7ApGRFh`$s1qIWyGYooac64v9vC&x&-7dWQ6(>3^8(_||=zx;wWG
zIxPu=!_TkJ(&ffcO#aj<7T>x1wx<sIU20loUak{s9W8xy4UWm~o6dSY{f02NT2^1r
zFjt*lFH(iGyp1tI#r}GOsPaJV#L6ub2mcr5dJCrH$yr8KtD<g9-{SR;N>%SSRh6yX
z*DZ^X<1S9(f!n0Rr09)&n!7Tz`g7d6s~eN)lX(gGwQ$P+q{|=Xh5tch6|W$uu-Sly
z*!KoSi-Is0Z<}cEAkXe3|JOdBb_jzijOD#<VT+?%LUT_sObqKShrGOskG^gaT>5aV
zT2Oov)`}_{?JoZ5KF}Y|WtZ7n+SOG_)7(`kBqkZXfqbYK=Bujw=|cbDhY(d)=sZ2L
z#7WV=0ohY6gJiz~5P|A&w%UR&?5PdCV+`KOhw6}gClb=RN0`${`RPkuU}<Mw4f!~^
zywz$uo6p+UW^1B|pFi=cfaEn;d0)4bs{j^a7~UZGk*aj@C~-&7Zbe9~%{cdM_h!(?
z`=5?wgZN(atlTa|pL=J%cDeU2Ll=`1HcSJ)@=8`_7g>bzM7Q-@UjYt+fRkeCr(Je$
zk!`0gEi3PsU$=#|3+&BmE_t-m68-#PiG9eErUw!aX3A3n@>z;Sc~S7Dr4={L7}5I*
z7Au(*^2eJRyy>aLrVw%dc=N0@kGs&`;hSdhIgrl<1~Dv`ewI97w#4A^F}<6fDX~*v
z*G(m)0XY0f!$EX*GEO~sNp0Zx^kE~DOi_71^ug0BKy33&QDwZ?q}B)I)@xdcpu|}N
zt_Xeq_l&UA0l@*-qdq3}+<;E7?Rs|@XB{jfT-lkwsbbik7p&*v-!nwK+xv%HP5--V
zu^|C)s&<G_Ot!X@z}+`@MVq5DGlsKa=}9SiGmQ*YU=Rls8W0_gH<rifucf}EX-ygH
zH?ioR(2))<@~9k%%@9Xfnx;)51*dr*@T9>?=`_#-1Xw#CxjFBoNtE6*7UX=wIl%L@
z80o^KT^5r?Z<bPf4oXD|TmhsP<^{a{GxB<vytfiJsvEsRIi-C@1KZAEMbFPG4pio4
zp=X<ZZt*W<a!c%{bEidK-T8l=q0K&uv}98p{Lqy#fowON?}K8s(LgTf+w_;Eq{y0=
zXtlXVoyt6R%6xVvgE4AzR=$oGD^W*j`@`n=k;bIaT_wDc5!u7j*}auCHF7QN;flei
zDxDXCf;KeiwM3dGIH;;?6Epuj*RW5!yF?g?cW&xCG+EzmTJ|kISK$Jdp-T!|YAa$t
ze`K`%eEPl~s4O00NbxXru(f9nDuS2G_dVka+OD$DxdN7ck=9o#^;AbfK9qOmMpyhi
zr}5v9lZ|<-e>y$mZh#}S-KV|E9b$=diqWb>F?P#AC(-w485W#oSW78ujp=fv?inkl
zd~1<D71~0Y)kByr=WDM3TMMu=PnKBTjSPc>81(2}iKn>(CFEq31VPH4y2-kGj1QDs
z=VLTH3EA1fh(dODb~HR1dUNrc)RRlHw{)fku87(P4L9V&bhL|gM_300wHCmhFZA6V
zq>Y*GnpKi*X$%j;@mdc48@g@&W&6Qm{ex~xc$QYi!@SdX_<m60$+C#*>u<TdQ60;1
z1cM8TSBpSm{#9dS%Ty^qv9lB%6sWE{leDl*kSKpfLL^l;R*cY73^ZlN#x}mi$#Yn4
zhCno`g%q-j+@qxsF3Vbbm^|<<e^@`G$YG4xIle(`oID`IciPn0C#0<62gq0)#(5wk
zE+bxAGh3E1HtKuiW;Q&wQ`@FY8IarfAb0O+rK$*>Kg5MMPQ^!EQEL~uiFB!psCq+$
zVISCFNB|8O=1yZK4TciX(J<?4sy@>55>%Mo$kRGZPw!v(=Kl9!y=B^$7K#@G2NG=x
zIcPP#gqAkQ_E}#4SXsojiP#n^@sDWi+s|&u>Eh*<;pLnG#C8B<wb-{ih%wp6PJmIY
z9BgS~U&ryuEHL;1;bNWMYF4U>=}cd2T+}wrQ0IbJRJ9KJLF9cUCplax+vjhdALOxw
ze0jO0WqY4)eFgTjXBdJ66bD0H5XR6YOrO|H%}+Rca-ezQ`M|Lg5PB1bN5l=d10Ue`
z^`%POgtyd5vLX$&jnEhm2x?GKYBD(CF@!d2VtCiHI-S|;`xb40fMv>4qaP1_`fj}P
zx!iq}Mo$L^`=nEu<(O})xR+AM^K4aime$zG)4Up}jt~`ge;&#CEz2R(g;K{;FJ?Jc
zPwzc@M&fE+g#<kX2vrR-gYR(V`5MuqfEN{V2Y(1=#Vlig3f-sRcSrM7YZ_JqtHEwm
zuAs8_ge!KpvOw-glk_?F{ba@j>0-$+F@7U-+RKihMPmh5y{v<326eNkk=0vnAa+BV
zEyfo#odO)<oq}VYB@>a8Fy!K0GpJuCsr#w43k#dZa^*bYt|^n0(kBOePnr3MroKYL
zkJzSZ-T5bam0~=0hth3`Hj~AB+h-wd+S^JFkM8l$-A}jz(A?gV4&hz60*J8etnW$L
zJR6+tePYjm1IIXFJ~KUA)ho+VmW)hQf?6oGuFWCQG`<3tofpRhUq9!73p35v52;qa
zy7WGe+K^}a@>!Y(7Q`-0rqR>Y)ub(%3%b?bFmEqJjxkA&?u+pC)_C$~5AS9i)gDC`
z3n<voxM8i2lwd(80S&OnrsxiVc^evl36>4c<DVM}3yeIY3f@3>Lrp(R-p4L*RgR~g
zkR$#?c`8Nz^O;^i`w%Wa%Z)l?=l36dth`^;?;BcCx#qQp3T^v^GVs(JiC~;b|LH*j
ziwG*RpFHO)M~*v+hh=r5Ac#_Uwd68|(cCdl?2tkTa~(lNl?)vGuy5n0{b}zY+Gc6}
z>-K>CNLhEB^-oLbbB>+-N(os{q-Ig^BoESHkX}pmO-mCC%+a<0CP$_Ig&u><VU(NP
ziFMPQrd#(ITHD3VDxh}uS@w@wKXQ&zVK7|Zo3RAo66l3^W$#>uYV{iO71J$I(ePL?
zQT{=W;yKfKl$CROQR4(9k4)k3^D6w$Qix?k4jPtj8?<C9*=#DWbG%fg@fATonXzEk
zQh7V!-|Q_agiBT=LC!Now~0W29UgmZ;{|3TjdNjx&hos{?+G&w%B#SdSAfYkto`o|
zTgF87PY2l^AbWSjT|dgPpS~S-)@EW*7P}Zb_xV2U>+L%&St9d1gme|9cj_8zjK`63
zSBgL=qw56`5$T*sI#LP50}2jTre@kPV?6TJ;ncS@-`Lwqh+bs6F&$6dVory_@)<DP
z0j2fwc)=&$hI_IVMe6)1IR}E3b>8C1O=_kKQTw3a3PtH-OL~DC=4#o)_E5Ey(uTHt
zmd4L{$BCmgihf_(nrXH0e-74P(={CFB301pt<HMHsjI^CP8Kw9G_g)Kd$&QiC^2fz
z8U5f>|L4{(&g;OIR{A+(jGz+w;TwIk15_;qly1+?Pn-yWYcG<%{i|<8Sta7PTr%Ij
ztf1^wQ!|A(BuBiRj`8hVBQ6Uc&(a-v0O<#+)cY5@*riX}nZ^ioSBF>iTmf{(JrO-S
zzN5r@xpmu#76B#+`m2u~2<oI1brnw8`Sfn_W9+`hTKc2k{D>sZWZyKka2RF_aOZ_Z
zd9S8qawW>UHckSAD}^}XjVLTsS88+I8ss#p=+z>BkSE<M{#K%Tt9UBVW;m$g0sfQ^
zu|Bs8OO)^RruU#NJp(msXOho<AS?^!75{;_FDu84naV@8PGzTQHsx9`<$}^MzR5Mk
zQ<*U-<?@!x{DMjZ{JsH$Q%!~Jt;O>!^4<aH!C(n^?kJR;e3BqsIT_*!A!STxKa7<S
z>?s=_0qenshes#Hgqct_>X1;eX_J_py&Ke^axe3EczZT236W!!NL4~td*Mu_f-+HD
z+}w87iF-m#sL-a9PQL@Ynxnno?VI1HuK?3c`o}=GD}cVSa<cKT#>={(j(;2t>UW$6
zCR*;i=kFJL5&;YmK6;iYdK+Vyu3uDY!liYrnS2#Tk7^iC8q)ST(XYp>irm{ytYU%D
z(QPUidyxxUhIj413|Tw`yI5`Pq%d6z%)<A+@fSWq#6&tdbJ!RbeuPSQ#%a>x3+WM7
zg^)cuL+1=_5)EGE>WuIC+)>)CT)WRCsI2kl3sDgKFeswJkZKd5JG}Tbf|I$>V|YPq
znU#6Cc87hR9VjX~s;2(QA*6mD%XSM;djv4CQ4lisu~|I~A1h#}Cv`6BC8vQd3pA?M
zrdoNrwTd8H1;LFgK9|)WQ%?70-|Pl%v==?pmcPCG(Hk$Qr_$yh?*fx)5Hl60ftXGK
z-ITcDsD4;Bp&QrpR<Ev>LPevXnO%x$N|6scnF~xVv(!sV(;{&UQ-+k<KTV$p`w6h<
z3~h<1yBpLGwANE){U#P-)4O>qdsFy7zZfwMMtzmjoD!1>avrwr@m%|yC%oQbulBCc
zJ8kWLcDGy1lA%~rR#DCE&AB&o83;v!&TNpqhZAa&D%GO=)(B7iqM62Gq=Z#W_`N6P
z8fNjU897DD2`8L|)R}!QHh&<R5P;ynjprO`w0yC&!4+Uv&?-@BynnS#sSKpRo1Co)
zUWoPD52}#h!%+Bg%_uZP<w#1h<nX5|m4%)Ns#3enJo28~p?|67T$s$r=-=8OwcD63
zIbYa{p`{S|#StG%l<z>=A0CCAz5d}AlreshLgRgs{9)-tLE`Iy{?a`J_apSA-##+`
zxo+(%5A^7FxDAGeh9QJK@#+=E#BXszaukUTtC$XtO{t=9nf7O4sfO0429&A4wZ0W2
z8Vy&_p@*u^B1VoEs-U7Lma%a<m$x3E8ZKTVvo^o7J1SUQVhq9FAlohK%+9W<f1WIX
zj|GH@h_7`4YC8mUabmGn5k(mO)9@iVZ51AEZA7P}Oy)^Tdu2JIV3HUmBAzY$>ZX1K
zQcJk-M{z!mwCV6JSgT4*ctuS(cCtYhK2>yt%#T6-7<0xI2fSxz2PM<9#IQVheB7gH
zi!E0v-Ne!GVwp=E;?lAzf~@YRQ2fHSJ7(*jZEY~PAfQOLK6TTAqnDJ~UMS9;i$<{c
zcGoW70h61mi&4rEhNl1ca)!B<=!OZww=h*A5XZQlNspxpSOB~;IvJ5mBviZe-OQ?v
zi<3M?Ymy&c;?kO~ApPw@;;3|AT5slw^nitrN|Qp7I~R42_?84u;&j7|IdLRSS(cMg
z^<I8NjM{A`>1OXhsL+k2pzd2a?Y16&AFZ~YUH5nd)vf@}4gxdZ!brabRZEv=>E`T-
ztOQ*SZ|oUY^=LH-+4Q1MBtlwmUo85W!djz_ESV%AEQ=j6nVVf74T5976cxI7nAN~8
zxGM&|*{k>%g)zkIyA1Dr*o$2_vfc)~t!L*Ssg_DYFW4oaI1cGXWKuql7F8a^zw0rC
z%ug5AX4q`hhHodWZ<gyO^NJ~d-4X+tmAnU!yM=>a`8Uwhk$m{e_4U8D*XsYDOTk}@
z(6u|i-&+kkidkQt`_jI`&EQ&`mZx}cK6;0e4>rW~Bt6+OCT3XO7tBe?qbR;>mY&jB
z#LC1!i1McYHbHZbFWf@Q)w@3`%CWvtN4kgu#d(ZON^jZhD!E_j!@pKP`*PUD>qI25
zA~QMx>35+^4H7D6s7-sD>CjZRd~dL%jzH*SKMvUb2qc3r$G0hY*<FDlbzEAEuU@!s
zodg8Qmypm~Frmk3UZ34NH9RhTC?TTd@rdT~;|JD+^3Vrgunk_n_>RG27S1}Rg?2AK
zxwJ*;`{-`yqx9%zs>4#t;tL^AFRmdya}dr3^FrYvcf@m}*1g2(8m~mf`B|pwD21a(
zKX_NZ@11=(JdA`CAddk~vsg>Z4%ipV*022MO}U2L#F5nb&NsTx=k<y5xIAw;T>(Tz
ziZNENXDoX(wn7PVwffR@DO1Dx?ksQkgjrB-Egv2->JgbC9I!huvcL_icWbw!E3>Mz
z?>T;9)R(SA%y|v<kl!#f>6{Ozj1w$pWeVn;z_7p%X&TTMpX67X9^3!(u{ML7dbHWb
zm~Hs&(Ytr7X6&qj@@x19@bo!XWfaVX+ZC%H(*$#A%@&Uftitiy2fw|pK7?k^ZIYHy
zrzwTVTxFKr&MUzCM1J?x(U3_Q0no>$e2c)9!6Te2z!}<p;eY)OUkl7wV#}qgg4VS;
zXH8~Ohss4?j3`>qtJ|K1H|kSQijPrS5StyGq^{V0iFv)NK-m(=q_RY50BMvm^=6P<
z;mX9z(f>+HJFTzgx5$3J5V|RzU*%YD8q?d=7($Jq2&{Qu>VM7>hkDmLuAE8NRjaFb
zme$0~O~aPgq!1Yd-P4VZZ4iSB1wqLCBeFD2gXI|Bh+GN~KEKwGxDrKrD;0E^t-q>K
zO^9Kk+2;2Lc*1<O-yJ7t`-e7&BULs*o7asiQwoa*@urQ1iE4=+mFbss-xI2$=47Ym
zWJ`|x@i^#sNx@qGJqLeQu<0S(TX@|4JWK!jGW=5cmg{h)L+pMsUzbG9p1o%um5Ol{
z)|W)?5e=#dPjXA2NU{V9gGQwRy=8A1YR3e5b24?GMAN*2*fIP2)3f$IZutg*m+Kb;
zmQ3>}l*J<K?KR)V#~CXthd!y#uX`__ZqpdMHVNg`zO*~tCQAQDCM3p(%5~nBgg>J(
zJ~qx*pg!J3;So{yF?mdROpRUUM?U{qwBy&Uo}O%dEh`IDkr%$K5PNv?U8eOVh+R&D
zTn)2t)iH8D)G=a<{=K|(XCY4%?<jP8%pOCy{HU1fk;uVIFw;RS0edHbS3!sS5k;OL
z$3it%LugE>(p-iRcvmG>hc?gpF&t-Dnu$jV8>N+~1iv?@z;ANS!I}rTm~V8Ky}r%n
z82Isk0uYFRX>2s~QGMGB70;}8a!I4Tc{r2L0KYzL!P#`47U#P>bO8tevmqWPb%8{W
zP}kM>Ss7g9OdBIqjMB!ld=)Y%f*4&Cdc;HT-<M#$0&HUKnNdepOQlwmP3@^-Y1jr)
zlM|}q(3pFhO^n&16rD*m4cok@7hPU>MUUx~eJeSu??*4Qn+usP51$_h?Xymq-*MX!
zW_A_6>C}}jvF_Y<;|aScY!j_NBm^lZTLoPKPN}e?O?IEr{c<R*J*n~@d3U!<(#eZY
zl{t#Y&S0YdVi0)pc!O#28Li)A%X#cm)i+9goo!e*2NXys=8*vnU-hVr=<&5wA+Y!P
zHz->9Rwzl`478U6ZF^eG)$KmVv&JR$@XToO9g^mMud0-#{UXqZhTGIR=P<0t_-aLZ
z<+5dzil{T~kBGD@=1>Ub)#+>x(T-tUyn>D*{w1S;6{!F&Y}{HKsH$P&%j-ux=qiho
zix#3<DBFGYh5c;&ro7cmH{6}Ev@(C-hb8e$V!RmQxq4`RMAQ|)lM%L6BN;lSf9v^d
z;4O2ys5#Hi&Y4aGATugwPgL<PJG;Opgx<Wi-&I6vfmFdzOl!Uj{pzqIia^7at3uKg
z%tbE9#Ft{qR}AOqPh5)znUaBk+R*{D7W{;pJTqZpJ(;Ylzb9zaA2#pEZXEP1>1Of<
z(GY%<bw~*j&dk<35-%=$J5Db{aJ_0BCc%?JRxirllKF^uqLGZWuA=vOsUb=SCC;oe
zpGGMb&A~e)$Ymz5?P*SteQ&q6%`VcOL0EYG<$=!-cfmI|Gjk~&Gp_OW@+*Luz3bTG
zt30=xmhHNO{G87W^o*6A53dimLx`iH8m)%5PNv%uOeIceo8|L|KNii(O5Er?UF?8B
znezB#7Qf4Y)_qgVCL3m{huL*8w1<D$bguvyRP0e<!RG)}2CVgwm3MI&EP#J15syg-
zecq{{Qf<$f{AO;>sed9szgWn?!DGX3zU4%{CMeOvB(PVtl!m#Mx#hX+QieefiOfR0
z1g&(UUIB{i7GGz;GQUCNTt3wtJ+G1feCkOVo|V`ZNEStzIjE|!o~Xs;xyM*1BE&Z>
zXjKUO3f5@g<V13)s9=Bn$JY6e%oV`3SAm3V%0g^Ugq*bAGb796?TV%l4kxH~;*rKK
z)<6rgi_ccTLg8i&-p#}(Vq6RP;&I~wv`>Nx&>4&Rr<?q1+ngtl*H&BXZ{=t%txv>+
z%li=9JM747$rZ2MV?C!zqp@eb>CqMDsA^e&h>=5w;ZVg|ORAXbz4zqf)ZG&=c@KG3
zElzG0VOEL1BPS?)Q@qa&@XLWUkb}#!u#fIV=u5n~9N|wdG?^cpIaiu!BoB^n$Uk4j
zMj8Q3u=_Ehgt02Atg^b-dm^b43WxF`3M=p0%UkTQjCVqHs@pUH!^{I}=m&}8bza^Y
z$0bg+cJ~5e8Y*fi*A{Q9GZS=T95v91GEQ_+s(;H$8ON7jB{a`M{TWafuUkosBbMJQ
zW&0AC(WHPUs#c4UKhcRNbTK6l7#AIuvh^w|Wjno+2A775C%==d^2CWU%V`ZoM~|Hk
zSiMOapIzV<!T=M#Aq(y61w#t-<S{zwZ{qahBx_{q*j-Qg6Mo40zDzsMo7H>y6eswO
zmQ(V!ON3q=A{IQC6;C3H3hou%WQr`gDcAeZpi1u}7(AUcfOZPe@8N_+no)tl&*?EN
zLdVSONxv^9G-jXw%~7NSk6%~jCD>dTq((ND^HNp~6jVoqx5Es4%tlwpHbvP*C7NOE
zhLbJXgQ9g@*c*BIlNI+&(K8QCs0N`g!}pTZ<%AQWjqJ>8_$E0r!gNg$scGS<sGkHk
z)|<N>YN*h<RE7Ds`F9tyC)D=tASO3NupcCJc?^E6e-k#c;^%6aT|UPY<TU-grIh>I
zgKxudZO@Bgb3+BHFD3axQHoB;!5rwg`|vN(ATgd^IO%0>3~?m}2-3vPat+NbiEdfd
zD*#UThS?>394x8wX_WMI4_W<$%)Gd}Syj&?w-%Z8hw3j1_e}4;=^R?3%jl?0w=Kxl
z6llu7&c<m=+u^hf%tX6;$!mf4D|56!ZTeEk&5UDm4RR|{?P8-JV;xO-9ZW8^IA+_`
zE~ChMY<5Be&#1~>k&>scIo;I1-)o%y;4uby)^<nX!9jfSwOpp6Z&?|`UaFKule|-&
zT&G<f%7SYs#bv{ZI)eEk;5_zRtv}b&4Vq4CS-^V{o@x$N?Ii~5HtDX057^W?TfKE#
z12fsBKDTe{MMqdb*&bqoi5Qvt3Q3|^r=gFU7M#j(_173Ru>aMGI~s0m={P-{?x_CR
zkv}@)&WKp^yk6S!O~tBh+)B?|^iT=zzP|1l6}k<3tKjc;h0Nw-?G2tAmY9fDMj?E9
z36q$xJYvEu8~>_a90nPVyou9qB(y~oeOzLuDaFGAVj=v-Rm0~Ln0SCFW`|_@Owu72
zzbYHPgvTAav+Bu|6mu0^_B3IlJY_v|aF6P<i8>xoAR>Ghs}VDX0qnKA*pK3ls+AKW
zCNdbqT_*)HKg5Q~iLq86&VPcepHFJMS+9LW$~7|iatckFe2Gepsd@Cn?`J@Pkcal3
z*{Tf^82`Ip!-NKIwY&6Mn;ZIy6eVkC43bUcMtG#SB-M{)!{{lZ+a9`}t&q)Bl9u%p
z1uN#u2N=RS-i+EBCl8O*?%Pc&ZY!=B&*h%)`}@ksr)W99Ul&!Eu$hBD3DA;%`n6Tv
z5mlAgoj9YWCMhof_AG;gr8MDAUjFlPVphf?G&M1qnVX5m;`>ovA2f$~^(`bMd$jeC
zF*4w-weYU4>^RUZNo^PxlY^=)vd&hxlCTpb426~w>oj_s{6;4^fW}{r$^Rke3+(?=
zv7hlYnGNAwx4kR<xAbDQsV-<L`y(1?is=#T+(ry6khCUxVYLzpC_>b<+XR|MMk@Jf
zT>tqyLFipjA%l@xMwUIa#xxTNT7R%>nwIalt2CsLC@md`J~4E~gb7eImvq<soaK|?
z?&-OFVq#QLgS-MTgiL+;QD^Yguei%qNq9<t9pv~kVyzpeEgJzpe%uaQWHcsnRf(~o
zNt(9rE^<NWd(cssIY#!x_=(gCSS#3=NC~iu8HWF~{n1KTq?QwsRY<6Ly??}oOx@)T
zP$@h_M((>Y67RN$x?rrzrUJ};YUnTd<HM)g#jhSp%nEO`cFnyrray2`6q1`grfa?L
z7>PY?qO0HMa!_1OJVA1<)d`(<s3jDl2;>+cgt%#{Y&GBUEzF<@N01|VfgI_DLI8%X
zs>&>N^VAu_2uLA^9GTiT1HB0scS33|lfHLOG1SE>`R#g$e9K~{bi+nd2wz!|AjE|Q
zE83>YKubCOrpo;$C*QS<8OV>gt>P+<WOBe1!u4w{9<#@M=~Q6Cv>2LMkfeK**Sxxf
zBpW>IH|t9(LlsyhjtP#aIi-gEICJ-z{6A!xe`GFeM|#v%MX<1lzZqEQm)S8hrDo*>
zOd~n*l{96_hWn$N9<N$l0k8rWGr+9&tNNxlmnHh4@0bMjuK=8W46H+AuotxVAN)Vu
zy$4WJ?b<F3B4VLP?>(XS08&Ld3C)CF1ZjbQNJl_GlwO6<dk-WODWQmnNbg7}A_z+F
ziXbRW&+^^-+h_mh{O8PkXYZN+eE*u2l{L(SS+mx&?&p54`@XJ=#!zMjAv#6!zMcuP
zbc2HWz*#6MsA=A5J(F^oDpu@+bNdxS)Mx#B#!+B0=!9^Ir<PNKw-i_se#`xAh6%!}
zawy6r|JZ1nT2;u>dd1k4dG=+smE%X>MXBwQk{f+X=BCmMFTc5rX4S}WcyjdAg$34y
ziE!PxdZ~-3F3ibID6%9EZXRnT2-Ra!N$V6jG(Xkd&fd1LOg+=NP>XUVYqT3x3Xp1J
z)fr0|?GyP)+fZBkgzpEfv71_2G)<Z46%?@a5ftLB8yL3WunY66jLB+O0)|au{6;lE
zH~QN!Ixt{nW)>J2mM48T?P*BamM-Yni<?MRMcXZlJX98~kn)*L=RDCHR9Qo)blHE^
zcJLR0cIHnuEBx$#@zw3Te&Y3;v<lc#|C4A}F9p<sW~kw%(BXHpie~QIZ?{`Ek5Ci4
z4!Cp;YOS~B!?8)vY;(>P+I7cO^CzVgt3V=gQ^}(*!#A5F^j#M0-<^mm6(6ql5AyGe
zjNIoze5ha=t^|Wd`TWaG*`rc<q_dfssZ)|~1pe33-249oy<FKyqq=VDX;bNPQkJ3I
zjI9yqg9!}#7tKr#87?@83C$zAD34l<^X#)>alK(D$2>8Kv7mA>rNiO6m>R@PsY+~i
z_Sr}epFPh(PMlB=P5@}SZQzj`#*;I;2I2~;bX;_1XpBA#^2s7!LCUpk989;N=C%)?
zn7^0ws*sG8YnSs2JzJ>YF2znT!=xmawB|MnUVd7wc$<VR5cjm56RfSa1sKc#T{!sY
zDFCco8XYx!7hXYEkMEOqONV{w)wZ;8%l@@K&JwS(Uaqzy82+JN_DkX}qkwPW_mQ$~
z!ym#Q47HU`cn`C@@gpO9DzwZS`~gJ7U7rN>CEh@ar-O$vnv^3N$AX~17b4%tEp69y
zH@*`0upygfN$S~d;9lY=jCT>UKdl;ZE;?Cl<(S^4%cke)FX{-$t-VKfL_dCB!{?x(
z0)8A>gf=K!mb^8F*~`mA_^TB(fI4W(*$&jMucf&|JRRaT<GbA=xH^<?@Kwsom9J=t
z!YuAO1w*PH<E$34^r%Kx#hg3|au_CAm`9v&{+Zl)gUCTej)eK7lWBa6*gkqvNc9d@
zsV!^5WmRp|$<U!V&#SC0UY{==3^jFtq02$%l-(na{!ElZLX;hqqk$8tiD9~)v|B-U
zv+-r`U9;fp{H&0%W@G;av#M=ex5&~Sxy6&P4kD!mseLY>h_e-TPvQoK*tb(Gi|W>2
z7)erq>fP{^akw6M_XCOiy#X{7=_(R8sT{FHU3h}7aiA)EJ5|-7wRQ32k@ji<dN1$V
z;Id(e)|Z?o=g!W?-BYb^pSw3phMD&fJ1~(Z+-Fe7Oj+JD5NHo!&h9Q=FJ(bo6W(t}
zN!1+zE$@bQ^V|Pi5S@rN?h|o?8|%wxD?=I_J`lEp8U;XIHCuUIaU(Qq$zv?VA1%xu
zN+BPa9Is0$!(j1KvTPW8h&eo#^=H5IH?KXF;+=Parw8f!Tc7lP6E#7av(H)%^_M;v
zru1KTt9t&{G;@TqU-B@HtAhS>^-jVwecaK>#8ns&+IyJ`r@6hm6;1zLLid2x5YfL&
zNgrlLPeDq-%FKLo^5!lt%T8@II_e!7j)lS3d3bms5aPp&=qTE6atO02Li%t?fdZJ1
zH*F$=K2T5qB(N7F%?uj!sC{oRwFt^}fhbuJUC7Z*4I0Hgzy&Htyx}W#1LM;(bIzUP
zbWyxg&rub3dr=}GDNhaAFRT}B343QLmckuXu;soXzA4}LeJ|=+pKPPnGwt~HD%`(P
z$G>_!4GdpK89nC>(orMklea#`eW9M#(@)AA?s<{dMYgTPfw=MXIG}G1loB*DG7!Ia
zHFr0Hk0<N36%Sii70b<qOC@&+k7&}h+nxw!$>sehq0@BLxj?B>gF3oZ%xAr4mBT3o
zS9<$>XVCeAxm7GmS3l_aYS%s*wy<+$B!}9$64i}M!6ub@tnT=EMCwcGOLSey>X%yE
zMETk~*3AeJKx$k$CWUTgTW6j2t_QIy=4r=C@8o<;8n<$9iV5BpaDp|hdEzsvK9aOF
zb1xM$KV-NT0U__AnG`LmhOt6v5NL5YjZXYWl8dm<{%l9P#!1QadJ|dmgqJtAf&!Mw
zt7EhHx7Fut1d;Q`wm+k5>e%4_1XlbrZ~>eX7Z=GyLS2V4b+?*m;`xw>wK=Fofe?3T
zBU5*otwmFcxzqMYNgY9pq{+3R8cOPR7p1RU>MH$qlto4`68E0l2D;!E`OBL@E5F<>
z!-0z>?9WIex<MqOe20Ofh-OQlHLQFpNFhmYsE^n3WpLai$|;|cVX89bVqR0pTCTUm
zr7CWRH?L;^DKN6+feHP&!eQ>&;Uk<iae{YDdax)YMZ6|)pxgB=XxJ`2O1pBvEqzkX
zPhZ9(8a2FPx4w_+@5-Gtwo%FZ))r)&bh1OUVA*>Jh+Ekz+j;-(1W-a*{=#x}>!P|8
zRe{#Anq;;Re2At6q)(bqqsvHWyVcziksbPjfQy>MmbX=o-wm%Fd~uN11nS;3E`w9?
zEB7^~4V8^OaD|Oa+8Ml$!|_s?2o_>pFx_12NTzt+K&eI69Zjy7(abpu(d%^sgPJJ%
zGDk-z6f-l^Y@XBiC*k_R@DUKsK51r@qgM)>Cx1)osXCyKnssZvM_st{e0mNA;gR9i
zxfcQBV&VEXy{7+01$Oqp6B~&_eXHqqdbJ7Y(-xhr5vhe-!A2=#k&L5WK7v%;GDEt|
z=Mve8n_8N#dSnJu$fQw0Kd!J+Z&QlRt<){MG=@eM+F4ChL6@W<D?=W+e9sGCabJIR
zRv5DGATZ!-Rj#(Q4?yB_&tAH@XIdpdj;pE^sf`>$nBC72dE89RI$rQs4MHZi7Pp<V
z^GVV9!|KN`a)H5Ywe-vn-uzPFnfiV>tt_LzUGU1&O)@MAn?PdRM~rhInwAW6eLWl=
zNh1GoZ_YysIV-5}&C{`DWY;cpW=_9s52yvk-yPUIrwDo_YE}Bkc6U<Vp<L1Gl9Zg!
zC$r|-xWJC7UvR=|%|fa4y3=3KeWE@}kDj!6a>z|m`aDNfEGAnHrYLToD}xSM*Ra`V
zzopCx)GX>J$@B+WD;TM7HUe-%oJ{q_Hau+gH&N<(q*$`)$C=y?Li!DjHJG~YG&2Ko
zPI;BUd7FoL)`>v8H6mE`wk@ej8!6SFa)Buj^rYdN(x|FkI4gr@)`*l1S|%drLhdUx
zS?eZ=8nmA!wJs+<lv_^J^+Nh%VURIb2n3>HksbCeX^!}Ry^~~f7+Cr-WbcVrX)nrj
zX{gEQaI?xF-PdO_IP2cX3*R3<&j{O)pyK-Lbp{T~^bs|e``<R2Bl<#ju0kWT(YiYj
z_r$g*Ymhc)tmZH3c!C^b(x@TD-cCxJq3O$spQ#Q0lkfYKUaephtONQu>SKKMjR2L#
zY02nnihrD#?PsZVk8%}eYNpp{@GLh~AmUN%(O+%?%=#QBBQl!y4zL{FBeAw#A`Vxv
z-CW00%o5c*>@d@^B$k;K-ZK86nL3*})O8Z?EbWi<+HZ2($9}ktJ$UIXf(Nq*D>9w9
zG+((DVyJxvKXyLI^5!4(ikRDuY8k=_D)s7=q(3|KtXW|weMsqXWVgUG2IcpWXyg&r
zo0Snj&ko3t1s46AdXaz|`0we_gV5)je>Vl%@1IztEh-hQrg@VNY_^C(1vSuzRu9q~
zVP3A%#n<pJL{U&@3C>%7d)CI7H*WT5(_Zm=sn=DRDh4BPQ)&`ukR)YzU5&0j_$sdy
z{>!4G-pGhNZ`hvUc?SFGd_mX6^s=#Zv9S2%kh3!F>Y*-WO{_XenGbs=ZM{)j{>77)
zov9tAgbDW2)O_xE&X0ZZMibE?jmPVvoTmJd1~v}l=CTWBd3H~64pe49jlYlM1yFfN
zP__j?>aWSrb>D(VB-&-WE4)Z5aFotDjq`GOs4GINbXJS6Bo@fwD}rkd0~16tNCWdw
zP13y^AKpV6*p^GC9^TUs_)f}_R`yGmXhJrfIdDw4_o47%TB!`@oNTbjpW0-FuN?BR
zd~6wne%-5G2y<aQF-={M=$;Z1y+L)CG`f<Es=bJQi-fln4EHvX{Z2@h9kE{Pvfv!}
zj93zFP8$EpVdd!08IDra9oM0}<WQri*XjTCDZ6Dlab=+13>d#A<oIHb91%0{1-}iI
z7@f1shLQg!l6NKk>asZ???|UH<U}_m!p15b6BFa7ktRi;akZRs{;Yw9KxRp>dfYn=
zV(mK$x3g&SAL>)ua;K<^OEz9gXD)XYM=U5>o4pu=g?<kUnq<e5{BL)%j(w(FdD4hc
z)=2eCBk8Bvo#H4qp?sd-MA(S1z3W{PH_C{8!^DzF3B>Dv7U?3QcNqPN?#+_?>{C_K
z<NB1@-wpn0j!7Hd6W?x~i|YmbB1m2@5sEih{TYz{`8`vXk86ns?Wp9-E|%`%3BM3s
zhsqInjk~ntF6+>*U(BY<?~m7|3pYT0jahH=$e|@qlE1L<>%hw!(vU8n6#3+FiQjgT
zVx0j71>CU-pi=;2fT2$2A15{iU9LFu>Ql0tcSnmbo*D+-t%22+?ybn6q)F9X3(m#l
z+#4L;t@VklErw>h<pmSITOXtN5~{ii&L{(`lGshO2G4#f%mrqCF0qb^LAfgpjkd5_
zn3oA8b@PhDQxb7}Lh;>C?d_%`t(V?2Waa7^{LK1%N_-Ho1WVv|WuO!akyQUa7qh%Z
zm%>-J!fC<(g&Ko~C~~^<A(2pCKPoh=Cpk`AAne~`dq?#D3m-dngFu_QhI@hqs`rQ0
zS14$<Xlq8W>IrRCJiLjwikASB2ZW_s>@+<N+PdPOBA80tX<1km7>Sx3^rH(`8_YB{
z=u;^CQcQ3Pu_8YNHCIMr9zo_>jf_3=Q{JD?&C1IZI~zD}bygwSm5+Qz^*j#7h8!?<
zbC)yB#7Ylh<k>LnBC4GY8O-jac3?r_t8S8w@vUZ`Mwdldd3bJVXjt+n@W`q>1Q<ne
zz&v9)0?aZ0aX_57Nyu1dy$yQNp(zqnk4y+zv`<&py{4IevnTX%dF4z=-Scz7^QGL0
z>=4VxGS-j$<e!UvZ*lBRWQ|l5oHx7heBQ`<>RkLaCEW#R2<lbLy956q(v_@l>hdhT
zOPQUfMEC&;Gu2dhAt(Vra|%B4)vi`@6;qLu)_uvEwaUwo76#qZM8@^v%MsMBszeEy
zyKwf7D<n<lH~4A|By5X3+LvlP>r$k4H$G<twB$ga5YocF|0YUPXdlwlE*6q~u0^d)
zxH8Fp+sIYeA`{)Q`u4+T4^cj(?N9e?4yR;FqJIF2|C^KJ<EwCkTM=v4xvq87GJ#~j
zjKX7hx!9Xa=3_@}E|Xk1Pu=10FS=oPpS0pXI8=Y9Q*ro&9T`y52jHC4#{xy7`}8+Y
z&2CPB+BcTkZQM|^8u$!+cF2AmfjM*(AXNRlkZT^(*>agU8G9SAGT(zY)U;i>jomDW
zz8O1J84HCoGh1reG_V{kgabjL;ZJ1vr^Ah$7dLv_BBi$xcu~IevU9prpzr@9>j1{y
zgY_dx*8!GMeant;;&8?Lq-0R?ie|PrGy8Pm2|?RqqgeY#kJKE$WP|tg*Te<e#ydY%
z-z{7ycwAEa2yF&wlk2QZTf6VXZb-0n`74s*j?*WZDi%!`bEsih5g~mo-KSofZarvN
z!pzX17-q{x3ieJ*V<}-W`}Wf%l!k~eM6yo5g_`Q-+&!oD0&p>)zYLHeg~=0ut^Lju
z+yC13l>bH*S2DK!+O8``;rh^VVKIs9AY?=uc^t*ZHAX4l^jOvO)$C$f!QNTNfabhL
z<p{gOmD>gSSm^^hosCJd(sdv63I_-KPbM2YoPNj_HjC4#a)FWKEXu&onZ|E!rLke@
z=2%w0gr>DG2~-=2gseP<uvg$mUTeraSa)u&$5ie+I0kJDpDK>?eHYnOW;dV&SuxT~
zzn^GqFWv1~48_lfFa8`Y6SV-a0el!hoz<cE$B8MfT0r`q<D{IB)L_j`Tr<!81JSbt
zA@Udb9i=8^5qoe~M&<|CM(lg3Up+UX#(d9LU<I4HzPRBhId1&rK<i{PTCv!UyQtXW
z*|TWfoBN~X8J4Q%8S{W91sL#di<$=5UZp<I?9EI?ePXQv-8slOq{DXR%Uin0g)m@l
zjy9+qKPE&Vgjl>t$&F4l94i;4TIioUxi9{(Y57P}Zh22rQ2!pmyp77hi3;Z2Fl}GL
zZ6i!!isWZiA!9L%GtEUfI^|t1S8x#?KGd~X=VE*JmX#vtnn_b|uknmV2HzzXy{uVm
z@C*eo`5{;0gJ%O94s$)HO4S%li}s*GYZ+Ny3U$I)LM)~hADJ8H4<n6!HfgrS_o3|g
z?X8?-FLvC^DKdKIcZduBmvDkJkULM6z;t3prb+=j#d!HY)&yhsmBS5$_?mHZ;e&41
z^CuX~8nVAzyj9~7?9xN9^<sNgvQ9^BVGJm6;38@+ZO%0MMg9C8$@x2v8!rtQWiRQQ
zRa5^a>Pkq6Q~HJZ%wtT_a)}3&V)gkBk&^k}a~z_EPL7aHrIRA1g<0Z9_o+Zy+9;$H
zaTo5qs<CS5!SZMBFVG6J6)q8R89<5GRL<DZ(RRtwk7=fHmi<M1qwkkvMGvs=o1@?a
zEx>HqhjPNq@N{}DF?Eu5?5OtE{f1XafNgyVU_{LV$kM~kHkLo!qxz<L)wQNrb>3B@
zEBcPj#u_MLW6i8R!wt}&u))-aoty9fR$x^Osb4dkn`Pc*(~ENZO~fJMI<E1XC=ouX
z2SgHrrHW*U&(Ap(X;nTU;uVyCh)EEkYzG!Is987QKFc(<F0sOpNH`ozo0vW2m5)ss
z>8&bpzl{Zytm`MlJ_e_m>*MNi%RI$c>%f;f0@Ct|f>v=dVtjh8pmK)n{0hn@@SE2>
z?tNEdzEt*_gx7uew-{>z%b9-zA(Tw@7ea}@<B41S+$}AnU})4`6J?PM!SZtbK21wa
zdIp%`3@qcB`xTgU4ht-9#6E@$S7(RwGu2mim9>AHm!nhG)5{V+>eZ!qck$yIDx;+C
zTuU5=d_~D=U-EeSkLE?CM_%|luQEs~z+w&-Vb!njGXd_rvXu;OGv45b9TWlRnqLL%
zX2Brs&zhgrZ4z_2XI*1!kvPnu;-?+v-$eeA@1`URf4Erx^Km-B2&<;=Dg`R5fwXi!
zTZM-tuVX0FU2tS-Mvxr!<qe+$4P&@K`#N*u7m){2yfOlBdK$&y6q(v<udXmO*#MkJ
z9yaw17Nj&L$g>Xf)BI7)R^dU_up(~>_nw<<@_-D_Xc;l`Pv$;DZ0AN?h>;1rvqMQL
zH5aH}mKMc)*>T=Sj$s-4Dp>zY14MQGY?6x!#c(Z4W@2`OPiiQ=#PKW!LB7ltdKV3h
zBMqqURN9=DQ&zkLWrxHvE~pS2H=F@)tCrg|kJ%*E!=RfqXy2i~*F3TtOc#1j<JPvF
z*d#D02x55vHYZ8?A37WV(d8%%SAalK3*gMV+w9=j+%e1xd#=w*L(_6EXd#dhK(HQ>
z0d$iC`VSf;cqPU<k>VpxDhgdxpc+CU00j=lzjKYuV9xMW<JMf+zLjP+T`(N0SfrAf
zhA_@LXIf8LH_gNN2_{0fA+dY_c)k_T>1USor)hG;?mqXu#H3jF7=NR{eg=Oq_%~4~
z>GFN$>D7U<=cczAM^-U(BW(#2*y@3)5?-%EQz53b7yBt}s^*%7w|$OoKB9VbpY*SY
zdk=spnMk8ZMkk5d?lbBU#SD-o6EU?dR`t1wMQG{JdeL5aGgn?)b=F#zvcRhXF!)?d
zd#$z^KD4(ZB`^g_3LiQQw}SApL3uquNwabT^XSAO*th%X!_@sRFRADVvmxo&3QNyw
zBe(z14CFn#f`y>)ul6MMz37c@#m>`?)3yb_I0ULKZSLxS(CWK?&}v|?0TA{j|89I5
zqYRr?Hw!jq{$ZVCU5BsK!(K4y^4r4azllU)zln;Sw(ktMRFB*B=DoI|uyS~j5NP>C
z{JZ#(Qlx^_6_uCa)cPUPPZDjB{)QTd>hENDt$Z^|g$)3OZ(2B8@H0vAWn)L3I42F4
zAa*TBe{f$Ko;k(RtVWnTrf*>RMX5qowUDIc_v<F+-=*YAR;Qw_Wo??wr6Qmjk8&*l
zO}1q^nA#+2!O}Q&?9Q#Qf6)l^-y=#z2?~Tt<eS`?%1yIR&@-XZ+gj$x7|tL}WpWi?
z1Hs`aL?{lOUXEv9t<2aq&GmBSV&}Q@R&&&0HuH`;_GeZFVpx>7*9|_Kmf7)E)Ne9c
z@4fLHx0PsS@8}9Vv$Mjo4a37DH?kY!uZl?bA~V5LUcWPUxAHv#PCZWT?6pSCT=?O$
zW?lT<$@=>3k!1s5G2yFy^=Mp|V5z9N<YJw{k@PmVmjeg^O+HH|)4!xI%%cvO0E+~i
z12DfN0IXICfYsXh5_jB3N$+YBX#khV?sfpB1xzq9z{F)X08W;FO13ThNhAa34CASy
z_&iff)!T}bn^S>Km?ve9{8ZQ7<KqL8Vtx||y@pTT`n-OWkzbKF;!a6teusgf=*BA|
zv0b89b(coNR6vU;(c~cq=hUn;wc)k8u|Ca?H@HcPqM4?GE|^}Yua{+dCZuL)pv*5@
z_7=?%&vS3l=8P)+m<I#V&QH^t3-Qm*$!ir|uKZ6s)%UrAz#d7;;TP@Ogn51GaLbRD
z3FtI1IB%+)8DM6O#E?BSXT9G<8h&v@aFjR7Zu_wg6Abh1vg4Z+X@5ZpQQ`BeiWIKm
zwM$m{f~q&Y`L@Eo-)8r$pnv9W&y|X5B)!3SZ0}(1y?B>hVT8{UJz!S4PA!OJe<mZ>
z6ci74gY5GhWdZbfR}Xew2eI^H@NU(Yo5zPQET4b2A>Dyc_A14ESC*8{!Ede9<d_kQ
zXFz8yGG_#$?*$UX8&^lIj*}^8Yxjs=;V*5H5{TOFFzQ^|BD(jteup;8ut4DUed%P=
z>Kdvscuu(D#$ZI{e<`2=c^@i#t&$)v^Y~g%=7o-mWz_3(?~A04QG=~d@6TS5apA|^
z*DACf44*_d7vuzXjQlcs_x;MPUwcfsZIswVpc(fM=lcKU3+Kd}+C`98(!+>GEvgS7
zpp?$A8i1U(3ui7nX3D6VW|h@@xMTVjm#0t@%UEJ>UztCtx0_YSThlgK<R$Y+uM|Yd
zJ&vAFdgkSn|3F}D?@eARui6`VKG}~^u8=Ir*nZ!m_LHI4#Af`y`GGp~0H=m_T;t0@
z-_};F&!<6f<PCJ-swsI|hka@07+a9D=FIj~iM@1c5FcF)9-VnJ+z;%E&~^Vrub}p=
z=9S66Sa|?)i+@?^iy6Cn0M`PgUWe-Nk$1w@Bx?J$dX=hb>biAgT9=<srIqs`g8*5g
z4EotS`gQ5GFV~P-<?Bvg1d1G!AFdm-HI<rjHwqhTl(tteXdun|ts7+`NX(u^Udl|H
zFiD5z*bWv`JQ!x>`^s9IV%~DKiM~Z=uVK=xI_eds5#Q5i$&U$v?-VY42qh1ciN7ba
z)wVU?oS=C4rS=Wz5&rwgZ=$LUGJ`eK-$bV_lcJA|&ecig>Dt;|@*W19Up(KQmO;xq
z{ot`|Ie#!`+d85pxut6w-=8=^yB7L0@Oz2KZgh@%C6E!jwLKv<=Lf8<d~0@w9PEA?
z8y;fMJn}Q<vo1o5Wu|0o{+dQ?=cr>|Mp)6D1S_UUdKnbQ__GQd?^MCTS4A;M4PHHc
zBWhNHy@?hDZEUP8h6jlZ0Lm~2>UBe<Rh6!FMRj!d8r4%Gw5cUSR6g}q$1?%q({;&(
zqfm-&!OVnaI(Ywct1;{1N&2mki$LrLgKdYLtcA4|Wr%3{B%=uTpJG1gU-Ro<1^u`J
zgwVJGS@`gG#1&9(*5ttYYAg>NJwzU}7!Q9SJI@D9Y;t5qn4=2!{|BMsA8CiY_UcO2
zpt4Gr=u7;!%ZJiJ#;d2y>GW7@R9loe;>}=4|BXX*_z}@w?H|-LsN(tu1m91HX&Fz=
zp-b@eL0fJga!O%=hvz82a)e|9nQbJuZN{9J)^h_UBT41);@ownR6P1=&>s0`%ANDX
z?=lDxMhrfOhoc`QBOD*&G=IAtLf+7&>z)Lp9Wj&vAO1vwf5g;3EY!e1sl<P8WzfX<
z!b}WY+J|Dtl3gRRB_3ckk8;i8*bFzo8tDuKy81e7e|Mfj3+#v1#y4LZ52{;Fm*BT{
zHexrkK8U@<N<VYc5G3!5H)I8A50%i9Ulf{XnX;G`jw1AhMdP?D?BS*qKGCK>gLJ_;
zT?A%VNB{?^SHMxf^&j5IEhbRgj&UDQ2WJA7E%&XbB>_E$&0s;H#xrLvdd2i^+w9@5
z8d6Y^9mU(5pID3n-Y7GK?6(adUl~aT?z?_a4hBD4Lq02jyTq1Kia&oERJoD!Wa#;;
z2fjVpjMvL(KQu8G3~zy+-TzKLW<odOOJ~LJko=88Bx62S1%WOr8%9yQ-njKH^m@~8
zB7rW`a*$sxkzS*O7e9$&xLX&c;{-q32YNv2eor?BKl1Hivvb}^*kjLs%^Uc?q}eZ-
z<!!TeP;SYA92>Jh@RC^nSn|iQbis1^YE^XX-FI={>J4h-rs=V8?&fpEK4q=IJ-RF-
zSA7y~@P^+&%k9mr^s-^6{D&MpWeLaY;^r-*>!_jo)A43hV*%=tMbfe=0@6tg&pSUE
z?-d?lWT%afv=;L}TF<4!K7+gmpwiepJ+>Qyb`e2?*TiXOfTwVQL^>2M+fT<^FPkYk
zKX@III(XmZyo19?l%czXCo3stV=Mnq35m4DP14-+v7fy3Hvi>wIff?zE}OHEW*W)$
zCj*T<KLf7z8nKoew6iH0Qu3JCVH1{eubu0`o+vY#d^0?~o|0(nVe!6H!gb$+b1YNL
z6I28%pZF%z1Sk|&3hGupODpdNgEwC_D;)UCrd#ti?g-l8DWcUr`=j!D;SGTC1oMI1
z*Dn9`U-{7n(Qj*y%&1NLmkfVS9#=g0uHl&}wOjX~76eQtfN;*=gcY{G4mClS?RN^I
zCdAXRcN>BvS`S=5$xvzbiV7*p<Z$1#y-!KI@*mXA{{cu{Elefgxwdz%VWmM6-ytM=
zpBGET<X%0{P{*m)RUBj2V;kna5q;t7CSFZOk{s$gNzh`gtqV}(Suq0ZY*DdJHk8uK
z`ohp%>B<4JQPKbtdj86|nX)EB-MIz_ZHG*XM4ozTk^DF$H)qxgOg*+mIj(LXAtB5z
z%)fW_LD${Va@qtYl#(}e%U|}f<|tA#FcLRAVEoe=Hf2~2(n1>CM*4%o{39Q^kp7)u
z_8-v5-_sW$`@0ErRsAUe#kP7+J0f9GwR1wFDc;BlvfC)ZCdr$8FJ88n9OdeoM1|gB
zaCVPj`IS2~R*kIt(KoogaS)pHYTvd(;!MW!#x3Q&kYlz(Gk1Ldg~o%W8ir3|d_yR5
z(DW^uYGYN#ydi*^n|hS_mFc=9Ps_a#$DQH5{QB{|b$H(|Ppn@pHu3!POB~Qy1|+)U
zV*uW}#xMy_9#d;CZCkQH1(aRDM9ch{GAiRr2-rvybD2Ic>r!U|kI?kcHNAzTh-i>5
za@eW{ePa}LplJP|iNV|QiHxI7DXVPEn1KUX{d?sjMTM1!)<<39{HO^QHONa#_ovT;
zN^^4F3>AX*l44uPUMXeI>feI<Esj!@``AYm`<}S#@-Fx}>fh;`bGpWWbXqS<D@8d6
z3W5|vv;s;1QIP(?|6=yd{|5hL^3exo>`av`<>l!ux(U<7+Dq3~)yqaQ8E=-h_9&3Y
z>>4FuuktqZEVlboGbaac&N$g4aB~%t+XI+MlEi$1z=lI9dy^T|O=&<?V1zJ7168AS
zk5!{VkK9rIO%y&#EF`04kT$~9;H0F=s!=jF#ok=j%rX+|T$h4JwRtFh`1Xo|c5(7#
z9N;Ae8GU|}szUI6bR^QNve2JcXhszrD*v^jL~!dd@>>FL#ccb1^Z(c_ii+s?0xgUQ
za8-e2-L=Ckv>hdjyDmkFjn`VJn+sUrXjXICQD|*nXk>XZQtRZG?La@uoj>#4OSXI5
zIr|dJ#~b+*dcM=L&&R`?hp5#Z)1PRR8;d1&+k+bdjMeH=PltHESw5d>5*UT4Sf(Kr
zIId7I14c}xzDj{*-;-`<j@dgmLV|X(vyZhkv<8x>Z)7mx>H>gO!}>c8F(#_N=LaOh
zS4S@HDBL@UK$Ibr!~`3dWBM9FuJ^zX_D)+Xjpdde=f!w-5QzKr{NIuPPy3~SkzHZE
z&d_U#!kGi6nVGW2(pEyc)p_!ZAr**6$@r8I6R?Js7SduM>{0yFMY`|&*A*(#5c0mq
zwih)~&)lWau;^sC1RQn9u+(%En@OjI7m3?KS2rIRYjB+XY42wD54730Q0T0x)Z-C|
zz<(^f8x^Xrq^<+8*2|i5POPiJFMWhpb#|=p;NY{*xY%XF=8Rvv5`>a#U;t=fVtdw?
zFk+RYuGOe!&nhl6>sQ%`W=9#wRzVgl!cNVLzIUmb8!JE!HrvgBl6jOZ738V!P`4G8
ztgdQyP*N{7a{yp$dBY!Avfj8$8d-U%3()*<C0_j#(SeO@J!`lKdGHf!JVxJ|B{yS6
zb+bFtl^unW#$E@Uh?!F^O6ZN~dnQe{jNkV43@;lcM#|!{V`CG)NjCEjid9r~;gIx#
z7O6sX+xf<<T5xngIrCx=DKenkX4LhaBWCK!vTEVe<c*Wv8VixYuB8rzH@O_`s~!2>
zYqIg(<C;wsuWRM25`RJWOG|=ioak^Dv#63-p?%$7m!GUpJ=Ro^e9=(8=&U{e=Iz<*
zg1&GT``5FhMl5zdCL1h3GUj4E9dyvPeM(ce8DabqrN$$M&h`UHTh~_S<842na_CR0
zl+`d-?7g!lo*Po6PTo)!F5W-UEUlL|6&tK_r&U?8et2N8wVCaCNs3a)g5~_O&vhgZ
zb8o|;?l(085(WjRxZLe<6Pd|BFjJtj<kQ%6K#!Lt-*OAM2}_c)SqHiu9(+-BLtRqE
zS!e_bU4nW|qAQi%wSY)lb(Aj~qLGBbv#|!;*VRTwMix-L%+!KBPK>;F{srI{cx?ZI
zs{@(gZIe9yU*1*VwwRLCOWuj^bjrn$Wy~x*6=uef8@!4z_8V53*?b0KTuB5_7A4Qr
z8nMD--4D_6C~cuIp13T5M(U#HqYoF{Ok&T(IV&A}Yaik3_)z;5j*o*A=aa3ozvRLu
zqvJV0bbqZ^DD_kJGZ?EHCzE)=_!KP2Gopd6`=b%H&0TzNhgJ14pl$Qdp8&13ywgsx
z@;8mf@Y7F)Z*!1o+0}YAVtl=lqP+MF%fvNm@$(ori^NxVR$p;&K6uaSx-fnAD<g1a
z$sz6atGvV;nN?>2kf2j9`Hr3kKodt*4qF2&$@8#3V_nJIGE6M&mxtUuh2TcMx_h%$
zc?}>pfF1*!wn&|dZu{);ymT~)wJ>hWf6cNYRF--YF)iqoPF>zo!ho5~`E+HJ^b0X_
z8x-WTJ-QU~1(4C1>Ev911bY7}8>0KwKk=(bWf30nn`p%jSdb3>Cc4YH<b!$~_+B#7
zaPCxPifrE-JuoM1b}Mqp`v)M~U!+3v{mY#}%jm`6BiV_}-$Z_4U@cQvwe;{>g!Z=4
z7ptLMl_TOSw=)gbK`#Ev?#)jE#y<{!Li+s3x_Uf!X@MN`y`vTjqL(PbqaC>Obu$y9
zlEPw)#AQPpz@WpjA%b*%8KC*5rG1}r$`g9<W{Cd@Z_%ugdXw;T#p*`gBJ&3NqX6nY
z^`egDQWZuP-iOo9>L_R>nbQGksvrec%#ROsBZFl0<1?2WxIU?mXh@ed3A^_&m!qWi
zr663K1Sheu+~MVNBON|ou2KtYB|XR<dM>cMjDQ#A&xRuO1_ln9nW*xEWjr4yybXH8
z-xM_IA@sbbz@#*VlDTp*qrKdo;QCDlUsjXOJd4C6no<jd1@U&vQEn(DHf`dZ5tF#|
zygu|g-IZHwG^>>ZiHO!FK}Yma72{3AxzNj*mIg)aQGXunf8V}eVKx!)t1_)B82Fqx
zr>l8wV3V#n*Nmn&@*u{3#uWyIiu`(v61Pau${O^ax$>I&lToum;L1tw#BGWbeHJp9
zmaU{oon(!^_0;q)nLs{w6;ot@0s)3zrojsV5#2FppfBb1HZx`tWs){tm}%bKk{|V(
zh^mHj4KRB}BtR>iNih!m2Dd^ChThmT<2XdKFz9o|2)uCT@NXjhC^4SOtagc`C4G9=
zX@<=2eODL6{(zM)u1mM3%PvEqa2De~B4!}Q2z$|HHnpyT8hU{oOrEX<1PO-P-|pJK
zmm$6Nn<y)8tMDh<riuJGeDv#(nIhoX*QZoCI;Oji9o!jZD;m}s+A|Ob+6Bx^;0;0c
za#Pt)`=}?C7~PgNEgs~K4W>DZmPsUn(kii5I0Jb>Ua2M*>Ec!TGOcE`mOpdK?n8-F
z;xzp=-)Baow^K&ASJoy4{Fgs37k>of&nQ7@(Kky*%CLNY<N_1ILhJqo;SnOYFrxqC
z-XP+BB_)ZX$hWS=7~cXbhC#&1-j+U7G`wv3psDPuMh<zpE0bm|J61X;7SEg^kw7+X
z^i^}Dl;P})GA%9564uQ!@u5N!I|k{T4}&PWA7#hr^=PiiNRRqyO82f?cjI!d#=R*K
z(dAI38xk1evoHD9myLY5pd)^3uRXNB2qp5>!(r45a61Fi`ZHisGvsqXpYkO%d0lLu
z?Lto{+X`^J&NldO58Ra<IOeM@0cUO0&ZXXp>YIPQ#~nW(8dKBHTO6E%me~ZAWKs@W
z(EirX)Z%6aE?|D9vNjF8h>q{Q$4P@@k2oZLdKA3)<YTt>TmZY;5&J@(^MwC(cT&*C
za}&u=hG@B0wvmz1&!Su@DWYcWBEZc#?w~Z;i1b)M5&*C)p{Aw`|09yRa=KH+fUSMm
zKK3E|6J%U`n<x2i?+$VQxw5dnj5+`e6Oe^`D=T1OwC+Hr-*{R-vpQI3rVQNs>R9&v
zZGSrdEGi-*hOi$Qq_YaIB7WVJ4z1w{MSM(T8Z76EiIxJ_i`sX4cb`pKPE87$MB5iY
zXC1Xjw4*SWeGf0gY!ZSN^WUL{hxC#{Gj@4RqF$hTQjib1ff0E2o<^%IK=dl5%%3Zw
zw)A%+9vRYKU9K?3lx${D%gJeI7+HXRL8&+;lbLBS@2DN)>-FoPJbIQlPdT78P_dMI
z`n~x$;vFSciQyO3H2h<#aQRpDG}1kl7+=$e213`|c<YB*Az*doT!jhWJ(vf2pf>D_
zA*tSNSC#8AT22UP=COAU?V}Qbo>788xRkJQrLzdAm#f;;*SrBVSH_i4L++7&<4S~C
zAC;GHgQ|ExVy;bh5*yMpx2nNTkejuiLC#&9N};Zt=|b3Acls(h*@dmXPtADQ;pEv+
zJSjI&iiAV+6+~qeq2SmA>GE<x?QB5}nB7PCZ=%R6B%9Jngny)EL}c;3wevF0M8IFj
z!q^>`A`!odq??L%$MmnomHO5g=y6>G+jB3AHuJDm@ADvHdoq8T*@dXH$O3T<bGzyG
zUq!5-MeI-cHE~}BK8bo<$88F1RRIbRq3hTLY=hdr2JtUSQa*Lwe43>(ywIoqGV50Z
z)pixo$qkp0(TCI<GG5AaY0}pqpW#q`H7c|{(0)8}SaG52(u!%t#`F%q50}mV_;osA
zj;}2P3)rN}+{M;#WD<synFX>TiFU`vld(KwE-I`latX1}IrP<@s_T`#-TT=2tM*P3
zke^K1Y#(iJFvz$be9791ooAP%e6!`poOO3jn^hZWu^8^ZC8ueBPjy2*cD5{=Iixgr
zXkB2`&L~l9>zCEQ!NdG_CyB&mlD?tNT_x_Jw5-dOn>bO4y%z%~kt)X>QGK7s^^nMy
zuNhE2*QHm6Aw~ziBK37WNQ=>E1{jnjVYDR%t&yQ;Eh#p5=l?kV{28eK$GQpi{j5$+
z3OliCH&YR5rFCe{Wn^dx@!{IqrLL570k?HKxzv79U#Y}TY4D7g869tSp|i4k(-!uh
zENq*%P2zP0O)&9y?DqYNG!+YKv-PsTcLp;w$<yh}cJF0We0)~_1Xb$t{`>Lcx+VYD
zw4Y4gRQ*`^(e|6@?JWRs#X48$AyFL+mw&XZ#CE7$ezXu&tNUqAdj2&p&IX`){PSnO
z;+mk0aA(}dUesCqjGeb&`-eHot4Dloc~w_T<Rg0#u39cxqXWZZj$bbNSb<)<a49K(
z>71ux{>fKM8^5pk^?FU?_H+K7N2#II@^H3t!Xy)IFuCxgw&9r>pkp>2XS2_2`s~lW
z{IhL88MeCT5|{NZfpg7EqwFo%7~>g{%}iSbuD=qm`&Q$5x&R@xf>nauDhvoi!JUdV
z2X{W79QwfP)BBa5_Kxk)uh!Bs#WReQM+%C}YMEBBEVXUT`U^6p9^Irwnfh70Yg;O6
zjBBkH<b_y}e_>k!Cbe(hnuOKb?=I6p5vCS|vXsm)s)BYg3A^$vLDTOcHipKnAB<ML
z8m=|XQ%gKWB%n(HuaQbAX+Wd}jWjLSL4*^4YavpsJCHTyKQ6oySaUfp?hUQFAf37%
z#N%8*0MEzW_@mv+mWX4etCYw!z6)5ER3DgJ<YUZVRU=SFP(8JTxSllKz!bV?_41ka
z1F80=@c{iJ0CwNRc9wT+LbeRu?;vmn7c_3mfF|~;*@CHCLL4<(&1xEYYRBc0mNPU1
z$iSZ32QQ5*uUE3%h$saD)SXmyQG^!k`y9pX%O2^?nnjJ4)#DZcBMXW&Bu}U7A;mtp
zcjc2oFVoo?;`+vUOF+p;EnEJlRy(q+b%&T97TCyffTh1BiP&(G^tLt1RgK_?LYUZ<
z4R;P)m@-k7KVTNVN56Deng&0*sz|GXuG{r0ib2CiQ<~_~GRivU%fArs?gRG)&}9=P
z?!)~&h`#^oE@cnQd1@0&!4=&kjE3X+6u{Sc>j=w(8r?#?-*l6}mgxI(j8?ZTUFQl#
ze_k)Filv~BfV0rD%6J*cEhK@#@lIqXINeBmr<X#ZU45h<Qf?XR6ihh6Z|hU4>#ihO
zkuUoR#;CbBiZ^j7+8mhL>8u4z#ZLE%<OuO(nao)}^Yf5*t8Zwsy!&GAiG@xZ#>}bW
zhwM~oQzzR3@G|cta0w+{Z^QLDt6R&?Wl_^PV!)v{zm29WPd&-0GL8(jpAx}GAt0@^
zk^RAbzlmgJLv_64I`p=zmA<=|zO9wt%>VYDgU+`{p&%hVF#}jI^Cdrg+xJ#!RoYmw
z-2Ox0b?KTW27G10>+XVSTD?)32U(A)ZqQP3Qs!9;&R{Bmb@e1IV{B6E6INaGXOC4T
zAJ$~j>=>{x<gGde4)C})-^9h>L?!D(@5yVJB=nd^zqToRu{-sc)YVJ8!TjTc7Y<*s
z^PD9>@$(FC=+|7$Gz^(P>sqgtJBc{5q9feRu@knR#UjWTK^c#@$@k1&H!)Y8<4lV)
z-(`=z@7tvhkomG%`01!I|D503=d>dcP_Aa|8}7xO&H~of_Wr+#My5xp)J(w61YBly
zj<Th+kVx@{w6{EUa$hN&dsr0Qur|pn`%x`pZXlsXZOU|mHGIslEGVZYNYqB=p4N^{
zlv4Q+3Ur-kPHiM{;1Q&JhOL3nC%tSsR}B#!P$VCgyOFxb8DDgbh)AaMKT8=Q0y*uC
