AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,759 Commits 7 Branches 15 Tags 168 MiB
Commit Graph

548 Commits

Author SHA1 Message Date
Marcus Hill fc3b83d43a Allow for tickets to be unassigned after being assigned to an agent. 
Hide accountants from ticket assignment list on ticket.php.
 2022-05-11 20:27:18 +01:00
johnnyq 0ac9143e47 Do no show archived clients under clients, add archive client, add undo archive client 2022-05-07 20:15:13 -04:00
johnnyq c38f2378ea Updated Delete Client to delete all associated data 2022-05-07 17:37:38 -04:00
johnnyq 5044dc6084 Properly delete everything related to a company when deleting a company 2022-05-07 16:46:50 -04:00
johnnyq 463fcdbe4f Fixed adding new company 2022-05-07 15:42:17 -04:00
Marcus Hill 5cbd0fad0d Move role validation to functions.php 2022-05-07 17:25:30 +01:00
Marcus Hill b2c0994577 Add CSRF Token validation for API key create/delete 2022-05-07 16:56:55 +01:00
Marcus Hill f4537ac80a Remove remaining instances of updating *updated_at - SQL DB does this now for us automatically 2022-05-07 16:39:34 +01:00
johnnyq 42f98479e7 Fixed Issue where if server had an IP client PDF Export would not work #395 2022-05-05 10:55:04 -04:00
Johnny 5e4870df90
Merge branch 'master' into csrf 2022-05-02 11:31:42 -04:00
Marcus Hill 61777116a9 CSRF Token 
Upon login, issue the user a CSRF token (in their session). This token should be provided when completing sensitive actions (e.g. deleting companies/clients, changing their password, etc.)

Ref: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern
 2022-05-01 18:43:53 +01:00
johnnyq 0641b0bfd4 Completely remove the last bits of departments 2022-04-29 16:50:25 -04:00
johnnyq 7b35431021 Remove Departments table and remove it from the client side nav, takes up too much space, added it as a text input on contact add/edit instead 2022-04-29 16:39:15 -04:00
johnnyq d5922b25a9 Updated Licence Type var under client export pdf 2022-04-29 12:11:57 -04:00
johnnyq ba57078810 Created Sanitize file name function to fix issues with exporting PDF Documentation with clients having ' in the name ex ben's 2022-04-29 11:54:50 -04:00
johnnyq ca5ba0c6d2 Removed , before WHERE statement Fixed Edit Client 2022-04-29 11:21:46 -04:00
johnnyq 6310ef5aae Added Rename and Delete folder capabilities to documents and some minor UI cleanup 2022-04-27 22:31:15 -04:00
johnnyq 0fb4ff17a3 Removed the last bits of Document Tagging 2022-04-27 01:03:01 -04:00
johnnyq 1b866b75cd Added Folder support to Client Documents, partially removed legacy document tagging 2022-04-27 00:53:45 -04:00
Marcus Hill 013b153078 Remove created_at DB references - these are automatic now 2022-04-24 12:24:00 +01:00
Marcus Hill a792498b5b Add IP/User agent to all logs 2022-04-24 12:13:07 +01:00
Marcus Hill 13c12dad3a Remove log_created_at now references, as this is now automatic 2022-04-24 11:52:16 +01:00
Marcus Hill 4dd5aa1ea2 Add IP address logging to document create/update/deletes 2022-04-24 10:12:59 +01:00
Marcus Hill f5f033fed4 Remove MeshCentral integration 
As per recent discussions about the API & scripts being a better way forward for all integration, removing the MeshCentral integration that was added.
 2022-04-19 22:42:38 +01:00
Marcus Hill e55622827d Add support for client-specific API keys 
Refactoring API. Added a contact update endpoint.
Small misc changes.
 2022-04-15 17:43:06 +01:00
Marcus Hill fca1627c33 Remove delete user post.php code. Deleting users means we'll lose all tickets/replies which isn't great. 
Correct user archive behaviour so when users are archived they can no longer login. Need to add ability for quick disable/enable of user accounts, as using archive as permanent.
Refactor "You are not permitted to do that!" wording into a constant instead.
