Release 0.11.2

docs - av eset

.devcontainer/.env.example

@@ -23,6 +23,9 @@ POSTGRES_USER=postgres
 POSTGRES_PASS=postgrespass
 
 # DEV SETTINGS
-APP_PORT=8000
-API_PORT=8080
+APP_PORT=80
+API_PORT=80
 HTTP_PROTOCOL=https
+DOCKER_NETWORK=172.21.0.0/24
+DOCKER_NGINX_IP=172.21.0.20
+NATS_PORTS=4222:4222

.devcontainer/api.dockerfile

@@ -1,7 +1,6 @@
-FROM python:3.8-slim
+FROM python:3.9.9-slim
 
 ENV TACTICAL_DIR /opt/tactical
-ENV TACTICAL_GO_DIR /usr/local/rmmgo
 ENV TACTICAL_READY_FILE ${TACTICAL_DIR}/tmp/tactical.ready
 ENV WORKSPACE_DIR /workspace
 ENV TACTICAL_USER tactical
@@ -9,20 +8,18 @@ ENV VIRTUAL_ENV ${WORKSPACE_DIR}/api/tacticalrmm/env
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
-EXPOSE 8000
+EXPOSE 8000 8383 8005
 
 RUN groupadd -g 1000 tactical && \
     useradd -u 1000 -g 1000 tactical
 
-# Copy Go Files
-COPY --from=golang:1.15 /usr/local/go ${TACTICAL_GO_DIR}/go
+# Copy dev python reqs
+COPY .devcontainer/requirements.txt  /
 
-# Copy Dev python reqs
-COPY ./requirements.txt /
-
-# Copy Docker Entrypoint
-COPY ./entrypoint.sh /
+# Copy docker entrypoint.sh
+COPY .devcontainer/entrypoint.sh /
 RUN chmod +x /entrypoint.sh
+
 ENTRYPOINT ["/entrypoint.sh"]
 
 WORKDIR ${WORKSPACE_DIR}/api/tacticalrmm

.devcontainer/docker-compose.yml

@@ -2,11 +2,13 @@ version: '3.4'
 
 services:
   api-dev:
+    container_name: trmm-api-dev
     image: api-dev
+    restart: always
     build:
-      context: .
-      dockerfile: ./api.dockerfile
-    command: ["tactical-api"]
+      context: ..
+      dockerfile: .devcontainer/api.dockerfile
+    command: [ "tactical-api" ]
     environment:
       API_PORT: ${API_PORT}
     ports:
@@ -16,12 +18,15 @@ services:
       - ..:/workspace:cached
     networks:
       dev:
-        aliases: 
+        aliases:
           - tactical-backend
 
   app-dev:
-    image: node:12-alpine
-    command: /bin/sh -c "npm install && npm run serve -- --host 0.0.0.0 --port ${APP_PORT}"
+    container_name: trmm-app-dev
+    image: node:14-alpine
+    restart: always
+    command: /bin/sh -c "npm install npm@latest -g && npm install && npm run serve
+      -- --host 0.0.0.0 --port ${APP_PORT}"
     working_dir: /workspace/web
     volumes:
       - ..:/workspace:cached
@@ -29,11 +34,12 @@ services:
       - "8080:${APP_PORT}"
     networks:
       dev:
-        aliases: 
+        aliases:
           - tactical-frontend
 
   # nats
   nats-dev:
+    container_name: trmm-nats-dev
     image: ${IMAGE_REPO}tactical-nats:${VERSION}
     restart: always
     environment:
@@ -41,7 +47,7 @@ services:
       API_PORT: ${API_PORT}
       DEV: 1
     ports:
-      - "4222:4222"
+      - "${NATS_PORTS}"
     volumes:
       - tactical-data-dev:/opt/tactical
       - ..:/workspace:cached
@@ -53,15 +59,16 @@ services:
 
   # meshcentral container
   meshcentral-dev:
+    container_name: trmm-meshcentral-dev
     image: ${IMAGE_REPO}tactical-meshcentral:${VERSION}
     restart: always
-    environment: 
+    environment:
       MESH_HOST: ${MESH_HOST}
       MESH_USER: ${MESH_USER}
       MESH_PASS: ${MESH_PASS}
       MONGODB_USER: ${MONGODB_USER}
       MONGODB_PASSWORD: ${MONGODB_PASSWORD}
-      NGINX_HOST_IP: 172.21.0.20
+      NGINX_HOST_IP: ${DOCKER_NGINX_IP}
     networks:
       dev:
         aliases:
@@ -75,6 +82,7 @@ services:
 
   # mongodb container for meshcentral
   mongodb-dev:
+    container_name: trmm-mongodb-dev
     image: mongo:4.4
     restart: always
     environment:
@@ -90,6 +98,7 @@ services:
 
   # postgres database for api service
   postgres-dev:
+    container_name: trmm-postgres-dev
     image: postgres:13-alpine
     restart: always
     environment:
@@ -105,20 +114,22 @@ services:
 
   # redis container for celery tasks
   redis-dev:
+    container_name: trmm-redis-dev
     restart: always
+    command: redis-server --appendonly yes
     image: redis:6.0-alpine
+    volumes:
+      - redis-data-dev:/data
     networks:
       dev:
         aliases:
           - tactical-redis
 
   init-dev:
+    container_name: trmm-init-dev
     image: api-dev
-    build:
-      context: .
-      dockerfile: ./api.dockerfile
     restart: on-failure
-    command: ["tactical-init-dev"]
+    command: [ "tactical-init-dev" ]
     environment:
       POSTGRES_USER: ${POSTGRES_USER}
       POSTGRES_PASS: ${POSTGRES_PASS}
@@ -141,11 +152,9 @@ services:
 
   # container for celery worker service
   celery-dev:
+    container_name: trmm-celery-dev
     image: api-dev
-    build:
-      context: .
-      dockerfile: ./api.dockerfile
-    command: ["tactical-celery-dev"]
+    command: [ "tactical-celery-dev" ]
     restart: always
     networks:
       - dev
@@ -158,11 +167,9 @@ services:
 
   # container for celery beat service
   celerybeat-dev:
+    container_name: trmm-celerybeat-dev
     image: api-dev
-    build:
-      context: .
-      dockerfile: ./api.dockerfile
-    command: ["tactical-celerybeat-dev"]
+    command: [ "tactical-celerybeat-dev" ]
     restart: always
     networks:
       - dev
@@ -173,8 +180,26 @@ services:
       - postgres-dev
       - redis-dev
 
-  nginx-dev:
+  # container for websockets communication
+  websockets-dev:
+    container_name: trmm-websockets-dev
+    image: api-dev
+    command: [ "tactical-websockets-dev" ]
+    restart: always
+    networks:
+      dev:
+        aliases:
+          - tactical-websockets
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - ..:/workspace:cached
+    depends_on:
+      - postgres-dev
+      - redis-dev
+
   # container for tactical reverse proxy
+  nginx-dev:
+    container_name: trmm-nginx-dev
     image: ${IMAGE_REPO}tactical-nginx:${VERSION}
     restart: always
     environment:
@@ -185,20 +210,34 @@ services:
       CERT_PRIV_KEY: ${CERT_PRIV_KEY}
       APP_PORT: ${APP_PORT}
       API_PORT: ${API_PORT}
+      DEV: 1
     networks:
       dev:
-        ipv4_address: 172.21.0.20
+        ipv4_address: ${DOCKER_NGINX_IP}
     ports:
       - "80:80"
       - "443:443"
     volumes:
       - tactical-data-dev:/opt/tactical
 
+  mkdocs-dev:
+    container_name: trmm-mkdocs-dev
+    image: api-dev
+    restart: always
+    command: [ "tactical-mkdocs-dev" ]
+    ports:
+      - "8005:8005"
+    volumes:
+      - ..:/workspace:cached
+    networks:
+      - dev
+
 volumes:
-  tactical-data-dev:
-  postgres-data-dev:
-  mongo-dev-data:
-  mesh-data-dev:
+  tactical-data-dev: null
+  postgres-data-dev: null
+  mongo-dev-data: null
+  mesh-data-dev: null
+  redis-data-dev: null
 
 networks:
   dev:
@@ -206,4 +245,4 @@ networks:
     ipam:
       driver: default
       config:
-        - subnet: 172.21.0.0/24  
+        - subnet: ${DOCKER_NETWORK}

.devcontainer/entrypoint.sh

@@ -9,7 +9,8 @@ set -e
 : "${POSTGRES_USER:=tactical}"
 : "${POSTGRES_PASS:=tactical}"
 : "${POSTGRES_DB:=tacticalrmm}"
-: "${MESH_CONTAINER:=tactical-meshcentral}"
+: "${MESH_SERVICE:=tactical-meshcentral}"
+: "${MESH_WS_URL:=ws://${MESH_SERVICE}:443}"
 : "${MESH_USER:=meshcentral}"
 : "${MESH_PASS:=meshcentralpass}"
 : "${MESH_HOST:=tactical-meshcentral}"
@@ -20,6 +21,9 @@ set -e
 : "${APP_PORT:=8080}"
 : "${API_PORT:=8000}"
 
+: "${CERT_PRIV_PATH:=${TACTICAL_DIR}/certs/privkey.pem}"
+: "${CERT_PUB_PATH:=${TACTICAL_DIR}/certs/fullchain.pem}"
+
 # Add python venv to path
 export PATH="${VIRTUAL_ENV}/bin:$PATH"
 
@@ -37,7 +41,7 @@ function django_setup {
     sleep 5
   done
 
-  until (echo > /dev/tcp/"${MESH_CONTAINER}"/443) &> /dev/null; do
+  until (echo > /dev/tcp/"${MESH_SERVICE}"/443) &> /dev/null; do
     echo "waiting for meshcentral container to be ready..."
     sleep 5
   done
@@ -45,7 +49,7 @@ function django_setup {
   echo "setting up django environment"
 
   # configure django settings
-  MESH_TOKEN=$(cat ${TACTICAL_DIR}/tmp/mesh_token)
+  MESH_TOKEN="$(cat ${TACTICAL_DIR}/tmp/mesh_token)"
 
   DJANGO_SEKRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 80 | head -n 1)
   
@@ -56,8 +60,8 @@ DEBUG = True
 
 DOCKER_BUILD = True
 
-CERT_FILE = '/opt/tactical/certs/fullchain.pem'
-KEY_FILE = '/opt/tactical/certs/privkey.pem'
+CERT_FILE = '${CERT_PUB_PATH}'
+KEY_FILE = '${CERT_PRIV_PATH}'
 
 SCRIPTS_DIR = '${WORKSPACE_DIR}/scripts'
 
@@ -78,57 +82,44 @@ DATABASES = {
     }
 }
 
-REST_FRAMEWORK = {
-    'DATETIME_FORMAT': '%b-%d-%Y - %H:%M',
-
-    'DEFAULT_PERMISSION_CLASSES': (
-        'rest_framework.permissions.IsAuthenticated',
-    ),
-    'DEFAULT_AUTHENTICATION_CLASSES': (
-        'knox.auth.TokenAuthentication',
-    ),
-}
-
-if not DEBUG:
-    REST_FRAMEWORK.update({
-        'DEFAULT_RENDERER_CLASSES': (
-            'rest_framework.renderers.JSONRenderer',
-        )
-    })
-
 MESH_USERNAME = '${MESH_USER}'
 MESH_SITE = 'https://${MESH_HOST}'
 MESH_TOKEN_KEY = '${MESH_TOKEN}'
 REDIS_HOST    = '${REDIS_HOST}'
+MESH_WS_URL = '${MESH_WS_URL}'
+ADMIN_ENABLED = True
 EOF
 )"
 
   echo "${localvars}" > ${WORKSPACE_DIR}/api/tacticalrmm/tacticalrmm/local_settings.py
 
   # run migrations and init scripts
-  python manage.py migrate --no-input
-  python manage.py collectstatic --no-input
-  python manage.py initial_db_setup
-  python manage.py initial_mesh_setup
-  python manage.py load_chocos
-  python manage.py load_community_scripts
-  python manage.py reload_nats
+  "${VIRTUAL_ENV}"/bin/python manage.py migrate --no-input
+  "${VIRTUAL_ENV}"/bin/python manage.py collectstatic --no-input
+  "${VIRTUAL_ENV}"/bin/python manage.py initial_db_setup
+  "${VIRTUAL_ENV}"/bin/python manage.py initial_mesh_setup
+  "${VIRTUAL_ENV}"/bin/python manage.py load_chocos
+  "${VIRTUAL_ENV}"/bin/python manage.py load_community_scripts
+  "${VIRTUAL_ENV}"/bin/python manage.py reload_nats
+  "${VIRTUAL_ENV}"/bin/python manage.py create_natsapi_conf
+  "${VIRTUAL_ENV}"/bin/python manage.py create_installer_user
+    "${VIRTUAL_ENV}"/bin/python manage.py post_update_tasks
+  
 
   # create super user 
   echo "from accounts.models import User; User.objects.create_superuser('${TRMM_USER}', 'admin@example.com', '${TRMM_PASS}') if not User.objects.filter(username='${TRMM_USER}').exists() else 0;" | python manage.py shell
-
 }
 
 if [ "$1" = 'tactical-init-dev' ]; then
 
   # make directories if they don't exist
-  mkdir -p ${TACTICAL_DIR}/tmp
+  mkdir -p "${TACTICAL_DIR}/tmp"
 
   test -f "${TACTICAL_READY_FILE}" && rm "${TACTICAL_READY_FILE}"
 
   # setup Python virtual env and install dependencies
-  test -f ${VIRTUAL_ENV} && python -m venv --copies ${VIRTUAL_ENV}
-  pip install --no-cache-dir -r /requirements.txt
+  ! test -e "${VIRTUAL_ENV}" && python -m venv ${VIRTUAL_ENV}
+  "${VIRTUAL_ENV}"/bin/pip install --no-cache-dir -r /requirements.txt
 
   django_setup
 
@@ -136,10 +127,11 @@ if [ "$1" = 'tactical-init-dev' ]; then
   webenv="$(cat << EOF
 PROD_URL = "${HTTP_PROTOCOL}://${API_HOST}"
 DEV_URL = "${HTTP_PROTOCOL}://${API_HOST}"
-APP_URL = https://${APP_HOST}
+APP_URL = "https://${APP_HOST}"
+DOCKER_BUILD = 1
 EOF
 )"
-  echo "${webenv}" | tee ${WORKSPACE_DIR}/web/.env > /dev/null
+  echo "${webenv}" | tee "${WORKSPACE_DIR}"/web/.env > /dev/null
 
   # chown everything to tactical user
   chown -R "${TACTICAL_USER}":"${TACTICAL_USER}" "${WORKSPACE_DIR}"
@@ -150,20 +142,27 @@ EOF
 fi
 
 if [ "$1" = 'tactical-api' ]; then
-  cp ${WORKSPACE_DIR}/api/tacticalrmm/core/goinstaller/bin/goversioninfo /usr/local/bin/goversioninfo
-  chmod +x /usr/local/bin/goversioninfo
-  
   check_tactical_ready
-  python manage.py runserver 0.0.0.0:${API_PORT}
+  "${VIRTUAL_ENV}"/bin/python manage.py runserver 0.0.0.0:"${API_PORT}"
 fi
 
 if [ "$1" = 'tactical-celery-dev' ]; then
   check_tactical_ready
-  env/bin/celery -A tacticalrmm worker -l debug
+  "${VIRTUAL_ENV}"/bin/celery -A tacticalrmm worker -l debug
 fi
 
 if [ "$1" = 'tactical-celerybeat-dev' ]; then
   check_tactical_ready
   test -f "${WORKSPACE_DIR}/api/tacticalrmm/celerybeat.pid" && rm "${WORKSPACE_DIR}/api/tacticalrmm/celerybeat.pid"
-  env/bin/celery -A tacticalrmm beat -l debug
+  "${VIRTUAL_ENV}"/bin/celery -A tacticalrmm beat -l debug
+fi
+
+if [ "$1" = 'tactical-websockets-dev' ]; then
+  check_tactical_ready
+  "${VIRTUAL_ENV}"/bin/daphne tacticalrmm.asgi:application --port 8383 -b 0.0.0.0
+fi
+
+if [ "$1" = 'tactical-mkdocs-dev' ]; then
+  cd "${WORKSPACE_DIR}/docs"
+  "${VIRTUAL_ENV}"/bin/mkdocs serve
 fi

.devcontainer/requirements.txt

@@ -1,44 +1,39 @@
 # To ensure app dependencies are ported from your virtual environment/host machine into your container, run 'pip freeze > requirements.txt' in the terminal to overwrite this file
-amqp==2.6.1
-asgiref==3.3.1
-asyncio-nats-client==0.11.4
-billiard==3.6.3.0
-celery==4.4.6
-certifi==2020.12.5
-cffi==1.14.3
-chardet==3.0.4
-cryptography==3.2.1
-decorator==4.4.2
-Django==3.1.4
-django-cors-headers==3.5.0
-django-rest-knox==4.1.0
-djangorestframework==3.12.2
-future==0.18.2
-idna==2.10
-kombu==4.6.11
-loguru==0.5.3
-msgpack==1.0.0
-packaging==20.4
-psycopg2-binary==2.8.6
-pycparser==2.20
-pycryptodome==3.9.9
-pyotp==2.4.1
-pyparsing==2.4.7
-pytz==2020.4
-qrcode==6.1
-redis==3.5.3
-requests==2.25.0
-six==1.15.0
-sqlparse==0.4.1
-twilio==6.49.0
-urllib3==1.26.2
-validators==0.18.1
-vine==1.3.0
-websockets==8.1
-zipp==3.4.0
+asyncio-nats-client
+celery
+channels
+channels_redis
+django-ipware
+Django==3.2.10
+django-cors-headers
+django-rest-knox
+djangorestframework
+loguru
+msgpack
+psycopg2-binary
+pycparser
+pycryptodome
+pyotp
+pyparsing
+pytz
+qrcode
+redis
+twilio
+packaging
+validators
+websockets
 black
 Werkzeug
 django-extensions
 coverage
 coveralls
 model_bakery
+mkdocs
+mkdocs-material
+pymdown-extensions
+Pygments
+mypy
+pysnooper
+isort
+drf_spectacular
+pandas

.github/FUNDING.yml

@@ -3,7 +3,7 @@
 github: wh1te909
 patreon: # Replace with a single Patreon username
 open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
+ko_fi: tacticalrmm
 tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
 community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
 liberapay: # Replace with a single Liberapay username

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a bug report
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Server Info (please complete the following information):**
+ - OS: [e.g. Ubuntu 20.04, Debian 10]
+ - Browser: [e.g. chrome, safari]
+ - RMM Version (as shown in top left of web UI):
+
+**Installation Method:**
+  - [ ] Standard
+  - [ ] Docker
+
+**Agent Info (please complete the following information):**
+- Agent version (as shown in the 'Summary' tab of the agent from web UI):
+- Agent OS: [e.g. Win 10 v2004, Server 2012 R2]
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ develop ]
+  schedule:
+    - cron: '19 14 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go', 'javascript', 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/deploy-docs.yml

@@ -0,0 +1,22 @@
+name: Deploy Docs
+on:
+  push:
+    branches:
+      - master
+
+defaults:
+  run:
+    working-directory: docs
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.x
+      - run: pip install --upgrade pip
+      - run: pip install --upgrade setuptools wheel
+      - run: pip install mkdocs mkdocs-material pymdown-extensions
+      - run: mkdocs gh-deploy --force

.github/workflows/devskim-analysis.yml

@@ -0,0 +1,34 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: DevSkim
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    branches: [ develop ]
+  schedule:
+    - cron: '19 5 * * 0'
+
+jobs:
+  lint:
+    name: DevSkim
+    runs-on: ubuntu-20.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Run DevSkim scanner
+        uses: microsoft/DevSkim-Action@v1
+        
+      - name: Upload DevSkim scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: devskim-results.sarif

.gitignore

@@ -45,3 +45,9 @@ htmlcov/
 docker-compose.dev.yml
 docs/.vuepress/dist
 nats-rmm.conf
+.mypy_cache
+docs/site/
+reset_db.sh
+run_go_cmd.py
+nats-api.conf
+

.vscode/settings.json

@@ -3,7 +3,14 @@
     "python.languageServer": "Pylance",
     "python.analysis.extraPaths": [
         "api/tacticalrmm",
+        "api/env",
     ],
+    "python.analysis.diagnosticSeverityOverrides": {
+        "reportUnusedImport": "error",
+        "reportDuplicateImport": "error",
+    },
+    "python.analysis.memory.keepLibraryAst": true,
+    "python.linting.mypyEnabled": true,
     "python.analysis.typeCheckingMode": "basic",
     "python.formatting.provider": "black",
     "editor.formatOnSave": true,

README.md

@@ -8,13 +8,13 @@
 Tactical RMM is a remote monitoring & management tool for Windows computers, built with Django and Vue.\
 It uses an [agent](https://github.com/wh1te909/rmmagent) written in golang and integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral)
 
-# [LIVE DEMO](https://rmm.xlawgaming.com/)
-Demo database resets every hour. Alot of features are disabled for obvious reasons due to the nature of this app.
-
-*Tactical RMM is currently in alpha and subject to breaking changes. Use in production at your own risk.*
+# [LIVE DEMO](https://rmm.tacticalrmm.io/)
+Demo database resets every hour. A lot of features are disabled for obvious reasons due to the nature of this app.
 