z7uNj^vHQPJ|B~ccfl0M!=mXsIb+tH+@;JEp-QkDwIu<NTpo|<2h_E}fqeK>gOyyP8
za0Y`C$n*eHh^~||JCJv?SH0IbI3sl%Ki+dh9guw*lYr>!0}5<%t*H%+a}aH$bcYWW
zZyM%jRw`YO?>O^j;-M0+TTYryQYV~61*mUCX!X!Oq8JvrWv#U1d5kqJ=mP8|@{m6C
z>-B)P{$Dzij}6r}gFBv1{It9!`gy7M#jnW@Tm=R@Kf#c6Ju~61<F3u6-n}sM*L61-
zn~9xyJO!|}d2@q8c8U>w@Hw^>FJUldN>lH4BZWK2BGK%5xJF<a#F7>~Z+?Mp{pxbQ
z5fOOnV$5m3bm+;Zr7*tX$cj~xmR)+H4cGBLoYOTxQGj)L_#ZSW5MtYir|7$-haOfb
zh^w4Nj&WV`n-H&*D|;HtN0Z3BU6`RHz{`;VWUQ?wb53hv7FMY}H7#49UN2FJCYmG`
zW{^&_Jz*rE`R<%(qw@TnpmPB0YTh@lgx1pdZE3mUhzcH3-sWAS4QP&6VrzP#z&-y!
z3RW8!({9QduNu@D!a1<ofV%|_D<ud%mZ14yEqwRx-D=E^=dScKb@#H@P#8i(vob97
zGn;$&C(=q0K_MYKo=jD|@6dDFR7=U5D5&_Fpkd*4S49!^P2p%18tO<Gn~%72`!T28
zrgJ9MO~RaCISWH%8KJBa;9BsGX=!JX{RBeL?AH{9Je-+z+UX0126f|SNf2pX$m!Ty
z4fHi|^Qv3)F{twq1IeLYIr_s$2cMB#X1Dg8K4}b(U5TY`jS?ZQm)ix-EXbz?5GU<Y
z!gh4Ye-nY$t|X+4yIGN$H*b#kw$bo7F>7&ltX@V~spVOy3A_-ECP!D*<gbs63W^|f
z$lw?)8!jTni~})KG#0Fb7^+SPd8l#s<(vcep!RwTDMvWsE_(KiT1e%*>qoTxoj)O7
znLlETaa#OY4Ts)X{YKyFoMfqWgDR26ZkM8b`f3S*ZyulY-deg;GKCq}ljXY+@gptu
zDjV;;_>?aFOw~=d_sQ9G8DNyr9(%_FYv?_z<CIwxkGiv6V8#Y<&zWH-@bFseU|lpG
z;p{>1Z9>?s{LH$gw}xDEO5f1^da=j5_?RgTsMlp@q$FnK@FrDhAo&3ty6Sxj)m|6r
zA6kD`-G8UIu4=SLz3rLRL#_)H(1fO4*%=B<P;8{#>*Y@xr_d}f9dAZt2cPt)j-exF
z_4;WZpbmNV`S0dNJy}r;abt-Vkh+)DIx@j31XOhShfj}QGwy2+g)R(D7ahtx`U#h@
z`#uqRTG$8)IBirC^x~D9S;*=06mh;Zlnn9X>2shw2);IM5z^Lc=_T4=+WOM!$5hBr
z*|J^?!4U}V1LvB$)lJ}Y-lg26NNdH!V#g9inuaDJe6@78s}zKH)}G$|BR1Mq=xfP0
zMLvGtp0BZ+p2%hwo=pm|m`tg;17E{4y-U-mi-D2zZWYU9N0dt4^O;*UjQM-J?Pj+D
z=ZZI<9uEb#t&SYn>Y8Pis5IJ!M5~wv*cN1eb;j|>=W*zK6izquUB5+^bB`r2T(3ax
zCCj3hfS$<5WDQJ>)P9WnWkAOLtW>{TuxXlU0RP@&G51)mKzQa{hRBiqFtzoH>L+={
zu>X5v@LyK~%q0J;VECW#gB+hBRVt;oRpU>O)>{{RiiU48BB{p<eE8;}0B7@SMrpku
z)ESW|D69t*BB!6c*W~NE(u^WSA;OJ3#(4CWiX}5ANv}SaiE(5Hnjlp{318CJY~blQ
z369>keNWG$Naq5j9KL*uHCAd(vv@b!EccZ<oiGcVk)gc1(X^9LL)#!bZhQ5><E$Y5
zC+F%5H>d5%lbpxfUk%uQ8UaCb>PP(qy=Uet(OCzJS1sl(c9FvjyAm($7or$Ntm?Yf
z3TxqlIf!d`@@LwYTL;s|z^!s}zCYUz<3PoV*C)pScOsR$1#zx_7y6*{kxyVNpa{(C
zwZy||O^imV8MBXl#`@il_)WZV*;Rr1mor%IdDFK)2!``@$0yi4DgfNys|R`aq2Sxa
z69@7zZ*#iOlig4BzGcP-8V!*@G(zd!<Be|+$~EHL(RhF<1bJ*^XD=_@Xm0-#FaB)X
zhr?8nZio|OvFqQZ9JK+3@NB{wzTqrE-h5Srrd=<svF&tN5{(#-m2)J)76F8zo9ypT
zK%V#S8Bdc;&%=r&ebM#V?z42Q&u=rpQrkzPoKOza4*ho7EY~?Z2ReO#rE|D2tdpHC
z(A1TfUOu8)UlQG!OBdQ;=^a9e(oZb8uM6sz)(YiMKyawQg8|<`B2VDz$OO)_)83qM
zN2S{+9Ik&9`LH>txT@_0EN#>jqEZ3Sx0kb(>>ZE6RLYL<oj~FxD7cIOn0bBUJqp`=
zL=}7q+d)aU?5^)(!V#A}?MvYH@|3Jg6eOggr;wg0Ak$pOaK%b58`nvnu{VJrHpRA3
z<_<1-$*^^n#so^i;B|@0U@%YVRAn(sUiS(`R^KG$!{zssUwl(Cl#wn7y-a)9RERz0
zSD_o%a5-I;3BQR@u9!?o4h$kSDMQ%-axLijSKIqz2R?He4Ncdj^QVP6IVOR5rAtKl
zywv#7l}eYKhAOa{p|C7Bx^Gd+o8eAmI@X&jey79H(Zyj(OV_*SqwZ5ehzw?`xgM+0
zmote|XICuHx4E^#TgrZm-7l0BRrpLN22kV!z$Jj3855@Q=V|Vbk+gd7j?r<>ol<ay
zyNhJm<iZ)=OO_7%nPN{YKb}=F6vozV?+F`xv>F7c9Chp|z>l693K%EVyZA0fAhakx
z_^#7?j?;uTh>oR~UFgDMg`lTtXi06!r&`X}tA&2(@|H+r9Mm@I@KL7jHf%lpwfrUa
z-;`;#`3ml0_pBxbdoP#8G&q1`jTPfT+2B=knER^Lk6JE5!*3#)0+2%<Qo?Q6emWdj
z@n#;p#+FDI*y^u(;*-oed*b^wzT`M#vfB+!-nlE=$MfO<ux?sZ`M&ELJ&;dbg>U=%
z1%RCBtGVFpbZIY1%6>CJidIa7G+9+wkJ-8u@SSD&*^Sbof)?9dPo%fw+OqhdMsmEy
z#@AAujUsFw+n)Dic#Ofc)U})+YfI9be4cIyF<QM4n|kRnn6;)ARYh_=cV)?@{dVAQ
zBG=nfTH`fzts$aWBaW#8sA`-n&lLsIRSk8G?pDl#-IPFDWHD4q8Y={NUMT7eM4caK
z^fv2mIuKX$+~3cx91KzR(rZzPcqI&&$WfPzj93~Ll%=GY0|HSBXkne$E`1E@F4w9A
z5qZpiRzDqhV%HDYd7~?@fBsK4DJ$gtk$J7$N~63%Cu?646=no+wQf!;>AUTy8}Uq$
zJQk{^S7^a3kO+&Gl0wkkQTSBV#!PFlWetifMKD47HQNEk<D}D3$jd=6VB6zV21#4>
zK8#oVp{=+7%SSd;`@n-S-O`Fmd!pg_^_PIwD{ogp2lWw#Z7|B7;W~4c03V`9S`p=x
zk$Pn14z@?w+EG(_nV6UvPa7{fKb|v}4;E>rmt&&ql{TWL>v<RxgV#oL5{@TGtr(l1
z+8@6IAQ95|`8$o-i-vP)a<j8--^y-AJ?P49*j7p}+chdQ<r8T7ke^o2?%&O-&F`%+
zDc`o@KNRA#efE)aDK%X=p0dEu2{&(o>ur%e6*&0ma~x#7$?7)F1>Dj<8<nbEVPqup
zTQRJ?U@%Hu8-XgWrA&me0nlKxCfZ%58tquEu7NU&;}xeXAsEFHA5QCHop>sI3*7X!
zd_SDzZTm6o`UX49*oOR|bG1wWbmZg#6&W7ktAAclDDeIdvR$gPOz1+tb|PF$qs0~D
zgC}IlsV{3mPlQa?)zERn45vd&=8h#=GEVN@#NWXb<UMSPo^{o-!y-kw?#%=!j7HNA
z6!RCFe3NP$aFvd{ZHg;)t@kue#N4cF9jvj{W6GB*<9Sbiy@^iA$T76c+K;jd@Xr`t
zWM{}`W{(DbL%d7QDX8en_j-FfOKGjoF|F1}B4Drai@PSiJY`oJuy#0ghR#_4O~+hB
zDnrTXW$*AQ=(uiPk-j?;60^6BMc7X0a5QC=H)xwb^1~qy6IJ;{g?aI52C0t*_KxOV
zsMPEnR%fvy;M-QP)m^@b$(FAQK3Jd2547b1_Y$InX|}Sn=a%&;Egg~N)c1&|(ox1X
zbaK~BMaYlsjbJjYlqVQC%+X6&j%l1$y7`3KDj?>o#5ST-za<%^v@~u_)BXY<nsOc&
zZl_7vlZ31S%4l5KQcq*do(9)Mq~s|i>^AjSF5n>2__R5ahFIe{Gv$n~G2kt>h`8(q
z4P_CcUu_%S0|<}r@Y&^1DPV)}5_dlr=wMH7m4wq&oxV=6I~^_a#8jFvgL|Od^sb@i
z%ajD8C`U&Ed2LS2Ocf$NiA>8#KCjPDGA_@6ciEwIrO=yCNC-TwaQIbJtGso23RzwQ
zgFxWfz?MZd^4IVpaYv*#LAS-41g0Or$waazT30oT%LNEA8I9$ee%a2gJ1{HPM&)=#
z5k+z`f{D4Q3}ekuN3!X?8;K{z87ZAjoL3vA+S4i<n;UqgbYtLxH}pGP(IrPjQ^3Dp
z=HpBkyeKNYc{I!w+3cXrA`sYRrH}cJpF$cGG&;FL_D|zI$G4MbPSjI&v%GRjWGCNL
z9bbs;Js~--+*4Yxya6!_jK5V{N}IdaH+~uyxYqfQyF!^8=XHreF08)Lg4p@gy`Kdx
z+BEA(Evx1dS29U87t^<V(_O(alC!#9bVluQ&u)7Al1a3}R4X<DOaw4$-r$qTX`Bwr
zvAUqloDsOQm*O>B>yBya0E)>w8?PM5>dch?8+&g7SLL?#je>{*3P?*!OLvzNi&}tm
zgEWh70V(P3T8r)$kPr|>=~#4w(j6ixz3&5V-TOV?Ip4d_x!?Kjckeyxw|H1jKXZ;b
z#(d_O|M4G3<Z1TjZ@mUMFPI#4&OmXI^ht&1{GrfP+d>>KrJ?c#DLo~!doyJ67xW_l
z^^ACx3@vJKHrEUeUEZC=Q07+BrBg1;2zW>+z_^ji$w8a$w#`W$aS$(f@-L(h{MW(W
z8$xuYn^OKR-~lT!yHF1nyym#>`7|wp-U1e^`1`TiAV^K5RpX1$y3a~jUl0$bWFWYk
z$-{){40%ojRIAk?ow-XnX>ShpFv`Z4f(@~>^B)heYo*<#-30lOqUS&&qs*3v9i>A;
zXb93q)U`)+Fj|{T%OwmvxX^hsci<i60JP|hfO*7O?st!^`PR7j?mn!Cr(rhH(Uv7^
z1?h(>-xX^0II%?TO}a*K=4sa4!+&Ko2)v>Ct-wlNmlls%k8E%oblKRPmL3Z~kc5bd
zQ&$L`o;9`U7<!CaD3<B2a2&0%7k|o)ULi3JTDb%3-FE^lZV2^H=I}_Js|nH<_6nZn
z9DJJT!^_3iCIGD@C`5gt#nyTpXp4cDaJgk69|$>vZv&1KIDDYZxru~<jco}dqz2UG
z7B0PZKm?#V()-lPLqj=L2f$|yxdGN{c=*q6lm-D)XX4U(Y!-dYhOMlp3zi^+OK+4-
zLCnDijnIlswI5vPJou~@Tt!dA3`)qCeRO)zqJlE*6L4wXIW8|0T5s#sqQeX^D{?m>
zB!oS*oFiuDR4${^ju`dkdEik7q*fr}moiUi^kK;vwba1kNR?lN`MvTFmIp$19V8NX
z;*Ow2UA|uE^J;#FnaHwnNrTP>q-Sz$?>O?RcFa#DJccFmD5TP+Ey`@jZkxpG4J(f#
z&G`aPPNC96!BB>VBbwzj%$YRI4=|T7g;b}qqtoY4)wQQ!rtlvo8H3gw4m}(&tfhJu
z)BVCME_B@UVfgXqxbcX96T+vUPezHJfeUI*b<HKohgk$el^y{<2KyyF>KYM91maCi
z=S>bCJMmsVVY$8~LZZxiEpfq{htte*%K&0is6E$=<(3F3Yvma;RTbcnAakSw<^i7w
zd}`_JI+WV)vGL0@4Njl1@a$*gokGT4xJ=?XYi@I!yY0J>uCSmNNQ+$EU5gwCr=pP#
za_GoiFQ@X?i5VQaqrQYjYL>{c>Zn%4HFsdA&xqimo~g2FsLj=5qltUwg~OkR)8!u)
z6&dp8pp*mX04b@n>1Al>#iZi^`e+#}tOvic=?OmF=UotSJZ&35p4MR(jfY20_2H_N
za5g+hm<<n5j0~uuBa351iF`Z2U*_uyzos2uAij&r?(c0te*d!smz<^Ps-6rz22W0v
zj1rkK6%_}^G=&<wDp+9!%%uH|F+!KWR*9XR{R1s8*txaX`cX*`OP-aOsW>VIgX-G3
zbL`3*?{jr?2U_o19uu2Vy<v^H2Wv!9bo?Z33-)uQ26byS?u0$E{2DoI2Y^2}c6L#U
z+u?&p3BVt|$|vjq*~DiqX)i3gho6zfr0wBb1=+mSb=VW}bi|UESc(cBr^I~OzJgbu
z9G_l$9?iZbQ}o_wjUHA?7YQUk<~{6uc;)c?R5FW=UnZB`*;b^_ZAx@Y*Nxkq&PSM&
zy}cDRtx-URBQz1Lslxuuwm3OeW44&iFlK{KGhs>TVS@akYirxoc9KXWe9@GXYjaVF
zQ(mc$ohRA(3Y<n4^={L;<SYSRHQM6KGm2B<(yJGh1l0=)`Nr5ILp`N++G+Wqmh^Q@
zQLPj8KMzv}n%ln=*m4*2L4}F#%F`;*89N-jH_GE%zkQnnrdKWnW`2i<Gp`X6$(KM{
zB0oM_lOC0VAv)@Hi@{J<){xEUqC^4W{U|}-s$b_jPu;XB<jNBK-h{2uNp#xXOO~#=
z)Wlhe@XEn?*Kbxv>hWQXnG@F>>nqEW51S>xbgNJ`L1rlqiD8dFfN{+22U4mIz7Td1
zG~3^E`*iI~H9G#tq(6xq-lo;xLb=B&iomq3g0LAUfccc99QA^<dxgyuEl_sEC_CTe
z1x&#aZkzc<@xVdCeVEr<arxyPOaNVa^s<pEc&_=YyVZhEqR&`Of`w<T#;0ER9IQ-!
zOi_*OzVntM0ew)*Qr5My0<W7I3s?cBTJyacL)`vaD%Nt6?nS6C@flc5u}t%NQ8*cU
z#sT*R(<a9wQsf1hKxPv|9nIGxVJ<lP77ul{WvC<gECUn8ps}AN>kJ&!sXse+B>;Kn
z6Y^1{J*<Jt-?hJzZMsXzu&UmH?NUM4HVkQEPb5fg<NYpUf>TtbBu8~tArwfYtQCn)
zIBjMNdqx`Ld;M77O05Njyq<`-U1Zl#z>tE}EMzHCxvEHc>8J5Fl{z^-Yi~~~2)+6K
z5JLa~VLy&j3CrUE;Y|GFxJQ_zU!)TJ*}GL3A$^c`dEHp`{U8n7nZ6WE$Lk9Nm-a>w
zxWAubNXXD~7iIl;9iTVMt)a<R+VFH@&YED;u_gR)+9+XG*Egc9!`P7;LPH($SuMM*
z^2gc0RO4e8=FC9`jmHHw>PGdb@Gx#@#BEt7PRMbRoLHGqhkC5GR7%gVPzTb+y*oVz
zxhJ5}_eA9-BJ$Nq6xPxHvb!Yroy;96Np=QS>t!1O*!i76Eg%rP+7|)AgZRE|te(Bv
z%c?hgOfGae-&e8UJk_ob&^vFUx9XsvhOq8szt6=ictiRw82~Je)CoJRTw1UHhHyu>
zG)f-g)(Tg%{=i*a0i(OHI_DJhE*srEy(bqUJLsA(2{Ef?Tiey|<HUjZWHBK=zlWfC
zYd~Uw^eL*0S!OS^UxT7RLh>tQ<g!b&il}3v8-8_>?&W;8H1WOZH-v9}-E!?hIlU@<
zAl3~@p9{L}gI->Lbk6}cyVnqO^B(pAaWTPtNDYo9$EkBeE2URFV;iUxB`JIsA~0jg
zAy|iAyY_Z4ohZ*y+fd5X`AsC8I4Yq(YbxbQI}b?4n{*U=Mhh#J5G!B8l@M#KAIbZl
z<@Q3j1-eOgcH`;$?^t)q{=MEx3|e>T%97K7qR!`!mo2mD%Q-t`^Ma-mBZAB}JWIF|
zfZVG!fi#af1Z5_)1p$9MQjVL2MaW6r^Q<YAiZ;F^m<=+dTviY}ZraR5Ona*k1NyqS
zMy$?&H9QrV>3OA4>jIXLu!BNtBwTt^YVL%HKhtJKePp?rDPwF*s`$MM?akh0pdob~
zbui~JVNdmGSXH6x`g#=E#M@Jf?lKlxiwI^?$%6Xb(i9+~b*&|%Xi8ofi)06V5nmqG
zzIf~Un@6cx<6AwG!aCZx^`T~dIriJ88fgNynM(WQ3)L32Rq>hfmBcw>Tbv+$B$^yY
z;pUVuhHu8!M^5fOay32yWU8IihurQF{8v{r>#YFFAhOmgWCj?ESG7+c*wpnxAbB(>
zPqCGOR1OmQw<U|5L&9y{>PiZVn|6J&p4=!J;(7$rw~wVH*hNnVHk?jnW2CYrsdFm_
zu#E~Z@U6h`Xxtvftws|QNhozK(KExr{s(;G<F43aukbY0(gjXcm3M5>P*auevIN(S
zR$)v*KR>nN<bHgyLX=?kTo|AnLXfoc#pn@&=_^bWkAh24N)F>-k6Z6am=eac^Jdt-
z=@01&APbW+tn>d3A;Lsfv;hm})6B{5vr+<D`-4LgJ@#?A&N*Zxsb()F42L(je?thx
z!o+(JNZwG(raw>W?TdglY2xAQg>cGN5X}A2qg;I{IX&1Gg7!Y(b3Z*j>lush3g1m(
zG1%NCD}#l|DlIbLd3$S^G8^(Wt`at7-5nWTXdP{|txah_zN>E2l(crNOC!XCZEt?x
zn-gyqP6yrOfp`0CYz37P3XH>Z)k4m2Sa}JID9lYHlFDkfSre#3<0~UZYg&_xs1Uzs
zng2u*6)Kynsbw_E&;-yHePP!DP%(a04~FVyLyTI!QE?k9YlXElg>&5TFXRv|OxaG5
zdZ|BKyhK)inbB~<xT4{#P00ZbtB6jn<s48WE-EcBnyz(`7zkMUQdnllvT@9OO&3~N
z#-g=4au1eYK&f@Q`hd+z69uZ<9_NA0p3in}{=G{{)5q|v>k=ekWGy6HSsEcrJ3?$|
zlh*wlavzw|;#8<3b>JE!*%PGe?Vt;o*5xS}Rptp)wwM-uXjT#bdR*^Ki+jGgSnm!a
z^Qdcbk#kd$ZQ564zR|t8AtA#>3{^)T@^~T*0?^XVSjMr>G;~H@X@dB)VDHn^MBH6e
zT65)-&jiJupJ8FI=n87&6<~5i-O$%8==@!M(n`gLvHF~{b2Z(}vG?jeY;UpJdS3c+
z9Ip*b{y&}E;O0rB|4HOG;wkL`#KcdHSU4R{F>gA&{(^FGF^7b9+AwL@QYTz#RaO}w
z)DvoxcrM~y+1x^A7|`yfP>K#ZP*#WM52Hv)hdvt~PbgD*9RA5lIcc+JOtVm)+Lh*!
z=s3nG@d}phNJG4+V}No>a$NY9uzALUwG3&1&!W=VFt@(4`4N3YK2DwM*jS5DbD_?M
z3$%T?>ZP$BrZM3if<m+l%eP({Q=v6pkhT2XEosPvhirR(8H;93?JJ|<apZ70O?<Td
zh`1Rm2TKmwX92Uy00lP<wLYzxiG+SN8!aUdd|Kdz6!=hzz{-tL6~-W2N<rgv=YeXJ
zy(xPJpE_ZJSe%9?)lq()reD8_B~8(Xs;KB34$|!8Fw1X+)<*~KWK1U#D<=EZ;EBjU
z(aF|bwx!LsozmA0yA3-Q^WPu#aIxJe+Fe4nsn#&R=aCX&MB769nf(-_4b*<8lQK0U
z`}Mgp)1L)YK@yTi>B{ntD?_cU1xU*oMhX)L<W~VCIae61ix7<8Ydtuc1KU8YZcyLK
zCa;<Xm6DS67GeV654)N&oeX}~ieB7FqC|lr3kKr)CnY5GX+3;h(|x7l`VN~}UJKDb
zKBYi;hex075IJqB5k{Jlb%9b%C{7+asW4>(W7|<fk%LfEP$%S-QBqch`1)l1uo9%Y
zr}h@pnXzNs%#czXR06)FrZ=oOF7@U*ROjq0S^ybT;S&Ue7m3S0=_E6^dFCs$l`R#y
zUNKz}RIyG0>DWFxxm{oAuD>AKAStQ4uGPmaUQ~nBDHFqYw51k8NpZ5>@+C$`6UO-I
zAOm|-32(GuHWJbw_r6{tUOr!3%-^%_e9{I4AYm*5bYJQgI#x2%i8PXF5fLF>0FvnL
z5G~S)tk{D1Gi7Zj+;f9zEuX86ys}53ytK?TylFss2y9ZB?9o`fzzD8sGk?TgV8WK{
zLq%AAvWA+Lyakt0su}%q0{9KRsa>~mYR$BhUJ^84-JFXV$O5G;PN(paRsH_%g3w6o
zDSYabya%i=3-M&80!<s6Is?oRI15q+4_8Yl^+4d25qjz#4mo~5U6K}q2g}sDoS9n5
zGfMdu!g)CymrKwIc}*92y!HYfxzB{2)=abLgc0wxM}b&LPT~SuR-BdK)g~h~9fF8^
z*I(c2z8zn!Ewt0DxoHpX%Pe2B!w%^{W{J4|ZPu`nnqhBu>*g}^!#h5;4(I4jvlFL^
zn9VOfFE`&yi@R#bX)ZS1_`n0S0n6)*v6&bG+zqn<rHx*)40UN;TNr`x2}Hr%y*{Z=
zBJqN#Z45J|jGoJYOL5peA(5UALKrhgChvu=D(o=Scv<2htX-qqT@U$8&wQeyRcx;$
zBUsT|1P_7FI55a>p(Frlb9<-|Km3#7B-g^#7tgalLexdLBk>n<L?TZ3B<7;dZ6`hm
z_|y>sm&dVG7^d35iDc@2wm)p}IUC;9WZ-bel2VC~XDBXYcn@Lob+}U3nV$5cW$Z;D
zKWDPMnR>j%p7MZ^GRXY+p7pF*L<YL%*w^R*m{8dST@9Ie0!;BP$kdZbruIaIc(cTV
zJ{*4J)DTUV_@s;GS)7cHX1z3RXi~@pIJ{k|42Z-T&`Mc-crv!i&d}aA$NAzNmsv#b
zx@Qu;I30d#YXN;U9pMJF3BCtS-fl9AJ8NIM_3PWOI8UK0rC5sWk}T}^o+5jI=2>3N
zX%(j&s(jM0DXjweT5)-<;qtL~ox{1&HS%Ti^6k-7r^v$wtxE#Qj*wop%k4IW+P5Qt
zjXor^DQ8t0;#GSegwpnJGzTf_q0K^~BpawS9-3-DqHQH8HkJEE1OJ7teKiBkd4cR>
zS9n){E0xw{0L+FvPXMJ%prt^q9K1T_uZeR49ld(-z=6Fg_KrqUDd74KYs*Fjh|U9I
zX;1+}4<yeb97I4Mmd!2h>8_A9M}1;h7uKO@j-~HV*JEuH6w;M&&`+K+VhYi&h2j-R
zrols68$Is{rQ$jG3)(xcrj=l%sEaAffj`MZKgp_XfpM%TIn^4fwkWk?-Sei1LRz62
z2tvL$<v>7~w@cEFF0u2gDX<(-FOdU3r_|NUR4b%dgmRptEAW1ML`n@D`c<PVlUKYJ
zQGWS$4!4*J4T#XAE8|s=jL*g0Z-|pA*VnrL-eP1*PkpSNt}Jv&|5Yw_NJDj3lMF9*
ztE}Uq;)N_%ob-FMoJZswT(FqF4Hqhya^us7^$mHe+@}G~Vpr8en0&T;)zg;B5x0TT
z|N4;B?^`U0XbMbRaJ`O&%aR4Dz*S++woGxOj1$qzv0<DXl(e6<V*rCJ-?T9a&@X-1
z?+2Vf2pG3dpEAf%D;QceMvD=O$*X?8eTt%BwkZ9&>VZcngh@G?U0+VW_TdP>Ow8zO
zPG?Z}l!gJognpipbb_~HZezN+{MGXHS@>9>H`ng#=xX6ZXL((UR?oAb@)sUeU+*Oe
ze{$@sXZbOse`WLTe)U7$>d@Ner#_X3<sI|WTs^D!ZJ)@C={XNz=g-W|Cn2Jm>(j)d
zGpBB_CIMH)63^!HS@si|<zz>gS&6;Tl&8)_@DRan(K$}_m5bSn2Ak#L7Q5As8r@<v
z74q<0=PL?i1Y1UUK)R-kMb8)(mPj0}LJKE%0ZBF95}~>9i-))VxlED>NV@;rK<;2d
z-g?L*yrf4)hpT&xRs%Gjh+8*kq97q)CSw|)13Q0Rj9&10B1s)+lt`<ab)_PS6T&9S
zM1uuGrda%W4!x0~T(Bye8AFPKT|y|&G<MJ+kVf`F+*>wG2UYaDUCK1d-TpjM@`I8X
zAg!6ex?vGcMxUO9E%qG8XlYkZ+wq*2)4Ydc=iYBU-p!i>^M20O8%<-PU*J+NkL=&J
zT{ZxN7<NUW_Z1LJqAy=c+VhK8w3c|X0QS1)4aRJ`Z_){Kok~ol^Ai*zKV6hq@rBu9
zpyvv8EcUl>lNVE~7fWr*f-l7iFi71_VgrK-ps8Xb(&lfb85u(}`o>CwgTZ5}hf=&k
z{p(Sj>=^S5QRURNk{WL;kth$QlGu%h?xf=3J;-g^>Y1*EMfEDQRED!Z*yLv_CuBmi
zw^%qGAlz@F>ah_`S>Z|O7<NyO*WHf79U-PK5TIlx75v`&oF(PKb)&yqVYT^gT>%qM
zN1$B$C1H4S59~Zb09SK;J>SfdFz$Q}zpQ;zMqjy1R@H=Dkb75ebP2_BAZ<KdG@5sn
zQ$rEA1=lU)p$T*`TT|vzeMV+dzgn<I36_xm@CI8)YtQ!)RKr%6p3s5LkUNTvxNm7L
zy{KKwpk&TN@yykDwz^}09oev4!YrXku)WBdj3M{VCjOVZB`~hfjksT5b1=7dfWZ0y
z@p2^gUgB#;fik9U`2uNK6+?vMXTOvdgZWf`nIUstMhl%|?E5@4xwFny#~GR;UJhiV
z9%<e~JUGs&gx5X<)O129m{Y~^R=r8Dz8P6eJ5Q>Y71$EjGvp)&1HeN7AA5sdB<*|I
zZp^%5k8<Kd8ea$oB@2A1W13&s33Hbb)|d`{x^3S(j+A>K=yYR<em(^vsjuM1zNw*z
zo7m`WuCO?;0wwerwxv9eN*Jdj1JTAs6f?*b3Y&SF4Kg#c<yeerQ9@WbK|nxB7!Q#y
zzQlnIHp-*!Lv;bTLoD;z*P;(^6i4&Y!vM5{gm<<a`JIS<JWb75x0Gs%9OnY_8^D7?
zDZs&uCvn(`x)%C{y@S?p<jCY1{fhcXaUVjSdYW~{qiF!I29~4MfO*ke;bje%2bt+p
z8z-B+8Czj5`Peo`p2>Bp|8-EnoVkaY*gtRo!yRh<xh=tx0uM-Pr$YB)pZ@e?j&W8S
z0OOgZ`Mw75OTIEwuC~x|{u(ABJ0t6DfZ;>$s|Cb1VtL8AFg4B9ZJY&3Ntzc@KqF+n
znVTFro$_ApuqJ;_C`@c5#-W$+@yPfM0mHjS%70AvMbpGs1_pKAGWfQ#u2_1oSKu@V
zbp0lHl3W%M@xDVmzpbr(VUcLP6r(t&zNVu)bPoFr=OZ2JiRa@IY%S@6s&bZ;q4PIk
z3f)99mSJL^U8Q+4RhT)QXl+0un@t>BrZ(mGdm=+8jR-M+)%XCijQuCh*fj4s2voMZ
zQ<-h=nq5ul7(M6~ouEhpfhbcJ(#9*W48P^#v{Jrb&f3_xshX-I<2yg5KA5NyrrLII
zU0o4~5VVNWGCPkYAEg2ut2A5v=9>@Svu0jpCc&0k0NUn(<=NRQj8hs7#=|i}Yw3(n
zQa+)g>U5u)g`H+QNe^0dYh)-;sd)mj=_!GJ90(Rk2?-yS5QhSJkdohS<U9^3NC^q~
zf(7Jjl5m!~o7#q2rvHcu_-a47_UNQtDQd^iE-aRg$B4P_-Ck~trZGLzuG^N7@k!~$
zjo+(c@kkPPSniLmQE;qZFPspmc)z+EjG<wrp-B6t);e4xeBwixQ0$x{c%*~m3-QZ-
z-y2Q9)G%aMa%7?^QI1z*+QlAT{Z>%yY#j1_|Kah)iG^Qve-#V19kw<1qw!R0CEwF`
z`M8$u;t=ZbkYR{Z430aK)$qxQ22)d;xEvRse>Hbr9@Gqe>p21j#9g#0lM_x?cz>MP
zNW8tL<b%!wh)O6Y<n*9REi5=#BTSo$ijIsGsTSp6m%eiMPPmdKzu4pL51~qg)Fe6b
z42Eoj&)95mtShHIu@jPm-kX`3xx<nFFd_(KK-79PDdVS{+Q;YCOZpMn)dAwUI_)Tn
zscW)NJjWSkoX!q>zab#K5v2rwn=IdK%cU+GI<zDc>NV(I91i#S4Z-}o?^oRGTDU7u
zrfu2b=%w#0RzB&)BBmrO<WNc}wA0=xWL5+9S#A}F`lQ^|`*>4hKNrGBuXwPPQdl*%
zqcVlII;D&;X_Td1yGCt$^^_gLsbdLY(@GS}v6^N!Uur@@Nb4DQcrZ+Fw{;lc!&RA7
zWZZ)%wV2=PC}HITGiz~iCcwuP2(<kQU@}5Ay+=cbdx-jMhfV|!JRWzy<&ed(%%L%R
zk&ruXUDP+QPyfYVYlT+4+R$|j2!3t8^0B$pc!BxK79i1*AI8b5R`anUvy(hA`WkZX
zF#8+AsLJqG$6Tewghx($wj=Nz;MslzpbP`9QHCs9o#00nB2wv;$-R^B?(%3Q$WT}F
z;+YnBnt&>5l6W%|AQ%II(_;f(3P36;n=k6_It#f#|9ThzftT~NbY@)56t~ZbMzLyK
zO6sAn0oXb;-fspK#m<`!WJ}H*v7Zx^%_<%bhL|#bb$Fp-Q)+1LJuI6T&Kr}8?ivYg
zBfU^avsqoxgS3_3qf%CluSt+{ZKXPjL4EQUqX!UB312#`Z6hYX74iP~Z}t!Wje8nt
zP}5dp`OZCVES^FpIFVx<T#-hpNG<2H^~+E}5+!pg@y9fcrEM~T0pZf)G2|lgD5n9d
z##kIskVHpEN7LK65U+NDgRkYFd}d34UjX13xcLMv8_^cm@GGjR(sPl8)!xINqBSKp
z0Xs~kGjJT}%u`igbY#O1`(t)4;A7zLHQPX@N*_7lPv7jiQI?|ua_{12?k-L@DTLPb
zh_uN!)D{#+?j+{1^V*%||8UI!Ak(DE2BYD7Nj97MrL?sJTG(ODiK&si535}basA#d
z$4FPszEC0!l96wSw0i2%zA8?y@58QuEc9Z4%OP_OzoDmJ>A9n#gwY1rrW&jrW`0qc
zc_-sFXCD~+&NrrOMb%6WQOe|*{HNahn7$S<@wZ3XrZsWT;?7Y*T!e%K?294<D2IqC
z=9^ZX$feB~`&KQ-+pc+L-Qazz-rsj|%6)H?j10jAXC>^Di?eq^@3*uZ<)!Y?SMoi@
z0^0I<a1SLDA(^T9WE~K*lp%G}Ff*r0mOww^ZW@XuQJ5h`fF4Q78AO_ZIia1BlKU7+
z)!CUtTJ7?z{PBmJq=2G6sriJmo{`E3kzk7zl2|3w`yaxGLcvULR2YJ6G0-sZ-iU)a
z0^*(p<Tas$_$vQYdEh@H;0m=Lc}TaiR~{cBQCFb%^l~2`6wmr91v8mQjxs9eFvuKK
z0C`79AK`t6f=A0ZlCNOY05=6S3xR)V*&*XCUCS^FswJiBW(YXznbelDeh|P;IpmKx
zdwmm3w7S;HgEL>xEyG=f{wn)V<@~2C;|qoTGO)@WnH)q^e=3F6Hln)Ox8q2IkFL-7
z<0F{AFKH-#kgCRxhb~*d*CV9?r%`Toac#h(Rt{yJf<QC7$8#(Wu&@a*ByH_UU-=>+
zTsb`0mTY}@54Y8hV;^@WvOZ23Kb{etfeL<Oi~`!!@Dom4#sXC}B&Ln6!FHi*!ODCx
zqi{(n^|Y37wvk|}2&QZ*clGpj?xJ2?^DPzG+UmFbu@nZL;!ucg#QFt%q0?W`xb*n*
zch*PlYEn#GEM%_5S4YCD)Lw3pmuj6}B&=@pM>aeDL|<-ZPiGJSA_;s}>s#Fku&0Q!
z%j`AYM(UgozsxMFr&=+sYuU(#L@(-BIV8d-;yVh-0oohSy%od5EB{`{XwZ^H)7-02
z{N}U%Gs`HL*~my8U;PXI1SueQmMY9-oP_~>jBC+LJ-Mtl_9XVKtILJyz6U3t>f%D*
zqR}q$h7AF9uwh$|Jgraz2cx*axPY%yNZ}-dot<UXGhtFL(P@kv?!}l&b*`fEpv(65
zIHUvAeZTuY6mLt_ezUP9B2Ge@&k8)6%dQpeRPksxE&U@0#%cFwr2l=+=YO8IKB6lG
z-rvHCg9v~VR`6P&n(`B)#&1v#JOTzUtTUpp)vO#)X?$uxvHBdf-?2f7cq2Ti&jF|3
zM~{;1brJo{blPaM!`ta5HgVy7u5|6l$J9+rGcPp9Po?r+>LAswXPh<nWQcn2zMsBA
zJ|(@hlU0EBsd$n!wO2Hj=^b`Xep@S4=aq}?Ff)gw43afgqG;awh>uYH35rDsos>|A
zZa(7HOPOa^>Qqm(yL_AZ)TkJb-KIXDrfsrb^A@9~xwgDSu7hc+KpaRtD_Cs#IC=-%
zZ1!4k^Z4kRW_EjTt(BZfFl!hXRXElfATe_)^o<$WzJ8q&ZaFf9!!CRfk7VdD|GNs^
z(XL^b4%0w3P%P<Bd*b;<N;)eU8GlO4i@I#X;f{$(@`D`N!BULP!T2MD)Akm$+zoGx
z+G>#!53`{X76ky@A*8Lt1z_x&`BRb(GGR5EuG(ga`cF^0IUZdk5^Be5$CjT_Y41Ba
z*bPBTv3gDK)jQnBnmi|XFR>)+P(4|Vcvvf0OdXdpRIJ9FtF+T8OZN;6enhELw>7x?
zC~3Oq^D&Vs=vLP6Pka6E+FDe%-R;jHQ>E`g3_`Y&PLm%F$y4lqAUQAJiEWH6Ss6w-
z;NmNcf`F8u4~9;gXxgfker<3`DO`QP$Y|YUCztcg?>B_9p>K$XXz@*P97i$N(`2H!
zn^wq_384N0g~bJ$Z(k)vn!nXe%Ug;%P=EAnR7M?jp~`^M-|l;{MC+gkYGaryTPo!)
zx?*6%`FQ<Ue|%mt-euU$;}g_i24>Ou<XpO$lt^?bST>EHCuvYpjM?O`)#YOm#(q&7
z!_tmJJPa0tM3R;<P|y}~$r^=haGfCo)AM4oaAS-tARt+2LlC1C2(bc58OGdu4n!*v
z2kuCvJC7M}#JAuiz@p|-y31JkSFpXe?i-vIF``tvZ&<^(DS}5lMBna@6q8;G8c&cJ
zjQ7WWGw8)wt{LM@DVg%LQVQ)OemQ;Bwv$=PEk&Rv@lN*h)kTLm?8^?cz;N|D02rRL
zz-RRWhEvC{%){G|Ghi(k0iJKrOB`4%C$eRjq~hcRV09gz7eu*^iCoaD;|0W(8@d-2
zx@Qy(9`5g+pU!%o*f0B7uWYQ4sb`#ptAyKfea&gE7T(@Xl^3EnW^<_^QuHskADW)Z
z>3B;PFOl4n)!iE!?Qf8Zb-%i@E7S%S5;6Qj&A~)HFKGMV-o~9*BOcsZsw^^^xB^Bg
zr!*9=%#4v9NSIiew#CJ})1@;oS}Q98vl$=>6O&ut{u(?Skl0^$4*}p5JG6k&_uz}6
zAsLuX0bW>Z<?F@qG?V+8n{7>|X~VYD){o#}!zw+pq4EeDv>MEj>F|Yo<zxBDl()*g
z(yTzXN!H46gQAch;g9Mp)YFu#j5~z6)dB|mfiXQQ0FX~r1?=2EK<xlsAU5rtrk8qT
zkx1?z^CXu3LD9kIH?1zM{k56XKDU7Q$AmQ}mo<mY&I$lqNU=K$-hav3?S<!`^Jc~<
zWJYvHb*H3wEB*73#TT^kq-@IpU}g%@Xn2%>$-U8UC7Sn{ZuRU#icy~dHOoq94H-|w
zP?K(lgIl?H=gY4T3IUFmJSf!XRqa|$mzgtJ^i?)A(ruT1Mx<!}D%r^{kVW$aRW?H!
zT6s#x`-h%;)gLOh+onZoMuvAxg28THKk2!E0S1;(PW?mnKyIx9FY)<FNn<5iJrD50
zq(4+VGi~|3)whF)3NA}{GN*Px{i3fkCn+*9W2Cnpdw@4K3)UFNIcA+r{YWS$4FyDK
z1IQQyAn`a5XMAFp&;o{uIEnp{*-{E04;_Dj4!JbGq4GwSdyj>teo~xY@i4At)WX3P
zizbT{`iEKqzc&1P#WfU^Hh)9NISR!@lYgqbDe!E|X?)unr$jvXtLeHj;zT9Fy#%7v
zVOU-MFw9-dtS3p)M9Cu3H(XBIe#-r>rJ6%qG1@sU2%x%o&JPi9dd+8|R21j!CG+?T
zvt+)NiaQcIUdB5N%m=3DADzta%rTBVQxE9D4%J|a+1zx%&Z~iUI~Y8UZ>+8iJMWOu
z<u34<#j2A4S=#$L?Y$*-uW1|}u3-w5QC1k{5JdvQa(+X2F3cIEM<a>zNw&@$?FDYd
zc0fN~J`iK*a*W$*reoI_L(bbnMMFql$_B8T{MV1*^L<{!CrXYR8TXv)o@=fPIj@Em
zw`1v>N_lXg^Is_E@&)9D01tG>+(`N^<oaBJ-d0$ii1pUvji#svLsF3VD2Z4K5fi4)
zEs^mSgA0Ick{2bcEy}%zlzbW*)hF?y_DTiF?|1dR%KNUn!556+t5j&o$*D!iMk%HX
zw{xG!?Mo=MseTNC?ls9RCylQB`}8O?^K-3>MZ@e|!wkO&Q&#ado`MV;{d;0ztumK+
zMwW~~+KktsH64>%N^nzqrxfm$YTPX)U3qRG*2RpOUD$q+SvW@tmo{Ef`U^L6UIq`|
z$kkDxm!#JR>X*`;%0msC&O!QV7ITfpFgGAGTgJVW3YxtJiUJ2`TiR*k4>=XbIi7@D
z3!>Vzq>1h%m4zx;Rg;V(sIOAlHBaAT>4b6CZ(ubL-cDOHd>pET0zfgj+MrNaoY-ZF
zpx$51$NLxQfe0CT^EnvMC382@>7pLfON8B_H70)m;WkP!B^WO)rs5`~p-TyYU!X*M
z^ju${&{qvdfz4-*M?T`!rjI{q@Wf8%F1Ur<%pKx<7PjeBG%O+Opup0?{SaLQbCeot
zI_<z_HQ;(E)D+Q#GryF7y!O;9d|X^+MI?5-ghSKmosE9c(dB^R#qE9GD#NiJ>o0<q
z?;mQce$n$bxW(&}DI`1uL4Ue_jvs^1{L>|K)+*lC(N=pG`Tn*9SUl7eNO4naTMs09
zK&1rO$V?=(;UG%ORM3=6sNO>^1zPHMt~M~dzbhoNnsW%Nb|&in5i7dVm<CJEE=8?E
z&Tj}aYj#;X9Ux{JcWUn%9*LxpO%BOAtfEe(A%2vhQ;XJ2G}i%xord{=02cL$UQz(`
zTyPnb@g0M|D00Nsqu@x9tFOW$xHd>W*Y}Us&qo&&9d{OKNTmQ|n0uEu$i))VF%3N<
zeWfxuf`{cEOPxSZ8(giYwMLUTB8VH$9b9NR(T%Fht)!6W5-ZLY8QZ&7<H23OP8UlV
zqHLFSkZl^p*jH9AHZq@AEa4t;7s598__6B;jqpxg1x^B+-f{DHwlA6MdY}0G$yb8_
z1Xu?nrGVKjnEWE%%1!4S2#E6V9n&hvMe&T|_sqEXJ>~n7oEWOM)%hC&N*Me&#{Rv&
zc<3iDUF!LPogAyHvb!gu6r<mF?W13b)`is@Ts_15<}KbM^}SwFPH`s}<2M9lq>Id$
zvjl>%79v$28)CQS3t#f3^(Xo5NA`a4nKM!bS8f<Dp4%z8H2CN13#yHUYRBL%$}{Wu
zOijchYzu+k`@i?blhqzo;E1OtHeC!?Pn9RY_Wgc>scfjF91o_nB#IyXoD*LyHJ4|4
z$3I07t;i2@zx~Zw*rIB@VB6Rn`3J;_&{ND}{`BT^@t$V0jH@i9b>Y0Z1fkMn$nGYB
zi2t<w>Hj--+=+Va8GV$kdiYgRi;E6bMwNO$N{XA!&whR8J9-=GTYO1uP{Fu*HspM{
zSi<{}poHxyPnzk>G2Ye({B6W5pfMUUHkO!j52;ssAaikXE$g^VqU6(#1Vn&b^;z`-
z%6b5fA?5h%$$lCIA69i_-4}{n-!j+k^mSb+FYN=fjvHXoD)4lP&vfXNnuz9?K2?ct
z&gX*heMO&FMWPj-C*I{qY-_knh*5!`VFOB}vvq`fzp1=5PW+YgaEjGy`9PCMoHaPL
zSFJo)S5kFA2&_+c+I~{;FxJWF8!+a)eKP`eMKrIlDggNZEZ18K*ub+;SyaUu8CL#r
zPhC66q((S|kYJqftKtUPF#K3xt*PQVLGqE}_A<aG^EvWsvRJ<zv-|;}8?3nQtY}V8
znA2js&~uiSs>NY3OgVH1HE+1Y07T2^o7!zm82u{jDOM_L%^Mx7DhU(U$KmX;v59#m
zCdRo<x@Y*GUcWba2pV1XtH}!(VU^+zfj!A?(fSA`uFQOX0FA|NTGp=|ot{w(bn|_A
z_*byhfJyi(JV!41E6FVni+0d+PXxLsx1;mA!JD2kd*Fsb>tKr=`QXS9h+ItqNb;Ux
zVmRXH4rZ<cS6$pwX+!wPezM5sf{*Kvx%Oo@)%QvLD)Y>~k=Wj`Xbto)oGl{9o!u-7
zOOB=Bd5bbq*uk9Q*$A;^X*XEDVRfjzx1LX0%aiKC19_ShH?!dp`DDLmah2io{5-TY
znzj8jPVVV%&M*_Y=S?^cO&v!!7lyFp*-0oVhsd4IwYA&A!vT*LleRX%&1QA0Jxi-M
znr=tR$ErB|s9E}Xw<C<@E2Vlej->&V$cC3E{;^u~n)dyu(TCFw?78nmm{#|w-WR?A
zU(Hph_<8a>_MWLn7d|m%xcVxj|IWVk!`H@D(feTVi@|M8y8-GyEbBl0i;r{#14va6
z2NIhoC-bjLiMP~~R`xr4Z3Y&Sxy(0a5Nd~TmvtoeM3R@Xr?*C)GaM<Fe)V`cPnRT|
zjPU`yx;Z1i)zZv!wjNc1Au`9sC*uYgkk)JxqXEVxKfZoyK_Gpav;ZvNg~7qEe*LKu
zkwQ@jzO5W>at=jEIH%>?0jmIbL^HQ!QK#&nfYjSJ)3pOWpze*;Ox7(-Y)@uK&IWm2
zz6ML1q|W!wPAZ~nQd7_-FYV$e?B(V-fRS}f^^1K$8NCFME?CX);F*E5c4R$$#aNJA
zI6rk7CoR5-q|ItVzMh3SN%?FR0xHgb%LDVj3H>X2`z&4daZ{AB4CL1ItHd5dvZ%-~
z_g-Qn(mbNi4pL?&`ShH^0Z3~ED2?ms3wQN!OX}7_brckrA}1|OA1Cfhb7Aq`Z!e~#
z;+YbMaAV=EU?;f4KiX9K<hY9{V#!fXSDi+diEC>Ow<z|D&=7n=F0;@r9&pvQ=urZ4
zW(qsK`x-sAW#FqX>lzi+HgX#F^1}N#Dnh{A`m%B9YYtubjJT=?+DCj&L}NB!VcLT!
zZeANKw}ML<(YjRNRFv1!8av~Hzorsa8P!HXonN#KPe>_G{#d~su7E*yRxsCJzO4@%
zp3+0g-K)uPwFwRcj|mG6k#fryM?r%fY9Si?4CPtCY_t^dJ0!XwIaIC0Fn4bjq2_+=
zJ~>gf5<yOk>V%%5_>YB1n9fo_(zlh_)2$v-e%K0ae8(`fdv}lFeZ7Qjm~l=@E&C8U
zUxOiF)c@5FHpG-5ZUo58ox>G{&aT|u#2DisPd>*}GifHZspJ-$<j6tAv`lY2Ka|p1
zdJmfw2S4#RVpuC3Gp%J{g<-6%wS=L-!^m#sdJdHpdt<ncVb(=e&7Z&Y^k}7-!F!AS
zPAVD$sib>yc<0umE_k^ho;zJygroIW<)$cMO}uXxO93DJ9gP)N8dP%ZonLF17=b1M
zfOD>?Dv-KxEnH#4q@2QXV6p~?#sP+kw*WjNy1HZK<8ZF=2#M~f4T<D0S)Vm#MdA*;
zI@9SYcaH8yg%9*c!ABxnosYa{77F$c;@mu|22&aZT#ei`orD-8XJzX~G$iIc#Y3Yx
z4ynashM0=qYH6oB)FuWc0zhNaO%C=kNC|8stT?r;>2CDz^u*ADMl&O$7j13RMjl3b
z-`$13)vIG25uje?xaB~~F=_L;0!H7^w55-n3PBPJd|bs8_R^CYXU4IpL%?~<S2v*g
ze=~#9&CJWKCx0QJ94Y97n)VmR*Olgu!M#+<@cv9Vae|)Q>P-8sDdHhH8G><{IAT-D
z1y?!?jO0A!6qvZ6e|)P?dz9CGfQEZ#sXup85^^5+!HQi$<4&37TNNCpI=`WZ(=TP_
zE#S?8;c8rM2l}q?LkWHJ9FmW|{((tP#e1_-8!*v^2_XV8ah1&u7*E5))w!KQ^-og=
z5)bVtVm}Tw=n5riGXvla6|j>eyTwIj&K{c8JA#mVH($wnz}x=I<U1ZmIb+DuX3mY~
zPmJhEW@$;X=F`C*6hn8q(_c@@ij`}_<20%@<2cTj2)(fKDr?MuF3WIBO_0i_ynoFA
zr73K{afv=K=3^fS1CO&@)lyzXwWG%s$lH)!ZSyw0iK1&RZ&Bj}7J2D0w-5UCB~XOc
z2lpk3|ME)oVWfzq*TDu~;uUSKkN(?>n6E9FIHF;~!QH*&8$_O?=WD|bj2H5ttM_)N
z6u+N{8J{FN%ynA)ec+F)ioZki1YbQqCZ}Wa$%7oI>}JZeRqSySpB*(X2fG}eKralc
z_8mLVK$+Ykr-x}kGBq5f<_euF=@$lyp@+@JfA>*7Wa4aicm8~mU2+-tpD&pycPyfy
z`5S`t$ZFx7NIcYF(USLQ$)_7*YhzC&dD}Cs>MFLdPw|5n9Y=H9sNGfv&@qxuj4XPw
zPM-1`Us5T;GQHORw&dZ*;(zy1{tdO_iVM_=()ORr5PDOFEuakB^n08qxs!h?1a@=V
zXS=QO>q1PbESm30RsJl6=b8LUW@ype1VHFUEm&FDHn13NxbO6{vQv9Suj`r^sB1&T
z(9CwS*5$RIa_3F*zLq=hpX5I9Q|@+5*K%+Av)nU&%6(Srx;44Y?f)Tnp`UVZs=k){
z9w7H$B?KG;ze~y8{HK(Dm2mHOG12Z1{1Vfz5-#1y=|3g>KT3u`D;4}Nn)ZhX0Zn`H
zUp4Iy3HpQ<?fz(^6@_hQfIaxtMAPI%aoB$}(HnDMBBJm|lL<9nG~+$GR*IjB{quHo
z*g(AY?>g~Qv47r9fhIFFWp1MUS|$F$?fztaeklYWpb*AC4B_wA=a)V>FkOH<e%L`T
z5xU{a==fjiu&8wcy)mxhjc1;U`RC+xzqFyPdXMv$6}&N7e_OIYo2;KDquu}4Dl)a_
z+OW>uDEse*^;gk&uWfwujjsP~(d+;dFXers>VI3bS)kvDy3zFip=eEjH731Lbily>
zDq1Hj^IBd1uCRr!`;)(WGxi%B?*8{$Ry4QB`Cz@m0-hvWuqw<3T?0!Qb-Un@y`#kF
zvzXDNG0Q4B8J_rB7WZyJYsP-OV2|Mzh!<mEKDSkbuy$_buG{LDfp<Nd26u&g2lg?m
zO}F|%Ja=dcHIyMRt8h?_LQTiCs~Y}{rR(<0`l~<}VzPO$&iZ>~^Gq*&tG?bEcsg-}
z4*p=)2Sn;_apD=}goJY#p;R+QQhOgl&pJ-Ky(p&a*XVV33awqdM@|*RyE8FKq9e&O
zaufKqZ9qbsi%uYFQ1`iWCvPAa-nVHdl##eapmZWT)M-Q+iA|)r`S|k!nikFNQSneY
zRzhf;N|+CBwMHlvk>pW?O|<a4#lM1~2i}zb`wYRPpi`5LGTojA3pK=ZSk^L^jT0`^
z%cPkQyQW_1)9vo$>F0cb&p7frRCvu;Xor)<nA^w-@lE_zlsl?=%Dg+{BKUqopbyyx
z&5if3d_&GD?%#(stvFO8VU*-}*Q(%3<#O}mK&(i<?wV`X_^oTL{>cHoG>aVVhA%v?
z`Tdpg%}@91dDu$ih<VNaUyC1`e3{H|19W&doOr<EM>J}C0dlya1wONImS)ZIE29x$
z+U#caxn|7~usV*MVI%xJsPq^7{@0HIo)mm$HYV+xd^PWnZvj(n06XO|qS1FCmU<3=
z0zCZr{S{&T3nTCck>z#p^?}=um$vIAXKf&@<fH6(cf+jFg;x4i=_ZHr(~asKuBl_f
zh^SC_zlvaRXv=X%@f0)f!d)>?=5oIi4ZBAzZHfEQ`tHVC-S)-;U9i*yC1u^`_FYoQ
z!Pud{Qq9ihKrswcGuC9<sF;-87b=n8ToU}n5Y2_AGRczF9@AXfIf^Wc(HEi17vUdJ
z)FGhT|Aj#@QZ_5Y=q#mi&<c;A`${=>7rzjrjMA!@f_`fqe(%8JtFece8uN=iwu*Bc
z{pM(X!UlWy&(NuoxNSZaUcFaT_StxMi`zMgYxfEcjODsHH(#bfSfAZYtyd!Z{w}hQ
z_=wkW#5ZF8vCXn++T#<zL;yHaev#b&oz(`Tk$XwZ07>0H{Krn5ZL}BIOAx`L*#ra<
zF5OFFeW+XI*0K`b0nkzdX97EgW+#E)f8`GVs_h~75`<g_l_3vSK`ep0Ge32_25?_*
z0kBM2H%H*dME2sx=vG0lH(kS<#t8tA5O7oM3T`bRiG>x_gJuq*SoQA6xCN);cA-4#
ztDK1N&&IVQydlYOu%#dw^#}>A!IN3=<a%fnQmp|N?tZ#9MFA6bf-97wAx#CMI4L88
zWle#{OG!5^O7H|5;eRr-0jT_c&u@S@M4s3f-Y#w5pV^ng)DC1dEih{jT%0!S!QEL3
z)Wno~zC|=mSs1rMXiRDoJgD=)QZ_oBN_HiRr0=0-RU@tOZcXO~s{$ZzK}r5dinx-O
zo5iiKsdAttu;#17_cH+0oq4wGf2=a0)1Q-{9X8p{Ob4kJK($!`f*A(5!GZBEP-${n
z*C?^->$)~0U@`-?ch~`9AOR}AISqgfp3YrIHykwE>sHyVdCxZ(&Glb?0`{e!`>jMh
zYA^=GHBc5{8yIoc1&HbBS}t3FBuB=93lx_5t%NIT0dmTCb1%t#pb|J1fFUmR1JknR
zz~2F66S%MN^^w;yKDs^-knsqxOWVV5CFA#9532j#-M<I$B?2JEk5#s<x7z>f>HtBA
zM3oy5#+8R0E`2?eV}2yo{>SedT<srWioiVFpQ9H4w3->^!f7l2I5JhhM8-eZ;o$9r
z3#}{Klr<sTSjnG!g`M29%EL}ZDcjlBSb9+b&cIOdZG_XdAw70@Vc42GaSL2NFzWiE
z57q18JhMb|mF6Qgp_pl&(G{W~C^Om~4M+#K)P=Mn!%oBZ(ecH()Z#iYp#GoO353`i
zq~j0J<3_V_=;C|3)@MI>JAY7k{;vq9$9UseJ*IqdrYL4Lu0+FVO1ndnE<w5fnO0Ao
z=l+<XX43FlkFq5vs{jS^7UDQFVm?FmVFtE+j#6uEs?uY{FsQnzSAkZ7WH~i^qYlNT
z6utU=yE#&acT+32b9bA{GC+_EQaZIY%uj70OOiSaTPahjpx!=qg6hNvRrY&>eIPNB
z<P`VYOSX@8Wa9v0)lTZRoHB-ju*DJLg+oDl*vEl+C0MTp-ogYH*BG&pk!xG0&e=>2
z;0Y#q@}n0EcfIL(!WA`ve(6_7biK;C1<c_6G<7c#svz4yK95Sk)O}>q{;_)9ExFYk
zAp&g<=*gbpyZ`Z<;^#JI;U_@bL^Kco)gcY={_Z&VqbK^^mEc?T5<rpIT;uWs0S3B1
z)_zCno2UMrjejuK-5l@btF^iZU{G8i;4@D?3H<#(5MhJ}0C|yrUj=$~;ECm)>5jS8
z)S}GF2@C7jECel}1@@-X2yNtdEy-L;;5)xPhEC>=N@#a%bn6kQsU06PSw|)u0x>AI
zKyvw2yWkIchK8o+N!@B5n<=G4b4y@tNbc+6T9w8jtY$6fr=CJHmm@tc<x-k%w^+ew
zF{%uUu0+gR(IWJV+-9{*`K^?qczUcjl*BVVn0b6!d0h87*`7JJakL3SAO(Z2G$=Bf
zGL+Tq0FMvm*1xR*|6maR>-4er+s)P5amzOmg-f+<koFsx9|fpVE2Hfk0w~^cSV%Vu
zg-K$zI_X$8-6rDT9c(_qkq9D24uJ~#RLy0oulwDp^00?cF~Za6I;nZ@e9Dpf9Ik0o
z!;~jkYPtN`pl6Iyy{2Jmh4*VUZJ;Nqmgis0^zT;o5BUwB-9?i54Z%_Hvx2wx2k-Y^
zE55mZtIFp`7cSOywa)8X4NaBjo#RrNG4LE==Yr2U!+XDsdQ@B3P>Z2q+kO_@99oQk
zIew9ZOaciF=u-xrV3@*j(21PA0b=7BGR@#}ciwM>-L@(tVAE>$;84+pP)mkpE`1lv
z%+r#ByoC6E5IeCR2D4y>4YOg*EYM%BPuA34oBp3YC;=1lU?s5l)28cARZjD|%ed|y
z46l2P>#q3EXZ<(?=#YP1=kK2M7U+0v2LU8H&<p9*03FJ&b;tI1Vk_aUz*|J!k3am&
zS3vgyWE!&rUK(_cf#>-jHY9z##<Wv8{}>wlX_WBe=K;j>)&SwFdxXAKDSx{VTAfDD
zxbeO-vnstZUxq1|Dr-80rGm5Pr;q5@Q1Q1JouJzkI!Mfsuu_#f&=L>IZT-X%ZNaDW
z#~pE<xoA-yn_+fC1T&mN1j)t4wJ*8D9QDKoYnj#amcB>^#Enm53cph`g}pbnAM#8n
z*$dCOVBgAA_1fjz-&#1oS2Y&9Tn2`3r&;C<kzakmsRR7c_2E8cyU~hVpPi@qnYn@&
zmngqb=Y>Rek~x^qOQwzHa-M_Xc3dO45-MPAij_2LYj6jR=H!^Xni?l3CodE_!^tUV
zX66d-ZH%TPyHoLeODwZY!0WDK=J2Em#kvc1dBPKIIWY4FzOkaXw@#Cwq(RB=oXU#@
ztIz%dJt**c^H&gKo#V5ZwK@Tjw^P(EAw!3qpZJXyD5p7WIdm_BBrZ7X2<zVTZE_Vg
zjpfU5$^<KG%DK~9T@~h1nJ1be?3gHV6)SKpmuFsXV9Z)!9}>FvGmH`H8xumPM<KQ|
zc_a*x$x^+>WXV#W-ecn3Uxc{_>u~W+54+Mch=nA?16;n3$O{al3-|q~<>-_KLs{RO
zQCKK`jQV5~8P{vZvt&4;p({}h<4u^h5(mAG?prjJ;>H^TdkyhiBvWkZR~p8<lt}L-
z*FXv}7xPj&HM)0*^`}~*so~ynGy8M*h2Hjzlm=&(_-v*LGz%0#z5QOxwo+EJ<o$+l
znJd~t|D7{e$RJ;%){7j2qyfNqAH}X#zVFP;&~Clpiyk7pdhpd8<kl=(VJS*RQh&Pa
zUdC#Fx>6?E8ghx1xqz|iY#x4Ca-8{}egAjsrT8D#r()~>U-zw+DYh2<gL?VTzQ3=3
z|EZV%)XU%6<p1?;!eMPKqsj-P@DSt^AP61GU>z=<_H=VxTD$H&TK^6EI-@fz+b#tD
z+#^Bu7J8#Iq+l)IG5-(RM<&~_^`QBx9$@u429m;}1Um_Ewx6lJls>UvX(su6-GAyi
zjZ=oT_0LF6p$w=7IGTe%7oxHi5QElW=FO<@yjWv_fm=B$OQk#+aFiY(z@cF70vSj2
zGC*wW-qZDM^1En4?|gJBp+F`-5zURqbv!X`(I+VY3EIVClFRqSTs>6@x&9A})y18-
zmP(fe#xx*OK8I2XZ2=;XId^ngTbgydlb+KDODHsxX;y!%2##kphtdsuR8mq=z{w|M
z%Rp(n$&Nj#LM6X#qP%Up2VkMGE$w?Z^Tk}=)sx)wgdM%`Cyp6ChP8{U5Vgxec$Vbj
z9}|j2H0}G_XpO!D_maJ#fl0s4FIAVtQ2d8J#y`Kk{lyT<pEw<M?r>$br#g{1E>QIZ
z$2ewY`k=WKIhZR&0(mIUUK0BUWGvsqNbY^fc^BDKF=|IkH3{^)kTjUbQeH((uI!@^
z_y|YN=UuU?4%BaQ@kZqGkEfhgzOlu+dcDQ&Yp%b;V!AAu{FMIAEVdGwT#zf)5cRaW
z*4C-nAbI$@ir+=<+-02NkuSMe8o>(LZwT9QK4pl;>)gH<1qPSVibq-GPs{GE0D0-Q
zJ$%X$PnIr1V%RjBzbAOP_4=&fCMIcput7Yz3glz$0WzvjQU8XZiFio=$y;gns+;cY
zBff~gCT0(i0AlhGc)3PAB>L#B!g|$Ncs58LCE68=gdF}Gg1gj2#M>(+87<S))j{&;
z|2)%w>ghl2>0i)0q?V>I`yhQYY)q^z0ZL#FVilnRbD7IuEM&1V)xB*dEj7E%zj}vn
z1o2(&tRz}sfVj_e*jS+x9hURhK6&h?Y>+;GLT?GB=m7xfd|4NED#RuNFd=E43d{Ev
z47E+w)rUPf9}&|FQfI_@kk655BL`t4I}8jAy3U=8Mq1?h@F~xT{G*rv>aZ4BWvvh(
zS2@xd!o*)<ivUKp)QUCUEWQBJ^RJ!p|G~o%klF)_Znccw0)Ia*PddL49lRawe(^+j
zZ4a@$vK9eI!7c+ZgSfnz^9epfh}{(px!ZL0h`SCy>)yR*sGM_O>vVR%{f6)a8#n>s
zduH36x|UHyLrX;3mzU$cURUJnx1@mM$qr6@$0xOYnV6qY5BM}r*)_LbB1i*=BhC6e
zAey=N3^}mqHgxy94)gaDpDfht!(R?8BIy`fA^^`2FMPFS`T@w=eTYZ}9FGY+o|QH8
o6MXzE?Eh=&`|sv#zyI)Gg9=bRBhYocxud?JXWRhONB#es0Coip9smFU