 2022-04-15 13:29:27 +01:00
Marcus Hill f707098d37 Redirect to ticket after creation 2022-04-15 12:02:13 +01:00
Marcus Hill 6aa06b4389 Add full text index & search for document contents (related to #440) 2022-04-15 11:42:50 +01:00
johnnyq fd8188095e New Feature Enable/Disable ITFlow Modules now using the automated DB updater 2022-04-14 22:59:36 -04:00
Marcus Hill ca629801af Change all "AND" / "OR" to && / || 2022-04-14 18:40:51 +01:00
Marcus Hill cc4c2e6bf7 - Enforce role check when editing/deleting scheduled tickets 
- Add scheduled tickets to client view
- Add search and pagination to scheduled tickets
- Populate scheduled ticket edit modals dynamically
- Minor typos
 2022-04-10 13:42:47 +01:00
Marcus Hill 815ada9da5 Add agent name when reassigning ticket, improve logic to only allow assigning open tickets to techs/admins 2022-04-07 21:37:14 +01:00
johnnyq a0cead284f Fix Add Payment Email Currency Symbol 2022-04-05 11:56:22 -04:00
johnnyq fdf9d67910 Allow to Add Ticket to an exiting invoice item line 2022-04-02 20:50:55 -04:00
johnnyq a837af6eb4 Fixed Invoice Ticket 2022-04-02 20:13:20 -04:00
Johnny f6df0d3c72
Merge pull request #429 from wrongecho/db-version 
Add database updater
 2022-04-02 16:04:18 -04:00
johnnyq ef29a17d49 DB Structure Update - Added SMTP Encryption Type to Mail settings 2022-04-02 16:03:30 -04:00
Marcus Hill 9096b091b2 Add database updater 2022-04-02 19:39:55 +01:00
Johnny 32f3b0a005
Merge pull request #428 from wrongecho/sharing 
Item/Link Sharing enhancements
 2022-04-02 13:57:12 -04:00
Johnny f85957bd0d
Merge pull request #427 from wrongecho/dom-ssl 
Domains/SSL
 2022-04-02 11:48:39 -04:00
Marcus Hill 2c632a85d0 Create shared links page for each client, with option to deactivate links 2022-04-02 16:41:07 +01:00
Marcus Hill cab2cc923a Improve share features: default modal to 1, cleanup expired/used links 2022-04-02 15:37:17 +01:00
Marcus Hill be70883551 Refactor WHOIS lookups to use hosted heroku app 2022-04-02 12:19:35 +01:00
Marcus Hill 6a2fe3055e Auto-add SSL certificate for new domains 2022-04-02 10:16:20 +01:00
johnnyq a2936754cd Moved Mesh Central and Azure settings from general to its own tab called integrations 2022-04-01 17:20:29 -04:00
johnnyq 991e2bd4d4 Merge branch 'master' of github.com:johnnyq/itflow 2022-04-01 15:59:26 -04:00
johnnyq 6866addeee Minor Fixups 2022-04-01 15:58:18 -04:00
Marcus Hill 51a6ba6084 Allow admins to disable 2FA for users 2022-04-01 19:53:49 +01:00
johnnyq 8c98163e1c DB Structure Updated 2 new settings config_backup_enable and config_backup_path. This is to fix an issue where not specifying the full backup path would cause cron to error out and not run completely 2022-03-29 12:59:42 -04:00
Marcus Hill 0020c5708a Fix = vs == role check mistake 2022-03-28 21:48:20 +01:00
Marcus Hill 4ba313f752 Fix potential sql injection in delete_file if param add_location was also specified - post.php 2022-03-28 20:45:31 +01:00
Marcus Hill d83906508d Fix potential sql injection in add_company - post.php 2022-03-28 20:39:35 +01:00
Marcus Hill bba68f4d17 Name uploaded files with provided name, if specified 2022-03-27 23:00:45 +01:00
Marcus Hill 9040fdf847 Misc small changes/fixes 2022-03-27 22:26:22 +01:00
Johnny aafb6a677f
Merge pull request #412 from wrongecho/misc 
Misc incl SQL Injection / XSS fixes
 2022-03-27 15:05:07 -04:00
Marcus Hill 816ba87485 SQL Injection / XSS fixes 2022-03-27 20:02:16 +01:00
Marcus Hill c3fadfab3b Add role based access for API functions 2022-03-27 16:03:41 +01:00
Marcus Hill a6a7bf1f30 Restrict user (agent) create/edit/delete actions to admins only 2022-03-27 15:39:27 +01:00
Marcus Hill e6a314d233 Prevent tech/accountant from performing certain tasks as per access matrix 2022-03-27 15:32:40 +01:00
johnnyq 139bb6fd73 Set item_view to 0 when sharing a link 2022-03-26 11:10:27 -04:00
johnnyq 25f973d3a5 Additional Standardization of logging actions use Upload instead of Uploaded same with Download and Email 2022-03-26 10:27:11 -04:00
johnnyq 5f451dceef Standardize logging actions use Create instead of Created same with Modify and Delete 2022-03-26 10:12:40 -04:00
Marcus Hill e4d2d0c699 Prevent deletion of client unless user role is 3 (admin) 2022-03-24 20:52:26 +00:00
Marcus Hill fd589c53fa Delete scheduled tickets when client is deleted 2022-03-24 20:45:58 +00:00
Marcus Hill a598e9d42e Remove non-existant delete query that prevents client being deleted properly on some installs 2022-03-24 20:41:26 +00:00