 ### [Discord Chat](https://discord.gg/upGTkWp)
 
+### [Documentation](https://wh1te909.github.io/tacticalrmm/)
+
 ## Features
 
 - Teamviewer-like remote desktop control
@@ -33,98 +33,6 @@ Demo database resets every hour. Alot of features are disabled for obvious reaso
 
 - Windows 7, 8.1, 10, Server 2008R2, 2012R2, 2016, 2019
 
-## Installation
+## Installation / Backup / Restore / Usage
 
-### Requirements
-- VPS with 4GB ram (an install script is provided for Ubuntu Server 20.04 / Debian 10)
-- A domain you own with at least 3 subdomains
-- Google Authenticator app (2 factor is NOT optional)
-
-### Docker
-Refer to the [docker setup](docker/readme.md)
-
-
-### Installation example (Ubuntu server 20.04 LTS)
-
-Fresh VPS with latest updates\
-login as root and create a user and add to sudoers group (we will be creating a user called tactical)
-```
-apt update && apt -y upgrade
-adduser tactical
-usermod -a -G sudo tactical
-```
-
-switch to the tactical user and setup the firewall
-```
-su - tactical
-sudo ufw default deny incoming
-sudo ufw default allow outgoing
-sudo ufw allow ssh
-sudo ufw allow http
-sudo ufw allow https
-sudo ufw allow proto tcp from any to any port 4222
-sudo ufw enable && sudo ufw reload
-```
-
-Our domain for this example is tacticalrmm.com
-
-In the DNS manager of wherever our domain is hosted, we will create three A records, all pointing to the public IP address of our VPS
-
-Create A record ```api.tacticalrmm.com``` for the django rest backend\
-Create A record ```rmm.tacticalrmm.com``` for the vue frontend\
-Create A record ```mesh.tacticalrmm.com``` for meshcentral
-
-Download the install script and run it
-
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/install.sh
-chmod +x install.sh
-./install.sh
-```
-
- Links will be provided at the end of the install script.\
- Download the executable from the first link, then open ```rmm.tacticalrmm.com``` and login.\
- Upload the executable when prompted during the initial setup page.
-
-
-### Install an agent
-From the app's dashboard, choose Agents > Install Agent to generate an installer.
-
-## Updating
-Download and run [update.sh](https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh)
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh
-chmod +x update.sh
-./update.sh
-```
-
-## Backup
-Download [backup.sh](https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/backup.sh)
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/backup.sh
-```
-Change the postgres username and password at the top of the file (you can find them in `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` under the DATABASES section)
-
-Run it
-```
-chmod +x backup.sh
-./backup.sh
-```
-
-## Restore
-Change your 3 A records to point to new server's public IP
-
-Create same linux user account as old server and add to sudoers group and setup firewall (see install instructions above)
-
-Copy backup file to new server
-
-Download the restore script, and edit the postgres username/password at the top of the file. Same instructions as above in the backup steps.
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/restore.sh
-```
-
-Run the restore script, passing it the backup tar file as the first argument
-```
-chmod +x restore.sh
-./restore.sh rmm-backup-xxxxxxx.tar
-```
+### Refer to the [documentation](https://wh1te909.github.io/tacticalrmm/)

SECURITY.md

@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.10.4   | :white_check_mark: |
+| < 0.10.4| :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.

api/tacticalrmm/.coveragerc

@@ -21,4 +21,6 @@ omit =
     */tests.py
     */test.py
     checks/utils.py
+    */asgi.py
+    */demo_views.py
     

api/tacticalrmm/accounts/admin.py

@@ -1,8 +1,8 @@
 from django.contrib import admin
-
 from rest_framework.authtoken.admin import TokenAdmin
 
-from .models import User
+from .models import User, Role
 
 admin.site.register(User)
 TokenAdmin.raw_id_fields = ("user",)
+admin.site.register(Role)

api/tacticalrmm/accounts/management/commands/create_installer_user.py

@@ -0,0 +1,19 @@
+import uuid
+
+from django.core.management.base import BaseCommand
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Creates the installer user"
+
+    def handle(self, *args, **kwargs):
+        if User.objects.filter(is_installer_user=True).exists():
+            return
+
+        User.objects.create_user(  # type: ignore
+            username=uuid.uuid4().hex,
+            is_installer_user=True,
+            password=User.objects.make_random_password(60),  # type: ignore
+            block_dashboard_login=True,
+        )

api/tacticalrmm/accounts/management/commands/delete_tokens.py

@@ -1,6 +1,5 @@
-from django.utils import timezone as djangotime
-
 from django.core.management.base import BaseCommand
+from django.utils import timezone as djangotime
 from knox.models import AuthToken
 
 

api/tacticalrmm/accounts/management/commands/generate_barcode.py

@@ -1,11 +1,13 @@
-import pyotp
 import subprocess
+
+import pyotp
 from django.core.management.base import BaseCommand
+
 from accounts.models import User
 
 
 class Command(BaseCommand):
-    help = "Generates barcode for Google Authenticator and creates totp for user"
+    help = "Generates barcode for Authenticator and creates totp for user"
 
     def add_arguments(self, parser):
         parser.add_argument("code", type=str)
@@ -24,12 +26,10 @@ class Command(BaseCommand):
         url = pyotp.totp.TOTP(code).provisioning_uri(username, issuer_name=domain)
         subprocess.run(f'qr "{url}"', shell=True)
         self.stdout.write(
-            self.style.SUCCESS(
-                "Scan the barcode above with your google authenticator app"
-            )
+            self.style.SUCCESS("Scan the barcode above with your authenticator app")
         )
         self.stdout.write(
             self.style.SUCCESS(
-                f"If that doesn't work you may manually enter the key: {code}"
+                f"If that doesn't work you may manually enter the setup key: {code}"
             )
         )

api/tacticalrmm/accounts/management/commands/reset_2fa.py

@@ -0,0 +1,57 @@
+import os
+import subprocess
+
+import pyotp
+from django.core.management.base import BaseCommand
+
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Reset 2fa"
+
+    def add_arguments(self, parser):
+        parser.add_argument("username", type=str)
+
+    def handle(self, *args, **kwargs):
+        username = kwargs["username"]
+        try:
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
+            self.stdout.write(self.style.ERROR(f"User {username} doesn't exist"))
+            return
+
+        domain = "Tactical RMM"
+        nginx = "/etc/nginx/sites-available/frontend.conf"
+        found = None
+        if os.path.exists(nginx):
+            try:
+                with open(nginx, "r") as f:
+                    for line in f:
+                        if "server_name" in line:
+                            found = line
+                            break
+
+                if found:
+                    rep = found.replace("server_name", "").replace(";", "")
+                    domain = "".join(rep.split())
+            except:
+                pass
+
+        code = pyotp.random_base32()
+        user.totp_key = code
+        user.save(update_fields=["totp_key"])
+
+        url = pyotp.totp.TOTP(code).provisioning_uri(username, issuer_name=domain)
+        subprocess.run(f'qr "{url}"', shell=True)
+        self.stdout.write(
+            self.style.WARNING("Scan the barcode above with your authenticator app")
+        )
+        self.stdout.write(
+            self.style.WARNING(
+                f"If that doesn't work you may manually enter the setup key: {code}"
+            )
+        )
+        self.stdout.write(
+            self.style.SUCCESS(f"2fa was successfully reset for user {username}")
+        )

api/tacticalrmm/accounts/management/commands/reset_password.py

@@ -0,0 +1,22 @@
+from django.core.management.base import BaseCommand
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Reset password for user"
+
+    def add_arguments(self, parser):
+        parser.add_argument("username", type=str)
+
+    def handle(self, *args, **kwargs):
+        username = kwargs["username"]
+        try:
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
+            self.stdout.write(self.style.ERROR(f"User {username} doesn't exist"))
+            return
+
+        passwd = input("Enter new password: ")
+        user.set_password(passwd)
+        user.save()
+        self.stdout.write(self.style.SUCCESS(f"Password for {username} was reset!"))

api/tacticalrmm/accounts/migrations/0001_initial.py

@@ -2,8 +2,8 @@
 
 import django.contrib.auth.models
 import django.contrib.auth.validators
-from django.db import migrations, models
 import django.utils.timezone
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/accounts/migrations/0006_user_agent.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.1.2 on 2020-11-10 20:24
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/accounts/migrations/0012_user_agents_per_page.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-02-28 06:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0011_user_default_agent_tbl_tab'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='agents_per_page',
+            field=models.PositiveIntegerField(default=50),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0013_user_client_tree_sort.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-09 02:33
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0012_user_agents_per_page'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='client_tree_sort',
+            field=models.CharField(choices=[('alphafail', 'Move failing clients to the top'), ('alpha', 'Sort alphabetically')], default='alphafail', max_length=50),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0014_user_client_tree_splitter.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2 on 2021-04-11 01:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0013_user_client_tree_sort'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='client_tree_splitter',
+            field=models.PositiveIntegerField(default=11),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0015_user_loading_bar_color.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2 on 2021-04-11 03:03
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0014_user_client_tree_splitter'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='loading_bar_color',
+            field=models.CharField(default='red', max_length=255),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0016_auto_20210507_1526.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.2.1 on 2021-05-07 15:26
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0022_urlaction'),
+        ('accounts', '0015_user_loading_bar_color'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='url_action',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='user', to='core.urlaction'),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='agent_dblclick_action',
+            field=models.CharField(choices=[('editagent', 'Edit Agent'), ('takecontrol', 'Take Control'), ('remotebg', 'Remote Background'), ('urlaction', 'URL Action')], default='editagent', max_length=50),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0017_auto_20210508_1716.py

@@ -0,0 +1,173 @@
+# Generated by Django 3.2.1 on 2021-05-08 17:16
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0016_auto_20210507_1526'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='can_code_sign',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_do_server_maint',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_edit_agent',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_edit_core_settings',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_install_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_accounts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_alerts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_automation_policies',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_clients',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_deployments',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_notes',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_pendingactions',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_procs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_sites',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_software',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_winsvcs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_winupdates',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_reboot_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_bulk',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_send_cmd',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_uninstall_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_update_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_use_mesh',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_auditlogs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_debuglogs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_eventlogs',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0018_auto_20210511_0233.py

@@ -0,0 +1,181 @@
+# Generated by Django 3.2.1 on 2021-05-11 02:33
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0017_auto_20210508_1716'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Role',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, unique=True)),
+                ('is_superuser', models.BooleanField(default=False)),
+                ('can_use_mesh', models.BooleanField(default=False)),
+                ('can_uninstall_agents', models.BooleanField(default=False)),
+                ('can_update_agents', models.BooleanField(default=False)),
+                ('can_edit_agent', models.BooleanField(default=False)),
+                ('can_manage_procs', models.BooleanField(default=False)),
+                ('can_view_eventlogs', models.BooleanField(default=False)),
+                ('can_send_cmd', models.BooleanField(default=False)),
+                ('can_reboot_agents', models.BooleanField(default=False)),
+                ('can_install_agents', models.BooleanField(default=False)),
+                ('can_run_scripts', models.BooleanField(default=False)),
+                ('can_run_bulk', models.BooleanField(default=False)),
+                ('can_manage_notes', models.BooleanField(default=False)),
+                ('can_edit_core_settings', models.BooleanField(default=False)),
+                ('can_do_server_maint', models.BooleanField(default=False)),
+                ('can_code_sign', models.BooleanField(default=False)),
+                ('can_manage_checks', models.BooleanField(default=False)),
+                ('can_run_checks', models.BooleanField(default=False)),
+                ('can_manage_clients', models.BooleanField(default=False)),
+                ('can_manage_sites', models.BooleanField(default=False)),
+                ('can_manage_deployments', models.BooleanField(default=False)),
+                ('can_manage_automation_policies', models.BooleanField(default=False)),
+                ('can_manage_autotasks', models.BooleanField(default=False)),
+                ('can_run_autotasks', models.BooleanField(default=False)),
+                ('can_view_auditlogs', models.BooleanField(default=False)),
+                ('can_manage_pendingactions', models.BooleanField(default=False)),
+                ('can_view_debuglogs', models.BooleanField(default=False)),
+                ('can_manage_scripts', models.BooleanField(default=False)),
+                ('can_manage_alerts', models.BooleanField(default=False)),
+                ('can_manage_winsvcs', models.BooleanField(default=False)),
+                ('can_manage_software', models.BooleanField(default=False)),
+                ('can_manage_winupdates', models.BooleanField(default=False)),
+                ('can_manage_accounts', models.BooleanField(default=False)),
+            ],
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_code_sign',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_do_server_maint',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_edit_agent',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_edit_core_settings',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_install_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_accounts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_alerts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_automation_policies',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_autotasks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_checks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_clients',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_deployments',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_notes',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_pendingactions',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_procs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_scripts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_sites',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_software',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_winsvcs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_winupdates',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_reboot_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_autotasks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_bulk',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_checks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_scripts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_send_cmd',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_uninstall_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_update_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_use_mesh',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_auditlogs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_debuglogs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_eventlogs',
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0019_user_role.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.2.1 on 2021-05-11 02:33
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0018_auto_20210511_0233"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="role",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="roles",
+                to="accounts.role",
+            ),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0020_role_can_manage_roles.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.1 on 2021-05-11 17:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0019_user_role'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_roles',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0021_role_can_view_core_settings.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-17 04:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0020_role_can_manage_roles'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_view_core_settings',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0022_user_clear_search_when_switching.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-28 05:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0021_role_can_view_core_settings'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='clear_search_when_switching',
+            field=models.BooleanField(default=True),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0023_user_is_installer_user.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-30 03:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0022_user_clear_search_when_switching'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='is_installer_user',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0024_user_last_login_ip.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.1 on 2021-07-20 20:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0023_user_is_installer_user'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='last_login_ip',
+            field=models.GenericIPAddressField(blank=True, default=None, null=True),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0025_auto_20210721_0424.py

@@ -0,0 +1,33 @@
+# Generated by Django 3.2.1 on 2021-07-21 04:24
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0024_user_last_login_ip'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='created_time',
+            field=models.DateTimeField(auto_now_add=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='modified_time',
+            field=models.DateTimeField(auto_now=True, null=True),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0026_auto_20210901_1247.py

@@ -0,0 +1,34 @@
+# Generated by Django 3.2.6 on 2021-09-01 12:47
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0025_auto_20210721_0424'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='APIKey',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created_by', models.CharField(blank=True, max_length=100, null=True)),
+                ('created_time', models.DateTimeField(auto_now_add=True, null=True)),
+                ('modified_by', models.CharField(blank=True, max_length=100, null=True)),
+                ('modified_time', models.DateTimeField(auto_now=True, null=True)),
+                ('name', models.CharField(max_length=25, unique=True)),
+                ('key', models.CharField(blank=True, max_length=48, unique=True)),
+                ('expiration', models.DateTimeField(blank=True, default=None, null=True)),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_api_keys',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0027_auto_20210903_0054.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.2.6 on 2021-09-03 00:54
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0026_auto_20210901_1247'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='apikey',
+            name='user',
+            field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.CASCADE, related_name='api_key', to='accounts.user'),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='block_dashboard_login',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0028_auto_20211010_0249.py

@@ -0,0 +1,150 @@
+# Generated by Django 3.2.6 on 2021-10-10 02:49
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('clients', '0018_auto_20211010_0249'),
+        ('accounts', '0027_auto_20210903_0054'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_list_accounts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_agent_history',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_alerts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_api_keys',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_automation_policies',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_clients',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_deployments',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_notes',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_pendingactions',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_roles',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_sites',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_software',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_ping_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_recover_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_view_clients',
+            field=models.ManyToManyField(blank=True, related_name='role_clients', to='clients.Client'),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_view_sites',
+            field=models.ManyToManyField(blank=True, related_name='role_sites', to='clients.Site'),
+        ),
+        migrations.AlterField(
+            model_name='apikey',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='apikey',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='role',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='role',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='role',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='users', to='accounts.role'),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0029_auto_20211022_2245.py

@@ -0,0 +1,28 @@
+# Generated by Django 3.2.6 on 2021-10-22 22:45
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0028_auto_20211010_0249'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_list_alerttemplates',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_alerttemplates',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_run_urlactions',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0030_auto_20211104_0221.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.6 on 2021-11-04 02:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0029_auto_20211022_2245'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_customfields',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_view_customfields',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/models.py

@@ -1,5 +1,6 @@
-from django.db import models
 from django.contrib.auth.models import AbstractUser
+from django.db import models
+from django.db.models.fields import CharField, DateTimeField
 
 from logs.models import BaseAuditModel
 
@@ -7,6 +8,7 @@ AGENT_DBLCLICK_CHOICES = [
     ("editagent", "Edit Agent"),
     ("takecontrol", "Take Control"),
     ("remotebg", "Remote Background"),
+    ("urlaction", "URL Action"),
 ]
 
 AGENT_TBL_TAB_CHOICES = [
@@ -15,18 +17,40 @@ AGENT_TBL_TAB_CHOICES = [
     ("mixed", "Mixed"),
 ]
 
+CLIENT_TREE_SORT_CHOICES = [
+    ("alphafail", "Move failing clients to the top"),
+    ("alpha", "Sort alphabetically"),
+]
+
 
 class User(AbstractUser, BaseAuditModel):
     is_active = models.BooleanField(default=True)
+    block_dashboard_login = models.BooleanField(default=False)
     totp_key = models.CharField(max_length=50, null=True, blank=True)
     dark_mode = models.BooleanField(default=True)
     show_community_scripts = models.BooleanField(default=True)
     agent_dblclick_action = models.CharField(
         max_length=50, choices=AGENT_DBLCLICK_CHOICES, default="editagent"
     )
+    url_action = models.ForeignKey(
+        "core.URLAction",
+        related_name="user",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+    )
     default_agent_tbl_tab = models.CharField(
         max_length=50, choices=AGENT_TBL_TAB_CHOICES, default="server"
     )
+    agents_per_page = models.PositiveIntegerField(default=50)  # not currently used
+    client_tree_sort = models.CharField(
+        max_length=50, choices=CLIENT_TREE_SORT_CHOICES, default="alphafail"
+    )
+    client_tree_splitter = models.PositiveIntegerField(default=11)
+    loading_bar_color = models.CharField(max_length=255, default="red")
+    clear_search_when_switching = models.BooleanField(default=True)
+    is_installer_user = models.BooleanField(default=False)
+    last_login_ip = models.GenericIPAddressField(default=None, blank=True, null=True)
 
     agent = models.OneToOneField(
         "agents.Agent",
@@ -36,9 +60,141 @@ class User(AbstractUser, BaseAuditModel):
         on_delete=models.CASCADE,
     )
 
+    role = models.ForeignKey(
+        "accounts.Role",
+        null=True,
+        blank=True,
+        related_name="users",
+        on_delete=models.SET_NULL,
+    )
+
     @staticmethod
     def serialize(user):
         # serializes the task and returns json
         from .serializers import UserSerializer
 
         return UserSerializer(user).data
+
+
+class Role(BaseAuditModel):
+    name = models.CharField(max_length=255, unique=True)
+    is_superuser = models.BooleanField(default=False)
+
+    # agents
+    can_list_agents = models.BooleanField(default=False)
+    can_ping_agents = models.BooleanField(default=False)
+    can_use_mesh = models.BooleanField(default=False)
+    can_uninstall_agents = models.BooleanField(default=False)
+    can_update_agents = models.BooleanField(default=False)
+    can_edit_agent = models.BooleanField(default=False)
+    can_manage_procs = models.BooleanField(default=False)
+    can_view_eventlogs = models.BooleanField(default=False)
+    can_send_cmd = models.BooleanField(default=False)
+    can_reboot_agents = models.BooleanField(default=False)
+    can_install_agents = models.BooleanField(default=False)
+    can_run_scripts = models.BooleanField(default=False)
+    can_run_bulk = models.BooleanField(default=False)
+    can_recover_agents = models.BooleanField(default=False)
+    can_list_agent_history = models.BooleanField(default=False)
+
+    # core
+    can_list_notes = models.BooleanField(default=False)
+    can_manage_notes = models.BooleanField(default=False)
+    can_view_core_settings = models.BooleanField(default=False)
+    can_edit_core_settings = models.BooleanField(default=False)
+    can_do_server_maint = models.BooleanField(default=False)
+    can_code_sign = models.BooleanField(default=False)
+    can_run_urlactions = models.BooleanField(default=False)
+    can_view_customfields = models.BooleanField(default=False)
+    can_manage_customfields = models.BooleanField(default=False)
+
+    # checks
+    can_list_checks = models.BooleanField(default=False)
+    can_manage_checks = models.BooleanField(default=False)
+    can_run_checks = models.BooleanField(default=False)
+
+    # clients
+    can_list_clients = models.BooleanField(default=False)
+    can_manage_clients = models.BooleanField(default=False)
+    can_list_sites = models.BooleanField(default=False)
+    can_manage_sites = models.BooleanField(default=False)
+    can_list_deployments = models.BooleanField(default=False)
+    can_manage_deployments = models.BooleanField(default=False)
+    can_view_clients = models.ManyToManyField(
+        "clients.Client", related_name="role_clients", blank=True
+    )
+    can_view_sites = models.ManyToManyField(
+        "clients.Site", related_name="role_sites", blank=True
+    )
+
+    # automation
+    can_list_automation_policies = models.BooleanField(default=False)
+    can_manage_automation_policies = models.BooleanField(default=False)
+
+    # automated tasks
+    can_list_autotasks = models.BooleanField(default=False)
+    can_manage_autotasks = models.BooleanField(default=False)
+    can_run_autotasks = models.BooleanField(default=False)
+
+    # logs
+    can_view_auditlogs = models.BooleanField(default=False)
+    can_list_pendingactions = models.BooleanField(default=False)
+    can_manage_pendingactions = models.BooleanField(default=False)
+    can_view_debuglogs = models.BooleanField(default=False)
+
+    # scripts
+    can_list_scripts = models.BooleanField(default=False)
+    can_manage_scripts = models.BooleanField(default=False)
+
+    # alerts
+    can_list_alerts = models.BooleanField(default=False)
+    can_manage_alerts = models.BooleanField(default=False)
+    can_list_alerttemplates = models.BooleanField(default=False)
+    can_manage_alerttemplates = models.BooleanField(default=False)
+
+    # win services
+    can_manage_winsvcs = models.BooleanField(default=False)
+
+    # software
+    can_list_software = models.BooleanField(default=False)
+    can_manage_software = models.BooleanField(default=False)
+
+    # windows updates
+    can_manage_winupdates = models.BooleanField(default=False)
+
+    # accounts
+    can_list_accounts = models.BooleanField(default=False)
+    can_manage_accounts = models.BooleanField(default=False)
+    can_list_roles = models.BooleanField(default=False)
+    can_manage_roles = models.BooleanField(default=False)
+
+    # authentication
+    can_list_api_keys = models.BooleanField(default=False)
+    can_manage_api_keys = models.BooleanField(default=False)
+
+    def __str__(self):
+        return self.name
+
+    @staticmethod
+    def serialize(role):
+        # serializes the agent and returns json
+        from .serializers import RoleAuditSerializer
+
+        return RoleAuditSerializer(role).data
+
+
+class APIKey(BaseAuditModel):
+    name = CharField(unique=True, max_length=25)
+    key = CharField(unique=True, blank=True, max_length=48)
+    expiration = DateTimeField(blank=True, null=True, default=None)
+    user = models.ForeignKey(
+        "accounts.User",
+        related_name="api_key",
+        on_delete=models.CASCADE,
+    )
+
+    @staticmethod
+    def serialize(apikey):
+        from .serializers import APIKeyAuditSerializer
+
+        return APIKeyAuditSerializer(apikey).data

api/tacticalrmm/accounts/permissions.py

@@ -0,0 +1,43 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class AccountsPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return _has_perm(r, "can_list_accounts")
+        else:
+
+            # allow users to reset their own password/2fa see issue #686
+            base_path = "/accounts/users/"
+            paths = ["reset/", "reset_totp/"]
+
+            if r.path in [base_path + i for i in paths]:
+                from accounts.models import User
+
+                try:
+                    user = User.objects.get(pk=r.data["id"])
+                except User.DoesNotExist:
+                    pass
+                else:
+                    if user == r.user:
+                        return True
+
+            return _has_perm(r, "can_manage_accounts")
+
+
+class RolesPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return _has_perm(r, "can_list_roles")
+        else:
+            return _has_perm(r, "can_manage_roles")
+
+
+class APIKeyPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return _has_perm(r, "can_list_api_keys")
+
+        return _has_perm(r, "can_manage_api_keys")

api/tacticalrmm/accounts/serializers.py

@@ -1,17 +1,34 @@
 import pyotp
-
 from rest_framework.serializers import (
     ModelSerializer,
     SerializerMethodField,
+    ReadOnlyField,
 )
 
-from .models import User
+from .models import APIKey, User, Role
+
+
+class UserUISerializer(ModelSerializer):
+    class Meta:
+        model = User
+        fields = [
+            "dark_mode",
+            "show_community_scripts",
+            "agent_dblclick_action",
+            "url_action",
+            "default_agent_tbl_tab",
+            "client_tree_sort",
+            "client_tree_splitter",
+            "loading_bar_color",
+            "clear_search_when_switching",
+            "block_dashboard_login",
+        ]
 
 
 class UserSerializer(ModelSerializer):
     class Meta:
         model = User
-        fields = (
+        fields = [
             "id",
             "username",
             "first_name",
@@ -19,7 +36,10 @@ class UserSerializer(ModelSerializer):
             "email",
             "is_active",
             "last_login",
-        )
+            "last_login_ip",
+            "role",
+            "block_dashboard_login",
+        ]
 
 
 class TOTPSetupSerializer(ModelSerializer):
@@ -38,3 +58,41 @@ class TOTPSetupSerializer(ModelSerializer):
         return pyotp.totp.TOTP(obj.totp_key).provisioning_uri(
             obj.username, issuer_name="Tactical RMM"
         )
+
+
+class RoleSerializer(ModelSerializer):
+    user_count = SerializerMethodField()
+
+    class Meta:
+        model = Role
+        fields = "__all__"
+
+    def get_user_count(self, obj):
+        return obj.users.count()
+
+
+class RoleAuditSerializer(ModelSerializer):
+    class Meta:
+        model = Role
+        fields = "__all__"
+
+
+class APIKeySerializer(ModelSerializer):
+
+    username = ReadOnlyField(source="user.username")
+
+    class Meta:
+        model = APIKey
+        fields = "__all__"
+
+
+class APIKeyAuditSerializer(ModelSerializer):
+    username = ReadOnlyField(source="user.username")
+
+    class Meta:
+        model = APIKey
+        fields = [
+            "name",
+            "username",
+            "expiration",
+        ]

api/tacticalrmm/accounts/tests.py

@@ -1,8 +1,11 @@
 from unittest.mock import patch
-from django.test import override_settings
 
+from django.test import override_settings
+from model_bakery import baker, seq
+from accounts.models import User, APIKey
 from tacticalrmm.test import TacticalTestCase
-from accounts.models import User
+
+from accounts.serializers import APIKeySerializer
 
 
 class TestAccounts(TacticalTestCase):
@@ -24,12 +27,12 @@ class TestAccounts(TacticalTestCase):
         data = {"username": "bob", "password": "a3asdsa2314"}
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 400)
-        self.assertEqual(r.data, "bad credentials")
+        self.assertEqual(r.data, "Bad credentials")
 
         data = {"username": "billy", "password": "hunter2"}
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 400)
-        self.assertEqual(r.data, "bad credentials")
+        self.assertEqual(r.data, "Bad credentials")
 
         self.bob.totp_key = "AB5RI6YPFTZAS52G"
         self.bob.save()
@@ -38,6 +41,12 @@ class TestAccounts(TacticalTestCase):
         self.assertEqual(r.status_code, 200)
         self.assertEqual(r.data, "ok")
 
