Release 0.9.0

formatting

.devcontainer/.env.example

@@ -26,3 +26,6 @@ POSTGRES_PASS=postgrespass
 APP_PORT=80
 API_PORT=80
 HTTP_PROTOCOL=https
+DOCKER_NETWORK=172.21.0.0/24
+DOCKER_NGINX_IP=172.21.0.20
+NATS_PORTS=4222:4222

.devcontainer/api.dockerfile

@@ -1,7 +1,6 @@
-FROM python:3.9.2-slim
+FROM python:3.9.6-slim
 
 ENV TACTICAL_DIR /opt/tactical
-ENV TACTICAL_GO_DIR /usr/local/rmmgo
 ENV TACTICAL_READY_FILE ${TACTICAL_DIR}/tmp/tactical.ready
 ENV WORKSPACE_DIR /workspace
 ENV TACTICAL_USER tactical
@@ -9,20 +8,22 @@ ENV VIRTUAL_ENV ${WORKSPACE_DIR}/api/tacticalrmm/env
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
-EXPOSE 8000
+EXPOSE 8000 8383 8005
 
 RUN groupadd -g 1000 tactical && \
     useradd -u 1000 -g 1000 tactical
 
-# Copy Go Files
-COPY --from=golang:1.16 /usr/local/go ${TACTICAL_GO_DIR}/go
+# Copy nats-api file
+COPY natsapi/bin/nats-api /usr/local/bin/
+RUN chmod +x /usr/local/bin/nats-api
 
-# Copy Dev python reqs
-COPY ./requirements.txt /
+# Copy dev python reqs
+COPY .devcontainer/requirements.txt  /
 
-# Copy Docker Entrypoint
-COPY ./entrypoint.sh /
+# Copy docker entrypoint.sh
+COPY .devcontainer/entrypoint.sh /
 RUN chmod +x /entrypoint.sh
+
 ENTRYPOINT ["/entrypoint.sh"]
 
 WORKDIR ${WORKSPACE_DIR}/api/tacticalrmm

.devcontainer/docker-compose.yml

@@ -2,11 +2,12 @@ version: '3.4'
 
 services:
   api-dev:
+    container_name: trmm-api-dev
     image: api-dev
     restart: always
     build:
-      context: .
-      dockerfile: ./api.dockerfile
+      context: ..
+      dockerfile: .devcontainer/api.dockerfile
     command: ["tactical-api"]
     environment:
       API_PORT: ${API_PORT}
@@ -21,9 +22,10 @@ services:
           - tactical-backend
 
   app-dev:
-    image: node:12-alpine
+    container_name: trmm-app-dev
+    image: node:14-alpine
     restart: always
-    command: /bin/sh -c "npm install && npm run serve -- --host 0.0.0.0 --port ${APP_PORT}"
+    command: /bin/sh -c "npm install npm@latest -g && npm install && npm run serve -- --host 0.0.0.0 --port ${APP_PORT}"
     working_dir: /workspace/web
     volumes:
       - ..:/workspace:cached
@@ -36,6 +38,7 @@ services:
 
   # nats
   nats-dev:
+    container_name: trmm-nats-dev
     image: ${IMAGE_REPO}tactical-nats:${VERSION}
     restart: always
     environment:
@@ -43,7 +46,7 @@ services:
       API_PORT: ${API_PORT}
       DEV: 1
     ports:
-      - "4222:4222"
+      - "${NATS_PORTS}"
     volumes:
       - tactical-data-dev:/opt/tactical
       - ..:/workspace:cached
@@ -55,6 +58,7 @@ services:
 
   # meshcentral container
   meshcentral-dev:
+    container_name: trmm-meshcentral-dev
     image: ${IMAGE_REPO}tactical-meshcentral:${VERSION}
     restart: always
     environment: 
@@ -63,7 +67,7 @@ services:
       MESH_PASS: ${MESH_PASS}
       MONGODB_USER: ${MONGODB_USER}
       MONGODB_PASSWORD: ${MONGODB_PASSWORD}
-      NGINX_HOST_IP: 172.21.0.20
+      NGINX_HOST_IP: ${DOCKER_NGINX_IP}
     networks:
       dev:
         aliases:
@@ -77,6 +81,7 @@ services:
 
   # mongodb container for meshcentral
   mongodb-dev:
+    container_name: trmm-mongodb-dev
     image: mongo:4.4
     restart: always
     environment:
@@ -92,6 +97,7 @@ services:
 
   # postgres database for api service
   postgres-dev:
+    container_name: trmm-postgres-dev
     image: postgres:13-alpine
     restart: always
     environment:
@@ -107,18 +113,20 @@ services:
 
   # redis container for celery tasks
   redis-dev:
+    container_name: trmm-redis-dev
     restart: always
+    command: redis-server --appendonly yes
     image: redis:6.0-alpine
+    volumes: 
+      - redis-data-dev:/data
     networks:
       dev:
         aliases:
           - tactical-redis
 
   init-dev:
+    container_name: trmm-init-dev
     image: api-dev
-    build:
-      context: .
-      dockerfile: ./api.dockerfile
     restart: on-failure
     command: ["tactical-init-dev"]
     environment:
@@ -143,10 +151,8 @@ services:
 
   # container for celery worker service
   celery-dev:
+    container_name: trmm-celery-dev
     image: api-dev
-    build:
-      context: .
-      dockerfile: ./api.dockerfile
     command: ["tactical-celery-dev"]
     restart: always
     networks:
@@ -160,10 +166,8 @@ services:
 
   # container for celery beat service
   celerybeat-dev:
+    container_name: trmm-celerybeat-dev
     image: api-dev
-    build:
-      context: .
-      dockerfile: ./api.dockerfile
     command: ["tactical-celerybeat-dev"]
     restart: always
     networks:
@@ -175,8 +179,26 @@ services:
       - postgres-dev
       - redis-dev
 
-  nginx-dev:
+  # container for websockets communication
+  websockets-dev:
+    container_name: trmm-websockets-dev
+    image: api-dev
+    command: ["tactical-websockets-dev"]
+    restart: always
+    networks:
+      dev:
+        aliases:
+          - tactical-websockets
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - ..:/workspace:cached
+    depends_on:
+      - postgres-dev
+      - redis-dev
+
   # container for tactical reverse proxy
+  nginx-dev:
+    container_name: trmm-nginx-dev
     image: ${IMAGE_REPO}tactical-nginx:${VERSION}
     restart: always
     environment:
@@ -187,20 +209,34 @@ services:
       CERT_PRIV_KEY: ${CERT_PRIV_KEY}
       APP_PORT: ${APP_PORT}
       API_PORT: ${API_PORT}
+      DEV: 1
     networks:
       dev:
-        ipv4_address: 172.21.0.20
+        ipv4_address: ${DOCKER_NGINX_IP}
     ports:
       - "80:80"
       - "443:443"
     volumes:
       - tactical-data-dev:/opt/tactical
 
+  mkdocs-dev:
+    container_name: trmm-mkdocs-dev
+    image: api-dev
+    restart: always
+    command: ["tactical-mkdocs-dev"]
+    ports:
+      - "8005:8005"
+    volumes:
+      - ..:/workspace:cached
+    networks:
+      - dev
+
 volumes:
   tactical-data-dev:
   postgres-data-dev:
   mongo-dev-data:
   mesh-data-dev:
+  redis-data-dev:
 
 networks:
   dev:
@@ -208,4 +244,4 @@ networks:
     ipam:
       driver: default
       config:
-        - subnet: 172.21.0.0/24  
+        - subnet: ${DOCKER_NETWORK}

.devcontainer/entrypoint.sh

@@ -78,24 +78,6 @@ DATABASES = {
     }
 }
 
-REST_FRAMEWORK = {
-    'DATETIME_FORMAT': '%b-%d-%Y - %H:%M',
-
-    'DEFAULT_PERMISSION_CLASSES': (
-        'rest_framework.permissions.IsAuthenticated',
-    ),
-    'DEFAULT_AUTHENTICATION_CLASSES': (
-        'knox.auth.TokenAuthentication',
-    ),
-}
-
-if not DEBUG:
-    REST_FRAMEWORK.update({
-        'DEFAULT_RENDERER_CLASSES': (
-            'rest_framework.renderers.JSONRenderer',
-        )
-    })
-
 MESH_USERNAME = '${MESH_USER}'
 MESH_SITE = 'https://${MESH_HOST}'
 MESH_TOKEN_KEY = '${MESH_TOKEN}'
@@ -114,6 +96,7 @@ EOF
   "${VIRTUAL_ENV}"/bin/python manage.py load_chocos
   "${VIRTUAL_ENV}"/bin/python manage.py load_community_scripts
   "${VIRTUAL_ENV}"/bin/python manage.py reload_nats
+  "${VIRTUAL_ENV}"/bin/python manage.py create_installer_user
 
   # create super user 
   echo "from accounts.models import User; User.objects.create_superuser('${TRMM_USER}', 'admin@example.com', '${TRMM_PASS}') if not User.objects.filter(username='${TRMM_USER}').exists() else 0;" | python manage.py shell
@@ -136,10 +119,11 @@ if [ "$1" = 'tactical-init-dev' ]; then
   webenv="$(cat << EOF
 PROD_URL = "${HTTP_PROTOCOL}://${API_HOST}"
 DEV_URL = "${HTTP_PROTOCOL}://${API_HOST}"
-APP_URL = https://${APP_HOST}
+APP_URL = "https://${APP_HOST}"
+DOCKER_BUILD = 1
 EOF
 )"
-  echo "${webenv}" | tee ${WORKSPACE_DIR}/web/.env > /dev/null
+  echo "${webenv}" | tee "${WORKSPACE_DIR}"/web/.env > /dev/null
 
   # chown everything to tactical user
   chown -R "${TACTICAL_USER}":"${TACTICAL_USER}" "${WORKSPACE_DIR}"
@@ -150,9 +134,6 @@ EOF
 fi
 
 if [ "$1" = 'tactical-api' ]; then
-  cp "${WORKSPACE_DIR}"/api/tacticalrmm/core/goinstaller/bin/goversioninfo /usr/local/bin/goversioninfo
-  chmod +x /usr/local/bin/goversioninfo
-  
   check_tactical_ready
   "${VIRTUAL_ENV}"/bin/python manage.py runserver 0.0.0.0:"${API_PORT}"
 fi
@@ -167,3 +148,13 @@ if [ "$1" = 'tactical-celerybeat-dev' ]; then
   test -f "${WORKSPACE_DIR}/api/tacticalrmm/celerybeat.pid" && rm "${WORKSPACE_DIR}/api/tacticalrmm/celerybeat.pid"
   "${VIRTUAL_ENV}"/bin/celery -A tacticalrmm beat -l debug
 fi
+
+if [ "$1" = 'tactical-websockets-dev' ]; then
+  check_tactical_ready
+  "${VIRTUAL_ENV}"/bin/daphne tacticalrmm.asgi:application --port 8383 -b 0.0.0.0
+fi
+
+if [ "$1" = 'tactical-mkdocs-dev' ]; then
+  cd "${WORKSPACE_DIR}/docs"
+  "${VIRTUAL_ENV}"/bin/mkdocs serve
+fi

.devcontainer/requirements.txt

@@ -1,6 +1,9 @@
 # To ensure app dependencies are ported from your virtual environment/host machine into your container, run 'pip freeze > requirements.txt' in the terminal to overwrite this file
 asyncio-nats-client
 celery
+channels
+channels_redis
+django-ipware
 Django
 django-cors-headers
 django-rest-knox
@@ -30,3 +33,5 @@ mkdocs-material
 pymdown-extensions
 Pygments
 mypy
+pysnooper
+isort

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a bug report
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Server Info (please complete the following information):**
+ - OS: [e.g. Ubuntu 20.04, Debian 10]
+ - Browser: [e.g. chrome, safari]
+ - RMM Version (as shown in top left of web UI):
+
+**Installation Method:**
+  - [ ] Standard
+  - [ ] Docker
+
+**Agent Info (please complete the following information):**
+- Agent version (as shown in the 'Summary' tab of the agent from web UI):
+- Agent OS: [e.g. Win 10 v2004, Server 2012 R2]
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/deploy-docs.yml

@@ -2,7 +2,7 @@ name: Deploy Docs
 on:
   push:
     branches:
-      - develop
+      - master
 
 defaults:
   run:

.gitignore

@@ -47,3 +47,5 @@ docs/.vuepress/dist
 nats-rmm.conf
 .mypy_cache
 docs/site/
+reset_db.sh
+run_go_cmd.py

README.md

@@ -8,10 +8,8 @@
 Tactical RMM is a remote monitoring & management tool for Windows computers, built with Django and Vue.\
 It uses an [agent](https://github.com/wh1te909/rmmagent) written in golang and integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral)
 
-# [LIVE DEMO](https://rmm.xlawgaming.com/)
-Demo database resets every hour. Alot of features are disabled for obvious reasons due to the nature of this app.
-
-*Tactical RMM is currently in alpha and subject to breaking changes. Use in production at your own risk.*
+# [LIVE DEMO](https://rmm.tacticalrmm.io/)
+Demo database resets every hour. A lot of features are disabled for obvious reasons due to the nature of this app.
 
 ### [Discord Chat](https://discord.gg/upGTkWp)
 
@@ -37,4 +35,4 @@ Demo database resets every hour. Alot of features are disabled for obvious reaso
 
 ## Installation / Backup / Restore / Usage
 
-### Refer to the [documentation](https://wh1te909.github.io/tacticalrmm/)
+### Refer to the [documentation](https://wh1te909.github.io/tacticalrmm/)

api/tacticalrmm/accounts/admin.py

@@ -1,7 +1,8 @@
 from django.contrib import admin
 from rest_framework.authtoken.admin import TokenAdmin
 
-from .models import User
+from .models import User, Role
 
 admin.site.register(User)
 TokenAdmin.raw_id_fields = ("user",)
+admin.site.register(Role)

api/tacticalrmm/accounts/management/commands/create_installer_user.py

@@ -0,0 +1,19 @@
+import uuid
+
+from django.core.management.base import BaseCommand
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Creates the installer user"
+
+    def handle(self, *args, **kwargs):
+        if User.objects.filter(is_installer_user=True).exists():
+            return
+
+        User.objects.create_user(  # type: ignore
+            username=uuid.uuid4().hex,
+            is_installer_user=True,
+            password=User.objects.make_random_password(60),  # type: ignore
+            block_dashboard_login=True,
+        )

api/tacticalrmm/accounts/migrations/0013_user_client_tree_sort.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-09 02:33
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0012_user_agents_per_page'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='client_tree_sort',
+            field=models.CharField(choices=[('alphafail', 'Move failing clients to the top'), ('alpha', 'Sort alphabetically')], default='alphafail', max_length=50),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0014_user_client_tree_splitter.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2 on 2021-04-11 01:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0013_user_client_tree_sort'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='client_tree_splitter',
+            field=models.PositiveIntegerField(default=11),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0015_user_loading_bar_color.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2 on 2021-04-11 03:03
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0014_user_client_tree_splitter'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='loading_bar_color',
+            field=models.CharField(default='red', max_length=255),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0016_auto_20210507_1526.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.2.1 on 2021-05-07 15:26
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0022_urlaction'),
+        ('accounts', '0015_user_loading_bar_color'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='url_action',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='user', to='core.urlaction'),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='agent_dblclick_action',
+            field=models.CharField(choices=[('editagent', 'Edit Agent'), ('takecontrol', 'Take Control'), ('remotebg', 'Remote Background'), ('urlaction', 'URL Action')], default='editagent', max_length=50),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0017_auto_20210508_1716.py

@@ -0,0 +1,173 @@
+# Generated by Django 3.2.1 on 2021-05-08 17:16
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0016_auto_20210507_1526'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='can_code_sign',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_do_server_maint',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_edit_agent',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_edit_core_settings',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_install_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_accounts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_alerts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_automation_policies',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_clients',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_deployments',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_notes',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_pendingactions',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_procs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_sites',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_software',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_winsvcs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_winupdates',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_reboot_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_bulk',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_send_cmd',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_uninstall_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_update_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_use_mesh',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_auditlogs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_debuglogs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_eventlogs',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0018_auto_20210511_0233.py

@@ -0,0 +1,181 @@
+# Generated by Django 3.2.1 on 2021-05-11 02:33
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0017_auto_20210508_1716'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Role',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, unique=True)),
+                ('is_superuser', models.BooleanField(default=False)),
+                ('can_use_mesh', models.BooleanField(default=False)),
+                ('can_uninstall_agents', models.BooleanField(default=False)),
+                ('can_update_agents', models.BooleanField(default=False)),
+                ('can_edit_agent', models.BooleanField(default=False)),
+                ('can_manage_procs', models.BooleanField(default=False)),
+                ('can_view_eventlogs', models.BooleanField(default=False)),
+                ('can_send_cmd', models.BooleanField(default=False)),
+                ('can_reboot_agents', models.BooleanField(default=False)),
+                ('can_install_agents', models.BooleanField(default=False)),
+                ('can_run_scripts', models.BooleanField(default=False)),
+                ('can_run_bulk', models.BooleanField(default=False)),
+                ('can_manage_notes', models.BooleanField(default=False)),
+                ('can_edit_core_settings', models.BooleanField(default=False)),
+                ('can_do_server_maint', models.BooleanField(default=False)),
+                ('can_code_sign', models.BooleanField(default=False)),
+                ('can_manage_checks', models.BooleanField(default=False)),
+                ('can_run_checks', models.BooleanField(default=False)),
+                ('can_manage_clients', models.BooleanField(default=False)),
+                ('can_manage_sites', models.BooleanField(default=False)),
+                ('can_manage_deployments', models.BooleanField(default=False)),
+                ('can_manage_automation_policies', models.BooleanField(default=False)),
+                ('can_manage_autotasks', models.BooleanField(default=False)),
+                ('can_run_autotasks', models.BooleanField(default=False)),
+                ('can_view_auditlogs', models.BooleanField(default=False)),
+                ('can_manage_pendingactions', models.BooleanField(default=False)),
+                ('can_view_debuglogs', models.BooleanField(default=False)),
+                ('can_manage_scripts', models.BooleanField(default=False)),
+                ('can_manage_alerts', models.BooleanField(default=False)),
+                ('can_manage_winsvcs', models.BooleanField(default=False)),
+                ('can_manage_software', models.BooleanField(default=False)),
+                ('can_manage_winupdates', models.BooleanField(default=False)),
+                ('can_manage_accounts', models.BooleanField(default=False)),
+            ],
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_code_sign',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_do_server_maint',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_edit_agent',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_edit_core_settings',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_install_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_accounts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_alerts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_automation_policies',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_autotasks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_checks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_clients',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_deployments',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_notes',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_pendingactions',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_procs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_scripts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_sites',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_software',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_winsvcs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_winupdates',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_reboot_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_autotasks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_bulk',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_checks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_scripts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_send_cmd',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_uninstall_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_update_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_use_mesh',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_auditlogs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_debuglogs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_eventlogs',
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0019_user_role.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.2.1 on 2021-05-11 02:33
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0018_auto_20210511_0233"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="role",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="roles",
+                to="accounts.role",
+            ),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0020_role_can_manage_roles.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.1 on 2021-05-11 17:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0019_user_role'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_roles',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0021_role_can_view_core_settings.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-17 04:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0020_role_can_manage_roles'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_view_core_settings',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0022_user_clear_search_when_switching.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-28 05:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0021_role_can_view_core_settings'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='clear_search_when_switching',
+            field=models.BooleanField(default=True),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0023_user_is_installer_user.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-30 03:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0022_user_clear_search_when_switching'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='is_installer_user',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0024_user_last_login_ip.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.1 on 2021-07-20 20:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0023_user_is_installer_user'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='last_login_ip',
+            field=models.GenericIPAddressField(blank=True, default=None, null=True),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0025_auto_20210721_0424.py

@@ -0,0 +1,33 @@
+# Generated by Django 3.2.1 on 2021-07-21 04:24
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0024_user_last_login_ip'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='created_time',
+            field=models.DateTimeField(auto_now_add=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='modified_time',
+            field=models.DateTimeField(auto_now=True, null=True),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0026_auto_20210901_1247.py

@@ -0,0 +1,34 @@
+# Generated by Django 3.2.6 on 2021-09-01 12:47
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0025_auto_20210721_0424'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='APIKey',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created_by', models.CharField(blank=True, max_length=100, null=True)),
+                ('created_time', models.DateTimeField(auto_now_add=True, null=True)),
+                ('modified_by', models.CharField(blank=True, max_length=100, null=True)),
+                ('modified_time', models.DateTimeField(auto_now=True, null=True)),
+                ('name', models.CharField(max_length=25, unique=True)),
+                ('key', models.CharField(blank=True, max_length=48, unique=True)),
+                ('expiration', models.DateTimeField(blank=True, default=None, null=True)),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_api_keys',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0027_auto_20210903_0054.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.2.6 on 2021-09-03 00:54
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0026_auto_20210901_1247'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='apikey',
+            name='user',
+            field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.CASCADE, related_name='api_key', to='accounts.user'),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='block_dashboard_login',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0028_auto_20211010_0249.py

@@ -0,0 +1,150 @@
+# Generated by Django 3.2.6 on 2021-10-10 02:49
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('clients', '0018_auto_20211010_0249'),
+        ('accounts', '0027_auto_20210903_0054'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_list_accounts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_agent_history',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_alerts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_api_keys',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_automation_policies',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_clients',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_deployments',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_notes',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_pendingactions',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_roles',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_sites',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_list_software',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_ping_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_recover_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_view_clients',
+            field=models.ManyToManyField(blank=True, related_name='role_clients', to='clients.Client'),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_view_sites',
+            field=models.ManyToManyField(blank=True, related_name='role_sites', to='clients.Site'),
+        ),
+        migrations.AlterField(
+            model_name='apikey',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='apikey',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='role',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='role',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='role',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='users', to='accounts.role'),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0029_auto_20211022_2245.py