literal 0
HcmV?d00001

diff --git a/roles/prepare/tasks/main.yml b/roles/prepare/tasks/main.yml
new file mode 100644
index 000000000..099d73b79
--- /dev/null
+++ b/roles/prepare/tasks/main.yml
@@ -0,0 +1,55 @@
+
+- block:
+
+  - name: create maint website dir
+    file:
+      path: "/var/www/html/"
+      state: directory
+      mode: "0755"
+      owner: "{{ fworch_user }}"
+      group: "{{ fworch_group }}"
+  
+  - name: copy maintenance web site index
+    copy:
+      src: maintenance-info.html
+      dest: "/var/www/html/index.html"
+      mode: "0644"
+
+  - name: cioy maintenance web site image
+    copy:
+      src: men-at-work.jpg
+      dest: "/var/www/html/men-at-work.jpg"
+      mode: "0644"
+
+  - name: copy httpd maintenance config file to ui target
+    template:
+      src: "httpd-maintenance.conf"
+      dest: "{{ http_conf_dir }}/{{ product_name }}-maintenance.conf"
+      owner: root
+      group: root
+
+  - name: enable apache2 maintenance web site
+    command: "a2ensite {{ product_name }}-maintenance"
+    ignore_errors: true
+
+  - name: disable {{ product_name }} web site
+    command: "a2dissite {{ product_name }}-ui"
+
+  - name: restart apache with maintenance site
+    service:
+      name: "{{ webserver_package_name }}"
+      state: restarted     
+
+  when: "installation_mode == 'upgrade' and inventory_hostname in groups['frontends']"
+  become: true
+
+
+- name: stop importer service before making any changes
+  systemd:
+    name: "{{ item }}"
+    state: stopped
+  become: true
+  when: "inventory_hostname in groups['importers'] and not installation_mode == 'new'"
+  loop:
+    - "{{ product_name }}-importer-legacy"
+    - "{{ product_name }}-importer-api"
diff --git a/roles/prepare/templates/httpd-maintenance.conf b/roles/prepare/templates/httpd-maintenance.conf
new file mode 100644
index 000000000..1b826bc01
--- /dev/null
+++ b/roles/prepare/templates/httpd-maintenance.conf
@@ -0,0 +1,28 @@
+<VirtualHost *:80>
+	ServerName {{ ui_server_name }}:80
+	ServerAdmin {{ server_admin }}
+	ServerAlias {{ ui_server_alias }}
+	Timeout {{ apache_ui_timeout }}
+
+    RewriteEngine on
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+
+	ErrorLog /var/log/{{ webserver_package_name }}/error.log
+	TransferLog /var/log/{{ webserver_package_name }}/access.log
+</VirtualHost>
+
+# https vhost:
+<VirtualHost *:{{ ui_web_port }}>
+	ServerName {{ ui_server_name }}:{{ ui_web_port }}
+	ServerAdmin {{ server_admin }}
+	ServerAlias {{ ui_server_alias }}
+	Timeout {{ apache_ui_timeout }}
+	DocumentRoot /var/www/html
+	ErrorLog /var/log/{{ webserver_package_name }}/maint_error.log
+	TransferLog /var/log/{{ webserver_package_name }}/maint_access.log
+	CustomLog /var/log/{{ webserver_package_name }}/maint_ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+	SSLEngine on
+	SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW 
+	SSLCertificateFile /etc/{{ webserver_package_name }}/ssl/server.crt
+	SSLCertificateKeyFile /etc/{{ webserver_package_name }}/ssl/server.key
+</VirtualHost>
diff --git a/roles/test/tasks/main.yml b/roles/test/tasks/main.yml
index 4f32d2c56..526b04450 100644
--- a/roles/test/tasks/main.yml
+++ b/roles/test/tasks/main.yml
@@ -82,3 +82,11 @@
     test_importer_handler_guard: stop
   changed_when: true
   notify: "test importer handler"
+
+- name: delete ldif files
+  file:
+    path: "{{  middleware_ldif_dir }}"
+    state: absent
+  become: true
+  when: "'middlewareserver' in group_names"
+
diff --git a/site.yml b/site.yml
index d45b89432..554bfd872 100644
--- a/site.yml
+++ b/site.yml
@@ -1,21 +1,14 @@
 ---
 # for installation options see https://github.com/CactuseSecurity/firewall-orchestrator/blob/master/documentation/installer/install-advanced.md
 
-- hosts: importers
-  tasks:
-    - name: stop importer service before making any changes
-      systemd:
-        name: "{{ item }}"
-        state: stopped
-      become: true
-      when: "not installation_mode == 'new'"
-      ignore_errors: true
-      loop:
-        - "{{ product_name }}-importer-legacy"
-        - "{{ product_name }}-importer-api"
+- hosts: all
+  roles:
+    - { role: prepare }
   tags:
+    - backend
     - frontend
     - importer
+    - ui
 
 - hosts: all
   tasks:
@@ -119,16 +112,9 @@
 
 - hosts: all
   roles:
-    - { role: test, when: not installation_mode == 'uninstall' }
-  tags:
-    - test
-    - quicktest
-
-- hosts: all
-  roles:
-    - { role: cleanup, when: "not installation_mode == 'uninstall'" }
+    - { role: finalize, when: "not installation_mode == 'uninstall'" }
   tags:
-    - cleanup
+    - finalize
     - backend
     - frontend
     - importer
@@ -136,10 +122,23 @@
 
 - hosts: all
   roles:
-    - { role: final-display, when: "not installation_mode == 'uninstall'" }
+    - { role: test, when: not installation_mode == 'uninstall' }
   tags:
-    - cleanup
-    - backend
-    - frontend
-    - importer
-    - ui
+    - test
+    - quicktest
+
+- hosts: all
+  tasks:
+    # display status & pwds
+    - name: show listener status
+      import_tasks: scripts/show-fworch-listeners.yml
+      become: true
+
+    - name: display secrets for this installation
+      debug:
+        msg:
+          - "Your initial UI admin password is '{{ admin_password }}'"
+          - "Your api hasura admin secret is '{{ api_hasura_admin_secret }}'"
+      when: |
+        admin_password is defined and 
+        api_hasura_admin_secret is defined

From 6795405265751e9aa0ecafba3ed39da57fb919f9 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Wed, 27 Mar 2024 21:47:22 +0100
Subject: [PATCH 64/84] importer log locking revert hotfix disable log locking
 to make importer stop more reliable

---
 roles/importer/files/importer/import-main-loop.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/importer/files/importer/import-main-loop.py b/roles/importer/files/importer/import-main-loop.py
index 32ff23572..3eb827985 100755
--- a/roles/importer/files/importer/import-main-loop.py
+++ b/roles/importer/files/importer/import-main-loop.py
@@ -71,8 +71,8 @@ def stop(self):
 
     args = parser.parse_args()
 
-    logLockerTask = LogLockerTask()     # create logLocker
-    logLockerTask.start()           # start Log locking
+    # logLockerTask = LogLockerTask()     # create logLocker
+    # logLockerTask.start()           # start Log locking
 
     fwo_config = fwo_config.readConfig()
     fwo_globals.setGlobalValues(verify_certs_in=args.verify_certificates, 
@@ -192,6 +192,6 @@ def stop(self):
             counter += 1
 
     # got break signal stopping background process for handling log locking
-    logLockerTask.stop()
-    logLockerTask.join()
+    # logLockerTask.stop()
+    # logLockerTask.join()
     logger.info("importer-main-loop exited gracefully.")