+        # test user set to block dashboard logins
+        self.bob.block_dashboard_login = True
+        self.bob.save()
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 400)
+
     @patch("pyotp.TOTP.verify")
     def test_login_view(self, mock_verify):
         url = "/login/"
@@ -52,7 +61,7 @@ class TestAccounts(TacticalTestCase):
         mock_verify.return_value = False
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 400)
-        self.assertEqual(r.data, "bad credentials")
+        self.assertEqual(r.data, "Bad credentials")
 
         mock_verify.return_value = True
         data = {"username": "bob", "password": "asd234234asd", "twofactor": "123456"}
@@ -270,29 +279,85 @@ class TestUserAction(TacticalTestCase):
 
     def test_user_ui(self):
         url = "/accounts/users/ui/"
-        data = {"dark_mode": False}
-        r = self.client.patch(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
 
-        data = {"show_community_scripts": True}
-        r = self.client.patch(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        data = {"agent_dblclick_action": "editagent"}
-        r = self.client.patch(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        data = {"agent_dblclick_action": "remotebg"}
-        r = self.client.patch(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        data = {"agent_dblclick_action": "takecontrol"}
+        data = {
+            "dark_mode": True,
+            "show_community_scripts": True,
+            "agent_dblclick_action": "editagent",
+            "default_agent_tbl_tab": "mixed",
+            "client_tree_sort": "alpha",
+            "client_tree_splitter": 14,
+            "loading_bar_color": "green",
+            "clear_search_when_switching": False,
+        }
         r = self.client.patch(url, data, format="json")
         self.assertEqual(r.status_code, 200)
 
         self.check_not_authenticated("patch", url)
 
 
+class TestAPIKeyViews(TacticalTestCase):
+    def setUp(self):
+        self.setup_coresettings()
+        self.authenticate()
+
+    def test_get_api_keys(self):
+        url = "/accounts/apikeys/"
+        apikeys = baker.make("accounts.APIKey", key=seq("APIKEY"), _quantity=3)
+
+        serializer = APIKeySerializer(apikeys, many=True)
+        resp = self.client.get(url, format="json")
+        self.assertEqual(resp.status_code, 200)
+        self.assertEqual(serializer.data, resp.data)  # type: ignore
+
+        self.check_not_authenticated("get", url)
+
+    def test_add_api_keys(self):
+        url = "/accounts/apikeys/"
+
+        user = baker.make("accounts.User")
+        data = {"name": "Name", "user": user.id, "expiration": None}
+
+        resp = self.client.post(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        self.assertTrue(APIKey.objects.filter(name="Name").exists())
+        self.assertTrue(APIKey.objects.get(name="Name").key)
+
+        self.check_not_authenticated("post", url)
+
+    def test_modify_api_key(self):
+        # test a call where api key doesn't exist
+        resp = self.client.put("/accounts/apikeys/500/", format="json")
+        self.assertEqual(resp.status_code, 404)
+
+        apikey = baker.make("accounts.APIKey", name="Test")
+        url = f"/accounts/apikeys/{apikey.pk}/"  # type: ignore
+
+        data = {"name": "New Name"}  # type: ignore
+
+        resp = self.client.put(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        apikey = APIKey.objects.get(pk=apikey.pk)  # type: ignore
+        self.assertEquals(apikey.name, "New Name")
+
+        self.check_not_authenticated("put", url)
+
+    def test_delete_api_key(self):
+        # test a call where api key doesn't exist
+        resp = self.client.delete("/accounts/apikeys/500/", format="json")
+        self.assertEqual(resp.status_code, 404)
+
+        # test delete api key
+        apikey = baker.make("accounts.APIKey")
+        url = f"/accounts/apikeys/{apikey.pk}/"  # type: ignore
+        resp = self.client.delete(url, format="json")
+        self.assertEqual(resp.status_code, 200)
+
+        self.assertFalse(APIKey.objects.filter(pk=apikey.pk).exists())  # type: ignore
+
+        self.check_not_authenticated("delete", url)
+
+
 class TestTOTPSetup(TacticalTestCase):
     def setUp(self):
         self.authenticate()
@@ -318,3 +383,29 @@ class TestTOTPSetup(TacticalTestCase):
         r = self.client.post(url)
         self.assertEqual(r.status_code, 200)
         self.assertEqual(r.data, "totp token already set")
+
+
+class TestAPIAuthentication(TacticalTestCase):
+    def setUp(self):
+        # create User and associate to API Key
+        self.user = User.objects.create(username="api_user", is_superuser=True)
+        self.api_key = APIKey.objects.create(
+            name="Test Token", key="123456", user=self.user
+        )
+
+        self.client_setup()
+
+    def test_api_auth(self):
+        url = "/clients/"
+        # auth should fail if no header set
+        self.check_not_authenticated("get", url)
+
+        # invalid api key in header should return code 400
+        self.client.credentials(HTTP_X_API_KEY="000000")
+        r = self.client.get(url, format="json")
+        self.assertEqual(r.status_code, 401)
+
+        # valid api key in header should return code 200
+        self.client.credentials(HTTP_X_API_KEY="123456")
+        r = self.client.get(url, format="json")
+        self.assertEqual(r.status_code, 200)

api/tacticalrmm/accounts/urls.py

@@ -1,4 +1,5 @@
 from django.urls import path
+
 from . import views
 
 urlpatterns = [
@@ -8,4 +9,8 @@ urlpatterns = [
     path("users/reset_totp/", views.UserActions.as_view()),
     path("users/setup_totp/", views.TOTPSetup.as_view()),
     path("users/ui/", views.UserUI.as_view()),
+    path("roles/", views.GetAddRoles.as_view()),
+    path("roles/<int:pk>/", views.GetUpdateDeleteRole.as_view()),
+    path("apikeys/", views.GetAddAPIKeys.as_view()),
+    path("apikeys/<int:pk>/", views.GetUpdateDeleteAPIKey.as_view()),
 ]

api/tacticalrmm/accounts/views.py

@@ -1,23 +1,38 @@
 import pyotp
-
-from django.contrib.auth import login
 from django.conf import settings
-from django.shortcuts import get_object_or_404
+from django.contrib.auth import login
 from django.db import IntegrityError
-
-from rest_framework.views import APIView
-from rest_framework.authtoken.serializers import AuthTokenSerializer
+from django.shortcuts import get_object_or_404
+from ipware import get_client_ip
 from knox.views import LoginView as KnoxLoginView
-from rest_framework.permissions import AllowAny
-from rest_framework.response import Response
-from rest_framework import status
-
-from .models import User
-from agents.models import Agent
 from logs.models import AuditLog
+from rest_framework.authtoken.serializers import AuthTokenSerializer
+from rest_framework.permissions import AllowAny, IsAuthenticated
+from rest_framework.response import Response
+from rest_framework.views import APIView
 from tacticalrmm.utils import notify_error
 
-from .serializers import UserSerializer, TOTPSetupSerializer
+from .models import APIKey, Role, User
+from .permissions import APIKeyPerms, AccountsPerms, RolesPerms
+from .serializers import (
+    APIKeySerializer,
+    RoleSerializer,
+    TOTPSetupSerializer,
+    UserSerializer,
+    UserUISerializer,
+)
+
+
+def _is_root_user(request, user) -> bool:
+    root = (
+        hasattr(settings, "ROOT_USER")
+        and request.user != user
+        and user.username == settings.ROOT_USER
+    )
+    demo = (
+        getattr(settings, "DEMO", False) and request.user.username == settings.ROOT_USER
+    )
+    return root or demo
 
 
 class CheckCreds(KnoxLoginView):
@@ -29,11 +44,16 @@ class CheckCreds(KnoxLoginView):
         # check credentials
         serializer = AuthTokenSerializer(data=request.data)
         if not serializer.is_valid():
-            AuditLog.audit_user_failed_login(request.data["username"])
-            return Response("bad credentials", status=status.HTTP_400_BAD_REQUEST)
+            AuditLog.audit_user_failed_login(
+                request.data["username"], debug_info={"ip": request._client_ip}
+            )
+            return notify_error("Bad credentials")
 
         user = serializer.validated_data["user"]
 
+        if user.block_dashboard_login:
+            return notify_error("Bad credentials")
+
         # if totp token not set modify response to notify frontend
         if not user.totp_key:
             login(request, user)
@@ -55,33 +75,57 @@ class LoginView(KnoxLoginView):
         serializer.is_valid(raise_exception=True)
         user = serializer.validated_data["user"]
 
+        if user.block_dashboard_login:
+            return notify_error("Bad credentials")
+
         token = request.data["twofactor"]
         totp = pyotp.TOTP(user.totp_key)
 
         if settings.DEBUG and token == "sekret":
             valid = True
+        elif getattr(settings, "DEMO", False):
+            valid = True
         elif totp.verify(token, valid_window=10):
             valid = True
 
         if valid:
             login(request, user)
-            AuditLog.audit_user_login_successful(request.data["username"])
+
+            # save ip information
+            client_ip, is_routable = get_client_ip(request)
+            user.last_login_ip = client_ip
+            user.save()
+
+            AuditLog.audit_user_login_successful(
+                request.data["username"], debug_info={"ip": request._client_ip}
+            )
             return super(LoginView, self).post(request, format=None)
         else:
-            AuditLog.audit_user_failed_twofactor(request.data["username"])
-            return Response("bad credentials", status=status.HTTP_400_BAD_REQUEST)
+            AuditLog.audit_user_failed_twofactor(
+                request.data["username"], debug_info={"ip": request._client_ip}
+            )
+            return notify_error("Bad credentials")
 
 
 class GetAddUsers(APIView):
+    permission_classes = [IsAuthenticated, AccountsPerms]
+
     def get(self, request):
-        users = User.objects.filter(agent=None)
+        search = request.GET.get("search", None)
+
+        if search:
+            users = User.objects.filter(agent=None, is_installer_user=False).filter(
+                username__icontains=search
+            )
+        else:
+            users = User.objects.filter(agent=None, is_installer_user=False)
 
         return Response(UserSerializer(users, many=True).data)
 
     def post(self, request):
         # add new user
         try:
-            user = User.objects.create_user(
+            user = User.objects.create_user(  # type: ignore
                 request.data["username"],
                 request.data["email"],
                 request.data["password"],
@@ -91,15 +135,21 @@ class GetAddUsers(APIView):
                 f"ERROR: User {request.data['username']} already exists!"
             )
 
-        user.first_name = request.data["first_name"]
-        user.last_name = request.data["last_name"]
-        # Can be changed once permissions and groups are introduced
-        user.is_superuser = True
+        if "first_name" in request.data.keys():
+            user.first_name = request.data["first_name"]
+        if "last_name" in request.data.keys():
+            user.last_name = request.data["last_name"]
+        if "role" in request.data.keys() and isinstance(request.data["role"], int):
+            role = get_object_or_404(Role, pk=request.data["role"])
+            user.role = role
+
         user.save()
         return Response(user.username)
 
 
 class GetUpdateDeleteUser(APIView):
+    permission_classes = [IsAuthenticated, AccountsPerms]
+
     def get(self, request, pk):
         user = get_object_or_404(User, pk=pk)
 
@@ -108,11 +158,7 @@ class GetUpdateDeleteUser(APIView):
     def put(self, request, pk):
         user = get_object_or_404(User, pk=pk)
 
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be modified from the UI")
 
         serializer = UserSerializer(instance=user, data=request.data, partial=True)
@@ -123,11 +169,7 @@ class GetUpdateDeleteUser(APIView):
 
     def delete(self, request, pk):
         user = get_object_or_404(User, pk=pk)
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be deleted from the UI")
 
         user.delete()
@@ -136,15 +178,11 @@ class GetUpdateDeleteUser(APIView):
 
 
 class UserActions(APIView):
-
+    permission_classes = [IsAuthenticated, AccountsPerms]
     # reset password
     def post(self, request):
         user = get_object_or_404(User, pk=request.data["id"])
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be modified from the UI")
 
         user.set_password(request.data["password"])
@@ -155,11 +193,7 @@ class UserActions(APIView):
     # reset two factor token
     def put(self, request):
         user = get_object_or_404(User, pk=request.data["id"])
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be modified from the UI")
 
         user.totp_key = ""
@@ -187,19 +221,82 @@ class TOTPSetup(APIView):
 
 class UserUI(APIView):
     def patch(self, request):
-        user = request.user
-
-        if "dark_mode" in request.data.keys():
-            user.dark_mode = request.data["dark_mode"]
-            user.save(update_fields=["dark_mode"])
-
-        if "show_community_scripts" in request.data.keys():
-            user.show_community_scripts = request.data["show_community_scripts"]
-            user.save(update_fields=["show_community_scripts"])
-
-        if "userui" in request.data.keys():
-            user.agent_dblclick_action = request.data["agent_dblclick_action"]
-            user.default_agent_tbl_tab = request.data["default_agent_tbl_tab"]
-            user.save(update_fields=["agent_dblclick_action", "default_agent_tbl_tab"])
-
+        serializer = UserUISerializer(
+            instance=request.user, data=request.data, partial=True
+        )
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
         return Response("ok")
+
+
+class GetAddRoles(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
+    def get(self, request):
+        roles = Role.objects.all()
+        return Response(RoleSerializer(roles, many=True).data)
+
+    def post(self, request):
+        serializer = RoleSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("Role was added")
+
+
+class GetUpdateDeleteRole(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
+    def get(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        return Response(RoleSerializer(role).data)
+
+    def put(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        serializer = RoleSerializer(instance=role, data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("Role was edited")
+
+    def delete(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        role.delete()
+        return Response("Role was removed")
+
+
+class GetAddAPIKeys(APIView):
+    permission_classes = [IsAuthenticated, APIKeyPerms]
+
+    def get(self, request):
+        apikeys = APIKey.objects.all()
+        return Response(APIKeySerializer(apikeys, many=True).data)
+
+    def post(self, request):
+        # generate a random API Key
+        from django.utils.crypto import get_random_string
+
+        request.data["key"] = get_random_string(length=32).upper()
+        serializer = APIKeySerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        obj = serializer.save()
+        return Response("The API Key was added")
+
+
+class GetUpdateDeleteAPIKey(APIView):
+    permission_classes = [IsAuthenticated, APIKeyPerms]
+
+    def put(self, request, pk):
+        apikey = get_object_or_404(APIKey, pk=pk)
+
+        # remove API key is present in request data
+        if "key" in request.data.keys():
+            request.data.pop("key")
+
+        serializer = APIKeySerializer(instance=apikey, data=request.data, partial=True)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("The API Key was edited")
+
+    def delete(self, request, pk):
+        apikey = get_object_or_404(APIKey, pk=pk)
+        apikey.delete()
+        return Response("The API Key was deleted")

api/tacticalrmm/agents/admin.py

@@ -1,8 +1,9 @@
 from django.contrib import admin
 
-from .models import Agent, AgentOutage, RecoveryAction, Note
+from .models import Agent, AgentCustomField, Note, RecoveryAction, AgentHistory
 
 admin.site.register(Agent)
-admin.site.register(AgentOutage)
 admin.site.register(RecoveryAction)
 admin.site.register(Note)
+admin.site.register(AgentCustomField)
+admin.site.register(AgentHistory)

api/tacticalrmm/agents/baker_recipes.py

@@ -1,14 +1,12 @@
+import json
+import os
 import random
 import string
-import os
-import json
-
-from model_bakery.recipe import Recipe, seq
 from itertools import cycle
-from django.utils import timezone as djangotime
-from django.conf import settings
 
-from .models import Agent
+from django.conf import settings
+from django.utils import timezone as djangotime
+from model_bakery.recipe import Recipe, foreign_key, seq
 
 
 def generate_agent_id(hostname):
@@ -16,6 +14,9 @@ def generate_agent_id(hostname):
     return f"{rand}-{hostname}"
 
 
+site = Recipe("clients.Site")
+
+
 def get_wmi_data():
     with open(
         os.path.join(settings.BASE_DIR, "tacticalrmm/test_data/wmi_python_agent.json")
@@ -24,12 +25,13 @@ def get_wmi_data():
 
 
 agent = Recipe(
-    Agent,
+    "agents.Agent",
+    site=foreign_key(site),
     hostname="DESKTOP-TEST123",
     version="1.3.0",
     monitoring_type=cycle(["workstation", "server"]),
-    salt_id=generate_agent_id("DESKTOP-TEST123"),
-    agent_id="71AHC-AA813-HH1BC-AAHH5-00013|DESKTOP-TEST123",
+    agent_id=seq(generate_agent_id("DESKTOP-TEST123")),
+    last_seen=djangotime.now() - djangotime.timedelta(days=5),
 )
 
 server_agent = agent.extend(
@@ -42,8 +44,12 @@ workstation_agent = agent.extend(
 
 online_agent = agent.extend(last_seen=djangotime.now())
 
+offline_agent = agent.extend(
+    last_seen=djangotime.now() - djangotime.timedelta(minutes=7)
+)
+
 overdue_agent = agent.extend(
-    last_seen=djangotime.now() - djangotime.timedelta(minutes=6)
+    last_seen=djangotime.now() - djangotime.timedelta(minutes=35)
 )
 
 agent_with_services = agent.extend(

api/tacticalrmm/agents/management/commands/bulk_change_checkin.py

@@ -0,0 +1,93 @@
+from django.core.management.base import BaseCommand
+
+from agents.models import Agent
+from clients.models import Client, Site
+
+
+class Command(BaseCommand):
+    help = "Bulk update agent offline/overdue time"
+
+    def add_arguments(self, parser):
+        parser.add_argument("time", type=int, help="Time in minutes")
+        parser.add_argument(
+            "--client",
+            type=str,
+            help="Client Name",
+        )
+        parser.add_argument(
+            "--site",
+            type=str,
+            help="Site Name",
+        )
+        parser.add_argument(
+            "--offline",
+            action="store_true",
+            help="Offline",
+        )
+        parser.add_argument(
+            "--overdue",
+            action="store_true",
+            help="Overdue",
+        )
+        parser.add_argument(
+            "--all",
+            action="store_true",
+            help="All agents",
+        )
+
+    def handle(self, *args, **kwargs):
+        time = kwargs["time"]
+        client_name = kwargs["client"]
+        site_name = kwargs["site"]
+        all_agents = kwargs["all"]
+        offline = kwargs["offline"]
+        overdue = kwargs["overdue"]
+        agents = None
+
+        if offline and time < 2:
+            self.stdout.write(self.style.ERROR("Minimum offline time is 2 minutes"))
+            return
+
+        if overdue and time < 3:
+            self.stdout.write(self.style.ERROR("Minimum overdue time is 3 minutes"))
+            return
+
+        if client_name:
+            try:
+                client = Client.objects.get(name=client_name)
+            except Client.DoesNotExist:
+                self.stdout.write(
+                    self.style.ERROR(f"Client {client_name} doesn't exist")
+                )
+                return
+
+            agents = Agent.objects.filter(site__client=client)
+
+        elif site_name:
+            try:
+                site = Site.objects.get(name=site_name)
+            except Site.DoesNotExist:
+                self.stdout.write(self.style.ERROR(f"Site {site_name} doesn't exist"))
+                return
+
+            agents = Agent.objects.filter(site=site)
+
+        elif all_agents:
+            agents = Agent.objects.all()
+
+        if agents:
+            if offline:
+                agents.update(offline_time=time)
+                self.stdout.write(
+                    self.style.SUCCESS(
+                        f"Changed offline time on {len(agents)} agents to {time} minutes"
+                    )
+                )
+
+            if overdue:
+                agents.update(overdue_time=time)
+                self.stdout.write(
+                    self.style.SUCCESS(
+                        f"Changed overdue time on {len(agents)} agents to {time} minutes"
+                    )
+                )

api/tacticalrmm/agents/management/commands/bulk_delete_agents.py

@@ -0,0 +1,81 @@
+import asyncio
+
+from django.core.management.base import BaseCommand
+from django.utils import timezone as djangotime
+from packaging import version as pyver
+
+from agents.models import Agent
+from tacticalrmm.utils import AGENT_DEFER, reload_nats
+
+
+class Command(BaseCommand):
+    help = "Delete old agents"
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--days",
+            type=int,
+            help="Delete agents that have not checked in for this many days",
+        )
+        parser.add_argument(
+            "--agentver",
+            type=str,
+            help="Delete agents that equal to or less than this version",
+        )
+        parser.add_argument(
+            "--delete",
+            action="store_true",
+            help="This will delete agents",
+        )
+
+    def handle(self, *args, **kwargs):
+        days = kwargs["days"]
+        agentver = kwargs["agentver"]
+        delete = kwargs["delete"]
+
+        if not days and not agentver:
+            self.stdout.write(
+                self.style.ERROR("Must have at least one parameter: days or agentver")
+            )
+            return
+
+        q = Agent.objects.defer(*AGENT_DEFER)
+
+        agents = []
+        if days:
+            overdue = djangotime.now() - djangotime.timedelta(days=days)
+            agents = [i for i in q if i.last_seen < overdue]
+
+        if agentver:
+            agents = [i for i in q if pyver.parse(i.version) <= pyver.parse(agentver)]
+
+        if not agents:
+            self.stdout.write(self.style.ERROR("No agents matched"))
+            return
+
+        deleted_count = 0
+        for agent in agents:
+            s = f"{agent.hostname} | Version {agent.version} | Last Seen {agent.last_seen} | {agent.client} > {agent.site}"
+            if delete:
+                s = "Deleting " + s
+                self.stdout.write(self.style.SUCCESS(s))
+                asyncio.run(agent.nats_cmd({"func": "uninstall"}, wait=False))
+                try:
+                    agent.delete()
+                except Exception as e:
+                    err = f"Failed to delete agent {agent.hostname}: {str(e)}"
+                    self.stdout.write(self.style.ERROR(err))
+                else:
+                    deleted_count += 1
+            else:
+                self.stdout.write(self.style.WARNING(s))
+
+        if delete:
+            reload_nats()
+            self.stdout.write(self.style.SUCCESS(f"Deleted {deleted_count} agents"))
+        else:
+            self.stdout.write(
+                self.style.SUCCESS(
+                    "The above agents would be deleted. Run again with --delete to actually delete them."
+                )
+            )

api/tacticalrmm/agents/management/commands/demo_cron.py

@@ -0,0 +1,36 @@
+# import datetime as dt
+import random
+
+from django.core.management.base import BaseCommand
+from django.utils import timezone as djangotime
+from agents.models import Agent
+
+
+class Command(BaseCommand):
+    help = "stuff for demo site in cron"
+
+    def handle(self, *args, **kwargs):
+
+        random_dates = []
+        now = djangotime.now()
+
+        for _ in range(20):
+            rand = now - djangotime.timedelta(minutes=random.randint(1, 2))
+            random_dates.append(rand)
+
+        for _ in range(5):
+            rand = now - djangotime.timedelta(minutes=random.randint(10, 20))
+            random_dates.append(rand)
+
+        """ for _ in range(5):
+            rand = djangotime.now() - djangotime.timedelta(hours=random.randint(1, 10))
+            random_dates.append(rand)
+
+        for _ in range(5):
+            rand = djangotime.now() - djangotime.timedelta(days=random.randint(40, 90))
+            random_dates.append(rand) """
+
+        agents = Agent.objects.only("last_seen")
+        for agent in agents:
+            agent.last_seen = random.choice(random_dates)
+            agent.save(update_fields=["last_seen"])