@@ -0,0 +1,28 @@
+# Generated by Django 3.2.6 on 2021-10-22 22:45
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0028_auto_20211010_0249'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_list_alerttemplates',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_alerttemplates',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_run_urlactions',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0030_auto_20211104_0221.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.6 on 2021-11-04 02:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0029_auto_20211022_2245'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_customfields',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='role',
+            name='can_view_customfields',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/models.py

@@ -1,5 +1,6 @@
 from django.contrib.auth.models import AbstractUser
 from django.db import models
+from django.db.models.fields import CharField, DateTimeField
 
 from logs.models import BaseAuditModel
 
@@ -7,6 +8,7 @@ AGENT_DBLCLICK_CHOICES = [
     ("editagent", "Edit Agent"),
     ("takecontrol", "Take Control"),
     ("remotebg", "Remote Background"),
+    ("urlaction", "URL Action"),
 ]
 
 AGENT_TBL_TAB_CHOICES = [
@@ -15,19 +17,40 @@ AGENT_TBL_TAB_CHOICES = [
     ("mixed", "Mixed"),
 ]
 
+CLIENT_TREE_SORT_CHOICES = [
+    ("alphafail", "Move failing clients to the top"),
+    ("alpha", "Sort alphabetically"),
+]
+
 
 class User(AbstractUser, BaseAuditModel):
     is_active = models.BooleanField(default=True)
+    block_dashboard_login = models.BooleanField(default=False)
     totp_key = models.CharField(max_length=50, null=True, blank=True)
     dark_mode = models.BooleanField(default=True)
     show_community_scripts = models.BooleanField(default=True)
     agent_dblclick_action = models.CharField(
         max_length=50, choices=AGENT_DBLCLICK_CHOICES, default="editagent"
     )
+    url_action = models.ForeignKey(
+        "core.URLAction",
+        related_name="user",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+    )
     default_agent_tbl_tab = models.CharField(
         max_length=50, choices=AGENT_TBL_TAB_CHOICES, default="server"
     )
-    agents_per_page = models.PositiveIntegerField(default=50)
+    agents_per_page = models.PositiveIntegerField(default=50)  # not currently used
+    client_tree_sort = models.CharField(
+        max_length=50, choices=CLIENT_TREE_SORT_CHOICES, default="alphafail"
+    )
+    client_tree_splitter = models.PositiveIntegerField(default=11)
+    loading_bar_color = models.CharField(max_length=255, default="red")
+    clear_search_when_switching = models.BooleanField(default=True)
+    is_installer_user = models.BooleanField(default=False)
+    last_login_ip = models.GenericIPAddressField(default=None, blank=True, null=True)
 
     agent = models.OneToOneField(
         "agents.Agent",
@@ -37,9 +60,141 @@ class User(AbstractUser, BaseAuditModel):
         on_delete=models.CASCADE,
     )
 
+    role = models.ForeignKey(
+        "accounts.Role",
+        null=True,
+        blank=True,
+        related_name="users",
+        on_delete=models.SET_NULL,
+    )
+
     @staticmethod
     def serialize(user):
         # serializes the task and returns json
         from .serializers import UserSerializer
 
         return UserSerializer(user).data
+
+
+class Role(BaseAuditModel):
+    name = models.CharField(max_length=255, unique=True)
+    is_superuser = models.BooleanField(default=False)
+
+    # agents
+    can_list_agents = models.BooleanField(default=False)
+    can_ping_agents = models.BooleanField(default=False)
+    can_use_mesh = models.BooleanField(default=False)
+    can_uninstall_agents = models.BooleanField(default=False)
+    can_update_agents = models.BooleanField(default=False)
+    can_edit_agent = models.BooleanField(default=False)
+    can_manage_procs = models.BooleanField(default=False)
+    can_view_eventlogs = models.BooleanField(default=False)
+    can_send_cmd = models.BooleanField(default=False)
+    can_reboot_agents = models.BooleanField(default=False)
+    can_install_agents = models.BooleanField(default=False)
+    can_run_scripts = models.BooleanField(default=False)
+    can_run_bulk = models.BooleanField(default=False)
+    can_recover_agents = models.BooleanField(default=False)
+    can_list_agent_history = models.BooleanField(default=False)
+
+    # core
+    can_list_notes = models.BooleanField(default=False)
+    can_manage_notes = models.BooleanField(default=False)
+    can_view_core_settings = models.BooleanField(default=False)
+    can_edit_core_settings = models.BooleanField(default=False)
+    can_do_server_maint = models.BooleanField(default=False)
+    can_code_sign = models.BooleanField(default=False)
+    can_run_urlactions = models.BooleanField(default=False)
+    can_view_customfields = models.BooleanField(default=False)
+    can_manage_customfields = models.BooleanField(default=False)
+
+    # checks
+    can_list_checks = models.BooleanField(default=False)
+    can_manage_checks = models.BooleanField(default=False)
+    can_run_checks = models.BooleanField(default=False)
+
+    # clients
+    can_list_clients = models.BooleanField(default=False)
+    can_manage_clients = models.BooleanField(default=False)
+    can_list_sites = models.BooleanField(default=False)
+    can_manage_sites = models.BooleanField(default=False)
+    can_list_deployments = models.BooleanField(default=False)
+    can_manage_deployments = models.BooleanField(default=False)
+    can_view_clients = models.ManyToManyField(
+        "clients.Client", related_name="role_clients", blank=True
+    )
+    can_view_sites = models.ManyToManyField(
+        "clients.Site", related_name="role_sites", blank=True
+    )
+
+    # automation
+    can_list_automation_policies = models.BooleanField(default=False)
+    can_manage_automation_policies = models.BooleanField(default=False)
+
+    # automated tasks
+    can_list_autotasks = models.BooleanField(default=False)
+    can_manage_autotasks = models.BooleanField(default=False)
+    can_run_autotasks = models.BooleanField(default=False)
+
+    # logs
+    can_view_auditlogs = models.BooleanField(default=False)
+    can_list_pendingactions = models.BooleanField(default=False)
+    can_manage_pendingactions = models.BooleanField(default=False)
+    can_view_debuglogs = models.BooleanField(default=False)
+
+    # scripts
+    can_list_scripts = models.BooleanField(default=False)
+    can_manage_scripts = models.BooleanField(default=False)
+
+    # alerts
+    can_list_alerts = models.BooleanField(default=False)
+    can_manage_alerts = models.BooleanField(default=False)
+    can_list_alerttemplates = models.BooleanField(default=False)
+    can_manage_alerttemplates = models.BooleanField(default=False)
+
+    # win services
+    can_manage_winsvcs = models.BooleanField(default=False)
+
+    # software
+    can_list_software = models.BooleanField(default=False)
+    can_manage_software = models.BooleanField(default=False)
+
+    # windows updates
+    can_manage_winupdates = models.BooleanField(default=False)
+
+    # accounts
+    can_list_accounts = models.BooleanField(default=False)
+    can_manage_accounts = models.BooleanField(default=False)
+    can_list_roles = models.BooleanField(default=False)
+    can_manage_roles = models.BooleanField(default=False)
+
+    # authentication
+    can_list_api_keys = models.BooleanField(default=False)
+    can_manage_api_keys = models.BooleanField(default=False)
+
+    def __str__(self):
+        return self.name
+
+    @staticmethod
+    def serialize(role):
+        # serializes the agent and returns json
+        from .serializers import RoleAuditSerializer
+
+        return RoleAuditSerializer(role).data
+
+
+class APIKey(BaseAuditModel):
+    name = CharField(unique=True, max_length=25)
+    key = CharField(unique=True, blank=True, max_length=48)
+    expiration = DateTimeField(blank=True, null=True, default=None)
+    user = models.ForeignKey(
+        "accounts.User",
+        related_name="api_key",
+        on_delete=models.CASCADE,
+    )
+
+    @staticmethod
+    def serialize(apikey):
+        from .serializers import APIKeyAuditSerializer
+
+        return APIKeyAuditSerializer(apikey).data

api/tacticalrmm/accounts/permissions.py

@@ -0,0 +1,43 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class AccountsPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return _has_perm(r, "can_list_accounts")
+        else:
+
+            # allow users to reset their own password/2fa see issue #686
+            base_path = "/accounts/users/"
+            paths = ["reset/", "reset_totp/"]
+
+            if r.path in [base_path + i for i in paths]:
+                from accounts.models import User
+
+                try:
+                    user = User.objects.get(pk=r.data["id"])
+                except User.DoesNotExist:
+                    pass
+                else:
+                    if user == r.user:
+                        return True
+
+            return _has_perm(r, "can_manage_accounts")
+
+
+class RolesPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return _has_perm(r, "can_list_roles")
+        else:
+            return _has_perm(r, "can_manage_roles")
+
+
+class APIKeyPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return _has_perm(r, "can_list_api_keys")
+
+        return _has_perm(r, "can_manage_api_keys")

api/tacticalrmm/accounts/serializers.py

@@ -1,13 +1,34 @@
 import pyotp
-from rest_framework.serializers import ModelSerializer, SerializerMethodField
+from rest_framework.serializers import (
+    ModelSerializer,
+    SerializerMethodField,
+    ReadOnlyField,
+)
 
-from .models import User
+from .models import APIKey, User, Role
+
+
+class UserUISerializer(ModelSerializer):
+    class Meta:
+        model = User
+        fields = [
+            "dark_mode",
+            "show_community_scripts",
+            "agent_dblclick_action",
+            "url_action",
+            "default_agent_tbl_tab",
+            "client_tree_sort",
+            "client_tree_splitter",
+            "loading_bar_color",
+            "clear_search_when_switching",
+            "block_dashboard_login",
+        ]
 
 
 class UserSerializer(ModelSerializer):
     class Meta:
         model = User
-        fields = (
+        fields = [
             "id",
             "username",
             "first_name",
@@ -15,7 +36,10 @@ class UserSerializer(ModelSerializer):
             "email",
             "is_active",
             "last_login",
-        )
+            "last_login_ip",
+            "role",
+            "block_dashboard_login",
+        ]
 
 
 class TOTPSetupSerializer(ModelSerializer):
@@ -34,3 +58,41 @@ class TOTPSetupSerializer(ModelSerializer):
         return pyotp.totp.TOTP(obj.totp_key).provisioning_uri(
             obj.username, issuer_name="Tactical RMM"
         )
+
+
+class RoleSerializer(ModelSerializer):
+    user_count = SerializerMethodField()
+
+    class Meta:
+        model = Role
+        fields = "__all__"
+
+    def get_user_count(self, obj):
+        return obj.users.count()
+
+
+class RoleAuditSerializer(ModelSerializer):
+    class Meta:
+        model = Role
+        fields = "__all__"
+
+
+class APIKeySerializer(ModelSerializer):
+
+    username = ReadOnlyField(source="user.username")
+
+    class Meta:
+        model = APIKey
+        fields = "__all__"
+
+
+class APIKeyAuditSerializer(ModelSerializer):
+    username = ReadOnlyField(source="user.username")
+
+    class Meta:
+        model = APIKey
+        fields = [
+            "name",
+            "username",
+            "expiration",
+        ]

api/tacticalrmm/accounts/tests.py

@@ -1,10 +1,12 @@
 from unittest.mock import patch
 
 from django.test import override_settings
-
-from accounts.models import User
+from model_bakery import baker, seq
+from accounts.models import User, APIKey
 from tacticalrmm.test import TacticalTestCase
 
+from accounts.serializers import APIKeySerializer
+
 
 class TestAccounts(TacticalTestCase):
     def setUp(self):
@@ -25,12 +27,12 @@ class TestAccounts(TacticalTestCase):
         data = {"username": "bob", "password": "a3asdsa2314"}
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 400)
-        self.assertEqual(r.data, "bad credentials")
+        self.assertEqual(r.data, "Bad credentials")
 
         data = {"username": "billy", "password": "hunter2"}
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 400)
-        self.assertEqual(r.data, "bad credentials")
+        self.assertEqual(r.data, "Bad credentials")
 
         self.bob.totp_key = "AB5RI6YPFTZAS52G"
         self.bob.save()
@@ -39,6 +41,12 @@ class TestAccounts(TacticalTestCase):
         self.assertEqual(r.status_code, 200)
         self.assertEqual(r.data, "ok")
 
+        # test user set to block dashboard logins
+        self.bob.block_dashboard_login = True
+        self.bob.save()
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 400)
+
     @patch("pyotp.TOTP.verify")
     def test_login_view(self, mock_verify):
         url = "/login/"
@@ -53,7 +61,7 @@ class TestAccounts(TacticalTestCase):
         mock_verify.return_value = False
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 400)
-        self.assertEqual(r.data, "bad credentials")
+        self.assertEqual(r.data, "Bad credentials")
 
         mock_verify.return_value = True
         data = {"username": "bob", "password": "asd234234asd", "twofactor": "123456"}
@@ -271,19 +279,16 @@ class TestUserAction(TacticalTestCase):
 
     def test_user_ui(self):
         url = "/accounts/users/ui/"
-        data = {"dark_mode": False}
-        r = self.client.patch(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        data = {"show_community_scripts": True}
-        r = self.client.patch(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
 
         data = {
-            "userui": True,
+            "dark_mode": True,
+            "show_community_scripts": True,
             "agent_dblclick_action": "editagent",
             "default_agent_tbl_tab": "mixed",
-            "agents_per_page": 1000,
+            "client_tree_sort": "alpha",
+            "client_tree_splitter": 14,
+            "loading_bar_color": "green",
+            "clear_search_when_switching": False,
         }
         r = self.client.patch(url, data, format="json")
         self.assertEqual(r.status_code, 200)
@@ -291,6 +296,68 @@ class TestUserAction(TacticalTestCase):
         self.check_not_authenticated("patch", url)
 
 
+class TestAPIKeyViews(TacticalTestCase):
+    def setUp(self):
+        self.setup_coresettings()
+        self.authenticate()
+
+    def test_get_api_keys(self):
+        url = "/accounts/apikeys/"
+        apikeys = baker.make("accounts.APIKey", key=seq("APIKEY"), _quantity=3)
+
+        serializer = APIKeySerializer(apikeys, many=True)
+        resp = self.client.get(url, format="json")
+        self.assertEqual(resp.status_code, 200)
+        self.assertEqual(serializer.data, resp.data)  # type: ignore
+
+        self.check_not_authenticated("get", url)
+
+    def test_add_api_keys(self):
+        url = "/accounts/apikeys/"
+
+        user = baker.make("accounts.User")
+        data = {"name": "Name", "user": user.id, "expiration": None}
+
+        resp = self.client.post(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        self.assertTrue(APIKey.objects.filter(name="Name").exists())
+        self.assertTrue(APIKey.objects.get(name="Name").key)
+
+        self.check_not_authenticated("post", url)
+
+    def test_modify_api_key(self):
+        # test a call where api key doesn't exist
+        resp = self.client.put("/accounts/apikeys/500/", format="json")
+        self.assertEqual(resp.status_code, 404)
+
+        apikey = baker.make("accounts.APIKey", name="Test")
+        url = f"/accounts/apikeys/{apikey.pk}/"  # type: ignore
+
+        data = {"name": "New Name"}  # type: ignore
+
+        resp = self.client.put(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        apikey = APIKey.objects.get(pk=apikey.pk)  # type: ignore
+        self.assertEquals(apikey.name, "New Name")
+
+        self.check_not_authenticated("put", url)
+
+    def test_delete_api_key(self):
+        # test a call where api key doesn't exist
+        resp = self.client.delete("/accounts/apikeys/500/", format="json")
+        self.assertEqual(resp.status_code, 404)
+
+        # test delete api key
+        apikey = baker.make("accounts.APIKey")
+        url = f"/accounts/apikeys/{apikey.pk}/"  # type: ignore
+        resp = self.client.delete(url, format="json")
+        self.assertEqual(resp.status_code, 200)
+
+        self.assertFalse(APIKey.objects.filter(pk=apikey.pk).exists())  # type: ignore
+
+        self.check_not_authenticated("delete", url)
+
+
 class TestTOTPSetup(TacticalTestCase):
     def setUp(self):
         self.authenticate()
@@ -316,3 +383,29 @@ class TestTOTPSetup(TacticalTestCase):
         r = self.client.post(url)
         self.assertEqual(r.status_code, 200)
         self.assertEqual(r.data, "totp token already set")
+
+
+class TestAPIAuthentication(TacticalTestCase):
+    def setUp(self):
+        # create User and associate to API Key
+        self.user = User.objects.create(username="api_user", is_superuser=True)
+        self.api_key = APIKey.objects.create(
+            name="Test Token", key="123456", user=self.user
+        )
+
+        self.client_setup()
+
+    def test_api_auth(self):
+        url = "/clients/"
+        # auth should fail if no header set
+        self.check_not_authenticated("get", url)
+
+        # invalid api key in header should return code 400
+        self.client.credentials(HTTP_X_API_KEY="000000")
+        r = self.client.get(url, format="json")
+        self.assertEqual(r.status_code, 401)
+
+        # valid api key in header should return code 200
+        self.client.credentials(HTTP_X_API_KEY="123456")
+        r = self.client.get(url, format="json")
+        self.assertEqual(r.status_code, 200)

api/tacticalrmm/accounts/urls.py

@@ -9,4 +9,8 @@ urlpatterns = [
     path("users/reset_totp/", views.UserActions.as_view()),
     path("users/setup_totp/", views.TOTPSetup.as_view()),
     path("users/ui/", views.UserUI.as_view()),
+    path("roles/", views.GetAddRoles.as_view()),
+    path("roles/<int:pk>/", views.GetUpdateDeleteRole.as_view()),
+    path("apikeys/", views.GetAddAPIKeys.as_view()),
+    path("apikeys/<int:pk>/", views.GetUpdateDeleteAPIKey.as_view()),
 ]

api/tacticalrmm/accounts/views.py

@@ -3,18 +3,33 @@ from django.conf import settings
 from django.contrib.auth import login
 from django.db import IntegrityError
 from django.shortcuts import get_object_or_404
+from ipware import get_client_ip
 from knox.views import LoginView as KnoxLoginView
+from logs.models import AuditLog
 from rest_framework import status
 from rest_framework.authtoken.serializers import AuthTokenSerializer
-from rest_framework.permissions import AllowAny
+from rest_framework.permissions import AllowAny, IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
-
-from logs.models import AuditLog
 from tacticalrmm.utils import notify_error
 
-from .models import User
-from .serializers import TOTPSetupSerializer, UserSerializer
+from .models import APIKey, Role, User
+from .permissions import APIKeyPerms, AccountsPerms, RolesPerms
+from .serializers import (
+    APIKeySerializer,
+    RoleSerializer,
+    TOTPSetupSerializer,
+    UserSerializer,
+    UserUISerializer,
+)
+
+
+def _is_root_user(request, user) -> bool:
+    return (
+        hasattr(settings, "ROOT_USER")
+        and request.user != user
+        and user.username == settings.ROOT_USER
+    )
 
 
 class CheckCreds(KnoxLoginView):
@@ -26,11 +41,16 @@ class CheckCreds(KnoxLoginView):
         # check credentials
         serializer = AuthTokenSerializer(data=request.data)
         if not serializer.is_valid():
-            AuditLog.audit_user_failed_login(request.data["username"])
-            return Response("bad credentials", status=status.HTTP_400_BAD_REQUEST)
+            AuditLog.audit_user_failed_login(
+                request.data["username"], debug_info={"ip": request._client_ip}
+            )
+            return notify_error("Bad credentials")
 
         user = serializer.validated_data["user"]
 
+        if user.block_dashboard_login:
+            return notify_error("Bad credentials")
+
         # if totp token not set modify response to notify frontend
         if not user.totp_key:
             login(request, user)
@@ -52,6 +72,9 @@ class LoginView(KnoxLoginView):
         serializer.is_valid(raise_exception=True)
         user = serializer.validated_data["user"]
 
+        if user.block_dashboard_login:
+            return notify_error("Bad credentials")
+
         token = request.data["twofactor"]
         totp = pyotp.TOTP(user.totp_key)
 
@@ -62,16 +85,35 @@ class LoginView(KnoxLoginView):
 
         if valid:
             login(request, user)
-            AuditLog.audit_user_login_successful(request.data["username"])
+
+            # save ip information
+            client_ip, is_routable = get_client_ip(request)
+            user.last_login_ip = client_ip
+            user.save()
+
+            AuditLog.audit_user_login_successful(
+                request.data["username"], debug_info={"ip": request._client_ip}
+            )
             return super(LoginView, self).post(request, format=None)
         else:
-            AuditLog.audit_user_failed_twofactor(request.data["username"])
-            return Response("bad credentials", status=status.HTTP_400_BAD_REQUEST)
+            AuditLog.audit_user_failed_twofactor(
+                request.data["username"], debug_info={"ip": request._client_ip}
+            )
+            return notify_error("Bad credentials")
 
 
 class GetAddUsers(APIView):
+    permission_classes = [IsAuthenticated, AccountsPerms]
+
     def get(self, request):
-        users = User.objects.filter(agent=None)
+        search = request.GET.get("search", None)
+
+        if search:
+            users = User.objects.filter(agent=None, is_installer_user=False).filter(
+                username__icontains=search
+            )
+        else:
+            users = User.objects.filter(agent=None, is_installer_user=False)
 
         return Response(UserSerializer(users, many=True).data)
 
@@ -88,15 +130,21 @@ class GetAddUsers(APIView):
                 f"ERROR: User {request.data['username']} already exists!"
             )
 