From fba29584bcc418ea8a1aab6f80883f04ae98fbb9 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Thu, 28 Mar 2024 10:59:28 +0100
Subject: [PATCH 65/84] sample customizing py script with sample data

---
 .../customizing/customizeFwoSampleScript.py   | 248 ++++++++++++++++++
 scripts/customizing/sampleCustomSettings.json |  62 +++++
 2 files changed, 310 insertions(+)
 create mode 100644 scripts/customizing/customizeFwoSampleScript.py
 create mode 100644 scripts/customizing/sampleCustomSettings.json

diff --git a/scripts/customizing/customizeFwoSampleScript.py b/scripts/customizing/customizeFwoSampleScript.py
new file mode 100644
index 000000000..7f5931504
--- /dev/null
+++ b/scripts/customizing/customizeFwoSampleScript.py
@@ -0,0 +1,248 @@
+# library for FWORCH API calls
+from asyncio.log import logger
+import re
+import traceback
+from sqlite3 import Timestamp
+from textwrap import indent
+import requests.packages
+import requests
+import json
+import argparse
+import getpass
+import argparse
+import sys
+
+
+def call(url, jwt, query, query_variables="", role="reporter", show_progress=False, method=''):
+    request_headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + jwt, 'x-hasura-role': role }
+    full_query = {"query": query, "variables": query_variables}
+
+    with requests.Session() as session:
+        session.verify = False
+        session.headers = request_headers
+
+        try:
+            r = session.post(url, data=json.dumps(full_query), timeout=600)
+            r.raise_for_status()
+        except requests.exceptions.RequestException:
+            if r != None:
+                if r.status_code != 200:
+                    raise Exception("fwo_api call ERROR: got error code: " + str(r.status_code))
+            else:
+                raise Exception("fwo_api call ERROR: got no result from FWO API call")
+        if r != None:
+            return r.json()
+        else:
+            return None
+
+
+def login(user, password, user_management_api_base_url, method='api/AuthenticationToken/Get'):
+    payload = {"Username": user, "Password": password}
+
+    with requests.Session() as session:
+        session.verify = False
+        session.headers = {'Content-Type': 'application/json'}
+
+        try:
+            response = session.post(user_management_api_base_url + method, data=json.dumps(payload))
+        except requests.exceptions.RequestException:
+            raise Exception("fwo_api login ERROR: no valid response from: " + str(user_management_api_base_url))
+
+        if response.text is not None and response.status_code==200:
+            return response.text    # the JWT
+        else:
+            raise Exception("fwo_api login ERROR: did not receive a JWT during login to api_url: " + str(user_management_api_base_url))
+
+
+def get_config_value(fwo_api_base_url, jwt, key='limit'):
+    query_variables = {'key': key}
+    config_query = "query getConf($key: String) {  config(where: {config_key: {_eq: $key}}) { config_value } }"
+    result = call(fwo_api_base_url, jwt, config_query, query_variables=query_variables, role='importer')
+    if 'data' in result and 'config' in result['data']:
+        first_result = result['data']['config'][0]
+        if 'config_value' in first_result:
+            return first_result['config_value']
+        else:
+            return None
+    else:
+        return None
+
+
+def get_config_values(fwo_api_base_url, jwt, keyFilter='limit'):
+    query_variables = {'keyFilter': keyFilter+"%"}
+    config_query = "query getConf($keyFilter: String) { config(where: {config_key: {_ilike: $keyFilter}}) { config_key config_value } }"
+    result = call(fwo_api_base_url, jwt, config_query, query_variables=query_variables, role='importer')
+    if 'data' in result and 'config' in result['data']:
+        resultArray = result['data']['config']
+        dict1 = {v['config_key']: v['config_value'] for k,v in enumerate(resultArray)}
+        return dict1
+    else:
+        return None
+
+
+def readJsonFile(filename):
+    try: 
+        with open(filename, "r") as jsonFH:
+            jsonDict = json.loads(jsonFH.read())
+    except:
+        raise Exception("readJsonFile ERROR: while reading file: " + filename)
+    return jsonDict
+
+
+def setCustomTxtValues(fwo_api_base_url, jwt, query_variables={}, keyFilter='limit'):
+    customTxt_mutation = """
+        mutation upsertCustomText($id: String!, $language: String!, $txt: String!) {
+            insert_customtxt(
+                objects: {
+                    id: $id
+                    language: $language
+                    txt: $txt
+                },
+                on_conflict: {
+                    constraint: customtxt_pkey ,
+                    update_columns: [txt]
+                }
+            ) {
+                returning {
+                    id: id
+                }
+            }
+        }
+    """
+    result = call(fwo_api_base_url, jwt, customTxt_mutation, query_variables=query_variables, role='admin')
+    if result['data']['insert_customtxt']['returning'][0]['id']:
+        return result['data']['insert_customtxt']['returning'][0]['id']
+    else:
+        return -1
+        
+        
+def setModellingServiceValues(fwo_api_base_url, jwt, query_variables={}, keyFilter='limit'):
+    modellingService_mutation = """
+        mutation newService(
+            $name: String
+            $app_id: Int
+            $is_global: Boolean
+            $port: Int
+            $port_end: Int
+            $proto_id: Int
+            ) {
+                insert_modelling_service(objects: {
+                    name: $name
+                    app_id: $app_id
+                    is_global: $is_global
+                    port: $port
+                    port_end: $port_end
+                    proto_id: $proto_id
+            }) {
+                returning {
+                    id
+                }
+            }
+        }
+    """
+
+    # export your modelling services using the following query:
+    # query getGlobalModServices {
+    #   modelling_service(where: {is_global: {_eq: true}}) {
+    #     port
+    #     port_end
+    #     proto_id
+    #     name
+    #     is_global
+    #   }
+    # }
+
+    result = call(fwo_api_base_url, jwt, modellingService_mutation, query_variables=query_variables, role='admin')
+    if result['data']['insert_modelling_service']['returning'][0]['id']:
+        return result['data']['insert_modelling_service']['returning'][0]['id']
+    else:
+        return -1
+
+
+def setConfigValues(fwo_api_base_url, jwt, query_variables={}, keyFilter='limit'):
+    config_mutation = """
+        mutation upsertConfigItem($config_key: String!, $config_value: String!, $config_user: Int!) {
+            insert_config(
+                objects: {
+                config_key: $config_key,
+                config_value: $config_value,
+                config_user: $config_user
+                },
+                on_conflict: {
+                constraint: config_pkey,
+                update_columns: [config_value]
+                }
+            ) {
+                returning {
+                id: config_key
+                }
+            }
+        }
+    """
+    result = call(fwo_api_base_url, jwt, config_mutation, query_variables=query_variables, role='admin')
+    if result['data']['insert_config']['returning'][0]['id']:
+        return result['data']['insert_config']['returning'][0]['id']
+    else:
+        return -1
+    
+
+def getCredentials():
+    username = input("Enter your username: ")
+    password = getpass.getpass("Enter your password: ")
+    return username, password
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(
+        description='Writing custom settings via API to firewall orchestrator')
+
+    parser.add_argument('-c', '--customSettingsFile', required=True,
+                        help='Filename of custom settings file for firewall orchstrator (mandatory parameter)')
+
+    args = parser.parse_args()
+
+    if len(sys.argv) == 1:
+        parser.print_help(sys.stderr)
+        sys.exit(1)
+
+    settingsFile = args.customSettingsFile
+    fwo_config_filename = '/etc/fworch/fworch.json'
+    requests.packages.urllib3.disable_warnings()
+
+    fwo_config = readJsonFile(fwo_config_filename)
+    user_management_api_base_url = fwo_config['middleware_uri']
+    fwo_api_base_url = fwo_config['api_uri']
+
+
+    # read credentials interactively
+    print("Enter credentials of a user with admin role:")
+    username, password = getCredentials()
+
+    # login with the credentials to get JWT
+    jwt = login(username, password, user_management_api_base_url, method='api/AuthenticationToken/Get')
+
+    # read settings to write to API from file
+    settings = readJsonFile(settingsFile)
+
+    # write settings to FWO API using the JWT
+    # overwrites existing values making this script idempotent
+
+    for t in settings:
+        if t=='config':
+            for obj in settings[t]:
+                setConfigValues(fwo_api_base_url, jwt, query_variables=obj)
+                # issue in config: area ids will vary - do we re-write this using the area name?
+                    # {
+                    #     "config_key": "modCommonAreas",
+                    #     "config_value": "[{\"area_id\":88,\"use_in_src\":true,\"use_in_dst\":false},{\"area_id\":43,\"use_in_src\":true,\"use_in_dst\":true}]",
+                    #     "config_user": 0
+                    # },
+        elif t=='customtxt':
+            for obj in settings[t]:
+                setCustomTxtValues(fwo_api_base_url, jwt, query_variables=obj)
+
+        elif t=='modelling_service':
+            for obj in settings[t]:
+                setModellingServiceValues(fwo_api_base_url, jwt, query_variables=obj)
+
+        # if t=='local appserver':  # here again we have the (app) id issue - might be able to circumvent this by using objects as references
diff --git a/scripts/customizing/sampleCustomSettings.json b/scripts/customizing/sampleCustomSettings.json
new file mode 100644
index 000000000..b1cfdc863
--- /dev/null
+++ b/scripts/customizing/sampleCustomSettings.json
@@ -0,0 +1,62 @@
+{
+    "config": [
+        {
+            "config_key": "DefaultLanguage",
+            "config_value": "German",
+            "config_user": 0
+        },
+        {
+            "config_key": "modNamingConvention",
+            "config_value": "{\"networkAreaRequired\":true,\"useAppPart\":true,\"fixedPartLength\":4,\"freePartLength\":3,\"networkAreaPattern\":\"NA\",\"appRolePattern\":\"AR\"}",
+            "config_user": 0
+        },
+        {
+            "config_key": "importAppDataSleepTime",
+            "config_value": "12",
+            "config_user": 0
+        },
+        {
+            "config_key": "modCommonAreas",
+            "config_value": "[{\"area_id\":88,\"use_in_src\":true,\"use_in_dst\":false},{\"area_id\":43,\"use_in_src\":true,\"use_in_dst\":true}]",
+            "config_user": 0
+        },
+        {
+            "config_key": "reducedProtocolSet",
+            "config_value": "True",
+            "config_user": 0
+        }
+    ],
+    "modelling_service": [
+        {
+          "port": 443,
+          "port_end": null,
+          "proto_id": 6,
+          "name": "https",
+          "is_global": true
+        },
+        {
+          "port": 79,
+          "port_end": 79,
+          "proto_id": 6,
+          "name": "finger",
+          "is_global": true
+        }
+    ],
+    "customtxt": [
+        {
+          "id": "owner",
+          "language": "German",
+          "txt": "Applikation"
+        },
+        {
+          "id": "missing_owner_id",
+          "language": "German",
+          "txt": "Fehlende ApplikationsID"
+        },
+        {
+          "id": "as_owner",
+          "language": "German",
+          "txt": "f&uuml;r Applikation"
+        }
+      ]
+}
\ No newline at end of file

From 5d6313b270cde4e97db0250856469b131ab0a0eb Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Sat, 6 Apr 2024 08:55:58 +0200
Subject: [PATCH 66/84] adding db pwd encryption adding importer custom fields
 (db only)

---
 .vscode/launch.json                           |  14 +-
 documentation/revision-history-develop.md     |   7 +
 inventory/group_vars/all.yml                  |   3 +-
 inventory/group_vars/apiserver.yml            |   2 +-
 inventory/group_vars/databaseserver.yml       |   1 +
 roles/FWO.sln                                 |  21 ++
 roles/api/files/replace_metadata.json         |   9 +
 roles/api/tasks/hasura-install.yml            |   4 +-
 .../fworch-hasura-docker-api.service.j2       |  14 +-
 roles/common/tasks/main.yml                   |  31 ++-
 .../sql/creation/fworch-create-tables.sql     |   2 +
 .../sql/idempotent/fworch-basic-procs.sql     |  13 ++
 .../sql/idempotent/fworch-encryption.sql      | 157 +++++++++++++++
 .../sql/idempotent/fworch-rule-import.sql     |   5 +-
 roles/database/files/upgrade/8.0.3.sql        | 183 ++++++++++++++++++
 roles/database/tasks/install-database.yml     |   4 +-
 .../files/importer/checkpointR8x/cp_rule.py   |   7 +
 .../files/importer/checkpointR8x/fwcommon.py  |   2 +-
 roles/importer/files/importer/fwo_api.py      |  90 ++++++++-
 roles/importer/files/importer/fwo_const.py    |   1 +
 .../importer/files/importer/fwo_exception.py  |  43 ++--
 roles/importer/tasks/main.yml                 |   1 +
 .../files/FWO.Api.Client/Data/DisplayBase.cs  |   1 +
 .../FWO.Api.Client/Data/LdapConnectionBase.cs |  31 ++-
 .../FWO.Api.Client/Data/ModellingAppRole.cs   |   1 +
 .../Data/ModellingServiceGroup.cs             |   1 +
 roles/lib/files/FWO.Api.Client/Data/Rule.cs   |   3 +
 .../files/FWO.Api.Client/Data/StateMatrix.cs  |   1 +
 .../FWO.Api.Client/Data/UiLdapConnection.cs   |  29 ++-
 .../FWO.Api.Client/FWO.Api.Client.csproj      |   1 +
 .../files/FWO.Config.Api/Data/CommonArea.cs   |   1 +
 .../files/FWO.Config.Api/Data/ConfigData.cs   |   2 +
 .../FWO.Config.Api/Data/RecertCheckParams.cs  |   1 +
 roles/lib/files/FWO.Config.Api/UserConfig.cs  |   2 +
 .../AutoDiscoveryBase.cs                      |  24 ++-
 .../AutoDiscoveryCpMds.cs                     |   3 +-
 .../AutoDiscoveryFortiManager.cs              |   1 +
 .../FWO.DeviceAutoDiscovery/CheckPointAPI.cs  |   1 +
 .../FWO.DeviceAutoDiscovery.csproj            |   1 +
 .../FortiManagerAPI.cs                        |   1 +
 roles/lib/files/FWO.Encryption/AesEnc.cs      |  87 +++++++++
 .../FWO.Encryption/FWO.Encryption.csproj      |  13 ++
 .../FWO.GlobalConstants.csproj                |   9 +
 .../GlobalConstants.cs                        |   2 +-
 roles/lib/files/FWO.Recert/RecertRefresh.cs   |   1 +
 roles/lib/files/FWO.Report.Filter/Compiler.cs |   1 +
 .../FWO.Report.Filter/DynGraphqlQuery.cs      |   1 +
 .../FilterTypes/ReportFilters.cs              |   1 +
 .../lib/files/FWO.Report/Data/DeviceReport.cs |   1 +
 .../files/FWO.Report/Data/ManagementReport.cs |   1 +
 .../lib/files/FWO.Report/Data/OwnerReport.cs  |   3 +-
 roles/lib/files/FWO.Report/Data/ReportData.cs |   3 +-
 .../FWO.Report/Display/NatRuleDisplayHtml.cs  |   3 +-
 .../files/FWO.Report/Display/NwObjDisplay.cs  |   3 +-
 .../Display/RuleChangeDisplayCsv.cs           |   3 +-
 .../Display/RuleChangeDisplayHtml.cs          |   3 +-
 .../Display/RuleChangeDisplayJson.cs          |   3 +-
 .../FWO.Report/Display/RuleDisplayBase.cs     |   2 +
 .../FWO.Report/Display/RuleDisplayCsv.cs      |   3 +-
 .../FWO.Report/Display/RuleDisplayHtml.cs     |   3 +-
 .../FWO.Report/Display/RuleDisplayJson.cs     |   3 +-
 roles/lib/files/FWO.Report/FWO.Report.csproj  |   1 +
 roles/lib/files/FWO.Report/ReportBase.cs      |   4 +-
 roles/lib/files/FWO.Report/ReportChanges.cs   |   3 +-
 .../lib/files/FWO.Report/ReportConnections.cs |   1 +
 .../lib/files/FWO.Report/ReportDevicesBase.cs |   1 +
 roles/lib/files/FWO.Report/ReportNatRules.cs  |   2 +-
 .../lib/files/FWO.Report/ReportOwnersBase.cs  |   1 +
 roles/lib/files/FWO.Report/ReportRules.cs     |   3 +-
 .../lib/files/FWO.Report/ReportStatistics.cs  |   1 +
 .../FWO.Middleware.Server/AppDataImport.cs    |   1 +
 .../AreaSubnetDataImport.cs                   |  59 +++---
 .../AutoDiscoverScheduler.cs                  |   1 +
 .../AuthenticationServerController.cs         |   1 +
 .../AuthenticationTokenController.cs          |   1 +
 .../Controllers/GroupController.cs            |   3 +-
 .../Controllers/RoleController.cs             |   3 +-
 .../Controllers/TenantController.cs           |   1 +
 .../Controllers/UserController.cs             |   1 +
 .../DailyCheckScheduler.cs                    |   1 +
 .../FWO.Middleware.Server.csproj              |   1 +
 .../ImportAppDataScheduler.cs                 |   1 +
 .../ImportChangeNotifier.cs                   |   3 +-
 .../ImportChangeNotifyScheduler.cs            |   1 +
 .../ImportSubnetDataScheduler.cs              |   1 +
 .../files/FWO.Middleware.Server/JwtWriter.cs  |   1 +
 .../files/FWO.Middleware.Server/Ldap.cs       |   7 +-
 .../FWO.Middleware.Server/RecertCheck.cs      |   1 +
 .../FWO.Middleware.Server/ReportScheduler.cs  |   3 +-
 .../FWO.Middleware.Server/SchedulerBase.cs    |   1 +
 .../FWO.Middleware.Server/UiUserHandler.cs    |   1 +
 .../middleware/tasks/create_auth_secrets.yml  |   4 +-
 roles/middleware/tasks/main.yml               |  16 +-
 .../test/files/FWO.Test/AesEncryptionTest.cs  |  40 ++++
 roles/test/files/FWO.Test/ApiTest.cs          |   1 +
 roles/test/files/FWO.Test/DisplayBaseTest.cs  |   1 +
 roles/test/files/FWO.Test/DistNameTest.cs     |   1 +
 roles/test/files/FWO.Test/ExportTest.cs       |  21 +-
 roles/test/files/FWO.Test/FWO.Test.csproj     |   2 +
 roles/test/files/FWO.Test/FilterTest.cs       |   1 +
 .../files/FWO.Test/ManagedIdStringTest.cs     |   1 +
 .../files/FWO.Test/ModellingHandlerTest.cs    |   1 +
 .../FWO.Test/ModellingHandlerTestApiConn.cs   |   1 +
 roles/test/files/FWO.Test/SanitizerTest.cs    |   1 +
 .../ui/files/FWO.UI/Auth/AuthStateProvider.cs |   1 +
 roles/ui/files/FWO.UI/FWO.Ui.csproj           |   2 +
 .../ui/files/FWO.UI/Pages/Certification.razor |   1 +
 .../Pages/Monitoring/MonitorAlerts.razor      |   1 +
 .../Monitoring/MonitorImportStatus.razor      |   1 +
 .../Pages/Monitoring/MonitoringMain.razor     |   1 +
 .../files/FWO.UI/Pages/NetworkAnalysis.razor  |   1 +
 .../NetworkModelling/EditConnLeftSide.razor   |   1 +
 .../files/FWO.UI/Pages/Reporting/Report.razor |   1 +
 .../Pages/Reporting/Reports/_Imports.razor    |   1 +
 .../FWO.UI/Pages/Reporting/_Imports.razor     |   1 +
 .../Pages/Request/DisplayImplTaskTable.razor  |   1 +
 .../Request/DisplayImplementationTask.razor   |   1 +
 .../FWO.UI/Pages/Request/DisplayTicket.razor  |   1 +
 .../Pages/Request/RequestApprovals.razor      |   1 +
 .../Request/RequestImplementations.razor      |   1 +
 .../Pages/Request/RequestPlannings.razor      |   1 +
 .../FWO.UI/Pages/Request/RequestReviews.razor |   1 +
 .../FWO.UI/Pages/Request/RequestTickets.razor |   1 +
 .../Request/RequestTicketsOverview.razor      |   1 +
 .../FWO.UI/Pages/Settings/SearchUser.razor    |   1 +
 .../Pages/Settings/SettingsActions.razor      |   1 +
 .../Pages/Settings/SettingsCredentials.razor  | 159 ++++++++++-----
 .../Pages/Settings/SettingsGateways.razor     |   1 +
 .../Pages/Settings/SettingsGroups.razor       |   1 +
 .../FWO.UI/Pages/Settings/SettingsLdap.razor  |  31 ++-
 .../Pages/Settings/SettingsManagements.razor  |   1 +
 .../FWO.UI/Pages/Settings/SettingsOwner.razor |   1 +
 .../FWO.UI/Pages/Settings/SettingsRoles.razor |   1 +
 .../Pages/Settings/SettingsTenants.razor      |   1 +
 .../FWO.UI/Pages/Settings/SettingsUsers.razor |   1 +
 roles/ui/files/FWO.UI/Pages/_Imports.razor    |   1 +
 .../ui/files/FWO.UI/Services/ActionHandler.cs |   3 +-
 .../FWO.UI/Services/CircuitHandlerService.cs  |   1 +
 roles/ui/files/FWO.UI/Services/DefaultInit.cs |   3 +-
 roles/ui/files/FWO.UI/Services/GroupAccess.cs |   1 +
 .../files/FWO.UI/Services/JwtEventService.cs  |   3 +-
 .../FWO.UI/Services/ModellingAppHandler.cs    |   1 +
 .../Services/ModellingAppRoleHandler.cs       |   1 +
 .../Services/ModellingAppServerHandler.cs     |   1 +
 .../Services/ModellingAppServerListHandler.cs |   1 +
 .../Services/ModellingConnectionHandler.cs    |   1 +
 .../FWO.UI/Services/ModellingHandlerBase.cs   |   1 +
 .../Services/ModellingServiceGroupHandler.cs  |   1 +
 .../Services/ModellingServiceHandler.cs       |   1 +
 .../FWO.UI/Services/NetworkZoneService.cs     |   3 +-
 .../ui/files/FWO.UI/Services/PathAnalysis.cs  |   3 +-
 .../files/FWO.UI/Services/RequestDbAccess.cs  |   3 +-
 .../files/FWO.UI/Services/RequestHandler.cs   |   3 +-
 roles/ui/files/FWO.UI/Services/RoleAccess.cs  |   1 +
 .../ui/files/FWO.UI/Services/TicketCreator.cs |   1 +
 .../files/FWO.UI/Shared/AutoDiscovery.razor   |   1 +
 roles/ui/files/FWO.UI/Shared/Collapse.razor   |   1 +
 roles/ui/files/FWO.UI/Shared/Confirm.razor    |   3 +-
 .../files/FWO.UI/Shared/ConfirmDelete.razor   |   3 +-
 .../files/FWO.UI/Shared/ConnectionTable.razor |   1 +
 .../ui/files/FWO.UI/Shared/ContentSwap.razor  |   3 +-
 .../files/FWO.UI/Shared/DeviceSelection.razor |   1 +
 .../Shared/DeviceSelectionTenants.razor       |   1 +
 roles/ui/files/FWO.UI/Shared/Dropdown.razor   |   1 +
 roles/ui/files/FWO.UI/Shared/EditList.razor   |   3 +-
 roles/ui/files/FWO.UI/Shared/HelpLink.razor   |   3 +-
 .../files/FWO.UI/Shared/ImportDetails.razor   |   1 +
 .../files/FWO.UI/Shared/ImportRollback.razor  |   1 +
 roles/ui/files/FWO.UI/Shared/IpSelector.razor |   1 +
 roles/ui/files/FWO.UI/Shared/MainLayout.razor |   1 +
 .../FWO.UI/Shared/MonitoringLayout.razor      |   1 +
 .../files/FWO.UI/Shared/NavigationMenu.razor  |   1 +
 .../ui/files/FWO.UI/Shared/ObjectGroup.razor  |   1 +
 .../FWO.UI/Shared/ObjectGroupCollection.razor |   3 +-
 .../ui/files/FWO.UI/Shared/ReportLayout.razor |   1 +
 .../files/FWO.UI/Shared/RequestLayout.razor   |   1 +
 .../ui/files/FWO.UI/Shared/RightSidebar.razor |   1 +
 .../ui/files/FWO.UI/Shared/RuleSelector.razor |   3 +-
 .../files/FWO.UI/Shared/SettingsLayout.razor  |   1 +
 roles/ui/files/FWO.UI/Shared/Sidebar.razor    |   3 +-
 180 files changed, 1173 insertions(+), 191 deletions(-)
 create mode 100644 roles/database/files/sql/idempotent/fworch-encryption.sql
 create mode 100644 roles/database/files/upgrade/8.0.3.sql
 create mode 100644 roles/lib/files/FWO.Encryption/AesEnc.cs
 create mode 100644 roles/lib/files/FWO.Encryption/FWO.Encryption.csproj
 create mode 100644 roles/lib/files/FWO.GlobalConstants/FWO.GlobalConstants.csproj
 rename roles/lib/files/{FWO.Api.Client/Data => FWO.GlobalConstants}/GlobalConstants.cs (98%)
 create mode 100644 roles/test/files/FWO.Test/AesEncryptionTest.cs

diff --git a/.vscode/launch.json b/.vscode/launch.json
index f2e0be8f7..70294467a 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -82,7 +82,7 @@
                 "PYTHONPATH": "${PYTHONPATH}:${workspaceRoot}"
             },
             "args": [
-                "-m24",
+                "-m5",
                 "-d1",
                 "-f",
                 "-s",
@@ -98,15 +98,17 @@
             ]
         },
         {
-            "name": "py-write-config",
+            "name": "py-customize-FWO-sample",
             "type": "debugpy",
             "request": "launch",
-            "program": "${workspaceFolder}/scripts/customizing/sample-config-change.py",
+            "program": "${workspaceFolder}/scripts/customizing/customizeFwoSampleScript.py",
             "console": "integratedTerminal",
             "env": {
                 "PYTHONPATH": "${PYTHONPATH}:${workspaceRoot}"
             },
-            "args": []
+            "args": [
+                "-c${workspaceFolder}/scripts/customizing/sampleCustomSettings.json"
+            ]
         },
         {
             "name": "py-acquire-lock",
@@ -327,13 +329,13 @@
             "name": "c#-FWO Test",
             "type": "coreclr",
             "request": "launch",
-            "preLaunchTask": "build_test",
+            // "preLaunchTask": "build_test",
             "program": "/usr/bin/dotnet",
             "args": [
                 "test"
             ],
             "cwd": "${workspaceFolder}/roles/test/files/FWO.Test",
-            "stopAtEntry": true,
+            "stopAtEntry": false,
             "console": "integratedTerminal"
         },
         {
diff --git a/documentation/revision-history-develop.md b/documentation/revision-history-develop.md
index 746a18dff..9f2788749 100644
--- a/documentation/revision-history-develop.md
+++ b/documentation/revision-history-develop.md
@@ -182,3 +182,10 @@ bugfix release:
 
 # 8.0.2 - 11.03.2024 DEVELOP
 - first version of NSX import module
+
+# 8.0.3 - 04.04.2024 DEVELOP
+- encrypt all passwords in database
+  - missing: ldap_connection
+- import custom rule fields start
+  - missing: import from other vendors besides check point
+  - missing: add custom fields to reports
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index a99ebfb35..08c024161 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -1,5 +1,5 @@
 ### general settings
-product_version: "8.0.2"
+product_version: "8.0.3"
 ansible_user: "{{ lookup('env', 'USER') }}"
 ansible_become_method: sudo
 ansible_python_interpreter: /usr/bin/python3
@@ -31,6 +31,7 @@ force_install: false
 user_id: 60320
 fworch_user: "{{ product_name }}"
 fworch_group: "{{ fworch_user }}"
+postgres_group: "postgres"
 fworch_parent_dir: "/usr/local"
 fworch_home: "{{ fworch_parent_dir }}/{{ product_name }}"
 fworch_conf_dir: "{{ fworch_home }}/etc"
diff --git a/inventory/group_vars/apiserver.yml b/inventory/group_vars/apiserver.yml
index da5a5e845..99ae69f84 100644
--- a/inventory/group_vars/apiserver.yml
+++ b/inventory/group_vars/apiserver.yml
@@ -8,7 +8,7 @@ api_hasura_admin_test_password: "not4production"
 api_user_email: "{{ api_user }}@{{ api_network_listening_ip_address }}"
 api_home: "{{ fworch_home }}/api"
 api_hasura_cli_bin: "{{ fworch_home }}/api/bin/hasura"
-api_hasura_version: "v2.37.0"
+api_hasura_version: "v2.38.1"
 api_project_name: api
 api_no_metadata: false
 api_rollback_is_running: false
diff --git a/inventory/group_vars/databaseserver.yml b/inventory/group_vars/databaseserver.yml
index 7a1792961..327bd2b27 100644
--- a/inventory/group_vars/databaseserver.yml
+++ b/inventory/group_vars/databaseserver.yml
@@ -26,6 +26,7 @@ database_idempotent_files:
   - fworch-grants.sql
   - fworch-import.sql
   - fworch-import-main.sql
+  - fworch-encryption.sql
   - fworch-obj-import.sql
   - fworch-obj-refs.sql
   - fworch-path-analysis.sql
diff --git a/roles/FWO.sln b/roles/FWO.sln
index e037014b6..75e798229 100644
--- a/roles/FWO.sln
+++ b/roles/FWO.sln
@@ -33,6 +33,12 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.Mail", "lib\files\FWO.M
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.Recert", "lib\files\FWO.Recert\FWO.Recert.csproj", "{520779B1-20EB-45D9-8A02-D0C4DFEC9302}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "files", "files", "{B48F8BD5-1056-4670-BEFA-F4A260293B6F}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FWO.Encryption", "lib\files\FWO.Encryption\FWO.Encryption.csproj", "{6EBEBF57-3399-4008-BA10-0D21F6827244}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FWO.GlobalConstants", "lib\files\FWO.GlobalConstants\FWO.GlobalConstants.csproj", "{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -95,6 +101,18 @@ Global
 		{520779B1-20EB-45D9-8A02-D0C4DFEC9302}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{520779B1-20EB-45D9-8A02-D0C4DFEC9302}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{520779B1-20EB-45D9-8A02-D0C4DFEC9302}.Release|Any CPU.Build.0 = Release|Any CPU
+		{14B56819-F629-4CE9-BBC0-7579392EFC83}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{14B56819-F629-4CE9-BBC0-7579392EFC83}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{14B56819-F629-4CE9-BBC0-7579392EFC83}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{14B56819-F629-4CE9-BBC0-7579392EFC83}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6EBEBF57-3399-4008-BA10-0D21F6827244}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6EBEBF57-3399-4008-BA10-0D21F6827244}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6EBEBF57-3399-4008-BA10-0D21F6827244}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6EBEBF57-3399-4008-BA10-0D21F6827244}.Release|Any CPU.Build.0 = Release|Any CPU
+		{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -111,6 +129,9 @@ Global
 		{C1D1FE54-4CDD-41C0-AABC-415950AA24D5} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5}
 		{1E7CA417-C64A-4BD9-98D2-5A0A2DD94726} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5}
 		{520779B1-20EB-45D9-8A02-D0C4DFEC9302} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5}
+		{B48F8BD5-1056-4670-BEFA-F4A260293B6F} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5}
+		{6EBEBF57-3399-4008-BA10-0D21F6827244} = {B48F8BD5-1056-4670-BEFA-F4A260293B6F}
+		{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3} = {B48F8BD5-1056-4670-BEFA-F4A260293B6F}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {68364621-1011-4D44-9CF5-518F0DC3F459}
diff --git a/roles/api/files/replace_metadata.json b/roles/api/files/replace_metadata.json
index 6841c208b..a8370d7de 100644
--- a/roles/api/files/replace_metadata.json
+++ b/roles/api/files/replace_metadata.json
@@ -12559,6 +12559,7 @@
                       "rule_num",
                       "rule_to_zone",
                       "track_id",
+                      "rule_custom_fields",
                       "rule_num_numeric",
                       "parent_rule_type",
                       "rule_action",
@@ -12609,6 +12610,7 @@
                       "rule_num",
                       "rule_to_zone",
                       "track_id",
+                      "rule_custom_fields",
                       "rule_num_numeric",
                       "parent_rule_type",
                       "rule_action",
@@ -12659,6 +12661,7 @@
                       "rule_num",
                       "rule_to_zone",
                       "track_id",
+                      "rule_custom_fields",
                       "rule_num_numeric",
                       "parent_rule_type",
                       "rule_action",
@@ -12673,6 +12676,9 @@
                       "rule_track",
                       "rule_uid"
                     ],
+                    "computed_fields": [
+                      "rule_relevant_for_tenant"
+                    ],
                     "filter": {},
                     "allow_aggregations": true
                   }
@@ -12706,6 +12712,7 @@
                       "rule_num",
                       "rule_to_zone",
                       "track_id",
+                      "rule_custom_fields",
                       "rule_num_numeric",
                       "parent_rule_type",
                       "rule_action",
@@ -12774,6 +12781,7 @@
                       "rule_num",
                       "rule_to_zone",
                       "track_id",
+                      "rule_custom_fields",
                       "rule_num_numeric",
                       "parent_rule_type",
                       "rule_action",
@@ -12842,6 +12850,7 @@
                       "rule_num",
                       "rule_to_zone",
                       "track_id",
+                      "rule_custom_fields",
                       "rule_num_numeric",
                       "parent_rule_type",
                       "rule_action",
diff --git a/roles/api/tasks/hasura-install.yml b/roles/api/tasks/hasura-install.yml
index 1e23506bf..a22e91a6c 100644
--- a/roles/api/tasks/hasura-install.yml
+++ b/roles/api/tasks/hasura-install.yml
@@ -34,9 +34,9 @@
   file:
     path: "{{ fworch_secrets_dir }}"
     state: directory
-    mode: "0700"
+    mode: "0750"
     owner: "{{ fworch_user }}"
-    group: "{{ fworch_group }}"
+    group: "{{ postgres_group }}"
   become: true
 
 - name: set static hasura admin pwd for test purposes only
diff --git a/roles/api/templates/fworch-hasura-docker-api.service.j2 b/roles/api/templates/fworch-hasura-docker-api.service.j2
index 6c0bc9c94..d66aecaa6 100644
--- a/roles/api/templates/fworch-hasura-docker-api.service.j2
+++ b/roles/api/templates/fworch-hasura-docker-api.service.j2
@@ -1,18 +1,20 @@
 [Unit]
 Description={{ product_name }} API
+Requires=docker.service
 {% if 'databaseserver' in group_names -%}
-After=network.target remote-fs.target nss-lookup.target postgresql.service
+After=network.target remote-fs.target nss-lookup.target postgresql.service docker.service
 {% else -%}
-After=network.target remote-fs.target nss-lookup.target
+After=network.target remote-fs.target nss-lookup.target docker.service
 {%- endif %}
 [Service]
+Restart=always
 WorkingDirectory={{ fworch_home }}
-ExecStartPre=/bin/sleep 10
-ExecStart=/usr/bin/docker start {{ api_container_name }}
+# ExecStartPre=/bin/sleep 10
+ExecStart=/usr/bin/docker start -a {{ api_container_name }}
+ExecStop=/usr/bin/docker stop -t 2 {{ api_container_name }}
 StandardOutput=journal
 StandardError=journal
 SyslogIdentifier={{ product_name }}-api
 User={{ fworch_user }}
-Environment=
 [Install]
-WantedBy=multi-user.target
+WantedBy=default.target
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index b51f8036a..c1ddf5db5 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -186,8 +186,35 @@
         path: "{{ fworch_home }}/etc/secrets"
         state: directory
         owner: "{{ fworch_user }}"
-        group: "{{ fworch_group }}"
-        mode: '0700'
+        group: "{{ postgres_group }}"
+        mode: '0750'
+
+    - name: generate main key
+      set_fact:
+        main_key: "{{ randomly_generated_pwd }}"  # 32 bytes
+        main_key_file: "{{ fworch_secrets_dir }}/main_key"
+      when: testkeys is not defined or testkeys|bool is false
+
+    - name: set static main key for test purposes only
+      set_fact:
+        main_key: "{{ api_hasura_admin_test_password }}..{{ api_hasura_admin_test_password }}.." # to have 32 bytes
+        main_key_file: "{{ fworch_secrets_dir }}/main_key"
+      when: testkeys is defined and testkeys|bool
+
+    - name: Check if main key file exists
+      stat:
+        path: "{{ main_key_file }}"
+      register: stat_result
+
+    - name: write main key to secrets directory
+      copy:
+        content: "{{ main_key }}\n"
+        dest: "{{ main_key_file }}"
+        mode: '0640'
+        owner: "{{ fworch_user }}"
+        group: "{{ postgres_group }}"
+      become: true
+      when: not stat_result.stat.exists
 
     - set_fact:
         wsgi_package_name: "{{ wsgi_package_name }}-py3"
diff --git a/roles/database/files/sql/creation/fworch-create-tables.sql b/roles/database/files/sql/creation/fworch-create-tables.sql
index f3d8a8d8a..bc02e768a 100755
--- a/roles/database/files/sql/creation/fworch-create-tables.sql
+++ b/roles/database/files/sql/creation/fworch-create-tables.sql
@@ -174,6 +174,7 @@ Create table "rule"
 	"rule_create" BIGINT NOT NULL,
 	"rule_last_seen" BIGINT NOT NULL,
 	"dev_id" Integer,
+	"rule_custom_fields" jsonb,
 	"access_rule" BOOLEAN Default TRUE,
 	"nat_rule" BOOLEAN Default FALSE,
 	"xlate_rule" BIGINT,
@@ -730,6 +731,7 @@ Create table "import_rule"
 	"parent_rule_uid" Text,
 	"rule_type" Varchar Default 'access',
 	"last_hit" Timestamp,
+	"rule_custom_fields" JSONB,
  primary key ("control_id","rule_id")
 );
 
diff --git a/roles/database/files/sql/idempotent/fworch-basic-procs.sql b/roles/database/files/sql/idempotent/fworch-basic-procs.sql
index 467f8b916..833a6802e 100644
--- a/roles/database/files/sql/idempotent/fworch-basic-procs.sql
+++ b/roles/database/files/sql/idempotent/fworch-basic-procs.sql
@@ -36,6 +36,19 @@ END;
 $$
 LANGUAGE plpgsql;
 