Joe Clark 654b7adf6c Initialize variable to avoid PHP undefined error 2022-03-22 13:07:11 -07:00
Marcus Hill 34d6caa016 Client portal updates 2022-03-20 16:02:58 +00:00
Marcus Hill 3a6b893f4f Attempt to parse the expiry date for .com/.org/.net domains - hacky 2022-03-13 10:28:17 +00:00
Marcus Hill ead895aad5 Fetch A record details for domain when added 2022-03-13 09:32:08 +00:00
johnnyq 928af1d90d Added Ticket to Invoice functionality Thanks @aftechro 2022-03-11 20:24:03 -05:00
Marcus Hill e1a419ea11 Refactor domains modals so they are dyanmically populated. Implement basic NS, MX and WHOIS scraping for domains on add/edit 2022-03-07 22:31:19 +00:00
johnnyq d7fd8cc736 Fix invoice to recurring sent to wrong destination 2022-03-04 14:38:53 -05:00
johnnyq d4a63c14c3 DB Updated removed history_date from history table as this is redundant with history_created_at 2022-03-04 00:41:34 -05:00
johnnyq 165bd572a9 DB Update added contact_id to files, documents and logins Added Related Items Modal to Client Contacts still more work to do 2022-03-04 00:24:58 -05:00
johnnyq ecb628cad8 Fix Add Software 2022-03-03 23:28:16 -05:00
Marcus Hill bf909a71f8 Fix HTML Purifier removing images 2022-03-02 20:23:19 +00:00
johnnyq dec7f9be67 When Deleting software delete the relations asset licneses and user licneses. Fix post issue on adding software with defined asset or user licenses 2022-03-02 12:13:54 -05:00
Marcus Hill 8fcb854e91 Storing the secret in plaintext so we can use it during cron eventually 2022-02-26 21:59:01 +00:00
Marcus Hill e4dc22a0ce Add functionality to pull/sync assets & info from MeshCentral 2022-02-26 21:51:37 +00:00
johnnyq 79afb05298 Merge branch 'master' of github.com:johnnyq/itflow 2022-02-26 11:16:57 -05:00
johnnyq 112efbc314 DB Update tip_user_id added to the trips tables. Updated Trips to include the driver. WIP limit users to the session_company 2022-02-26 11:16:33 -05:00
Marcus Hill 0fac1f3039 Move ajax logic to ajax.php 2022-02-26 11:16:53 +00:00
Johnny 3bd79635ec
Merge pull request #376 from wrongecho/cert-parse 
SSL Parse - escape issued_by
 2022-02-24 15:42:58 -05:00
Marcus Hill 9837549fac Escape certificate issuer when parsed from public key, values like [Let's Encrypt] break it otherwise 2022-02-24 20:27:03 +00:00
Marcus Hill ee2d9e1b08 Dynamically load certificate edit modal with ajax, fix certificate details fetch error 2022-02-24 16:03:00 +00:00
johnnyq 3b615d2f3a UI updates mainly icon swaps etc 2022-02-22 14:41:48 -05:00
johnnyq a724807782 DB Structure Update - Added Extension to contact on export PDF, finished contact departments 2022-02-22 13:14:17 -05:00
johnnyq 1ed20217d1 Added Department name on client PDF Export and contact CSV export 2022-02-22 11:42:08 -05:00
johnnyq 7af0c11720 Updated Email template footers to include department and Email for Ticket replies, Invoices, Payment Receipts, Quotes, etc 2022-02-21 23:42:58 -05:00
johnnyq 315bfd55d7 Added notification_dismissed_by 2022-02-21 21:23:32 -05:00
johnnyq 05e7b160b1 DB Structure Update table name alerts is now notifications also update the fields accordingly to the notifications table - Reworked Notifications a bit 2022-02-21 21:21:13 -05:00
johnnyq e6167ffaa3 Merged table Document and Document Template and just added a new field to differentiate, can save a document as a template now more to come, also added folder selection not quite ready yet 2022-02-20 17:02:48 -05:00
Marcus Hill 36a24f5603 Add file & login sharing functionality & ip/ua view tracking 2022-02-20 17:16:28 +00:00
Johnny 7a7d165aba
Merge pull request #364 from wrongecho/sharing 
Add document sharing via link
 2022-02-19 16:36:06 -05:00
johnnyq 06cde1a119 Cleaned up the new JS edit Modal sperating Javascript vars with camelCase and php var with seperate_words 2022-02-19 16:17:07 -05:00
Marcus Hill 6f6f5a0217 Add document sharing via link #315 2022-02-19 20:02:14 +00:00
Johnny af4e09f534
Merge pull request #363 from wrongecho/services-certs 
Add functionality to link certificates to services
 2022-02-18 18:00:18 -05:00
johnnyq e00d4f693f Finished Adding Assigning Licenses to Device or Users under software 2022-02-18 17:58:11 -05:00
johnnyq f95a228141 Updated DB Structure, Added Seperate From Name and From Email to Invoices / Quotes and Tickets, seperated Quote and Invoice to their own settings pane 2022-02-18 15:26:16 -05:00
johnnyq 16968e0b97 Added Locale option for company, this works in conjunction with the way the currency is displayed 2022-02-18 11:14:14 -05:00