-        user.first_name = request.data["first_name"]
-        user.last_name = request.data["last_name"]
-        # Can be changed once permissions and groups are introduced
-        user.is_superuser = True
+        if "first_name" in request.data.keys():
+            user.first_name = request.data["first_name"]
+        if "last_name" in request.data.keys():
+            user.last_name = request.data["last_name"]
+        if "role" in request.data.keys() and isinstance(request.data["role"], int):
+            role = get_object_or_404(Role, pk=request.data["role"])
+            user.role = role
+
         user.save()
         return Response(user.username)
 
 
 class GetUpdateDeleteUser(APIView):
+    permission_classes = [IsAuthenticated, AccountsPerms]
+
     def get(self, request, pk):
         user = get_object_or_404(User, pk=pk)
 
@@ -105,11 +153,7 @@ class GetUpdateDeleteUser(APIView):
     def put(self, request, pk):
         user = get_object_or_404(User, pk=pk)
 
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be modified from the UI")
 
         serializer = UserSerializer(instance=user, data=request.data, partial=True)
@@ -120,11 +164,7 @@ class GetUpdateDeleteUser(APIView):
 
     def delete(self, request, pk):
         user = get_object_or_404(User, pk=pk)
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be deleted from the UI")
 
         user.delete()
@@ -133,15 +173,11 @@ class GetUpdateDeleteUser(APIView):
 
 
 class UserActions(APIView):
-
+    permission_classes = [IsAuthenticated, AccountsPerms]
     # reset password
     def post(self, request):
         user = get_object_or_404(User, pk=request.data["id"])
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be modified from the UI")
 
         user.set_password(request.data["password"])
@@ -152,11 +188,7 @@ class UserActions(APIView):
     # reset two factor token
     def put(self, request):
         user = get_object_or_404(User, pk=request.data["id"])
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be modified from the UI")
 
         user.totp_key = ""
@@ -184,23 +216,82 @@ class TOTPSetup(APIView):
 
 class UserUI(APIView):
     def patch(self, request):
-        user = request.user
-
-        if "dark_mode" in request.data.keys():
-            user.dark_mode = request.data["dark_mode"]
-            user.save(update_fields=["dark_mode"])
-
-        if "show_community_scripts" in request.data.keys():
-            user.show_community_scripts = request.data["show_community_scripts"]
-            user.save(update_fields=["show_community_scripts"])
-
-        if "userui" in request.data.keys():
-            user.agent_dblclick_action = request.data["agent_dblclick_action"]
-            user.default_agent_tbl_tab = request.data["default_agent_tbl_tab"]
-            user.save(update_fields=["agent_dblclick_action", "default_agent_tbl_tab"])
-
-        if "agents_per_page" in request.data.keys():
-            user.agents_per_page = request.data["agents_per_page"]
-            user.save(update_fields=["agents_per_page"])
-
+        serializer = UserUISerializer(
+            instance=request.user, data=request.data, partial=True
+        )
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
         return Response("ok")
+
+
+class GetAddRoles(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
+    def get(self, request):
+        roles = Role.objects.all()
+        return Response(RoleSerializer(roles, many=True).data)
+
+    def post(self, request):
+        serializer = RoleSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("Role was added")
+
+
+class GetUpdateDeleteRole(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
+    def get(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        return Response(RoleSerializer(role).data)
+
+    def put(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        serializer = RoleSerializer(instance=role, data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("Role was edited")
+
+    def delete(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        role.delete()
+        return Response("Role was removed")
+
+
+class GetAddAPIKeys(APIView):
+    permission_classes = [IsAuthenticated, APIKeyPerms]
+
+    def get(self, request):
+        apikeys = APIKey.objects.all()
+        return Response(APIKeySerializer(apikeys, many=True).data)
+
+    def post(self, request):
+        # generate a random API Key
+        from django.utils.crypto import get_random_string
+
+        request.data["key"] = get_random_string(length=32).upper()
+        serializer = APIKeySerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        obj = serializer.save()
+        return Response("The API Key was added")
+
+
+class GetUpdateDeleteAPIKey(APIView):
+    permission_classes = [IsAuthenticated, APIKeyPerms]
+
+    def put(self, request, pk):
+        apikey = get_object_or_404(APIKey, pk=pk)
+
+        # remove API key is present in request data
+        if "key" in request.data.keys():
+            request.data.pop("key")
+
+        serializer = APIKeySerializer(instance=apikey, data=request.data, partial=True)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("The API Key was edited")
+
+    def delete(self, request, pk):
+        apikey = get_object_or_404(APIKey, pk=pk)
+        apikey.delete()
+        return Response("The API Key was deleted")

api/tacticalrmm/agents/admin.py

@@ -1,7 +1,9 @@
 from django.contrib import admin
 
-from .models import Agent, Note, RecoveryAction
+from .models import Agent, AgentCustomField, Note, RecoveryAction, AgentHistory
 
 admin.site.register(Agent)
 admin.site.register(RecoveryAction)
 admin.site.register(Note)
+admin.site.register(AgentCustomField)
+admin.site.register(AgentHistory)

api/tacticalrmm/agents/baker_recipes.py

@@ -30,7 +30,8 @@ agent = Recipe(
     hostname="DESKTOP-TEST123",
     version="1.3.0",
     monitoring_type=cycle(["workstation", "server"]),
-    agent_id=seq("asdkj3h4234-1234hg3h4g34-234jjh34|DESKTOP-TEST123"),
+    agent_id=seq(generate_agent_id("DESKTOP-TEST123")),
+    last_seen=djangotime.now() - djangotime.timedelta(days=5),
 )
 
 server_agent = agent.extend(

api/tacticalrmm/agents/migrations/0031_agent_alert_template.py

@@ -0,0 +1,20 @@
+# Generated by Django 3.1.7 on 2021-03-04 03:57
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0006_auto_20210217_1736'),
+        ('agents', '0030_agent_offline_time'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='alert_template',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='agents', to='alerts.alerttemplate'),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0032_agentcustomfield.py

@@ -0,0 +1,24 @@
+# Generated by Django 3.1.7 on 2021-03-17 14:45
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0014_customfield'),
+        ('agents', '0031_agent_alert_template'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AgentCustomField',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('value', models.TextField(blank=True, null=True)),
+                ('agent', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='custom_fields', to='agents.agent')),
+                ('field', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='agent_fields', to='core.customfield')),
+            ],
+        ),
+    ]

api/tacticalrmm/agents/migrations/0033_agentcustomfield_multiple_value.py

@@ -0,0 +1,19 @@
+# Generated by Django 3.1.7 on 2021-03-29 02:51
+
+import django.contrib.postgres.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0032_agentcustomfield'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentcustomfield',
+            name='multiple_value',
+            field=django.contrib.postgres.fields.ArrayField(base_field=models.TextField(blank=True, null=True), blank=True, default=list, null=True, size=None),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0034_agentcustomfield_checkbox_value.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-29 03:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0033_agentcustomfield_multiple_value'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentcustomfield',
+            name='checkbox_value',
+            field=models.BooleanField(blank=True, default=False),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0035_auto_20210329_1709.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.1.7 on 2021-03-29 17:09
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0034_agentcustomfield_checkbox_value'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='agentcustomfield',
+            old_name='checkbox_value',
+            new_name='bool_value',
+        ),
+        migrations.RenameField(
+            model_name='agentcustomfield',
+            old_name='value',
+            new_name='string_value',
+        ),
+    ]

api/tacticalrmm/agents/migrations/0036_agent_block_policy_inheritance.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-04-17 01:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0035_auto_20210329_1709'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='block_policy_inheritance',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0037_auto_20210627_0014.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.4 on 2021-06-27 00:14
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0036_agent_block_policy_inheritance'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='has_patches_pending',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='agent',
+            name='pending_actions_count',
+            field=models.PositiveIntegerField(default=0),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0038_agenthistory.py

@@ -0,0 +1,27 @@
+# Generated by Django 3.2.1 on 2021-07-06 02:01
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0037_auto_20210627_0014'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AgentHistory',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('time', models.DateTimeField(auto_now_add=True)),
+                ('type', models.CharField(choices=[('task_run', 'Task Run'), ('script_run', 'Script Run'), ('cmd_run', 'CMD Run')], default='cmd_run', max_length=50)),
+                ('command', models.TextField(blank=True, null=True)),
+                ('status', models.CharField(choices=[('success', 'Success'), ('failure', 'Failure')], default='success', max_length=50)),
+                ('username', models.CharField(default='system', max_length=50)),
+                ('results', models.TextField(blank=True, null=True)),
+                ('agent', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='history', to='agents.agent')),
+            ],
+        ),
+    ]

api/tacticalrmm/agents/migrations/0039_auto_20210714_0738.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.2.5 on 2021-07-14 07:38
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('scripts', '0008_script_guid'),
+        ('agents', '0038_agenthistory'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agenthistory',
+            name='script',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='history', to='scripts.script'),
+        ),
+        migrations.AddField(
+            model_name='agenthistory',
+            name='script_results',
+            field=models.JSONField(blank=True, null=True),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0040_auto_20211010_0249.py

@@ -0,0 +1,28 @@
+# Generated by Django 3.2.6 on 2021-10-10 02:49
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0039_auto_20210714_0738'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='agent',
+            name='agent_id',
+            field=models.CharField(max_length=200, unique=True),
+        ),
+        migrations.AlterField(
+            model_name='agent',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name='agent',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0041_alter_agenthistory_username.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.6 on 2021-10-18 03:04
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0040_auto_20211010_0249'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='agenthistory',
+            name='username',
+            field=models.CharField(default='system', max_length=255),
+        ),
+    ]

api/tacticalrmm/agents/models.py

@@ -4,7 +4,7 @@ import re
 import time
 from collections import Counter
 from distutils.version import LooseVersion
-from typing import Any, Union
+from typing import Any
 
 import msgpack
 import validators
@@ -13,21 +13,21 @@ from Crypto.Hash import SHA3_384
 from Crypto.Random import get_random_bytes
 from Crypto.Util.Padding import pad
 from django.conf import settings
+from django.contrib.postgres.fields import ArrayField
 from django.db import models
 from django.utils import timezone as djangotime
-from loguru import logger
 from nats.aio.client import Client as NATS
 from nats.aio.errors import ErrTimeout
 from packaging import version as pyver
 
-from alerts.models import AlertTemplate
 from core.models import TZ_CHOICES, CoreSettings
-from logs.models import BaseAuditModel
-
-logger.configure(**settings.LOG_CONFIG)
+from logs.models import BaseAuditModel, DebugLog
+from tacticalrmm.models import PermissionQuerySet
 
 
 class Agent(BaseAuditModel):
+    objects = PermissionQuerySet.as_manager()
+
     version = models.CharField(default="0.1.0", max_length=255)
     salt_ver = models.CharField(default="1.0.3", max_length=255)
     operating_system = models.CharField(null=True, blank=True, max_length=255)
@@ -36,7 +36,7 @@ class Agent(BaseAuditModel):
     hostname = models.CharField(max_length=255)
     salt_id = models.CharField(null=True, blank=True, max_length=255)
     local_ip = models.TextField(null=True, blank=True)  # deprecated
-    agent_id = models.CharField(max_length=200)
+    agent_id = models.CharField(max_length=200, unique=True)
     last_seen = models.DateTimeField(null=True, blank=True)
     services = models.JSONField(null=True, blank=True)
     public_ip = models.CharField(null=True, max_length=255)
@@ -64,6 +64,16 @@ class Agent(BaseAuditModel):
         max_length=255, choices=TZ_CHOICES, null=True, blank=True
     )
     maintenance_mode = models.BooleanField(default=False)
+    block_policy_inheritance = models.BooleanField(default=False)
+    pending_actions_count = models.PositiveIntegerField(default=0)
+    has_patches_pending = models.BooleanField(default=False)
+    alert_template = models.ForeignKey(
+        "alerts.AlertTemplate",
+        related_name="agents",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+    )
     site = models.ForeignKey(
         "clients.Site",
         related_name="agents",
@@ -80,22 +90,28 @@ class Agent(BaseAuditModel):
     )
 
     def save(self, *args, **kwargs):
+        from automation.tasks import generate_agent_checks_task
 
         # get old agent if exists
-        old_agent = type(self).objects.get(pk=self.pk) if self.pk else None
-        super(BaseAuditModel, self).save(*args, **kwargs)
+        old_agent = Agent.objects.get(pk=self.pk) if self.pk else None
+        super(Agent, self).save(old_model=old_agent, *args, **kwargs)
 
-        # check if new agent has been create
+        # check if new agent has been created
         # or check if policy have changed on agent
         # or if site has changed on agent and if so generate-policies
+        # or if agent was changed from server or workstation
         if (
             not old_agent
-            or old_agent
-            and old_agent.policy != self.policy
-            or old_agent.site != self.site
+            or (old_agent and old_agent.policy != self.policy)
+            or (old_agent.site != self.site)
+            or (old_agent.monitoring_type != self.monitoring_type)
+            or (old_agent.block_policy_inheritance != self.block_policy_inheritance)
         ):
-            self.generate_checks_from_policies()
-            self.generate_tasks_from_policies()
+            generate_agent_checks_task.delay(agents=[self.pk], create_tasks=True)
+
+        # calculate alert template for new agents
+        if not old_agent:
+            self.set_alert_template()
 
     def __str__(self):
         return self.hostname
@@ -104,14 +120,6 @@ class Agent(BaseAuditModel):
     def client(self):
         return self.site.client
 
-    @property
-    def has_nats(self):
-        return pyver.parse(self.version) >= pyver.parse("1.1.0")
-
-    @property
-    def has_gotasks(self):
-        return pyver.parse(self.version) >= pyver.parse("1.1.1")
-
     @property
     def timezone(self):
         # return the default timezone unless the timezone is explicity set per agent
@@ -120,7 +128,7 @@ class Agent(BaseAuditModel):
         else:
             from core.models import CoreSettings
 
-            return CoreSettings.objects.first().default_time_zone
+            return CoreSettings.objects.first().default_time_zone  # type: ignore
 
     @property
     def arch(self):
@@ -162,13 +170,9 @@ class Agent(BaseAuditModel):
         else:
             return "offline"
 
-    @property
-    def has_patches_pending(self):
-        return self.winupdates.filter(action="approve").filter(installed=False).exists()  # type: ignore
-
     @property
     def checks(self):
-        total, passing, failing = 0, 0, 0
+        total, passing, failing, warning, info = 0, 0, 0, 0, 0
 
         if self.agentchecks.exists():  # type: ignore
             for i in self.agentchecks.all():  # type: ignore
@@ -176,13 +180,20 @@ class Agent(BaseAuditModel):
                 if i.status == "passing":
                     passing += 1
                 elif i.status == "failing":
-                    failing += 1
+                    if i.alert_severity == "error":
+                        failing += 1
+                    elif i.alert_severity == "warning":
+                        warning += 1
+                    elif i.alert_severity == "info":
+                        info += 1
 
         ret = {
             "total": total,
             "passing": passing,
             "failing": failing,
-            "has_failing_checks": failing > 0,
+            "warning": warning,
+            "info": info,
+            "has_failing_checks": failing > 0 or warning > 0,
         }
         return ret
 
@@ -197,6 +208,27 @@ class Agent(BaseAuditModel):
         except:
             return ["unknown cpu model"]
 
+    @property
+    def graphics(self):
+        ret, mrda = [], []
+        try:
+            graphics = self.wmi_detail["graphics"]
+            for i in graphics:
+                caption = [x["Caption"] for x in i if "Caption" in x][0]
+                if "microsoft remote display adapter" in caption.lower():
+                    mrda.append("yes")
+                    continue
+
+                ret.append([x["Caption"] for x in i if "Caption" in x][0])
+
+            # only return this if no other graphics cards
+            if not ret and mrda:
+                return "Microsoft Remote Display Adapter"
+
+            return ", ".join(ret)
+        except:
+            return "Graphics info requires agent v1.4.14"
+
     @property
     def local_ips(self):
         ret = []
@@ -236,6 +268,11 @@ class Agent(BaseAuditModel):
                 make = [x["Manufacturer"] for x in mobo if "Manufacturer" in x][0]
                 model = [x["Product"] for x in mobo if "Product" in x][0]
 
+            if make.lower() == "lenovo":
+                sysfam = [x["SystemFamily"] for x in comp_sys if "SystemFamily" in x][0]
+                if "to be filled" not in sysfam.lower():
+                    model = sysfam
+
             return f"{make} {model}"
         except:
             pass
@@ -271,6 +308,20 @@ class Agent(BaseAuditModel):
         except:
             return ["unknown disk"]
 
+    def check_run_interval(self) -> int:
+        interval = self.check_interval
+        # determine if any agent checks have a custom interval and set the lowest interval
+        for check in self.agentchecks.filter(overriden_by_policy=False):  # type: ignore
+            if check.run_interval and check.run_interval < interval:
+
+                # don't allow check runs less than 15s
+                if check.run_interval < 15:
+                    interval = 15
+                else:
+                    interval = check.run_interval
+
+        return interval
+
     def run_script(
         self,
         scriptpk: int,
@@ -279,21 +330,28 @@ class Agent(BaseAuditModel):
         full: bool = False,
         wait: bool = False,
         run_on_any: bool = False,
+        history_pk: int = 0,
     ) -> Any:
 
         from scripts.models import Script
 
         script = Script.objects.get(pk=scriptpk)
+
+        parsed_args = script.parse_script_args(self, script.shell, args)
+
         data = {
             "func": "runscriptfull" if full else "runscript",
             "timeout": timeout,
-            "script_args": args,
+            "script_args": parsed_args,
             "payload": {
                 "code": script.code,
                 "shell": script.shell,
             },
         }
 
+        if history_pk != 0 and pyver.parse(self.version) >= pyver.parse("1.6.0"):
+            data["id"] = history_pk
+
         running_agent = self
         if run_on_any:
             nats_ping = {"func": "ping"}
@@ -307,7 +365,7 @@ class Agent(BaseAuditModel):
                 online = [
                     agent
                     for agent in Agent.objects.only(
-                        "pk", "last_seen", "overdue_time", "offline_time"
+                        "pk", "agent_id", "last_seen", "overdue_time", "offline_time"
                     )
                     if agent.status == "online"
                 ]
@@ -378,21 +436,34 @@ class Agent(BaseAuditModel):
 
             # check site policy if agent policy doesn't have one
             elif site.server_policy and site.server_policy.winupdatepolicy.exists():
-                patch_policy = site.server_policy.winupdatepolicy.get()
+                # make sure agent isn;t blocking policy inheritance
+                if not self.block_policy_inheritance:
+                    patch_policy = site.server_policy.winupdatepolicy.get()
 
             # if site doesn't have a patch policy check the client
             elif (
                 site.client.server_policy
                 and site.client.server_policy.winupdatepolicy.exists()
             ):
-                patch_policy = site.client.server_policy.winupdatepolicy.get()
+                # make sure agent and site are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                ):
+                    patch_policy = site.client.server_policy.winupdatepolicy.get()
 
             # if patch policy still doesn't exist check default policy
             elif (
-                core_settings.server_policy
-                and core_settings.server_policy.winupdatepolicy.exists()
+                core_settings.server_policy  # type: ignore
+                and core_settings.server_policy.winupdatepolicy.exists()  # type: ignore
             ):
-                patch_policy = core_settings.server_policy.winupdatepolicy.get()
+                # make sure agent site and client are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                    and not site.client.block_policy_inheritance
+                ):
+                    patch_policy = core_settings.server_policy.winupdatepolicy.get()  # type: ignore
 
         elif self.monitoring_type == "workstation":
             # check agent policy first which should override client or site policy
@@ -403,21 +474,36 @@ class Agent(BaseAuditModel):
                 site.workstation_policy
                 and site.workstation_policy.winupdatepolicy.exists()
             ):
-                patch_policy = site.workstation_policy.winupdatepolicy.get()
+                # make sure agent isn;t blocking policy inheritance
+                if not self.block_policy_inheritance:
+                    patch_policy = site.workstation_policy.winupdatepolicy.get()
 
             # if site doesn't have a patch policy check the client
             elif (
                 site.client.workstation_policy
                 and site.client.workstation_policy.winupdatepolicy.exists()
             ):
-                patch_policy = site.client.workstation_policy.winupdatepolicy.get()
+                # make sure agent and site are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                ):
+                    patch_policy = site.client.workstation_policy.winupdatepolicy.get()
 
             # if patch policy still doesn't exist check default policy
             elif (
-                core_settings.workstation_policy
-                and core_settings.workstation_policy.winupdatepolicy.exists()
+                core_settings.workstation_policy  # type: ignore
+                and core_settings.workstation_policy.winupdatepolicy.exists()  # type: ignore
             ):
-                patch_policy = core_settings.workstation_policy.winupdatepolicy.get()
+                # make sure agent site and client are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                    and not site.client.block_policy_inheritance
+                ):
+                    patch_policy = (
+                        core_settings.workstation_policy.winupdatepolicy.get()  # type: ignore
+                    )
 
         # if policy still doesn't exist return the agent patch policy
         if not patch_policy:
@@ -461,9 +547,9 @@ class Agent(BaseAuditModel):
             )
         )
 
-    # returns alert template assigned in the following order: policy, site, client, global
-    # will return None if nothing is found
-    def get_alert_template(self) -> Union[AlertTemplate, None]:
+    # sets alert template assigned in the following order: policy, site, client, global
+    # sets None if nothing is found
+    def set_alert_template(self):
 
         site = self.site
         client = self.client
@@ -484,6 +570,7 @@ class Agent(BaseAuditModel):
             and site.server_policy
             and site.server_policy.alert_template
             and site.server_policy.alert_template.is_active
+            and not self.block_policy_inheritance
         ):
             templates.append(site.server_policy.alert_template)
         if (
@@ -491,6 +578,7 @@ class Agent(BaseAuditModel):
             and site.workstation_policy
             and site.workstation_policy.alert_template
             and site.workstation_policy.alert_template.is_active
+            and not self.block_policy_inheritance
         ):
             templates.append(site.workstation_policy.alert_template)
 