api/tacticalrmm/agents/management/commands/fake_agents.py

@@ -0,0 +1,668 @@
+import json
+import random
+import string
+import datetime as dt
+
+from django.core.management.base import BaseCommand
+from django.utils import timezone as djangotime
+from django.conf import settings
+
+from accounts.models import User
+from agents.models import Agent, AgentHistory
+from clients.models import Client, Site
+from software.models import InstalledSoftware
+from winupdate.models import WinUpdate, WinUpdatePolicy
+from checks.models import Check, CheckHistory
+from scripts.models import Script
+from autotasks.models import AutomatedTask
+from automation.models import Policy
+from logs.models import PendingAction, AuditLog
+
+from tacticalrmm.demo_data import (
+    disks,
+    temp_dir_stdout,
+    spooler_stdout,
+    ping_fail_output,
+    ping_success_output,
+)
+
+AGENTS_TO_GENERATE = 250
+
+SVCS = settings.BASE_DIR.joinpath("tacticalrmm/test_data/winsvcs.json")
+WMI_1 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/wmi1.json")
+WMI_2 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/wmi2.json")
+WMI_3 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/wmi3.json")
+SW_1 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/software1.json")
+SW_2 = settings.BASE_DIR.joinpath("tacticalrmm/test_data/software2.json")
+WIN_UPDATES = settings.BASE_DIR.joinpath("tacticalrmm/test_data/winupdates.json")
+EVT_LOG_FAIL = settings.BASE_DIR.joinpath(
+    "tacticalrmm/test_data/eventlog_check_fail.json"
+)
+
+
+class Command(BaseCommand):
+    help = "populate database with fake agents"
+
+    def rand_string(self, length):
+        chars = string.ascii_letters
+        return "".join(random.choice(chars) for _ in range(length))
+
+    def handle(self, *args, **kwargs):
+
+        user = User.objects.first()
+        user.totp_key = "ABSA234234"
+        user.save(update_fields=["totp_key"])
+
+        Client.objects.all().delete()
+        Agent.objects.all().delete()
+        Check.objects.all().delete()
+        Script.objects.all().delete()
+        AutomatedTask.objects.all().delete()
+        CheckHistory.objects.all().delete()
+        Policy.objects.all().delete()
+        AuditLog.objects.all().delete()
+        PendingAction.objects.all().delete()
+
+        Script.load_community_scripts()
+
+        # policies
+        check_policy = Policy()
+        check_policy.name = "Demo Checks Policy"
+        check_policy.desc = "Demo Checks Policy"
+        check_policy.active = True
+        check_policy.enforced = True
+        check_policy.save()
+
+        patch_policy = Policy()
+        patch_policy.name = "Demo Patch Policy"
+        patch_policy.desc = "Demo Patch Policy"
+        patch_policy.active = True
+        patch_policy.enforced = True
+        patch_policy.save()
+
+        update_policy = WinUpdatePolicy()
+        update_policy.policy = patch_policy
+        update_policy.critical = "approve"
+        update_policy.important = "approve"
+        update_policy.moderate = "approve"
+        update_policy.low = "ignore"
+        update_policy.other = "ignore"
+        update_policy.run_time_days = [6, 0, 2]
+        update_policy.run_time_day = 1
+        update_policy.reboot_after_install = "required"
+        update_policy.reprocess_failed = True
+        update_policy.email_if_fail = True
+        update_policy.save()
+
+        clients = [
+            "Company 2",
+            "Company 3",
+            "Company 1",
+            "Company 4",
+            "Company 5",
+            "Company 6",
+        ]
+        sites1 = ["HQ1", "LA Office 1", "NY Office 1"]
+        sites2 = ["HQ2", "LA Office 2", "NY Office 2"]
+        sites3 = ["HQ3", "LA Office 3", "NY Office 3"]
+        sites4 = ["HQ4", "LA Office 4", "NY Office 4"]
+        sites5 = ["HQ5", "LA Office 5", "NY Office 5"]
+        sites6 = ["HQ6", "LA Office 6", "NY Office 6"]
+
+        client1 = Client(name="Company 1")
+        client2 = Client(name="Company 2")
+        client3 = Client(name="Company 3")
+        client4 = Client(name="Company 4")
+        client5 = Client(name="Company 5")
+        client6 = Client(name="Company 6")
+
+        client1.save()
+        client2.save()
+        client3.save()
+        client4.save()
+        client5.save()
+        client6.save()
+
+        for site in sites1:
+            Site(client=client1, name=site).save()
+
+        for site in sites2:
+            Site(client=client2, name=site).save()
+
+        for site in sites3:
+            Site(client=client3, name=site).save()
+
+        for site in sites4:
+            Site(client=client4, name=site).save()
+
+        for site in sites5:
+            Site(client=client5, name=site).save()
+
+        for site in sites6:
+            Site(client=client6, name=site).save()
+
+        hostnames = [
+            "DC-1",
+            "DC-2",
+            "FSV-1",
+            "FSV-2",
+            "WSUS",
+            "DESKTOP-12345",
+            "LAPTOP-55443",
+        ]
+        descriptions = ["Bob's computer", "Primary DC", "File Server", "Karen's Laptop"]
+        modes = ["server", "workstation"]
+        op_systems_servers = [
+            "Microsoft Windows Server 2016 Standard, 64bit (build 14393)",
+            "Microsoft Windows Server 2012 R2 Standard, 64bit (build 9600)",
+            "Microsoft Windows Server 2019 Standard, 64bit (build 17763)",
+        ]
+
+        op_systems_workstations = [
+            "Microsoft Windows 8.1 Pro, 64bit (build 9600)",
+            "Microsoft Windows 10 Pro for Workstations, 64bit (build 18363)",
+            "Microsoft Windows 10 Pro, 64bit (build 18363)",
+        ]
+
+        public_ips = ["65.234.22.4", "74.123.43.5", "44.21.134.45"]
+
+        total_rams = [4, 8, 16, 32, 64, 128]
+        used_rams = [10, 13, 60, 25, 76, 34, 56, 34, 39]
+
+        now = dt.datetime.now()
+
+        boot_times = []
+
+        for _ in range(15):
+            rand_hour = now - dt.timedelta(hours=random.randint(1, 22))
+            boot_times.append(str(rand_hour.timestamp()))
+
+        for _ in range(5):
+            rand_days = now - dt.timedelta(days=random.randint(2, 50))
+            boot_times.append(str(rand_days.timestamp()))
+
+        user_names = ["None", "Karen", "Steve", "jsmith", "jdoe"]
+
+        with open(SVCS) as f:
+            services = json.load(f)
+
+        # WMI
+        with open(WMI_1) as f:
+            wmi1 = json.load(f)
+
+        with open(WMI_2) as f:
+            wmi2 = json.load(f)
+
+        with open(WMI_3) as f:
+            wmi3 = json.load(f)
+
+        wmi_details = []
+        wmi_details.append(wmi1)
+        wmi_details.append(wmi2)
+        wmi_details.append(wmi3)
+
+        # software
+        with open(SW_1) as f:
+            software1 = json.load(f)
+
+        with open(SW_2) as f:
+            software2 = json.load(f)
+
+        softwares = []
+        softwares.append(software1)
+        softwares.append(software2)
+
+        # windows updates
+        with open(WIN_UPDATES) as f:
+            windows_updates = json.load(f)["samplecomputer"]
+
+        # event log check fail data
+        with open(EVT_LOG_FAIL) as f:
+            eventlog_check_fail_data = json.load(f)
+
+        # create scripts
+
+        clear_spool = Script()
+        clear_spool.name = "Clear Print Spooler"
+        clear_spool.description = "clears the print spooler. Fuck printers"
+        clear_spool.filename = "clear_print_spool.bat"
+        clear_spool.shell = "cmd"
+        clear_spool.save()
+
+        check_net_aware = Script()
+        check_net_aware.name = "Check Network Location Awareness"
+        check_net_aware.description = "Check's network location awareness on domain computers, should always be domain profile and not public or private. Sometimes happens when computer restarts before domain available. This script will return 0 if check passes or 1 if it fails."
+        check_net_aware.filename = "check_network_loc_aware.ps1"
+        check_net_aware.shell = "powershell"
+        check_net_aware.save()
+
+        check_pool_health = Script()
+        check_pool_health.name = "Check storage spool health"
+        check_pool_health.description = "loops through all storage pools and will fail if any of them are not healthy"
+        check_pool_health.filename = "check_storage_pool_health.ps1"
+        check_pool_health.shell = "powershell"
+        check_pool_health.save()
+
+        restart_nla = Script()
+        restart_nla.name = "Restart NLA Service"
+        restart_nla.description = "restarts the Network Location Awareness windows service to fix the nic profile. Run this after the check network service fails"
+        restart_nla.filename = "restart_nla.ps1"
+        restart_nla.shell = "powershell"
+        restart_nla.save()
+
+        show_tmp_dir_script = Script()
+        show_tmp_dir_script.name = "Check temp dir"
+        show_tmp_dir_script.description = "shows files in temp dir using python"
+        show_tmp_dir_script.filename = "show_temp_dir.py"
+        show_tmp_dir_script.shell = "python"
+        show_tmp_dir_script.save()
+
+        for count_agents in range(AGENTS_TO_GENERATE):
+
+            client = random.choice(clients)
+
+            if client == "Company 1":
+                site = random.choice(sites1)
+            elif client == "Company 2":
+                site = random.choice(sites2)
+            elif client == "Company 3":
+                site = random.choice(sites3)
+            elif client == "Company 4":
+                site = random.choice(sites4)
+            elif client == "Company 5":
+                site = random.choice(sites5)
+            elif client == "Company 6":
+                site = random.choice(sites6)
+
+            agent = Agent()
+
+            mode = random.choice(modes)
+            if mode == "server":
+                agent.operating_system = random.choice(op_systems_servers)
+            else:
+                agent.operating_system = random.choice(op_systems_workstations)
+
+            agent.hostname = random.choice(hostnames)
+            agent.version = settings.LATEST_AGENT_VER
+            agent.salt_ver = "1.1.0"
+            agent.site = Site.objects.get(name=site)
+            agent.agent_id = self.rand_string(25)
+            agent.description = random.choice(descriptions)
+            agent.monitoring_type = mode
+            agent.public_ip = random.choice(public_ips)
+            agent.last_seen = djangotime.now()
+            agent.plat = "windows"
+            agent.plat_release = "windows-2019Server"
+            agent.total_ram = random.choice(total_rams)
+            agent.used_ram = random.choice(used_rams)
+            agent.boot_time = random.choice(boot_times)
+            agent.logged_in_username = random.choice(user_names)
+            agent.antivirus = "windowsdefender"
+            agent.mesh_node_id = (
+                "3UiLhe420@kaVQ0rswzBeonW$WY0xrFFUDBQlcYdXoriLXzvPmBpMrV99vRHXFlb"
+            )
+            agent.overdue_email_alert = random.choice([True, False])
+            agent.overdue_text_alert = random.choice([True, False])
+            agent.needs_reboot = random.choice([True, False])
+            agent.wmi_detail = random.choice(wmi_details)
+            agent.services = services
+            agent.disks = random.choice(disks)
+            agent.salt_id = "not-used"
+
+            agent.save()
+
+            InstalledSoftware(agent=agent, software=random.choice(softwares)).save()
+
+            if mode == "workstation":
+                WinUpdatePolicy(agent=agent, run_time_days=[5, 6]).save()
+            else:
+                WinUpdatePolicy(agent=agent).save()
+
+            # windows updates load
+            guids = []
+            for k in windows_updates.keys():
+                guids.append(k)
+
+            for i in guids:
+                WinUpdate(
+                    agent=agent,
+                    guid=i,
+                    kb=windows_updates[i]["KBs"][0],
+                    mandatory=windows_updates[i]["Mandatory"],
+                    title=windows_updates[i]["Title"],
+                    needs_reboot=windows_updates[i]["NeedsReboot"],
+                    installed=windows_updates[i]["Installed"],
+                    downloaded=windows_updates[i]["Downloaded"],
+                    description=windows_updates[i]["Description"],
+                    severity=windows_updates[i]["Severity"],
+                ).save()
+
+            # agent histories
+            hist = AgentHistory()
+            hist.agent = agent
+            hist.type = "cmd_run"
+            hist.command = "ping google.com"
+            hist.username = "demo"
+            hist.results = ping_success_output
+            hist.save()
+
+            hist1 = AgentHistory()
+            hist1.agent = agent
+            hist1.type = "script_run"
+            hist1.script = clear_spool
+            hist1.script_results = {
+                "id": 1,
+                "stderr": "",
+                "stdout": spooler_stdout,
+                "execution_time": 3.5554593,
+                "retcode": 0,
+            }
+            hist1.save()
+
+            # disk space check
+            check1 = Check()
+            check1.agent = agent
+            check1.check_type = "diskspace"
+            check1.status = "passing"
+            check1.last_run = djangotime.now()
+            check1.more_info = "Total: 498.7GB, Free: 287.4GB"
+            check1.warning_threshold = 25
+            check1.error_threshold = 10
+            check1.disk = "C:"
+            check1.email_alert = random.choice([True, False])
+            check1.text_alert = random.choice([True, False])
+            check1.save()
+
+            for i in range(30):
+                check1_history = CheckHistory()
+                check1_history.check_id = check1.id
+                check1_history.x = djangotime.now() - djangotime.timedelta(
+                    minutes=i * 2
+                )
+                check1_history.y = random.randint(13, 40)
+                check1_history.save()
+
+            # ping check
+            check2 = Check()
+            check2.agent = agent
+            check2.check_type = "ping"
+            check2.last_run = djangotime.now()
+            check2.email_alert = random.choice([True, False])
+            check2.text_alert = random.choice([True, False])
+
+            if site in sites5:
+                check2.name = "Synology NAS"
+                check2.status = "failing"
+                check2.ip = "172.17.14.26"
+                check2.more_info = ping_fail_output
+            else:
+                check2.name = "Google"
+                check2.status = "passing"
+                check2.ip = "8.8.8.8"
+                check2.more_info = ping_success_output
+
+            check2.save()
+
+            for i in range(30):
+                check2_history = CheckHistory()
+                check2_history.check_id = check2.id
+                check2_history.x = djangotime.now() - djangotime.timedelta(
+                    minutes=i * 2
+                )
+                if site in sites5:
+                    check2_history.y = 1
+                    check2_history.results = ping_fail_output
+                else:
+                    check2_history.y = 0
+                    check2_history.results = ping_success_output
+                check2_history.save()
+
+            # cpu load check
+            check3 = Check()
+            check3.agent = agent
+            check3.check_type = "cpuload"
+            check3.status = "passing"
+            check3.last_run = djangotime.now()
+            check3.warning_threshold = 70
+            check3.error_threshold = 90
+            check3.history = [15, 23, 16, 22, 22, 27, 15, 23, 23, 20, 10, 10, 13, 34]
+            check3.email_alert = random.choice([True, False])
+            check3.text_alert = random.choice([True, False])
+            check3.save()
+
+            for i in range(30):
+                check3_history = CheckHistory()
+                check3_history.check_id = check3.id
+                check3_history.x = djangotime.now() - djangotime.timedelta(
+                    minutes=i * 2
+                )
+                check3_history.y = random.randint(2, 79)
+                check3_history.save()
+
+            # memory check
+            check4 = Check()
+            check4.agent = agent
+            check4.check_type = "memory"
+            check4.status = "passing"
+            check4.warning_threshold = 70
+            check4.error_threshold = 85
+            check4.history = [34, 34, 35, 36, 34, 34, 34, 34, 34, 34]
+            check4.email_alert = random.choice([True, False])
+            check4.text_alert = random.choice([True, False])
+            check4.save()
+
+            for i in range(30):
+                check4_history = CheckHistory()
+                check4_history.check_id = check4.id
+                check4_history.x = djangotime.now() - djangotime.timedelta(
+                    minutes=i * 2
+                )
+                check4_history.y = random.randint(2, 79)
+                check4_history.save()
+
+            # script check storage pool
+            check5 = Check()
+            check5.agent = agent
+            check5.check_type = "script"
+            check5.status = "passing"
+            check5.last_run = djangotime.now()
+            check5.email_alert = random.choice([True, False])
+            check5.text_alert = random.choice([True, False])
+            check5.timeout = 120
+            check5.retcode = 0
+            check5.execution_time = "4.0000"
+            check5.script = check_pool_health
+            check5.save()
+
+            for i in range(30):
+                check5_history = CheckHistory()
+                check5_history.check_id = check5.id
+                check5_history.x = djangotime.now() - djangotime.timedelta(
+                    minutes=i * 2
+                )
+                if i == 10 or i == 18:
+                    check5_history.y = 1
+                else:
+                    check5_history.y = 0
+                check5_history.save()
+
+            check6 = Check()
+            check6.agent = agent
+            check6.check_type = "script"
+            check6.status = "passing"
+            check6.last_run = djangotime.now()
+            check6.email_alert = random.choice([True, False])
+            check6.text_alert = random.choice([True, False])
+            check6.timeout = 120
+            check6.retcode = 0
+            check6.execution_time = "4.0000"
+            check6.script = check_net_aware
+            check6.save()
+
+            for i in range(30):
+                check6_history = CheckHistory()
+                check6_history.check_id = check6.id
+                check6_history.x = djangotime.now() - djangotime.timedelta(
+                    minutes=i * 2
+                )
+                check6_history.y = 0
+                check6_history.save()
+
+            nla_task = AutomatedTask()
+            nla_task.agent = agent
+            nla_task.script = restart_nla
+            nla_task.assigned_check = check6
+            nla_task.name = "Restart NLA"
+            nla_task.task_type = "checkfailure"
+            nla_task.win_task_name = "demotask123"
+            nla_task.execution_time = "1.8443"
+            nla_task.last_run = djangotime.now()
+            nla_task.stdout = "no stdout"
+            nla_task.retcode = 0
+            nla_task.sync_status = "synced"
+            nla_task.save()
+
+            spool_task = AutomatedTask()
+            spool_task.agent = agent
+            spool_task.script = clear_spool
+            spool_task.name = "Clear the print spooler"
+            spool_task.task_type = "scheduled"
+            spool_task.run_time_bit_weekdays = 127
+            spool_task.run_time_minute = "04:45"
+            spool_task.win_task_name = "demospool123"
+            spool_task.last_run = djangotime.now()
+            spool_task.retcode = 0
+            spool_task.stdout = spooler_stdout
+            spool_task.sync_status = "synced"
+            spool_task.save()
+
+            tmp_dir_task = AutomatedTask()
+            tmp_dir_task.agent = agent
+            tmp_dir_task.name = "show temp dir files"
+            tmp_dir_task.script = show_tmp_dir_script
+            tmp_dir_task.task_type = "manual"
+            tmp_dir_task.win_task_name = "demotemp"
+            tmp_dir_task.last_run = djangotime.now()
+            tmp_dir_task.stdout = temp_dir_stdout
+            tmp_dir_task.retcode = 0
+            tmp_dir_task.sync_status = "synced"
+            tmp_dir_task.save()
+
+            check7 = Check()
+            check7.agent = agent
+            check7.check_type = "script"
+            check7.status = "passing"
+            check7.last_run = djangotime.now()
+            check7.email_alert = random.choice([True, False])
+            check7.text_alert = random.choice([True, False])
+            check7.timeout = 120
+            check7.retcode = 0
+            check7.execution_time = "3.1337"
+            check7.script = clear_spool
+            check7.stdout = spooler_stdout
+            check7.save()
+
+            for i in range(30):
+                check7_history = CheckHistory()
+                check7_history.check_id = check7.id
+                check7_history.x = djangotime.now() - djangotime.timedelta(
+                    minutes=i * 2
+                )
+                check7_history.y = 0
+                check7_history.save()
+
+            check8 = Check()
+            check8.agent = agent
+            check8.check_type = "winsvc"
+            check8.status = "passing"
+            check8.last_run = djangotime.now()
+            check8.email_alert = random.choice([True, False])
+            check8.text_alert = random.choice([True, False])
+            check8.more_info = "Status RUNNING"
+            check8.fails_b4_alert = 4
+            check8.svc_name = "Spooler"
+            check8.svc_display_name = "Print Spooler"
+            check8.pass_if_start_pending = False
+            check8.restart_if_stopped = True
+            check8.save()
+
+            for i in range(30):
+                check8_history = CheckHistory()
+                check8_history.check_id = check8.id
+                check8_history.x = djangotime.now() - djangotime.timedelta(
+                    minutes=i * 2
+                )
+                if i == 10 or i == 18:
+                    check8_history.y = 1
+                    check8_history.results = "Status STOPPED"
+                else:
+                    check8_history.y = 0
+                    check8_history.results = "Status RUNNING"
+                check8_history.save()
+
+            check9 = Check()
+            check9.agent = agent
+            check9.check_type = "eventlog"
+            check9.name = "unexpected shutdown"
+
+            check9.last_run = djangotime.now()
+            check9.email_alert = random.choice([True, False])
+            check9.text_alert = random.choice([True, False])
+            check9.fails_b4_alert = 2
+
+            if site in sites5:
+                check9.extra_details = eventlog_check_fail_data
+                check9.status = "failing"
+            else:
+                check9.extra_details = {"log": []}
+                check9.status = "passing"
+
+            check9.log_name = "Application"
+            check9.event_id = 1001
+            check9.event_type = "INFO"
+            check9.fail_when = "contains"
+            check9.search_last_days = 30
+
+            check9.save()
+
+            for i in range(30):
+                check9_history = CheckHistory()
+                check9_history.check_id = check9.id
+                check9_history.x = djangotime.now() - djangotime.timedelta(
+                    minutes=i * 2
+                )
+                if i == 10 or i == 18:
+                    check9_history.y = 1
+                    check9_history.results = "Events Found: 16"
+                else:
+                    check9_history.y = 0
+                    check9_history.results = "Events Found: 0"
+                check9_history.save()
+
+            pick = random.randint(1, 10)
+
+            if pick == 5 or pick == 3:
+
+                reboot_time = djangotime.now() + djangotime.timedelta(
+                    minutes=random.randint(1000, 500000)
+                )
+                date_obj = dt.datetime.strftime(reboot_time, "%Y-%m-%d %H:%M")
+
+                obj = dt.datetime.strptime(date_obj, "%Y-%m-%d %H:%M")
+
+                task_name = "TacticalRMM_SchedReboot_" + "".join(
+                    random.choice(string.ascii_letters) for _ in range(10)
+                )
+
+                sched_reboot = PendingAction()
+                sched_reboot.agent = agent
+                sched_reboot.action_type = "schedreboot"
+                sched_reboot.details = {
+                    "time": str(obj),
+                    "taskname": task_name,
+                }
+                sched_reboot.save()
+
+            self.stdout.write(self.style.SUCCESS(f"Added agent # {count_agents + 1}"))
+
+        self.stdout.write("done")

api/tacticalrmm/agents/management/commands/show_outdated_agents.py

@@ -0,0 +1,18 @@
+from django.conf import settings
+from django.core.management.base import BaseCommand
+
+from agents.models import Agent
+
+
+class Command(BaseCommand):
+    help = "Shows online agents that are not on the latest version"
+
+    def handle(self, *args, **kwargs):
+        q = Agent.objects.exclude(version=settings.LATEST_AGENT_VER).only(
+            "pk", "version", "last_seen", "overdue_time", "offline_time"
+        )
+        agents = [i for i in q if i.status == "online"]
+        for agent in agents:
+            self.stdout.write(
+                self.style.SUCCESS(f"{agent.hostname} - v{agent.version}")
+            )

api/tacticalrmm/agents/management/commands/update_agents.py

@@ -0,0 +1,25 @@
+from django.conf import settings
+from django.core.management.base import BaseCommand
+from packaging import version as pyver
+
+from agents.models import Agent
+from core.models import CoreSettings
+from agents.tasks import send_agent_update_task
+from tacticalrmm.utils import AGENT_DEFER
+
+
+class Command(BaseCommand):
+    help = "Triggers an agent update task to run"
+
+    def handle(self, *args, **kwargs):
+        core = CoreSettings.objects.first()
+        if not core.agent_auto_update:  # type: ignore
+            return
+
+        q = Agent.objects.defer(*AGENT_DEFER).exclude(version=settings.LATEST_AGENT_VER)
+        agent_ids: list[str] = [
+            i.agent_id
+            for i in q
+            if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
+        ]
+        send_agent_update_task.delay(agent_ids=agent_ids)

api/tacticalrmm/agents/migrations/0001_initial.py

@@ -1,8 +1,8 @@
 # Generated by Django 3.0.6 on 2020-05-31 01:23
 
 import django.contrib.postgres.fields.jsonb
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/agents/migrations/0005_agent_policy.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.0.7 on 2020-06-09 16:07
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/agents/migrations/0011_recoveryaction.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.0.8 on 2020-08-09 05:31
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/agents/migrations/0015_note.py

@@ -1,8 +1,8 @@
 # Generated by Django 3.1.1 on 2020-09-22 20:57
 
+import django.db.models.deletion
 from django.conf import settings
 from django.db import migrations, models
-import django.db.models.deletion
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/agents/migrations/0021_agent_site_link.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.1.2 on 2020-11-01 22:53
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/agents/migrations/0027_agent_overdue_dashboard_alert.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2021-01-29 21:11
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0026_auto_20201125_2334'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='overdue_dashboard_alert',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0028_auto_20210206_1534.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.1.4 on 2021-02-06 15:34
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0027_agent_overdue_dashboard_alert'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentoutage',
+            name='outage_email_sent_time',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='agentoutage',
+            name='outage_sms_sent_time',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0029_delete_agentoutage.py

@@ -0,0 +1,16 @@
+# Generated by Django 3.1.4 on 2021-02-10 21:56
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0028_auto_20210206_1534'),
+    ]
+
+    operations = [
+        migrations.DeleteModel(
+            name='AgentOutage',
+        ),
+    ]

api/tacticalrmm/agents/migrations/0030_agent_offline_time.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.6 on 2021-02-16 08:50
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0029_delete_agentoutage'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='offline_time',
+            field=models.PositiveIntegerField(default=4),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0031_agent_alert_template.py