+CREATE OR REPLACE FUNCTION are_equal (jsonb, jsonb)
+    RETURNS boolean
+    AS $$
+BEGIN
+    IF (($1 IS NULL AND $2 IS NULL) OR $1 = $2) THEN
+        RETURN TRUE;
+    ELSE
+        RETURN FALSE;
+    END IF;
+END;
+$$
+LANGUAGE plpgsql;
+
 CREATE OR REPLACE FUNCTION are_equal (varchar, varchar)
     RETURNS boolean
     AS $$
diff --git a/roles/database/files/sql/idempotent/fworch-encryption.sql b/roles/database/files/sql/idempotent/fworch-encryption.sql
new file mode 100644
index 000000000..79f4f24ea
--- /dev/null
+++ b/roles/database/files/sql/idempotent/fworch-encryption.sql
@@ -0,0 +1,157 @@
+-------------------------------------
+-- credentials/secrets encryption
+-- the following functions are needed for the upgrade and during installation (to encrypt the ldap passwords in ldap_connection table)
+-- for existing installations all encrytion/decryption is done in the UI or in the MW server (for ldap binding)
+
+CREATE EXTENSION IF NOT EXISTS pgcrypto;
+
+CREATE OR REPLACE FUNCTION custom_aes_cbc_encrypt_base64(plaintext TEXT, key TEXT) RETURNS TEXT AS $$
+DECLARE
+    iv BYTEA;
+    encrypted_text BYTEA;
+BEGIN
+    -- Generate a random IV (Initialization Vector)
+    iv := gen_random_bytes(16); -- IV size for AES is typically 16 bytes
+
+    -- Perform AES CBC encryption
+    encrypted_text := encrypt_iv(plaintext::BYTEA, key::BYTEA, iv, 'aes-cbc/pad:pkcs');
+
+    -- Combine IV and encrypted text and encode them to base64
+    RETURN encode(iv || encrypted_text, 'base64');
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE OR REPLACE FUNCTION custom_aes_cbc_decrypt_base64(ciphertext TEXT, key TEXT) RETURNS TEXT AS $$
+DECLARE
+    iv BYTEA;
+    encrypted_text BYTEA;
+    decrypted_text BYTEA;
+BEGIN
+    -- Decode the base64 string into IV and encrypted text
+    encrypted_text := decode(ciphertext, 'base64');
+    
+    -- Extract IV from the encrypted text
+    iv := substring(encrypted_text from 1 for 16);
+    
+    -- Extract encrypted text without IV
+    encrypted_text := substring(encrypted_text from 17);
+    
+    -- Perform AES CBC decryption
+    decrypted_text := decrypt_iv(encrypted_text, key::BYTEA, iv, 'aes-cbc/pad:pkcs');
+    
+    -- Return the decrypted text
+    RETURN convert_from(decrypted_text, 'UTF8');
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE OR REPLACE FUNCTION encryptText (plaintext_in text, key_in text) RETURNS text AS $$
+DECLARE
+    t_cyphertext TEXT;
+    t_plaintext TEXT;
+    t_crypt_algo TEXT := 'cipher-algo=aes256';
+    t_coding_algo TEXT := 'base64';
+    -- ba_iv bytea;
+BEGIN
+    -- check if plaintext is actually ciphertext
+    BEGIN
+        SELECT into t_plaintext custom_aes_cbc_decrypt_base64(plaintext_in, key_in);
+        -- if we get here without error, the plaintext passed in was actually already encrypted
+        RETURN plaintext_in;
+    EXCEPTION WHEN OTHERS THEN
+        RETURN custom_aes_cbc_encrypt_base64(plaintext_in, key_in);
+    END;
+END; 
+$$ LANGUAGE plpgsql VOLATILE;
+
+CREATE OR REPLACE FUNCTION decryptText (cyphertext_in text, key text) RETURNS text AS $$
+DECLARE
+    t_plaintext TEXT;
+    t_crypt_algo TEXT := 'cipher-algo=aes-256-cbc/pad:pkcs';
+    t_coding_algo TEXT := 'base64';
+BEGIN
+    BEGIN
+        SELECT INTO t_plaintext custom_aes_cbc_decrypt_base64(cyphertext_in, key); 
+        RETURN t_plaintext;
+    EXCEPTION WHEN OTHERS THEN
+        -- decryption did not work out, so assuming that text was not encrypted
+        RAISE EXCEPTION 'decryption with the given key failed!';
+    END;
+
+END; 
+$$ LANGUAGE plpgsql VOLATILE;
+
+CREATE OR REPLACE FUNCTION encryptPasswords (key text) RETURNS VOID AS $$
+DECLARE
+    r_cred RECORD;
+    t_encrypted TEXT;
+BEGIN
+    -- encrypt pwds in import_credential table
+    FOR r_cred IN 
+        SELECT id, secret FROM import_credential
+    LOOP
+        SELECT INTO t_encrypted * FROM encryptText(r_cred.secret, key);
+        UPDATE import_credential SET secret=t_encrypted WHERE id=r_cred.id;
+    END LOOP;
+
+    --encrypt pwds in ldap_connection table
+    FOR r_cred IN 
+        SELECT ldap_search_user_pwd, ldap_write_user_pwd, ldap_connection_id FROM ldap_connection
+    LOOP
+        SELECT INTO t_encrypted * FROM encryptText(r_cred.ldap_search_user_pwd, key);
+        UPDATE ldap_connection SET ldap_search_user_pwd=t_encrypted WHERE ldap_connection_id=r_cred.ldap_connection_id;
+        SELECT INTO t_encrypted * FROM encryptText(r_cred.ldap_write_user_pwd, key);
+        UPDATE ldap_connection SET ldap_write_user_pwd=t_encrypted WHERE ldap_connection_id=r_cred.ldap_connection_id;
+    END LOOP;
+
+    RETURN;
+END; 
+$$ LANGUAGE plpgsql;
+
+-- get encryption key from filesystem
+CREATE OR REPLACE FUNCTION getMainKey() RETURNS TEXT AS $$
+DECLARE
+    t_key TEXT;
+BEGIN
+    CREATE TEMPORARY TABLE temp_main_key (key text);
+    COPY temp_main_key FROM '/etc/fworch/secrets/main_key' CSV DELIMITER ',';
+    SELECT INTO t_key * FROM temp_main_key;
+    -- RAISE NOTICE 'main key: "%"', t_key;
+    DROP TABLE temp_main_key;
+    RETURN t_key;
+END; 
+$$ LANGUAGE plpgsql;
+
+-- finally do the encryption in the db tables
+SELECT * FROM encryptPasswords (getMainKey());
+
+-- function for adding local ldap data with encrypted pwds into ldap_connection
+CREATE OR REPLACE FUNCTION insertLocalLdapWithEncryptedPasswords(
+    serverName TEXT, 
+    port INTEGER,
+    userSearchPath TEXT,
+    roleSearchPath TEXT, 
+    groupSearchPath TEXT,
+    tenantLevel INTEGER,
+    searchUser TEXT,
+    searchUserPwd TEXT,
+    writeUser TEXT,
+    writeUserPwd TEXT,
+    ldapType INTEGER
+) RETURNS VOID AS $$
+DECLARE
+    t_key TEXT;
+    t_encryptedReadPwd TEXT;
+    t_encryptedWritePwd TEXT;
+BEGIN
+    IF NOT EXISTS (SELECT * FROM ldap_connection WHERE ldap_server = serverName)
+    THEN
+        SELECT INTO t_key * FROM getMainKey();
+        SELECT INTO t_encryptedReadPwd * FROM encryptText(searchUserPwd, t_key);
+        SELECT INTO t_encryptedWritePwd * FROM encryptText(writeUserPwd, t_key);
+        INSERT INTO ldap_connection
+            (ldap_server, ldap_port, ldap_searchpath_for_users, ldap_searchpath_for_roles, ldap_searchpath_for_groups,
+            ldap_tenant_level, ldap_search_user, ldap_search_user_pwd, ldap_write_user, ldap_write_user_pwd, ldap_type)
+            VALUES (serverName, port, userSearchPath, roleSearchPath, groupSearchPath, tenantLevel, searchUser, t_encryptedReadPwd, writeUser, t_encryptedWritePwd, ldapType);
+    END IF;
+END;
+$$ LANGUAGE plpgsql;
diff --git a/roles/database/files/sql/idempotent/fworch-rule-import.sql b/roles/database/files/sql/idempotent/fworch-rule-import.sql
index bbc252455..3f5cea085 100644
--- a/roles/database/files/sql/idempotent/fworch-rule-import.sql
+++ b/roles/database/files/sql/idempotent/fworch-rule-import.sql
@@ -407,6 +407,7 @@ BEGIN
 		-- IF non_security_relevant_change(r_existing, r_to_import) THEN
 		IF ( NOT (		--	from here: non-security-relevant changes
 			are_equal(r_existing.rule_name,r_to_import.rule_name) AND 
+			are_equal(r_existing.rule_custom_fields,r_to_import.rule_custom_fields) AND 
 			are_equal(r_existing.rule_head_text, r_to_import.rule_head_text) AND
 			are_equal(r_existing.rule_comment, r_to_import.rule_comment) ))
 		THEN
@@ -459,14 +460,14 @@ BEGIN
 					(mgm_id,rule_name,rule_num,rule_ruleid,rule_uid,rule_disabled,rule_src_neg,rule_dst_neg,rule_svc_neg,
 					action_id,track_id,rule_src,rule_dst,rule_svc,rule_src_refs,rule_dst_refs,rule_svc_refs,rule_action,rule_track,rule_installon,rule_time,
 					rule_from_zone,rule_to_zone,rule_comment,rule_implied,rule_head_text,last_change_admin,
-					rule_create,rule_last_seen, dev_id, parent_rule_id, parent_rule_type, access_rule, nat_rule)
+					rule_create,rule_last_seen, dev_id, parent_rule_id, parent_rule_type, access_rule, nat_rule, rule_custom_fields)
 				VALUES (i_mgm_id,r_to_import.rule_name,i_rule_num,r_to_import.rule_ruleid,r_to_import.rule_uid,
 					r_to_import.rule_disabled,r_to_import.rule_src_neg,r_to_import.rule_dst_neg,r_to_import.rule_svc_neg,
 					i_action_id,i_track_id,r_to_import.rule_src,r_to_import.rule_dst,r_to_import.rule_svc,
 					r_to_import.rule_src_refs,r_to_import.rule_dst_refs,r_to_import.rule_svc_refs,
 					lower(r_to_import.rule_action),r_to_import.rule_track,r_to_import.rule_installon,r_to_import.rule_time,
 					i_fromzone,i_tozone, r_to_import.rule_comment,r_to_import.rule_implied,r_to_import.rule_head_text,i_admin_id,
-					i_control_id,i_control_id, i_dev_id, i_parent_rule_id, i_parent_rule_type, b_access_rule, b_nat_rule)
+					i_control_id,i_control_id, i_dev_id, i_parent_rule_id, i_parent_rule_type, b_access_rule, b_nat_rule, r_to_import.rule_custom_fields)
 				RETURNING rule_id INTO i_new_rule_id;
 			EXCEPTION WHEN OTHERS THEN
 				RAISE EXCEPTION 'rule_change_change exception while inserting rule: 
diff --git a/roles/database/files/upgrade/8.0.3.sql b/roles/database/files/upgrade/8.0.3.sql
new file mode 100644
index 000000000..37ee14b5f
--- /dev/null
+++ b/roles/database/files/upgrade/8.0.3.sql
@@ -0,0 +1,183 @@
+-- add default config value to avoid warnings
+insert into config (config_key, config_value, config_user) VALUES ('modCommonAreas', '', 0) ON CONFLICT DO NOTHING;
+
+-- add custom fields as jsonb
+Alter table rule add column if not exists rule_custom_fields JSONB;
+Alter table import_rule add column if not exists rule_custom_fields JSONB;
+
+
+-- adding imported custom rule fields 
+-- replaced CREATE OR REPLACE FUNCTION insert_single_rule(BIGINT,INTEGER,INTEGER,BIGINT,BOOLEAN) RETURNS BIGINT AS $$
+-- new compare function for jsonb necessary for custom rule fields
+CREATE OR REPLACE FUNCTION are_equal (jsonb, jsonb)
+    RETURNS boolean
+    AS $$
+BEGIN
+    IF (($1 IS NULL AND $2 IS NULL) OR $1 = $2) THEN
+        RETURN TRUE;
+    ELSE
+        RETURN FALSE;
+    END IF;
+END;
+$$
+LANGUAGE plpgsql;
+
+-------------------------------------
+-- credentials/secrets encryption
+-- the following functions are needed for the upgrade and during installation (to encrypt the ldap passwords in ldap_connection table)
+-- for existing installations all encrytion/decryption is done in the UI or in the MW server (for ldap binding)
+
+CREATE EXTENSION IF NOT EXISTS pgcrypto;
+
+CREATE OR REPLACE FUNCTION custom_aes_cbc_encrypt_base64(plaintext TEXT, key TEXT) RETURNS TEXT AS $$
+DECLARE
+    iv BYTEA;
+    encrypted_text BYTEA;
+BEGIN
+    -- Generate a random IV (Initialization Vector)
+    iv := gen_random_bytes(16); -- IV size for AES is typically 16 bytes
+
+    -- Perform AES CBC encryption
+    encrypted_text := encrypt_iv(plaintext::BYTEA, key::BYTEA, iv, 'aes-cbc/pad:pkcs');
+
+    -- Combine IV and encrypted text and encode them to base64
+    RETURN encode(iv || encrypted_text, 'base64');
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE OR REPLACE FUNCTION custom_aes_cbc_decrypt_base64(ciphertext TEXT, key TEXT) RETURNS TEXT AS $$
+DECLARE
+    iv BYTEA;
+    encrypted_text BYTEA;
+    decrypted_text BYTEA;
+BEGIN
+    -- Decode the base64 string into IV and encrypted text
+    encrypted_text := decode(ciphertext, 'base64');
+    
+    -- Extract IV from the encrypted text
+    iv := substring(encrypted_text from 1 for 16);
+    
+    -- Extract encrypted text without IV
+    encrypted_text := substring(encrypted_text from 17);
+    
+    -- Perform AES CBC decryption
+    decrypted_text := decrypt_iv(encrypted_text, key::BYTEA, iv, 'aes-cbc/pad:pkcs');
+    
+    -- Return the decrypted text
+    RETURN convert_from(decrypted_text, 'UTF8');
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE OR REPLACE FUNCTION encryptText (plaintext_in text, key_in text) RETURNS text AS $$
+DECLARE
+    t_cyphertext TEXT;
+    t_plaintext TEXT;
+    t_crypt_algo TEXT := 'cipher-algo=aes256';
+    t_coding_algo TEXT := 'base64';
+    -- ba_iv bytea;
+BEGIN
+    -- check if plaintext is actually ciphertext
+    BEGIN
+        SELECT into t_plaintext custom_aes_cbc_decrypt_base64(plaintext_in, key_in);
+        -- if we get here without error, the plaintext passed in was actually already encrypted
+        RETURN plaintext_in;
+    EXCEPTION WHEN OTHERS THEN
+        RETURN custom_aes_cbc_encrypt_base64(plaintext_in, key_in);
+    END;
+END; 
+$$ LANGUAGE plpgsql VOLATILE;
+
+CREATE OR REPLACE FUNCTION decryptText (cyphertext_in text, key text) RETURNS text AS $$
+DECLARE
+    t_plaintext TEXT;
+    t_crypt_algo TEXT := 'cipher-algo=aes-256-cbc/pad:pkcs';
+    t_coding_algo TEXT := 'base64';
+BEGIN
+    BEGIN
+        SELECT INTO t_plaintext custom_aes_cbc_decrypt_base64(cyphertext_in, key); 
+        RETURN t_plaintext;
+    EXCEPTION WHEN OTHERS THEN
+        -- decryption did not work out, so assuming that text was not encrypted
+        RAISE EXCEPTION 'decryption with the given key failed!';
+    END;
+
+END; 
+$$ LANGUAGE plpgsql VOLATILE;
+
+CREATE OR REPLACE FUNCTION encryptPasswords (key text) RETURNS VOID AS $$
+DECLARE
+    r_cred RECORD;
+    t_encrypted TEXT;
+BEGIN
+    -- encrypt pwds in import_credential table
+    FOR r_cred IN 
+        SELECT id, secret FROM import_credential
+    LOOP
+        SELECT INTO t_encrypted * FROM encryptText(r_cred.secret, key);
+        UPDATE import_credential SET secret=t_encrypted WHERE id=r_cred.id;
+    END LOOP;
+
+    --encrypt pwds in ldap_connection table
+    FOR r_cred IN 
+        SELECT ldap_search_user_pwd, ldap_write_user_pwd, ldap_connection_id FROM ldap_connection
+    LOOP
+        SELECT INTO t_encrypted * FROM encryptText(r_cred.ldap_search_user_pwd, key);
+        UPDATE ldap_connection SET ldap_search_user_pwd=t_encrypted WHERE ldap_connection_id=r_cred.ldap_connection_id;
+        SELECT INTO t_encrypted * FROM encryptText(r_cred.ldap_write_user_pwd, key);
+        UPDATE ldap_connection SET ldap_write_user_pwd=t_encrypted WHERE ldap_connection_id=r_cred.ldap_connection_id;
+    END LOOP;
+
+    RETURN;
+END; 
+$$ LANGUAGE plpgsql;
+
+-- get encryption key from filesystem
+CREATE OR REPLACE FUNCTION getMainKey() RETURNS TEXT AS $$
+DECLARE
+    t_key TEXT;
+BEGIN
+    CREATE TEMPORARY TABLE temp_main_key (key text);
+    COPY temp_main_key FROM '/etc/fworch/secrets/main_key' CSV DELIMITER ',';
+    SELECT INTO t_key * FROM temp_main_key;
+    -- RAISE NOTICE 'main key: "%"', t_key;
+    DROP TABLE temp_main_key;
+    RETURN t_key;
+END; 
+$$ LANGUAGE plpgsql;
+
+-- finally do the encryption in the db tables
+SELECT * FROM encryptPasswords (getMainKey());
+-- test using: SELECT * FROM custom_aes_cbc_decrypt_base64(custom_aes_cbc_encrypt_base64('superpwd', 'yVPJUhSSWzRSzEtFLkQvtqNDjzLZResp'), 'yVPJUhSSWzRSzEtFLkQvtqNDjzLZResp');
+
+-- function for adding local ldap data with encrypted pwds into ldap_connection
+CREATE OR REPLACE FUNCTION insertLocalLdapWithEncryptedPasswords(
+    serverName TEXT, 
+    port INTEGER,
+    userSearchPath TEXT,
+    roleSearchPath TEXT, 
+    groupSearchPath TEXT,
+    tenantLevel INTEGER,
+    searchUser TEXT,
+    searchUserPwd TEXT,
+    writeUser TEXT,
+    writeUserPwd TEXT,
+    ldapType INTEGER
+) RETURNS VOID AS $$
+DECLARE
+    t_key TEXT;
+    t_encryptedReadPwd TEXT;
+    t_encryptedWritePwd TEXT;
+BEGIN
+    IF NOT EXISTS (SELECT * FROM ldap_connection WHERE ldap_server = serverName)
+    THEN
+        SELECT INTO t_key * FROM getMainKey();
+        SELECT INTO t_encryptedReadPwd * FROM encryptText(searchUserPwd, t_key);
+        SELECT INTO t_encryptedWritePwd * FROM encryptText(writeUserPwd, t_key);
+        INSERT INTO ldap_connection
+            (ldap_server, ldap_port, ldap_searchpath_for_users, ldap_searchpath_for_roles, ldap_searchpath_for_groups,
+            ldap_tenant_level, ldap_search_user, ldap_search_user_pwd, ldap_write_user, ldap_write_user_pwd, ldap_type)
+            VALUES (serverName, port, userSearchPath, roleSearchPath, groupSearchPath, tenantLevel, searchUser, t_encryptedReadPwd, writeUser, t_encryptedWritePwd, ldapType);
+    END IF;
+END;
+$$ LANGUAGE plpgsql;
+-- test using: SELECT * FROM insertLocalLdapWithEncryptedPasswords('127.0.0.3', 636, 'ou=operator,ou=user,dc=fworch,dc=internal','ou=role,dc=fworch,dc=internal','ou=group,dc=fworch,dc=internal',5,'inspector','WAhxGDPcRWBXshcyMHwRBqfVSikAwGUA','ldapwriter','IpifgLXOwguTZzbadQkNnZyleJcKbaCw',2);
diff --git a/roles/database/tasks/install-database.yml b/roles/database/tasks/install-database.yml
index 743e4f2e6..1fb0b916b 100644
--- a/roles/database/tasks/install-database.yml
+++ b/roles/database/tasks/install-database.yml
@@ -3,8 +3,8 @@
     path: "{{ fworch_home }}/etc/secrets"
     state: directory
     owner: "{{ fworch_user }}"
-    group: "{{ fworch_group }}"
-    mode: "0700"
+    group: "{{ postgres_group }}"
+    mode: "0750"
   become: true
 
 - name: set dbadmin password from parameter
diff --git a/roles/importer/files/importer/checkpointR8x/cp_rule.py b/roles/importer/files/importer/checkpointR8x/cp_rule.py
index b52664a1b..13f252b37 100644
--- a/roles/importer/files/importer/checkpointR8x/cp_rule.py
+++ b/roles/importer/files/importer/checkpointR8x/cp_rule.py
@@ -176,6 +176,11 @@ def parse_single_rule(src_rule, rulebase, layer_name, import_id, rule_num, paren
             else:
                 rule_name = None
 
+            # new in v8.0.3:
+            rule_custom_fields = None
+            if 'custom-fields' in src_rule:
+                rule_custom_fields = src_rule['custom-fields']
+
             if 'meta-info' in src_rule and 'last-modifier' in src_rule['meta-info']:
                 rule_last_change_admin = src_rule['meta-info']['last-modifier']
             else:
@@ -231,6 +236,7 @@ def parse_single_rule(src_rule, rulebase, layer_name, import_id, rule_num, paren
                 "rule_time":        sanitize(src_rule['time'][0]['name']),
                 "rule_name":        sanitize(rule_name),
                 "rule_uid":         sanitize(src_rule['uid']),
+                "rule_custom_fields": sanitize(rule_custom_fields),
                 "rule_implied":     False,
                 "rule_type":        sanitize(rule_type),
                 # "rule_head_text": sanitize(section_name),
@@ -243,6 +249,7 @@ def parse_single_rule(src_rule, rulebase, layer_name, import_id, rule_num, paren
             if comments is not None:
                 rule['rule_comment'] = sanitize(comments)
             rulebase.append(rule)
+
             return rule_num + 1
     return rule_num
 
diff --git a/roles/importer/files/importer/checkpointR8x/fwcommon.py b/roles/importer/files/importer/checkpointR8x/fwcommon.py
index ac6a80db3..51d64bd0c 100644
--- a/roles/importer/files/importer/checkpointR8x/fwcommon.py
+++ b/roles/importer/files/importer/checkpointR8x/fwcommon.py
@@ -24,7 +24,7 @@ def has_config_changed (full_config, mgm_details, force=False):
     try: # top level dict start, sid contains the domain information, so only sending domain during login
         session_id = login_cp(mgm_details, domain)
     except:
-        raise FwLoginFailed     # maybe 2Temporary failure in name resolution"
+        raise FwLoginFailed     # maybe "temporary failure in name resolution"
 
     last_change_time = ''
     if 'import_controls' in mgm_details:
diff --git a/roles/importer/files/importer/fwo_api.py b/roles/importer/files/importer/fwo_api.py
index f827accc5..aa478a266 100644
--- a/roles/importer/files/importer/fwo_api.py
+++ b/roles/importer/files/importer/fwo_api.py
@@ -1,17 +1,25 @@
 # library for FWORCH API calls
-from asyncio.log import logger
+# from asyncio.log import logger
 import re
 import traceback
-from sqlite3 import Timestamp
-from textwrap import indent
+# from sqlite3 import Timestamp
+# from textwrap import indent
 import requests.packages
 import requests
 import json
 import datetime
+import base64
+import gnupg
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.primitives import padding
+
+
 from fwo_log import getFwoLogger
 import fwo_globals
+import fwo_const
 from fwo_const import fwo_api_http_import_timeout
-from fwo_exception import FwoApiTServiceUnavailable, FwoApiTimeout, FwoApiLoginFailed
+from fwo_exception import FwoApiTServiceUnavailable, FwoApiTimeout, FwoApiLoginFailed, SecretDecryptionFailed
 from fwo_base import writeAlertToLogFile
 
 
@@ -192,11 +200,85 @@ def get_mgm_details(fwo_api_base_url, jwt, query_variables, debug_level=0):
     """
     api_call_result = call(fwo_api_base_url, jwt, mgm_query, query_variables=query_variables, role='importer')
     if 'data' in api_call_result and 'management' in api_call_result['data'] and len(api_call_result['data']['management'])>=1:
+        if not '://' in api_call_result['data']['management'][0]['hostname']:
+            # only decrypt if we have a real management and are not fetching the config from an URL
+            # decrypt secret read from API
+            try:
+                secret = api_call_result['data']['management'][0]['import_credential']['secret']
+                decryptedSecret = decrypt(secret, readMainKey())
+            except ():
+                raise SecretDecryptionFailed
+            api_call_result['data']['management'][0]['import_credential']['secret'] = decryptedSecret
         return api_call_result['data']['management'][0]
     else:
         raise Exception('did not succeed in getting management details from FWO API')
 
 
+def readMainKey(filePath=fwo_const.mainKeyFile):
+    with open(filePath, "r") as keyfile:
+        mainKey = keyfile.read().rstrip(' \n')
+    return mainKey
+
+
+# can be used for decrypting text encrypted with postgresql.pgp_sym_encrypt
+def decryptGpg(encryptedTextIn, key):
+    logger = getFwoLogger()
+    gpg = gnupg.GPG()
+
+    binData = base64.b64decode(encryptedTextIn)
+    decrypted_data = gpg.decrypt(binData, passphrase=key)
+
+    if decrypted_data.ok:
+        return decrypted_data.data.decode('utf-8')
+    else:
+        logger.info("error while decrypting: " + decrypted_data.status + ", assuming plaintext credentials")
+        return encryptedTextIn
+
+
+# can be used for decrypting text encrypted with C# (mw-server)
+def decrypt_aes_ciphertext(base64_encrypted_text, passphrase):
+    encrypted_data = base64.b64decode(base64_encrypted_text)
+    ivLength = 16 # IV length for AES is 16 bytes
+
+    # Extract IV from the encrypted data
+    iv = encrypted_data[:ivLength]  
+
+    # Initialize AES cipher with provided passphrase and IV
+    backend = default_backend()
+    cipher = Cipher(algorithms.AES(passphrase.encode()), modes.CBC(iv), backend=backend)
+    decryptor = cipher.decryptor()
+
+    # Decrypt the ciphertext
+    decrypted_data = decryptor.update(encrypted_data[ivLength:]) + decryptor.finalize()
+
+    # Remove padding
+    unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
+    try:
+        unpadded_data = unpadder.update(decrypted_data) + unpadder.finalize()
+        return unpadded_data.decode('utf-8')  # Assuming plaintext is UTF-8 encoded
+    except ValueError as e:
+        raise Exception ('AES decryption failed:', e)
+
+
+# wrapper for trying the different decryption methods
+def decrypt(encrypted_data, passphrase):
+    logger = getFwoLogger()
+    try:
+        decrypted = decrypt_aes_ciphertext(encrypted_data, passphrase)
+        return decrypted
+    except:
+        logger.warning("Unspecified error while decrypting with MS: " + str(traceback.format_exc()))
+        # try:
+        #     # trying postgres decryption
+        #     decrypted = decryptGpg(encrypted_data, passphrase)
+        #     return decrypted
+        # except:
+        #     logger.warning("Unspecified error while decrypting with gpg: " + str(traceback.format_exc()))
+        #     logger("error while decrypting: " + encrypted_data + ", assuming plaintext credentials")
+            # we return the credentials as is (not able to derypt them and assume they are in plaintext)
+        return encrypted_data
+
+
 def log_import_attempt(fwo_api_base_url, jwt, mgm_id, successful=False):
     now = datetime.datetime.now().isoformat()
     query_variables = { "mgmId": mgm_id, "timeStamp": now, "success": successful }
diff --git a/roles/importer/files/importer/fwo_const.py b/roles/importer/files/importer/fwo_const.py
index 1a3fd5686..0bafbd7ac 100644
--- a/roles/importer/files/importer/fwo_const.py
+++ b/roles/importer/files/importer/fwo_const.py
@@ -18,6 +18,7 @@
 fwo_api_http_import_timeout = 14400 # 4 hours
 importer_user_name = 'importer'  # todo: move to config file?
 fwo_config_filename = base_dir + '/etc/fworch.json'
+mainKeyFile=base_dir + '/etc/secrets/main_key'
 importer_pwd_file = base_dir + '/etc/secrets/importer_pwd'
 import_tmp_path = base_dir + '/tmp/import'
 fwo_config_filename = base_dir + '/etc/fworch.json'
diff --git a/roles/importer/files/importer/fwo_exception.py b/roles/importer/files/importer/fwo_exception.py
index c2c1e69da..ece6711d6 100644
--- a/roles/importer/files/importer/fwo_exception.py
+++ b/roles/importer/files/importer/fwo_exception.py
@@ -3,62 +3,69 @@ class FwLoginFailed(Exception):
     """Raised when login to FW management failed"""
 
     def __init__(self, message="Login to FW management failed"):
-            self.message = message
-            super().__init__(self.message)
+        self.message = message
+        super().__init__(self.message)
 
 class FwLogoutFailed(Exception):
     """Raised when logout from FW management failed"""
 
     def __init__(self, message="Logout from FW management failed"):
-            self.message = message
-            super().__init__(self.message)
+        self.message = message
+        super().__init__(self.message)
+
+class SecretDecryptionFailed(Exception):
+    """Raised when the attempt to decrypt a secret with the given key fails"""
+
+    def __init__(self, message="Could not decrypt an API secret with given key"):
+        self.message = message
+        super().__init__(self.message)
 
 class FwoApiLoginFailed(Exception):
     """Raised when login to FWO API failed"""
 
     def __init__(self, message="Login to FWO API failed"):
-            self.message = message
-            super().__init__(self.message)
+        self.message = message
+        super().__init__(self.message)
 
 class FwoApiFailedLockImport(Exception):
     """Raised when unable to lock import (import running?)"""
 
     def __init__(self, message="Locking import failed - already running?"):
-            self.message = message
-            super().__init__(self.message)
+        self.message = message
+        super().__init__(self.message)
 
 class FwoApiFailure(Exception):
     """Raised for any other FwoApi call exceptions"""
 
     def __init__(self, message="There was an unclassified error while executing an FWO API call"):
-            self.message = message
-            super().__init__(self.message)
+        self.message = message
+        super().__init__(self.message)
 
 class FwoApiTimeout(Exception):
     """Raised for 502 http error with proxy due to timeout"""
 
     def __init__(self, message="reverse proxy timeout error during FWO API call - try increasing the reverse proxy timeout"):
-            self.message = message
-            super().__init__(self.message)
+        self.message = message
+        super().__init__(self.message)
 
 class FwoApiTServiceUnavailable(Exception):
     """Raised for 503 http error Serice unavailable"""
 
     def __init__(self, message="FWO API Hasura container died"):
-            self.message = message
-            super().__init__(self.message)
+        self.message = message
+        super().__init__(self.message)
 
 class ConfigFileNotFound(Exception):
     """can only happen when specifying config file with -i switch"""
 
     def __init__(self, message="Could not read config file"):
-            self.message = message
-            super().__init__(self.message)
+        self.message = message
+        super().__init__(self.message)
 
 
 class ImportRecursionLimitReached(Exception):
     """Raised when recursion of function inimport process reaches max allowed recursion limit"""
 
     def __init__(self, message="Max recursion level reached - aborting"):
-            self.message = message
-            super().__init__(self.message)
+        self.message = message
+        super().__init__(self.message)
diff --git a/roles/importer/tasks/main.yml b/roles/importer/tasks/main.yml
index 724343c68..56577772b 100644
--- a/roles/importer/tasks/main.yml
+++ b/roles/importer/tasks/main.yml
@@ -37,6 +37,7 @@
       - libexpect-perl
       - libcgi-pm-perl
       - python3-jsonpickle
+      - python3-gnupg
 
   - name: Install importer python modules
     package: name={{ item }} state=present
diff --git a/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs b/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
index 7a1356b0b..0c625782e 100644
--- a/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/DisplayBase.cs
@@ -2,6 +2,7 @@
 using NetTools;
 using FWO.Logging;
 using System.Net;
+using FWO.GlobalConstants;
 
 namespace FWO.Api.Data
 {
diff --git a/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs b/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs
index 20a662e11..5b61d881a 100644
--- a/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs
@@ -1,6 +1,9 @@
 using System.Text.Json.Serialization; 
 using Newtonsoft.Json; 
+using System.Reflection.Metadata.Ecma335;
+
 using FWO.Middleware.RequestParameters;
+using FWO.Encryption;
 
 namespace FWO.Api.Data
 {
@@ -77,12 +80,36 @@ public LdapConnectionBase(LdapGetUpdateParameters ldapGetUpdateParameters)
             SearchUser = ldapGetUpdateParameters.SearchUser;
             Tls = ldapGetUpdateParameters.Tls;
             TenantLevel = ldapGetUpdateParameters.TenantLevel;
-            SearchUserPwd = ldapGetUpdateParameters.SearchUserPwd;
+            if (ldapGetUpdateParameters.SearchUserPwd != null)
+            {
+                try 
+                {
+                    SearchUserPwd = AesEnc.Decrypt(ldapGetUpdateParameters.SearchUserPwd, AesEnc.GetMainKey());
+                }
+                catch
+                {
+                    // assuming we found an unencrypted password
+                    SearchUserPwd = ldapGetUpdateParameters.SearchUserPwd;
+                }
+            }
             UserSearchPath = ldapGetUpdateParameters.SearchpathForUsers;
             RoleSearchPath = ldapGetUpdateParameters.SearchpathForRoles;
             GroupSearchPath = ldapGetUpdateParameters.SearchpathForGroups;
             WriteUser = ldapGetUpdateParameters.WriteUser;
-            WriteUserPwd = ldapGetUpdateParameters.WriteUserPwd;
+
+            if (ldapGetUpdateParameters.WriteUserPwd != null)
+            {
+                try 
+                {
+                    WriteUserPwd = AesEnc.Decrypt(ldapGetUpdateParameters.WriteUserPwd, AesEnc.GetMainKey());
+                }
+                catch
+                {
+                    // assuming we found an unencrypted password
+                    WriteUserPwd = ldapGetUpdateParameters.WriteUserPwd;
+                }
+            }
+
             TenantId = ldapGetUpdateParameters.TenantId;
             GlobalTenantName = ldapGetUpdateParameters.GlobalTenantName;
             Active = ldapGetUpdateParameters.Active;
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
index 5a8774e30..f8d154215 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingAppRole.cs
@@ -1,5 +1,6 @@
 using System.Text.Json.Serialization; 
 using Newtonsoft.Json;
+using FWO.GlobalConstants;
 
 namespace FWO.Api.Data
 {
diff --git a/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
index 3ab8778e4..c1db39e05 100644
--- a/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/ModellingServiceGroup.cs
@@ -1,5 +1,6 @@
 using System.Text.Json.Serialization; 
 using Newtonsoft.Json;
+using FWO.GlobalConstants;
 
 namespace FWO.Api.Data
 {
diff --git a/roles/lib/files/FWO.Api.Client/Data/Rule.cs b/roles/lib/files/FWO.Api.Client/Data/Rule.cs
index 9d69e7383..2e15c8ab1 100644
--- a/roles/lib/files/FWO.Api.Client/Data/Rule.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/Rule.cs
@@ -86,6 +86,9 @@ public class Rule
         [JsonProperty("dev_id"), JsonPropertyName("dev_id")]
         public int DeviceId { get; set; }
 
+        [JsonProperty("rule_custom_fields"), JsonPropertyName("rule_custom_fields")]
+        public string CustomFields { get; set; } = "";
+
 
         public int DisplayOrderNumber { get; set; }
         public bool Certified { get; set; }
diff --git a/roles/lib/files/FWO.Api.Client/Data/StateMatrix.cs b/roles/lib/files/FWO.Api.Client/Data/StateMatrix.cs
index 3d6d08d94..dca78f139 100644
--- a/roles/lib/files/FWO.Api.Client/Data/StateMatrix.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/StateMatrix.cs
@@ -1,4 +1,5 @@
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using System.Text.Json.Serialization; 
 using Newtonsoft.Json; 
diff --git a/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs b/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs
index 3ec58cb0c..d43c8e1b3 100644
--- a/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs
@@ -1,6 +1,7 @@
 using System.Text.Json.Serialization; 
 using Newtonsoft.Json;
 using FWO.Middleware.RequestParameters;
+using FWO.Encryption;
 
 namespace FWO.Api.Data
 {
@@ -41,12 +42,36 @@ public UiLdapConnection(UiLdapConnection ldapConnection)
             SearchUser = ldapConnection.SearchUser;
             Tls = ldapConnection.Tls;
             TenantLevel = ldapConnection.TenantLevel;
-            SearchUserPwd = ldapConnection.SearchUserPwd;
+            if (ldapConnection.SearchUserPwd != null)
+            {
+                try 
+                {
+                    SearchUserPwd = AesEnc.Decrypt(ldapConnection.SearchUserPwd, AesEnc.GetMainKey());
+                }
+                catch
+                {
+                    // assuming we found an unencrypted password
+                    SearchUserPwd = ldapConnection.SearchUserPwd;
+                }
+            }
+
             UserSearchPath = ldapConnection.UserSearchPath;
             RoleSearchPath = ldapConnection.RoleSearchPath;
             GroupSearchPath = ldapConnection.GroupSearchPath;
             WriteUser = ldapConnection.WriteUser;
-            WriteUserPwd = ldapConnection.WriteUserPwd;
+
+            if (ldapConnection.WriteUserPwd != null)
+            {
+                try 
+                {
+                    WriteUserPwd = AesEnc.Decrypt(ldapConnection.WriteUserPwd, AesEnc.GetMainKey());
+                }
+                catch
+                {
+                    // assuming we found an unencrypted password
+                    WriteUserPwd = ldapConnection.WriteUserPwd;
+                }
+            }
             TenantId = ldapConnection.TenantId;
             GlobalTenantName = ldapConnection.GlobalTenantName;
             Active = ldapConnection.Active;
diff --git a/roles/lib/files/FWO.Api.Client/FWO.Api.Client.csproj b/roles/lib/files/FWO.Api.Client/FWO.Api.Client.csproj
index 176874847..5d031f437 100644
--- a/roles/lib/files/FWO.Api.Client/FWO.Api.Client.csproj
+++ b/roles/lib/files/FWO.Api.Client/FWO.Api.Client.csproj
@@ -18,6 +18,7 @@
     <ProjectReference Include="..\FWO.Config.File\FWO.Config.File.csproj" />
     <ProjectReference Include="..\FWO.Middleware\FWO.Middleware.csproj" />
     <ProjectReference Include="..\FWO.Logging\FWO.Logging.csproj" />
+    <ProjectReference Include="..\FWO.Encryption\FWO.Encryption.csproj" />
   </ItemGroup>
 
 </Project>
diff --git a/roles/lib/files/FWO.Config.Api/Data/CommonArea.cs b/roles/lib/files/FWO.Config.Api/Data/CommonArea.cs
index 37e7983c0..d44484e60 100644
--- a/roles/lib/files/FWO.Config.Api/Data/CommonArea.cs
+++ b/roles/lib/files/FWO.Config.Api/Data/CommonArea.cs
@@ -1,5 +1,6 @@
 using Newtonsoft.Json;
 using System.Text.Json.Serialization;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 
 namespace FWO.Config.Api.Data
diff --git a/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs b/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
index d38c1228e..533f13335 100644
--- a/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
+++ b/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
@@ -1,6 +1,8 @@
 using Newtonsoft.Json;
 using System.Text.Json;
 using System.Text.Json.Serialization;
+using FWO.GlobalConstants;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Mail;
 
diff --git a/roles/lib/files/FWO.Config.Api/Data/RecertCheckParams.cs b/roles/lib/files/FWO.Config.Api/Data/RecertCheckParams.cs
index a96895a96..5f935e870 100644
--- a/roles/lib/files/FWO.Config.Api/Data/RecertCheckParams.cs
+++ b/roles/lib/files/FWO.Config.Api/Data/RecertCheckParams.cs
@@ -1,5 +1,6 @@
 using Newtonsoft.Json;
 using System.Text.Json.Serialization;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 
 namespace FWO.Config.Api.Data
diff --git a/roles/lib/files/FWO.Config.Api/UserConfig.cs b/roles/lib/files/FWO.Config.Api/UserConfig.cs
index 8b54e6887..68ed1973b 100644
--- a/roles/lib/files/FWO.Config.Api/UserConfig.cs
+++ b/roles/lib/files/FWO.Config.Api/UserConfig.cs
@@ -1,7 +1,9 @@
 using System.Text.RegularExpressions;
+using FWO.GlobalConstants;
 using FWO.Logging;
 using FWO.Config.Api.Data;
 using FWO.Api.Client;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client.Queries;
 using System.Reflection;
diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryBase.cs b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryBase.cs
index bcbbae064..8048917d6 100644
--- a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryBase.cs
+++ b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryBase.cs
@@ -1,7 +1,10 @@
-using FWO.Api.Data;
+using System.Text.Json;
+
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Logging;
-using System.Text.Json;
+using FWO.Encryption;
 
 namespace FWO.DeviceAutoDiscovery
 {
@@ -16,6 +19,23 @@ public class AutoDiscoveryBase
         public AutoDiscoveryBase(Management mgm, ApiConnection apiConn)
         {
             superManagement = mgm;
+
+            string mainKey = AesEnc.GetMainKey();
+
+            string decryptedSecret = superManagement.ImportCredential.Secret;
+
+            // try to decrypt secret, keep it as is if failing
+            try
+            {
+                decryptedSecret = AesEnc.Decrypt(superManagement.ImportCredential.Secret, mainKey);
+            }
+            catch (Exception)
+            {
+                // Log.WriteWarning("AutoDiscovery", $"Found unencrypted credential secret: {superManagement.ImportCredential.Name}.");
+                Log.WriteWarning("AutoDiscovery", $"Could not decrypt secret {superManagement.ImportCredential.Secret} in credential named: {superManagement.ImportCredential.Name}.");
+            }
+
+            superManagement.ImportCredential.Secret = decryptedSecret;
             apiConnection = apiConn;
         }
 
diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryCpMds.cs b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryCpMds.cs
index a0606844c..c998d482c 100644
--- a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryCpMds.cs
+++ b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryCpMds.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Logging;
 using FWO.Rest.Client;
diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryFortiManager.cs b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryFortiManager.cs
index 5c9f358c1..8fbd655af 100644
--- a/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryFortiManager.cs
+++ b/roles/lib/files/FWO.DeviceAutoDiscovery/AutoDiscoveryFortiManager.cs
@@ -1,5 +1,6 @@
 using System.Net;
 using RestSharp;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Logging;
diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/CheckPointAPI.cs b/roles/lib/files/FWO.DeviceAutoDiscovery/CheckPointAPI.cs
index baade3e83..7a030b4f3 100644
--- a/roles/lib/files/FWO.DeviceAutoDiscovery/CheckPointAPI.cs
+++ b/roles/lib/files/FWO.DeviceAutoDiscovery/CheckPointAPI.cs
@@ -1,5 +1,6 @@
 using RestSharp;
 using System.Text.Json;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using System.Text.Json.Serialization;
 using Newtonsoft.Json;
diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/FWO.DeviceAutoDiscovery.csproj b/roles/lib/files/FWO.DeviceAutoDiscovery/FWO.DeviceAutoDiscovery.csproj
index 8f9ca77df..ca99787a3 100644
--- a/roles/lib/files/FWO.DeviceAutoDiscovery/FWO.DeviceAutoDiscovery.csproj
+++ b/roles/lib/files/FWO.DeviceAutoDiscovery/FWO.DeviceAutoDiscovery.csproj
@@ -16,6 +16,7 @@
   <ItemGroup>
     <ProjectReference Include="..\..\..\lib\files\FWO.Config.Api\FWO.Config.Api.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Logging\FWO.Logging.csproj" />
+    <ProjectReference Include="..\..\..\lib\files\FWO.Encryption\FWO.Encryption.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Api.Client\FWO.Api.Client.csproj" />
   </ItemGroup>
 
diff --git a/roles/lib/files/FWO.DeviceAutoDiscovery/FortiManagerAPI.cs b/roles/lib/files/FWO.DeviceAutoDiscovery/FortiManagerAPI.cs
index abf4d533e..c4b5b7ae3 100644
--- a/roles/lib/files/FWO.DeviceAutoDiscovery/FortiManagerAPI.cs
+++ b/roles/lib/files/FWO.DeviceAutoDiscovery/FortiManagerAPI.cs
@@ -1,6 +1,7 @@
 using RestSharp;
 using RestSharp.Serializers.SystemTextJson;
 using System.Text.Json;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using System.Text;
 using System.Text.Json.Serialization;
diff --git a/roles/lib/files/FWO.Encryption/AesEnc.cs b/roles/lib/files/FWO.Encryption/AesEnc.cs
new file mode 100644
index 000000000..c3e1440a9
--- /dev/null
+++ b/roles/lib/files/FWO.Encryption/AesEnc.cs
@@ -0,0 +1,87 @@
+using System.Security.Cryptography;
+using System.Text;
+using FWO.GlobalConstants;
+
+namespace FWO.Encryption
+{
+    public static class AesEnc
+    {
+        public static string GetMainKey()
+        {
+            string mainKey = File.ReadAllText(GlobalConst.kMainKeyFile);
+            mainKey = mainKey.TrimEnd('\n');    // remove linke break
+            return mainKey;
+        }
+
+        public static string Encrypt(string plaintext, string key)
+        {
+            return CustomAesCbcEncryptBase64(plaintext, key);
+        }
+
+        public static string Decrypt(string encryptedDataString, string key)
+        {
+            string decryptedText;
+            try
+            {
+                decryptedText = CustomAesCbcDecryptBase64(encryptedDataString, key);
+                return decryptedText;
+            }
+            catch
+            {
+                throw new ArgumentException("Could not decrypt.");
+            }
+        }
+        public static string CustomAesCbcEncryptBase64(string plaintext, string key)
+        {
+            using (Aes aes = Aes.Create())
+            {
+                aes.Key = Encoding.UTF8.GetBytes(key);
+                aes.GenerateIV();
+                aes.Mode = CipherMode.CBC;
+                aes.Padding = PaddingMode.PKCS7;
+
+                using (ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV))
+                {
+                    byte[] plaintextBytes = Encoding.UTF8.GetBytes(plaintext);
+                    byte[] encryptedBytes = encryptor.TransformFinalBlock(plaintextBytes, 0, plaintextBytes.Length);
+
+                    // Combine IV and encrypted text
+                    byte[] ivAndEncrypted = new byte[aes.IV.Length + encryptedBytes.Length];
+                    Array.Copy(aes.IV, ivAndEncrypted, aes.IV.Length);
+                    Array.Copy(encryptedBytes, 0, ivAndEncrypted, aes.IV.Length, encryptedBytes.Length);
+
+                    return Convert.ToBase64String(ivAndEncrypted);
+                }
+            }
+        }
+
+        public static string CustomAesCbcDecryptBase64(string ciphertext, string key)
+        {
+            byte[] encryptedBytes = Convert.FromBase64String(ciphertext);
+
+            // IV size for AES-CBC is typically 16 bytes
+            int ivSize = 16;
+            byte[] iv = new byte[ivSize];
+            byte[] encryptedText = new byte[encryptedBytes.Length - ivSize];
+
+            // Extract IV from the beginning of the ciphertext
+            Array.Copy(encryptedBytes, 0, iv, 0, ivSize);
+            Array.Copy(encryptedBytes, ivSize, encryptedText, 0, encryptedText.Length);
+
+            using (Aes aes = Aes.Create())
+            {
+                aes.Key = Encoding.UTF8.GetBytes(key);
+                aes.IV = iv;
+                aes.Mode = CipherMode.CBC;
+                aes.Padding = PaddingMode.PKCS7;
+
+                using (ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV))
+                {
+                    byte[] decryptedBytes = decryptor.TransformFinalBlock(encryptedText, 0, encryptedText.Length);
+                    return Encoding.UTF8.GetString(decryptedBytes);
+                }
+            }
+        }
+
+    }
+}
diff --git a/roles/lib/files/FWO.Encryption/FWO.Encryption.csproj b/roles/lib/files/FWO.Encryption/FWO.Encryption.csproj
new file mode 100644
index 000000000..1e6418872
--- /dev/null
+++ b/roles/lib/files/FWO.Encryption/FWO.Encryption.csproj
@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net6.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\lib\files\FWO.GlobalConstants\FWO.GlobalConstants.csproj" />
+  </ItemGroup>
+
+</Project>
diff --git a/roles/lib/files/FWO.GlobalConstants/FWO.GlobalConstants.csproj b/roles/lib/files/FWO.GlobalConstants/FWO.GlobalConstants.csproj
new file mode 100644
index 000000000..463eca566
--- /dev/null
+++ b/roles/lib/files/FWO.GlobalConstants/FWO.GlobalConstants.csproj
@@ -0,0 +1,9 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net6.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+</Project>
diff --git a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs b/roles/lib/files/FWO.GlobalConstants/GlobalConstants.cs
similarity index 98%
rename from roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
rename to roles/lib/files/FWO.GlobalConstants/GlobalConstants.cs
index c830d5ec9..85cbd5cee 100644
--- a/roles/lib/files/FWO.Api.Client/Data/GlobalConstants.cs
+++ b/roles/lib/files/FWO.GlobalConstants/GlobalConstants.cs
@@ -1,4 +1,4 @@
-namespace FWO.Api.Data
+namespace FWO.GlobalConstants
 {
     /// <summary>
     /// Global string constants used e.g. as database keys etc.
diff --git a/roles/lib/files/FWO.Recert/RecertRefresh.cs b/roles/lib/files/FWO.Recert/RecertRefresh.cs
index fb3edd3fa..721e6ed37 100644
--- a/roles/lib/files/FWO.Recert/RecertRefresh.cs
+++ b/roles/lib/files/FWO.Recert/RecertRefresh.cs
@@ -1,4 +1,5 @@
 using System.Diagnostics;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Logging;
diff --git a/roles/lib/files/FWO.Report.Filter/Compiler.cs b/roles/lib/files/FWO.Report.Filter/Compiler.cs
index 0af7c9435..c1f1f6157 100644
--- a/roles/lib/files/FWO.Report.Filter/Compiler.cs
+++ b/roles/lib/files/FWO.Report.Filter/Compiler.cs
@@ -1,4 +1,5 @@
 using FWO.Report.Filter.Ast;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Logging;
 
diff --git a/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs b/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs
index bab2551a0..22f7e2ec4 100644
--- a/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs
+++ b/roles/lib/files/FWO.Report.Filter/DynGraphqlQuery.cs
@@ -1,5 +1,6 @@
 using FWO.Report.Filter.Ast;
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using System.Text.RegularExpressions;
 using FWO.Logging;
diff --git a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs
index 2c3ee701e..73665fd93 100644
--- a/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs
+++ b/roles/lib/files/FWO.Report.Filter/FilterTypes/ReportFilters.cs
@@ -1,3 +1,4 @@
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 
diff --git a/roles/lib/files/FWO.Report/Data/DeviceReport.cs b/roles/lib/files/FWO.Report/Data/DeviceReport.cs
index aaef40b39..9d0dd2484 100644
--- a/roles/lib/files/FWO.Report/Data/DeviceReport.cs
+++ b/roles/lib/files/FWO.Report/Data/DeviceReport.cs
@@ -1,5 +1,6 @@
 using System.Text.Json.Serialization; 
 using Newtonsoft.Json;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 
 namespace FWO.Report
diff --git a/roles/lib/files/FWO.Report/Data/ManagementReport.cs b/roles/lib/files/FWO.Report/Data/ManagementReport.cs
index 08bf5b180..1e9dc376e 100644
--- a/roles/lib/files/FWO.Report/Data/ManagementReport.cs
+++ b/roles/lib/files/FWO.Report/Data/ManagementReport.cs
@@ -1,5 +1,6 @@
 using Newtonsoft.Json;
 using System.Text.Json.Serialization;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 
 namespace FWO.Report
diff --git a/roles/lib/files/FWO.Report/Data/OwnerReport.cs b/roles/lib/files/FWO.Report/Data/OwnerReport.cs
index fd19f4431..9dd9a4e1d 100644
--- a/roles/lib/files/FWO.Report/Data/OwnerReport.cs
+++ b/roles/lib/files/FWO.Report/Data/OwnerReport.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 
 namespace FWO.Report
 {
diff --git a/roles/lib/files/FWO.Report/Data/ReportData.cs b/roles/lib/files/FWO.Report/Data/ReportData.cs
index d41fd6528..45ec2f5e5 100644
--- a/roles/lib/files/FWO.Report/Data/ReportData.cs
+++ b/roles/lib/files/FWO.Report/Data/ReportData.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 
 namespace FWO.Report
 {
diff --git a/roles/lib/files/FWO.Report/Display/NatRuleDisplayHtml.cs b/roles/lib/files/FWO.Report/Display/NatRuleDisplayHtml.cs
index fc78fa81e..ce38a1f59 100644
--- a/roles/lib/files/FWO.Report/Display/NatRuleDisplayHtml.cs
+++ b/roles/lib/files/FWO.Report/Display/NatRuleDisplayHtml.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Config.Api;
 using System.Text;
 using FWO.Report;
diff --git a/roles/lib/files/FWO.Report/Display/NwObjDisplay.cs b/roles/lib/files/FWO.Report/Display/NwObjDisplay.cs
index 0a26acb1b..0b6661463 100644
--- a/roles/lib/files/FWO.Report/Display/NwObjDisplay.cs
+++ b/roles/lib/files/FWO.Report/Display/NwObjDisplay.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 
 namespace FWO.Ui.Display
 {
diff --git a/roles/lib/files/FWO.Report/Display/RuleChangeDisplayCsv.cs b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayCsv.cs
index 01b2b1427..76ca29902 100644
--- a/roles/lib/files/FWO.Report/Display/RuleChangeDisplayCsv.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayCsv.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Report.Filter;
 