@@ -504,6 +592,8 @@ class Agent(BaseAuditModel):
             and client.server_policy
             and client.server_policy.alert_template
             and client.server_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
         ):
             templates.append(client.server_policy.alert_template)
         if (
@@ -511,32 +601,51 @@ class Agent(BaseAuditModel):
             and client.workstation_policy
             and client.workstation_policy.alert_template
             and client.workstation_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
         ):
             templates.append(client.workstation_policy.alert_template)
 
         # check if alert template is on client and return
-        if client.alert_template and client.alert_template.is_active:
+        if (
+            client.alert_template
+            and client.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+        ):
             templates.append(client.alert_template)
 
         # check if alert template is applied globally and return
-        if core.alert_template and core.alert_template.is_active:
-            templates.append(core.alert_template)
+        if (
+            core.alert_template  # type: ignore
+            and core.alert_template.is_active  # type: ignore
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
+        ):
+            templates.append(core.alert_template)  # type: ignore
 
         # if agent is a workstation, check if policy with alert template is assigned to the site, client, or core
         if (
             self.monitoring_type == "server"
-            and core.server_policy
-            and core.server_policy.alert_template
-            and core.server_policy.alert_template.is_active
+            and core.server_policy  # type: ignore
+            and core.server_policy.alert_template  # type: ignore
+            and core.server_policy.alert_template.is_active  # type: ignore
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
         ):
-            templates.append(core.server_policy.alert_template)
+            templates.append(core.server_policy.alert_template)  # type: ignore
         if (
             self.monitoring_type == "workstation"
-            and core.workstation_policy
-            and core.workstation_policy.alert_template
-            and core.workstation_policy.alert_template.is_active
+            and core.workstation_policy  # type: ignore
+            and core.workstation_policy.alert_template  # type: ignore
+            and core.workstation_policy.alert_template.is_active  # type: ignore
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
         ):
-            templates.append(core.workstation_policy.alert_template)
+            templates.append(core.workstation_policy.alert_template)  # type: ignore
 
         # go through the templates and return the first one that isn't excluded
         for template in templates:
@@ -563,9 +672,16 @@ class Agent(BaseAuditModel):
                 continue
 
             else:
+                # save alert_template to agent cache field
+                self.alert_template = template
+                self.save()
+
                 return template
 
         # no alert templates found or agent has been excluded
+        self.alert_template = None
+        self.save()
+
         return None
 
     def generate_checks_from_policies(self):
@@ -590,7 +706,7 @@ class Agent(BaseAuditModel):
             key1 = key[0:48]
             key2 = key[48:]
             msg = '{{"a":{}, "u":"{}","time":{}}}'.format(
-                action, user, int(time.time())
+                action, user.lower(), int(time.time())
             )
             iv = get_random_bytes(16)
 
@@ -629,7 +745,11 @@ class Agent(BaseAuditModel):
             except ErrTimeout:
                 ret = "timeout"
             else:
-                ret = msgpack.loads(msg.data)  # type: ignore
+                try:
+                    ret = msgpack.loads(msg.data)  # type: ignore
+                except Exception as e:
+                    DebugLog.error(agent=self, log_type="agent_issues", message=e)
+                    ret = str(e)
 
             await nc.close()
             return ret
@@ -641,12 +761,9 @@ class Agent(BaseAuditModel):
     @staticmethod
     def serialize(agent):
         # serializes the agent and returns json
-        from .serializers import AgentEditSerializer
+        from .serializers import AgentAuditSerializer
 
-        ret = AgentEditSerializer(agent).data
-        del ret["all_timezones"]
-        del ret["client"]
-        return ret
+        return AgentAuditSerializer(agent).data
 
     def delete_superseded_updates(self):
         try:
@@ -661,7 +778,7 @@ class Agent(BaseAuditModel):
                 # skip if no version info is available therefore nothing to parse
                 try:
                     vers = [
-                        re.search(r"\(Version(.*?)\)", i).group(1).strip()
+                        re.search(r"\(Version(.*?)\)", i).group(1).strip()  # type: ignore
                         for i in titles
                     ]
                     sorted_vers = sorted(vers, key=LooseVersion)
@@ -677,37 +794,7 @@ class Agent(BaseAuditModel):
         except:
             pass
 
-    # define how the agent should handle pending actions
-    def handle_pending_actions(self):
-        pending_actions = self.pendingactions.filter(status="pending")  # type: ignore
-
-        for action in pending_actions:
-            if action.action_type == "taskaction":
-                from autotasks.tasks import (
-                    create_win_task_schedule,
-                    delete_win_task_schedule,
-                    enable_or_disable_win_task,
-                )
-
-                task_id = action.details["task_id"]
-
-                if action.details["action"] == "taskcreate":
-                    create_win_task_schedule.delay(task_id, pending_action=action.id)
-                elif action.details["action"] == "tasktoggle":
-                    enable_or_disable_win_task.delay(
-                        task_id, action.details["value"], pending_action=action.id
-                    )
-                elif action.details["action"] == "taskdelete":
-                    delete_win_task_schedule.delay(task_id, pending_action=action.id)
-
-    # for clearing duplicate pending actions on agent
-    def remove_matching_pending_task_actions(self, task_id):
-        # remove any other pending actions on agent with same task_id
-        for action in self.pendingactions.exclude(status="completed"):  # type: ignore
-            if action.details["task_id"] == task_id:
-                action.delete()
-
-    def should_create_alert(self, alert_template):
+    def should_create_alert(self, alert_template=None):
         return (
             self.overdue_dashboard_alert
             or self.overdue_email_alert
@@ -726,8 +813,7 @@ class Agent(BaseAuditModel):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.get_alert_template()
-        CORE.send_mail(
+        CORE.send_mail(  # type: ignore
             f"{self.client.name}, {self.site.name}, {self.hostname} - data overdue",
             (
                 f"Data has not been received from client {self.client.name}, "
@@ -735,15 +821,14 @@ class Agent(BaseAuditModel):
                 f"agent {self.hostname} "
                 "within the expected time."
             ),
-            alert_template=alert_template,
+            alert_template=self.alert_template,
         )
 
     def send_recovery_email(self):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.get_alert_template()
-        CORE.send_mail(
+        CORE.send_mail(  # type: ignore
             f"{self.client.name}, {self.site.name}, {self.hostname} - data received",
             (
                 f"Data has been received from client {self.client.name}, "
@@ -751,27 +836,25 @@ class Agent(BaseAuditModel):
                 f"agent {self.hostname} "
                 "after an interruption in data transmission."
             ),
-            alert_template=alert_template,
+            alert_template=self.alert_template,
         )
 
     def send_outage_sms(self):
         from core.models import CoreSettings
 
-        alert_template = self.get_alert_template()
         CORE = CoreSettings.objects.first()
-        CORE.send_sms(
+        CORE.send_sms(  # type: ignore
             f"{self.client.name}, {self.site.name}, {self.hostname} - data overdue",
-            alert_template=alert_template,
+            alert_template=self.alert_template,
         )
 
     def send_recovery_sms(self):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.get_alert_template()
-        CORE.send_sms(
+        CORE.send_sms(  # type: ignore
             f"{self.client.name}, {self.site.name}, {self.hostname} - data received",
-            alert_template=alert_template,
+            alert_template=self.alert_template,
         )
 
 
@@ -785,6 +868,8 @@ RECOVERY_CHOICES = [
 
 
 class RecoveryAction(models.Model):
+    objects = PermissionQuerySet.as_manager()
+
     agent = models.ForeignKey(
         Agent,
         related_name="recoveryactions",
@@ -797,14 +882,10 @@ class RecoveryAction(models.Model):
     def __str__(self):
         return f"{self.agent.hostname} - {self.mode}"
 
-    def send(self):
-        ret = {"recovery": self.mode}
-        if self.mode == "command":
-            ret["cmd"] = self.command
-        return ret
-
 
 class Note(models.Model):
+    objects = PermissionQuerySet.as_manager()
+
     agent = models.ForeignKey(
         Agent,
         related_name="notes",
@@ -822,3 +903,96 @@ class Note(models.Model):
 
     def __str__(self):
         return self.agent.hostname
+
+
+class AgentCustomField(models.Model):
+    objects = PermissionQuerySet.as_manager()
+
+    agent = models.ForeignKey(
+        Agent,
+        related_name="custom_fields",
+        on_delete=models.CASCADE,
+    )
+
+    field = models.ForeignKey(
+        "core.CustomField",
+        related_name="agent_fields",
+        on_delete=models.CASCADE,
+    )
+
+    string_value = models.TextField(null=True, blank=True)
+    bool_value = models.BooleanField(blank=True, default=False)
+    multiple_value = ArrayField(
+        models.TextField(null=True, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+
+    def __str__(self):
+        return self.field
+
+    @property
+    def value(self):
+        if self.field.type == "multiple":
+            return self.multiple_value
+        elif self.field.type == "checkbox":
+            return self.bool_value
+        else:
+            return self.string_value
+
+    def save_to_field(self, value):
+        if self.field.type in [
+            "text",
+            "number",
+            "single",
+            "datetime",
+        ]:
+            self.string_value = value
+            self.save()
+        elif self.field.type == "multiple":
+            self.multiple_value = value.split(",")
+            self.save()
+        elif self.field.type == "checkbox":
+            self.bool_value = bool(value)
+            self.save()
+
+
+AGENT_HISTORY_TYPES = (
+    ("task_run", "Task Run"),
+    ("script_run", "Script Run"),
+    ("cmd_run", "CMD Run"),
+)
+
+AGENT_HISTORY_STATUS = (("success", "Success"), ("failure", "Failure"))
+
+
+class AgentHistory(models.Model):
+    objects = PermissionQuerySet.as_manager()
+
+    agent = models.ForeignKey(
+        Agent,
+        related_name="history",
+        on_delete=models.CASCADE,
+    )
+    time = models.DateTimeField(auto_now_add=True)
+    type = models.CharField(
+        max_length=50, choices=AGENT_HISTORY_TYPES, default="cmd_run"
+    )
+    command = models.TextField(null=True, blank=True)
+    status = models.CharField(
+        max_length=50, choices=AGENT_HISTORY_STATUS, default="success"
+    )
+    username = models.CharField(max_length=255, default="system")
+    results = models.TextField(null=True, blank=True)
+    script = models.ForeignKey(
+        "scripts.Script",
+        null=True,
+        blank=True,
+        related_name="history",
+        on_delete=models.SET_NULL,
+    )
+    script_results = models.JSONField(null=True, blank=True)
+
+    def __str__(self):
+        return f"{self.agent.hostname} - {self.type}"

api/tacticalrmm/agents/permissions.py

@@ -0,0 +1,123 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm, _has_perm_on_agent
+
+
+class AgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            if "agent_id" in view.kwargs.keys():
+                return _has_perm(r, "can_list_agents") and _has_perm_on_agent(
+                    r.user, view.kwargs["agent_id"]
+                )
+            else:
+                return _has_perm(r, "can_list_agents")
+        elif r.method == "DELETE":
+            return _has_perm(r, "can_uninstall_agents") and _has_perm_on_agent(
+                r.user, view.kwargs["agent_id"]
+            )
+        else:
+            if r.path == "/agents/maintenance/bulk/":
+                return _has_perm(r, "can_edit_agent")
+            else:
+                return _has_perm(r, "can_edit_agent") and _has_perm_on_agent(
+                    r.user, view.kwargs["agent_id"]
+                )
+
+
+class RecoverAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_recover_agents") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class MeshPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_use_mesh") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class UpdateAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_update_agents")
+
+
+class PingAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_ping_agents") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class ManageProcPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_manage_procs") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class EvtLogPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_view_eventlogs") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class SendCMDPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_send_cmd") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class RebootAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_reboot_agents") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class InstallAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_install_agents")
+
+
+class RunScriptPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_run_scripts") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )
+
+
+class AgentNotesPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+
+        # permissions for GET /agents/notes/ endpoint
+        if r.method == "GET":
+
+            # permissions for /agents/<agent_id>/notes endpoint
+            if "agent_id" in view.kwargs.keys():
+                return _has_perm(r, "can_list_notes") and _has_perm_on_agent(
+                    r.user, view.kwargs["agent_id"]
+                )
+            else:
+                return _has_perm(r, "can_list_notes")
+        else:
+            return _has_perm(r, "can_manage_notes")
+
+
+class RunBulkPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_run_bulk")
+
+
+class AgentHistoryPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if "agent_id" in view.kwargs.keys():
+            return _has_perm(r, "can_list_agent_history") and _has_perm_on_agent(
+                r.user, view.kwargs["agent_id"]
+            )
+        else:
+            return _has_perm(r, "can_list_agent_history")

api/tacticalrmm/agents/serializers.py

@@ -1,51 +1,53 @@
 import pytz
 from rest_framework import serializers
-
-from clients.serializers import ClientSerializer
 from winupdate.serializers import WinUpdatePolicySerializer
 
-from .models import Agent, Note
+from .models import Agent, AgentCustomField, Note, AgentHistory
+
+
+class AgentCustomFieldSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = AgentCustomField
+        fields = (
+            "id",
+            "field",
+            "agent",
+            "value",
+            "string_value",
+            "bool_value",
+            "multiple_value",
+        )
+        extra_kwargs = {
+            "string_value": {"write_only": True},
+            "bool_value": {"write_only": True},
+            "multiple_value": {"write_only": True},
+        }
 
 
 class AgentSerializer(serializers.ModelSerializer):
-    # for vue
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
     winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
     status = serializers.ReadOnlyField()
     cpu_model = serializers.ReadOnlyField()
     local_ips = serializers.ReadOnlyField()
     make_model = serializers.ReadOnlyField()
     physical_disks = serializers.ReadOnlyField()
+    graphics = serializers.ReadOnlyField()
     checks = serializers.ReadOnlyField()
     timezone = serializers.ReadOnlyField()
     all_timezones = serializers.SerializerMethodField()
-    client_name = serializers.ReadOnlyField(source="client.name")
+    client = serializers.ReadOnlyField(source="client.name")
     site_name = serializers.ReadOnlyField(source="site.name")
+    custom_fields = AgentCustomFieldSerializer(many=True, read_only=True)
 
     def get_all_timezones(self, obj):
         return pytz.all_timezones
 
     class Meta:
         model = Agent
-        exclude = [
-            "last_seen",
-        ]
-
-
-class AgentOverdueActionSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = Agent
-        fields = [
-            "pk",
-            "overdue_email_alert",
-            "overdue_text_alert",
-            "overdue_dashboard_alert",
-        ]
+        exclude = ["last_seen", "id"]
 
 
 class AgentTableSerializer(serializers.ModelSerializer):
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
-    pending_actions = serializers.SerializerMethodField()
     status = serializers.ReadOnlyField()
     checks = serializers.ReadOnlyField()
     last_seen = serializers.SerializerMethodField()
@@ -57,21 +59,17 @@ class AgentTableSerializer(serializers.ModelSerializer):
     alert_template = serializers.SerializerMethodField()
 
     def get_alert_template(self, obj):
-        alert_template = obj.get_alert_template()
 
-        if not alert_template:
+        if not obj.alert_template:
             return None
         else:
             return {
-                "name": alert_template.name,
-                "always_email": alert_template.agent_always_email,
-                "always_text": alert_template.agent_always_text,
-                "always_alert": alert_template.agent_always_alert,
+                "name": obj.alert_template.name,
+                "always_email": obj.alert_template.agent_always_email,
+                "always_text": obj.alert_template.agent_always_text,
+                "always_alert": obj.alert_template.agent_always_alert,
             }
 
-    def get_pending_actions(self, obj):
-        return obj.pendingactions.filter(status="pending").count()
-
     def get_last_seen(self, obj) -> str:
         if obj.time_zone is not None:
             agent_tz = pytz.timezone(obj.time_zone)
@@ -94,17 +92,16 @@ class AgentTableSerializer(serializers.ModelSerializer):
     class Meta:
         model = Agent
         fields = [
-            "id",
+            "agent_id",
             "alert_template",
             "hostname",
-            "agent_id",
             "site_name",
             "client_name",
             "monitoring_type",
             "description",
             "needs_reboot",
-            "patches_pending",
-            "pending_actions",
+            "has_patches_pending",
+            "pending_actions_count",
             "status",
             "overdue_text_alert",
             "overdue_email_alert",
@@ -116,46 +113,12 @@ class AgentTableSerializer(serializers.ModelSerializer):
             "logged_username",
             "italic",
             "policy",
+            "block_policy_inheritance",
         ]
         depth = 2
 
 
-class AgentEditSerializer(serializers.ModelSerializer):
-    winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
-    all_timezones = serializers.SerializerMethodField()
-    client = ClientSerializer(read_only=True)
-
-    def get_all_timezones(self, obj):
-        return pytz.all_timezones
-
-    class Meta:
-        model = Agent
-        fields = [
-            "id",
-            "hostname",
-            "client",
-            "site",
-            "monitoring_type",
-            "description",
-            "time_zone",
-            "timezone",
-            "check_interval",
-            "overdue_time",
-            "offline_time",
-            "overdue_text_alert",
-            "overdue_email_alert",
-            "all_timezones",
-            "winupdatepolicy",
-            "policy",
-        ]
-
-
 class WinAgentSerializer(serializers.ModelSerializer):
-    # for the windows agent
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
-    winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
-    status = serializers.ReadOnlyField()
-
     class Meta:
         model = Agent
         fields = "__all__"
@@ -168,24 +131,38 @@ class AgentHostnameSerializer(serializers.ModelSerializer):
     class Meta:
         model = Agent
         fields = (
+            "id",
             "hostname",
-            "pk",
+            "agent_id",
             "client",
             "site",
         )
 
 
-class NoteSerializer(serializers.ModelSerializer):
+class AgentNoteSerializer(serializers.ModelSerializer):
     username = serializers.ReadOnlyField(source="user.username")
+    agent_id = serializers.ReadOnlyField(source="agent.agent_id")
 
     class Meta:
         model = Note
-        fields = "__all__"
+        fields = ("pk", "entry_time", "agent", "user", "note", "username", "agent_id")
+        extra_kwargs = {"agent": {"write_only": True}, "user": {"write_only": True}}
 
 
-class NotesSerializer(serializers.ModelSerializer):
-    notes = NoteSerializer(many=True, read_only=True)
+class AgentHistorySerializer(serializers.ModelSerializer):
+    time = serializers.SerializerMethodField(read_only=True)
+    script_name = serializers.ReadOnlyField(source="script.name")
 
+    class Meta:
+        model = AgentHistory
+        fields = "__all__"
+
+    def get_time(self, history):
+        tz = self.context["default_tz"]
+        return history.time.astimezone(tz).strftime("%m %d %Y %H:%M:%S")
+
+
+class AgentAuditSerializer(serializers.ModelSerializer):
     class Meta:
         model = Agent
-        fields = ["hostname", "pk", "notes"]
+        exclude = ["disks", "services", "wmi_detail"]

api/tacticalrmm/agents/tasks.py

@@ -4,65 +4,57 @@ import random
 from time import sleep
 from typing import Union
 
+from alerts.models import Alert
+from core.models import CoreSettings
 from django.conf import settings
 from django.utils import timezone as djangotime
-from loguru import logger
+from logs.models import DebugLog, PendingAction
 from packaging import version as pyver
-
-from agents.models import Agent
-from core.models import CoreSettings
-from logs.models import PendingAction
 from scripts.models import Script
 from tacticalrmm.celery import app
+from tacticalrmm.utils import run_nats_api_cmd
 
-logger.configure(**settings.LOG_CONFIG)
+from agents.models import Agent
+from agents.utils import get_winagent_url
 
 
-def agent_update(pk: int) -> str:
-    agent = Agent.objects.get(pk=pk)
+def agent_update(agent_id: str, force: bool = False) -> str:
 
-    if pyver.parse(agent.version) <= pyver.parse("1.1.11"):
-        logger.warning(
-            f"{agent.hostname} v{agent.version} is running an unsupported version. Refusing to auto update."
-        )
+    agent = Agent.objects.get(agent_id=agent_id)
+
+    if pyver.parse(agent.version) <= pyver.parse("1.3.0"):
         return "not supported"
 
     # skip if we can't determine the arch
     if agent.arch is None:
-        logger.warning(
-            f"Unable to determine arch on {agent.hostname}. Skipping agent update."
+        DebugLog.warning(
+            agent=agent,
+            log_type="agent_issues",
+            message=f"Unable to determine arch on {agent.hostname}({agent.agent_id}). Skipping agent update.",
         )
         return "noarch"
 
-    # removed sqlite in 1.4.0 to get rid of cgo dependency
-    # 1.3.0 has migration func to move from sqlite to win registry, so force an upgrade to 1.3.0 if old agent
-    if pyver.parse(agent.version) >= pyver.parse("1.3.0"):
-        version = settings.LATEST_AGENT_VER
-        url = agent.winagent_dl
-        inno = agent.win_inno_exe
-    else:
-        version = "1.3.0"
-        inno = (
-            "winagent-v1.3.0.exe" if agent.arch == "64" else "winagent-v1.3.0-x86.exe"
-        )
-        url = f"https://github.com/wh1te909/rmmagent/releases/download/v1.3.0/{inno}"
+    version = settings.LATEST_AGENT_VER
+    inno = agent.win_inno_exe
+    url = get_winagent_url(agent.arch)
 
-    if agent.pendingactions.filter(
-        action_type="agentupdate", status="pending"
-    ).exists():
-        agent.pendingactions.filter(
+    if not force:
+        if agent.pendingactions.filter(
             action_type="agentupdate", status="pending"
-        ).delete()
+        ).exists():
+            agent.pendingactions.filter(
+                action_type="agentupdate", status="pending"
+            ).delete()
 