@@ -0,0 +1,20 @@
+# Generated by Django 3.1.7 on 2021-03-04 03:57
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0006_auto_20210217_1736'),
+        ('agents', '0030_agent_offline_time'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='alert_template',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='agents', to='alerts.alerttemplate'),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0032_agentcustomfield.py

@@ -0,0 +1,24 @@
+# Generated by Django 3.1.7 on 2021-03-17 14:45
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0014_customfield'),
+        ('agents', '0031_agent_alert_template'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AgentCustomField',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('value', models.TextField(blank=True, null=True)),
+                ('agent', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='custom_fields', to='agents.agent')),
+                ('field', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='agent_fields', to='core.customfield')),
+            ],
+        ),
+    ]

api/tacticalrmm/agents/migrations/0033_agentcustomfield_multiple_value.py

@@ -0,0 +1,19 @@
+# Generated by Django 3.1.7 on 2021-03-29 02:51
+
+import django.contrib.postgres.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0032_agentcustomfield'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentcustomfield',
+            name='multiple_value',
+            field=django.contrib.postgres.fields.ArrayField(base_field=models.TextField(blank=True, null=True), blank=True, default=list, null=True, size=None),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0034_agentcustomfield_checkbox_value.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-29 03:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0033_agentcustomfield_multiple_value'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentcustomfield',
+            name='checkbox_value',
+            field=models.BooleanField(blank=True, default=False),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0035_auto_20210329_1709.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.1.7 on 2021-03-29 17:09
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0034_agentcustomfield_checkbox_value'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='agentcustomfield',
+            old_name='checkbox_value',
+            new_name='bool_value',
+        ),
+        migrations.RenameField(
+            model_name='agentcustomfield',
+            old_name='value',
+            new_name='string_value',
+        ),
+    ]

api/tacticalrmm/agents/migrations/0036_agent_block_policy_inheritance.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-04-17 01:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0035_auto_20210329_1709'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='block_policy_inheritance',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0037_auto_20210627_0014.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.4 on 2021-06-27 00:14
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0036_agent_block_policy_inheritance'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='has_patches_pending',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='agent',
+            name='pending_actions_count',
+            field=models.PositiveIntegerField(default=0),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0038_agenthistory.py

@@ -0,0 +1,27 @@
+# Generated by Django 3.2.1 on 2021-07-06 02:01
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0037_auto_20210627_0014'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AgentHistory',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('time', models.DateTimeField(auto_now_add=True)),
+                ('type', models.CharField(choices=[('task_run', 'Task Run'), ('script_run', 'Script Run'), ('cmd_run', 'CMD Run')], default='cmd_run', max_length=50)),
+                ('command', models.TextField(blank=True, null=True)),
+                ('status', models.CharField(choices=[('success', 'Success'), ('failure', 'Failure')], default='success', max_length=50)),
+                ('username', models.CharField(default='system', max_length=50)),
+                ('results', models.TextField(blank=True, null=True)),
+                ('agent', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='history', to='agents.agent')),
+            ],
+        ),
+    ]

api/tacticalrmm/agents/migrations/0039_auto_20210714_0738.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.2.5 on 2021-07-14 07:38
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('scripts', '0008_script_guid'),
+        ('agents', '0038_agenthistory'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agenthistory',
+            name='script',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='history', to='scripts.script'),
+        ),
+        migrations.AddField(
+            model_name='agenthistory',
+            name='script_results',
+            field=models.JSONField(blank=True, null=True),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0040_auto_20211010_0249.py

@@ -0,0 +1,28 @@
+# Generated by Django 3.2.6 on 2021-10-10 02:49
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0039_auto_20210714_0738'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='agent',
+            name='agent_id',
+            field=models.CharField(max_length=200, unique=True),
+        ),
+        migrations.AlterField(
+            model_name='agent',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='agent',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0041_alter_agenthistory_username.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.6 on 2021-10-18 03:04
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0040_auto_20211010_0249'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='agenthistory',
+            name='username',
+            field=models.CharField(default='system', max_length=255),
+        ),
+    ]

api/tacticalrmm/agents/models.py

@@ -1,31 +1,32 @@
-import time
+import asyncio
 import base64
-from Crypto.Cipher import AES
-from Crypto.Random import get_random_bytes
-from Crypto.Hash import SHA3_384
-from Crypto.Util.Padding import pad
-import validators
-import msgpack
 import re
+import time
 from collections import Counter
-from typing import List
-from loguru import logger
-from packaging import version as pyver
 from distutils.version import LooseVersion
+from typing import Any
+
+import msgpack
+import validators
+from Crypto.Cipher import AES
+from Crypto.Hash import SHA3_384
+from Crypto.Random import get_random_bytes
+from Crypto.Util.Padding import pad
+from django.conf import settings
+from django.contrib.postgres.fields import ArrayField
+from django.db import models
+from django.utils import timezone as djangotime
 from nats.aio.client import Client as NATS
 from nats.aio.errors import ErrTimeout
 
-from django.db import models
-from django.conf import settings
-from django.utils import timezone as djangotime
-
-from core.models import CoreSettings, TZ_CHOICES
-from logs.models import BaseAuditModel
-
-logger.configure(**settings.LOG_CONFIG)
+from core.models import TZ_CHOICES, CoreSettings
+from logs.models import BaseAuditModel, DebugLog
+from tacticalrmm.models import PermissionQuerySet
 
 
 class Agent(BaseAuditModel):
+    objects = PermissionQuerySet.as_manager()
+
     version = models.CharField(default="0.1.0", max_length=255)
     salt_ver = models.CharField(default="1.0.3", max_length=255)
     operating_system = models.CharField(null=True, blank=True, max_length=255)
@@ -34,7 +35,7 @@ class Agent(BaseAuditModel):
     hostname = models.CharField(max_length=255)
     salt_id = models.CharField(null=True, blank=True, max_length=255)
     local_ip = models.TextField(null=True, blank=True)  # deprecated
-    agent_id = models.CharField(max_length=200)
+    agent_id = models.CharField(max_length=200, unique=True)
     last_seen = models.DateTimeField(null=True, blank=True)
     services = models.JSONField(null=True, blank=True)
     public_ip = models.CharField(null=True, max_length=255)
@@ -50,6 +51,8 @@ class Agent(BaseAuditModel):
     mesh_node_id = models.CharField(null=True, blank=True, max_length=255)
     overdue_email_alert = models.BooleanField(default=False)
     overdue_text_alert = models.BooleanField(default=False)
+    overdue_dashboard_alert = models.BooleanField(default=False)
+    offline_time = models.PositiveIntegerField(default=4)
     overdue_time = models.PositiveIntegerField(default=30)
     check_interval = models.PositiveIntegerField(default=120)
     needs_reboot = models.BooleanField(default=False)
@@ -60,6 +63,16 @@ class Agent(BaseAuditModel):
         max_length=255, choices=TZ_CHOICES, null=True, blank=True
     )
     maintenance_mode = models.BooleanField(default=False)
+    block_policy_inheritance = models.BooleanField(default=False)
+    pending_actions_count = models.PositiveIntegerField(default=0)
+    has_patches_pending = models.BooleanField(default=False)
+    alert_template = models.ForeignKey(
+        "alerts.AlertTemplate",
+        related_name="agents",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+    )
     site = models.ForeignKey(
         "clients.Site",
         related_name="agents",
@@ -75,6 +88,26 @@ class Agent(BaseAuditModel):
         on_delete=models.SET_NULL,
     )
 
+    def save(self, *args, **kwargs):
+        from automation.tasks import generate_agent_checks_task
+
+        # get old agent if exists
+        old_agent = Agent.objects.get(pk=self.pk) if self.pk else None
+        super(Agent, self).save(old_model=old_agent, *args, **kwargs)
+
+        # check if new agent has been created
+        # or check if policy have changed on agent
+        # or if site has changed on agent and if so generate policies
+        # or if agent was changed from server or workstation
+        if (
+            not old_agent
+            or (old_agent and old_agent.policy != self.policy)
+            or (old_agent.site != self.site)
+            or (old_agent.monitoring_type != self.monitoring_type)
+            or (old_agent.block_policy_inheritance != self.block_policy_inheritance)
+        ):
+            generate_agent_checks_task.delay(agents=[self.pk], create_tasks=True)
+
     def __str__(self):
         return self.hostname
 
@@ -82,14 +115,6 @@ class Agent(BaseAuditModel):
     def client(self):
         return self.site.client
 
-    @property
-    def has_nats(self):
-        return pyver.parse(self.version) >= pyver.parse("1.1.0")
-
-    @property
-    def has_gotasks(self):
-        return pyver.parse(self.version) >= pyver.parse("1.1.1")
-
     @property
     def timezone(self):
         # return the default timezone unless the timezone is explicity set per agent
@@ -98,7 +123,7 @@ class Agent(BaseAuditModel):
         else:
             from core.models import CoreSettings
 
-            return CoreSettings.objects.first().default_time_zone
+            return CoreSettings.objects.first().default_time_zone  # type: ignore
 
     @property
     def arch(self):
@@ -127,7 +152,7 @@ class Agent(BaseAuditModel):
 
     @property
     def status(self):
-        offline = djangotime.now() - djangotime.timedelta(minutes=6)
+        offline = djangotime.now() - djangotime.timedelta(minutes=self.offline_time)
         overdue = djangotime.now() - djangotime.timedelta(minutes=self.overdue_time)
 
         if self.last_seen is not None:
@@ -140,27 +165,30 @@ class Agent(BaseAuditModel):
         else:
             return "offline"
 
-    @property
-    def has_patches_pending(self):
-        return self.winupdates.filter(action="approve").filter(installed=False).exists()
-
     @property
     def checks(self):
-        total, passing, failing = 0, 0, 0
+        total, passing, failing, warning, info = 0, 0, 0, 0, 0
 
-        if self.agentchecks.exists():
-            for i in self.agentchecks.all():
+        if self.agentchecks.exists():  # type: ignore
+            for i in self.agentchecks.all():  # type: ignore
                 total += 1
                 if i.status == "passing":
                     passing += 1
                 elif i.status == "failing":
-                    failing += 1
+                    if i.alert_severity == "error":
+                        failing += 1
+                    elif i.alert_severity == "warning":
+                        warning += 1
+                    elif i.alert_severity == "info":
+                        info += 1
 
         ret = {
             "total": total,
             "passing": passing,
             "failing": failing,
-            "has_failing_checks": failing > 0,
+            "warning": warning,
+            "info": info,
+            "has_failing_checks": failing > 0 or warning > 0,
         }
         return ret
 
@@ -175,6 +203,27 @@ class Agent(BaseAuditModel):
         except:
             return ["unknown cpu model"]
 
+    @property
+    def graphics(self):
+        ret, mrda = [], []
+        try:
+            graphics = self.wmi_detail["graphics"]
+            for i in graphics:
+                caption = [x["Caption"] for x in i if "Caption" in x][0]
+                if "microsoft remote display adapter" in caption.lower():
+                    mrda.append("yes")
+                    continue
+
+                ret.append([x["Caption"] for x in i if "Caption" in x][0])
+
+            # only return this if no other graphics cards
+            if not ret and mrda:
+                return "Microsoft Remote Display Adapter"
+
+            return ", ".join(ret)
+        except:
+            return "Graphics info requires agent v1.4.14"
+
     @property
     def local_ips(self):
         ret = []
@@ -214,11 +263,17 @@ class Agent(BaseAuditModel):
                 make = [x["Manufacturer"] for x in mobo if "Manufacturer" in x][0]
                 model = [x["Product"] for x in mobo if "Product" in x][0]
 
+            if make.lower() == "lenovo":
+                sysfam = [x["SystemFamily"] for x in comp_sys if "SystemFamily" in x][0]
+                if "to be filled" not in sysfam.lower():
+                    model = sysfam
+
             return f"{make} {model}"
         except:
             pass
 
         try:
+            comp_sys_prod = self.wmi_detail["comp_sys_prod"][0]
             return [x["Version"] for x in comp_sys_prod if "Version" in x][0]
         except:
             pass
@@ -248,33 +303,111 @@ class Agent(BaseAuditModel):
         except:
             return ["unknown disk"]
 
+    def check_run_interval(self) -> int:
+        interval = self.check_interval
+        # determine if any agent checks have a custom interval and set the lowest interval
+        for check in self.agentchecks.filter(overriden_by_policy=False):  # type: ignore
+            if check.run_interval and check.run_interval < interval:
+
+                # don't allow check runs less than 15s
+                if check.run_interval < 15:
+                    interval = 15
+                else:
+                    interval = check.run_interval
+
+        return interval
+
+    def run_script(
+        self,
+        scriptpk: int,
+        args: list[str] = [],
+        timeout: int = 120,
+        full: bool = False,
+        wait: bool = False,
+        run_on_any: bool = False,
+        history_pk: int = 0,
+    ) -> Any:
+
+        from scripts.models import Script
+
+        script = Script.objects.get(pk=scriptpk)
+
+        parsed_args = script.parse_script_args(self, script.shell, args)
+
+        data = {
+            "func": "runscriptfull" if full else "runscript",
+            "timeout": timeout,
+            "script_args": parsed_args,
+            "payload": {
+                "code": script.code,
+                "shell": script.shell,
+            },
+        }
+
+        if history_pk != 0:
+            data["id"] = history_pk
+
+        running_agent = self
+        if run_on_any:
+            nats_ping = {"func": "ping"}
+
+            # try on self first
+            r = asyncio.run(self.nats_cmd(nats_ping, timeout=1))
+
+            if r == "pong":
+                running_agent = self
+            else:
+                online = [
+                    agent
+                    for agent in Agent.objects.only(
+                        "pk", "agent_id", "last_seen", "overdue_time", "offline_time"
+                    )
+                    if agent.status == "online"
+                ]
+
+                for agent in online:
+                    r = asyncio.run(agent.nats_cmd(nats_ping, timeout=1))
+                    if r == "pong":
+                        running_agent = agent
+                        break
+
+                if running_agent.pk == self.pk:
+                    return "Unable to find an online agent"
+
+        if wait:
+            return asyncio.run(running_agent.nats_cmd(data, timeout=timeout, wait=True))
+        else:
+            asyncio.run(running_agent.nats_cmd(data, wait=False))
+
+        return "ok"
+
     # auto approves updates
     def approve_updates(self):
         patch_policy = self.get_patch_policy()
 
         updates = list()
         if patch_policy.critical == "approve":
-            updates += self.winupdates.filter(
+            updates += self.winupdates.filter(  # type: ignore
                 severity="Critical", installed=False
             ).exclude(action="approve")
 
         if patch_policy.important == "approve":
-            updates += self.winupdates.filter(
+            updates += self.winupdates.filter(  # type: ignore
                 severity="Important", installed=False
             ).exclude(action="approve")
 
         if patch_policy.moderate == "approve":
-            updates += self.winupdates.filter(
+            updates += self.winupdates.filter(  # type: ignore
                 severity="Moderate", installed=False
             ).exclude(action="approve")
 
         if patch_policy.low == "approve":
-            updates += self.winupdates.filter(severity="Low", installed=False).exclude(
+            updates += self.winupdates.filter(severity="Low", installed=False).exclude(  # type: ignore
                 action="approve"
             )
 
         if patch_policy.other == "approve":
-            updates += self.winupdates.filter(severity="", installed=False).exclude(
+            updates += self.winupdates.filter(severity="", installed=False).exclude(  # type: ignore
                 action="approve"
             )
 
@@ -289,7 +422,7 @@ class Agent(BaseAuditModel):
         site = self.site
         core_settings = CoreSettings.objects.first()
         patch_policy = None
-        agent_policy = self.winupdatepolicy.get()
+        agent_policy = self.winupdatepolicy.get()  # type: ignore
 
         if self.monitoring_type == "server":
             # check agent policy first which should override client or site policy
@@ -298,21 +431,34 @@ class Agent(BaseAuditModel):
 
             # check site policy if agent policy doesn't have one
             elif site.server_policy and site.server_policy.winupdatepolicy.exists():
-                patch_policy = site.server_policy.winupdatepolicy.get()
+                # make sure agent isn;t blocking policy inheritance
+                if not self.block_policy_inheritance:
+                    patch_policy = site.server_policy.winupdatepolicy.get()
 
             # if site doesn't have a patch policy check the client
             elif (
                 site.client.server_policy
                 and site.client.server_policy.winupdatepolicy.exists()
             ):
-                patch_policy = site.client.server_policy.winupdatepolicy.get()
+                # make sure agent and site are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                ):
+                    patch_policy = site.client.server_policy.winupdatepolicy.get()
 
             # if patch policy still doesn't exist check default policy
             elif (
-                core_settings.server_policy
-                and core_settings.server_policy.winupdatepolicy.exists()
+                core_settings.server_policy  # type: ignore
+                and core_settings.server_policy.winupdatepolicy.exists()  # type: ignore
             ):
-                patch_policy = core_settings.server_policy.winupdatepolicy.get()
+                # make sure agent site and client are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                    and not site.client.block_policy_inheritance
+                ):
+                    patch_policy = core_settings.server_policy.winupdatepolicy.get()  # type: ignore
 
         elif self.monitoring_type == "workstation":
             # check agent policy first which should override client or site policy
@@ -323,21 +469,36 @@ class Agent(BaseAuditModel):
                 site.workstation_policy
                 and site.workstation_policy.winupdatepolicy.exists()
             ):
-                patch_policy = site.workstation_policy.winupdatepolicy.get()
+                # make sure agent isn;t blocking policy inheritance
+                if not self.block_policy_inheritance:
+                    patch_policy = site.workstation_policy.winupdatepolicy.get()
 
             # if site doesn't have a patch policy check the client
             elif (
                 site.client.workstation_policy
                 and site.client.workstation_policy.winupdatepolicy.exists()
             ):
-                patch_policy = site.client.workstation_policy.winupdatepolicy.get()
+                # make sure agent and site are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                ):
+                    patch_policy = site.client.workstation_policy.winupdatepolicy.get()
 
             # if patch policy still doesn't exist check default policy
             elif (
-                core_settings.workstation_policy
-                and core_settings.workstation_policy.winupdatepolicy.exists()
+                core_settings.workstation_policy  # type: ignore
+                and core_settings.workstation_policy.winupdatepolicy.exists()  # type: ignore
             ):
-                patch_policy = core_settings.workstation_policy.winupdatepolicy.get()
+                # make sure agent site and client are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                    and not site.client.block_policy_inheritance
+                ):
+                    patch_policy = (
+                        core_settings.workstation_policy.winupdatepolicy.get()  # type: ignore
+                    )
 
         # if policy still doesn't exist return the agent patch policy
         if not patch_policy:
@@ -374,18 +535,155 @@ class Agent(BaseAuditModel):
 
         return patch_policy
 
-    def get_approved_update_guids(self) -> List[str]:
+    def get_approved_update_guids(self) -> list[str]:
         return list(
-            self.winupdates.filter(action="approve", installed=False).values_list(
+            self.winupdates.filter(action="approve", installed=False).values_list(  # type: ignore
                 "guid", flat=True
             )
         )
 
+    # sets alert template assigned in the following order: policy, site, client, global
+    # sets None if nothing is found
+    def set_alert_template(self):
+
+        site = self.site
+        client = self.client
+        core = CoreSettings.objects.first()
+
+        templates = list()
+        # check if alert template is on a policy assigned to agent
+        if (
+            self.policy
+            and self.policy.alert_template
+            and self.policy.alert_template.is_active
+        ):
+            templates.append(self.policy.alert_template)
+
+        # check if policy with alert template is assigned to the site
+        if (
+            self.monitoring_type == "server"
+            and site.server_policy
+            and site.server_policy.alert_template
+            and site.server_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+        ):
+            templates.append(site.server_policy.alert_template)
+        if (
+            self.monitoring_type == "workstation"
+            and site.workstation_policy
+            and site.workstation_policy.alert_template
+            and site.workstation_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+        ):
+            templates.append(site.workstation_policy.alert_template)
+
+        # check if alert template is assigned to site
+        if site.alert_template and site.alert_template.is_active:
+            templates.append(site.alert_template)
+
+        # check if policy with alert template is assigned to the client
+        if (
+            self.monitoring_type == "server"
+            and client.server_policy
+            and client.server_policy.alert_template
+            and client.server_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+        ):
+            templates.append(client.server_policy.alert_template)
+        if (
+            self.monitoring_type == "workstation"
+            and client.workstation_policy
+            and client.workstation_policy.alert_template
+            and client.workstation_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+        ):
+            templates.append(client.workstation_policy.alert_template)
+
+        # check if alert template is on client and return
+        if (
+            client.alert_template
+            and client.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+        ):
+            templates.append(client.alert_template)
+
+        # check if alert template is applied globally and return
+        if (
+            core.alert_template  # type: ignore
+            and core.alert_template.is_active  # type: ignore
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
+        ):
+            templates.append(core.alert_template)  # type: ignore
+
+        # if agent is a workstation, check if policy with alert template is assigned to the site, client, or core
+        if (
+            self.monitoring_type == "server"
+            and core.server_policy  # type: ignore
+            and core.server_policy.alert_template  # type: ignore
+            and core.server_policy.alert_template.is_active  # type: ignore
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
+        ):
+            templates.append(core.server_policy.alert_template)  # type: ignore
+        if (
+            self.monitoring_type == "workstation"
+            and core.workstation_policy  # type: ignore
+            and core.workstation_policy.alert_template  # type: ignore
+            and core.workstation_policy.alert_template.is_active  # type: ignore
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
+        ):
+            templates.append(core.workstation_policy.alert_template)  # type: ignore
+
+        # go through the templates and return the first one that isn't excluded
+        for template in templates:
+            # check if client, site, or agent has been excluded from template
+            if (
+                client.pk
+                in template.excluded_clients.all().values_list("pk", flat=True)
+                or site.pk in template.excluded_sites.all().values_list("pk", flat=True)
+                or self.pk
+                in template.excluded_agents.all()
+                .only("pk")
+                .values_list("pk", flat=True)
+            ):
+                continue
+
+            # check if template is excluding desktops
+            elif (
+                self.monitoring_type == "workstation" and template.exclude_workstations
+            ):
+                continue
+
+            # check if template is excluding servers
+            elif self.monitoring_type == "server" and template.exclude_servers:
+                continue
+
+            else:
+                # save alert_template to agent cache field
+                self.alert_template = template
+                self.save()
+
+                return template
+
+        # no alert templates found or agent has been excluded
+        self.alert_template = None
+        self.save()
+
+        return None
+
     def generate_checks_from_policies(self):
         from automation.models import Policy
 
         # Clear agent checks that have overriden_by_policy set
-        self.agentchecks.update(overriden_by_policy=False)
+        self.agentchecks.update(overriden_by_policy=False)  # type: ignore
 
         # Generate checks based on policies
         Policy.generate_policy_checks(self)
@@ -403,7 +701,7 @@ class Agent(BaseAuditModel):
             key1 = key[0:48]
             key2 = key[48:]
             msg = '{{"a":{}, "u":"{}","time":{}}}'.format(
-                action, user, int(time.time())
+                action, user.lower(), int(time.time())
             )
             iv = get_random_bytes(16)
 
@@ -420,7 +718,7 @@ class Agent(BaseAuditModel):
         except Exception:
             return "err"
 
-    async def nats_cmd(self, data, timeout=30, wait=True):
+    async def nats_cmd(self, data: dict, timeout: int = 30, wait: bool = True):
         nc = NATS()
         options = {
             "servers": f"tls://{settings.ALLOWED_HOSTS[0]}:4222",
@@ -442,7 +740,11 @@ class Agent(BaseAuditModel):
             except ErrTimeout:
                 ret = "timeout"
             else:
-                ret = msgpack.loads(msg.data)
+                try:
+                    ret = msgpack.loads(msg.data)  # type: ignore
+                except Exception as e:
+                    ret = str(e)
+                    DebugLog.error(agent=self, log_type="agent_issues", message=ret)
 
             await nc.close()
             return ret
@@ -454,27 +756,24 @@ class Agent(BaseAuditModel):
     @staticmethod
     def serialize(agent):
         # serializes the agent and returns json
-        from .serializers import AgentEditSerializer
+        from .serializers import AgentAuditSerializer
 
