freescout-restricted-customers/README.md

7.3 KiB

Millions Missing France - Freescout Restricted Customers

Description

In a regular Freescout instance, all users have access to the e-mails of all customers. That can easily lead to confidentiality breaches when multiple organizations share a same Freescout instance.

This package tries to provide a solution to this problem, by linking each customer to a specific mailbox. The information related to a customer, especially their e-mail address, is only shown to users with access to the related mailbox.

Data loss warning

When this module is installed, it will link customers to mailboxes. Customers added once this module is active will be linked to mailboxes too. On uninstallation, simply unlinking them could cause several problems:

  • It could break unicity constraints, as two customers linked to disctinct mailboxes are allowed to use the same e-mail address as long as the module is active;
  • It would break the confidentiality promise, by letting all users having access to all customers.

To avoid these problems, on the module uninstallation all the customers linked to mailboxes are dropped from the database. This is an irreversible operation, the customers deleted that way are gone for good.

So it is highly recommended to backup your customers database:

  • Before installing this module;
  • Before uninstalling this module.

Disclaimer

This is still a work in progress. Using any version prior to the (not yet released) 1.0.0 might lead to irrecuperable data loss. You have been warned.

Installation instructions

Install the module

Install from the archive

Download the release tarball and extract its content into Modules/MMFRestrictedCustomers.

wget https://port.numenaute.org/MMF/freescout-restricted-customers/archive/0.8.1.tar.gz -O freescout-restricted-customers-0.8.1.tar.gz
tar xf freescout-restricted-customers-0.8.1.tar.gz -C Modules
mv Modules/freescout-restricted-customers Modules/MMFRestrictedCustomers

Install from git

git clone https://port.numenaute.org/MMF/freescout-restricted-customers.git Modules/MMFRestrictedCustomers

Edit the application routes

Routes set in other modules or in Freescout itself can not be automatically overridden. Overriding them has to be done manually, in the three following files.

routes/web.php

This section of the file:

// Customers
Route::get('/customers/{id}/edit', 'CustomersController@update')->name('customers.update');
Route::post('/customers/{id}/edit', 'CustomersController@updateSave');
Route::get('/customers/{id}/', 'CustomersController@conversations')->name('customers.conversations');
Route::get('/customers/ajax-search', ['uses' => 'CustomersController@ajaxSearch', 'laroute' => true])->name('customers.ajax_search');
Route::post('/customers/ajax', ['uses' => 'CustomersController@ajax', 'laroute' => true])->name('customers.ajax');

should be replaced with:

// Customers
Route::get('/customers/{id}/edit', '\Modules\MMFRestrictedCustomers\Http\Controllers\CustomersController@update')->name('customers.update');
Route::post('/customers/{id}/edit', 'CustomersController@updateSave');
Route::get('/customers/{id}/', '\Modules\MMFRestrictedCustomers\Http\Controllers\CustomersController@conversations')->name('customers.conversations');
Route::get('/customers/ajax-search', ['uses' => '\Modules\MMFRestrictedCustomers\Http\Controllers\CustomersController@ajaxSearch', 'laroute' => true])->name('customers.ajax_search');
Route::post('/customers/ajax', ['uses' => '\Modules\MMFRestrictedCustomers\Http\Controllers\CustomersController@ajax', 'laroute' => true])->name('customers.ajax');

Modules/Crm/Http/routes.php

The following list of routes:

Route::group(['middleware' => ['web', 'auth', 'roles'], 'roles' => ['user', 'admin'], 'prefix' => \Helper::getSubdirectory(), 'namespace' => 'Modules\Crm\Http\Controllers'], function()
{
    Route::get('/customers/new', 'CrmController@createCustomer')->name('crm.create_customer');
    Route::post('/customers/new', 'CrmController@createCustomerSave');
    Route::get('/crm/ajax-html/{action}/{param?}', ['uses' => 'CrmController@ajaxHtml'])->name('crm.ajax_html');
    Route::get('/customers/fields/ajax-search', ['uses' => 'CrmController@ajaxSearch', 'laroute' => true])->name('crm.ajax_search');
    Route::post('/crm/ajax', ['uses' => 'CrmController@ajax', 'laroute' => true])->name('crm.ajax');
});

should be replaced with:

Route::group(['middleware' => ['web', 'auth', 'roles'], 'roles' => ['user', 'admin'], 'prefix' => \Helper::getSubdirectory(), 'namespace' => 'Modules\MMFRestrictedCustomers\Http\Controllers'], function()
{
    Route::get('/customers/new', 'CrmController@createCustomer')->name('mmfrestrictedcustomers.create_customer');
    Route::post('/customers/new', 'CrmController@createCustomerSave');
    Route::get('/crm/ajax-html/{action}/{param?}', ['uses' => '\Modules\Crm\Http\Controllers\CrmController@ajaxHtml'])->name('crm.ajax_html');
    Route::get('/customers/fields/ajax-search', ['uses' => 'CrmController@ajaxSearch', 'laroute' => true])->name('crm.ajax_search');
    Route::post('/crm/ajax', ['uses' => 'CrmController@ajax', 'laroute' => true])->name('crm.ajax');
});

Modules/Crm/Providers/CrmServiceProvider.php

At line 173, this route call:

                $html = __('Customers').' <a href="#" data-trigger="modal" data-modal-title="'.__('Add Customer').'" data-modal-size="lg" data-modal-no-footer="true" data-modal-body=\'<iframe src="'.route('crm.create_customer', ['x_embed' => 1]).'" frameborder="0" class="modal-iframe"></iframe>\' class="btn btn-bordered btn-xs" style="position:relative;top:-1px;margin-left:4px;"><i class="glyphicon glyphicon-plus" title="'.__('Add Customer').'" data-toggle="tooltip"></i></a>';

should be replaced with:

                $html = __('Customers').' <a href="#" data-trigger="modal" data-modal-title="'.__('Add Customer').'" data-modal-size="lg" data-modal-no-footer="true" data-modal-body=\'<iframe src="'.route('mmfrestrictedcustomers.create_customer', ['x_embed' => 1]).'" frameborder="0" class="modal-iframe"></iframe>\' class="btn btn-bordered btn-xs" style="position:relative;top:-1px;margin-left:4px;"><i class="glyphicon glyphicon-plus" title="'.__('Add Customer').'" data-toggle="tooltip"></i></a>';

Edit the artisan commands

Console commands set in other modules or in Freescout itself can not be automatically overridden. Overriding them has to be done manually, in the following file.

app/Console/Kernel.php

At the lines 107-108, this:

        $fetch_command_identifier = \Helper::getWorkerIdentifier('freescout:fetch-emails');
        $fetch_command_name = 'freescout:fetch-emails'

should be replaced with:

        $fetch_command_identifier = \Helper::getWorkerIdentifier('mmfrestrictedcustomers:fetch-emails');
        $fetch_command_name = 'mmfrestrictedcustomers:fetch-emails'

Update the database schema

php artisan migrate

Use the updated views

Beware that this will overwrite any customization you might have done to the following templates:

  • resources/views/conversations/search.blade.php
php artisan vendor:publish --provider='Modules\MMFRestrictedCustomers\Providers\MMFRestrictedCustomersServiceProvider' --tag='views' --force