-    PendingAction.objects.create(
-        agent=agent,
-        action_type="agentupdate",
-        details={
-            "url": url,
-            "version": version,
-            "inno": inno,
-        },
-    )
+        PendingAction.objects.create(
+            agent=agent,
+            action_type="agentupdate",
+            details={
+                "url": url,
+                "version": version,
+                "inno": inno,
+            },
+        )
 
     nats_data = {
         "func": "agentupdate",
@@ -77,11 +69,21 @@ def agent_update(pk: int) -> str:
 
 
 @app.task
-def send_agent_update_task(pks: list[int]) -> None:
-    chunks = (pks[i : i + 30] for i in range(0, len(pks), 30))
+def force_code_sign(agent_ids: list[str]) -> None:
+    chunks = (agent_ids[i : i + 50] for i in range(0, len(agent_ids), 50))
     for chunk in chunks:
-        for pk in chunk:
-            agent_update(pk)
+        for agent_id in chunk:
+            agent_update(agent_id=agent_id, force=True)
+            sleep(0.05)
+        sleep(4)
+
+
+@app.task
+def send_agent_update_task(agent_ids: list[str]) -> None:
+    chunks = (agent_ids[i : i + 30] for i in range(0, len(agent_ids), 30))
+    for chunk in chunks:
+        for agent_id in chunk:
+            agent_update(agent_id)
             sleep(0.05)
         sleep(4)
 
@@ -89,20 +91,20 @@ def send_agent_update_task(pks: list[int]) -> None:
 @app.task
 def auto_self_agent_update_task() -> None:
     core = CoreSettings.objects.first()
-    if not core.agent_auto_update:
+    if not core.agent_auto_update:  # type:ignore
         return
 
-    q = Agent.objects.only("pk", "version")
-    pks: list[int] = [
-        i.pk
+    q = Agent.objects.only("agent_id", "version")
+    agent_ids: list[str] = [
+        i.agent_id
         for i in q
         if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
     ]
 
-    chunks = (pks[i : i + 30] for i in range(0, len(pks), 30))
+    chunks = (agent_ids[i : i + 30] for i in range(0, len(agent_ids), 30))
     for chunk in chunks:
-        for pk in chunk:
-            agent_update(pk)
+        for agent_id in chunk:
+            agent_update(agent_id)
             sleep(0.05)
         sleep(4)
 
@@ -187,6 +189,7 @@ def agent_outages_task() -> None:
 
     agents = Agent.objects.only(
         "pk",
+        "agent_id",
         "last_seen",
         "offline_time",
         "overdue_time",
@@ -200,20 +203,6 @@ def agent_outages_task() -> None:
             Alert.handle_alert_failure(agent)
 
 
-@app.task
-def handle_agent_recovery_task(pk: int) -> None:
-    sleep(10)
-    from agents.models import RecoveryAction
-
-    action = RecoveryAction.objects.get(pk=pk)
-    if action.mode == "command":
-        data = {"func": "recoverycmd", "recoverycommand": action.command}
-    else:
-        data = {"func": "recover", "payload": {"mode": action.mode}}
-
-    asyncio.run(action.agent.nats_cmd(data, wait=False))
-
-
 @app.task
 def run_script_email_results_task(
     agentpk: int,
@@ -221,14 +210,24 @@ def run_script_email_results_task(
     nats_timeout: int,
     emails: list[str],
     args: list[str] = [],
+    history_pk: int = 0,
 ):
     agent = Agent.objects.get(pk=agentpk)
     script = Script.objects.get(pk=scriptpk)
     r = agent.run_script(
-        scriptpk=script.pk, args=args, full=True, timeout=nats_timeout, wait=True
+        scriptpk=script.pk,
+        args=args,
+        full=True,
+        timeout=nats_timeout,
+        wait=True,
+        history_pk=history_pk,
     )
     if r == "timeout":
-        logger.error(f"{agent.hostname} timed out running script.")
+        DebugLog.error(
+            agent=agent,
+            log_type="scripting",
+            message=f"{agent.hostname}({agent.pk}) timed out running script.",
+        )
         return
 
     CORE = CoreSettings.objects.first()
@@ -244,25 +243,129 @@ def run_script_email_results_task(
 
     msg = EmailMessage()
     msg["Subject"] = subject
-    msg["From"] = CORE.smtp_from_email
+    msg["From"] = CORE.smtp_from_email  # type:ignore
 
     if emails:
         msg["To"] = ", ".join(emails)
     else:
-        msg["To"] = ", ".join(CORE.email_alert_recipients)
+        msg["To"] = ", ".join(CORE.email_alert_recipients)  # type:ignore
 
     msg.set_content(body)
 
     try:
-        with smtplib.SMTP(CORE.smtp_host, CORE.smtp_port, timeout=20) as server:
-            if CORE.smtp_requires_auth:
+        with smtplib.SMTP(
+            CORE.smtp_host, CORE.smtp_port, timeout=20  # type:ignore
+        ) as server:  # type:ignore
+            if CORE.smtp_requires_auth:  # type:ignore
                 server.ehlo()
                 server.starttls()
-                server.login(CORE.smtp_host_user, CORE.smtp_host_password)
+                server.login(
+                    CORE.smtp_host_user, CORE.smtp_host_password  # type:ignore
+                )  # type:ignore
                 server.send_message(msg)
                 server.quit()
             else:
                 server.send_message(msg)
                 server.quit()
     except Exception as e:
-        logger.error(e)
+        DebugLog.error(message=e)
+
+
+@app.task
+def clear_faults_task(older_than_days: int) -> None:
+    # https://github.com/wh1te909/tacticalrmm/issues/484
+    agents = Agent.objects.exclude(last_seen__isnull=True).filter(
+        last_seen__lt=djangotime.now() - djangotime.timedelta(days=older_than_days)
+    )
+    for agent in agents:
+        if agent.agentchecks.exists():
+            for check in agent.agentchecks.all():
+                # reset check status
+                check.status = "passing"
+                check.save(update_fields=["status"])
+                if check.alert.filter(resolved=False).exists():
+                    check.alert.get(resolved=False).resolve()
+
+        # reset overdue alerts
+        agent.overdue_email_alert = False
+        agent.overdue_text_alert = False
+        agent.overdue_dashboard_alert = False
+        agent.save(
+            update_fields=[
+                "overdue_email_alert",
+                "overdue_text_alert",
+                "overdue_dashboard_alert",
+            ]
+        )
+
+
+@app.task
+def get_wmi_task() -> None:
+    agents = Agent.objects.only(
+        "pk", "agent_id", "last_seen", "overdue_time", "offline_time"
+    )
+    ids = [i.agent_id for i in agents if i.status == "online"]
+    run_nats_api_cmd("wmi", ids, timeout=45)
+
+
+@app.task
+def agent_checkin_task() -> None:
+    run_nats_api_cmd("checkin", timeout=30)
+
+
+@app.task
+def agent_getinfo_task() -> None:
+    run_nats_api_cmd("agentinfo", timeout=30)
+
+
+@app.task
+def prune_agent_history(older_than_days: int) -> str:
+    from .models import AgentHistory
+
+    AgentHistory.objects.filter(
+        time__lt=djangotime.now() - djangotime.timedelta(days=older_than_days)
+    ).delete()
+
+    return "ok"
+
+
+@app.task
+def handle_agents_task() -> None:
+    q = Agent.objects.prefetch_related("pendingactions", "autotasks").only(
+        "pk", "agent_id", "version", "last_seen", "overdue_time", "offline_time"
+    )
+    agents = [
+        i
+        for i in q
+        if pyver.parse(i.version) >= pyver.parse("1.6.0") and i.status == "online"
+    ]
+    for agent in agents:
+        # change agent update pending status to completed if agent has just updated
+        if (
+            pyver.parse(agent.version) == pyver.parse(settings.LATEST_AGENT_VER)
+            and agent.pendingactions.filter(
+                action_type="agentupdate", status="pending"
+            ).exists()
+        ):
+            agent.pendingactions.filter(
+                action_type="agentupdate", status="pending"
+            ).update(status="completed")
+
+        # sync scheduled tasks
+        if agent.autotasks.exclude(sync_status="synced").exists():  # type: ignore
+            tasks = agent.autotasks.exclude(sync_status="synced")  # type: ignore
+
+            for task in tasks:
+                if task.sync_status == "pendingdeletion":
+                    task.delete_task_on_agent()
+                elif task.sync_status == "initial":
+                    task.modify_task_on_agent()
+                elif task.sync_status == "notsynced":
+                    task.create_task_on_agent()
+
+        # handles any alerting actions
+        if Alert.objects.filter(agent=agent, resolved=False).exists():
+            try:
+                Alert.handle_alert_resolve(agent)
+            except:
+                continue

api/tacticalrmm/agents/urls.py

@@ -1,33 +1,44 @@
 from django.urls import path
 
 from . import views
+from checks.views import GetAddChecks
+from autotasks.views import GetAddAutoTasks
+from logs.views import PendingActions
 
 urlpatterns = [
-    path("listagents/", views.AgentsTableList.as_view()),
-    path("listagentsnodetail/", views.list_agents_no_detail),
-    path("<int:pk>/agenteditdetails/", views.agent_edit_details),
-    path("overdueaction/", views.overdue_action),
-    path("sendrawcmd/", views.send_raw_cmd),
-    path("<pk>/agentdetail/", views.agent_detail),
-    path("<int:pk>/meshcentral/", views.meshcentral),
+    # agent views
+    path("", views.GetAgents.as_view()),
+    path("<agent:agent_id>/", views.GetUpdateDeleteAgent.as_view()),
+    path("<agent:agent_id>/cmd/", views.send_raw_cmd),
+    path("<agent:agent_id>/runscript/", views.run_script),
+    path("<agent:agent_id>/wmi/", views.WMI.as_view()),
+    path("<agent:agent_id>/recover/", views.recover),
+    path("<agent:agent_id>/reboot/", views.Reboot.as_view()),
+    path("<agent:agent_id>/ping/", views.ping),
+    # alias for checks get view
+    path("<agent:agent_id>/checks/", GetAddChecks.as_view()),
+    # alias for autotasks get view
+    path("<agent:agent_id>/tasks/", GetAddAutoTasks.as_view()),
+    # alias for pending actions get view
+    path("<agent:agent_id>/pendingactions/", PendingActions.as_view()),
+    # agent remote background
+    path("<agent:agent_id>/meshcentral/", views.AgentMeshCentral.as_view()),
+    path("<agent:agent_id>/meshcentral/recover/", views.AgentMeshCentral.as_view()),
+    path("<agent:agent_id>/processes/", views.AgentProcesses.as_view()),
+    path("<agent:agent_id>/processes/<int:pid>/", views.AgentProcesses.as_view()),
+    path("<agent:agent_id>/eventlog/<str:logtype>/<int:days>/", views.get_event_log),
+    # agent history
+    path("history/", views.AgentHistoryView.as_view()),
+    path("<agent:agent_id>/history/", views.AgentHistoryView.as_view()),
+    # agent notes
+    path("notes/", views.GetAddNotes.as_view()),
+    path("notes/<int:pk>/", views.GetEditDeleteNote.as_view()),
+    path("<agent:agent_id>/notes/", views.GetAddNotes.as_view()),
+    # bulk actions
+    path("maintenance/bulk/", views.agent_maintenance),
+    path("actions/bulk/", views.bulk),
+    path("versions/", views.get_agent_versions),
+    path("update/", views.update_agents),
+    path("installer/", views.install_agent),
     path("<str:arch>/getmeshexe/", views.get_mesh_exe),
-    path("uninstall/", views.uninstall),
-    path("editagent/", views.edit_agent),
-    path("<pk>/geteventlog/<logtype>/<days>/", views.get_event_log),
-    path("getagentversions/", views.get_agent_versions),
-    path("updateagents/", views.update_agents),
-    path("<pk>/getprocs/", views.get_processes),
-    path("<pk>/<pid>/killproc/", views.kill_proc),
-    path("reboot/", views.Reboot.as_view()),
-    path("installagent/", views.install_agent),
-    path("<int:pk>/ping/", views.ping),
-    path("recover/", views.recover),
-    path("runscript/", views.run_script),
-    path("<int:pk>/recovermesh/", views.recover_mesh),
-    path("<int:pk>/notes/", views.GetAddNotes.as_view()),
-    path("<int:pk>/note/", views.GetEditDeleteNote.as_view()),
-    path("bulk/", views.bulk),
-    path("agent_counts/", views.agent_counts),
-    path("maintenance/", views.agent_maintenance),
-    path("<int:pk>/wmi/", views.WMI.as_view()),
 ]

api/tacticalrmm/agents/utils.py

@@ -0,0 +1,40 @@
+import random
+import urllib.parse
+import requests
+
+from django.conf import settings
+from core.models import CodeSignToken
+
+
+def get_exegen_url() -> str:
+    urls: list[str] = settings.EXE_GEN_URLS
+    for url in urls:
+        try:
+            r = requests.get(url, timeout=10)
+        except:
+            continue
+
+        if r.status_code == 200:
+            return url
+
+    return random.choice(urls)
+
+
+def get_winagent_url(arch: str) -> str:
+
+    dl_url = settings.DL_32 if arch == "32" else settings.DL_64
+
+    try:
+        t: CodeSignToken = CodeSignToken.objects.first()  # type: ignore
+        if t.is_valid:
+            base_url = get_exegen_url() + "/api/v1/winagents/?"
+            params = {
+                "version": settings.LATEST_AGENT_VER,
+                "arch": arch,
+                "token": t.token,
+            }
+            dl_url = base_url + urllib.parse.urlencode(params)
+    except:
+        pass
+
+    return dl_url

api/tacticalrmm/alerts/migrations/0007_auto_20210721_0423.py

@@ -0,0 +1,33 @@
+# Generated by Django 3.2.1 on 2021-07-21 04:23
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0006_auto_20210217_1736'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='created_time',
+            field=models.DateTimeField(auto_now_add=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='modified_by',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='modified_time',
+            field=models.DateTimeField(auto_now=True, null=True),
+        ),
+    ]

api/tacticalrmm/alerts/migrations/0008_auto_20210721_1757.py

@@ -0,0 +1,28 @@
+# Generated by Django 3.2.1 on 2021-07-21 17:57
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0007_auto_20210721_0423'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='agent_script_actions',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='check_script_actions',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='task_script_actions',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+    ]

api/tacticalrmm/alerts/migrations/0009_auto_20210721_1810.py

@@ -0,0 +1,28 @@
+# Generated by Django 3.2.1 on 2021-07-21 18:10
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0008_auto_20210721_1757'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='agent_script_actions',
+            field=models.BooleanField(blank=True, default=True, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='check_script_actions',
+            field=models.BooleanField(blank=True, default=True, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='task_script_actions',
+            field=models.BooleanField(blank=True, default=True, null=True),
+        ),
+    ]

api/tacticalrmm/alerts/migrations/0010_auto_20210917_1954.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.6 on 2021-09-17 19:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("alerts", "0009_auto_20210721_1810"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="alerttemplate",
+            name="created_by",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name="alerttemplate",
+            name="modified_by",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]

api/tacticalrmm/alerts/models.py

@@ -1,20 +1,21 @@
 from __future__ import annotations
 
+import re
 from typing import TYPE_CHECKING, Union
 
-from django.conf import settings
 from django.contrib.postgres.fields import ArrayField
 from django.db import models
 from django.db.models.fields import BooleanField, PositiveIntegerField
 from django.utils import timezone as djangotime
-from loguru import logger
+
+from logs.models import BaseAuditModel, DebugLog
+from tacticalrmm.models import PermissionQuerySet
 
 if TYPE_CHECKING:
     from agents.models import Agent
     from autotasks.models import AutomatedTask
     from checks.models import Check
 
-logger.configure(**settings.LOG_CONFIG)
 
 SEVERITY_CHOICES = [
     ("info", "Informational"),
@@ -31,6 +32,8 @@ ALERT_TYPE_CHOICES = [
 
 
 class Alert(models.Model):
+    objects = PermissionQuerySet.as_manager()
+
     agent = models.ForeignKey(
         "agents.Agent",
         related_name="agent",
@@ -158,7 +161,7 @@ class Alert(models.Model):
             email_alert = instance.overdue_email_alert
             text_alert = instance.overdue_text_alert
             dashboard_alert = instance.overdue_dashboard_alert
-            alert_template = instance.get_alert_template()
+            alert_template = instance.alert_template
             maintenance_mode = instance.maintenance_mode
             alert_severity = "error"
             agent = instance
@@ -172,6 +175,7 @@ class Alert(models.Model):
                 always_email = alert_template.agent_always_email
                 always_text = alert_template.agent_always_text
                 alert_interval = alert_template.agent_periodic_alert_days
+                run_script_action = alert_template.agent_script_actions
 
             if instance.should_create_alert(alert_template):
                 alert = cls.create_or_return_availability_alert(instance)
@@ -194,7 +198,7 @@ class Alert(models.Model):
             email_alert = instance.email_alert
             text_alert = instance.text_alert
             dashboard_alert = instance.dashboard_alert
-            alert_template = instance.agent.get_alert_template()
+            alert_template = instance.agent.alert_template
             maintenance_mode = instance.agent.maintenance_mode
             alert_severity = instance.alert_severity
             agent = instance.agent
@@ -208,6 +212,7 @@ class Alert(models.Model):
                 always_email = alert_template.check_always_email
                 always_text = alert_template.check_always_text
                 alert_interval = alert_template.check_periodic_alert_days
+                run_script_action = alert_template.check_script_actions
 
             if instance.should_create_alert(alert_template):
                 alert = cls.create_or_return_check_alert(instance)
@@ -227,7 +232,7 @@ class Alert(models.Model):
             email_alert = instance.email_alert
             text_alert = instance.text_alert
             dashboard_alert = instance.dashboard_alert
-            alert_template = instance.agent.get_alert_template()
+            alert_template = instance.agent.alert_template
             maintenance_mode = instance.agent.maintenance_mode
             alert_severity = instance.alert_severity
             agent = instance.agent
@@ -241,6 +246,7 @@ class Alert(models.Model):
                 always_email = alert_template.task_always_email
                 always_text = alert_template.task_always_text
                 alert_interval = alert_template.task_periodic_alert_days
+                run_script_action = alert_template.task_script_actions
 
             if instance.should_create_alert(alert_template):
                 alert = cls.create_or_return_task_alert(instance)
@@ -294,10 +300,10 @@ class Alert(models.Model):
                 text_task.delay(pk=alert.pk, alert_interval=alert_interval)
 
         # check if any scripts should be run
-        if alert_template and alert_template.action and not alert.action_run:
+        if alert_template and alert_template.action and run_script_action and not alert.action_run:  # type: ignore
             r = agent.run_script(
                 scriptpk=alert_template.action.pk,
-                args=alert_template.action_args,
+                args=alert.parse_script_args(alert_template.action_args),
                 timeout=alert_template.action_timeout,
                 wait=True,
                 full=True,
@@ -313,8 +319,10 @@ class Alert(models.Model):
                 alert.action_run = djangotime.now()
                 alert.save()
             else:
-                logger.error(
-                    f"Failure action: {alert_template.action.name} failed to run on any agent for {agent.hostname} failure alert"
+                DebugLog.error(
+                    agent=agent,
+                    log_type="scripting",
+                    message=f"Failure action: {alert_template.action.name} failed to run on any agent for {agent.hostname}({agent.pk}) failure alert",
                 )
 
     @classmethod
@@ -336,7 +344,7 @@ class Alert(models.Model):
             resolved_email_task = agent_recovery_email_task
             resolved_text_task = agent_recovery_sms_task
 
-            alert_template = instance.get_alert_template()
+            alert_template = instance.alert_template
             alert = cls.objects.get(agent=instance, resolved=False)
             maintenance_mode = instance.maintenance_mode
             agent = instance
@@ -344,6 +352,7 @@ class Alert(models.Model):
             if alert_template:
                 email_on_resolved = alert_template.agent_email_on_resolved
                 text_on_resolved = alert_template.agent_text_on_resolved
+                run_script_action = alert_template.agent_script_actions
 
         elif isinstance(instance, Check):
             from checks.tasks import (
@@ -354,7 +363,7 @@ class Alert(models.Model):
             resolved_email_task = handle_resolved_check_email_alert_task
             resolved_text_task = handle_resolved_check_sms_alert_task
 
-            alert_template = instance.agent.get_alert_template()
+            alert_template = instance.agent.alert_template
             alert = cls.objects.get(assigned_check=instance, resolved=False)
             maintenance_mode = instance.agent.maintenance_mode
             agent = instance.agent
@@ -362,6 +371,7 @@ class Alert(models.Model):
             if alert_template:
                 email_on_resolved = alert_template.check_email_on_resolved
                 text_on_resolved = alert_template.check_text_on_resolved
+                run_script_action = alert_template.check_script_actions
 
         elif isinstance(instance, AutomatedTask):
             from autotasks.tasks import (
@@ -372,7 +382,7 @@ class Alert(models.Model):
             resolved_email_task = handle_resolved_task_email_alert
             resolved_text_task = handle_resolved_task_sms_alert
 
-            alert_template = instance.agent.get_alert_template()
+            alert_template = instance.agent.alert_template
             alert = cls.objects.get(assigned_task=instance, resolved=False)
             maintenance_mode = instance.agent.maintenance_mode
             agent = instance.agent
@@ -380,6 +390,7 @@ class Alert(models.Model):
             if alert_template:
                 email_on_resolved = alert_template.task_email_on_resolved
                 text_on_resolved = alert_template.task_text_on_resolved
+                run_script_action = alert_template.task_script_actions
 
         else:
             return
@@ -402,11 +413,12 @@ class Alert(models.Model):
         if (
             alert_template
             and alert_template.resolved_action
+            and run_script_action  # type: ignore
             and not alert.resolved_action_run
         ):
             r = agent.run_script(
                 scriptpk=alert_template.resolved_action.pk,
-                args=alert_template.resolved_action_args,
+                args=alert.parse_script_args(alert_template.resolved_action_args),
                 timeout=alert_template.resolved_action_timeout,
                 wait=True,
                 full=True,
@@ -424,12 +436,44 @@ class Alert(models.Model):
                 alert.resolved_action_run = djangotime.now()
                 alert.save()
             else:
-                logger.error(
-                    f"Resolved action: {alert_template.action.name} failed to run on any agent for {agent.hostname} resolved alert"
+                DebugLog.error(
+                    agent=agent,
+                    log_type="scripting",
+                    message=f"Resolved action: {alert_template.action.name} failed to run on any agent for {agent.hostname}({agent.pk}) resolved alert",
                 )
 
