Merge branch 'develop' into bugfix/FOUR-26915

Author: nolanpro

ProcessMaker/Console/Kernel.php

@@ -88,6 +88,9 @@ protected function schedule(Schedule $schedule)
                 $schedule->command('metrics:clear')->cron("*/{$clearInterval} * * * *");
                 break;
         }
+
+        // 5 minutes is recommended in https://laravel.com/docs/12.x/horizon#metrics
+        $schedule->command('horizon:snapshot')->everyFiveMinutes();
     }
 
     /**

ProcessMaker/Exception/MultitenancyAccessedLandlord.php

@@ -5,11 +5,21 @@
 use Exception;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
+use ProcessMaker\Facades\Metrics;
 
 class MultitenancyAccessedLandlord extends Exception
 {
     public function render(Request $request): Response
     {
+        // If we're trying to access the /metrics route, collect landlord metrics and render them
+        if ($request->path() === 'metrics') {
+            Metrics::collectQueueMetrics();
+
+            return response(Metrics::renderMetrics(), 200, [
+                'Content-Type' => 'text/plain; version=0.0.4',
+            ]);
+        }
+
         return response()->view('multitenancy.landlord-landing-page');
     }
 

ProcessMaker/Http/Controllers/Admin/TenantQueueController.php

@@ -14,36 +14,12 @@
 
 class TenantQueueController extends Controller
 {
-    /**
-     * Constructor to check if tenant tracking is enabled.
-     */
-    public function __construct()
-    {
-        // Check if tenant job tracking is enabled
-        $enabled = TenantQueueServiceProvider::enabled();
-
-        if (!$enabled) {
-            if (!app()->runningInConsole()) {
-                abort(404, 'Tenant queue tracking is disabled');
-            }
-        }
-
-        // If the route binding has a tenant id, check if the user is allowed to access the tenant queue
-        if ($id = (int) request()->route('tenantId')) {
-            if (!TenantQueueServiceProvider::allowAllTenats() && $id !== app('currentTenant')?->id) {
-                throw new AuthorizationException();
-            }
-        }
-    }
-
     /**
      * Show the tenant jobs dashboard.
      */
     public function index()
     {
-        if (!Auth::user()->is_administrator) {
-            throw new AuthorizationException();
-        }
+        $this->checkPermissions();
 
         return view('admin.tenant-queues.index');
     }
@@ -53,9 +29,7 @@ public function index()
      */
     public function getTenants(): JsonResponse
     {
-        if (!Auth::user()->is_administrator) {
-            throw new AuthorizationException();
-        }
+        $this->checkPermissions();
 
         $tenantsWithJobs = TenantQueueServiceProvider::getTenantsWithJobs();
 
@@ -87,9 +61,7 @@ public function getTenants(): JsonResponse
      */
     public function getTenantJobs(Request $request, string $tenantId): JsonResponse
     {
-        if (!Auth::user()->is_administrator) {
-            throw new AuthorizationException();
-        }
+        $this->checkPermissions();
 
         $status = $request->get('status');
         $limit = min((int) $request->get('limit', 50), 100); // Max 100 jobs
@@ -125,9 +97,7 @@ public function getTenantStats(string $tenantId): JsonResponse
      */
     public function getOverallStats(): JsonResponse
     {
-        if (!Auth::user()->is_administrator) {
-            throw new AuthorizationException();
-        }
+        $this->checkPermissions();
 
         $tenantsWithJobs = TenantQueueServiceProvider::getTenantsWithJobs();
 
@@ -163,9 +133,7 @@ public function getOverallStats(): JsonResponse
      */
     public function getJobDetails(string $tenantId, string $jobId): JsonResponse
     {
-        if (!Auth::user()->is_administrator) {
-            throw new AuthorizationException();
-        }
+        $this->checkPermissions();
 