diff --git a/roles/lib/files/FWO.Report/Display/RuleChangeDisplayHtml.cs b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayHtml.cs
index 7b36a96e3..3d3154a78 100644
--- a/roles/lib/files/FWO.Report/Display/RuleChangeDisplayHtml.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayHtml.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Logging;
 using FWO.Config.Api;
 using FWO.Report;
diff --git a/roles/lib/files/FWO.Report/Display/RuleChangeDisplayJson.cs b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayJson.cs
index 6ff73cc6e..48e84a93b 100644
--- a/roles/lib/files/FWO.Report/Display/RuleChangeDisplayJson.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleChangeDisplayJson.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Report.Filter;
 
diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs
index f42ce6864..21498e6a3 100644
--- a/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs
@@ -1,4 +1,6 @@
 using System.Text;
+using FWO.GlobalConstants;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Report.Filter;
diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayCsv.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayCsv.cs
index 35152aced..acb145f32 100644
--- a/roles/lib/files/FWO.Report/Display/RuleDisplayCsv.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleDisplayCsv.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Config.Api;
 using System.Text;
 using FWO.Report.Filter;
diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs
index 9ca58b704..5f59dbb66 100644
--- a/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Config.Api;
 using System.Text;
 using FWO.Report;
diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayJson.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayJson.cs
index dd9c095c5..119b82fac 100644
--- a/roles/lib/files/FWO.Report/Display/RuleDisplayJson.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleDisplayJson.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Report.Filter;
 
diff --git a/roles/lib/files/FWO.Report/FWO.Report.csproj b/roles/lib/files/FWO.Report/FWO.Report.csproj
index 2c447419c..51c851250 100644
--- a/roles/lib/files/FWO.Report/FWO.Report.csproj
+++ b/roles/lib/files/FWO.Report/FWO.Report.csproj
@@ -13,6 +13,7 @@
   <ItemGroup>
     <ProjectReference Include="..\FWO.Config.Api\FWO.Config.Api.csproj" />
     <ProjectReference Include="..\FWO.Report.Filter\FWO.Report.Filter.csproj" />
+    <ProjectReference Include="..\FWO.GlobalConstants\FWO.GlobalConstants.csproj" />
     <ProjectReference Include="..\FWO.Api.Client\FWO.Api.Client.csproj" />
   </ItemGroup>
 
diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index 8ed6f01a8..ede5456a0 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -1,4 +1,6 @@
-using FWO.Api.Client;
+using FWO.GlobalConstants;
+using FWO.Api.Client;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Report.Filter;
 using FWO.Config.Api;
diff --git a/roles/lib/files/FWO.Report/ReportChanges.cs b/roles/lib/files/FWO.Report/ReportChanges.cs
index 531a85201..e042e46a3 100644
--- a/roles/lib/files/FWO.Report/ReportChanges.cs
+++ b/roles/lib/files/FWO.Report/ReportChanges.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using System.Text;
 using FWO.Api.Client;
 using FWO.Report.Filter;
diff --git a/roles/lib/files/FWO.Report/ReportConnections.cs b/roles/lib/files/FWO.Report/ReportConnections.cs
index 3b98c1c81..04d49df2f 100644
--- a/roles/lib/files/FWO.Report/ReportConnections.cs
+++ b/roles/lib/files/FWO.Report/ReportConnections.cs
@@ -1,3 +1,4 @@
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Report.Filter;
diff --git a/roles/lib/files/FWO.Report/ReportDevicesBase.cs b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
index 9eb20728c..2479f2382 100644
--- a/roles/lib/files/FWO.Report/ReportDevicesBase.cs
+++ b/roles/lib/files/FWO.Report/ReportDevicesBase.cs
@@ -1,5 +1,6 @@
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Report.Filter;
 using FWO.Config.Api;
diff --git a/roles/lib/files/FWO.Report/ReportNatRules.cs b/roles/lib/files/FWO.Report/ReportNatRules.cs
index 2b752b72b..7d2f7938f 100644
--- a/roles/lib/files/FWO.Report/ReportNatRules.cs
+++ b/roles/lib/files/FWO.Report/ReportNatRules.cs
@@ -1,4 +1,4 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
 using System.Text;
 using FWO.Report.Filter;
 using FWO.Ui.Display;
diff --git a/roles/lib/files/FWO.Report/ReportOwnersBase.cs b/roles/lib/files/FWO.Report/ReportOwnersBase.cs
index d352d32d2..86cf8f8b5 100644
--- a/roles/lib/files/FWO.Report/ReportOwnersBase.cs
+++ b/roles/lib/files/FWO.Report/ReportOwnersBase.cs
@@ -1,3 +1,4 @@
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Report.Filter;
 using FWO.Config.Api;
diff --git a/roles/lib/files/FWO.Report/ReportRules.cs b/roles/lib/files/FWO.Report/ReportRules.cs
index 0c74eaf14..05ad6e6bf 100644
--- a/roles/lib/files/FWO.Report/ReportRules.cs
+++ b/roles/lib/files/FWO.Report/ReportRules.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using System.Text;
 using FWO.Api.Client;
 using FWO.Report.Filter;
diff --git a/roles/lib/files/FWO.Report/ReportStatistics.cs b/roles/lib/files/FWO.Report/ReportStatistics.cs
index 5d8b30e13..f1315231c 100644
--- a/roles/lib/files/FWO.Report/ReportStatistics.cs
+++ b/roles/lib/files/FWO.Report/ReportStatistics.cs
@@ -1,3 +1,4 @@
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using System.Text;
 using FWO.Api.Client;
diff --git a/roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs b/roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs
index 0dbb859b8..d03bb1d8f 100644
--- a/roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs
@@ -1,6 +1,7 @@
 using FWO.Logging;
 using NetTools;
 using FWO.Api.Client;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using System.Text.Json;
diff --git a/roles/middleware/files/FWO.Middleware.Server/AreaSubnetDataImport.cs b/roles/middleware/files/FWO.Middleware.Server/AreaSubnetDataImport.cs
index 9a68b2355..45139d44d 100644
--- a/roles/middleware/files/FWO.Middleware.Server/AreaSubnetDataImport.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/AreaSubnetDataImport.cs
@@ -1,5 +1,6 @@
 using FWO.Logging;
 using FWO.Api.Client;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using System.Text.Json;
@@ -185,15 +186,15 @@ private async Task<bool> DeleteArea(ModellingNetworkArea area)
         {
             try
             {
-                if(await CheckAreaInUse(area))
-                {
-                    await apiConnection.SendQueryAsync<NewReturning>(Api.Client.Queries.ModellingQueries.setAreaDeletedState, new { id = area.Id , deleted = true});
-                    await apiConnection.SendQueryAsync<NewReturning>(Api.Client.Queries.ModellingQueries.removeSelectedNwGroupObjectFromAllApps, new { nwGroupId = area.Id }); 
-                }
-                else
-                {
-                    await apiConnection.SendQueryAsync<NewReturning>(Api.Client.Queries.ModellingQueries.deleteNwGroup, new { id = area.Id });
-                }
+                // if(await CheckAreaInUse(area))
+                // {
+                await apiConnection.SendQueryAsync<NewReturning>(Api.Client.Queries.ModellingQueries.setAreaDeletedState, new { id = area.Id , deleted = true});
+                await apiConnection.SendQueryAsync<NewReturning>(Api.Client.Queries.ModellingQueries.removeSelectedNwGroupObjectFromAllApps, new { nwGroupId = area.Id }); 
+                // }
+                // else
+                // {
+                //     await apiConnection.SendQueryAsync<NewReturning>(Api.Client.Queries.ModellingQueries.deleteNwGroup, new { id = area.Id });
+                // }
             }
             catch (Exception exc)
             {
@@ -203,25 +204,25 @@ private async Task<bool> DeleteArea(ModellingNetworkArea area)
             return true;
         }
 
-        private async Task<bool> CheckAreaInUse(ModellingNetworkArea area)
-        {
-            try
-            {
-                // List<ModellingConnection> foundConnections = await apiConnection.SendQueryAsync<List<ModellingConnection>>(ModellingQueries.getConnectionIdsForNwGroup, new { id = area.Id });
-                // if (foundConnections.Count == 0)
-                //  {
-                //     // Todo: further checks: appServer in area ? in any selection list ??
-                //     if ()
-                //     {
-                //         return false;
-                //     }
-                // }
-                return true;
-            }
-            catch (Exception)
-            {
-                return true;
-            }
-        }
+        // private async Task<bool> CheckAreaInUse(ModellingNetworkArea area)
+        // {
+        //     try
+        //     {
+        //         // List<ModellingConnection> foundConnections = await apiConnection.SendQueryAsync<List<ModellingConnection>>(ModellingQueries.getConnectionIdsForNwGroup, new { id = area.Id });
+        //         // if (foundConnections.Count == 0)
+        //         //  {
+        //         //     // Todo: further checks: appServer in area ? in any selection list ??
+        //         //     if ()
+        //         //     {
+        //         //         return false;
+        //         //     }
+        //         // }
+        //         return true;
+        //     }
+        //     catch (Exception)
+        //     {
+        //         return true;
+        //     }
+        // }
     }
 }
diff --git a/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs
index eeff275dd..a98655e1a 100644
--- a/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/AutoDiscoverScheduler.cs
@@ -1,5 +1,6 @@
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Config.Api.Data;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs
index 25fe49399..824bc3817 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationServerController.cs
@@ -1,6 +1,7 @@
 using FWO.Config.Api;
 using FWO.Api.Client.Queries;
 using FWO.Api.Client;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Logging;
 using FWO.Middleware.Server;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs
index a5481cf38..4480c350d 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/AuthenticationTokenController.cs
@@ -1,4 +1,5 @@
 using FWO.Config.Api;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs
index 9ac8f479c..44ac187b0 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/GroupController.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Logging;
 using FWO.Middleware.RequestParameters;
 using FWO.Middleware.Server;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs
index 9b97404b1..5f8ee041c 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/RoleController.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Logging;
 using FWO.Middleware.RequestParameters;
 using FWO.Middleware.Server;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs
index 105a26da4..19359f084 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/TenantController.cs
@@ -1,4 +1,5 @@
 using FWO.Config.Api;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Logging;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs b/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs
index 940bb7ccf..7abe75404 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Controllers/UserController.cs
@@ -1,4 +1,5 @@
 using FWO.Config.Api;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
diff --git a/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs
index bcac3d4fa..e43665141 100644
--- a/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/DailyCheckScheduler.cs
@@ -1,5 +1,6 @@
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Config.Api.Data;
diff --git a/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj b/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj
index 895bfbe2a..ac8b4cc3c 100644
--- a/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj
+++ b/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj
@@ -20,6 +20,7 @@
     <ProjectReference Include="..\..\..\lib\files\FWO.Config.File\FWO.Config.File.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.DeviceAutoDiscovery\FWO.DeviceAutoDiscovery.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Logging\FWO.Logging.csproj" />
+    <ProjectReference Include="..\..\..\lib\files\FWO.Encryption\FWO.Encryption.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Recert\FWO.Recert.csproj" />
   </ItemGroup>
   
diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportAppDataScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ImportAppDataScheduler.cs
index 3002f358f..129b65357 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ImportAppDataScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ImportAppDataScheduler.cs
@@ -1,5 +1,6 @@
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Config.Api.Data;
diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
index b56d7cf5f..11f76a345 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifier.cs
@@ -1,5 +1,6 @@
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Logging;
@@ -226,7 +227,7 @@ private string CreateBody()
             {                
                 MemoryStream memoryStream = new(System.Text.Encoding.UTF8.GetBytes(content));
                 string fileName = $"{Regex.Replace(globalConfig.ImpChangeNotifySubject, @"\s", "")}_{DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH-mm-ssK")}.{fileFormat}";
-                return new(memoryStream, 0, memoryStream.Length, null, fileName)
+                return new(memoryStream, 0, memoryStream.Length, "FWO-Report-Attachment", fileName)
                 {
                     Headers = new HeaderDictionary(),
                     ContentType = $"application/{fileFormat}"
diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifyScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifyScheduler.cs
index c1cbef731..8d4d7a9df 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifyScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ImportChangeNotifyScheduler.cs
@@ -1,5 +1,6 @@
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Config.Api.Data;
diff --git a/roles/middleware/files/FWO.Middleware.Server/ImportSubnetDataScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ImportSubnetDataScheduler.cs
index 2a526c6bb..7d6299938 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ImportSubnetDataScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ImportSubnetDataScheduler.cs
@@ -1,5 +1,6 @@
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Config.Api.Data;
diff --git a/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs b/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs
index fde56b004..5bbea8093 100644
--- a/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs
@@ -3,6 +3,7 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using System.Text.Json;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 
diff --git a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
index 9d4dec208..82ee8635c 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
@@ -2,6 +2,8 @@
 using Novell.Directory.Ldap;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
+using FWO.GlobalConstants;
+using FWO.Encryption;
 using FWO.Api.Data;
 using FWO.Middleware.RequestParameters;
 using Microsoft.IdentityModel.Tokens;
@@ -62,6 +64,7 @@ public void TestConnection()
             {
                 if (!string.IsNullOrEmpty(SearchUser))
                 {
+                    // connection.Bind(SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey()));
                     connection.Bind(SearchUser, SearchUserPwd);
                     if (!connection.Bound) throw new Exception("Binding failed for search user");
                 }
@@ -130,7 +133,7 @@ private string getGroupSearchFilter(string searchPattern)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as search user
-                    connection.Bind(SearchUser, SearchUserPwd);
+                    connection.Bind(SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey()));
 
                     LdapSearchConstraints cons = connection.SearchConstraints;
                     cons.ReferralFollowing = true;
@@ -368,7 +371,7 @@ private List<string> GetMemberships(List<string> dnList, string? searchPath)
                     using (LdapConnection connection = Connect())
                     {     
                         // Authenticate as search user
-                        connection.Bind(SearchUser, SearchUserPwd);
+                        connection.Bind(SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey()));
 
                         // Search for Ldap roles / groups in given directory          
                         int searchScope = LdapConnection.ScopeSub; // TODO: Correct search scope?
diff --git a/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs b/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
index eaa5b612e..246cb435a 100644
--- a/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/RecertCheck.cs
@@ -1,5 +1,6 @@
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.File;
 using FWO.Config.Api;
diff --git a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
index 20daf8bbe..53b1904a1 100644
--- a/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/ReportScheduler.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
 using FWO.Config.Api;
diff --git a/roles/middleware/files/FWO.Middleware.Server/SchedulerBase.cs b/roles/middleware/files/FWO.Middleware.Server/SchedulerBase.cs
index 011288c04..06fbc53c3 100644
--- a/roles/middleware/files/FWO.Middleware.Server/SchedulerBase.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/SchedulerBase.cs
@@ -1,5 +1,6 @@
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Config.Api.Data;
diff --git a/roles/middleware/files/FWO.Middleware.Server/UiUserHandler.cs b/roles/middleware/files/FWO.Middleware.Server/UiUserHandler.cs
index 4104d9bbf..e7fa22172 100644
--- a/roles/middleware/files/FWO.Middleware.Server/UiUserHandler.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/UiUserHandler.cs
@@ -3,6 +3,7 @@
 using FWO.Logging;
 using FWO.Config.File;
 using FWO.Config.Api;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using System.Text.Json.Serialization; 
 using Newtonsoft.Json; 
diff --git a/roles/middleware/tasks/create_auth_secrets.yml b/roles/middleware/tasks/create_auth_secrets.yml
index 12079bc04..f0a1685fb 100644
--- a/roles/middleware/tasks/create_auth_secrets.yml
+++ b/roles/middleware/tasks/create_auth_secrets.yml
@@ -3,9 +3,9 @@
       file:
         path: "{{ fworch_home }}/etc/secrets"
         state: directory
-        mode: "0700"
+        mode: "0750"
         owner: "{{ fworch_user }}"
-        group: "{{ fworch_group }}"
+        group: "{{ postgres_group }}"
 
     - name: read ldap manager pwd from file
       slurp:
diff --git a/roles/middleware/tasks/main.yml b/roles/middleware/tasks/main.yml
index 57a132891..07e5ec5e8 100644
--- a/roles/middleware/tasks/main.yml
+++ b/roles/middleware/tasks/main.yml
@@ -75,8 +75,8 @@
     path: "{{ fworch_secrets_dir }}"
     state: directory
     owner: "{{ fworch_user }}"
-    group: "{{ fworch_group }}"
-    mode: "0700"
+    group: "{{ postgres_group }}"
+    mode: "0750"
   become: true
 
 - name: set UI admin password for testing
@@ -181,20 +181,16 @@
   become_user: postgres
   when: installation_mode == "new"
 
-- name: add connection for internal ldap
+- name: add connection for internal ldap with encrypted passwords
   postgresql_query:
     db: "{{ fworch_db_name }}"
     query: >
-      DO $do$ BEGIN IF NOT EXISTS
-      (SELECT * FROM ldap_connection WHERE ldap_server = '{{ openldap_server }}')
-      THEN INSERT INTO ldap_connection
-      (ldap_server, ldap_port, ldap_searchpath_for_users, ldap_searchpath_for_roles, ldap_searchpath_for_groups,
-      ldap_tenant_level, ldap_search_user, ldap_search_user_pwd, ldap_write_user, ldap_write_user_pwd, ldap_type)
-      VALUES ('{{ openldap_server }}', {{ openldap_port }},
+      DO $do$ BEGIN 
+      PERFORM insertLocalLdapWithEncryptedPasswords ('{{ openldap_server }}', {{ openldap_port }},
       '{{ openldap_std_user_dn }}', '{{ openldap_std_role_dn }}', '{{ openldap_std_group_dn }}',
       5, '{{ openldap_readonly_user_dn }}', '{{ ldap_inspector_pw }}',
       '{{ openldap_writer_dn }}', '{{ ldap_writer_pw }}', 2);
-      END IF; END $do$
+      END $do$
   become: true
   become_user: postgres
   when: installation_mode == "new"
diff --git a/roles/test/files/FWO.Test/AesEncryptionTest.cs b/roles/test/files/FWO.Test/AesEncryptionTest.cs
new file mode 100644
index 000000000..d94f9d0f0
--- /dev/null
+++ b/roles/test/files/FWO.Test/AesEncryptionTest.cs
@@ -0,0 +1,40 @@
+using FWO.Encryption;
+using NUnit.Framework;
+using System.Text;
+using Assert = NUnit.Framework.Assert;
+
+namespace FWO.Test
+{
+    [TestFixture]
+    [Parallelizable]
+    internal class AesDecryptTest
+    {
+
+        private static readonly Random random = new Random();
+        private const string printableChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
+
+        public static string GenerateRandomString(int minLength, int maxLength)
+        {
+            int length = random.Next(minLength, maxLength + 1);
+            StringBuilder stringBuilder = new StringBuilder(length);
+
+            for (int i = 0; i < length; i++)
+            {
+                char randomChar = printableChars[random.Next(printableChars.Length)];
+                stringBuilder.Append(randomChar);
+            }
+
+            return stringBuilder.ToString();
+        }
+        [Test]
+        public void TestEncryptDecryptRandomData()
+        {
+            string tempKey = GenerateRandomString(32,32);
+            string randomPlaintext = GenerateRandomString(15, 100);
+            string encryptedString = AesEnc.Encrypt(randomPlaintext, tempKey);
+            string decryptedString = AesEnc.Decrypt(encryptedString, tempKey);
+            Assert.AreEqual(randomPlaintext, decryptedString);
+        }
+
+    }
+}
diff --git a/roles/test/files/FWO.Test/ApiTest.cs b/roles/test/files/FWO.Test/ApiTest.cs
index 00d21b5ad..b1629fef1 100644
--- a/roles/test/files/FWO.Test/ApiTest.cs
+++ b/roles/test/files/FWO.Test/ApiTest.cs
@@ -2,6 +2,7 @@
 using System.Threading.Tasks;
 using FWO.Api.Client;
 using NUnit.Framework;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.File;
 using FWO.Middleware.Client;
diff --git a/roles/test/files/FWO.Test/DisplayBaseTest.cs b/roles/test/files/FWO.Test/DisplayBaseTest.cs
index a9509f427..b6cdf908b 100644
--- a/roles/test/files/FWO.Test/DisplayBaseTest.cs
+++ b/roles/test/files/FWO.Test/DisplayBaseTest.cs
@@ -1,4 +1,5 @@
 using NUnit.Framework;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 
 namespace FWO.Test
diff --git a/roles/test/files/FWO.Test/DistNameTest.cs b/roles/test/files/FWO.Test/DistNameTest.cs
index a14bdf0af..49f8a9c9e 100644
--- a/roles/test/files/FWO.Test/DistNameTest.cs
+++ b/roles/test/files/FWO.Test/DistNameTest.cs
@@ -1,4 +1,5 @@
 using NUnit.Framework;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 
 namespace FWO.Test
diff --git a/roles/test/files/FWO.Test/ExportTest.cs b/roles/test/files/FWO.Test/ExportTest.cs
index 48d4af80d..4a769772c 100644
--- a/roles/test/files/FWO.Test/ExportTest.cs
+++ b/roles/test/files/FWO.Test/ExportTest.cs
@@ -2,6 +2,7 @@
 using FWO.Logging;
 using FWO.Report;
 using FWO.Report.Filter;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 
 
@@ -719,7 +720,7 @@ public void RulesGenerateJson()
             "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," +
             "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\"," +
             "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
-            "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []},\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"}," +
+            "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []},\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"}," +
             "{\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": false," +
             "\"rule_services\": [{\"service\": {\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0," +
             "\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," +
@@ -733,7 +734,7 @@ public void RulesGenerateJson()
             "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," +
             "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\"," +
             "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
-            "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []},\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"}],\"changelog_rules\": null,\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}}]," +
+            "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []},\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"}],\"changelog_rules\": null,\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}}]," +
             "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null," +
             "\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": []," +
             "\"reportNetworkObjects\": [{\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
@@ -820,7 +821,7 @@ public void ChangesGenerateJson()
             "\"rule_services\": [],\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_tos\": [],\"rule_action\": \"\",\"rule_track\": \"\",\"section_header\": \"\"," +
             "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
             "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," +
-            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 0,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"uid1\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"comment1\",\"rule_disabled\": false," +
+            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 0,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"uid1\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"comment1\",\"rule_disabled\": false," +
             "\"rule_services\": [{\"service\": {\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," +
             "\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"srczn\"}," +
             "\"rule_froms\": [{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
@@ -831,7 +832,7 @@ public void ChangesGenerateJson()
             "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," +
             "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
             "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," +
-            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}," +
+            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}," +
             "{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"C\",\"old\": {\"rule_id\": 0,\"rule_uid\": \"uid1\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"comment1\",\"rule_disabled\": false," +
             "\"rule_services\": [{\"service\": {\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," +
             "\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"srczn\"}," +
@@ -842,7 +843,7 @@ public void ChangesGenerateJson()
             "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," +
             "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
             "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," +
-            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"new comment\",\"rule_disabled\": false," +
+            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule1\",\"rule_comment\": \"new comment\",\"rule_disabled\": false," +
             "\"rule_services\": [{\"service\": {\"svc_id\": 1,\"svc_name\": \"TestService1\",\"svc_uid\": \"\",\"svc_port\": 443,\"svc_port_end\": 443,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"TCP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," +
             "\"rule_svc_neg\": true,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"srczn\"},\"rule_froms\": [{\"object\": {\"obj_id\": 5,\"obj_name\": \"TestIp1Changed\",\"obj_ip\": \"2.3.4.5/32\",\"obj_ip_end\": \"2.3.4.5/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"host\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
             "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}},{\"object\": {\"obj_id\": 2,\"obj_name\": \"TestIp2\",\"obj_ip\": \"127.0.0.1/32\",\"obj_ip_end\": \"127.0.0.1/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
@@ -852,7 +853,7 @@ public void ChangesGenerateJson()
             "\"usr\": {\"user_id\": 0,\"user_uid\": \"\",\"user_name\": \"\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," +
             "\"rule_action\": \"accept\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": \"2022-04-19T00:00:00\",\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
             "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," +
-            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}," +
+            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 1,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}," +
             "{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"C\",\"old\": {\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": false," +
             "\"rule_services\": [{\"service\": {\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," +
             "\"rule_svc_neg\": true,\"rule_svc\": \"\",\"rule_src_neg\": true,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"}," +
@@ -863,7 +864,7 @@ public void ChangesGenerateJson()
             "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," +
             "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
             "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," +
-            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": true," +
+            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": true," +
             "\"rule_services\": [{\"service\": {\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," +
             "\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": true,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"}," +
             "\"rule_froms\": [{\"object\": {\"obj_id\": 1,\"obj_name\": \"TestIp1\",\"obj_ip\": \"1.2.3.4/32\",\"obj_ip_end\": \"1.2.3.4/32\",\"obj_uid\": \"\",\"zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"active\": false,\"obj_create\": 0,\"obj_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"obj_last_seen\": 0,\"type\": {\"name\": \"network\"},\"obj_comment\": \"\",\"obj_member_names\": \"\",\"obj_member_refs\": \"\",\"objgrps\": [],\"objgrp_flats\": []}," +
@@ -873,7 +874,7 @@ public void ChangesGenerateJson()
             "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," +
             "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
             "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," +
-            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}," +
+            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}," +
             "{\"import\": {\"time\": \"2023-04-05T12:00:00\"},\"change_action\": \"D\",\"old\": {\"rule_id\": 0,\"rule_uid\": \"uid2:123\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"TestRule2\",\"rule_comment\": \"comment2\",\"rule_disabled\": false," +
             "\"rule_services\": [{\"service\": {\"svc_id\": 2,\"svc_name\": \"TestService2\",\"svc_uid\": \"\",\"svc_port\": 6666,\"svc_port_end\": 7777,\"svc_source_port\": null,\"svc_source_port_end\": null,\"svc_code\": \"\",\"svc_timeout\": null,\"svc_typ_id\": null,\"active\": false,\"svc_create\": 0,\"svc_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"svc_last_seen\": 0,\"service_type\": {\"name\": \"\"},\"svc_comment\": \"\",\"svc_color_id\": null,\"ip_proto_id\": null,\"protocol_name\": {\"id\": 0,\"name\": \"UDP\"},\"svc_member_names\": \"\",\"svc_member_refs\": \"\",\"svcgrps\": [],\"svcgrp_flats\": []}}]," +
             "\"rule_svc_neg\": true,\"rule_svc\": \"\",\"rule_src_neg\": true,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"}," +
@@ -884,11 +885,11 @@ public void ChangesGenerateJson()
             "\"usr\": {\"user_id\": 2,\"user_uid\": \"\",\"user_name\": \"TestUser2\",\"user_comment\": \"\",\"user_lastname\": \"\",\"user_firstname\": \"\",\"usr_typ_id\": 0,\"type\": {\"usr_typ_name\": \"group\"},\"user_create\": 0,\"user_create_time\": {\"time\": \"0001-01-01T00:00:00\"},\"user_last_seen\": 0,\"user_member_names\": \"\",\"user_member_refs\": \"\",\"usergrps\": [],\"usergrp_flats\": []}}]," +
             "\"rule_action\": \"deny\",\"rule_track\": \"none\",\"section_header\": \"\",\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
             "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," +
-            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"\",\"rule_comment\": \"\",\"rule_disabled\": false," +
+            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 2,\"Certified\": false,\"DeviceName\": \"\"},\"new\": {\"rule_id\": 0,\"rule_uid\": \"\",\"mgm_id\": 0,\"rule_num_numeric\": 0,\"rule_name\": \"\",\"rule_comment\": \"\",\"rule_disabled\": false," +
             "\"rule_services\": [],\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_src_neg\": false,\"rule_src\": \"\",\"src_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"dst_zone\": {\"zone_id\": 0,\"zone_name\": \"\"},\"rule_tos\": [],\"rule_action\": \"\",\"rule_track\": \"\",\"section_header\": \"\"," +
             "\"rule_metadatum\": {\"rule_metadata_id\": 0,\"rule_created\": null,\"rule_last_modified\": null,\"rule_first_hit\": null,\"rule_last_hit\": null,\"rule_last_certified\": null,\"rule_last_certifier_dn\": \"\",\"rule_to_be_removed\": false,\"rule_decert_date\": null,\"rule_recertification_comment\": \"\",\"recertification\": [],\"recert_history\": [],\"dev_id\": 0,\"rule_uid\": \"\",\"NextRecert\": \"0001-01-01T00:00:00\",\"LastCertifierName\": \"\",\"Recert\": false,\"Style\": \"\"}," +
             "\"translate\": {\"rule_svc_neg\": false,\"rule_svc\": \"\",\"rule_services\": [],\"rule_src_neg\": false,\"rule_src\": \"\",\"rule_froms\": [],\"rule_dst_neg\": false,\"rule_dst\": \"\",\"rule_tos\": []}," +
-            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"DisplayOrderNumber\": 0,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}],\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}}]," +
+            "\"owner_name\": \"\",\"owner_id\": null,\"matches\": \"\",\"dev_id\": 0,\"rule_custom_fields\": \"\",\"DisplayOrderNumber\": 0,\"Certified\": false,\"DeviceName\": \"\"},\"DeviceName\": \"\"}],\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}}]," +
             "\"import\": {\"aggregate\": {\"max\": {\"id\": null}}},\"RelevantImportId\": null," +
             "\"networkObjects\": [],\"serviceObjects\": [],\"userObjects\": [],\"reportNetworkObjects\": [],\"reportServiceObjects\": [],\"reportUserObjects\": [],\"ReportedRuleIds\": [],\"ReportedNetworkServiceIds\": [],\"objects_aggregate\": {\"aggregate\": {\"count\": 0}}," +
             "\"services_aggregate\": {\"aggregate\": {\"count\": 0}},\"usrs_aggregate\": {\"aggregate\": {\"count\": 0}},\"rules_aggregate\": {\"aggregate\": {\"count\": 0}}," +
diff --git a/roles/test/files/FWO.Test/FWO.Test.csproj b/roles/test/files/FWO.Test/FWO.Test.csproj
index 2ddbb93f6..172fab8c5 100644
--- a/roles/test/files/FWO.Test/FWO.Test.csproj
+++ b/roles/test/files/FWO.Test/FWO.Test.csproj
@@ -13,6 +13,7 @@
     <PackageReference Include="NUnit3TestAdapter" Version="4.4.2" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.0" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.34.0" />
+    <PackageReference Include="BouncyCastle.Cryptography" Version="2.1.1" />
   </ItemGroup>
 
   <ItemGroup>
@@ -24,6 +25,7 @@
     <ProjectReference Include="..\..\..\lib\files\FWO.DeviceAutoDiscovery\FWO.DeviceAutoDiscovery.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Middleware.Client\FWO.Middleware.Client.csproj" />
     <ProjectReference Include="..\..\..\ui\files\FWO.UI\FWO.Ui.csproj" />
+    <ProjectReference Include="..\..\..\lib\files\FWO.Encryption\FWO.Encryption.csproj" />
   </ItemGroup>
 
 </Project>
diff --git a/roles/test/files/FWO.Test/FilterTest.cs b/roles/test/files/FWO.Test/FilterTest.cs
index b8fef1e0b..2adc48644 100644
--- a/roles/test/files/FWO.Test/FilterTest.cs
+++ b/roles/test/files/FWO.Test/FilterTest.cs
@@ -5,6 +5,7 @@
 using System;
 using System.Collections.Generic;
 using System.Text;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 namespace FWO.Test
 {
diff --git a/roles/test/files/FWO.Test/ManagedIdStringTest.cs b/roles/test/files/FWO.Test/ManagedIdStringTest.cs
index 5b498d81e..d7ac949cc 100644
--- a/roles/test/files/FWO.Test/ManagedIdStringTest.cs
+++ b/roles/test/files/FWO.Test/ManagedIdStringTest.cs
@@ -1,4 +1,5 @@
 using NUnit.Framework;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 
 namespace FWO.Test
diff --git a/roles/test/files/FWO.Test/ModellingHandlerTest.cs b/roles/test/files/FWO.Test/ModellingHandlerTest.cs
index 5ed73e8ad..45d7c4ceb 100644
--- a/roles/test/files/FWO.Test/ModellingHandlerTest.cs
+++ b/roles/test/files/FWO.Test/ModellingHandlerTest.cs
@@ -1,4 +1,5 @@
 using NUnit.Framework;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Ui.Services;
 
diff --git a/roles/test/files/FWO.Test/ModellingHandlerTestApiConn.cs b/roles/test/files/FWO.Test/ModellingHandlerTestApiConn.cs
index 356ee3aa6..5a3aa189b 100644
--- a/roles/test/files/FWO.Test/ModellingHandlerTestApiConn.cs
+++ b/roles/test/files/FWO.Test/ModellingHandlerTestApiConn.cs
@@ -1,5 +1,6 @@
 using FWO.Api.Client.Queries;
 using GraphQL;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 
 namespace FWO.Test
diff --git a/roles/test/files/FWO.Test/SanitizerTest.cs b/roles/test/files/FWO.Test/SanitizerTest.cs
index 32801e0e1..81f76d4a2 100644
--- a/roles/test/files/FWO.Test/SanitizerTest.cs
+++ b/roles/test/files/FWO.Test/SanitizerTest.cs
@@ -1,4 +1,5 @@
 using NUnit.Framework;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 
 namespace FWO.Test
diff --git a/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs b/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs
index 8b13752db..56397a8b1 100644
--- a/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs
+++ b/roles/ui/files/FWO.UI/Auth/AuthStateProvider.cs
@@ -5,6 +5,7 @@
 using FWO.Config.Api;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Ui.Services;
 using FWO.Middleware.Client;
diff --git a/roles/ui/files/FWO.UI/FWO.Ui.csproj b/roles/ui/files/FWO.UI/FWO.Ui.csproj
index a626f79bc..e09f5cb8c 100644
--- a/roles/ui/files/FWO.UI/FWO.Ui.csproj
+++ b/roles/ui/files/FWO.UI/FWO.Ui.csproj
@@ -12,12 +12,14 @@
   </ItemGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\..\..\lib\files\FWO.GlobalConstants\FWO.GlobalConstants.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Config.Api\FWO.Config.Api.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Report.Filter\FWO.Report.Filter.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Report\FWO.Report.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Config.File\FWO.Config.File.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Logging\FWO.Logging.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Mail\FWO.Mail.csproj" />
+    <ProjectReference Include="..\..\..\lib\files\FWO.Encryption\FWO.Encryption.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Recert\FWO.Recert.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Api.Client\FWO.Api.Client.csproj" />
     <ProjectReference Include="..\..\..\lib\files\FWO.Middleware.Client\FWO.Middleware.Client.csproj" />
diff --git a/roles/ui/files/FWO.UI/Pages/Certification.razor b/roles/ui/files/FWO.UI/Pages/Certification.razor
index 27e4c8764..4b647fd9c 100644
--- a/roles/ui/files/FWO.UI/Pages/Certification.razor
+++ b/roles/ui/files/FWO.UI/Pages/Certification.razor
@@ -5,6 +5,7 @@
 @using FWO.Report
 @using FWO.Report.Filter
 @using FWO.Ui.Pages.Reporting.Reports
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Middleware.Client
 
diff --git a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAlerts.razor b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAlerts.razor
index 0a401c7d2..e91030d7d 100644
--- a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAlerts.razor
+++ b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAlerts.razor
@@ -1,6 +1,7 @@
 @using FWO.Config.Api
 @using FWO.Api.Client
 @using FWO.Middleware.Client
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 
 @inject ApiConnection apiConnection
diff --git a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportStatus.razor b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportStatus.razor
index 2704482ef..4a7aefc01 100644
--- a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportStatus.razor
+++ b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitorImportStatus.razor
@@ -1,4 +1,5 @@
 @using BlazorTable
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Config.Api
diff --git a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitoringMain.razor b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitoringMain.razor
index ccfd818a8..93e4dfcea 100644
--- a/roles/ui/files/FWO.UI/Pages/Monitoring/MonitoringMain.razor
+++ b/roles/ui/files/FWO.UI/Pages/Monitoring/MonitoringMain.razor
@@ -1,4 +1,5 @@
 @using FWO.Config.Api
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using System.Text.Json
 @using System.Net
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkAnalysis.razor b/roles/ui/files/FWO.UI/Pages/NetworkAnalysis.razor
index f7c9764c9..5017ce4d5 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkAnalysis.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkAnalysis.razor
@@ -3,6 +3,7 @@
 @using System.Net
 @using FWO.Api.Client.Queries
 
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 
 @inject ApiConnection apiConnection
diff --git a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
index 8240e5062..ca6939cae 100644
--- a/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
+++ b/roles/ui/files/FWO.UI/Pages/NetworkModelling/EditConnLeftSide.razor
@@ -1,5 +1,6 @@
 @using FWO.Config.Api
 @using FWO.Ui.Display
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 
 @inject ApiConnection apiConnection
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
index 540b7e6f0..9ed82b799 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Report.razor
@@ -2,6 +2,7 @@
 @using FWO.Report
 @using FWO.Report.Filter
 @using FWO.Report.Filter.Exceptions
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Ui.Data
 @using FWO.Ui.Pages.Reporting.Reports
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/_Imports.razor b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/_Imports.razor
index 830bb8f09..6c2dd83f8 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/Reports/_Imports.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/Reports/_Imports.razor
@@ -1,5 +1,6 @@
 @using BlazorTable
 @using FWO.Api.Client
 @using FWO.Api.Client.Queries
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Ui.Shared
diff --git a/roles/ui/files/FWO.UI/Pages/Reporting/_Imports.razor b/roles/ui/files/FWO.UI/Pages/Reporting/_Imports.razor
index 71b261f5c..eb105c8e6 100644
--- a/roles/ui/files/FWO.UI/Pages/Reporting/_Imports.razor
+++ b/roles/ui/files/FWO.UI/Pages/Reporting/_Imports.razor
@@ -1,4 +1,5 @@
 @using BlazorTable
 @using FWO.Api.Client
 @using FWO.Api.Client.Queries
+@using FWO.GlobalConstants
 @using FWO.Api.Data
\ No newline at end of file
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayImplTaskTable.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayImplTaskTable.razor
index 9d43b4ea2..a5a5c9c5f 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayImplTaskTable.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayImplTaskTable.razor
@@ -1,4 +1,5 @@
 @using FWO.Api.Client
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Config.Api
 @using FWO.Ui.Services
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayImplementationTask.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayImplementationTask.razor
index 9021e81b8..405f69676 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayImplementationTask.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayImplementationTask.razor
@@ -1,4 +1,5 @@
 @using FWO.Api.Client
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Config.Api
 @using FWO.Ui.Services
diff --git a/roles/ui/files/FWO.UI/Pages/Request/DisplayTicket.razor b/roles/ui/files/FWO.UI/Pages/Request/DisplayTicket.razor
index 0f5b456ba..07e509c16 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/DisplayTicket.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/DisplayTicket.razor
@@ -1,4 +1,5 @@
 @using FWO.Api.Client
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Config.Api
 @using FWO.Ui.Services
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestApprovals.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestApprovals.razor
index 1aa9e57b9..7ecbdea41 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestApprovals.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestApprovals.razor
@@ -1,3 +1,4 @@
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Config.Api
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestImplementations.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestImplementations.razor
index d4dc25221..738ca7ce1 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestImplementations.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestImplementations.razor
@@ -1,3 +1,4 @@
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Config.Api
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestPlannings.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestPlannings.razor
index b39b9ac71..30a0c9f3b 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestPlannings.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestPlannings.razor
@@ -1,3 +1,4 @@
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Config.Api
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestReviews.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestReviews.razor
index 84e7bdf73..56dd81975 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestReviews.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestReviews.razor
@@ -1,3 +1,4 @@
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Config.Api
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestTickets.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestTickets.razor
index 7fbe7e8ed..93d27a3b4 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestTickets.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestTickets.razor
@@ -1,3 +1,4 @@
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Config.Api
diff --git a/roles/ui/files/FWO.UI/Pages/Request/RequestTicketsOverview.razor b/roles/ui/files/FWO.UI/Pages/Request/RequestTicketsOverview.razor
index 6057ea99d..f6f701898 100644
--- a/roles/ui/files/FWO.UI/Pages/Request/RequestTicketsOverview.razor
+++ b/roles/ui/files/FWO.UI/Pages/Request/RequestTicketsOverview.razor
@@ -1,3 +1,4 @@
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Config.Api
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor b/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor
index 9ba99b955..770296af6 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SearchUser.razor
@@ -5,6 +5,7 @@
 @using FWO.Middleware.Client
 @using FWO.Middleware.RequestParameters
 @using RestSharp
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 
 @inject ApiConnection apiConnection
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsActions.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsActions.razor
index c96b08d34..409b3737b 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsActions.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsActions.razor
@@ -1,4 +1,5 @@
 @using FWO.Api.Client
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Config.Api
 @using System.Text.Json
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCredentials.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCredentials.razor
index 4c1a99ae2..c3063bee6 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsCredentials.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsCredentials.razor
@@ -1,6 +1,8 @@
 @using BlazorTable
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
+@using FWO.Encryption
 @using FWO.Config.Api
 @using FWO.Middleware.Client
 
@@ -12,42 +14,53 @@
 
 <div class="input-group">
     <h3>@(userConfig.GetText("import_credential"))</h3>
-    <HelpLink Page="settings/credentials"/>
+    <HelpLink Page="settings/credentials" />
 </div>
 @(userConfig.GetText("U5116"))
 <hr />
 
 <div class="btn-group m-1">
-    <button type="button" class="btn btn-sm btn-success" @onclick="Add">@(userConfig.GetText("add_new_credential"))</button>
+    <button type="button" class="btn btn-sm btn-success"
+        @onclick="Add">@(userConfig.GetText("add_new_credential"))</button>
     @if (showCleanupButton)
     {
         <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}")">
             <Authorized>
-                <button type="button" class="btn btn-sm btn-danger" @onclick="RequestRemoveSampleData">@(userConfig.GetText("remove_sample_data"))</button>
+                <button type="button" class="btn btn-sm btn-danger"
+                    @onclick="RequestRemoveSampleData">@(userConfig.GetText("remove_sample_data"))</button>
             </Authorized>
         </AuthorizeView>
     }
 </div>
 
 <div class="d-flex flex-column m-2 vheight75" data-toggle="tooltip" title="@(userConfig.PureLine("H5130"))">
-    <Table class="table table-bordered th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="ImportCredential" Items="credentials" @ref="credTable" PageSize="0" ColumnReorder="true">
-        <Column TableItem="ImportCredential" Title="@(userConfig.GetText("action"))" Field="(x => x.Id)" Sortable="false" Filterable="false">
+    <Table class="table table-bordered th-bg-secondary table-responsive overflow-auto sticky-header"
+        TableItem="ImportCredential" Items="credentials" @ref="credTable" PageSize="0" ColumnReorder="true">
+        <Column TableItem="ImportCredential" Title="@(userConfig.GetText("action"))" Field="(x => x.Id)"
+            Sortable="false" Filterable="false">
             <Template>
                 <div class="btn-group">
-                    <button type="button" class="btn btn-sm btn-success" @onclick="() => Clone(context)">@(userConfig.GetText("clone"))</button>
-                    <button type="button" class="btn btn-sm btn-warning" @onclick="() => Edit(context)">@(userConfig.GetText("edit"))</button>
+                    <button type="button" class="btn btn-sm btn-success"
+                        @onclick="() => Clone(context)">@(userConfig.GetText("clone"))</button>
+                    <button type="button" class="btn btn-sm btn-warning"
+                        @onclick="() => Edit(context)">@(userConfig.GetText("edit"))</button>
                     <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.Auditor}, {Roles.FwAdmin}")" Context="ctx">
                         <Authorized>
-                            <button type="button" class="btn btn-sm btn-danger" @onclick="() => RequestDelete(context)">@(userConfig.GetText("delete"))</button>
+                            <button type="button" class="btn btn-sm btn-danger"
+                                @onclick="() => RequestDelete(context)">@(userConfig.GetText("delete"))</button>
                         </Authorized>
                     </AuthorizeView>
                 </div>
             </Template>
         </Column>
-        <Column TableItem="ImportCredential" Title="@(userConfig.GetText("id"))" Field="@(x => x.Id)" Sortable="true" Filterable="true" />
-        <Column TableItem="ImportCredential" Title="@(userConfig.GetText("name"))" Field="@(x => x.Name)" Sortable="true" Filterable="true" />
-        <Column TableItem="ImportCredential" Title="@(userConfig.GetText("username"))" Field="@(x => x.ImportUser)" Sortable="true" Filterable="true" />
-        <Column TableItem="ImportCredential" Title="@(userConfig.GetText("is_key_pair"))" Field="@(x => x.IsKeyPair)" Sortable="true" Filterable="true" >
+        <Column TableItem="ImportCredential" Title="@(userConfig.GetText("id"))" Field="@(x => x.Id)" Sortable="true"
+            Filterable="true" />
+        <Column TableItem="ImportCredential" Title="@(userConfig.GetText("name"))" Field="@(x => x.Name)"
+            Sortable="true" Filterable="true" />
+        <Column TableItem="ImportCredential" Title="@(userConfig.GetText("username"))" Field="@(x => x.ImportUser)"
+            Sortable="true" Filterable="true" />
+        <Column TableItem="ImportCredential" Title="@(userConfig.GetText("is_key_pair"))" Field="@(x => x.IsKeyPair)"
+            Sortable="true" Filterable="true">
             <Template>
                 @(GlobalConfig.ShowBool(context.IsKeyPair))
             </Template>
@@ -57,66 +70,87 @@
     </Table>
 </div>
 