+    def parse_script_args(self, args: list[str]):
 
-class AlertTemplate(models.Model):
+        if not args:
+            return []
+
+        temp_args = list()
+        # pattern to match for injection
+        pattern = re.compile(".*\\{\\{alert\\.(.*)\\}\\}.*")
+
+        for arg in args:
+            match = pattern.match(arg)
+            if match:
+                name = match.group(1)
+
+                if hasattr(self, name):
+                    value = f"'{getattr(self, name)}'"
+                else:
+                    continue
+
+                try:
+                    temp_args.append(re.sub("\\{\\{.*\\}\\}", value, arg))  # type: ignore
+                except Exception as e:
+                    DebugLog.error(log_type="scripting", message=e)
+                    continue
+
+            else:
+                temp_args.append(arg)
+
+        return temp_args
+
+
+class AlertTemplate(BaseAuditModel):
     name = models.CharField(max_length=100)
     is_active = models.BooleanField(default=True)
 
@@ -486,6 +530,7 @@ class AlertTemplate(models.Model):
     agent_always_text = BooleanField(null=True, blank=True, default=None)
     agent_always_alert = BooleanField(null=True, blank=True, default=None)
     agent_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
+    agent_script_actions = BooleanField(null=True, blank=True, default=True)
 
     # check alert settings
     check_email_alert_severity = ArrayField(
@@ -509,6 +554,7 @@ class AlertTemplate(models.Model):
     check_always_text = BooleanField(null=True, blank=True, default=None)
     check_always_alert = BooleanField(null=True, blank=True, default=None)
     check_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
+    check_script_actions = BooleanField(null=True, blank=True, default=True)
 
     # task alert settings
     task_email_alert_severity = ArrayField(
@@ -532,6 +578,7 @@ class AlertTemplate(models.Model):
     task_always_text = BooleanField(null=True, blank=True, default=None)
     task_always_alert = BooleanField(null=True, blank=True, default=None)
     task_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
+    task_script_actions = BooleanField(null=True, blank=True, default=True)
 
     # exclusion settings
     exclude_workstations = BooleanField(null=True, blank=True, default=False)
@@ -550,6 +597,13 @@ class AlertTemplate(models.Model):
     def __str__(self):
         return self.name
 
+    @staticmethod
+    def serialize(alert_template):
+        # serializes the agent and returns json
+        from .serializers import AlertTemplateAuditSerializer
+
+        return AlertTemplateAuditSerializer(alert_template).data
+
     @property
     def has_agent_settings(self) -> bool:
         return (

api/tacticalrmm/alerts/permissions.py

@@ -0,0 +1,55 @@
+from django.shortcuts import get_object_or_404
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm, _has_perm_on_agent
+
+
+def _has_perm_on_alert(user, id: int):
+    from alerts.models import Alert
+
+    role = user.role
+    if user.is_superuser or (role and getattr(role, "is_superuser")):
+        return True
+
+    # make sure non-superusers with empty roles aren't permitted
+    elif not role:
+        return False
+
+    alert = get_object_or_404(Alert, id=id)
+
+    if alert.agent:
+        agent_id = alert.agent.agent_id
+    elif alert.assigned_check:
+        agent_id = alert.assigned_check.agent.agent_id
+    elif alert.assigned_task:
+        agent_id = alert.assigned_task.agent.agent_id
+    else:
+        return True
+
+    return _has_perm_on_agent(user, agent_id)
+
+
+class AlertPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET" or r.method == "PATCH":
+            if "pk" in view.kwargs.keys():
+                return _has_perm(r, "can_list_alerts") and _has_perm_on_alert(
+                    r.user, view.kwargs["pk"]
+                )
+            else:
+                return _has_perm(r, "can_list_alerts")
+        else:
+            if "pk" in view.kwargs.keys():
+                return _has_perm(r, "can_manage_alerts") and _has_perm_on_alert(
+                    r.user, view.kwargs["pk"]
+                )
+            else:
+                return _has_perm(r, "can_manage_alerts")
+
+
+class AlertTemplatePerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return _has_perm(r, "can_list_alerttemplates")
+        else:
+            return _has_perm(r, "can_manage_alerttemplates")

api/tacticalrmm/alerts/serializers.py

@@ -2,7 +2,7 @@ from rest_framework.fields import SerializerMethodField
 from rest_framework.serializers import ModelSerializer, ReadOnlyField
 
 from automation.serializers import PolicySerializer
-from clients.serializers import ClientSerializer, SiteSerializer
+from clients.serializers import ClientMinimumSerializer, SiteMinimumSerializer
 from tacticalrmm.utils import get_default_timezone
 
 from .models import Alert, AlertTemplate
@@ -113,9 +113,15 @@ class AlertTemplateSerializer(ModelSerializer):
 
 class AlertTemplateRelationSerializer(ModelSerializer):
     policies = PolicySerializer(read_only=True, many=True)
-    clients = ClientSerializer(read_only=True, many=True)
-    sites = SiteSerializer(read_only=True, many=True)
+    clients = ClientMinimumSerializer(read_only=True, many=True)
+    sites = SiteMinimumSerializer(read_only=True, many=True)
 
     class Meta:
         model = AlertTemplate
         fields = "__all__"
+
+
+class AlertTemplateAuditSerializer(ModelSerializer):
+    class Meta:
+        model = AlertTemplate
+        fields = "__all__"

api/tacticalrmm/alerts/tasks.py

@@ -1,14 +1,34 @@
 from django.utils import timezone as djangotime
-
-from alerts.models import Alert
 from tacticalrmm.celery import app
 
 
 @app.task
 def unsnooze_alerts() -> str:
+    from .models import Alert
 
     Alert.objects.filter(snoozed=True, snooze_until__lte=djangotime.now()).update(
         snoozed=False, snooze_until=None
     )
 
     return "ok"
+
+
+@app.task
+def cache_agents_alert_template():
+    from agents.models import Agent
+
+    for agent in Agent.objects.only("pk"):
+        agent.set_alert_template()
+
+    return "ok"
+
+
+@app.task
+def prune_resolved_alerts(older_than_days: int) -> str:
+    from .models import Alert
+
+    Alert.objects.filter(resolved=True).filter(
+        alert_time__lt=djangotime.now() - djangotime.timedelta(days=older_than_days)
+    ).delete()
+
+    return "ok"

api/tacticalrmm/alerts/tests.py

@@ -1,13 +1,15 @@
 from datetime import datetime, timedelta
 from unittest.mock import patch
+from itertools import cycle
 
+from core.models import CoreSettings
 from django.conf import settings
 from django.utils import timezone as djangotime
 from model_bakery import baker, seq
-
-from core.models import CoreSettings
 from tacticalrmm.test import TacticalTestCase
 
+from alerts.tasks import cache_agents_alert_template
+
 from .models import Alert, AlertTemplate
 from .serializers import (
     AlertSerializer,
@@ -15,6 +17,8 @@ from .serializers import (
     AlertTemplateSerializer,
 )
 
+base_url = "/alerts"
+
 
 class TestAlertsViews(TacticalTestCase):
     def setUp(self):
@@ -22,7 +26,7 @@ class TestAlertsViews(TacticalTestCase):
         self.setup_coresettings()
 
     def test_get_alerts(self):
-        url = "/alerts/alerts/"
+        url = "/alerts/"
 
         # create check, task, and agent to test each serializer function
         check = baker.make_recipe("checks.diskspace_check")
@@ -115,7 +119,7 @@ class TestAlertsViews(TacticalTestCase):
         self.check_not_authenticated("patch", url)
 
     def test_add_alert(self):
-        url = "/alerts/alerts/"
+        url = "/alerts/"
 
         agent = baker.make_recipe("agents.agent")
         data = {
@@ -132,11 +136,11 @@ class TestAlertsViews(TacticalTestCase):
 
     def test_get_alert(self):
         # returns 404 for invalid alert pk
-        resp = self.client.get("/alerts/alerts/500/", format="json")
+        resp = self.client.get("/alerts/500/", format="json")
         self.assertEqual(resp.status_code, 404)
 
         alert = baker.make("alerts.Alert")
-        url = f"/alerts/alerts/{alert.pk}/"  # type: ignore
+        url = f"/alerts/{alert.pk}/"  # type: ignore
 
         resp = self.client.get(url, format="json")
         serializer = AlertSerializer(alert)
@@ -148,16 +152,15 @@ class TestAlertsViews(TacticalTestCase):
 
     def test_update_alert(self):
         # returns 404 for invalid alert pk
-        resp = self.client.put("/alerts/alerts/500/", format="json")
+        resp = self.client.put("/alerts/500/", format="json")
         self.assertEqual(resp.status_code, 404)
 
         alert = baker.make("alerts.Alert", resolved=False, snoozed=False)
 
-        url = f"/alerts/alerts/{alert.pk}/"  # type: ignore
+        url = f"/alerts/{alert.pk}/"  # type: ignore
 
         # test resolving alert
         data = {
-            "id": alert.pk,  # type: ignore
             "type": "resolve",
         }
         resp = self.client.put(url, data, format="json")
@@ -166,26 +169,26 @@ class TestAlertsViews(TacticalTestCase):
         self.assertTrue(Alert.objects.get(pk=alert.pk).resolved_on)  # type: ignore
 
         # test snoozing alert
-        data = {"id": alert.pk, "type": "snooze", "snooze_days": "30"}  # type: ignore
+        data = {"type": "snooze", "snooze_days": "30"}  # type: ignore
         resp = self.client.put(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
         self.assertTrue(Alert.objects.get(pk=alert.pk).snoozed)  # type: ignore
         self.assertTrue(Alert.objects.get(pk=alert.pk).snooze_until)  # type: ignore
 
         # test snoozing alert without snooze_days
-        data = {"id": alert.pk, "type": "snooze"}  # type: ignore
+        data = {"type": "snooze"}  # type: ignore
         resp = self.client.put(url, data, format="json")
         self.assertEqual(resp.status_code, 400)
 
         # test unsnoozing alert
-        data = {"id": alert.pk, "type": "unsnooze"}  # type: ignore
+        data = {"type": "unsnooze"}  # type: ignore
         resp = self.client.put(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
         self.assertFalse(Alert.objects.get(pk=alert.pk).snoozed)  # type: ignore
         self.assertFalse(Alert.objects.get(pk=alert.pk).snooze_until)  # type: ignore
 
         # test invalid type
-        data = {"id": alert.pk, "type": "invalid"}  # type: ignore
+        data = {"type": "invalid"}  # type: ignore
         resp = self.client.put(url, data, format="json")
         self.assertEqual(resp.status_code, 400)
 
@@ -193,13 +196,13 @@ class TestAlertsViews(TacticalTestCase):
 
     def test_delete_alert(self):
         # returns 404 for invalid alert pk
-        resp = self.client.put("/alerts/alerts/500/", format="json")
+        resp = self.client.put("/alerts/500/", format="json")
         self.assertEqual(resp.status_code, 404)
 
         alert = baker.make("alerts.Alert")
 
         # test delete alert
-        url = f"/alerts/alerts/{alert.pk}/"  # type: ignore
+        url = f"/alerts/{alert.pk}/"  # type: ignore
         resp = self.client.delete(url, format="json")
         self.assertEqual(resp.status_code, 200)
 
@@ -241,7 +244,7 @@ class TestAlertsViews(TacticalTestCase):
         self.assertTrue(Alert.objects.filter(snoozed=False).exists())
 
     def test_get_alert_templates(self):
-        url = "/alerts/alerttemplates/"
+        url = "/alerts/templates/"
 
         alert_templates = baker.make("alerts.AlertTemplate", _quantity=3)
         resp = self.client.get(url, format="json")
@@ -253,7 +256,7 @@ class TestAlertsViews(TacticalTestCase):
         self.check_not_authenticated("get", url)
 
     def test_add_alert_template(self):
-        url = "/alerts/alerttemplates/"
+        url = "/alerts/templates/"
 
         data = {
             "name": "Test Template",
@@ -266,11 +269,11 @@ class TestAlertsViews(TacticalTestCase):
 
     def test_get_alert_template(self):
         # returns 404 for invalid alert template pk
-        resp = self.client.get("/alerts/alerttemplates/500/", format="json")
+        resp = self.client.get("/alerts/templates/500/", format="json")
         self.assertEqual(resp.status_code, 404)
 
         alert_template = baker.make("alerts.AlertTemplate")
-        url = f"/alerts/alerttemplates/{alert_template.pk}/"  # type: ignore
+        url = f"/alerts/templates/{alert_template.pk}/"  # type: ignore
 
         resp = self.client.get(url, format="json")
         serializer = AlertTemplateSerializer(alert_template)
@@ -282,16 +285,15 @@ class TestAlertsViews(TacticalTestCase):
 
     def test_update_alert_template(self):
         # returns 404 for invalid alert pk
-        resp = self.client.put("/alerts/alerttemplates/500/", format="json")
+        resp = self.client.put("/alerts/templates/500/", format="json")
         self.assertEqual(resp.status_code, 404)
 
         alert_template = baker.make("alerts.AlertTemplate")
 
-        url = f"/alerts/alerttemplates/{alert_template.pk}/"  # type: ignore
+        url = f"/alerts/templates/{alert_template.pk}/"  # type: ignore
 
         # test data
         data = {
-            "id": alert_template.pk,  # type: ignore
             "agent_email_on_resolved": True,
             "agent_text_on_resolved": True,
             "agent_include_desktops": True,
@@ -307,13 +309,13 @@ class TestAlertsViews(TacticalTestCase):
 
     def test_delete_alert_template(self):
         # returns 404 for invalid alert pk
-        resp = self.client.put("/alerts/alerttemplates/500/", format="json")
+        resp = self.client.put("/alerts/templates/500/", format="json")
         self.assertEqual(resp.status_code, 404)
 
         alert_template = baker.make("alerts.AlertTemplate")
 
         # test delete alert
-        url = f"/alerts/alerttemplates/{alert_template.pk}/"  # type: ignore
+        url = f"/alerts/templates/{alert_template.pk}/"  # type: ignore
         resp = self.client.delete(url, format="json")
         self.assertEqual(resp.status_code, 200)
 
@@ -328,10 +330,10 @@ class TestAlertsViews(TacticalTestCase):
         baker.make("clients.Site", alert_template=alert_template, _quantity=3)
         baker.make("automation.Policy", alert_template=alert_template)
         core = CoreSettings.objects.first()
-        core.alert_template = alert_template
-        core.save()
+        core.alert_template = alert_template  # type: ignore
+        core.save()  # type: ignore
 
-        url = f"/alerts/alerttemplates/{alert_template.pk}/related/"  # type: ignore
+        url = f"/alerts/templates/{alert_template.pk}/related/"  # type: ignore
 
         resp = self.client.get(url, format="json")
         serializer = AlertTemplateRelationSerializer(alert_template)
@@ -395,25 +397,25 @@ class TestAlertTasks(TacticalTestCase):
         alert_templates = baker.make("alerts.AlertTemplate", _quantity=6)
 
         # should be None
-        self.assertFalse(workstation.get_alert_template())
-        self.assertFalse(server.get_alert_template())
+        self.assertFalse(workstation.set_alert_template())
+        self.assertFalse(server.set_alert_template())
 
         # assign first Alert Template as to a policy and apply it as default
         policy.alert_template = alert_templates[0]  # type: ignore
         policy.save()  # type: ignore
-        core.workstation_policy = policy
-        core.server_policy = policy
-        core.save()
+        core.workstation_policy = policy  # type: ignore
+        core.server_policy = policy  # type: ignore
+        core.save()  # type: ignore
 
-        self.assertEquals(server.get_alert_template().pk, alert_templates[0].pk)  # type: ignore
-        self.assertEquals(workstation.get_alert_template().pk, alert_templates[0].pk)  # type: ignore
+        self.assertEquals(server.set_alert_template().pk, alert_templates[0].pk)  # type: ignore
+        self.assertEquals(workstation.set_alert_template().pk, alert_templates[0].pk)  # type: ignore
 
         # assign second Alert Template to as default alert template
         core.alert_template = alert_templates[1]  # type: ignore
-        core.save()
+        core.save()  # type: ignore
 
-        self.assertEquals(workstation.get_alert_template().pk, alert_templates[1].pk)  # type: ignore
-        self.assertEquals(server.get_alert_template().pk, alert_templates[1].pk)  # type: ignore
+        self.assertEquals(workstation.set_alert_template().pk, alert_templates[1].pk)  # type: ignore
+        self.assertEquals(server.set_alert_template().pk, alert_templates[1].pk)  # type: ignore
 
         # assign third Alert Template to client
         workstation.client.alert_template = alert_templates[2]  # type: ignore
@@ -421,8 +423,8 @@ class TestAlertTasks(TacticalTestCase):
         workstation.client.save()
         server.client.save()
 
-        self.assertEquals(workstation.get_alert_template().pk, alert_templates[2].pk)  # type: ignore
-        self.assertEquals(server.get_alert_template().pk, alert_templates[2].pk)  # type: ignore
+        self.assertEquals(workstation.set_alert_template().pk, alert_templates[2].pk)  # type: ignore
+        self.assertEquals(server.set_alert_template().pk, alert_templates[2].pk)  # type: ignore
 
         # apply policy to client and should override
         workstation.client.workstation_policy = policy
@@ -430,8 +432,8 @@ class TestAlertTasks(TacticalTestCase):
         workstation.client.save()
         server.client.save()
 
-        self.assertEquals(workstation.get_alert_template().pk, alert_templates[0].pk)  # type: ignore
-        self.assertEquals(server.get_alert_template().pk, alert_templates[0].pk)  # type: ignore
+        self.assertEquals(workstation.set_alert_template().pk, alert_templates[0].pk)  # type: ignore
+        self.assertEquals(server.set_alert_template().pk, alert_templates[0].pk)  # type: ignore
 
         # assign fouth Alert Template to site
         workstation.site.alert_template = alert_templates[3]  # type: ignore
@@ -439,8 +441,8 @@ class TestAlertTasks(TacticalTestCase):
         workstation.site.save()
         server.site.save()
 
-        self.assertEquals(workstation.get_alert_template().pk, alert_templates[3].pk)  # type: ignore
-        self.assertEquals(server.get_alert_template().pk, alert_templates[3].pk)  # type: ignore
+        self.assertEquals(workstation.set_alert_template().pk, alert_templates[3].pk)  # type: ignore
+        self.assertEquals(server.set_alert_template().pk, alert_templates[3].pk)  # type: ignore
 
         # apply policy to site
         workstation.site.workstation_policy = policy
@@ -448,8 +450,8 @@ class TestAlertTasks(TacticalTestCase):
         workstation.site.save()
         server.site.save()
 
-        self.assertEquals(workstation.get_alert_template().pk, alert_templates[0].pk)  # type: ignore
-        self.assertEquals(server.get_alert_template().pk, alert_templates[0].pk)  # type: ignore
+        self.assertEquals(workstation.set_alert_template().pk, alert_templates[0].pk)  # type: ignore
+        self.assertEquals(server.set_alert_template().pk, alert_templates[0].pk)  # type: ignore
 
         # apply policy to agents
         workstation.policy = policy
@@ -457,35 +459,35 @@ class TestAlertTasks(TacticalTestCase):
         workstation.save()
         server.save()
 
-        self.assertEquals(workstation.get_alert_template().pk, alert_templates[0].pk)  # type: ignore
-        self.assertEquals(server.get_alert_template().pk, alert_templates[0].pk)  # type: ignore
+        self.assertEquals(workstation.set_alert_template().pk, alert_templates[0].pk)  # type: ignore
+        self.assertEquals(server.set_alert_template().pk, alert_templates[0].pk)  # type: ignore
 
         # test disabling alert template
         alert_templates[0].is_active = False  # type: ignore
         alert_templates[0].save()  # type: ignore
 
-        self.assertEquals(workstation.get_alert_template().pk, alert_templates[3].pk)  # type: ignore
-        self.assertEquals(server.get_alert_template().pk, alert_templates[3].pk)  # type: ignore
+        self.assertEquals(workstation.set_alert_template().pk, alert_templates[3].pk)  # type: ignore
+        self.assertEquals(server.set_alert_template().pk, alert_templates[3].pk)  # type: ignore
 
         # test policy exclusions
         alert_templates[3].excluded_agents.set([workstation.pk])  # type: ignore
 
-        self.assertEquals(workstation.get_alert_template().pk, alert_templates[2].pk)  # type: ignore
-        self.assertEquals(server.get_alert_template().pk, alert_templates[3].pk)  # type: ignore
+        self.assertEquals(workstation.set_alert_template().pk, alert_templates[2].pk)  # type: ignore
+        self.assertEquals(server.set_alert_template().pk, alert_templates[3].pk)  # type: ignore
 
         # test workstation exclusions
         alert_templates[2].exclude_workstations = True  # type: ignore
         alert_templates[2].save()  # type: ignore
 
-        self.assertEquals(workstation.get_alert_template().pk, alert_templates[1].pk)  # type: ignore
-        self.assertEquals(server.get_alert_template().pk, alert_templates[3].pk)  # type: ignore
+        self.assertEquals(workstation.set_alert_template().pk, alert_templates[1].pk)  # type: ignore
+        self.assertEquals(server.set_alert_template().pk, alert_templates[3].pk)  # type: ignore
 