         $tenantKey = "tenant_jobs:{$tenantId}:{$jobId}";
         $jobData = Redis::hgetall($tenantKey);
@@ -199,9 +167,7 @@ public function getJobDetails(string $tenantId, string $jobId): JsonResponse
      */
     public function clearTenantJobs(string $tenantId): JsonResponse
     {
-        if (!Auth::user()->is_administrator) {
-            throw new AuthorizationException();
-        }
+        $this->checkPermissions();
 
         try {
             $pattern = "tenant_jobs:{$tenantId}:*";
@@ -228,4 +194,25 @@ public function clearTenantJobs(string $tenantId): JsonResponse
             return response()->json(['error' => 'Failed to clear tenant job data'], 500);
         }
     }
+
+    private function checkPermissions(): void
+    {
+        // Check if tenant job tracking is enabled
+        $enabled = TenantQueueServiceProvider::enabled();
+
+        if (!$enabled) {
+            throw new AuthorizationException('Tenant queue tracking is disabled');
+        }
+
+        if (!Auth::user()->is_administrator) {
+            throw new AuthorizationException();
+        }
+
+        // If the route binding has a tenant id, check if the user is allowed to access the tenant queue
+        if ($id = (int) request()->route('tenantId')) {
+            if (!TenantQueueServiceProvider::allowAllTenats() && $id !== app('currentTenant')?->id) {
+                throw new AuthorizationException();
+            }
+        }
+    }
 }

ProcessMaker/Http/Controllers/Api/ScriptExecutorController.php

@@ -59,7 +59,15 @@ public function index(Request $request)
     {
         $this->checkAuth($request);
 
-        return new ApiCollection(ScriptExecutor::nonSystem()->get());
+        $query = ScriptExecutor::nonSystem();
+
+        if ($request->has('order_by')) {
+            $order_by = $request->input('order_by');
+            $order_direction = $request->input('order_direction', 'ASC');
+            $query->orderBy($order_by, $order_direction);
+        }
+
+        return new ApiCollection($query->get());
     }
 
     /**

ProcessMaker/Http/Controllers/Api/TaskController.php

@@ -146,15 +146,15 @@ public function index(Request $request, $getTotal = false, User $user = null)
 
         $this->applyAdvancedFilter($query, $request);
 
-        $this->applyForCurrentUser($query, $user);
-
-        // Apply filter overdue
-        $query->overdue($request->input('overdue'));
-
         if ($request->input('processesIManage') === 'true') {
             $this->applyProcessManager($query, $user);
+        } else {
+            $this->applyForCurrentUser($query, $user);
         }
 
+        // Apply filter overdue
+        $query->overdue($request->input('overdue'));
+
         // If only the total is being requested (by a Saved Search), send it now
         if ($getTotal === true) {
             return $query->count();
@@ -168,6 +168,11 @@ public function index(Request $request, $getTotal = false, User $user = null)
 
         $response = $this->applyUserFilter($response, $request, $user);
 
+        if ($response->total() > 0 && $request->input('processesIManage') === 'true') {
+            // enable user manager in cache
+            $this->enableUserManager($user);
+        }
+
         $inOverdueQuery = ProcessRequestToken::query()
             ->whereIn('id', $response->pluck('id'))
             ->where('due_at', '<', Carbon::now());

ProcessMaker/Http/Controllers/Api/UserController.php

@@ -209,10 +209,14 @@ public function getUsersTaskCount(Request $request)
             $include_ids = explode(',', $include_ids_string);
         } elseif ($request->has('assignable_for_task_id')) {
             $task = ProcessRequestToken::findOrFail($request->input('assignable_for_task_id'));
-            if ($task->getAssignmentRule() === 'user_group') {
+            $assignmentRule = $task->getAssignmentRule();
+            if ($assignmentRule === 'user_group') {
                 // Limit the list of users to those that can be assigned to the task
                 $include_ids = $task->process->getAssignableUsers($task->element_id);
             }
+            if ($assignmentRule === 'rule_expression' && $request->has('form_data')) {
+                $include_ids = $task->getAssigneesFromExpression($request->input('form_data'));
+            }
         }
 
         if (!empty($include_ids)) {

ProcessMaker/Http/Kernel.php

@@ -92,6 +92,7 @@ class Kernel extends HttpKernel
         'session_kill' => Middleware\SessionControlKill::class,
         'no-cache' => Middleware\NoCache::class,
         'admin' => Middleware\IsAdmin::class,
+        'manager' => Middleware\IsManager::class,
         'etag' => Middleware\Etag\HandleEtag::class,
         'file_size_check' => Middleware\FileSizeCheck::class,
     ];