-        ret = AgentEditSerializer(agent).data
-        del ret["all_timezones"]
-        del ret["client"]
-        return ret
+        return AgentAuditSerializer(agent).data
 
     def delete_superseded_updates(self):
         try:
             pks = []  # list of pks to delete
-            kbs = list(self.winupdates.values_list("kb", flat=True))
+            kbs = list(self.winupdates.values_list("kb", flat=True))  # type: ignore
             d = Counter(kbs)
             dupes = [k for k, v in d.items() if v > 1]
 
             for dupe in dupes:
-                titles = self.winupdates.filter(kb=dupe).values_list("title", flat=True)
+                titles = self.winupdates.filter(kb=dupe).values_list("title", flat=True)  # type: ignore
                 # extract the version from the title and sort from oldest to newest
                 # skip if no version info is available therefore nothing to parse
                 try:
                     vers = [
-                        re.search(r"\(Version(.*?)\)", i).group(1).strip()
+                        re.search(r"\(Version(.*?)\)", i).group(1).strip()  # type: ignore
                         for i in titles
                     ]
                     sorted_vers = sorted(vers, key=LooseVersion)
@@ -482,111 +781,77 @@ class Agent(BaseAuditModel):
                     continue
                 # append all but the latest version to our list of pks to delete
                 for ver in sorted_vers[:-1]:
-                    q = self.winupdates.filter(kb=dupe).filter(title__contains=ver)
+                    q = self.winupdates.filter(kb=dupe).filter(title__contains=ver)  # type: ignore
                     pks.append(q.first().pk)
 
             pks = list(set(pks))
-            self.winupdates.filter(pk__in=pks).delete()
+            self.winupdates.filter(pk__in=pks).delete()  # type: ignore
         except:
             pass
 
-    # define how the agent should handle pending actions
-    def handle_pending_actions(self):
-        pending_actions = self.pendingactions.filter(status="pending")
-
-        for action in pending_actions:
-            if action.action_type == "taskaction":
-                from autotasks.tasks import (
-                    create_win_task_schedule,
-                    enable_or_disable_win_task,
-                    delete_win_task_schedule,
+    def should_create_alert(self, alert_template=None):
+        return (
+            self.overdue_dashboard_alert
+            or self.overdue_email_alert
+            or self.overdue_text_alert
+            or (
+                alert_template
+                and (
+                    alert_template.agent_always_alert
+                    or alert_template.agent_always_email
+                    or alert_template.agent_always_text
                 )
-
-                task_id = action.details["task_id"]
-
-                if action.details["action"] == "taskcreate":
-                    create_win_task_schedule.delay(task_id, pending_action=action.id)
-                elif action.details["action"] == "tasktoggle":
-                    enable_or_disable_win_task.delay(
-                        task_id, action.details["value"], pending_action=action.id
-                    )
-                elif action.details["action"] == "taskdelete":
-                    delete_win_task_schedule.delay(task_id, pending_action=action.id)
-
-    # for clearing duplicate pending actions on agent
-    def remove_matching_pending_task_actions(self, task_id):
-        # remove any other pending actions on agent with same task_id
-        for action in self.pendingactions.exclude(status="completed"):
-            if action.details["task_id"] == task_id:
-                action.delete()
-
-
-class AgentOutage(models.Model):
-    agent = models.ForeignKey(
-        Agent,
-        related_name="agentoutages",
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    outage_time = models.DateTimeField(auto_now_add=True)
-    recovery_time = models.DateTimeField(null=True, blank=True)
-    outage_email_sent = models.BooleanField(default=False)
-    outage_sms_sent = models.BooleanField(default=False)
-    recovery_email_sent = models.BooleanField(default=False)
-    recovery_sms_sent = models.BooleanField(default=False)
-
-    @property
-    def is_active(self):
-        return False if self.recovery_time else True
+            )
+        )
 
     def send_outage_email(self):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        CORE.send_mail(
-            f"{self.agent.client.name}, {self.agent.site.name}, {self.agent.hostname} - data overdue",
+        CORE.send_mail(  # type: ignore
+            f"{self.client.name}, {self.site.name}, {self.hostname} - data overdue",
             (
-                f"Data has not been received from client {self.agent.client.name}, "
-                f"site {self.agent.site.name}, "
-                f"agent {self.agent.hostname} "
+                f"Data has not been received from client {self.client.name}, "
+                f"site {self.site.name}, "
+                f"agent {self.hostname} "
                 "within the expected time."
             ),
+            alert_template=self.alert_template,
         )
 
     def send_recovery_email(self):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        CORE.send_mail(
-            f"{self.agent.client.name}, {self.agent.site.name}, {self.agent.hostname} - data received",
+        CORE.send_mail(  # type: ignore
+            f"{self.client.name}, {self.site.name}, {self.hostname} - data received",
             (
-                f"Data has been received from client {self.agent.client.name}, "
-                f"site {self.agent.site.name}, "
-                f"agent {self.agent.hostname} "
+                f"Data has been received from client {self.client.name}, "
+                f"site {self.site.name}, "
+                f"agent {self.hostname} "
                 "after an interruption in data transmission."
             ),
+            alert_template=self.alert_template,
         )
 
     def send_outage_sms(self):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        CORE.send_sms(
-            f"{self.agent.client.name}, {self.agent.site.name}, {self.agent.hostname} - data overdue"
+        CORE.send_sms(  # type: ignore
+            f"{self.client.name}, {self.site.name}, {self.hostname} - data overdue",
+            alert_template=self.alert_template,
         )
 
     def send_recovery_sms(self):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        CORE.send_sms(
-            f"{self.agent.client.name}, {self.agent.site.name}, {self.agent.hostname} - data received"
+        CORE.send_sms(  # type: ignore
+            f"{self.client.name}, {self.site.name}, {self.hostname} - data received",
+            alert_template=self.alert_template,
         )
 
-    def __str__(self):
-        return self.agent.hostname
-
 
 RECOVERY_CHOICES = [
     ("salt", "Salt"),
@@ -598,6 +863,8 @@ RECOVERY_CHOICES = [
 
 
 class RecoveryAction(models.Model):
+    objects = PermissionQuerySet.as_manager()
+
     agent = models.ForeignKey(
         Agent,
         related_name="recoveryactions",
@@ -610,14 +877,10 @@ class RecoveryAction(models.Model):
     def __str__(self):
         return f"{self.agent.hostname} - {self.mode}"
 
-    def send(self):
-        ret = {"recovery": self.mode}
-        if self.mode == "command":
-            ret["cmd"] = self.command
-        return ret
-
 
 class Note(models.Model):
+    objects = PermissionQuerySet.as_manager()
+
     agent = models.ForeignKey(
         Agent,
         related_name="notes",
@@ -635,3 +898,96 @@ class Note(models.Model):
 
     def __str__(self):
         return self.agent.hostname
+
+
+class AgentCustomField(models.Model):
+    objects = PermissionQuerySet.as_manager()
+
+    agent = models.ForeignKey(
+        Agent,
+        related_name="custom_fields",
+        on_delete=models.CASCADE,
+    )
+
+    field = models.ForeignKey(
+        "core.CustomField",
+        related_name="agent_fields",
+        on_delete=models.CASCADE,
+    )
+
+    string_value = models.TextField(null=True, blank=True)
+    bool_value = models.BooleanField(blank=True, default=False)
+    multiple_value = ArrayField(
+        models.TextField(null=True, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+
+    def __str__(self):
+        return self.field.name
+
+    @property
+    def value(self):
+        if self.field.type == "multiple":
+            return self.multiple_value
+        elif self.field.type == "checkbox":
+            return self.bool_value
+        else:
+            return self.string_value
+
+    def save_to_field(self, value):
+        if self.field.type in [
+            "text",
+            "number",
+            "single",
+            "datetime",
+        ]:
+            self.string_value = value
+            self.save()
+        elif self.field.type == "multiple":
+            self.multiple_value = value.split(",")
+            self.save()
+        elif self.field.type == "checkbox":
+            self.bool_value = bool(value)
+            self.save()
+
+
+AGENT_HISTORY_TYPES = (
+    ("task_run", "Task Run"),
+    ("script_run", "Script Run"),
+    ("cmd_run", "CMD Run"),
+)
+
+AGENT_HISTORY_STATUS = (("success", "Success"), ("failure", "Failure"))
+
+
+class AgentHistory(models.Model):
+    objects = PermissionQuerySet.as_manager()
+
+    agent = models.ForeignKey(
+        Agent,
+        related_name="history",
+        on_delete=models.CASCADE,
+    )
+    time = models.DateTimeField(auto_now_add=True)
+    type = models.CharField(
+        max_length=50, choices=AGENT_HISTORY_TYPES, default="cmd_run"
+    )
+    command = models.TextField(null=True, blank=True)
+    status = models.CharField(
+        max_length=50, choices=AGENT_HISTORY_STATUS, default="success"
+    )
+    username = models.CharField(max_length=255, default="system")
+    results = models.TextField(null=True, blank=True)
+    script = models.ForeignKey(
+        "scripts.Script",
+        null=True,
+        blank=True,
+        related_name="history",
+        on_delete=models.SET_NULL,
+    )
+    script_results = models.JSONField(null=True, blank=True)
+
+    def __str__(self):
+        return f"{self.agent.hostname} - {self.type}"

api/tacticalrmm/agents/permissions.py

@@ -0,0 +1,123 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm, _has_perm_on_agent
+
+
+class AgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            if "agent_id" in view.kwargs.keys():
+                return _has_perm(r, "can_list_agents") and _has_perm_on_agent(
+                    r.user, view.kwargs["agent_id"]
+                )
+            else:
+                return _has_perm(r, "can_list_agents")
+        elif r.method == "DELETE":
+            return _has_perm(r, "can_uninstall_agents") and _has_perm_on_agent(
+                r.user, view.kwargs["agent_id"]
+            )
+        else:
+            if r.path == "/agents/maintenance/bulk/":
+                return _has_perm(r, "can_edit_agent")
+            else:
+                return _has_perm(r, "can_edit_agent") and _has_perm_on_agent(
+                    r.user, view.kwargs["agent_id"]
+                )
+
+
+class RecoverAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_recover_agents") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class MeshPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_use_mesh") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class UpdateAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_update_agents")
+
+
+class PingAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_ping_agents") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class ManageProcPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_manage_procs") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class EvtLogPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_view_eventlogs") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class SendCMDPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_send_cmd") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class RebootAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_reboot_agents") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class InstallAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_install_agents")
+
+
+class RunScriptPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_run_scripts") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class AgentNotesPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+
+        # permissions for GET /agents/notes/ endpoint
+        if r.method == "GET":
+
+            # permissions for /agents/<agent_id>/notes endpoint
+            if "agent_id" in view.kwargs.keys():
+                return _has_perm(r, "can_list_notes") and _has_perm_on_agent(
+                    r.user, view.kwargs["agent_id"]
+                )
+            else:
+                return _has_perm(r, "can_list_notes")
+        else:
+            return _has_perm(r, "can_manage_notes")
+
+
+class RunBulkPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_run_bulk")
+
+
+class AgentHistoryPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if "agent_id" in view.kwargs.keys():
+            return _has_perm(r, "can_list_agent_history") and _has_perm_on_agent(
+                r.user, view.kwargs["agent_id"]
+            )
+        else:
+            return _has_perm(r, "can_list_agent_history")

api/tacticalrmm/agents/serializers.py

@@ -1,42 +1,55 @@
 import pytz
-
 from rest_framework import serializers
-from rest_framework.fields import ReadOnlyField
-
-from .models import Agent, Note
-
 from winupdate.serializers import WinUpdatePolicySerializer
-from clients.serializers import ClientSerializer
+
+from .models import Agent, AgentCustomField, Note, AgentHistory
+
+
+class AgentCustomFieldSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = AgentCustomField
+        fields = (
+            "id",
+            "field",
+            "agent",
+            "value",
+            "string_value",
+            "bool_value",
+            "multiple_value",
+        )
+        extra_kwargs = {
+            "string_value": {"write_only": True},
+            "bool_value": {"write_only": True},
+            "multiple_value": {"write_only": True},
+        }
 
 
 class AgentSerializer(serializers.ModelSerializer):
-    # for vue
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
     winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
     status = serializers.ReadOnlyField()
     cpu_model = serializers.ReadOnlyField()
     local_ips = serializers.ReadOnlyField()
     make_model = serializers.ReadOnlyField()
     physical_disks = serializers.ReadOnlyField()
+    graphics = serializers.ReadOnlyField()
     checks = serializers.ReadOnlyField()
     timezone = serializers.ReadOnlyField()
     all_timezones = serializers.SerializerMethodField()
-    client_name = serializers.ReadOnlyField(source="client.name")
+    client = serializers.ReadOnlyField(source="client.name")
     site_name = serializers.ReadOnlyField(source="site.name")
+    custom_fields = AgentCustomFieldSerializer(many=True, read_only=True)
+    patches_last_installed = serializers.ReadOnlyField()
+    last_seen = serializers.ReadOnlyField()
 
     def get_all_timezones(self, obj):
         return pytz.all_timezones
 
     class Meta:
         model = Agent
-        exclude = [
-            "last_seen",
-        ]
+        exclude = ["id"]
 
 
 class AgentTableSerializer(serializers.ModelSerializer):
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
-    pending_actions = serializers.SerializerMethodField()
     status = serializers.ReadOnlyField()
     checks = serializers.ReadOnlyField()
     last_seen = serializers.SerializerMethodField()
@@ -44,9 +57,20 @@ class AgentTableSerializer(serializers.ModelSerializer):
     site_name = serializers.ReadOnlyField(source="site.name")
     logged_username = serializers.SerializerMethodField()
     italic = serializers.SerializerMethodField()
+    policy = serializers.ReadOnlyField(source="policy.id")
+    alert_template = serializers.SerializerMethodField()
 
-    def get_pending_actions(self, obj):
-        return obj.pendingactions.filter(status="pending").count()
+    def get_alert_template(self, obj):
+
+        if not obj.alert_template:
+            return None
+        else:
+            return {
+                "name": obj.alert_template.name,
+                "always_email": obj.alert_template.agent_always_email,
+                "always_text": obj.alert_template.agent_always_text,
+                "always_alert": obj.alert_template.agent_always_alert,
+            }
 
     def get_last_seen(self, obj) -> str:
         if obj.time_zone is not None:
@@ -54,7 +78,7 @@ class AgentTableSerializer(serializers.ModelSerializer):
         else:
             agent_tz = self.context["default_tz"]
 
-        return obj.last_seen.astimezone(agent_tz).strftime("%m %d %Y %H:%M:%S")
+        return obj.last_seen.astimezone(agent_tz).strftime("%m %d %Y %H:%M")
 
     def get_logged_username(self, obj) -> str:
         if obj.logged_in_username == "None" and obj.status == "online":
@@ -70,63 +94,33 @@ class AgentTableSerializer(serializers.ModelSerializer):
     class Meta:
         model = Agent
         fields = [
-            "id",
-            "hostname",
             "agent_id",
+            "alert_template",
+            "hostname",
             "site_name",
             "client_name",
             "monitoring_type",
             "description",
             "needs_reboot",
-            "patches_pending",
-            "pending_actions",
+            "has_patches_pending",
+            "pending_actions_count",
             "status",
             "overdue_text_alert",
             "overdue_email_alert",
+            "overdue_dashboard_alert",
             "last_seen",
             "boot_time",
             "checks",
             "maintenance_mode",
             "logged_username",
             "italic",
+            "policy",
+            "block_policy_inheritance",
         ]
         depth = 2
 
 
-class AgentEditSerializer(serializers.ModelSerializer):
-    winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
-    all_timezones = serializers.SerializerMethodField()
-    client = ClientSerializer(read_only=True)
-
-    def get_all_timezones(self, obj):
-        return pytz.all_timezones
-
-    class Meta:
-        model = Agent
-        fields = [
-            "id",
-            "hostname",
-            "client",
-            "site",
-            "monitoring_type",
-            "description",
-            "time_zone",
-            "timezone",
-            "check_interval",
-            "overdue_time",
-            "overdue_text_alert",
-            "overdue_email_alert",
-            "all_timezones",
-            "winupdatepolicy",
-        ]
-
-
 class WinAgentSerializer(serializers.ModelSerializer):
-    # for the windows agent
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
-    winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
-    status = serializers.ReadOnlyField()
-
     class Meta:
         model = Agent
         fields = "__all__"
@@ -139,24 +133,38 @@ class AgentHostnameSerializer(serializers.ModelSerializer):
     class Meta:
         model = Agent
         fields = (
+            "id",
             "hostname",
-            "pk",
+            "agent_id",
             "client",
             "site",
         )
 
 
-class NoteSerializer(serializers.ModelSerializer):
+class AgentNoteSerializer(serializers.ModelSerializer):
     username = serializers.ReadOnlyField(source="user.username")
+    agent_id = serializers.ReadOnlyField(source="agent.agent_id")
 
     class Meta:
         model = Note
-        fields = "__all__"
+        fields = ("pk", "entry_time", "agent", "user", "note", "username", "agent_id")
+        extra_kwargs = {"agent": {"write_only": True}, "user": {"write_only": True}}
 
 
-class NotesSerializer(serializers.ModelSerializer):
-    notes = NoteSerializer(many=True, read_only=True)
+class AgentHistorySerializer(serializers.ModelSerializer):
+    time = serializers.SerializerMethodField(read_only=True)
+    script_name = serializers.ReadOnlyField(source="script.name")
 
+    class Meta:
+        model = AgentHistory
+        fields = "__all__"
+
+    def get_time(self, history):
+        tz = self.context["default_tz"]
+        return history.time.astimezone(tz).strftime("%m %d %Y %H:%M:%S")
+
+
+class AgentAuditSerializer(serializers.ModelSerializer):
     class Meta:
         model = Agent
-        fields = ["hostname", "pk", "notes"]
+        exclude = ["disks", "services", "wmi_detail"]

api/tacticalrmm/agents/tasks.py

@@ -1,119 +1,87 @@
 import asyncio
-from loguru import logger
-from time import sleep
+import datetime as dt
 import random
-from packaging import version as pyver
-from typing import List
+from time import sleep
+from typing import Union
 
-from django.conf import settings
-from scripts.models import Script
-
-from tacticalrmm.celery import app
-from agents.models import Agent, AgentOutage
 from core.models import CoreSettings
-from logs.models import PendingAction
+from django.conf import settings
+from django.utils import timezone as djangotime
+from logs.models import DebugLog, PendingAction
+from packaging import version as pyver
+from scripts.models import Script
+from tacticalrmm.celery import app
 
-logger.configure(**settings.LOG_CONFIG)
+from agents.models import Agent
+from agents.utils import get_winagent_url
 
 
-def _check_agent_service(pk: int) -> None:
-    agent = Agent.objects.get(pk=pk)
-    r = asyncio.run(agent.nats_cmd({"func": "ping"}, timeout=2))
-    if r == "pong":
-        logger.info(
-            f"Detected crashed tacticalagent service on {agent.hostname}, attempting recovery"
-        )
-        data = {"func": "recover", "payload": {"mode": "tacagent"}}
-        asyncio.run(agent.nats_cmd(data, wait=False))
+def agent_update(agent_id: str, force: bool = False) -> str:
 
+    agent = Agent.objects.get(agent_id=agent_id)
 
-def _check_in_full(pk: int) -> None:
-    agent = Agent.objects.get(pk=pk)
-    asyncio.run(agent.nats_cmd({"func": "checkinfull"}, wait=False))
+    if pyver.parse(agent.version) <= pyver.parse("1.3.0"):
+        return "not supported"
 
-
-@app.task
-def check_in_task() -> None:
-    q = Agent.objects.only("pk", "version")
-    agents: List[int] = [
-        i.pk for i in q if pyver.parse(i.version) == pyver.parse("1.1.12")
-    ]
-    chunks = (agents[i : i + 50] for i in range(0, len(agents), 50))
-    for chunk in chunks:
-        for pk in chunk:
-            _check_in_full(pk)
-            sleep(0.1)
-        rand = random.randint(3, 7)
-        sleep(rand)
-
-
-@app.task
-def monitor_agents_task() -> None:
-    q = Agent.objects.all()
-    agents: List[int] = [i.pk for i in q if i.has_nats and i.status != "online"]
-    for agent in agents:
-        _check_agent_service(agent)
-
-
-def agent_update(pk: int) -> str:
-    agent = Agent.objects.get(pk=pk)
     # skip if we can't determine the arch
     if agent.arch is None:
-        logger.warning(f"Unable to determine arch on {agent.hostname}. Skipping.")
+        DebugLog.warning(
+            agent=agent,
+            log_type="agent_issues",
+            message=f"Unable to determine arch on {agent.hostname}({agent.agent_id}). Skipping agent update.",
+        )
         return "noarch"
 
     version = settings.LATEST_AGENT_VER
-    url = agent.winagent_dl
     inno = agent.win_inno_exe
+    url = get_winagent_url(agent.arch)
 
-    if agent.has_nats:
-        if pyver.parse(agent.version) <= pyver.parse("1.1.11"):
-            if agent.pendingactions.filter(
+    if not force:
+        if agent.pendingactions.filter(
+            action_type="agentupdate", status="pending"
+        ).exists():
+            agent.pendingactions.filter(
                 action_type="agentupdate", status="pending"
-            ).exists():
-                action = agent.pendingactions.filter(
-                    action_type="agentupdate", status="pending"
-                ).last()
-                if pyver.parse(action.details["version"]) < pyver.parse(version):
-                    action.delete()
-                else:
-                    return "pending"
+            ).delete()
 
-            PendingAction.objects.create(
-                agent=agent,
-                action_type="agentupdate",
-                details={
-                    "url": url,
-                    "version": version,
-                    "inno": inno,
-                },
-            )
-        else:
-            nats_data = {
-                "func": "agentupdate",
-                "payload": {
-                    "url": url,
-                    "version": version,
-                    "inno": inno,
-                },
-            }
-            asyncio.run(agent.nats_cmd(nats_data, wait=False))
+        PendingAction.objects.create(
+            agent=agent,
+            action_type="agentupdate",
+            details={
+                "url": url,
+                "version": version,
+                "inno": inno,
+            },
+        )
 
-        return "created"
-
-    return "not supported"
+    nats_data = {
+        "func": "agentupdate",
+        "payload": {
+            "url": url,
+            "version": version,
+            "inno": inno,
+        },
+    }
+    asyncio.run(agent.nats_cmd(nats_data, wait=False))
+    return "created"
 
 
 @app.task
-def send_agent_update_task(pks: List[int], version: str) -> None:
-    q = Agent.objects.filter(pk__in=pks)
-    agents: List[int] = [
-        i.pk for i in q if pyver.parse(i.version) < pyver.parse(version)
-    ]
-    chunks = (agents[i : i + 30] for i in range(0, len(agents), 30))
+def force_code_sign(agent_ids: list[str]) -> None:
+    chunks = (agent_ids[i : i + 50] for i in range(0, len(agent_ids), 50))
     for chunk in chunks:
-        for pk in chunk:
-            agent_update(pk)
+        for agent_id in chunk:
+            agent_update(agent_id=agent_id, force=True)
+            sleep(0.05)
+        sleep(4)
+
+
+@app.task
+def send_agent_update_task(agent_ids: list[str]) -> None:
+    chunks = (agent_ids[i : i + 50] for i in range(0, len(agent_ids), 50))
+    for chunk in chunks:
+        for agent_id in chunk:
+            agent_update(agent_id)
             sleep(0.05)
         sleep(4)
 
@@ -121,148 +89,143 @@ def send_agent_update_task(pks: List[int], version: str) -> None:
 @app.task
 def auto_self_agent_update_task() -> None:
     core = CoreSettings.objects.first()
-    if not core.agent_auto_update:
+    if not core.agent_auto_update:  # type:ignore
         return
 
-    q = Agent.objects.only("pk", "version")
-    pks: List[int] = [
-        i.pk
+    q = Agent.objects.only("agent_id", "version")
+    agent_ids: list[str] = [
+        i.agent_id
         for i in q
         if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
     ]
 
-    chunks = (pks[i : i + 30] for i in range(0, len(pks), 30))
+    chunks = (agent_ids[i : i + 30] for i in range(0, len(agent_ids), 30))
     for chunk in chunks:
-        for pk in chunk:
-            agent_update(pk)
+        for agent_id in chunk:
+            agent_update(agent_id)
             sleep(0.05)
         sleep(4)
 
 
 @app.task
-def get_wmi_task():
-    agents = Agent.objects.all()
-    online = [
-        i
-        for i in agents
-        if pyver.parse(i.version) >= pyver.parse("1.2.0") and i.status == "online"
-    ]
-    chunks = (online[i : i + 50] for i in range(0, len(online), 50))
-    for chunk in chunks:
-        for agent in chunk:
-            asyncio.run(agent.nats_cmd({"func": "wmi"}, wait=False))
-            sleep(0.1)
-        rand = random.randint(3, 7)
-        sleep(rand)
+def agent_outage_email_task(pk: int, alert_interval: Union[float, None] = None) -> str:
+    from alerts.models import Alert
+
+    alert = Alert.objects.get(pk=pk)
+
+    if not alert.email_sent:
+        sleep(random.randint(1, 15))
+        alert.agent.send_outage_email()
+        alert.email_sent = djangotime.now()
+        alert.save(update_fields=["email_sent"])
+    else:
+        if alert_interval:
+            # send an email only if the last email sent is older than alert interval
+            delta = djangotime.now() - dt.timedelta(days=alert_interval)
+            if alert.email_sent < delta:
+                sleep(random.randint(1, 10))
+                alert.agent.send_outage_email()
+                alert.email_sent = djangotime.now()
+                alert.save(update_fields=["email_sent"])
+
+    return "ok"
 