         # test server exclusions
         alert_templates[3].exclude_servers = True  # type: ignore
         alert_templates[3].save()  # type: ignore
 
-        self.assertEquals(workstation.get_alert_template().pk, alert_templates[1].pk)  # type: ignore
-        self.assertEquals(server.get_alert_template().pk, alert_templates[2].pk)  # type: ignore
+        self.assertEquals(workstation.set_alert_template().pk, alert_templates[1].pk)  # type: ignore
+        self.assertEquals(server.set_alert_template().pk, alert_templates[2].pk)  # type: ignore
 
     @patch("agents.tasks.sleep")
     @patch("core.models.CoreSettings.send_mail")
@@ -504,6 +506,7 @@ class TestAlertTasks(TacticalTestCase):
         send_email,
         sleep,
     ):
+        from agents.models import Agent
         from agents.tasks import (
             agent_outage_email_task,
             agent_outage_sms_task,
@@ -511,6 +514,7 @@ class TestAlertTasks(TacticalTestCase):
             agent_recovery_email_task,
             agent_recovery_sms_task,
         )
+
         from alerts.models import Alert
 
         agent_dashboard_alert = baker.make_recipe("agents.overdue_agent")
@@ -564,6 +568,8 @@ class TestAlertTasks(TacticalTestCase):
         agent_email_alert = baker.make_recipe(
             "agents.overdue_agent", overdue_email_alert=True
         )
+
+        cache_agents_alert_template()
         agent_outages_task()
 
         # should have created 6 alerts
@@ -663,6 +669,9 @@ class TestAlertTasks(TacticalTestCase):
         alert_template_always_text.agent_text_on_resolved = True  # type: ignore
         alert_template_always_text.save()  # type: ignore
 
+        agent_template_text = Agent.objects.get(pk=agent_template_text.pk)
+        agent_template_email = Agent.objects.get(pk=agent_template_email.pk)
+
         # have the two agents checkin
         url = "/api/v3/checkin/"
 
@@ -719,7 +728,7 @@ class TestAlertTasks(TacticalTestCase):
         send_email,
         sleep,
     ):
-
+        from checks.models import Check
         from checks.tasks import (
             handle_check_email_alert_task,
             handle_check_sms_alert_task,
@@ -727,6 +736,8 @@ class TestAlertTasks(TacticalTestCase):
             handle_resolved_check_sms_alert_task,
         )
 
+        from alerts.tasks import cache_agents_alert_template
+
         # create test data
         agent = baker.make_recipe("agents.agent")
         agent_no_settings = baker.make_recipe("agents.agent")
@@ -800,6 +811,14 @@ class TestAlertTasks(TacticalTestCase):
             "checks.script_check", agent=agent_no_settings
         )
 
+        # update alert template and pull new checks from DB
+        cache_agents_alert_template()
+        check_template_email = Check.objects.get(pk=check_template_email.pk)
+        check_template_dashboard_text = Check.objects.get(
+            pk=check_template_dashboard_text.pk
+        )
+        check_template_blank = Check.objects.get(pk=check_template_blank.pk)
+
         # test agent with check that has alert settings
         check_agent.alert_severity = "warning"
         check_agent.status = "failing"
@@ -905,11 +924,11 @@ class TestAlertTasks(TacticalTestCase):
             Alert.objects.filter(assigned_check=check_template_email).count(), 1
         )
 
-        alert_template_email.check_periodic_alert_days = 1
-        alert_template_email.save()
+        alert_template_email.check_periodic_alert_days = 1  # type: ignore
+        alert_template_email.save()  # type: ignore
 
-        alert_template_dashboard_text.check_periodic_alert_days = 1
-        alert_template_dashboard_text.save()
+        alert_template_dashboard_text.check_periodic_alert_days = 1  # type: ignore
+        alert_template_dashboard_text.save()  # type: ignore
 
         # set last email time for alert in the past
         alert_email = Alert.objects.get(assigned_check=check_template_email)
@@ -921,6 +940,13 @@ class TestAlertTasks(TacticalTestCase):
         alert_sms.sms_sent = djangotime.now() - djangotime.timedelta(days=20)
         alert_sms.save()
 
+        # refresh checks to get alert template changes
+        check_template_email = Check.objects.get(pk=check_template_email.pk)
+        check_template_dashboard_text = Check.objects.get(
+            pk=check_template_dashboard_text.pk
+        )
+        check_template_blank = Check.objects.get(pk=check_template_blank.pk)
+
         Alert.handle_alert_failure(check_template_email)
         Alert.handle_alert_failure(check_template_dashboard_text)
 
@@ -939,11 +965,18 @@ class TestAlertTasks(TacticalTestCase):
         resolved_email.assert_not_called()
 
         # test resolved notifications
-        alert_template_email.check_email_on_resolved = True
-        alert_template_email.save()
+        alert_template_email.check_email_on_resolved = True  # type: ignore
+        alert_template_email.save()  # type: ignore
 
-        alert_template_dashboard_text.check_text_on_resolved = True
-        alert_template_dashboard_text.save()
+        alert_template_dashboard_text.check_text_on_resolved = True  # type: ignore
+        alert_template_dashboard_text.save()  # type: ignore
+
+        # refresh checks to get alert template changes
+        check_template_email = Check.objects.get(pk=check_template_email.pk)
+        check_template_dashboard_text = Check.objects.get(
+            pk=check_template_dashboard_text.pk
+        )
+        check_template_blank = Check.objects.get(pk=check_template_blank.pk)
 
         Alert.handle_alert_resolve(check_template_email)
 
@@ -980,7 +1013,7 @@ class TestAlertTasks(TacticalTestCase):
         send_email,
         sleep,
     ):
-
+        from autotasks.models import AutomatedTask
         from autotasks.tasks import (
             handle_resolved_task_email_alert,
             handle_resolved_task_sms_alert,
@@ -988,6 +1021,8 @@ class TestAlertTasks(TacticalTestCase):
             handle_task_sms_alert,
         )
 
+        from alerts.tasks import cache_agents_alert_template
+
         # create test data
         agent = baker.make_recipe("agents.agent")
         agent_no_settings = baker.make_recipe("agents.agent")
@@ -1052,8 +1087,14 @@ class TestAlertTasks(TacticalTestCase):
             "autotasks.AutomatedTask", agent=agent_no_settings, alert_severity="warning"
         )
 
+        # update alert template and pull new checks from DB
+        cache_agents_alert_template()
+        task_template_email = AutomatedTask.objects.get(pk=task_template_email.pk)  # type: ignore
+        task_template_dashboard_text = AutomatedTask.objects.get(pk=task_template_dashboard_text.pk)  # type: ignore
+        task_template_blank = AutomatedTask.objects.get(pk=task_template_blank.pk)  # type: ignore
+
         # test agent with task that has alert settings
-        Alert.handle_alert_failure(task_agent)
+        Alert.handle_alert_failure(task_agent)  # type: ignore
 
         # alert should have been created and sms, email notifications sent
         self.assertTrue(Alert.objects.filter(assigned_task=task_agent).exists())
@@ -1081,7 +1122,7 @@ class TestAlertTasks(TacticalTestCase):
         send_sms.reset_mock()
 
         # test task with an agent that has an email always alert template
-        Alert.handle_alert_failure(task_template_email)
+        Alert.handle_alert_failure(task_template_email)  # type: ignore
 
         self.assertTrue(Alert.objects.filter(assigned_task=task_template_email))
         alertpk = Alert.objects.get(assigned_task=task_template_email).pk
@@ -1099,7 +1140,7 @@ class TestAlertTasks(TacticalTestCase):
         send_email.reset_mock()
 
         # test task with an agent that has an email always alert template
-        Alert.handle_alert_failure(task_template_dashboard_text)
+        Alert.handle_alert_failure(task_template_dashboard_text)  # type: ignore
 
         self.assertTrue(
             Alert.objects.filter(assigned_task=task_template_dashboard_text).exists()
@@ -1110,11 +1151,11 @@ class TestAlertTasks(TacticalTestCase):
         outage_sms.assert_not_called
 
         # update task alert seveity to error
-        task_template_dashboard_text.alert_severity = "error"
-        task_template_dashboard_text.save()
+        task_template_dashboard_text.alert_severity = "error"  # type: ignore
+        task_template_dashboard_text.save()  # type: ignore
 
         # now should trigger alert
-        Alert.handle_alert_failure(task_template_dashboard_text)
+        Alert.handle_alert_failure(task_template_dashboard_text)  # type: ignore
         outage_sms.assert_called_with(pk=alertpk, alert_interval=0)
         outage_sms.reset_mock()
 
@@ -1130,21 +1171,21 @@ class TestAlertTasks(TacticalTestCase):
         send_sms.reset_mock()
 
         # test task with an agent that has a blank alert template
-        Alert.handle_alert_failure(task_template_blank)
+        Alert.handle_alert_failure(task_template_blank)  # type: ignore
 
         self.assertFalse(
             Alert.objects.filter(assigned_task=task_template_blank).exists()
         )
 
         # test task that has no template and no settings
-        Alert.handle_alert_failure(task_no_settings)
+        Alert.handle_alert_failure(task_no_settings)  # type: ignore
 
         self.assertFalse(Alert.objects.filter(assigned_task=task_no_settings).exists())
 
         # test periodic notifications
 
         # make sure a failing task won't trigger another notification and only create a single alert
-        Alert.handle_alert_failure(task_template_email)
+        Alert.handle_alert_failure(task_template_email)  # type: ignore
         send_email.assert_not_called()
         send_sms.assert_not_called()
 
@@ -1152,11 +1193,11 @@ class TestAlertTasks(TacticalTestCase):
             Alert.objects.filter(assigned_task=task_template_email).count(), 1
         )
 
-        alert_template_email.task_periodic_alert_days = 1
-        alert_template_email.save()
+        alert_template_email.task_periodic_alert_days = 1  # type: ignore
+        alert_template_email.save()  # type: ignore
 
-        alert_template_dashboard_text.task_periodic_alert_days = 1
-        alert_template_dashboard_text.save()
+        alert_template_dashboard_text.task_periodic_alert_days = 1  # type: ignore
+        alert_template_dashboard_text.save()  # type: ignore
 
         # set last email time for alert in the past
         alert_email = Alert.objects.get(assigned_task=task_template_email)
@@ -1168,8 +1209,13 @@ class TestAlertTasks(TacticalTestCase):
         alert_sms.sms_sent = djangotime.now() - djangotime.timedelta(days=20)
         alert_sms.save()
 
-        Alert.handle_alert_failure(task_template_email)
-        Alert.handle_alert_failure(task_template_dashboard_text)
+        # refresh automated tasks to get new alert templates
+        task_template_email = AutomatedTask.objects.get(pk=task_template_email.pk)  # type: ignore
+        task_template_dashboard_text = AutomatedTask.objects.get(pk=task_template_dashboard_text.pk)  # type: ignore
+        task_template_blank = AutomatedTask.objects.get(pk=task_template_blank.pk)  # type: ignore
+
+        Alert.handle_alert_failure(task_template_email)  # type: ignore
+        Alert.handle_alert_failure(task_template_dashboard_text)  # type: ignore
 
         outage_email.assert_called_with(pk=alert_email.pk, alert_interval=1)
         outage_sms.assert_called_with(pk=alert_sms.pk, alert_interval=1)
@@ -1177,7 +1223,7 @@ class TestAlertTasks(TacticalTestCase):
         outage_sms.reset_mock()
 
         # test resolving alerts
-        Alert.handle_alert_resolve(task_agent)
+        Alert.handle_alert_resolve(task_agent)  # type: ignore
 
         self.assertTrue(Alert.objects.get(assigned_task=task_agent).resolved)
         self.assertTrue(Alert.objects.get(assigned_task=task_agent).resolved_on)
@@ -1186,19 +1232,24 @@ class TestAlertTasks(TacticalTestCase):
         resolved_email.assert_not_called()
 
         # test resolved notifications
-        alert_template_email.task_email_on_resolved = True
-        alert_template_email.save()
+        alert_template_email.task_email_on_resolved = True  # type: ignore
+        alert_template_email.save()  # type: ignore
 
-        alert_template_dashboard_text.task_text_on_resolved = True
-        alert_template_dashboard_text.save()
+        alert_template_dashboard_text.task_text_on_resolved = True  # type: ignore
+        alert_template_dashboard_text.save()  # type: ignore
 
-        Alert.handle_alert_resolve(task_template_email)
+        # refresh automated tasks to get new alert templates
+        task_template_email = AutomatedTask.objects.get(pk=task_template_email.pk)  # type: ignore
+        task_template_dashboard_text = AutomatedTask.objects.get(pk=task_template_dashboard_text.pk)  # type: ignore
+        task_template_blank = AutomatedTask.objects.get(pk=task_template_blank.pk)  # type: ignore
+
+        Alert.handle_alert_resolve(task_template_email)  # type: ignore
 
         resolved_email.assert_called_with(pk=alert_email.pk)
         resolved_sms.assert_not_called()
         resolved_email.reset_mock()
 
-        Alert.handle_alert_resolve(task_template_dashboard_text)
+        Alert.handle_alert_resolve(task_template_dashboard_text)  # type: ignore
 
         resolved_sms.assert_called_with(pk=alert_sms.pk)
         resolved_email.assert_not_called()
@@ -1224,17 +1275,17 @@ class TestAlertTasks(TacticalTestCase):
         )
 
         core = CoreSettings.objects.first()
-        core.smtp_host = "test.test.com"
-        core.smtp_port = 587
-        core.smtp_recipients = ["recipient@test.com"]
-        core.twilio_account_sid = "test"
-        core.twilio_auth_token = "1234123412341234"
-        core.sms_alert_recipients = ["+1234567890"]
+        core.smtp_host = "test.test.com"  # type: ignore
+        core.smtp_port = 587  # type: ignore
+        core.smtp_recipients = ["recipient@test.com"]  # type: ignore
+        core.twilio_account_sid = "test"  # type: ignore
+        core.twilio_auth_token = "1234123412341234"  # type: ignore
+        core.sms_alert_recipients = ["+1234567890"]  # type: ignore
 
         # test sending email with alert template settings
-        core.send_mail("Test", "Test", alert_template=alert_template)
+        core.send_mail("Test", "Test", alert_template=alert_template)  # type: ignore
 
-        core.send_sms("Test", alert_template=alert_template)
+        core.send_sms("Test", alert_template=alert_template)  # type: ignore
 
     @patch("agents.models.Agent.nats_cmd")
     @patch("agents.tasks.agent_outage_sms_task.delay")
@@ -1267,6 +1318,7 @@ class TestAlertTasks(TacticalTestCase):
             "alerts.AlertTemplate",
             is_active=True,
             agent_always_alert=True,
+            agent_script_actions=False,
             action=failure_action,
             action_timeout=30,
             resolved_action=resolved_action,
@@ -1276,6 +1328,16 @@ class TestAlertTasks(TacticalTestCase):
         agent.client.alert_template = alert_template
         agent.client.save()
 
+        agent.set_alert_template()
+
+        agent_outages_task()
+
+        # should not have been called since agent_script_actions is set to False
+        nats_cmd.assert_not_called()
+
+        alert_template.agent_script_actions = True  # type: ignore
+        alert_template.save()  # type: ignore
+
         agent_outages_task()
 
         # this is what data should be
@@ -1290,14 +1352,6 @@ class TestAlertTasks(TacticalTestCase):
 
         nats_cmd.reset_mock()
 
-        # Setup cmd mock
-        success = {
-            "retcode": 0,
-            "stdout": "success!",
-            "stderr": "",
-            "execution_time": 5.0000,
-        }
-
         nats_cmd.side_effect = ["pong", success]
 
         # make sure script run results were stored
@@ -1337,3 +1391,199 @@ class TestAlertTasks(TacticalTestCase):
         self.assertEqual(alert.resolved_action_execution_time, "5.0000")
         self.assertEqual(alert.resolved_action_stdout, "success!")
         self.assertEqual(alert.resolved_action_stderr, "")
+
+    def test_parse_script_args(self):
+        alert = baker.make("alerts.Alert")
+
+        args = ["-Parameter", "-Another {{alert.id}}"]
+
+        # test default value
+        self.assertEqual(
+            ["-Parameter", f"-Another '{alert.id}'"],  # type: ignore
+            alert.parse_script_args(args=args),  # type: ignore
+        )
+
+    def test_prune_resolved_alerts(self):
+        from .tasks import prune_resolved_alerts
+
+        # setup data
+        resolved_alerts = baker.make(
+            "alerts.Alert",
+            resolved=True,
+            _quantity=25,
+        )
+
+        alerts = baker.make(
+            "alerts.Alert",
+            resolved=False,
+            _quantity=25,
+        )
+
+        days = 0
+        for alert in resolved_alerts:  # type: ignore
+            alert.alert_time = djangotime.now() - djangotime.timedelta(days=days)
+            alert.save()
+            days = days + 5
+
+        days = 0
+        for alert in alerts:  # type: ignore
+            alert.alert_time = djangotime.now() - djangotime.timedelta(days=days)
+            alert.save()
+            days = days + 5
+
+        # delete AgentHistory older than 30 days
+        prune_resolved_alerts(30)
+
+        self.assertEqual(Alert.objects.count(), 31)
+
+
+class TestAlertPermissions(TacticalTestCase):
+    def setUp(self):
+        self.setup_coresettings()
+        self.client_setup()
+
+    def test_get_alerts_permissions(self):
+        agent = baker.make_recipe("agents.agent")
+        agent1 = baker.make_recipe("agents.agent")
+        agent2 = baker.make_recipe("agents.agent")
+        agents = [agent, agent1, agent2]
+        checks = baker.make("checks.Check", agent=cycle(agents), _quantity=3)
+        tasks = baker.make("autotasks.AutomatedTask", agent=cycle(agents), _quantity=3)
+        baker.make(
+            "alerts.Alert", alert_type="task", assigned_task=cycle(tasks), _quantity=3
+        )
+        baker.make(
+            "alerts.Alert",
+            alert_type="check",
+            assigned_check=cycle(checks),
+            _quantity=3,
+        )
+        baker.make(
+            "alerts.Alert", alert_type="availability", agent=cycle(agents), _quantity=3
+        )
+        baker.make("alerts.Alert", alert_type="custom", _quantity=4)
+
+        # test super user access
+        r = self.check_authorized_superuser("patch", f"{base_url}/")
+        self.assertEqual(len(r.data), 13)  # type: ignore
+
+        user = self.create_user_with_roles([])
+        self.client.force_authenticate(user=user)  # type: ignore
+
+        self.check_not_authorized("patch", f"{base_url}/")
+
+        # add list software role to user
+        user.role.can_list_alerts = True
+        user.role.save()
+
+        r = self.check_authorized("patch", f"{base_url}/")
+        self.assertEqual(len(r.data), 13)  # type: ignore
+
+        # test limiting to client
+        user.role.can_view_clients.set([agent.client])
+        r = self.check_authorized("patch", f"{base_url}/")
+        self.assertEqual(len(r.data), 7)  # type: ignore
+
+        # test limiting to site
+        user.role.can_view_clients.clear()
+        user.role.can_view_sites.set([agent1.site])
+        r = self.client.patch(f"{base_url}/")
+        self.assertEqual(len(r.data), 7)  # type: ignore
+
+        # test limiting to site and client
+        user.role.can_view_clients.set([agent2.client])
+        r = self.client.patch(f"{base_url}/")
+        self.assertEqual(len(r.data), 10)  # type: ignore
+
+    @patch("alerts.models.Alert.delete", return_value=1)
+    def test_edit_delete_get_alert_permissions(self, delete):
+        agent = baker.make_recipe("agents.agent")
+        agent1 = baker.make_recipe("agents.agent")
+        agent2 = baker.make_recipe("agents.agent")
+        agents = [agent, agent1, agent2]
+        checks = baker.make("checks.Check", agent=cycle(agents), _quantity=3)
+        tasks = baker.make("autotasks.AutomatedTask", agent=cycle(agents), _quantity=3)
+        alert_tasks = baker.make(
+            "alerts.Alert", alert_type="task", assigned_task=cycle(tasks), _quantity=3
+        )
+        alert_checks = baker.make(
+            "alerts.Alert",
+            alert_type="check",
+            assigned_check=cycle(checks),
+            _quantity=3,
+        )
+        alert_agents = baker.make(
+            "alerts.Alert", alert_type="availability", agent=cycle(agents), _quantity=3
+        )
+        alert_custom = baker.make("alerts.Alert", alert_type="custom", _quantity=4)
+
+        # alert task url
+        task_url = f"{base_url}/{alert_tasks[0].id}/"  # for agent
+        unauthorized_task_url = f"{base_url}/{alert_tasks[1].id}/"  # for agent1
+        # alert check url
+        check_url = f"{base_url}/{alert_checks[0].id}/"  # for agent
+        unauthorized_check_url = f"{base_url}/{alert_checks[1].id}/"  # for agent1
+        # alert agent url
+        agent_url = f"{base_url}/{alert_agents[0].id}/"  # for agent
+        unauthorized_agent_url = f"{base_url}/{alert_agents[1].id}/"  # for agent1
+        # custom alert url
+        custom_url = f"{base_url}/{alert_custom[0].id}/"  # no agent associated
+
+        authorized_urls = [task_url, check_url, agent_url, custom_url]
+        unauthorized_urls = [
+            unauthorized_agent_url,
+            unauthorized_check_url,
+            unauthorized_task_url,
+        ]
+
+        for method in ["get", "put", "delete"]:
+
+            # test superuser access
+            for url in authorized_urls:
+                self.check_authorized_superuser(method, url)
+
+            for url in unauthorized_urls:
+                self.check_authorized_superuser(method, url)
+
+            user = self.create_user_with_roles([])
+            self.client.force_authenticate(user=user)  # type: ignore
+
+            # test user without role
+            for url in authorized_urls:
+                self.check_not_authorized(method, url)
+
+            for url in unauthorized_urls:
+                self.check_not_authorized(method, url)
+
+            # add user to role and test
+            setattr(
+                user.role,
+                "can_list_alerts" if method == "get" else "can_manage_alerts",
+                True,
+            )
+            user.role.save()
+
+            # test user with role
+            for url in authorized_urls:
+                self.check_authorized(method, url)
+
+            for url in unauthorized_urls:
+                self.check_authorized(method, url)
+
+            # limit user to client if agent check
+            user.role.can_view_clients.set([agent.client])
+
+            for url in authorized_urls:
+                self.check_authorized(method, url)
+
+            for url in unauthorized_urls:
+                self.check_not_authorized(method, url)
+
+            # limit user to client if agent check
+            user.role.can_view_sites.set([agent1.site])
+
+            for url in authorized_urls:
+                self.check_authorized(method, url)
+
+            for url in unauthorized_urls:
+                self.check_authorized(method, url)

api/tacticalrmm/alerts/urls.py

@@ -3,10 +3,10 @@ from django.urls import path
 from . import views
 
 urlpatterns = [
-    path("alerts/", views.GetAddAlerts.as_view()),
+    path("", views.GetAddAlerts.as_view()),
+    path("<int:pk>/", views.GetUpdateDeleteAlert.as_view()),
     path("bulk/", views.BulkAlerts.as_view()),
-    path("alerts/<int:pk>/", views.GetUpdateDeleteAlert.as_view()),
-    path("alerttemplates/", views.GetAddAlertTemplates.as_view()),
-    path("alerttemplates/<int:pk>/", views.GetUpdateDeleteAlertTemplate.as_view()),
-    path("alerttemplates/<int:pk>/related/", views.RelatedAlertTemplate.as_view()),
+    path("templates/", views.GetAddAlertTemplates.as_view()),
+    path("templates/<int:pk>/", views.GetUpdateDeleteAlertTemplate.as_view()),
+    path("templates/<int:pk>/related/", views.RelatedAlertTemplate.as_view()),
 ]

api/tacticalrmm/alerts/views.py

@@ -3,20 +3,25 @@ from datetime import datetime as dt
 from django.db.models import Q
 from django.shortcuts import get_object_or_404
 from django.utils import timezone as djangotime
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
 from tacticalrmm.utils import notify_error
 
 from .models import Alert, AlertTemplate
+from .permissions import AlertPerms, AlertTemplatePerms
 from .serializers import (
     AlertSerializer,
     AlertTemplateRelationSerializer,
     AlertTemplateSerializer,
 )
+from .tasks import cache_agents_alert_template
 
 
 class GetAddAlerts(APIView):
+    permission_classes = [IsAuthenticated, AlertPerms]
+
     def patch(self, request):
 
