# Millions Missing France - Freescout Restricted Customers ## Description In a regular Freescout instance, all users have access to the e-mails of all customers. That can easily lead to confidentiality breaches when multiple organizations share a same Freescout instance. This package tries to provide a solution to this problem, by linking each customer to a specific mailbox. The information related to a customer, especially their e-mail address, is only shown to users with access to the related mailbox. ## Disclaimer This is still a work in progress. Using any version prior to the (not yet released) 1.0.0 will lead to irrecuperable data loss. You have been warned. ## Installation instructions ### Install the package with composer ``` composer require "millions-missing-france/freescout-restricted-customers" "0.4.0" ``` ### Edit the application routes This package does not seem to correctly override the routes of the main application. Overriding them has to be done manually, in the two following files. #### routes/web.php This section of the file: ```php // Customers Route::get('/customers/{id}/edit', 'CustomersController@update')->name('customers.update'); Route::post('/customers/{id}/edit', 'CustomersController@updateSave'); Route::get('/customers/{id}/', 'CustomersController@conversations')->name('customers.conversations'); Route::get('/customers/ajax-search', ['uses' => 'CustomersController@ajaxSearch', 'laroute' => true])->name('customers.ajax_search'); Route::post('/customers/ajax', ['uses' => 'CustomersController@ajax', 'laroute' => true])->name('customers.ajax'); ``` should be replaced with: ```php // Customers Route::get('/customers/{id}/edit', '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CustomersController@update')->name('customers.update'); Route::post('/customers/{id}/edit', '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CustomersController@updateSave'); Route::get('/customers/{id}/', '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CustomersController@conversations')->name('customers.conversations'); Route::get('/customers/ajax-search', ['uses' => '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CustomersController@ajaxSearch', 'laroute' => true])->name('customers.ajax_search'); Route::post('/customers/ajax', ['uses' => '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CustomersController@ajax', 'laroute' => true])->name('customers.ajax'); ``` This other section should be edited too: ```php // Conversations Route::get('/conversation/{id}', ['uses' => 'ConversationsController@view', 'laroute' => true])->name('conversations.view'); Route::post('/conversation/ajax', ['uses' => 'ConversationsController@ajax', 'laroute' => true])->name('conversations.ajax'); Route::post('/conversation/upload', ['uses' => 'ConversationsController@upload', 'laroute' => true])->name('conversations.upload'); Route::get('/mailbox/{mailbox_id}/new-ticket', 'ConversationsController@create')->name('conversations.create'); Route::get('/mailbox/{mailbox_id}/clone-ticket/{from_thread_id}', 'ConversationsController@cloneConversation')->name('conversations.clone_conversation'); //Route::get('/conversation/draft/{id}', 'ConversationsController@draft')->name('conversations.draft'); Route::get('/conversation/ajax-html/{action}', ['uses' => 'ConversationsController@ajaxHtml', 'laroute' => true])->name('conversations.ajax_html'); Route::get('/search', 'ConversationsController@search')->name('conversations.search'); Route::get('/conversation/undo-reply/{thread_id}', 'ConversationsController@undoReply')->name('conversations.undo'); Route::get('/mailbox/{mailbox_id}/chats', 'ConversationsController@chats')->name('conversations.chats'); ``` and replaced with: ```php // Conversations Route::get('/conversation/{id}', ['uses' => 'ConversationsController@view', 'laroute' => true])->name('conversations.view'); Route::post('/conversation/ajax', ['uses' => 'ConversationsController@ajax', 'laroute' => true])->name('conversations.ajax'); Route::post('/conversation/upload', ['uses' => 'ConversationsController@upload', 'laroute' => true])->name('conversations.upload'); Route::get('/mailbox/{mailbox_id}/new-ticket', 'ConversationsController@create')->name('conversations.create'); Route::get('/mailbox/{mailbox_id}/clone-ticket/{from_thread_id}', 'ConversationsController@cloneConversation')->name('conversations.clone_conversation'); //Route::get('/conversation/draft/{id}', 'ConversationsController@draft')->name('conversations.draft'); Route::get('/conversation/ajax-html/{action}', ['uses' => 'ConversationsController@ajaxHtml', 'laroute' => true])->name('conversations.ajax_html'); Route::get('/search', '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\ConversationsController@search')->name('conversations.search'); Route::get('/conversation/undo-reply/{thread_id}', 'ConversationsController@undoReply')->name('conversations.undo'); Route::get('/mailbox/{mailbox_id}/chats', 'ConversationsController@chats')->name('conversations.chats'); ``` #### Modules/Crm/Http/routes.php The following list of routes: ```php Route::group(['middleware' => ['web', 'auth', 'roles'], 'roles' => ['user', 'admin'], 'prefix' => \Helper::getSubdirectory(), 'namespace' => 'Modules\Crm\Http\Controllers'], function() { Route::get('/customers/new', 'CrmController@createCustomer')->name('crm.create_customer'); Route::post('/customers/new', 'CrmController@createCustomerSave'); Route::get('/crm/ajax-html/{action}/{param?}', ['uses' => 'CrmController@ajaxHtml'])->name('crm.ajax_html'); Route::get('/customers/fields/ajax-search', ['uses' => 'CrmController@ajaxSearch', 'laroute' => true])->name('crm.ajax_search'); Route::post('/crm/ajax', ['uses' => 'CrmController@ajax', 'laroute' => true])->name('crm.ajax'); }); Route::group(['middleware' => ['web', 'auth', 'roles'], 'roles' => ['admin'], 'prefix' => \Helper::getSubdirectory(), 'namespace' => 'Modules\Crm\Http\Controllers'], function() { Route::post('/customers/export', ['uses' => 'CrmController@export'])->name('crm.export'); Route::post('/crm/ajax-admin', ['uses' => 'CrmController@ajaxAdmin', 'laroute' => true])->name('crm.ajax_admin'); }); ``` should be replaced with: ```php Route::group(['middleware' => ['web', 'auth', 'roles'], 'roles' => ['user', 'admin'], 'prefix' => \Helper::getSubdirectory(), 'namespace' => 'MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers'], function() { Route::get('/customers/new', '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CrmController@createCustomer')->name('freescout-restricted-customers.create_customer'); Route::post('/customers/new', '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CrmController@createCustomerSave'); Route::get('/crm/ajax-html/{action}/{param?}', ['uses' => '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CrmController@ajaxHtml'])->name('crm.ajax_html'); Route::get('/customers/fields/ajax-search', ['uses' => '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CrmController@ajaxSearch', 'laroute' => true])->name('crm.ajax_search'); Route::post('/crm/ajax', ['uses' => '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CrmController@ajax', 'laroute' => true])->name('crm.ajax'); }); Route::group(['middleware' => ['web', 'auth', 'roles'], 'roles' => ['admin'], 'prefix' => \Helper::getSubdirectory(), 'namespace' => '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers'], function() { Route::post('/customers/export', ['uses' => '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CrmController@export'])->name('crm.export'); Route::post('/crm/ajax-admin', ['uses' => '\MillionsMissingFrance\FreescoutRestrictedCustomers\Http\Controllers\CrmController@ajaxAdmin', 'laroute' => true])->name('crm.ajax_admin'); }); ``` #### Modules/Crm/Providers/CrmServiceProvider.php At line 173, this route call: ```php $html = __('Customers').' \' class="btn btn-bordered btn-xs" style="position:relative;top:-1px;margin-left:4px;">'; ``` should be replaced with: ```php $html = __('Customers').' \' class="btn btn-bordered btn-xs" style="position:relative;top:-1px;margin-left:4px;">'; ``` ### Update the database schema ``` php artisan migrate ```