 
 @app.task
-def sync_sysinfo_task():
-    agents = Agent.objects.all()
-    online = [
-        i
-        for i in agents
-        if pyver.parse(i.version) >= pyver.parse("1.1.3")
-        and pyver.parse(i.version) <= pyver.parse("1.1.12")
-        and i.status == "online"
-    ]
+def agent_recovery_email_task(pk: int) -> str:
+    from alerts.models import Alert
 
-    chunks = (online[i : i + 50] for i in range(0, len(online), 50))
-    for chunk in chunks:
-        for agent in chunk:
-            asyncio.run(agent.nats_cmd({"func": "sync"}, wait=False))
-            sleep(0.1)
-        rand = random.randint(3, 7)
-        sleep(rand)
-
-
-@app.task
-def agent_outage_email_task(pk):
     sleep(random.randint(1, 15))
-    outage = AgentOutage.objects.get(pk=pk)
-    outage.send_outage_email()
-    outage.outage_email_sent = True
-    outage.save(update_fields=["outage_email_sent"])
+    alert = Alert.objects.get(pk=pk)
+    alert.agent.send_recovery_email()
+    alert.resolved_email_sent = djangotime.now()
+    alert.save(update_fields=["resolved_email_sent"])
+
+    return "ok"
 
 
 @app.task
-def agent_recovery_email_task(pk):
-    sleep(random.randint(1, 15))
-    outage = AgentOutage.objects.get(pk=pk)
-    outage.send_recovery_email()
-    outage.recovery_email_sent = True
-    outage.save(update_fields=["recovery_email_sent"])
+def agent_outage_sms_task(pk: int, alert_interval: Union[float, None] = None) -> str:
+    from alerts.models import Alert
+
+    alert = Alert.objects.get(pk=pk)
+
+    if not alert.sms_sent:
+        sleep(random.randint(1, 15))
+        alert.agent.send_outage_sms()
+        alert.sms_sent = djangotime.now()
+        alert.save(update_fields=["sms_sent"])
+    else:
+        if alert_interval:
+            # send an sms only if the last sms sent is older than alert interval
+            delta = djangotime.now() - dt.timedelta(days=alert_interval)
+            if alert.sms_sent < delta:
+                sleep(random.randint(1, 10))
+                alert.agent.send_outage_sms()
+                alert.sms_sent = djangotime.now()
+                alert.save(update_fields=["sms_sent"])
+
+    return "ok"
 
 
 @app.task
-def agent_outage_sms_task(pk):
+def agent_recovery_sms_task(pk: int) -> str:
+    from alerts.models import Alert
+
     sleep(random.randint(1, 3))
-    outage = AgentOutage.objects.get(pk=pk)
-    outage.send_outage_sms()
-    outage.outage_sms_sent = True
-    outage.save(update_fields=["outage_sms_sent"])
+    alert = Alert.objects.get(pk=pk)
+    alert.agent.send_recovery_sms()
+    alert.resolved_sms_sent = djangotime.now()
+    alert.save(update_fields=["resolved_sms_sent"])
+
+    return "ok"
 
 
 @app.task
-def agent_recovery_sms_task(pk):
-    sleep(random.randint(1, 3))
-    outage = AgentOutage.objects.get(pk=pk)
-    outage.send_recovery_sms()
-    outage.recovery_sms_sent = True
-    outage.save(update_fields=["recovery_sms_sent"])
+def agent_outages_task() -> None:
+    from alerts.models import Alert
 
-
-@app.task
-def agent_outages_task():
     agents = Agent.objects.only(
-        "pk", "last_seen", "overdue_time", "overdue_email_alert", "overdue_text_alert"
+        "pk",
+        "agent_id",
+        "last_seen",
+        "offline_time",
+        "overdue_time",
+        "overdue_email_alert",
+        "overdue_text_alert",
+        "overdue_dashboard_alert",
     )
 
     for agent in agents:
-        if agent.overdue_email_alert or agent.overdue_text_alert:
-            if agent.status == "overdue":
-                outages = AgentOutage.objects.filter(agent=agent)
-                if outages and outages.last().is_active:
-                    continue
-
-                outage = AgentOutage(agent=agent)
-                outage.save()
-
-                # add a null check history to allow gaps in graph
-                for check in agent.agentchecks.all():
-                    check.add_check_history(None)
-
-                if agent.overdue_email_alert and not agent.maintenance_mode:
-                    agent_outage_email_task.delay(pk=outage.pk)
-
-                if agent.overdue_text_alert and not agent.maintenance_mode:
-                    agent_outage_sms_task.delay(pk=outage.pk)
-
-
-@app.task
-def handle_agent_recovery_task(pk: int) -> None:
-    sleep(10)
-    from agents.models import RecoveryAction
-
-    action = RecoveryAction.objects.get(pk=pk)
-    if action.mode == "command":
-        data = {"func": "recoverycmd", "recoverycommand": action.command}
-    else:
-        data = {"func": "recover", "payload": {"mode": action.mode}}
-
-    asyncio.run(action.agent.nats_cmd(data, wait=False))
+        if agent.status == "overdue":
+            Alert.handle_alert_failure(agent)
 
 
 @app.task
 def run_script_email_results_task(
-    agentpk: int, scriptpk: int, nats_timeout: int, nats_data: dict, emails: List[str]
+    agentpk: int,
+    scriptpk: int,
+    nats_timeout: int,
+    emails: list[str],
+    args: list[str] = [],
+    history_pk: int = 0,
 ):
     agent = Agent.objects.get(pk=agentpk)
     script = Script.objects.get(pk=scriptpk)
-    nats_data["func"] = "runscriptfull"
-    r = asyncio.run(agent.nats_cmd(nats_data, timeout=nats_timeout))
+    r = agent.run_script(
+        scriptpk=script.pk,
+        args=args,
+        full=True,
+        timeout=nats_timeout,
+        wait=True,
+        history_pk=history_pk,
+    )
     if r == "timeout":
-        logger.error(f"{agent.hostname} timed out running script.")
+        DebugLog.error(
+            agent=agent,
+            log_type="scripting",
+            message=f"{agent.hostname}({agent.pk}) timed out running script.",
+        )
         return
 
     CORE = CoreSettings.objects.first()
@@ -278,40 +241,68 @@ def run_script_email_results_task(
 
     msg = EmailMessage()
     msg["Subject"] = subject
-    msg["From"] = CORE.smtp_from_email
+    msg["From"] = CORE.smtp_from_email  # type:ignore
 
     if emails:
         msg["To"] = ", ".join(emails)
     else:
-        msg["To"] = ", ".join(CORE.email_alert_recipients)
+        msg["To"] = ", ".join(CORE.email_alert_recipients)  # type:ignore
 
     msg.set_content(body)
 
     try:
-        with smtplib.SMTP(CORE.smtp_host, CORE.smtp_port, timeout=20) as server:
-            if CORE.smtp_requires_auth:
+        with smtplib.SMTP(
+            CORE.smtp_host, CORE.smtp_port, timeout=20  # type:ignore
+        ) as server:  # type:ignore
+            if CORE.smtp_requires_auth:  # type:ignore
                 server.ehlo()
                 server.starttls()
-                server.login(CORE.smtp_host_user, CORE.smtp_host_password)
+                server.login(
+                    CORE.smtp_host_user, CORE.smtp_host_password  # type:ignore
+                )  # type:ignore
                 server.send_message(msg)
                 server.quit()
             else:
                 server.send_message(msg)
                 server.quit()
     except Exception as e:
-        logger.error(e)
+        DebugLog.error(message=str(e))
 
 
 @app.task
-def remove_salt_task() -> None:
-    if hasattr(settings, "KEEP_SALT") and settings.KEEP_SALT:
-        return
+def clear_faults_task(older_than_days: int) -> None:
+    # https://github.com/wh1te909/tacticalrmm/issues/484
+    agents = Agent.objects.exclude(last_seen__isnull=True).filter(
+        last_seen__lt=djangotime.now() - djangotime.timedelta(days=older_than_days)
+    )
+    for agent in agents:
+        if agent.agentchecks.exists():
+            for check in agent.agentchecks.all():
+                # reset check status
+                check.status = "passing"
+                check.save(update_fields=["status"])
+                if check.alert.filter(resolved=False).exists():
+                    check.alert.get(resolved=False).resolve()
 
-    q = Agent.objects.all()
-    agents = [i for i in q if pyver.parse(i.version) >= pyver.parse("1.3.0")]
-    chunks = (agents[i : i + 50] for i in range(0, len(agents), 50))
-    for chunk in chunks:
-        for agent in chunk:
-            asyncio.run(agent.nats_cmd({"func": "removesalt"}, wait=False))
-            sleep(0.1)
-        sleep(4)
+        # reset overdue alerts
+        agent.overdue_email_alert = False
+        agent.overdue_text_alert = False
+        agent.overdue_dashboard_alert = False
+        agent.save(
+            update_fields=[
+                "overdue_email_alert",
+                "overdue_text_alert",
+                "overdue_dashboard_alert",
+            ]
+        )
+
+
+@app.task
+def prune_agent_history(older_than_days: int) -> str:
+    from .models import AgentHistory
+
+    AgentHistory.objects.filter(
+        time__lt=djangotime.now() - djangotime.timedelta(days=older_than_days)
+    ).delete()
+
+    return "ok"

api/tacticalrmm/agents/urls.py

@@ -1,34 +1,44 @@
 from django.urls import path
+
 from . import views
+from checks.views import GetAddChecks
+from autotasks.views import GetAddAutoTasks
+from logs.views import PendingActions
 
 urlpatterns = [
-    path("listagents/", views.AgentsTableList.as_view()),
-    path("listagentsnodetail/", views.list_agents_no_detail),
-    path("<int:pk>/agenteditdetails/", views.agent_edit_details),
-    path("byclient/<int:clientpk>/", views.by_client),
-    path("bysite/<int:sitepk>/", views.by_site),
-    path("overdueaction/", views.overdue_action),
-    path("sendrawcmd/", views.send_raw_cmd),
-    path("<pk>/agentdetail/", views.agent_detail),
-    path("<int:pk>/meshcentral/", views.meshcentral),
+    # agent views
+    path("", views.GetAgents.as_view()),
+    path("<agent:agent_id>/", views.GetUpdateDeleteAgent.as_view()),
+    path("<agent:agent_id>/cmd/", views.send_raw_cmd),
+    path("<agent:agent_id>/runscript/", views.run_script),
+    path("<agent:agent_id>/wmi/", views.WMI.as_view()),
+    path("<agent:agent_id>/recover/", views.recover),
+    path("<agent:agent_id>/reboot/", views.Reboot.as_view()),
+    path("<agent:agent_id>/ping/", views.ping),
+    # alias for checks get view
+    path("<agent:agent_id>/checks/", GetAddChecks.as_view()),
+    # alias for autotasks get view
+    path("<agent:agent_id>/tasks/", GetAddAutoTasks.as_view()),
+    # alias for pending actions get view
+    path("<agent:agent_id>/pendingactions/", PendingActions.as_view()),
+    # agent remote background
+    path("<agent:agent_id>/meshcentral/", views.AgentMeshCentral.as_view()),
+    path("<agent:agent_id>/meshcentral/recover/", views.AgentMeshCentral.as_view()),
+    path("<agent:agent_id>/processes/", views.AgentProcesses.as_view()),
+    path("<agent:agent_id>/processes/<int:pid>/", views.AgentProcesses.as_view()),
+    path("<agent:agent_id>/eventlog/<str:logtype>/<int:days>/", views.get_event_log),
+    # agent history
+    path("history/", views.AgentHistoryView.as_view()),
+    path("<agent:agent_id>/history/", views.AgentHistoryView.as_view()),
+    # agent notes
+    path("notes/", views.GetAddNotes.as_view()),
+    path("notes/<int:pk>/", views.GetEditDeleteNote.as_view()),
+    path("<agent:agent_id>/notes/", views.GetAddNotes.as_view()),
+    # bulk actions
+    path("maintenance/bulk/", views.agent_maintenance),
+    path("actions/bulk/", views.bulk),
+    path("versions/", views.get_agent_versions),
+    path("update/", views.update_agents),
+    path("installer/", views.install_agent),
     path("<str:arch>/getmeshexe/", views.get_mesh_exe),
-    path("uninstall/", views.uninstall),
-    path("editagent/", views.edit_agent),
-    path("<pk>/geteventlog/<logtype>/<days>/", views.get_event_log),
-    path("getagentversions/", views.get_agent_versions),
-    path("updateagents/", views.update_agents),
-    path("<pk>/getprocs/", views.get_processes),
-    path("<pk>/<pid>/killproc/", views.kill_proc),
-    path("reboot/", views.Reboot.as_view()),
-    path("installagent/", views.install_agent),
-    path("<int:pk>/ping/", views.ping),
-    path("recover/", views.recover),
-    path("runscript/", views.run_script),
-    path("<int:pk>/recovermesh/", views.recover_mesh),
-    path("<int:pk>/notes/", views.GetAddNotes.as_view()),
-    path("<int:pk>/note/", views.GetEditDeleteNote.as_view()),
-    path("bulk/", views.bulk),
-    path("agent_counts/", views.agent_counts),
-    path("maintenance/", views.agent_maintenance),
-    path("<int:pk>/wmi/", views.WMI.as_view()),
 ]

api/tacticalrmm/agents/utils.py

@@ -0,0 +1,40 @@
+import random
+import urllib.parse
+import requests
+
+from django.conf import settings
+from core.models import CodeSignToken
+
+
+def get_exegen_url() -> str:
+    urls: list[str] = settings.EXE_GEN_URLS
+    for url in urls:
+        try:
+            r = requests.get(url, timeout=10)
+        except:
+            continue
+
+        if r.status_code == 200:
+            return url
+
+    return random.choice(urls)
+
+
+def get_winagent_url(arch: str) -> str:
+
+    dl_url = settings.DL_32 if arch == "32" else settings.DL_64
+
+    try:
+        t: CodeSignToken = CodeSignToken.objects.first()  # type: ignore
+        if t.is_valid:
+            base_url = get_exegen_url() + "/api/v1/winagents/?"
+            params = {
+                "version": settings.LATEST_AGENT_VER,
+                "arch": arch,
+                "token": t.token,
+            }
+            dl_url = base_url + urllib.parse.urlencode(params)
+    except:
+        pass
+
+    return dl_url

api/tacticalrmm/alerts/admin.py

@@ -1,6 +1,6 @@
 from django.contrib import admin
 
-from .models import Alert
-
+from .models import Alert, AlertTemplate
 
 admin.site.register(Alert)
+admin.site.register(AlertTemplate)

api/tacticalrmm/alerts/migrations/0001_initial.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.1 on 2020-08-15 15:31
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
@@ -42,4 +42,4 @@ class Migration(migrations.Migration):
                 ),
             ],
         ),
-    ]
+    ]

api/tacticalrmm/alerts/migrations/0002_auto_20200815_1618.py

@@ -27,4 +27,4 @@ class Migration(migrations.Migration):
                 max_length=100,
             ),
         ),
-    ]
+    ]

api/tacticalrmm/alerts/migrations/0003_auto_20201021_1815.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.1.2 on 2020-10-21 18:15
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
@@ -28,4 +28,4 @@ class Migration(migrations.Migration):
             name="alert_time",
             field=models.DateTimeField(auto_now_add=True, null=True),
         ),
-    ]
+    ]

api/tacticalrmm/alerts/migrations/0004_auto_20210212_1408.py

@@ -0,0 +1,172 @@
+# Generated by Django 3.1.4 on 2021-02-12 14:08
+
+import django.contrib.postgres.fields
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0029_delete_agentoutage'),
+        ('clients', '0008_auto_20201103_1430'),
+        ('autotasks', '0017_auto_20210210_1512'),
+        ('scripts', '0005_auto_20201207_1606'),
+        ('alerts', '0003_auto_20201021_1815'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='alert',
+            name='action_execution_time',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='action_retcode',
+            field=models.IntegerField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='action_run',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='action_stderr',
+            field=models.TextField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='action_stdout',
+            field=models.TextField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='action_timeout',
+            field=models.PositiveIntegerField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='alert_type',
+            field=models.CharField(choices=[('availability', 'Availability'), ('check', 'Check'), ('task', 'Task'), ('custom', 'Custom')], default='availability', max_length=20),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='assigned_task',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='alert', to='autotasks.automatedtask'),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='email_sent',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='hidden',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_execution_time',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_retcode',
+            field=models.IntegerField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_run',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_stderr',
+            field=models.TextField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_stdout',
+            field=models.TextField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_timeout',
+            field=models.PositiveIntegerField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_email_sent',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_on',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_sms_sent',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='sms_sent',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='snoozed',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AlterField(
+            model_name='alert',
+            name='severity',
+            field=models.CharField(choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], default='info', max_length=30),
+        ),
+        migrations.CreateModel(
+            name='AlertTemplate',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=100)),
+                ('is_active', models.BooleanField(default=True)),
+                ('action_args', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, max_length=255, null=True), blank=True, default=list, null=True, size=None)),
+                ('resolved_action_args', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, max_length=255, null=True), blank=True, default=list, null=True, size=None)),
+                ('email_recipients', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, max_length=100), blank=True, default=list, null=True, size=None)),
+                ('text_recipients', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, max_length=100), blank=True, default=list, null=True, size=None)),
+                ('email_from', models.EmailField(blank=True, max_length=254, null=True)),
+                ('agent_email_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_text_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_include_desktops', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_always_email', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_always_text', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_always_alert', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_periodic_alert_days', models.PositiveIntegerField(blank=True, default=0, null=True)),
+                ('check_email_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('check_text_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('check_dashboard_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('check_email_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('check_text_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('check_always_email', models.BooleanField(blank=True, default=False, null=True)),
+                ('check_always_text', models.BooleanField(blank=True, default=False, null=True)),
+                ('check_always_alert', models.BooleanField(blank=True, default=False, null=True)),
+                ('check_periodic_alert_days', models.PositiveIntegerField(blank=True, default=0, null=True)),
+                ('task_email_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('task_text_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('task_dashboard_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('task_email_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('task_text_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('task_always_email', models.BooleanField(blank=True, default=False, null=True)),
+                ('task_always_text', models.BooleanField(blank=True, default=False, null=True)),
+                ('task_always_alert', models.BooleanField(blank=True, default=False, null=True)),
+                ('task_periodic_alert_days', models.PositiveIntegerField(blank=True, default=0, null=True)),
+                ('action', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='alert_template', to='scripts.script')),
+                ('excluded_agents', models.ManyToManyField(blank=True, related_name='alert_exclusions', to='agents.Agent')),
+                ('excluded_clients', models.ManyToManyField(blank=True, related_name='alert_exclusions', to='clients.Client')),
+                ('excluded_sites', models.ManyToManyField(blank=True, related_name='alert_exclusions', to='clients.Site')),
+                ('resolved_action', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='resolved_alert_template', to='scripts.script')),
+            ],
+        ),
+    ]

api/tacticalrmm/alerts/migrations/0005_auto_20210212_1745.py

@@ -0,0 +1,31 @@
+# Generated by Django 3.1.4 on 2021-02-12 17:45
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0004_auto_20210212_1408'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='alert',
+            name='action_timeout',
+        ),
+        migrations.RemoveField(
+            model_name='alert',
+            name='resolved_action_timeout',
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='action_timeout',
+            field=models.PositiveIntegerField(default=15),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='resolved_action_timeout',
+            field=models.PositiveIntegerField(default=15),
+        ),
+    ]

api/tacticalrmm/alerts/migrations/0006_auto_20210217_1736.py

@@ -0,0 +1,72 @@
+# Generated by Django 3.1.6 on 2021-02-17 17:36
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0005_auto_20210212_1745'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='alerttemplate',
+            name='agent_include_desktops',
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='exclude_servers',
+            field=models.BooleanField(blank=True, default=False, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='exclude_workstations',
+            field=models.BooleanField(blank=True, default=False, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='agent_always_alert',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='agent_always_email',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='agent_always_text',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='check_always_alert',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='check_always_email',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='check_always_text',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='task_always_alert',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='task_always_email',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='task_always_text',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+    ]

api/tacticalrmm/alerts/migrations/0007_auto_20210721_0423.py

@@ -0,0 +1,33 @@
+# Generated by Django 3.2.1 on 2021-07-21 04:23
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0006_auto_20210217_1736'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='created_time',
+            field=models.DateTimeField(auto_now_add=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='modified_time',
+            field=models.DateTimeField(auto_now=True, null=True),
+        ),
+    ]

api/tacticalrmm/alerts/migrations/0008_auto_20210721_1757.py

@@ -0,0 +1,28 @@
+# Generated by Django 3.2.1 on 2021-07-21 17:57
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0007_auto_20210721_0423'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='agent_script_actions',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='check_script_actions',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='task_script_actions',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+    ]

api/tacticalrmm/alerts/migrations/0009_auto_20210721_1810.py

@@ -0,0 +1,28 @@
+# Generated by Django 3.2.1 on 2021-07-21 18:10
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0008_auto_20210721_1757'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='agent_script_actions',
+            field=models.BooleanField(blank=True, default=True, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='check_script_actions',
+            field=models.BooleanField(blank=True, default=True, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='task_script_actions',
+            field=models.BooleanField(blank=True, default=True, null=True),
+        ),
+    ]

api/tacticalrmm/alerts/migrations/0010_auto_20210917_1954.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.6 on 2021-09-17 19:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("alerts", "0009_auto_20210721_1810"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="alerttemplate",
+            name="created_by",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name="alerttemplate",
+            name="modified_by",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]

api/tacticalrmm/alerts/models.py

@@ -1,4 +1,20 @@
+from __future__ import annotations
+
+import re
+from typing import TYPE_CHECKING, Union
+
+from django.contrib.postgres.fields import ArrayField
 from django.db import models
+from django.db.models.fields import BooleanField, PositiveIntegerField
+from django.utils import timezone as djangotime
+
+from logs.models import BaseAuditModel, DebugLog
+from tacticalrmm.models import PermissionQuerySet
+
+if TYPE_CHECKING:
+    from agents.models import Agent
+    from autotasks.models import AutomatedTask
+    from checks.models import Check
 
 
 SEVERITY_CHOICES = [
@@ -7,8 +23,17 @@ SEVERITY_CHOICES = [
     ("error", "Error"),
 ]
 
+ALERT_TYPE_CHOICES = [
+    ("availability", "Availability"),
+    ("check", "Check"),
+    ("task", "Task"),
+    ("custom", "Custom"),
+]
+
 
 class Alert(models.Model):
+    objects = PermissionQuerySet.as_manager()
+
     agent = models.ForeignKey(
         "agents.Agent",
         related_name="agent",
@@ -23,21 +48,606 @@ class Alert(models.Model):
         null=True,
         blank=True,
     )
+    assigned_task = models.ForeignKey(
+        "autotasks.AutomatedTask",
+        related_name="alert",
+        on_delete=models.CASCADE,
+        null=True,
+        blank=True,
+    )
+    alert_type = models.CharField(
+        max_length=20, choices=ALERT_TYPE_CHOICES, default="availability"
+    )
     message = models.TextField(null=True, blank=True)
-    alert_time = models.DateTimeField(auto_now_add=True, null=True)
+    alert_time = models.DateTimeField(auto_now_add=True, null=True, blank=True)
+    snoozed = models.BooleanField(default=False)
     snooze_until = models.DateTimeField(null=True, blank=True)
     resolved = models.BooleanField(default=False)
-    severity = models.CharField(
-        max_length=100, choices=SEVERITY_CHOICES, default="info"
+    resolved_on = models.DateTimeField(null=True, blank=True)
+    severity = models.CharField(max_length=30, choices=SEVERITY_CHOICES, default="info")
+    email_sent = models.DateTimeField(null=True, blank=True)
+    resolved_email_sent = models.DateTimeField(null=True, blank=True)
+    sms_sent = models.DateTimeField(null=True, blank=True)
+    resolved_sms_sent = models.DateTimeField(null=True, blank=True)
+    hidden = models.BooleanField(default=False)
+    action_run = models.DateTimeField(null=True, blank=True)
+    action_stdout = models.TextField(null=True, blank=True)
+    action_stderr = models.TextField(null=True, blank=True)
+    action_retcode = models.IntegerField(null=True, blank=True)
+    action_execution_time = models.CharField(max_length=100, null=True, blank=True)
+    resolved_action_run = models.DateTimeField(null=True, blank=True)
+    resolved_action_stdout = models.TextField(null=True, blank=True)
+    resolved_action_stderr = models.TextField(null=True, blank=True)
+    resolved_action_retcode = models.IntegerField(null=True, blank=True)
+    resolved_action_execution_time = models.CharField(
+        max_length=100, null=True, blank=True
     )
 
     def __str__(self):
         return self.message
 
-    @classmethod
-    def create_availability_alert(cls, agent):
-        pass
+    def resolve(self):
+        self.resolved = True
+        self.resolved_on = djangotime.now()
+        self.snoozed = False
+        self.snooze_until = None
+        self.save()
 