-<PopUp Title="@(userConfig.GetText("edit_credential"))" Show="@EditMode" Size=PopupSize.Large OnClose="() => EditMode = false">
+<PopUp Title="@(userConfig.GetText("edit_credential"))" Show="@EditMode" Size=PopupSize.Large
+    OnClose="() => EditMode = false">
+
     <Body>
         @if (EditMode)
         {
             <form>
                 <div class="form-group row">
-                    <label for="credentialId" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("id")):</label>
+                    <label for="credentialId"
+                        class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("id")):</label>
                     <label class="col-sm-8">@actCredential.Id</label>
                 </div>
                 <div class="form-group row mt-2" data-toggle="tooltip" title="@(userConfig.PureLine("H5131"))">
-                    <label for="credentialName" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("name"))*:</label>
+                    <label for="credentialName"
+                        class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("name"))*:</label>
                     <div class="col-sm-8">
-                        <input id="credentialName" type="text" class="form-control form-control-sm" @bind="actCredential.Name" />
+                        <input id="credentialName" type="text" class="form-control form-control-sm"
+                            @bind="actCredential.Name" />
                     </div>
                 </div>
                 <div class="form-group row mt-2" data-toggle="tooltip" title="@(userConfig.PureLine("H5132"))">
-                    <label for="credentialUsername" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("username"))*:</label>
+                    <label for="credentialUsername"
+                        class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("username"))*:</label>
                     <div class="col-sm-8">
-                        <input id="credentialUsername" type="text" class="form-control form-control-sm" @bind="actCredential.ImportUser" />
+                        <input id="credentialUsername" type="text" class="form-control form-control-sm"
+                            @bind="actCredential.ImportUser" />
                     </div>
                 </div>
 
-                <div class="form-check form-check-inline mt-2" data-toggle="tooltip" title="@(userConfig.PureLine("H5135"))">
-                    <input class="form-check-input" id="credentialIsKeyPair" type="checkbox" @bind="actCredential.IsKeyPair" @oninput="@(() => { actCredential.Secret = ""; })" />
-                    <label class="form-check-label" for="credentialIsKeyPair"><small>@(userConfig.GetText("is_key_pair"))</small></label>
+                <div class="form-check form-check-inline mt-2" data-toggle="tooltip"
+                    title="@(userConfig.PureLine("H5135"))">
+                    <input class="form-check-input" id="credentialIsKeyPair" type="checkbox" @bind="actCredential.IsKeyPair"
+                        @oninput="@(() => { actCredential.Secret = ""; })" />
+                    <label class="form-check-label"
+                        for="credentialIsKeyPair"><small>@(userConfig.GetText("is_key_pair"))</small></label>
                 </div>
                 @if (actCredential.IsKeyPair)
                 {
                     <div class="form-group row mt-2" data-toggle="tooltip" title="@(userConfig.PureLine("H5133"))">
-                        <label for="credentialSecret" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("private_key"))*:</label>
+                        <label for="credentialSecret"
+                            class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("private_key"))*:</label>
                         <div class="col-sm-8">
-                            <textarea rows="6" cols="60" name="text" class="form-control form-control-sm" placeholder=@(userConfig.GetText("private_key")) @bind="actCredential.Secret"></textarea>
+                            <textarea rows="6" cols="60" name="text" class="form-control form-control-sm"
+                                placeholder=@(userConfig.GetText("private_key")) @bind="actCredential.Secret"></textarea>
                         </div>
                     </div>
                     <div class="form-group row mt-2" data-toggle="tooltip" title="@(userConfig.PureLine("H5134"))">
-                        <label for="credentialPublic" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("public_key")):</label>
+                        <label for="credentialPublic"
+                            class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("public_key")):</label>
                         <div class="col-sm-8">
-                            <textarea rows="6" cols="60" name="text" class="form-control form-control-sm" placeholder=@(userConfig.GetText("public_key")) @bind="actCredential.PublicKey"></textarea>
+                            <textarea rows="6" cols="60" name="text" class="form-control form-control-sm"
+                                placeholder=@(userConfig.GetText("public_key")) @bind="actCredential.PublicKey"></textarea>
                         </div>
                     </div>
                 }
                 else
                 {
                     <div class="form-group row mt-2" data-toggle="tooltip" title="@(userConfig.PureLine("H5133"))">
-                        <label for="credentialSecret" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("login_secret"))*:</label>
+                        <label for="credentialSecret"
+                            class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("login_secret"))*:</label>
                         <div class="col-sm-8">
-                            <input type="password" cols="60" name="text" class="form-control form-control-sm" placeholder=@(userConfig.GetText("login_secret")) @bind="actCredential.Secret" />
+                            <input type="password" cols="60" name="text" class="form-control form-control-sm"
+                                placeholder=@(userConfig.GetText("login_secret")) @bind="actCredential.Secret" />
                         </div>
                     </div>
                 }
                 <div class="form-group row mt-2" data-toggle="tooltip" title="@(userConfig.PureLine("H5136"))">
-                    <label for="cloudClientId" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("cloud_client_id")):</label>
+                    <label for="cloudClientId"
+                        class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("cloud_client_id")):</label>
                     <div class="col-sm-8">
-                        <input type="text" cols="60" name="text" class="form-control form-control-sm" placeholder=@(userConfig.GetText("cloud_client_id")) @bind="actCredential.CloudClientId" />                        
+                        <input type="text" cols="60" name="text" class="form-control form-control-sm"
+                            placeholder=@(userConfig.GetText("cloud_client_id")) @bind="actCredential.CloudClientId" />
                     </div>
                 </div>
                 <div class="form-group row mt-2" data-toggle="tooltip" title="@(userConfig.PureLine("H5137"))">
-                    <label for="cloudClientSecret" class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("cloud_client_secret")):</label>
+                    <label for="cloudClientSecret"
+                        class="col-sm-3 col-form-label col-form-label-sm">@(userConfig.GetText("cloud_client_secret")):</label>
                     <div class="col-sm-8">
-                        <input type="password" cols="60" name="text" class="form-control form-control-sm" placeholder=@(userConfig.GetText("cloud_client_secret")) @bind="actCredential.CloudClientSecret" />                        
+                        <input type="password" cols="60" name="text" class="form-control form-control-sm"
+                            placeholder=@(userConfig.GetText("cloud_client_secret"))
+                            @bind="actCredential.CloudClientSecret" />
                     </div>
                 </div>
 
@@ -127,20 +161,24 @@
         <div class="btn-group">
             <AuthorizeView Roles="@($"{Roles.Admin}, {Roles.FwAdmin}")">
                 <Authorized>
-                    <button type="button" class="btn btn-sm btn-primary" @onclick="Save">@(userConfig.GetText("save"))</button>
+                    <button type="button" class="btn btn-sm btn-primary"
+                        @onclick="Save">@(userConfig.GetText("save"))</button>
                 </Authorized>
                 <NotAuthorized>
                     <button type="button" class="btn btn-sm btn-primary" disabled>@(userConfig.GetText("save"))</button>
-                </NotAuthorized> 
+                </NotAuthorized>
             </AuthorizeView>
-            <button type="button" class="btn btn-sm btn-secondary" @onclick="Cancel">@(userConfig.GetText("cancel"))</button>
+            <button type="button" class="btn btn-sm btn-secondary"
+                @onclick="Cancel">@(userConfig.GetText("cancel"))</button>
         </div>
     </Footer>
 </PopUp>
 
-<ConfirmDelete @bind-Display="DeleteMode" PerformAction="Delete" Title="@userConfig.GetText("delete_credential")" DeleteMessage="@deleteMessage"/>
-<ConfirmDelete @bind-Display="CleanupMode" PerformAction="RemoveSampleData" Title="@userConfig.GetText("remove_sample_data")" DeleteMessage="@cleanupMessage"/>
-<InProgress Display="workInProgress"/>
+<ConfirmDelete @bind-Display="DeleteMode" PerformAction="Delete" Title="@userConfig.GetText("delete_credential")"
+    DeleteMessage="@deleteMessage" />
+<ConfirmDelete @bind-Display="CleanupMode" PerformAction="RemoveSampleData"
+    Title="@userConfig.GetText("remove_sample_data")" DeleteMessage="@cleanupMessage" />
+<InProgress Display="workInProgress" />
 
 
 @code
@@ -179,9 +217,11 @@
             JwtReader jwt = new JwtReader(userConfig.User.Jwt);
             jwt.Validate();
             if (jwt.ContainsAllowedRole(Roles.Admin) || jwt.ContainsAllowedRole(Roles.FwAdmin))
-                credentials = await apiConnection.SendQueryAsync<List<ImportCredential>>(FWO.Api.Client.Queries.DeviceQueries.getCredentials);
+                credentials = await
+                apiConnection.SendQueryAsync<List<ImportCredential>>(FWO.Api.Client.Queries.DeviceQueries.getCredentials);
             else
-                credentials = await apiConnection.SendQueryAsync<List<ImportCredential>>(FWO.Api.Client.Queries.DeviceQueries.getCredentialsWithoutSecrets);
+                credentials = await
+                apiConnection.SendQueryAsync<List<ImportCredential>>(FWO.Api.Client.Queries.DeviceQueries.getCredentialsWithoutSecrets);
 
             AnalyseSampleCredentials();
         }
@@ -218,8 +258,9 @@
         actCredential = credential;
         var Variables = new { importCredentialId = credential.Id };
 
-        var result = 
-            await apiConnection.SendQueryAsync<AggregateCount>(FWO.Api.Client.Queries.DeviceQueries.getMgmtNumberUsingCred, Variables);
+        var result =
+        await apiConnection.SendQueryAsync<AggregateCount>(FWO.Api.Client.Queries.DeviceQueries.getMgmtNumberUsingCred,
+        Variables);
         int? numberOfManagementsUsingCredentials = result?.Aggregate?.Count;
 
         if (numberOfManagementsUsingCredentials != null && numberOfManagementsUsingCredentials != 0)
@@ -241,7 +282,8 @@
             workInProgress = true;
             StateHasChanged();
             var Variables = new { id = actCredential.Id };
-            int delId = (await apiConnection.SendQueryAsync<ReturnId>(FWO.Api.Client.Queries.DeviceQueries.deleteCredential, Variables)).DeletedId;
+            int delId = (await apiConnection.SendQueryAsync<ReturnId>(FWO.Api.Client.Queries.DeviceQueries.deleteCredential,
+            Variables)).DeletedId;
             if (delId == actCredential.Id)
             {
                 credentials.Remove(actCredential);
@@ -278,7 +320,7 @@
     private void Add()
     {
         AddMode = true;
-        newCredential = new ImportCredential() {};
+        newCredential = new ImportCredential() { };
         Edit(newCredential);
     }
 
@@ -290,7 +332,7 @@
         Edit(newCredential);
     }
 
-    private async Task Save()
+    public async Task Save()
     {
         try
         {
@@ -300,6 +342,21 @@
             }
             if (CheckValues(actCredential, userConfig.GetText("save_credential")))
             {
+
+                string mainKey = AesEnc.GetMainKey();
+                string encryptedSecret = actCredential.Secret;
+
+                // only encrypt secret if it was not already encrypted
+                try
+                {
+                    string decryptedSecret = AesEnc.Decrypt(actCredential.Secret, mainKey);
+                }
+                catch (Exception)
+                {
+                    encryptedSecret = AesEnc.Encrypt(actCredential.Secret, mainKey);
+                    actCredential.Secret = encryptedSecret;
+                }
+
                 if (AddMode)
                 {
                     // insert new credentials
@@ -313,7 +370,8 @@
                         cloudClientId = actCredential.CloudClientId,
                         cloudClientSecret = actCredential.CloudClientSecret
                     };
-                    ReturnId[]? returnIds = (await apiConnection.SendQueryAsync<NewReturning>(FWO.Api.Client.Queries.DeviceQueries.newCredential, Variables)).ReturnIds;
+                    ReturnId[]? returnIds = (await
+                    apiConnection.SendQueryAsync<NewReturning>(FWO.Api.Client.Queries.DeviceQueries.newCredential, Variables)).ReturnIds;
                     if (returnIds != null)
                     {
                         actCredential.Id = returnIds[0].NewId;
@@ -332,11 +390,12 @@
                         isKeyPair = actCredential.IsKeyPair,
                         username = actCredential.ImportUser,
                         sshPublicKey = actCredential.PublicKey,
-                        secret = actCredential.Secret,
+                        secret = encryptedSecret,
                         cloudClientId = actCredential.CloudClientId,
                         cloudClientSecret = actCredential.CloudClientSecret
                     };
-                    int udId = (await apiConnection.SendQueryAsync<ReturnId>(FWO.Api.Client.Queries.DeviceQueries.updateCredential, Variables)).UpdatedId;
+                    int udId = (await apiConnection.SendQueryAsync<ReturnId>(FWO.Api.Client.Queries.DeviceQueries.updateCredential,
+                        Variables)).UpdatedId;
                     EditMode = (udId == actCredential.Id ? false : true);
                     credentials[credentials.FindIndex(x => x.Id == actCredential.Id)] = actCredential;
                 }
@@ -352,9 +411,9 @@
 
     private bool CheckValues(ImportCredential cred, string checkCause)
     {
-        if (cred.Name == null || cred.Name == "" || 
-            cred.ImportUser == null || cred.ImportUser == "" || 
-            cred.Secret == null)
+        if (cred.Name == null || cred.Name == "" ||
+        cred.ImportUser == null || cred.ImportUser == "" ||
+        cred.Secret == null)
         {
             DisplayMessageInUi(null, checkCause, userConfig.GetText("E5102"), true);
             return false;
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor
index 3d3a5205c..bfd3c103a 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGateways.razor
@@ -1,3 +1,4 @@
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Config.Api
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGroups.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGroups.razor
index 11da37de4..10a838d0c 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsGroups.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsGroups.razor
@@ -1,5 +1,6 @@
 @using BlazorTable
 @using System.Net
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Ui.Services
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor
index d8e9ee91e..28791ffdd 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor
@@ -1,11 +1,14 @@
 @using BlazorTable
 @using System.Net
+@using RestSharp
+
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Config.Api
 @using FWO.Middleware.Client
 @using FWO.Middleware.RequestParameters
-@using RestSharp
+@using FWO.Encryption
 
 
 @page "/settings/ldap"
@@ -381,7 +384,31 @@
                 DisplayMessageInUi(null, userConfig.GetText("save_ldap_conn"), userConfig.GetText("U0001"), true);
             }
             if (CheckValues())
-            {    
+            {
+                string mainKey = AesEnc.GetMainKey();
+                string encryptedSecretSearchUser = actLdapConnection.SearchUserPwd;
+                string encryptedSecretWriteUser = actLdapConnection.WriteUserPwd;
+
+                // only encrypt secret if it was not already encrypted
+                try
+                {
+                    string decryptedSecretSearchUser = AesEnc.Decrypt(actLdapConnection.SearchUserPwd, mainKey);
+                }
+                catch (Exception)
+                {
+                    encryptedSecretSearchUser = AesEnc.Encrypt(actLdapConnection.SearchUserPwd, mainKey);
+                    actLdapConnection.SearchUserPwd = encryptedSecretSearchUser;
+                }
+                try
+                {
+                    string decryptedSecret = AesEnc.Decrypt(actLdapConnection.WriteUserPwd, mainKey);
+                }
+                catch (Exception)
+                {
+                    encryptedSecretWriteUser = AesEnc.Encrypt(actLdapConnection.WriteUserPwd, mainKey);
+                    actLdapConnection.WriteUserPwd = encryptedSecretWriteUser;
+                }
+
                 if (AddMode)
                 {
                     RestResponse<int> ldapMiddlewareServerResponse = await middlewareClient.AddLdap(actLdapConnection.ToApiParams());
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsManagements.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsManagements.razor
index 94db3965d..7bfa1a9e0 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsManagements.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsManagements.razor
@@ -1,4 +1,5 @@
 @using BlazorTable
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Config.Api
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsOwner.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsOwner.razor
index d8a0d210e..f521569ba 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsOwner.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsOwner.razor
@@ -5,6 +5,7 @@
 @using FWO.Middleware.Client
 @using FWO.Middleware.RequestParameters
 @using RestSharp
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Logging
 @using FWO.Recert
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsRoles.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsRoles.razor
index fbcf73419..ed271aabe 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsRoles.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsRoles.razor
@@ -1,5 +1,6 @@
 @using BlazorTable
 @using System.Net
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Ui.Services
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsTenants.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsTenants.razor
index 24c8dd31f..32aeebecc 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsTenants.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsTenants.razor
@@ -1,6 +1,7 @@
 @using BlazorTable
 @using System.Linq
 @using System.Net
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Api.Client.Queries
diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsUsers.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsUsers.razor
index e06030524..dab0644bb 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsUsers.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsUsers.razor
@@ -1,5 +1,6 @@
 @using BlazorTable
 @using System.Net
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Middleware.Client
diff --git a/roles/ui/files/FWO.UI/Pages/_Imports.razor b/roles/ui/files/FWO.UI/Pages/_Imports.razor
index 71b261f5c..eb105c8e6 100644
--- a/roles/ui/files/FWO.UI/Pages/_Imports.razor
+++ b/roles/ui/files/FWO.UI/Pages/_Imports.razor
@@ -1,4 +1,5 @@
 @using BlazorTable
 @using FWO.Api.Client
 @using FWO.Api.Client.Queries
+@using FWO.GlobalConstants
 @using FWO.Api.Data
\ No newline at end of file
diff --git a/roles/ui/files/FWO.UI/Services/ActionHandler.cs b/roles/ui/files/FWO.UI/Services/ActionHandler.cs
index ad4cd3792..cfda64bf1 100644
--- a/roles/ui/files/FWO.UI/Services/ActionHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ActionHandler.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
 using FWO.Logging;
diff --git a/roles/ui/files/FWO.UI/Services/CircuitHandlerService.cs b/roles/ui/files/FWO.UI/Services/CircuitHandlerService.cs
index ac7ea007c..b03c4dc51 100644
--- a/roles/ui/files/FWO.UI/Services/CircuitHandlerService.cs
+++ b/roles/ui/files/FWO.UI/Services/CircuitHandlerService.cs
@@ -3,6 +3,7 @@
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Components.Server.Circuits;
 using FWO.Logging;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using System.Collections.Concurrent;
 
diff --git a/roles/ui/files/FWO.UI/Services/DefaultInit.cs b/roles/ui/files/FWO.UI/Services/DefaultInit.cs
index 1917c68ef..7d62b178d 100644
--- a/roles/ui/files/FWO.UI/Services/DefaultInit.cs
+++ b/roles/ui/files/FWO.UI/Services/DefaultInit.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 
 namespace FWO.Ui.Services
 {
diff --git a/roles/ui/files/FWO.UI/Services/GroupAccess.cs b/roles/ui/files/FWO.UI/Services/GroupAccess.cs
index d102859b8..2841d0f54 100644
--- a/roles/ui/files/FWO.UI/Services/GroupAccess.cs
+++ b/roles/ui/files/FWO.UI/Services/GroupAccess.cs
@@ -1,4 +1,5 @@
 using System.Net;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Middleware.Client;
diff --git a/roles/ui/files/FWO.UI/Services/JwtEventService.cs b/roles/ui/files/FWO.UI/Services/JwtEventService.cs
index 7b9451f33..03b6a5977 100644
--- a/roles/ui/files/FWO.UI/Services/JwtEventService.cs
+++ b/roles/ui/files/FWO.UI/Services/JwtEventService.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Config.Api;
 
 namespace FWO.Ui.Services
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
index a862464f6..64531bd76 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppHandler.cs
@@ -1,4 +1,5 @@
 using FWO.Config.Api;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
index 745ccb958..75d6e39a0 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppRoleHandler.cs
@@ -1,4 +1,5 @@
 using FWO.Config.Api;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
index 2b6fe4e16..bdff85fce 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppServerHandler.cs
@@ -1,5 +1,6 @@
 using NetTools;
 using FWO.Config.Api;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs
index 364f0367f..a1f338f05 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingAppServerListHandler.cs
@@ -1,4 +1,5 @@
 using FWO.Config.Api;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
index e3cbe9d2f..1a922c27a 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingConnectionHandler.cs
@@ -1,5 +1,6 @@
 using FWO.Config.Api;
 using FWO.Config.Api.Data;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
index f1eafe883..b31e1448e 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingHandlerBase.cs
@@ -1,4 +1,5 @@
 using FWO.Config.Api;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
index f1b189ccb..387134e82 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingServiceGroupHandler.cs
@@ -1,4 +1,5 @@
 using FWO.Config.Api;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
diff --git a/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs b/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
index db60f9d28..8b2ccbf52 100644
--- a/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/ModellingServiceHandler.cs
@@ -1,4 +1,5 @@
 using FWO.Config.Api;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
diff --git a/roles/ui/files/FWO.UI/Services/NetworkZoneService.cs b/roles/ui/files/FWO.UI/Services/NetworkZoneService.cs
index afe0941e1..e9c6fd39c 100644
--- a/roles/ui/files/FWO.UI/Services/NetworkZoneService.cs
+++ b/roles/ui/files/FWO.UI/Services/NetworkZoneService.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using NetTools;
 
 namespace FWO.Ui.Services
diff --git a/roles/ui/files/FWO.UI/Services/PathAnalysis.cs b/roles/ui/files/FWO.UI/Services/PathAnalysis.cs
index f1ef99ead..506993c34 100644
--- a/roles/ui/files/FWO.UI/Services/PathAnalysis.cs
+++ b/roles/ui/files/FWO.UI/Services/PathAnalysis.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Api.Client;
 using FWO.Api.Client.Queries;
 using FWO.Logging;
diff --git a/roles/ui/files/FWO.UI/Services/RequestDbAccess.cs b/roles/ui/files/FWO.UI/Services/RequestDbAccess.cs
index 6a53d9792..3fb1b1387 100644
--- a/roles/ui/files/FWO.UI/Services/RequestDbAccess.cs
+++ b/roles/ui/files/FWO.UI/Services/RequestDbAccess.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Api.Client;
 
diff --git a/roles/ui/files/FWO.UI/Services/RequestHandler.cs b/roles/ui/files/FWO.UI/Services/RequestHandler.cs
index 234a70020..cad8d1a9a 100644
--- a/roles/ui/files/FWO.UI/Services/RequestHandler.cs
+++ b/roles/ui/files/FWO.UI/Services/RequestHandler.cs
@@ -1,4 +1,5 @@
-using FWO.Api.Data;
+using FWO.GlobalConstants;
+using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Api.Client;
 
diff --git a/roles/ui/files/FWO.UI/Services/RoleAccess.cs b/roles/ui/files/FWO.UI/Services/RoleAccess.cs
index aa245c083..5fc020c20 100644
--- a/roles/ui/files/FWO.UI/Services/RoleAccess.cs
+++ b/roles/ui/files/FWO.UI/Services/RoleAccess.cs
@@ -1,4 +1,5 @@
 using System.Net;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Middleware.Client;
 using FWO.Middleware.RequestParameters;
diff --git a/roles/ui/files/FWO.UI/Services/TicketCreator.cs b/roles/ui/files/FWO.UI/Services/TicketCreator.cs
index 44f97c218..09433bf5a 100644
--- a/roles/ui/files/FWO.UI/Services/TicketCreator.cs
+++ b/roles/ui/files/FWO.UI/Services/TicketCreator.cs
@@ -1,4 +1,5 @@
 using System.Text.Json;
+using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Api.Client;
diff --git a/roles/ui/files/FWO.UI/Shared/AutoDiscovery.razor b/roles/ui/files/FWO.UI/Shared/AutoDiscovery.razor
index cbc0574fc..f6ad62a33 100644
--- a/roles/ui/files/FWO.UI/Shared/AutoDiscovery.razor
+++ b/roles/ui/files/FWO.UI/Shared/AutoDiscovery.razor
@@ -1,5 +1,6 @@
 @using BlazorTable
 @using FWO.Config.Api
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using System.Text.Json;
diff --git a/roles/ui/files/FWO.UI/Shared/Collapse.razor b/roles/ui/files/FWO.UI/Shared/Collapse.razor
index e4e5265fd..6b7491212 100644
--- a/roles/ui/files/FWO.UI/Shared/Collapse.razor
+++ b/roles/ui/files/FWO.UI/Shared/Collapse.razor
@@ -1,4 +1,5 @@
 @using FWO.Ui.Data
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 
 @implements IDisposable
diff --git a/roles/ui/files/FWO.UI/Shared/Confirm.razor b/roles/ui/files/FWO.UI/Shared/Confirm.razor
index d9aebbc5c..4189440dd 100644
--- a/roles/ui/files/FWO.UI/Shared/Confirm.razor
+++ b/roles/ui/files/FWO.UI/Shared/Confirm.razor
@@ -1,4 +1,5 @@
-@using FWO.Api.Data
+@using FWO.GlobalConstants
+@using FWO.Api.Data
 
 @attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}")]
 
diff --git a/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor b/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor
index 51dc7495f..3ed1c84b4 100644
--- a/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor
+++ b/roles/ui/files/FWO.UI/Shared/ConfirmDelete.razor
@@ -1,4 +1,5 @@
-@using FWO.Api.Data
+@using FWO.GlobalConstants
+@using FWO.Api.Data
 
 @attribute [Authorize(Roles = $"{Roles.Admin}, {Roles.Auditor}, {Roles.Modeller}")]
 
diff --git a/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor b/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
index bb5f93171..af7b338a3 100644
--- a/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
+++ b/roles/ui/files/FWO.UI/Shared/ConnectionTable.razor
@@ -1,5 +1,6 @@
 @using FWO.Config.Api
 @using FWO.Ui.Display
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using BlazorTable
 
diff --git a/roles/ui/files/FWO.UI/Shared/ContentSwap.razor b/roles/ui/files/FWO.UI/Shared/ContentSwap.razor
index 4dea340df..703e88ac2 100644
--- a/roles/ui/files/FWO.UI/Shared/ContentSwap.razor
+++ b/roles/ui/files/FWO.UI/Shared/ContentSwap.razor
@@ -1,4 +1,5 @@
-@using FWO.Api.Data
+@using FWO.GlobalConstants
+@using FWO.Api.Data
 
 <div class="w-100 card">
     <div class="btn-group w-100">
diff --git a/roles/ui/files/FWO.UI/Shared/DeviceSelection.razor b/roles/ui/files/FWO.UI/Shared/DeviceSelection.razor
index f19c5d47a..cd4b8b8ca 100644
--- a/roles/ui/files/FWO.UI/Shared/DeviceSelection.razor
+++ b/roles/ui/files/FWO.UI/Shared/DeviceSelection.razor
@@ -1,4 +1,5 @@
 @using FWO.Config.Api
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Ui.Data
 
diff --git a/roles/ui/files/FWO.UI/Shared/DeviceSelectionTenants.razor b/roles/ui/files/FWO.UI/Shared/DeviceSelectionTenants.razor
index 2d30e02ec..a626a61c7 100644
--- a/roles/ui/files/FWO.UI/Shared/DeviceSelectionTenants.razor
+++ b/roles/ui/files/FWO.UI/Shared/DeviceSelectionTenants.razor
@@ -1,4 +1,5 @@
 @using FWO.Config.Api
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Ui.Data
 
diff --git a/roles/ui/files/FWO.UI/Shared/Dropdown.razor b/roles/ui/files/FWO.UI/Shared/Dropdown.razor
index 59aaa00a1..2081aa1e2 100644
--- a/roles/ui/files/FWO.UI/Shared/Dropdown.razor
+++ b/roles/ui/files/FWO.UI/Shared/Dropdown.razor
@@ -1,5 +1,6 @@
 @using System.Reflection
 @using System.Diagnostics;
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @typeparam ElementType
 
diff --git a/roles/ui/files/FWO.UI/Shared/EditList.razor b/roles/ui/files/FWO.UI/Shared/EditList.razor
index 2ba45d62b..b590430b3 100644
--- a/roles/ui/files/FWO.UI/Shared/EditList.razor
+++ b/roles/ui/files/FWO.UI/Shared/EditList.razor
@@ -1,4 +1,5 @@
-@using FWO.Api.Data
+@using FWO.GlobalConstants
+@using FWO.Api.Data
 
 @typeparam ElementType
 
diff --git a/roles/ui/files/FWO.UI/Shared/HelpLink.razor b/roles/ui/files/FWO.UI/Shared/HelpLink.razor
index 262dbe548..46457a99d 100644
--- a/roles/ui/files/FWO.UI/Shared/HelpLink.razor
+++ b/roles/ui/files/FWO.UI/Shared/HelpLink.razor
@@ -1,4 +1,5 @@
-@using FWO.Api.Data
+@using FWO.GlobalConstants
+@using FWO.Api.Data
 
 @inject UserConfig userConfig
 @inject IJSRuntime jsRuntime
diff --git a/roles/ui/files/FWO.UI/Shared/ImportDetails.razor b/roles/ui/files/FWO.UI/Shared/ImportDetails.razor
index 5079dd6a9..ea89f90f8 100644
--- a/roles/ui/files/FWO.UI/Shared/ImportDetails.razor
+++ b/roles/ui/files/FWO.UI/Shared/ImportDetails.razor
@@ -1,4 +1,5 @@
 @using FWO.Config.Api
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 
diff --git a/roles/ui/files/FWO.UI/Shared/ImportRollback.razor b/roles/ui/files/FWO.UI/Shared/ImportRollback.razor
index 0bf4cc198..e535188cd 100644
--- a/roles/ui/files/FWO.UI/Shared/ImportRollback.razor
+++ b/roles/ui/files/FWO.UI/Shared/ImportRollback.razor
@@ -1,4 +1,5 @@
 @using FWO.Config.Api
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 
diff --git a/roles/ui/files/FWO.UI/Shared/IpSelector.razor b/roles/ui/files/FWO.UI/Shared/IpSelector.razor
index e2f3cd805..d54be8b4f 100644
--- a/roles/ui/files/FWO.UI/Shared/IpSelector.razor
+++ b/roles/ui/files/FWO.UI/Shared/IpSelector.razor
@@ -1,4 +1,5 @@
 @using NetTools;
+@using FWO.GlobalConstants
 @using FWO.Api.Data;
 @using FWO.Ui.Display;
 
diff --git a/roles/ui/files/FWO.UI/Shared/MainLayout.razor b/roles/ui/files/FWO.UI/Shared/MainLayout.razor
index 43ff114b8..1094f9c43 100644
--- a/roles/ui/files/FWO.UI/Shared/MainLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/MainLayout.razor
@@ -1,6 +1,7 @@
 @inherits LayoutComponentBase
 @using FWO.Config.Api
 @using FWO.Api.Client
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client.Queries
 @using FWO.Middleware.Client
diff --git a/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor b/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
index be6dc4dab..b00a7ace5 100644
--- a/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/MonitoringLayout.razor
@@ -1,5 +1,6 @@
 @using FWO.Config.Api
 @using FWO.Config.Api.Data
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 
 @inherits LayoutComponentBase
diff --git a/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor b/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
index 7e5c6a9b2..9120a72a0 100644
--- a/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
+++ b/roles/ui/files/FWO.UI/Shared/NavigationMenu.razor
@@ -1,5 +1,6 @@
 @using FWO.Config.Api
 @using FWO.Config.Api.Data
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 
 @inject GlobalConfig globalConfig
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
index 927b44dc5..cfeb0a370 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroup.razor
@@ -1,5 +1,6 @@
 @using BlazorTable
 @using FWO.Config.Api
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Report
 @using FWO.Ui.Display
diff --git a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
index 930bb1ed6..6663a7e4e 100644
--- a/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
+++ b/roles/ui/files/FWO.UI/Shared/ObjectGroupCollection.razor
@@ -1,4 +1,5 @@
-@using FWO.Api.Data
+@using FWO.GlobalConstants
+@using FWO.Api.Data
 @using FWO.Report
 
 @typeparam InputDataType
diff --git a/roles/ui/files/FWO.UI/Shared/ReportLayout.razor b/roles/ui/files/FWO.UI/Shared/ReportLayout.razor
index c9b506bff..a1f7e7911 100644
--- a/roles/ui/files/FWO.UI/Shared/ReportLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/ReportLayout.razor
@@ -1,5 +1,6 @@
 @inherits LayoutComponentBase
 @layout MainLayout
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 
 <!--<Sidebar PositionLeft="true" Collapsible="true" Resizeable="true" InitialWidth="sidebarLeftWidth" @bind-Width="sidebarLeftWidth">
diff --git a/roles/ui/files/FWO.UI/Shared/RequestLayout.razor b/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
index 194a3b713..02fe17b46 100644
--- a/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/RequestLayout.razor
@@ -2,6 +2,7 @@
 @using FWO.Config.Api.Data
 @using FWO.Ui.Services
 @using FWO.Api.Client
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 
 @inherits LayoutComponentBase
diff --git a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
index 7f07edf74..a83c02463 100644
--- a/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
+++ b/roles/ui/files/FWO.UI/Shared/RightSidebar.razor
@@ -1,5 +1,6 @@
 @using System
 @using FWO.Config.Api
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Api.Client.Queries
diff --git a/roles/ui/files/FWO.UI/Shared/RuleSelector.razor b/roles/ui/files/FWO.UI/Shared/RuleSelector.razor
index 1eae00a8b..c59fd651e 100644
--- a/roles/ui/files/FWO.UI/Shared/RuleSelector.razor
+++ b/roles/ui/files/FWO.UI/Shared/RuleSelector.razor
@@ -1,4 +1,5 @@
-@using FWO.Api.Data
+@using FWO.GlobalConstants
+@using FWO.Api.Data
 @using FWO.Api.Client
 @using FWO.Api.Client.Queries
 
diff --git a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
index 8d95179cf..6f8c824e8 100644
--- a/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
+++ b/roles/ui/files/FWO.UI/Shared/SettingsLayout.razor
@@ -1,5 +1,6 @@
 @using FWO.Config.Api
 @using FWO.Config.Api.Data
+@using FWO.GlobalConstants
 @using FWO.Api.Data
 
 @inherits LayoutComponentBase
diff --git a/roles/ui/files/FWO.UI/Shared/Sidebar.razor b/roles/ui/files/FWO.UI/Shared/Sidebar.razor
index cc4c640f0..5b1a6f5b5 100644
--- a/roles/ui/files/FWO.UI/Shared/Sidebar.razor
+++ b/roles/ui/files/FWO.UI/Shared/Sidebar.razor
@@ -1,4 +1,5 @@
-@using FWO.Api.Data
+@using FWO.GlobalConstants
+@using FWO.Api.Data
 
 <div class="sidebar-main d-flex flex-row @SidebarContainerCssClass" style="@(PositionLeft ? "left: 0px;" : "right: 0px;")">
     @if (!PositionLeft)

From 6654817297a8301f1d0caf40f5b2d1fee0d9edc7 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Sat, 6 Apr 2024 10:07:26 +0200
Subject: [PATCH 67/84] decrypting ldap before usage only

---
 documentation/revision-history-develop.md     | 15 ++--
 roles/importer/files/importer/fwo_api.py      |  8 ---
 .../FWO.Api.Client/Data/LdapConnectionBase.cs | 28 +-------
 .../FWO.Api.Client/Data/UiLdapConnection.cs   | 28 +-------
 .../files/FWO.Middleware.Server/Ldap.cs       | 68 ++++++++++++++-----
 5 files changed, 65 insertions(+), 82 deletions(-)

diff --git a/documentation/revision-history-develop.md b/documentation/revision-history-develop.md
index 9f2788749..75c20a11b 100644
--- a/documentation/revision-history-develop.md
+++ b/documentation/revision-history-develop.md
@@ -183,9 +183,12 @@ bugfix release:
 # 8.0.2 - 11.03.2024 DEVELOP
 - first version of NSX import module
 
-# 8.0.3 - 04.04.2024 DEVELOP
-- encrypt all passwords in database
-  - missing: ldap_connection
-- import custom rule fields start
-  - missing: import from other vendors besides check point
-  - missing: add custom fields to reports
+# 8.0.3 - 06.04.2024 DEVELOP
+- add maintenance page during upgrade
+- sample customizing py script with sample data, closes  Installer customizable config (settings) #2275
+- remove log locking from importer due to stalling importer stops
+- credentials encryption, closes encrypt passwords and keys #1508
+- add custom (user-defined) fields to import
+  - cp only so far, other fw types missing
+  - user-defined fields are not part of reports yet
+t
\ No newline at end of file
diff --git a/roles/importer/files/importer/fwo_api.py b/roles/importer/files/importer/fwo_api.py
index aa478a266..6c8854ce7 100644
--- a/roles/importer/files/importer/fwo_api.py
+++ b/roles/importer/files/importer/fwo_api.py
@@ -268,14 +268,6 @@ def decrypt(encrypted_data, passphrase):
         return decrypted
     except:
         logger.warning("Unspecified error while decrypting with MS: " + str(traceback.format_exc()))
-        # try:
-        #     # trying postgres decryption
-        #     decrypted = decryptGpg(encrypted_data, passphrase)
-        #     return decrypted
-        # except:
-        #     logger.warning("Unspecified error while decrypting with gpg: " + str(traceback.format_exc()))
-        #     logger("error while decrypting: " + encrypted_data + ", assuming plaintext credentials")
-            # we return the credentials as is (not able to derypt them and assume they are in plaintext)
         return encrypted_data
 
 
diff --git a/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs b/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs
index 5b61d881a..93271eda3 100644
--- a/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/LdapConnectionBase.cs
@@ -80,36 +80,12 @@ public LdapConnectionBase(LdapGetUpdateParameters ldapGetUpdateParameters)
             SearchUser = ldapGetUpdateParameters.SearchUser;
             Tls = ldapGetUpdateParameters.Tls;
             TenantLevel = ldapGetUpdateParameters.TenantLevel;
-            if (ldapGetUpdateParameters.SearchUserPwd != null)
-            {
-                try 
-                {
-                    SearchUserPwd = AesEnc.Decrypt(ldapGetUpdateParameters.SearchUserPwd, AesEnc.GetMainKey());
-                }
-                catch
-                {
-                    // assuming we found an unencrypted password
-                    SearchUserPwd = ldapGetUpdateParameters.SearchUserPwd;
-                }
-            }
+            SearchUserPwd = ldapGetUpdateParameters.SearchUserPwd;
             UserSearchPath = ldapGetUpdateParameters.SearchpathForUsers;
             RoleSearchPath = ldapGetUpdateParameters.SearchpathForRoles;
             GroupSearchPath = ldapGetUpdateParameters.SearchpathForGroups;
             WriteUser = ldapGetUpdateParameters.WriteUser;
-
-            if (ldapGetUpdateParameters.WriteUserPwd != null)
-            {
-                try 
-                {
-                    WriteUserPwd = AesEnc.Decrypt(ldapGetUpdateParameters.WriteUserPwd, AesEnc.GetMainKey());
-                }
-                catch
-                {
-                    // assuming we found an unencrypted password
-                    WriteUserPwd = ldapGetUpdateParameters.WriteUserPwd;
-                }
-            }
-
+            WriteUserPwd = ldapGetUpdateParameters.WriteUserPwd;
             TenantId = ldapGetUpdateParameters.TenantId;
             GlobalTenantName = ldapGetUpdateParameters.GlobalTenantName;
             Active = ldapGetUpdateParameters.Active;
diff --git a/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs b/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs
index d43c8e1b3..ffcb91b2b 100644
--- a/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs
+++ b/roles/lib/files/FWO.Api.Client/Data/UiLdapConnection.cs
@@ -42,36 +42,12 @@ public UiLdapConnection(UiLdapConnection ldapConnection)
             SearchUser = ldapConnection.SearchUser;
             Tls = ldapConnection.Tls;
             TenantLevel = ldapConnection.TenantLevel;
-            if (ldapConnection.SearchUserPwd != null)
-            {
-                try 
-                {
-                    SearchUserPwd = AesEnc.Decrypt(ldapConnection.SearchUserPwd, AesEnc.GetMainKey());
-                }
-                catch
-                {
-                    // assuming we found an unencrypted password
-                    SearchUserPwd = ldapConnection.SearchUserPwd;
-                }
-            }
-
+            SearchUserPwd = ldapConnection.SearchUserPwd;
             UserSearchPath = ldapConnection.UserSearchPath;
             RoleSearchPath = ldapConnection.RoleSearchPath;
             GroupSearchPath = ldapConnection.GroupSearchPath;
             WriteUser = ldapConnection.WriteUser;
-
-            if (ldapConnection.WriteUserPwd != null)
-            {
-                try 
-                {
-                    WriteUserPwd = AesEnc.Decrypt(ldapConnection.WriteUserPwd, AesEnc.GetMainKey());
-                }
-                catch
-                {
-                    // assuming we found an unencrypted password
-                    WriteUserPwd = ldapConnection.WriteUserPwd;
-                }
-            }
+            WriteUserPwd = ldapConnection.WriteUserPwd;
             TenantId = ldapConnection.TenantId;
             GlobalTenantName = ldapConnection.GlobalTenantName;
             Active = ldapConnection.Active;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
index 82ee8635c..3a482e3d1 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
@@ -54,6 +54,27 @@ private LdapConnection Connect()
             }
         }
 
+        /// <summary>
+        /// try an ldap bind 
+        /// decrypting pwd before bind
+        /// false if bind fails
+        /// </summary>
+        private bool TryBind(LdapConnection connection, string user, string password)
+        {
+            string decryptedPassword = password; 
+            try 
+            {
+                decryptedPassword = AesEnc.Decrypt(password, AesEnc.GetMainKey());
+            }
+            catch
+            {
+                Log.WriteDebug("TryBind", $"Could not decrypt password");
+                // assuming we already have an unencrypted password, trying this
+            }
+            connection.Bind(user, decryptedPassword);
+            return connection.Bound;
+        }
+
         /// <summary>
         /// Test a connection to the specified Ldap server.
         /// Throws exception if not successful
@@ -65,13 +86,16 @@ public void TestConnection()
                 if (!string.IsNullOrEmpty(SearchUser))
                 {
                     // connection.Bind(SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey()));
-                    connection.Bind(SearchUser, SearchUserPwd);
-                    if (!connection.Bound) throw new Exception("Binding failed for search user");
+                    // TryBindEncryptedPwd(connection, SearchUser, SearchUserPwd);
+                    // connection.Bind(SearchUser, SearchUserPwd);
+                    if (!TryBind(connection, SearchUser, SearchUserPwd)) throw new Exception("Binding failed for search user");
+                    // if (!connection.Bound) throw new Exception("Binding failed for search user");
                 }
                 if (!string.IsNullOrEmpty(WriteUser))
                 {
-                    connection.Bind(WriteUser, WriteUserPwd);
-                    if (!connection.Bound) throw new Exception("Binding failed for write user");
+                    if (!TryBind(connection, WriteUser, WriteUserPwd)) throw new Exception("Binding failed for write user");
+                    // connection.Bind(WriteUser, WriteUserPwd);
+                    // if (!connection.Bound) throw new Exception("Binding failed for write user");
                 }
             }
         }
@@ -133,7 +157,9 @@ private string getGroupSearchFilter(string searchPattern)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as search user
-                    connection.Bind(SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey()));
+                    // connection.Bind(SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey()));
+                    // connection.Bind(SearchUser, SearchUserPwd);
+                    TryBind(connection, SearchUser, SearchUserPwd);
 
                     LdapSearchConstraints cons = connection.SearchConstraints;
                     cons.ReferralFollowing = true;
@@ -317,8 +343,9 @@ public string SetPassword(string userDn, string newPassword)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    connection.Bind(WriteUser, WriteUserPwd);
-                    if (connection.Bound)
+                    // connection.Bind(WriteUser, WriteUserPwd);
+                    // if (connection.Bound)
+                    if (TryBind(connection, WriteUser, WriteUserPwd))
                     {
                         // authentication was successful: set new password
                         LdapAttribute attribute = new LdapAttribute("userPassword", newPassword);
@@ -604,7 +631,8 @@ public bool AddUser(string userDn , string password, string email)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    connection.Bind(WriteUser, WriteUserPwd);
+                    //connection.Bind(WriteUser, WriteUserPwd);
+                    TryBind(connection, WriteUser, WriteUserPwd);
 
                     string userName = (new FWO.Api.Data.DistName(userDn)).UserName;
                     LdapAttributeSet attributeSet = new LdapAttributeSet
@@ -653,7 +681,8 @@ public bool UpdateUser(string userDn, string email)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    connection.Bind(WriteUser, WriteUserPwd);
+                    TryBind(connection, WriteUser, WriteUserPwd);
+                    // connection.Bind(WriteUser, WriteUserPwd);
 
                     LdapAttribute attribute = new LdapAttribute("mail", email);
                     LdapModification[] mods = { new LdapModification(LdapModification.Replace, attribute) };
@@ -692,7 +721,8 @@ public bool DeleteUser(string userDn)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    connection.Bind(WriteUser, WriteUserPwd);
+                    TryBind(connection, WriteUser, WriteUserPwd);
+                    // connection.Bind(WriteUser, WriteUserPwd);
 
                     try
                     {
@@ -729,7 +759,8 @@ public string AddGroup(string groupName, bool ownerGroup)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    connection.Bind(WriteUser, WriteUserPwd);
+                    // connection.Bind(WriteUser, WriteUserPwd);
+                    TryBind(connection, WriteUser, WriteUserPwd);
 
                     groupDn = $"cn={groupName},{GroupSearchPath}";
                     LdapAttributeSet attributeSet = new LdapAttributeSet();
@@ -779,7 +810,8 @@ public string UpdateGroup(string oldName, string newName)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    connection.Bind(WriteUser, WriteUserPwd);
+                    // connection.Bind(WriteUser, WriteUserPwd);
+                    TryBind(connection, WriteUser, WriteUserPwd);
 
                     try
                     {
@@ -815,7 +847,8 @@ public bool DeleteGroup(string groupName)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    connection.Bind(WriteUser, WriteUserPwd);
+                    // connection.Bind(WriteUser, WriteUserPwd);
+                    TryBind(connection, WriteUser, WriteUserPwd);
 
                     try
                     {
@@ -889,7 +922,8 @@ private bool ModifyUserInEntry(string userDn, string entry, int LdapModification
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    connection.Bind(WriteUser, WriteUserPwd);
+                    // connection.Bind(WriteUser, WriteUserPwd);
+                    TryBind(connection, WriteUser, WriteUserPwd);
 
                     // Add a new value to the description attribute
                     LdapAttribute attribute = new LdapAttribute("uniquemember", userDn);
@@ -930,7 +964,8 @@ public bool AddTenant(string tenantName)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    connection.Bind(WriteUser, WriteUserPwd);
+                    // connection.Bind(WriteUser, WriteUserPwd);
+                    TryBind(connection, WriteUser, WriteUserPwd);
 
                     tenantDn = $"ou={tenantName},{UserSearchPath}";
                     LdapAttributeSet attributeSet = new LdapAttributeSet();
@@ -972,7 +1007,8 @@ public bool DeleteTenant(string tenantName)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    connection.Bind(WriteUser, WriteUserPwd);
+                    // connection.Bind(WriteUser, WriteUserPwd);
+                    TryBind(connection, WriteUser, WriteUserPwd);
 
                     try
                     {

From 0ff485b851271e48c0998d1b6af4323a6aed4a2c Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Sat, 6 Apr 2024 14:32:16 +0200
Subject: [PATCH 68/84] fix install secrects dir rights

