Feature/four 26166 b#8802
Open
caleeli wants to merge 964 commits into
Open
Conversation
FOUR-29116 | Add “Retention Policy” option under Admin > Logs
FOUR-29961: APPLICANT >> Improve Draft behavior
Add middleware to block authenticated users whose status is BLOCKED or INACTIVE. Introduces EnsureAccountAllowsAccess middleware (with blockingResponseForRequest and denyAccess helpers) that logs out the user, invalidates the session, and returns a JSON 401 for API requests or redirects to login with appropriate error messages for web requests. Wire the middleware into the HTTP kernel and update ProcessMakerAuthenticate to invoke the same blocking check after successful authentication so auth:api routes (core and packages) are also enforced.
- Added logic to prevent password reset for blocked users in ForgotPasswordController and ResetPasswordController. - Updated response messages for blocked accounts in language files. - Modified reset password view to retain email input value after validation errors.
task/FOUR-30041: Account Lock Fails to Invalidate Active Login Session
Account Lock Bypass via Password Reset Flow
Introduce CasesRetentionController with a logs() action to expose case retention policy logs. The endpoint supports text filtering, validated ordering (whitelisted columns), order direction, and paginated results (per_page default 10); when no valid order_by is provided it falls back to created_at descending. The controller uses DB::raw to transform dotted column notation into JSON extraction for ordering and returns results as an ApiCollection. Also registers the GET api/1.0/cases-retention/logs route under the existing authenticated API middleware group.
Treat case_ids as a native array across backend and frontend. Add a $casts entry on CaseRetentionPolicyLog and stop json-encoding case_ids in EvaluateProcessRetentionJob and the factory; update the unit test to assert the array value. On the UI side, introduce a dedicated CaseIdsTableCell Vue component (with preview + popover for overflow) and wire it into CasesRetentionLogs, replacing fake data with an API fetch and adjusting sorting/preview behavior.
Introduce applyLogsFilter to perform flexible searching across id, process_id, numeric columns (deleted_count, total_time_taken) and JSON case_ids, using driver-specific casting (ILIKE for pgsql, CAST(... AS CHAR) otherwise). Use request->filled('filter') and trim empty terms to avoid spurious queries. Replace the previous lowercase process_id-only filter with this broader implementation and remove unused imports (Response, DB, Log).
Connect Audit Logs UI to Case Retention API with Sorting, Search, and Overflow Handling
Security/FOUR-30042: Duplicate Email Allowed Across Multiple Accounts
Add async CSV export for case retention logs: introduces DownloadCaseRetentionLogExport job to stream query results to disk, two broadcast events (CaseRetentionLogExportReady / CaseRetentionLogExportFailed) to notify users, and controller endpoints to queue the export and serve a signed download URL. The controller uses CaseRetentionLogQueryFilter to apply the current filter when queuing and downloading; temporary signed URLs are generated with a 24-hour TTL. Frontend changes wire a button to hit the queue endpoint and session sync listeners show success/failure alerts with the download link. A feature test was added to verify job dispatch, filter propagation, and signed download streaming.
Introduce two new utilities for CaseRetention logs: - CaseRetentionLogCsvWriter: streams a query to a writable stream as CSV (no header), prepends a UTF-8 BOM, chunks results (500 rows), JSON-encodes array case_ids when present, and normalizes date columns using a csvDateColumn helper (returns empty string for nulls, formats DateTimeInterface as 'Y-m-d H:i:s'). - CaseRetentionLogQueryFilter: provides applyIfFilled (no-op for empty input) and apply methods to filter a Builder by term across id, process_id, numeric columns, and JSON case_ids; uses driver-specific SQL (ILIKE for pg, CAST to CHAR otherwise).
Delete two event classes: CaseRetentionLogExportReady and CaseRetentionLogExportFailed. Both implemented ShouldBroadcastNow and broadcasted export status to a PrivateChannel for a user with payload {success, message, link}. These removals clean up legacy broadcasting events related to case retention log exports.
Introduce CaseRetentionLogExportNotification and switch the export job to send database + broadcast notifications (notifyNow) with the signed download URL instead of firing events. Update notification strings in config. Adjust frontend notification handling: de-duplicate pushes, add showNavbarAlert resolver so export/download toasts include the download link, and update the Vue notification component to consider local unread counts for badge/display. Add a test to assert the export job sends a notification containing a download URL. Minor docblock tweaks in the controller.
Epic/FOUR-25679: FlowGenie Agent Enhancements: MCP Server Tools
FOUR-27838: Add the case number to all screens in the applicant process
FOUR-30819 Sanitize screen template config
Granular Permissions for Tasks
FOUR-31151 Fix issue when oauth client id is the same as the user id
Change the Processes I Manage saved search from IN PROGRESS to IN PROGRESS AND COMPLETED
[FOUR-31262] Trivial change: update release name
[FOUR-31263] Use .us Microsoft endpoints for Office365 OAuth
FOUR-31336 | Change on clients adding modal for plainSecret
FOUR-27623 | Users Can View All Cases Without “View All Cases” Permission
FOUR-31593: The caseNumber show a space empty when we use a control
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue & Reproduction Steps
Describe the issue this ticket solves and describe how to reproduce the issue (please attach any fixtures used to reproduce the issue).
Solution
How to Test
Describe how to test that this solution works.
Related Tickets & Packages
Code Review Checklist