     @classmethod
-    def create_check_alert(cls, check):
-        pass
+    def create_or_return_availability_alert(cls, agent):
+        if not cls.objects.filter(agent=agent, resolved=False).exists():
+            return cls.objects.create(
+                agent=agent,
+                alert_type="availability",
+                severity="error",
+                message=f"{agent.hostname} in {agent.client.name}\\{agent.site.name} is overdue.",
+                hidden=True,
+            )
+        else:
+            return cls.objects.get(agent=agent, resolved=False)
+
+    @classmethod
+    def create_or_return_check_alert(cls, check):
+
+        if not cls.objects.filter(assigned_check=check, resolved=False).exists():
+            return cls.objects.create(
+                assigned_check=check,
+                alert_type="check",
+                severity=check.alert_severity,
+                message=f"{check.agent.hostname} has a {check.check_type} check: {check.readable_desc} that failed.",
+                hidden=True,
+            )
+        else:
+            return cls.objects.get(assigned_check=check, resolved=False)
+
+    @classmethod
+    def create_or_return_task_alert(cls, task):
+
+        if not cls.objects.filter(assigned_task=task, resolved=False).exists():
+            return cls.objects.create(
+                assigned_task=task,
+                alert_type="task",
+                severity=task.alert_severity,
+                message=f"{task.agent.hostname} has task: {task.name} that failed.",
+                hidden=True,
+            )
+        else:
+            return cls.objects.get(assigned_task=task, resolved=False)
+
+    @classmethod
+    def handle_alert_failure(cls, instance: Union[Agent, AutomatedTask, Check]) -> None:
+        from agents.models import Agent
+        from autotasks.models import AutomatedTask
+        from checks.models import Check
+
+        # set variables
+        dashboard_severities = None
+        email_severities = None
+        text_severities = None
+        always_dashboard = None
+        always_email = None
+        always_text = None
+        alert_interval = None
+        email_task = None
+        text_task = None
+
+        # check what the instance passed is
+        if isinstance(instance, Agent):
+            from agents.tasks import agent_outage_email_task, agent_outage_sms_task
+
+            email_task = agent_outage_email_task
+            text_task = agent_outage_sms_task
+
+            email_alert = instance.overdue_email_alert
+            text_alert = instance.overdue_text_alert
+            dashboard_alert = instance.overdue_dashboard_alert
+            alert_template = instance.alert_template
+            maintenance_mode = instance.maintenance_mode
+            alert_severity = "error"
+            agent = instance
+
+            # set alert_template settings
+            if alert_template:
+                dashboard_severities = ["error"]
+                email_severities = ["error"]
+                text_severities = ["error"]
+                always_dashboard = alert_template.agent_always_alert
+                always_email = alert_template.agent_always_email
+                always_text = alert_template.agent_always_text
+                alert_interval = alert_template.agent_periodic_alert_days
+                run_script_action = alert_template.agent_script_actions
+
+            if instance.should_create_alert(alert_template):
+                alert = cls.create_or_return_availability_alert(instance)
+            else:
+                # check if there is an alert that exists
+                if cls.objects.filter(agent=instance, resolved=False).exists():
+                    alert = cls.objects.get(agent=instance, resolved=False)
+                else:
+                    alert = None
+
+        elif isinstance(instance, Check):
+            from checks.tasks import (
+                handle_check_email_alert_task,
+                handle_check_sms_alert_task,
+            )
+
+            email_task = handle_check_email_alert_task
+            text_task = handle_check_sms_alert_task
+
+            email_alert = instance.email_alert
+            text_alert = instance.text_alert
+            dashboard_alert = instance.dashboard_alert
+            alert_template = instance.agent.alert_template
+            maintenance_mode = instance.agent.maintenance_mode
+            alert_severity = instance.alert_severity
+            agent = instance.agent
+
+            # set alert_template settings
+            if alert_template:
+                dashboard_severities = alert_template.check_dashboard_alert_severity
+                email_severities = alert_template.check_email_alert_severity
+                text_severities = alert_template.check_text_alert_severity
+                always_dashboard = alert_template.check_always_alert
+                always_email = alert_template.check_always_email
+                always_text = alert_template.check_always_text
+                alert_interval = alert_template.check_periodic_alert_days
+                run_script_action = alert_template.check_script_actions
+
+            if instance.should_create_alert(alert_template):
+                alert = cls.create_or_return_check_alert(instance)
+            else:
+                # check if there is an alert that exists
+                if cls.objects.filter(assigned_check=instance, resolved=False).exists():
+                    alert = cls.objects.get(assigned_check=instance, resolved=False)
+                else:
+                    alert = None
+
+        elif isinstance(instance, AutomatedTask):
+            from autotasks.tasks import handle_task_email_alert, handle_task_sms_alert
+
+            email_task = handle_task_email_alert
+            text_task = handle_task_sms_alert
+
+            email_alert = instance.email_alert
+            text_alert = instance.text_alert
+            dashboard_alert = instance.dashboard_alert
+            alert_template = instance.agent.alert_template
+            maintenance_mode = instance.agent.maintenance_mode
+            alert_severity = instance.alert_severity
+            agent = instance.agent
+
+            # set alert_template settings
+            if alert_template:
+                dashboard_severities = alert_template.task_dashboard_alert_severity
+                email_severities = alert_template.task_email_alert_severity
+                text_severities = alert_template.task_text_alert_severity
+                always_dashboard = alert_template.task_always_alert
+                always_email = alert_template.task_always_email
+                always_text = alert_template.task_always_text
+                alert_interval = alert_template.task_periodic_alert_days
+                run_script_action = alert_template.task_script_actions
+
+            if instance.should_create_alert(alert_template):
+                alert = cls.create_or_return_task_alert(instance)
+            else:
+                # check if there is an alert that exists
+                if cls.objects.filter(assigned_task=instance, resolved=False).exists():
+                    alert = cls.objects.get(assigned_task=instance, resolved=False)
+                else:
+                    alert = None
+        else:
+            return
+
+        # return if agent is in maintenance mode
+        if maintenance_mode or not alert:
+            return
+
+        # check if alert severity changed on check and update the alert
+        if alert_severity != alert.severity:
+            alert.severity = alert_severity
+            alert.save(update_fields=["severity"])
+
+        # create alert in dashboard if enabled
+        if dashboard_alert or always_dashboard:
+
+            # check if alert template is set and specific severities are configured
+            if alert_template and alert.severity not in dashboard_severities:  # type: ignore
+                pass
+            else:
+                alert.hidden = False
+                alert.save()
+
+        # send email if enabled
+        if email_alert or always_email:
+
+            # check if alert template is set and specific severities are configured
+            if alert_template and alert.severity not in email_severities:  # type: ignore
+                pass
+            else:
+                email_task.delay(
+                    pk=alert.pk,
+                    alert_interval=alert_interval,
+                )
+
+        # send text if enabled
+        if text_alert or always_text:
+
+            # check if alert template is set and specific severities are configured
+            if alert_template and alert.severity not in text_severities:  # type: ignore
+                pass
+            else:
+                text_task.delay(pk=alert.pk, alert_interval=alert_interval)
+
+        # check if any scripts should be run
+        if alert_template and alert_template.action and run_script_action and not alert.action_run:  # type: ignore
+            r = agent.run_script(
+                scriptpk=alert_template.action.pk,
+                args=alert.parse_script_args(alert_template.action_args),
+                timeout=alert_template.action_timeout,
+                wait=True,
+                full=True,
+                run_on_any=True,
+            )
+
+            # command was successful
+            if type(r) == dict:
+                alert.action_retcode = r["retcode"]
+                alert.action_stdout = r["stdout"]
+                alert.action_stderr = r["stderr"]
+                alert.action_execution_time = "{:.4f}".format(r["execution_time"])
+                alert.action_run = djangotime.now()
+                alert.save()
+            else:
+                DebugLog.error(
+                    agent=agent,
+                    log_type="scripting",
+                    message=f"Failure action: {alert_template.action.name} failed to run on any agent for {agent.hostname}({agent.pk}) failure alert",
+                )
+
+    @classmethod
+    def handle_alert_resolve(cls, instance: Union[Agent, AutomatedTask, Check]) -> None:
+        from agents.models import Agent
+        from autotasks.models import AutomatedTask
+        from checks.models import Check
+
+        # set variables
+        email_on_resolved = False
+        text_on_resolved = False
+        resolved_email_task = None
+        resolved_text_task = None
+
+        # check what the instance passed is
+        if isinstance(instance, Agent):
+            from agents.tasks import agent_recovery_email_task, agent_recovery_sms_task
+
+            resolved_email_task = agent_recovery_email_task
+            resolved_text_task = agent_recovery_sms_task
+
+            alert_template = instance.alert_template
+            alert = cls.objects.get(agent=instance, resolved=False)
+            maintenance_mode = instance.maintenance_mode
+            agent = instance
+
+            if alert_template:
+                email_on_resolved = alert_template.agent_email_on_resolved
+                text_on_resolved = alert_template.agent_text_on_resolved
+                run_script_action = alert_template.agent_script_actions
+
+        elif isinstance(instance, Check):
+            from checks.tasks import (
+                handle_resolved_check_email_alert_task,
+                handle_resolved_check_sms_alert_task,
+            )
+
+            resolved_email_task = handle_resolved_check_email_alert_task
+            resolved_text_task = handle_resolved_check_sms_alert_task
+
+            alert_template = instance.agent.alert_template
+            alert = cls.objects.get(assigned_check=instance, resolved=False)
+            maintenance_mode = instance.agent.maintenance_mode
+            agent = instance.agent
+
+            if alert_template:
+                email_on_resolved = alert_template.check_email_on_resolved
+                text_on_resolved = alert_template.check_text_on_resolved
+                run_script_action = alert_template.check_script_actions
+
+        elif isinstance(instance, AutomatedTask):
+            from autotasks.tasks import (
+                handle_resolved_task_email_alert,
+                handle_resolved_task_sms_alert,
+            )
+
+            resolved_email_task = handle_resolved_task_email_alert
+            resolved_text_task = handle_resolved_task_sms_alert
+
+            alert_template = instance.agent.alert_template
+            alert = cls.objects.get(assigned_task=instance, resolved=False)
+            maintenance_mode = instance.agent.maintenance_mode
+            agent = instance.agent
+
+            if alert_template:
+                email_on_resolved = alert_template.task_email_on_resolved
+                text_on_resolved = alert_template.task_text_on_resolved
+                run_script_action = alert_template.task_script_actions
+
+        else:
+            return
+
+        # return if agent is in maintenance mode
+        if maintenance_mode:
+            return
+
+        alert.resolve()
+
+        # check if a resolved email notification should be send
+        if email_on_resolved and not alert.resolved_email_sent:
+            resolved_email_task.delay(pk=alert.pk)
+
+        # check if resolved text should be sent
+        if text_on_resolved and not alert.resolved_sms_sent:
+            resolved_text_task.delay(pk=alert.pk)
+
+        # check if resolved script should be run
+        if (
+            alert_template
+            and alert_template.resolved_action
+            and run_script_action  # type: ignore
+            and not alert.resolved_action_run
+        ):
+            r = agent.run_script(
+                scriptpk=alert_template.resolved_action.pk,
+                args=alert.parse_script_args(alert_template.resolved_action_args),
+                timeout=alert_template.resolved_action_timeout,
+                wait=True,
+                full=True,
+                run_on_any=True,
+            )
+
+            # command was successful
+            if type(r) == dict:
+                alert.resolved_action_retcode = r["retcode"]
+                alert.resolved_action_stdout = r["stdout"]
+                alert.resolved_action_stderr = r["stderr"]
+                alert.resolved_action_execution_time = "{:.4f}".format(
+                    r["execution_time"]
+                )
+                alert.resolved_action_run = djangotime.now()
+                alert.save()
+            else:
+                DebugLog.error(
+                    agent=agent,
+                    log_type="scripting",
+                    message=f"Resolved action: {alert_template.action.name} failed to run on any agent for {agent.hostname}({agent.pk}) resolved alert",
+                )
+
+    def parse_script_args(self, args: list[str]):
+
+        if not args:
+            return []
+
+        temp_args = list()
+        # pattern to match for injection
+        pattern = re.compile(".*\\{\\{alert\\.(.*)\\}\\}.*")
+
+        for arg in args:
+            match = pattern.match(arg)
+            if match:
+                name = match.group(1)
+
+                # check if attr exists and isn't a function
+                if hasattr(self, name) and not callable(getattr(self, name)):
+                    value = f"'{getattr(self, name)}'"
+                else:
+                    continue
+
+                try:
+                    temp_args.append(re.sub("\\{\\{.*\\}\\}", value, arg))  # type: ignore
+                except Exception as e:
+                    DebugLog.error(log_type="scripting", message=str(e))
+                    continue
+
+            else:
+                temp_args.append(arg)
+
+        return temp_args
+
+
+class AlertTemplate(BaseAuditModel):
+    name = models.CharField(max_length=100)
+    is_active = models.BooleanField(default=True)
+
+    action = models.ForeignKey(
+        "scripts.Script",
+        related_name="alert_template",
+        blank=True,
+        null=True,
+        on_delete=models.SET_NULL,
+    )
+    action_args = ArrayField(
+        models.CharField(max_length=255, null=True, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+    action_timeout = models.PositiveIntegerField(default=15)
+    resolved_action = models.ForeignKey(
+        "scripts.Script",
+        related_name="resolved_alert_template",
+        blank=True,
+        null=True,
+        on_delete=models.SET_NULL,
+    )
+    resolved_action_args = ArrayField(
+        models.CharField(max_length=255, null=True, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+    resolved_action_timeout = models.PositiveIntegerField(default=15)
+
+    # overrides the global recipients
+    email_recipients = ArrayField(
+        models.CharField(max_length=100, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+    text_recipients = ArrayField(
+        models.CharField(max_length=100, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+
+    # overrides the from address
+    email_from = models.EmailField(blank=True, null=True)
+
+    # agent alert settings
+    agent_email_on_resolved = BooleanField(null=True, blank=True, default=False)
+    agent_text_on_resolved = BooleanField(null=True, blank=True, default=False)
+    agent_always_email = BooleanField(null=True, blank=True, default=None)
+    agent_always_text = BooleanField(null=True, blank=True, default=None)
+    agent_always_alert = BooleanField(null=True, blank=True, default=None)
+    agent_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
+    agent_script_actions = BooleanField(null=True, blank=True, default=True)
+
+    # check alert settings
+    check_email_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    check_text_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    check_dashboard_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    check_email_on_resolved = BooleanField(null=True, blank=True, default=False)
+    check_text_on_resolved = BooleanField(null=True, blank=True, default=False)
+    check_always_email = BooleanField(null=True, blank=True, default=None)
+    check_always_text = BooleanField(null=True, blank=True, default=None)
+    check_always_alert = BooleanField(null=True, blank=True, default=None)
+    check_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
+    check_script_actions = BooleanField(null=True, blank=True, default=True)
+
+    # task alert settings
+    task_email_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    task_text_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    task_dashboard_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    task_email_on_resolved = BooleanField(null=True, blank=True, default=False)
+    task_text_on_resolved = BooleanField(null=True, blank=True, default=False)
+    task_always_email = BooleanField(null=True, blank=True, default=None)
+    task_always_text = BooleanField(null=True, blank=True, default=None)
+    task_always_alert = BooleanField(null=True, blank=True, default=None)
+    task_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
+    task_script_actions = BooleanField(null=True, blank=True, default=True)
+
+    # exclusion settings
+    exclude_workstations = BooleanField(null=True, blank=True, default=False)
+    exclude_servers = BooleanField(null=True, blank=True, default=False)
+
+    excluded_sites = models.ManyToManyField(
+        "clients.Site", related_name="alert_exclusions", blank=True
+    )
+    excluded_clients = models.ManyToManyField(
+        "clients.Client", related_name="alert_exclusions", blank=True
+    )
+    excluded_agents = models.ManyToManyField(
+        "agents.Agent", related_name="alert_exclusions", blank=True
+    )
+
+    def __str__(self):
+        return self.name
+
+    @staticmethod
+    def serialize(alert_template):
+        # serializes the agent and returns json
+        from .serializers import AlertTemplateAuditSerializer
+
+        return AlertTemplateAuditSerializer(alert_template).data
+
+    @property
+    def has_agent_settings(self) -> bool:
+        return (
+            self.agent_email_on_resolved
+            or self.agent_text_on_resolved
+            or self.agent_always_email
+            or self.agent_always_text
+            or self.agent_always_alert
+            or bool(self.agent_periodic_alert_days)
+        )
+
+    @property
+    def has_check_settings(self) -> bool:
+        return (
+            bool(self.check_email_alert_severity)
+            or bool(self.check_text_alert_severity)
+            or bool(self.check_dashboard_alert_severity)
+            or self.check_email_on_resolved
+            or self.check_text_on_resolved
+            or self.check_always_email
+            or self.check_always_text
+            or self.check_always_alert
+            or bool(self.check_periodic_alert_days)
+        )
+
+    @property
+    def has_task_settings(self) -> bool:
+        return (
+            bool(self.task_email_alert_severity)
+            or bool(self.task_text_alert_severity)
+            or bool(self.task_dashboard_alert_severity)
+            or self.task_email_on_resolved
+            or self.task_text_on_resolved
+            or self.task_always_email
+            or self.task_always_text
+            or self.task_always_alert
+            or bool(self.task_periodic_alert_days)
+        )
+
+    @property
+    def has_core_settings(self) -> bool:
+        return bool(self.email_from) or self.email_recipients or self.text_recipients
+
+    @property
+    def is_default_template(self) -> bool:
+        return self.default_alert_template.exists()  # type: ignore

api/tacticalrmm/alerts/permissions.py

@@ -0,0 +1,55 @@
+from django.shortcuts import get_object_or_404
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm, _has_perm_on_agent
+
+
+def _has_perm_on_alert(user, id: int):
+    from alerts.models import Alert
+
+    role = user.role
+    if user.is_superuser or (role and getattr(role, "is_superuser")):
+        return True
+
+    # make sure non-superusers with empty roles aren't permitted
+    elif not role:
+        return False
+
+    alert = get_object_or_404(Alert, id=id)
+
+    if alert.agent:
+        agent_id = alert.agent.agent_id
+    elif alert.assigned_check:
+        agent_id = alert.assigned_check.agent.agent_id
+    elif alert.assigned_task:
+        agent_id = alert.assigned_task.agent.agent_id
+    else:
+        return True
+
+    return _has_perm_on_agent(user, agent_id)
+
+
+class AlertPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET" or r.method == "PATCH":
+            if "pk" in view.kwargs.keys():
+                return _has_perm(r, "can_list_alerts") and _has_perm_on_alert(
+                    r.user, view.kwargs["pk"]
+                )
+            else:
+                return _has_perm(r, "can_list_alerts")
+        else:
+            if "pk" in view.kwargs.keys():
+                return _has_perm(r, "can_manage_alerts") and _has_perm_on_alert(
+                    r.user, view.kwargs["pk"]
+                )
+            else:
+                return _has_perm(r, "can_manage_alerts")
+
+
+class AlertTemplatePerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return _has_perm(r, "can_list_alerttemplates")
+        else:
+            return _has_perm(r, "can_manage_alerttemplates")

api/tacticalrmm/alerts/serializers.py

@@ -1,19 +1,144 @@
-from rest_framework.serializers import (
-    ModelSerializer,
-    ReadOnlyField,
-    DateTimeField,
-)
+from rest_framework.fields import SerializerMethodField
+from rest_framework.serializers import ModelSerializer, ReadOnlyField
 
-from .models import Alert
+from automation.serializers import PolicySerializer
+from clients.serializers import ClientMinimumSerializer, SiteMinimumSerializer
+from tacticalrmm.utils import get_default_timezone
+
+from .models import Alert, AlertTemplate
 
 
 class AlertSerializer(ModelSerializer):
 
-    hostname = ReadOnlyField(source="agent.hostname")
-    client = ReadOnlyField(source="agent.client")
-    site = ReadOnlyField(source="agent.site")
-    alert_time = DateTimeField(format="iso-8601")
+    hostname = SerializerMethodField()
+    agent_id = SerializerMethodField()
+    client = SerializerMethodField()
+    site = SerializerMethodField()
+    alert_time = SerializerMethodField()
+    resolve_on = SerializerMethodField()
+    snoozed_until = SerializerMethodField()
+
+    def get_agent_id(self, instance):
+        if instance.alert_type == "availability":
+            return instance.agent.agent_id if instance.agent else ""
+        elif instance.alert_type == "check":
+            return (
+                instance.assigned_check.agent.agent_id
+                if instance.assigned_check
+                else ""
+            )
+        elif instance.alert_type == "task":
+            return (
+                instance.assigned_task.agent.agent_id if instance.assigned_task else ""
+            )
+        else:
+            return ""
+
+    def get_hostname(self, instance):
+        if instance.alert_type == "availability":
+            return instance.agent.hostname if instance.agent else ""
+        elif instance.alert_type == "check":
+            return (
+                instance.assigned_check.agent.hostname
+                if instance.assigned_check
+                else ""
+            )
+        elif instance.alert_type == "task":
+            return (
+                instance.assigned_task.agent.hostname if instance.assigned_task else ""
+            )
+        else:
+            return ""
+
+    def get_client(self, instance):
+        if instance.alert_type == "availability":
+            return instance.agent.client.name if instance.agent else ""
+        elif instance.alert_type == "check":
+            return (
+                instance.assigned_check.agent.client.name
+                if instance.assigned_check
+                else ""
+            )
+        elif instance.alert_type == "task":
+            return (
+                instance.assigned_task.agent.client.name
+                if instance.assigned_task
+                else ""
+            )
+        else:
+            return ""
+
+    def get_site(self, instance):
+        if instance.alert_type == "availability":
+            return instance.agent.site.name if instance.agent else ""
+        elif instance.alert_type == "check":
+            return (
+                instance.assigned_check.agent.site.name
+                if instance.assigned_check
+                else ""
+            )
+        elif instance.alert_type == "task":
+            return (
+                instance.assigned_task.agent.site.name if instance.assigned_task else ""
+            )
+        else:
+            return ""
+
+    def get_alert_time(self, instance):
+        if instance.alert_time:
+            return instance.alert_time.astimezone(get_default_timezone()).timestamp()
+        else:
+            return None
+
+    def get_resolve_on(self, instance):
+        if instance.resolved_on:
+            return instance.resolved_on.astimezone(get_default_timezone()).timestamp()
+        else:
+            return None
+
+    def get_snoozed_until(self, instance):
+        if instance.snooze_until:
+            return instance.snooze_until.astimezone(get_default_timezone()).timestamp()
+        return None
 
     class Meta:
         model = Alert
         fields = "__all__"
+
+
+class AlertTemplateSerializer(ModelSerializer):
+    agent_settings = ReadOnlyField(source="has_agent_settings")
+    check_settings = ReadOnlyField(source="has_check_settings")
+    task_settings = ReadOnlyField(source="has_task_settings")
+    core_settings = ReadOnlyField(source="has_core_settings")
+    default_template = ReadOnlyField(source="is_default_template")
+    action_name = ReadOnlyField(source="action.name")
+    resolved_action_name = ReadOnlyField(source="resolved_action.name")
+    applied_count = SerializerMethodField()
+
+    class Meta:
+        model = AlertTemplate
+        fields = "__all__"
+
+    def get_applied_count(self, instance):
+        count = 0
+        count += instance.policies.count()
+        count += instance.clients.count()
+        count += instance.sites.count()
+        return count
+
+
+class AlertTemplateRelationSerializer(ModelSerializer):
+    policies = PolicySerializer(read_only=True, many=True)
+    clients = ClientMinimumSerializer(read_only=True, many=True)
+    sites = SiteMinimumSerializer(read_only=True, many=True)
+
+    class Meta:
+        model = AlertTemplate
+        fields = "__all__"
+
+
+class AlertTemplateAuditSerializer(ModelSerializer):
+    class Meta:
+        model = AlertTemplate
+        fields = "__all__"