---
 roles/common/tasks/main.yml  |  4 +++-
 roles/prepare/tasks/main.yml | 14 +++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index c1ddf5db5..25f9bf97b 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -186,8 +186,10 @@
         path: "{{ fworch_home }}/etc/secrets"
         state: directory
         owner: "{{ fworch_user }}"
-        group: "{{ postgres_group }}"
+        group: "{{ fworch_user }}"
+        # group: "{{ postgres_group }}" # group does not exist yet during install, created in role database
         mode: '0750'
+      when: "installation_mode == 'new'"
 
     - name: generate main key
       set_fact:
diff --git a/roles/prepare/tasks/main.yml b/roles/prepare/tasks/main.yml
index 099d73b79..edfb55ed9 100644
--- a/roles/prepare/tasks/main.yml
+++ b/roles/prepare/tasks/main.yml
@@ -49,7 +49,19 @@
     name: "{{ item }}"
     state: stopped
   become: true
-  when: "inventory_hostname in groups['importers'] and not installation_mode == 'new'"
+  when: "inventory_hostname in groups['importers'] and installation_mode == 'upgrade'"
   loop:
     - "{{ product_name }}-importer-legacy"
     - "{{ product_name }}-importer-api"
+
+- name: stop importer service before making any changes
+  systemd:
+    name: "{{ item }}"
+    state: stopped
+  become: true
+  ignore_errors: true # might not have been installed yet in case of early fail installs
+  when: "inventory_hostname in groups['importers'] and installation_mode == 'uninstall'"
+  loop:
+    - "{{ product_name }}-importer-legacy"
+    - "{{ product_name }}-importer-api"
+

From 8105403546c559c2895d70e178bde4b84a3112ad Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Sat, 6 Apr 2024 16:59:36 +0200
Subject: [PATCH 69/84] set main key permissions when postgres group exists

---
 roles/common/tasks/main.yml               | 2 +-
 roles/database/tasks/install-database.yml | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 25f9bf97b..fdc52b0b4 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -214,7 +214,7 @@
         dest: "{{ main_key_file }}"
         mode: '0640'
         owner: "{{ fworch_user }}"
-        group: "{{ postgres_group }}"
+        group: "{{ fworch_group }}"
       become: true
       when: not stat_result.stat.exists
 
diff --git a/roles/database/tasks/install-database.yml b/roles/database/tasks/install-database.yml
index 1fb0b916b..230fe83a2 100644
--- a/roles/database/tasks/install-database.yml
+++ b/roles/database/tasks/install-database.yml
@@ -7,6 +7,14 @@
     mode: "0750"
   become: true
 
+# now that postgresq user group exists ...
+- name: set the correct permissions for main key file
+  file:
+    dest: "{{ main_key_file }}"
+    mode: '0640'
+    group: "{{ postgres_group }}"
+  become: true 
+
 - name: set dbadmin password from parameter
   set_fact:
     dbadmin_password: "{{ dbadmin_initial_password }}"

From f6cfeb7e37b0558af919491bbba6c0fbf0c46b18 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Sun, 7 Apr 2024 13:08:53 +0200
Subject: [PATCH 70/84] docs

---
 documentation/revision-history-develop.md | 5 +++--
 roles/database/files/upgrade/8.0.3.sql    | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/documentation/revision-history-develop.md b/documentation/revision-history-develop.md
index 75c20a11b..2d7ae96fa 100644
--- a/documentation/revision-history-develop.md
+++ b/documentation/revision-history-develop.md
@@ -183,12 +183,13 @@ bugfix release:
 # 8.0.2 - 11.03.2024 DEVELOP
 - first version of NSX import module
 
-# 8.0.3 - 06.04.2024 DEVELOP
+# 8.0.3 - 08.04.2024 DEVELOP
 - add maintenance page during upgrade
 - sample customizing py script with sample data, closes  Installer customizable config (settings) #2275
 - remove log locking from importer due to stalling importer stops
 - credentials encryption, closes encrypt passwords and keys #1508
+  - breaking change for developer debugging: add the following local file when using -e testkeys=true:
+    /etc/fworch/secrets/main_key with content "not4production..not4production.."
 - add custom (user-defined) fields to import
   - cp only so far, other fw types missing
   - user-defined fields are not part of reports yet
-t
\ No newline at end of file
diff --git a/roles/database/files/upgrade/8.0.3.sql b/roles/database/files/upgrade/8.0.3.sql
index 37ee14b5f..393674132 100644
--- a/roles/database/files/upgrade/8.0.3.sql
+++ b/roles/database/files/upgrade/8.0.3.sql
@@ -147,7 +147,7 @@ $$ LANGUAGE plpgsql;
 
 -- finally do the encryption in the db tables
 SELECT * FROM encryptPasswords (getMainKey());
--- test using: SELECT * FROM custom_aes_cbc_decrypt_base64(custom_aes_cbc_encrypt_base64('superpwd', 'yVPJUhSSWzRSzEtFLkQvtqNDjzLZResp'), 'yVPJUhSSWzRSzEtFLkQvtqNDjzLZResp');
+-- test using: SELECT * FROM custom_aes_cbc_decrypt_base64(custom_aes_cbc_encrypt_base64('xxx', 'xxx'), 'xxx');
 
 -- function for adding local ldap data with encrypted pwds into ldap_connection
 CREATE OR REPLACE FUNCTION insertLocalLdapWithEncryptedPasswords(
@@ -180,4 +180,4 @@ BEGIN
     END IF;
 END;
 $$ LANGUAGE plpgsql;
--- test using: SELECT * FROM insertLocalLdapWithEncryptedPasswords('127.0.0.3', 636, 'ou=operator,ou=user,dc=fworch,dc=internal','ou=role,dc=fworch,dc=internal','ou=group,dc=fworch,dc=internal',5,'inspector','WAhxGDPcRWBXshcyMHwRBqfVSikAwGUA','ldapwriter','IpifgLXOwguTZzbadQkNnZyleJcKbaCw',2);
+-- test using: SELECT * FROM insertLocalLdapWithEncryptedPasswords('127.0.0.3', 636, 'ou=operator,ou=user,dc=fworch,dc=internal','ou=role,dc=fworch,dc=internal','ou=group,dc=fworch,dc=internal',5,'inspector','xxx','ldapwriter','xxx',2);

From 52f5729767ee48e09bc76038af89cb05879558a7 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Sun, 7 Apr 2024 15:54:04 +0200
Subject: [PATCH 71/84] fix duplicates

---
 roles/api/templates/fworch-hasura-docker-api.service.j2 | 3 +--
 roles/lib/files/FWO.Config.Api/Data/ConfigData.cs       | 1 -
 roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs   | 1 -
 roles/middleware/templates/fworch-middleware.service.j2 | 3 +--
 roles/test/files/FWO.Test/FWO.Test.csproj               | 1 -
 5 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/roles/api/templates/fworch-hasura-docker-api.service.j2 b/roles/api/templates/fworch-hasura-docker-api.service.j2
index d66aecaa6..6606b0297 100644
--- a/roles/api/templates/fworch-hasura-docker-api.service.j2
+++ b/roles/api/templates/fworch-hasura-docker-api.service.j2
@@ -7,9 +7,8 @@ After=network.target remote-fs.target nss-lookup.target postgresql.service docke
 After=network.target remote-fs.target nss-lookup.target docker.service
 {%- endif %}
 [Service]
-Restart=always
+Restart=on-failure
 WorkingDirectory={{ fworch_home }}
-# ExecStartPre=/bin/sleep 10
 ExecStart=/usr/bin/docker start -a {{ api_container_name }}
 ExecStop=/usr/bin/docker stop -t 2 {{ api_container_name }}
 StandardOutput=journal
diff --git a/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs b/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
index 533f13335..ca5c12d27 100644
--- a/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
+++ b/roles/lib/files/FWO.Config.Api/Data/ConfigData.cs
@@ -2,7 +2,6 @@
 using System.Text.Json;
 using System.Text.Json.Serialization;
 using FWO.GlobalConstants;
-using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Mail;
 
diff --git a/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs b/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs
index 21498e6a3..5b209faa8 100644
--- a/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs
+++ b/roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs
@@ -1,6 +1,5 @@
 using System.Text;
 using FWO.GlobalConstants;
-using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Config.Api;
 using FWO.Report.Filter;
diff --git a/roles/middleware/templates/fworch-middleware.service.j2 b/roles/middleware/templates/fworch-middleware.service.j2
index e7fd745f1..e0853016f 100644
--- a/roles/middleware/templates/fworch-middleware.service.j2
+++ b/roles/middleware/templates/fworch-middleware.service.j2
@@ -9,8 +9,7 @@ After=network.target remote-fs.target nss-lookup.target slapd.service
 WorkingDirectory={{ middleware_server_start_dir }}
 ExecStartPre=/bin/sleep 10
 ExecStart={{ middleware_server_start_dir }}/bin/{{ dotnet_mode }}/net{{ dotnet_version }}/FWO.Middleware.Server
-#StandardOutput=syslog
-#StandardError=syslog
+Restart=on-failure
 SyslogIdentifier={{ middleware_server_syslog_id }}
 User={{ fworch_user }}
 Environment=
diff --git a/roles/test/files/FWO.Test/FWO.Test.csproj b/roles/test/files/FWO.Test/FWO.Test.csproj
index 172fab8c5..09d53ebfd 100644
--- a/roles/test/files/FWO.Test/FWO.Test.csproj
+++ b/roles/test/files/FWO.Test/FWO.Test.csproj
@@ -13,7 +13,6 @@
     <PackageReference Include="NUnit3TestAdapter" Version="4.4.2" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.0" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.34.0" />
-    <PackageReference Include="BouncyCastle.Cryptography" Version="2.1.1" />
   </ItemGroup>
 
   <ItemGroup>

From ef8c6c1b5f0bf15ff003ec3023f5b3fe8a8a2311 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Sun, 7 Apr 2024 16:03:42 +0200
Subject: [PATCH 72/84] more cleanup

---
 roles/lib/files/FWO.Report/ReportBase.cs             | 1 -
 roles/middleware/files/FWO.Middleware.Server/Ldap.cs | 6 ------
 2 files changed, 7 deletions(-)

diff --git a/roles/lib/files/FWO.Report/ReportBase.cs b/roles/lib/files/FWO.Report/ReportBase.cs
index ede5456a0..c6e2941fb 100644
--- a/roles/lib/files/FWO.Report/ReportBase.cs
+++ b/roles/lib/files/FWO.Report/ReportBase.cs
@@ -1,6 +1,5 @@
 using FWO.GlobalConstants;
 using FWO.Api.Client;
-using FWO.GlobalConstants;
 using FWO.Api.Data;
 using FWO.Report.Filter;
 using FWO.Config.Api;
diff --git a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
index 3a482e3d1..5e81e836d 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
@@ -85,17 +85,11 @@ public void TestConnection()
             {
                 if (!string.IsNullOrEmpty(SearchUser))
                 {
-                    // connection.Bind(SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey()));
-                    // TryBindEncryptedPwd(connection, SearchUser, SearchUserPwd);
-                    // connection.Bind(SearchUser, SearchUserPwd);
                     if (!TryBind(connection, SearchUser, SearchUserPwd)) throw new Exception("Binding failed for search user");
-                    // if (!connection.Bound) throw new Exception("Binding failed for search user");
                 }
                 if (!string.IsNullOrEmpty(WriteUser))
                 {
                     if (!TryBind(connection, WriteUser, WriteUserPwd)) throw new Exception("Binding failed for write user");
-                    // connection.Bind(WriteUser, WriteUserPwd);
-                    // if (!connection.Bound) throw new Exception("Binding failed for write user");
                 }
             }
         }

From 9312c230751ca420c79f403a767a9aa18ac0b886 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Mon, 8 Apr 2024 21:36:47 +0200
Subject: [PATCH 73/84] fix secrets dir permissions to also work for upgrades

---
 roles/database/tasks/install-database.yml | 17 -----------------
 roles/database/tasks/main.yml             | 17 +++++++++++++++++
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/roles/database/tasks/install-database.yml b/roles/database/tasks/install-database.yml
index 230fe83a2..45d8b1b5b 100644
--- a/roles/database/tasks/install-database.yml
+++ b/roles/database/tasks/install-database.yml
@@ -1,20 +1,3 @@
-- name: make sure {{ fworch_home }}/etc/secrets exists
-  file:
-    path: "{{ fworch_home }}/etc/secrets"
-    state: directory
-    owner: "{{ fworch_user }}"
-    group: "{{ postgres_group }}"
-    mode: "0750"
-  become: true
-
-# now that postgresq user group exists ...
-- name: set the correct permissions for main key file
-  file:
-    dest: "{{ main_key_file }}"
-    mode: '0640'
-    group: "{{ postgres_group }}"
-  become: true 
-
 - name: set dbadmin password from parameter
   set_fact:
     dbadmin_password: "{{ dbadmin_initial_password }}"
diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml
index 226aeabcb..4e8e4a7b2 100644
--- a/roles/database/tasks/main.yml
+++ b/roles/database/tasks/main.yml
@@ -165,6 +165,23 @@
   become: true
   become_user: postgres
 
+- name: make sure {{ fworch_home }}/etc/secrets exists
+  file:
+    path: "{{ fworch_home }}/etc/secrets"
+    state: directory
+    owner: "{{ fworch_user }}"
+    group: "{{ postgres_group }}"
+    mode: "0750"
+  become: true
+
+# now that postgresq user group exists ...
+- name: set the correct permissions for main key file
+  file:
+    dest: "{{ main_key_file }}"
+    mode: '0640'
+    group: "{{ postgres_group }}"
+  become: true 
+
 - name: create new database
   import_tasks: install-database.yml
   when: installation_mode == "new"

From 5539b0ac01d89c1c2b9139e7e0c77c6cf4b0c7f8 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Tue, 9 Apr 2024 13:16:11 +0200
Subject: [PATCH 74/84] fixing missed binds

---
 .../files/FWO.Middleware.Server/Ldap.cs         | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
index 5e81e836d..842cb568e 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
@@ -150,9 +150,6 @@ private string getGroupSearchFilter(string searchPattern)
                 // Connecting to Ldap
                 using (LdapConnection connection = Connect())
                 {
-                    // Authenticate as search user
-                    // connection.Bind(SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey()));
-                    // connection.Bind(SearchUser, SearchUserPwd);
                     TryBind(connection, SearchUser, SearchUserPwd);
 
                     LdapSearchConstraints cons = connection.SearchConstraints;
@@ -227,10 +224,7 @@ private bool CredentialsValid(LdapConnection connection, string dn, string passw
                 Log.WriteDebug("User Validation", $"Trying to validate user with distinguished name: \"{dn}\" ...");
 
                 // Try to authenticate as user with given password
-                connection.Bind(dn, password);
-
-                // If authentication was successful (user is bound)
-                if (connection.Bound)
+                if (TryBind(connection, dn, password))
                 {
                     // Return ldap dn
                     Log.WriteDebug("User Validation", $"\"{dn}\" successfully authenticated in {Address}:{Port}.");
@@ -301,9 +295,7 @@ public string ChangePassword(string userDn, string oldPassword, string newPasswo
                 using (LdapConnection connection = Connect())
                 {
                     // Try to authenticate as user with old password
-                    connection.Bind(userDn, oldPassword);
-
-                    if (connection.Bound)
+                    if (TryBind(connection, userDn, oldPassword))
                     {
                         // authentication was successful (user is bound): set new password
                         LdapAttribute attribute = new LdapAttribute("userPassword", newPassword);
@@ -336,9 +328,6 @@ public string SetPassword(string userDn, string newPassword)
                 // Connecting to Ldap
                 using (LdapConnection connection = Connect())
                 {
-                    // Authenticate as write user
-                    // connection.Bind(WriteUser, WriteUserPwd);
-                    // if (connection.Bound)
                     if (TryBind(connection, WriteUser, WriteUserPwd))
                     {
                         // authentication was successful: set new password
@@ -455,7 +444,7 @@ public List<RoleGetReturnParameters> GetAllRoles()
                     using (LdapConnection connection = Connect())
                     {     
                         // Authenticate as search user
-                        connection.Bind(SearchUser, SearchUserPwd);
+                        TryBind(connection, SearchUser, SearchUserPwd);
 
                         // Search for Ldap roles in given directory          
                         int searchScope = LdapConnection.ScopeSub; // TODO: Correct search scope?

From 806f3a739705b0d6f20e2a9e787a53a10a553a89 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Tue, 9 Apr 2024 13:21:08 +0200
Subject: [PATCH 75/84] docs only

---
 roles/middleware/files/FWO.Middleware.Server/Ldap.cs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
index 842cb568e..ffaeced26 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
@@ -55,8 +55,7 @@ private LdapConnection Connect()
         }
 
         /// <summary>
-        /// try an ldap bind 
-        /// decrypting pwd before bind
+        /// try an ldap bind, decrypting pwd before bind; using pwd as is if it cannot be decrypted
         /// false if bind fails
         /// </summary>
         private bool TryBind(LdapConnection connection, string user, string password)

From 762d0d3d07c62af7f9f8d34dfac67a115ed42380 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Tue, 9 Apr 2024 13:41:24 +0200
Subject: [PATCH 76/84] cleanup script

---
 scripts/customizing/customizeFwoSampleScript.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/scripts/customizing/customizeFwoSampleScript.py b/scripts/customizing/customizeFwoSampleScript.py
index 7f5931504..d2b3061b4 100644
--- a/scripts/customizing/customizeFwoSampleScript.py
+++ b/scripts/customizing/customizeFwoSampleScript.py
@@ -1,9 +1,5 @@
 # library for FWORCH API calls
 from asyncio.log import logger
-import re
-import traceback
-from sqlite3 import Timestamp
-from textwrap import indent
 import requests.packages
 import requests
 import json

From e011e749ec413fd7c6bf551c4e51f152afd338ab Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Tue, 9 Apr 2024 17:36:20 +0200
Subject: [PATCH 77/84] fix ldap setting undef writeuserpwd may be null

---
 .../FWO.UI/Pages/Settings/SettingsLdap.razor  |   7 +-
 scripts/customizing/api/readme.md             |   3 -
 .../customizing/api/sample-config-change.py   | 190 ------------------
 ...omizeFwoSampleScript.py => customizing.py} |   0
 scripts/customizing/readme.md                 |   4 +
 5 files changed, 9 insertions(+), 195 deletions(-)
 delete mode 100644 scripts/customizing/api/readme.md
 delete mode 100755 scripts/customizing/api/sample-config-change.py
 rename scripts/customizing/{customizeFwoSampleScript.py => customizing.py} (100%)
 create mode 100644 scripts/customizing/readme.md

diff --git a/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor b/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor
index 28791ffdd..444da13d0 100644
--- a/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor
+++ b/roles/ui/files/FWO.UI/Pages/Settings/SettingsLdap.razor
@@ -405,8 +405,11 @@
                 }
                 catch (Exception)
                 {
-                    encryptedSecretWriteUser = AesEnc.Encrypt(actLdapConnection.WriteUserPwd, mainKey);
-                    actLdapConnection.WriteUserPwd = encryptedSecretWriteUser;
+                    if (actLdapConnection.WriteUserPwd != null)
+                    {
+                        encryptedSecretWriteUser = AesEnc.Encrypt(actLdapConnection.WriteUserPwd, mainKey);
+                        actLdapConnection.WriteUserPwd = encryptedSecretWriteUser;
+                    }
                 }
 
                 if (AddMode)
diff --git a/scripts/customizing/api/readme.md b/scripts/customizing/api/readme.md
deleted file mode 100644
index 2a1cd1cdc..000000000
--- a/scripts/customizing/api/readme.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Customizing Script for using the FWO API during Install or Upgrade
-
-If you want to customize via API you can place scripts in /scripts/customizing/api before initial installation or upgrade. These scripts will be copied to your appliance and executed automatically at the end of the install or upgrade process. They will **not** be on your appliance permanently, the next upgrade will discard your scripts. Thus make sure the scope of your scripts is to trigger a one time config change, for exampe in the datebase. Config files can be stored in /scripts/customizing/api/config and used by your script from there.
\ No newline at end of file
diff --git a/scripts/customizing/api/sample-config-change.py b/scripts/customizing/api/sample-config-change.py
deleted file mode 100755
index 7f572eda9..000000000
--- a/scripts/customizing/api/sample-config-change.py
+++ /dev/null
@@ -1,190 +0,0 @@
-#!/usr/bin/python3
-# demonstration script
-
-from asyncio.log import logger
-import re
-import traceback
-from textwrap import indent
-import requests.packages
-import requests
-import json
-import datetime
-
-import sys, traceback
-import argparse
-
-sys.exit(0)
-
-
-# from fwo_log import getFwoLogger
-# from fwo_const import fwo_api_http_import_timeout
-# from fwo_exception import FwoApiTServiceUnavailable, FwoApiTimeout, FwoApiLoginFailed
-# from fwo_base import writeAlertToLogFile
-
-#from common import importer_base_dir
-#import fwo_globals, fwo_config, fwo_api
-#sys.path.append(importer_base_dir)
-
-
-class FwoApiLoginFailed(Exception):
-    """Raised when login to FWO API failed"""
-
-    def __init__(self, message="Login to FWO API failed"):
-            self.message = message
-            super().__init__(self.message)
-
-
-def showApiCallInfo(url, query, headers, type='debug'):
-    max_query_size_to_display = 1000
-    query_string = json.dumps(query, indent=2)
-    header_string = json.dumps(headers, indent=2)
-    query_size = len(query_string)
-
-    if type=='error':
-        result = "error while sending api_call to url "
-    else:
-        result = "successful FWO API call to url "        
-    result += str(url) + " with payload \n"
-    if query_size < max_query_size_to_display:
-        result += query_string 
-    else:
-        result += str(query)[:round(max_query_size_to_display/2)] +   "\n ... [snip] ... \n" + \
-            query_string[query_size-round(max_query_size_to_display/2):] + " (total query size=" + str(query_size) + " bytes)"
-    result += "\n and  headers: \n" + header_string
-    return result
-
-
-def call(url, jwt, query, query_variables="", role="reporter", show_progress=False, method=''):
-    request_headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + jwt, 'x-hasura-role': role }
-    full_query = {"query": query, "variables": query_variables}
-    #logger = getFwoLogger()
-
-    with requests.Session() as session:
-        session.verify = False
-        session.headers = request_headers
-
-        try:
-            #r = session.post(url, data=json.dumps(full_query), timeout=int(fwo_api_http_import_timeout))
-            r = session.post(url, data=json.dumps(full_query), timeout=1000)
-            r.raise_for_status()
-        except requests.exceptions.RequestException:
-            logger.error(showApiCallInfo(url, full_query, request_headers, type='error') + ":\n" + str(traceback.format_exc()))
-            if r != None:
-                if r.status_code == 503:
-                    raise FwoApiTServiceUnavailable("FWO API HTTP error 503 (FWO API died?)" )
-                if r.status_code == 502:
-                    raise FwoApiTimeout("FWO API HTTP error 502 (might have reached timeout of " + str(1000/60) + " minutes)" )
-            else:
-                raise
-        logger.debug (showApiCallInfo(url, full_query, request_headers, type='debug'))
-        if r != None:
-            return r.json()
-        else:
-            return None
-
-
-def login(user, password, user_management_api_base_url, method='api/AuthenticationToken/Get'):
-    payload = {"Username": user, "Password": password}
-
-    with requests.Session() as session:
-        session.verify = False
-        session.headers = {'Content-Type': 'application/json'}
-
-        try:
-            response = session.post(user_management_api_base_url + method, data=json.dumps(payload))
-        except requests.exceptions.RequestException:
-            raise FwoApiLoginFailed ("fwo_api: error during login to url: " + str(user_management_api_base_url) + " with user " + user) from None
-
-        if response.text is not None and response.status_code==200:
-            return response.text
-        else:
-            error_txt = "fwo_api: ERROR: did not receive a JWT during login" + \
-                            ", api_url: " + str(user_management_api_base_url)
-            raise FwoApiLoginFailed(error_txt)
-
-
-def get_mgm_ids(fwo_api_base_url, jwt, query_variables):
-    mgm_query = """
-        query getManagementIds {
-            management(where:{do_not_import:{_eq:false}} order_by: {mgm_name: asc}) { id: mgm_id } } """
-    return call(fwo_api_base_url, jwt, mgm_query, query_variables=query_variables, role='importer')['data']['management']
-
-
-def get_config_value(fwo_api_base_url, jwt, key='limit'):
-    query_variables = {'key': key}
-    config_query = "query getConf($key: String) {  config(where: {config_key: {_eq: $key}}) { config_value } }"
-    result = call(fwo_api_base_url, jwt, config_query, query_variables=query_variables, role='importer')
-    if 'data' in result and 'config' in result['data']:
-        first_result = result['data']['config'][0]
-        if 'config_value' in first_result:
-            return first_result['config_value']
-        else:
-            return None
-    else:
-        return None
-
-
-def setConfig(fwo_api_base_url, jwt, key, value, config_user=0):
-
-    # insert might be replaced by upsert for idempotence
-
-    addConfigMutation = """
-        mutation addConfigItem(
-            $key: String!
-            $value: String!
-            $user: Int!
-            ) {
-            insert_config(
-                objects: {
-                config_key: $key
-                config_value: $value
-                config_user: $user
-                }
-            ) {
-                returning {
-                newId: config_key
-                }
-            }
-        }
-        """
-
-    # we still need to decide which role/user we may use for these settings (admin with admin pwd from etc/secrets/ui_admin_pwd?)
-    # password should not be current when it was changed as suggested!
-    # user with middleware role?
-
-    result = call(fwo_api_base_url, jwt, addConfigMutation, query_variables={ "key": key, "value": value, "user": config_user}, role="admin", show_progress=False)
-
-    logger.warning(str(result))
-
-
-if __name__ == "__main__": 
-    parser = argparse.ArgumentParser(
-        description='Read configuration from FW management via API calls')
-    parser.add_argument('-s', '--sample', metavar='sample_param',
-                        required=False, help='template only here')
-
-    args = parser.parse_args()
-    if len(sys.argv) == 1:
-        pass
-        # parser.print_help(sys.stderr)
-        # sys.exit(1)
-
-    # TODO: move credentials to file
-    user = "admin"
-    password = 'xxx'
-
-    user_management_api_base_url = "https://localhost:8888/"
-    fwo_api_base_url = "https://localhost:9443/api/v1/graphql"
-
-    key = "testKey2"
-    value = "testValue2"
-
-    try:
-        # logging in to FWO API to get JWT 
-        jwt = login(user, password, user_management_api_base_url, method='api/AuthenticationToken/Get')
-
-        # setting config value via FWO API
-        setConfig(fwo_api_base_url, jwt, key, value, config_user=0) # user=0 --> global config
-    except:
-        logger.error("error while setting config value " + str(key) + ": " + str(value) + ", " +  str(traceback.format_exc()))
-        sys.exit(1)
diff --git a/scripts/customizing/customizeFwoSampleScript.py b/scripts/customizing/customizing.py
similarity index 100%
rename from scripts/customizing/customizeFwoSampleScript.py
rename to scripts/customizing/customizing.py
diff --git a/scripts/customizing/readme.md b/scripts/customizing/readme.md
new file mode 100644
index 000000000..15ca0559d
--- /dev/null
+++ b/scripts/customizing/readme.md
@@ -0,0 +1,4 @@
+# Customizing Script using the FWO API
+
+If you want to customize via API you can use the customizing.py script in this directory.
+Note: Do not change this script as it will be overwritten during next upgrade.
\ No newline at end of file

From 506a2f4585ecc2c280bfc072c4d5004688b9e759 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Tue, 9 Apr 2024 18:01:52 +0200
Subject: [PATCH 78/84] other missing binds

---
 .../files/FWO.Middleware.Server/Ldap.cs        | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
index ffaeced26..88f9de9fe 100644
--- a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
+++ b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
@@ -380,7 +380,7 @@ private List<string> GetMemberships(List<string> dnList, string? searchPath)
                     using (LdapConnection connection = Connect())
                     {     
                         // Authenticate as search user
-                        connection.Bind(SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey()));
+                        TryBind(connection, SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey()));
 
                         // Search for Ldap roles / groups in given directory          
                         int searchScope = LdapConnection.ScopeSub; // TODO: Correct search scope?
@@ -490,7 +490,7 @@ public List<string> GetAllGroups(string searchPattern)
                 using (LdapConnection connection = Connect())
                 {     
                     // Authenticate as search user
-                    connection.Bind(SearchUser, SearchUserPwd);
+                    TryBind(connection, SearchUser, SearchUserPwd);
 
                     // Search for Ldap groups in given directory          
                     int searchScope = LdapConnection.ScopeSub;
@@ -523,7 +523,7 @@ public List<GroupGetReturnParameters> GetAllInternalGroups()
                 using (LdapConnection connection = Connect())
                 {     
                     // Authenticate as search user
-                    connection.Bind(SearchUser, SearchUserPwd);
+                    TryBind(connection, SearchUser, SearchUserPwd);
 
                     // Search for Ldap groups in given directory          
                     int searchScope = LdapConnection.ScopeSub;
@@ -571,7 +571,7 @@ public List<LdapUserGetReturnParameters> GetAllUsers(string searchPattern)
                 using (LdapConnection connection = Connect())
                 {     
                     // Authenticate as search user
-                    connection.Bind(SearchUser, SearchUserPwd);
+                    TryBind(connection, SearchUser, SearchUserPwd);
 
                     // Search for Ldap users in given directory          
                     int searchScope = LdapConnection.ScopeSub;
@@ -613,7 +613,6 @@ public bool AddUser(string userDn , string password, string email)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    //connection.Bind(WriteUser, WriteUserPwd);
                     TryBind(connection, WriteUser, WriteUserPwd);
 
                     string userName = (new FWO.Api.Data.DistName(userDn)).UserName;
@@ -664,8 +663,6 @@ public bool UpdateUser(string userDn, string email)
                 {
                     // Authenticate as write user
                     TryBind(connection, WriteUser, WriteUserPwd);
-                    // connection.Bind(WriteUser, WriteUserPwd);
-
                     LdapAttribute attribute = new LdapAttribute("mail", email);
                     LdapModification[] mods = { new LdapModification(LdapModification.Replace, attribute) };
 
@@ -704,7 +701,6 @@ public bool DeleteUser(string userDn)
                 {
                     // Authenticate as write user
                     TryBind(connection, WriteUser, WriteUserPwd);
-                    // connection.Bind(WriteUser, WriteUserPwd);
 
                     try
                     {
@@ -741,7 +737,6 @@ public string AddGroup(string groupName, bool ownerGroup)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    // connection.Bind(WriteUser, WriteUserPwd);
                     TryBind(connection, WriteUser, WriteUserPwd);
 
                     groupDn = $"cn={groupName},{GroupSearchPath}";
@@ -792,7 +787,6 @@ public string UpdateGroup(string oldName, string newName)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    // connection.Bind(WriteUser, WriteUserPwd);
                     TryBind(connection, WriteUser, WriteUserPwd);
 
                     try
@@ -829,7 +823,6 @@ public bool DeleteGroup(string groupName)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    // connection.Bind(WriteUser, WriteUserPwd);
                     TryBind(connection, WriteUser, WriteUserPwd);
 
                     try
@@ -904,7 +897,6 @@ private bool ModifyUserInEntry(string userDn, string entry, int LdapModification
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    // connection.Bind(WriteUser, WriteUserPwd);
                     TryBind(connection, WriteUser, WriteUserPwd);
 
                     // Add a new value to the description attribute
@@ -946,7 +938,6 @@ public bool AddTenant(string tenantName)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    // connection.Bind(WriteUser, WriteUserPwd);
                     TryBind(connection, WriteUser, WriteUserPwd);
 
                     tenantDn = $"ou={tenantName},{UserSearchPath}";
@@ -989,7 +980,6 @@ public bool DeleteTenant(string tenantName)
                 using (LdapConnection connection = Connect())
                 {
                     // Authenticate as write user
-                    // connection.Bind(WriteUser, WriteUserPwd);
                     TryBind(connection, WriteUser, WriteUserPwd);
 
                     try

From cd13d4b180ef148853a8a533d52f02f542f367e2 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Wed, 10 Apr 2024 19:17:31 +0200
Subject: [PATCH 79/84] make sure that test devs are not imported by main
 importer loop

---
 roles/importer/files/importer/fwo_api.py   | 1 +
 roles/sample-data/tasks/create-devices.yml | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/roles/importer/files/importer/fwo_api.py b/roles/importer/files/importer/fwo_api.py
index 6c8854ce7..c3454f15c 100644
--- a/roles/importer/files/importer/fwo_api.py
+++ b/roles/importer/files/importer/fwo_api.py
@@ -289,6 +289,7 @@ def lock_import(fwo_api_base_url, jwt, query_variables):
     else:
         return -1
 
+
 def count_rule_changes_per_import(fwo_api_base_url, jwt, import_id):
     logger = getFwoLogger()
     change_count_query = """
diff --git a/roles/sample-data/tasks/create-devices.yml b/roles/sample-data/tasks/create-devices.yml
index 0ed571f52..89c340e1a 100644
--- a/roles/sample-data/tasks/create-devices.yml
+++ b/roles/sample-data/tasks/create-devices.yml
@@ -23,7 +23,7 @@
           DO $do$ BEGIN 
           IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_fortigate_name }}') THEN 
           insert into management (dev_typ_id,mgm_name,import_credential_id,ssh_hostname,do_not_import,importer_hostname) 
-          VALUES (24,'{{ sample_fortigate_name }}',{{ credential_id }},'{{ demo_fos_uri }}',false,'{{ importer_hostname }}'); 
+          VALUES (24,'{{ sample_fortigate_name }}',{{ credential_id }},'{{ demo_fos_uri }}',true,'{{ importer_hostname }}'); 
           END IF; END $do$ 
 
     - name: insert sample fortiOS gateway
@@ -49,7 +49,7 @@
             IF NOT EXISTS (SELECT * FROM management WHERE mgm_name='{{ sample_checkpoint_name }}') THEN 
               insert into management 
                 (dev_typ_id,mgm_name,import_credential_id,ssh_hostname,do_not_import,importer_hostname) 
-                VALUES (9,'{{ sample_checkpoint_name }}',{{ credential_id }},'{{ demo_cpr8x_uri }}',false,'{{ importer_hostname }}'); 
+                VALUES (9,'{{ sample_checkpoint_name }}',{{ credential_id }},'{{ demo_cpr8x_uri }}',true,'{{ importer_hostname }}'); 
             END IF;
           END $do$ 
 

From acc7066693d87d44b395824d85d4765037d0b617 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Wed, 10 Apr 2024 19:17:58 +0200
Subject: [PATCH 80/84] replace maint website with ui when there are os
 upgrades

---
 roles/common/tasks/main.yml  | 20 ++++++++++++++++----
 roles/prepare/tasks/main.yml |  2 +-
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index fdc52b0b4..5801ced5e 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -72,16 +72,28 @@
       - debug:
           msg: "current number of upgradable packages: {{ upgradable_packages.stdout_lines|length-1 }}"
 
+      - name: disable apache2 maintenance web site
+        command: "a2dissite {{ product_name }}-maintenance"
+        ignore_errors: true
+
+      - name: enable {{ product_name }} web site
+        command: "a2ensite {{ product_name }}-ui"
+
+      - name: restart apache with maintenance site
+        service:
+          name: "{{ webserver_package_name }}"
+          state: restarted  
+
       - name: assert there are no upgradable packages. upgrades must be run interactively outside the FWORCH installer
         fail:
           msg:
             - There are upgradable OS packages available, please run OS upgrade before running FWORCH installer. 
             - Use "-e force_install=true" to overwrite this check and install anyway at your own risk.
-        when: |
-          (ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian")
-          and upgradable_packages.stdout_lines|length > 1
+      when: |
+        not force_install|bool and not run_on_github|bool and
+        (ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian") and
+        upgradable_packages.stdout_lines|length > 1
 
-      when: not force_install|bool and not run_on_github|bool
 
     # - name: fix grub-efi (for github actions)
     #   apt:
diff --git a/roles/prepare/tasks/main.yml b/roles/prepare/tasks/main.yml
index edfb55ed9..8e065739e 100644
--- a/roles/prepare/tasks/main.yml
+++ b/roles/prepare/tasks/main.yml
@@ -15,7 +15,7 @@
       dest: "/var/www/html/index.html"
       mode: "0644"
 
-  - name: cioy maintenance web site image
+  - name: copy maintenance web site image
     copy:
       src: men-at-work.jpg
       dest: "/var/www/html/men-at-work.jpg"

From cc4fd28b74403671856d402c7f4ae7544d1c3d3d Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Wed, 10 Apr 2024 19:31:47 +0200
Subject: [PATCH 81/84] add script for activating ui

---
 roles/common/tasks/main.yml |  2 +-
 scripts/re-activate-ui.yml  | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 scripts/re-activate-ui.yml

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 5801ced5e..7da36d384 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -79,7 +79,7 @@
       - name: enable {{ product_name }} web site
         command: "a2ensite {{ product_name }}-ui"
 
-      - name: restart apache with maintenance site
+      - name: restart apache without maintenance site
         service:
           name: "{{ webserver_package_name }}"
           state: restarted  
diff --git a/scripts/re-activate-ui.yml b/scripts/re-activate-ui.yml
new file mode 100644
index 000000000..a28ff0af0
--- /dev/null
+++ b/scripts/re-activate-ui.yml
@@ -0,0 +1,24 @@
+# this script disables the maintenance website and replaces it with the fworch UI
+
+---
+- hosts: localhost
+  tasks:
+
+    - name: Set Apache URL
+      set_fact:
+        product_name: fworch
+
+    - name: disable apache2 maintenance web site
+      command: "a2dissite {{ product_name }}-maintenance"
+      become: true
+      ignore_errors: true
+
+    - name: enable {{ product_name }} web site
+      command: "a2ensite {{ product_name }}-ui"
+      become: true
+
+    - name: restart apache without maintenance site
+      service:
+        name: "{{ webserver_package_name }}"
+        state: restarted
+      become: true

From 70f98ccd8ab44a77d170430d47bce5695164f029 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Wed, 10 Apr 2024 19:45:50 +0200
Subject: [PATCH 82/84] fix new install case

---
 roles/common/tasks/main.yml | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 7da36d384..72f6eacad 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -72,17 +72,20 @@
       - debug:
           msg: "current number of upgradable packages: {{ upgradable_packages.stdout_lines|length-1 }}"
 
-      - name: disable apache2 maintenance web site
-        command: "a2dissite {{ product_name }}-maintenance"
-        ignore_errors: true
-
-      - name: enable {{ product_name }} web site
-        command: "a2ensite {{ product_name }}-ui"
-
-      - name: restart apache without maintenance site
-        service:
-          name: "{{ webserver_package_name }}"
-          state: restarted  
+      - block:
+          - name: disable apache2 maintenance web site
+            command: "a2dissite {{ product_name }}-maintenance"
+            ignore_errors: true
+
+          - name: enable {{ product_name }} web site
+            command: "a2ensite {{ product_name }}-ui"
+            ignore_errors: true
+
+          - name: restart apache without maintenance site
+            service:
+              name: "{{ webserver_package_name }}"
+              state: restarted  
+        when: installation_mode == "upgrade"    
 
       - name: assert there are no upgradable packages. upgrades must be run interactively outside the FWORCH installer
         fail:

From 8d1a108a12a4c3722d0a7f75f988799b5d5eabf0 Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Wed, 10 Apr 2024 19:52:31 +0200
Subject: [PATCH 83/84] v8.1

---
 documentation/revision-history-main.md | 14 ++++++++++++++
 inventory/group_vars/all.yml           |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/documentation/revision-history-main.md b/documentation/revision-history-main.md
index a8930905c..b8f06949f 100644
--- a/documentation/revision-history-main.md
+++ b/documentation/revision-history-main.md
@@ -362,3 +362,17 @@ adding report template format fk and permissions
   - import log locking
   - integration tests with credentials when installing without demo data
   - pdf creation on debian testing plattform (trixie)
+
+# 8.1 - 10.04.2024 MAIN
+- iconify modelling
+- add missing config values
+- first version of NSX import module
+- add maintenance page during upgrade
+- sample customizing py script with sample data
+- remove log locking from importer due to stalling importer stops
+- credentials encryption in database
+  - breaking change for developer debugging: add the following local file when using -e testkeys=true:
+    /etc/fworch/secrets/main_key with content "not4production..not4production.."
+- add custom (user-defined) fields to import
+  - cp only so far, other fw types missing
+  - user-defined fields are not part of reports yet
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 08c024161..a675876b2 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -1,5 +1,5 @@
 ### general settings
-product_version: "8.0.3"
+product_version: "8.1"
 ansible_user: "{{ lookup('env', 'USER') }}"
 ansible_become_method: sudo
 ansible_python_interpreter: /usr/bin/python3

From 84803d3fba2eb0a391407da087383135170303ec Mon Sep 17 00:00:00 2001
From: Tim Purschke <tmp@cactus.de>
Date: Wed, 10 Apr 2024 20:09:08 +0200
Subject: [PATCH 84/84] release notes 8.1

---
 documentation/revision-history-main.md        | 18 +++++----------
 .../files/sql/idempotent/fworch-texts.sql     | 22 +++++++++----------
 2 files changed, 16 insertions(+), 24 deletions(-)

diff --git a/documentation/revision-history-main.md b/documentation/revision-history-main.md
index b8f06949f..149785b44 100644
--- a/documentation/revision-history-main.md
+++ b/documentation/revision-history-main.md
@@ -364,15 +364,9 @@ adding report template format fk and permissions
   - pdf creation on debian testing plattform (trixie)
 
 # 8.1 - 10.04.2024 MAIN
-- iconify modelling
-- add missing config values
-- first version of NSX import module
-- add maintenance page during upgrade
-- sample customizing py script with sample data
-- remove log locking from importer due to stalling importer stops
-- credentials encryption in database
-  - breaking change for developer debugging: add the following local file when using -e testkeys=true:
-    /etc/fworch/secrets/main_key with content "not4production..not4production.."
-- add custom (user-defined) fields to import
-  - cp only so far, other fw types missing
-  - user-defined fields are not part of reports yet
+- UI: iconifying modelling UI buttons (can now use icons instead of text buttons - configurable per user)
+- Importer: first version of VMware NSX import module
+- API: adding customizing script for bulk configs via API
+- Database security: all credentials in the database are now encrypted - breaking change (for developer debugging only): add the following local file when using -e testkeys=true:
+  /etc/fworch/secrets/main_key with content "not4production..not4production.."
+- Importer fix: remove log locking from importer due to stalling importer stops
diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql
index 8d95effcb..521baf3de 100644
--- a/roles/database/files/sql/idempotent/fworch-texts.sql
+++ b/roles/database/files/sql/idempotent/fworch-texts.sql
@@ -290,12 +290,11 @@ INSERT INTO txt VALUES ('whats_new_in_version',	'English', 	'Release notes Firew
 INSERT INTO txt VALUES ('whats_new_facts',	    'German', 	'
 <ul>
     <li>Modellierung von Soll-Kommunikationsprofilen z.B. nach Anwendung getrennt (Know Your Application)</li>
-    <li>Web-Oberfl&auml;che: Compliance Matrix Modul</li>
-    <li>Web-Oberfl&auml;che: Report f&uuml;r ungenutzte Regeln mit L&ouml;sch-Ticket-Integration</li>
-    <li>Reporting: Email-Benachrichtigung bei sicherheitsrelevanten &Auml;nderungen inklusive &Auml;nderungsreport</li>
-    <li>Importer Check Point: Grundlegender Inline-Layer-Support</li>
-    <li>Importer Modul f&uuml;r Stand-Alone FortiGate Import via REST API</li>
-    <li>Firewall-Regel-Rezertifizierungsmodul: beseitigen Sie ihre Altlasten und erf&uuml;llen Sie aktuelle regulatorische Anforderungen.</li>
+    <li>UI: In der Weboberfl&auml;che des Modellierungsmoduls k&ouml;nnen die Bedienfl&ouml;chen wahlweise als Texte oder Icons angezeigt werden (konfigurierbar pro Nutzer)</li>
+    <li>Importer: Erste (PoC-)Version des VMware NSX Import-Moduls</li>
+    <li>API: Neues Customizing-Skript für Bulk-Konfiguration via API</li>
+    <li>Datenbanksicherheit: Alle Passw&ouml;rter in der Datenbank sind nun verschl&uuml;sselt. Breaking change (nur f&uuml;r Entwickler): Zum Debuggen muss die folgende Datei lokal auf dem vscode-System angelegt werden (bei Verwendung von "-e testkeys=true":
+      /etc/fworch/secrets/main_key - Inhalt: "not4production..not4production.."</li>
     <li>Details: siehe <a target="_blank" href="https://github.com/CactuseSecurity/firewall-orchestrator/tree/main/documentation/revision-history-main.md">
         https://github.com/CactuseSecurity/firewall-orchestrator/tree/main/documentation/revision-history-main.md</li>
 </ul>
@@ -303,12 +302,11 @@ INSERT INTO txt VALUES ('whats_new_facts',	    'German', 	'
 INSERT INTO txt VALUES ('whats_new_facts',	    'English', 	'
 <ul>
     <li>Modelling module for defining target communication profiles for segregated networks (e.g. per application: Know Your Application)</li>
-    <li>Web User Interface: Compliance Matrix Modul</li>
-    <li>Web User Interface: Report for unused rules directly integration delete rule workflow</li>
-    <li>Reporting: Notification on detecting security relevant changes of firewall rules including change report in emails</li>
-    <li>Importer Check Point: basic inline layer support</li>
-    <li>Importer: Module for stand-alone FortiGate import via REST API</li>
-    <li>Rule recertification module: remove unnecessary rules and meet current regulatory requirements.</li>
+    <li>UI: iconifying modelling UI buttons (can now use icons instead of text buttons - configurable per user)</li>
+    <li>Importer: first version of VMware NSX import module</li>
+    <li>API: adding customizing script for bulk configs via API</li>
+    <li>Database security: all credentials in the database are now encrypted - breaking change (for developer debugging only): add the following local file when using -e testkeys=true:
+      /etc/fworch/secrets/main_key with content "not4production..not4production.."</li>
     <li>Details: see <a target="_blank" href="https://github.com/CactuseSecurity/firewall-orchestrator/tree/main/documentation/revision-history-main.md">
         https://github.com/CactuseSecurity/firewall-orchestrator/tree/main/documentation/revision-history-main.md</li>
 </ul>