Feature/four 26166 b#8802
Open
caleeli wants to merge 957 commits into
Open
Conversation
FOUR-29250 End Event – External URL with Mustache Support
[46535] Rollback in Sub-Process Does Not Allow Parent Process to Continue (FAILING State)
FOUR-27394: Fix Case Title/Case # links in Requests table
FOUR-29116 | Add “Retention Policy” option under Admin > Logs
FOUR-29961: APPLICANT >> Improve Draft behavior
Add middleware to block authenticated users whose status is BLOCKED or INACTIVE. Introduces EnsureAccountAllowsAccess middleware (with blockingResponseForRequest and denyAccess helpers) that logs out the user, invalidates the session, and returns a JSON 401 for API requests or redirects to login with appropriate error messages for web requests. Wire the middleware into the HTTP kernel and update ProcessMakerAuthenticate to invoke the same blocking check after successful authentication so auth:api routes (core and packages) are also enforced.
- Added logic to prevent password reset for blocked users in ForgotPasswordController and ResetPasswordController. - Updated response messages for blocked accounts in language files. - Modified reset password view to retain email input value after validation errors.
task/FOUR-30041: Account Lock Fails to Invalidate Active Login Session
Account Lock Bypass via Password Reset Flow
Introduce CasesRetentionController with a logs() action to expose case retention policy logs. The endpoint supports text filtering, validated ordering (whitelisted columns), order direction, and paginated results (per_page default 10); when no valid order_by is provided it falls back to created_at descending. The controller uses DB::raw to transform dotted column notation into JSON extraction for ordering and returns results as an ApiCollection. Also registers the GET api/1.0/cases-retention/logs route under the existing authenticated API middleware group.
Treat case_ids as a native array across backend and frontend. Add a $casts entry on CaseRetentionPolicyLog and stop json-encoding case_ids in EvaluateProcessRetentionJob and the factory; update the unit test to assert the array value. On the UI side, introduce a dedicated CaseIdsTableCell Vue component (with preview + popover for overflow) and wire it into CasesRetentionLogs, replacing fake data with an API fetch and adjusting sorting/preview behavior.
Introduce applyLogsFilter to perform flexible searching across id, process_id, numeric columns (deleted_count, total_time_taken) and JSON case_ids, using driver-specific casting (ILIKE for pgsql, CAST(... AS CHAR) otherwise). Use request->filled('filter') and trim empty terms to avoid spurious queries. Replace the previous lowercase process_id-only filter with this broader implementation and remove unused imports (Response, DB, Log).
Connect Audit Logs UI to Case Retention API with Sorting, Search, and Overflow Handling
Ensure the 'view-all_cases' permission row exists and register a Gate in tests so the can:view-all_cases middleware is enforceable. Update the existing forbidden test to define the permission and Gate, and add two new tests: one that confirms a user can view their own cases (scoped by userId) without the global permission, and another that verifies a user cannot view another user's cases without the permission and that granting it restores access. Creates test data via factories and asserts correct response codes and payload counts.
Epic/FOUR-25679: FlowGenie Agent Enhancements: MCP Server Tools
FOUR-27838: Add the case number to all screens in the applicant process
FOUR-30819 Sanitize screen template config
Granular Permissions for Tasks
FOUR-31151 Fix issue when oauth client id is the same as the user id
Change the Processes I Manage saved search from IN PROGRESS to IN PROGRESS AND COMPLETED
[FOUR-31262] Trivial change: update release name
[FOUR-31263] Use .us Microsoft endpoints for Office365 OAuth
FOUR-31336 | Change on clients adding modal for plainSecret
FOUR-27623 | Users Can View All Cases Without “View All Cases” Permission
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue & Reproduction Steps
Describe the issue this ticket solves and describe how to reproduce the issue (please attach any fixtures used to reproduce the issue).
Solution
How to Test
Describe how to test that this solution works.
Related Tickets & Packages
Code Review Checklist