         # top 10 alerts for dashboard icon
@@ -87,7 +92,8 @@ class GetAddAlerts(APIView):
                 )
 
             alerts = (
-                Alert.objects.filter(clientFilter)
+                Alert.objects.filter_by_role(request.user)
+                .filter(clientFilter)
                 .filter(severityFilter)
                 .filter(resolvedFilter)
                 .filter(snoozedFilter)
@@ -96,7 +102,7 @@ class GetAddAlerts(APIView):
             return Response(AlertSerializer(alerts, many=True).data)
 
         else:
-            alerts = Alert.objects.all()
+            alerts = Alert.objects.filter_by_role(request.user)
             return Response(AlertSerializer(alerts, many=True).data)
 
     def post(self, request):
@@ -108,9 +114,10 @@ class GetAddAlerts(APIView):
 
 
 class GetUpdateDeleteAlert(APIView):
+    permission_classes = [IsAuthenticated, AlertPerms]
+
     def get(self, request, pk):
         alert = get_object_or_404(Alert, pk=pk)
-
         return Response(AlertSerializer(alert).data)
 
     def put(self, request, pk):
@@ -162,6 +169,8 @@ class GetUpdateDeleteAlert(APIView):
 
 
 class BulkAlerts(APIView):
+    permission_classes = [IsAuthenticated, AlertPerms]
+
     def post(self, request):
         if request.data["bulk_action"] == "resolve":
             Alert.objects.filter(id__in=request.data["alerts"]).update(
@@ -184,9 +193,10 @@ class BulkAlerts(APIView):
 
 
 class GetAddAlertTemplates(APIView):
+    permission_classes = [IsAuthenticated, AlertTemplatePerms]
+
     def get(self, request):
         alert_templates = AlertTemplate.objects.all()
-
         return Response(AlertTemplateSerializer(alert_templates, many=True).data)
 
     def post(self, request):
@@ -194,10 +204,15 @@ class GetAddAlertTemplates(APIView):
         serializer.is_valid(raise_exception=True)
         serializer.save()
 
+        # cache alert_template value on agents
+        cache_agents_alert_template.delay()
+
         return Response("ok")
 
 
 class GetUpdateDeleteAlertTemplate(APIView):
+    permission_classes = [IsAuthenticated, AlertTemplatePerms]
+
     def get(self, request, pk):
         alert_template = get_object_or_404(AlertTemplate, pk=pk)
 
@@ -212,15 +227,23 @@ class GetUpdateDeleteAlertTemplate(APIView):
         serializer.is_valid(raise_exception=True)
         serializer.save()
 
+        # cache alert_template value on agents
+        cache_agents_alert_template.delay()
+
         return Response("ok")
 
     def delete(self, request, pk):
         get_object_or_404(AlertTemplate, pk=pk).delete()
 
+        # cache alert_template value on agents
+        cache_agents_alert_template.delay()
+
         return Response("ok")
 
 
 class RelatedAlertTemplate(APIView):
+    permission_classes = [IsAuthenticated, AlertTemplatePerms]
+
     def get(self, request, pk):
         alert_template = get_object_or_404(AlertTemplate, pk=pk)
         return Response(AlertTemplateRelationSerializer(alert_template).data)

api/tacticalrmm/apiv3/tests.py

@@ -1,11 +1,12 @@
 import json
 import os
-from itertools import cycle
 from unittest.mock import patch
 
 from django.conf import settings
+from django.utils import timezone as djangotime
 from model_bakery import baker
 
+from autotasks.models import AutomatedTask
 from tacticalrmm.test import TacticalTestCase
 
 
@@ -18,8 +19,44 @@ class TestAPIv3(TacticalTestCase):
     def test_get_checks(self):
         url = f"/api/v3/{self.agent.agent_id}/checkrunner/"
 
+        # add a check
+        check1 = baker.make_recipe("checks.ping_check", agent=self.agent)
         r = self.client.get(url)
         self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.data["check_interval"], self.agent.check_interval)  # type: ignore
+        self.assertEqual(len(r.data["checks"]), 1)  # type: ignore
+
+        # override check run interval
+        check2 = baker.make_recipe(
+            "checks.ping_check", agent=self.agent, run_interval=20
+        )
+
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.data["check_interval"], 20)  # type: ignore
+        self.assertEqual(len(r.data["checks"]), 2)  # type: ignore
+
+        # Set last_run on both checks and should return an empty list
+        check1.last_run = djangotime.now()
+        check1.save()
+        check2.last_run = djangotime.now()
+        check2.save()
+
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.data["check_interval"], 20)  # type: ignore
+        self.assertFalse(r.data["checks"])  # type: ignore
+
+        # set last_run greater than interval
+        check1.last_run = djangotime.now() - djangotime.timedelta(seconds=200)
+        check1.save()
+        check2.last_run = djangotime.now() - djangotime.timedelta(seconds=200)
+        check2.save()
+
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.data["check_interval"], 20)  # type: ignore
+        self.assertEquals(len(r.data["checks"]), 2)  # type: ignore
 
         url = "/api/v3/Maj34ACb324j234asdj2n34kASDjh34-DESKTOPTEST123/checkrunner/"
         r = self.client.get(url)
@@ -54,6 +91,45 @@ class TestAPIv3(TacticalTestCase):
             {"agent": self.agent.pk, "check_interval": self.agent.check_interval},
         )
 
+        # add check to agent with check interval set
+        check = baker.make_recipe(
+            "checks.ping_check", agent=self.agent, run_interval=30
+        )
+
+        r = self.client.get(url, format="json")
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(
+            r.json(),
+            {"agent": self.agent.pk, "check_interval": 30},
+        )
+
+        # minimum check run interval is 15 seconds
+        check = baker.make_recipe("checks.ping_check", agent=self.agent, run_interval=5)
+
+        r = self.client.get(url, format="json")
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(
+            r.json(),
+            {"agent": self.agent.pk, "check_interval": 15},
+        )
+
+    def test_run_checks(self):
+        # force run all checks regardless of interval
+        agent = baker.make_recipe("agents.online_agent")
+        baker.make_recipe("checks.ping_check", agent=agent)
+        baker.make_recipe("checks.diskspace_check", agent=agent)
+        baker.make_recipe("checks.cpuload_check", agent=agent)
+        baker.make_recipe("checks.memory_check", agent=agent)
+        baker.make_recipe("checks.eventlog_check", agent=agent)
+        for _ in range(10):
+            baker.make_recipe("checks.script_check", agent=agent)
+
+        url = f"/api/v3/{agent.agent_id}/runchecks/"
+        r = self.client.get(url)
+        self.assertEqual(r.json()["agent"], agent.pk)
+        self.assertIsInstance(r.json()["check_interval"], int)
+        self.assertEqual(len(r.json()["checks"]), 15)
+
     def test_checkin_patch(self):
         from logs.models import PendingAction
 
@@ -89,3 +165,178 @@ class TestAPIv3(TacticalTestCase):
         action = agent_updated.pendingactions.filter(action_type="agentupdate").first()
         self.assertEqual(action.status, "completed")
         action.delete()
+
+    @patch("apiv3.views.reload_nats")
+    def test_agent_recovery(self, reload_nats):
+        reload_nats.return_value = "ok"
+        r = self.client.get("/api/v3/34jahsdkjasncASDjhg2b3j4r/recover/")
+        self.assertEqual(r.status_code, 404)
+
+        agent = baker.make_recipe("agents.online_agent")
+        url = f"/api/v3/{agent.agent_id}/recovery/"
+
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.json(), {"mode": "pass", "shellcmd": ""})
+        reload_nats.assert_not_called()
+
+        baker.make("agents.RecoveryAction", agent=agent, mode="mesh")
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.json(), {"mode": "mesh", "shellcmd": ""})
+        reload_nats.assert_not_called()
+
+        baker.make(
+            "agents.RecoveryAction",
+            agent=agent,
+            mode="command",
+            command="shutdown /r /t 5 /f",
+        )
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(
+            r.json(), {"mode": "command", "shellcmd": "shutdown /r /t 5 /f"}
+        )
+        reload_nats.assert_not_called()
+
+        baker.make("agents.RecoveryAction", agent=agent, mode="rpc")
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.json(), {"mode": "rpc", "shellcmd": ""})
+        reload_nats.assert_called_once()
+
+    def test_task_runner_get(self):
+        from autotasks.serializers import TaskGOGetSerializer
+
+        r = self.client.get("/api/v3/500/asdf9df9dfdf/taskrunner/")
+        self.assertEqual(r.status_code, 404)
+
+        # setup data
+        agent = baker.make_recipe("agents.agent")
+        script = baker.make_recipe("scripts.script")
+        task = baker.make("autotasks.AutomatedTask", agent=agent, script=script)
+
+        url = f"/api/v3/{task.pk}/{agent.agent_id}/taskrunner/"  # type: ignore
+
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(TaskGOGetSerializer(task).data, r.data)  # type: ignore
+
+    def test_task_runner_results(self):
+        from agents.models import AgentCustomField
+
+        r = self.client.patch("/api/v3/500/asdf9df9dfdf/taskrunner/")
+        self.assertEqual(r.status_code, 404)
+
+        # setup data
+        agent = baker.make_recipe("agents.agent")
+        task = baker.make("autotasks.AutomatedTask", agent=agent)
+
+        url = f"/api/v3/{task.pk}/{agent.agent_id}/taskrunner/"  # type: ignore
+
+        # test passing task
+        data = {
+            "stdout": "test test \ntestest stdgsd\n",
+            "stderr": "",
+            "retcode": 0,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertTrue(AutomatedTask.objects.get(pk=task.pk).status == "passing")  # type: ignore
+
+        # test failing task
+        data = {
+            "stdout": "test test \ntestest stdgsd\n",
+            "stderr": "",
+            "retcode": 1,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertTrue(AutomatedTask.objects.get(pk=task.pk).status == "failing")  # type: ignore
+
+        # test collector task
+        text = baker.make("core.CustomField", model="agent", type="text", name="Test")
+        boolean = baker.make(
+            "core.CustomField", model="agent", type="checkbox", name="Test1"
+        )
+        multiple = baker.make(
+            "core.CustomField", model="agent", type="multiple", name="Test2"
+        )
+
+        # test text fields
+        task.custom_field = text  # type: ignore
+        task.save()  # type: ignore
+
+        # test failing failing with stderr
+        data = {
+            "stdout": "test test \nthe last line",
+            "stderr": "This is an error",
+            "retcode": 1,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertTrue(AutomatedTask.objects.get(pk=task.pk).status == "failing")  # type: ignore
+
+        # test saving to text field
+        data = {
+            "stdout": "test test \nthe last line",
+            "stderr": "",
+            "retcode": 0,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertEqual(AgentCustomField.objects.get(field=text, agent=task.agent).value, "the last line")  # type: ignore
+
+        # test saving to checkbox field
+        task.custom_field = boolean  # type: ignore
+        task.save()  # type: ignore
+
+        data = {
+            "stdout": "1",
+            "stderr": "",
+            "retcode": 0,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertTrue(AgentCustomField.objects.get(field=boolean, agent=task.agent).value)  # type: ignore
+
+        # test saving to multiple field with commas
+        task.custom_field = multiple  # type: ignore
+        task.save()  # type: ignore
+
+        data = {
+            "stdout": "this,is,an,array",
+            "stderr": "",
+            "retcode": 0,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertEqual(AgentCustomField.objects.get(field=multiple, agent=task.agent).value, ["this", "is", "an", "array"])  # type: ignore
+
+        # test mutiple with a single value
+        data = {
+            "stdout": "this",
+            "stderr": "",
+            "retcode": 0,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertEqual(AgentCustomField.objects.get(field=multiple, agent=task.agent).value, ["this"])  # type: ignore

api/tacticalrmm/apiv3/urls.py

@@ -5,6 +5,7 @@ from . import views
 urlpatterns = [
     path("checkrunner/", views.CheckRunner.as_view()),
     path("<str:agentid>/checkrunner/", views.CheckRunner.as_view()),
+    path("<str:agentid>/runchecks/", views.RunChecks.as_view()),
     path("<str:agentid>/checkinterval/", views.CheckRunnerInterval.as_view()),
     path("<int:pk>/<str:agentid>/taskrunner/", views.TaskRunner.as_view()),
     path("meshexe/", views.MeshExe.as_view()),
@@ -18,4 +19,6 @@ urlpatterns = [
     path("winupdates/", views.WinUpdates.as_view()),
     path("superseded/", views.SupersededWinUpdate.as_view()),
     path("<int:pk>/chocoresult/", views.ChocoResult.as_view()),
+    path("<str:agentid>/recovery/", views.AgentRecovery.as_view()),
+    path("<int:pk>/<str:agentid>/histresult/", views.AgentHistoryResult.as_view()),
 ]

api/tacticalrmm/apiv3/views.py

@@ -6,7 +6,6 @@ from django.conf import settings
 from django.http import HttpResponse
 from django.shortcuts import get_object_or_404
 from django.utils import timezone as djangotime
-from loguru import logger
 from packaging import version as pyver
 from rest_framework.authentication import TokenAuthentication
 from rest_framework.authtoken.models import Token
@@ -15,20 +14,18 @@ from rest_framework.response import Response
 from rest_framework.views import APIView
 
 from accounts.models import User
-from agents.models import Agent
-from agents.serializers import WinAgentSerializer
+from agents.models import Agent, AgentHistory
+from agents.serializers import WinAgentSerializer, AgentHistorySerializer
 from autotasks.models import AutomatedTask
 from autotasks.serializers import TaskGOGetSerializer, TaskRunnerPatchSerializer
 from checks.models import Check
 from checks.serializers import CheckRunnerGetSerializer
 from checks.utils import bytes2human
-from logs.models import PendingAction
+from logs.models import PendingAction, DebugLog
 from software.models import InstalledSoftware
 from tacticalrmm.utils import SoftwareList, filter_software, notify_error, reload_nats
 from winupdate.models import WinUpdate, WinUpdatePolicy
 
-logger.configure(**settings.LOG_CONFIG)
-
 
 class CheckIn(APIView):
 
@@ -36,6 +33,10 @@ class CheckIn(APIView):
     permission_classes = [IsAuthenticated]
 
     def patch(self, request):
+        """
+        !!! DEPRECATED AS OF AGENT 1.6.0 !!!
+        Endpoint be removed in a future release
+        """
         from alerts.models import Alert
 
         updated = False
@@ -65,16 +66,17 @@ class CheckIn(APIView):
         if Alert.objects.filter(agent=agent, resolved=False).exists():
             Alert.handle_alert_resolve(agent)
 
-        recovery = agent.recoveryactions.filter(last_run=None).last()  # type: ignore
-        if recovery is not None:
-            recovery.last_run = djangotime.now()
-            recovery.save(update_fields=["last_run"])
-            handle_agent_recovery_task.delay(pk=recovery.pk)  # type: ignore
-            return Response("ok")
+        # sync scheduled tasks
+        if agent.autotasks.exclude(sync_status="synced").exists():  # type: ignore
+            tasks = agent.autotasks.exclude(sync_status="synced")  # type: ignore
 
-        # get any pending actions
-        if agent.pendingactions.filter(status="pending").exists():  # type: ignore
-            agent.handle_pending_actions()
+            for task in tasks:
+                if task.sync_status == "pendingdeletion":
+                    task.delete_task_on_agent()
+                elif task.sync_status == "initial":
+                    task.modify_task_on_agent()
+                elif task.sync_status == "notsynced":
+                    task.create_task_on_agent()
 
         return Response("ok")
 
@@ -181,7 +183,11 @@ class WinUpdates(APIView):
 
         if reboot:
             asyncio.run(agent.nats_cmd({"func": "rebootnow"}, wait=False))
-            logger.info(f"{agent.hostname} is rebooting after updates were installed.")
+            DebugLog.info(
+                agent=agent,
+                log_type="windows_updates",
+                message=f"{agent.hostname} is rebooting after updates were installed.",
+            )
 
         agent.delete_superseded_updates()
         return Response("ok")
@@ -267,14 +273,13 @@ class SupersededWinUpdate(APIView):
         return Response("ok")
 
 
-class CheckRunner(APIView):
+class RunChecks(APIView):
     authentication_classes = [TokenAuthentication]
     permission_classes = [IsAuthenticated]
 
     def get(self, request, agentid):
         agent = get_object_or_404(Agent, agent_id=agentid)
         checks = Check.objects.filter(agent__pk=agent.pk, overriden_by_policy=False)
-
         ret = {
             "agent": agent.pk,
             "check_interval": agent.check_interval,
@@ -282,13 +287,55 @@ class CheckRunner(APIView):
         }
         return Response(ret)
 
+
+class CheckRunner(APIView):
+    authentication_classes = [TokenAuthentication]
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request, agentid):
+        agent = get_object_or_404(Agent, agent_id=agentid)
+        checks = agent.agentchecks.filter(overriden_by_policy=False)  # type: ignore
+
+        run_list = [
+            check
+            for check in checks
+            # always run if check hasn't run yet
+            if not check.last_run
+            # if a check interval is set, see if the correct amount of seconds have passed
+            or (
+                check.run_interval
+                and (
+                    check.last_run
+                    < djangotime.now()
+                    - djangotime.timedelta(seconds=check.run_interval)
+                )
+            )
+            # if check interval isn't set, make sure the agent's check interval has passed before running
+            or (
+                not check.run_interval
+                and check.last_run
+                < djangotime.now() - djangotime.timedelta(seconds=agent.check_interval)
+            )
+        ]
+        ret = {
+            "agent": agent.pk,
+            "check_interval": agent.check_run_interval(),
+            "checks": CheckRunnerGetSerializer(run_list, many=True).data,
+        }
+        return Response(ret)
+
     def patch(self, request):
         check = get_object_or_404(Check, pk=request.data["id"])
+        if pyver.parse(check.agent.version) < pyver.parse("1.5.7"):
+            return notify_error("unsupported")
+
         check.last_run = djangotime.now()
         check.save(update_fields=["last_run"])
-        status = check.handle_checkv2(request.data)
+        status = check.handle_check(request.data)
+        if status == "failing" and check.assignedtask.exists():  # type: ignore
+            check.handle_assigned_task()
 
-        return Response(status)
+        return Response("ok")
 
 
 class CheckRunnerInterval(APIView):
@@ -297,7 +344,10 @@ class CheckRunnerInterval(APIView):
 
     def get(self, request, agentid):
         agent = get_object_or_404(Agent, agent_id=agentid)
-        return Response({"agent": agent.pk, "check_interval": agent.check_interval})
+
+        return Response(
+            {"agent": agent.pk, "check_interval": agent.check_run_interval()}
+        )
 
 
 class TaskRunner(APIView):
@@ -305,13 +355,12 @@ class TaskRunner(APIView):
     permission_classes = [IsAuthenticated]
 
     def get(self, request, pk, agentid):
-        agent = get_object_or_404(Agent, agent_id=agentid)
+        _ = get_object_or_404(Agent, agent_id=agentid)
         task = get_object_or_404(AutomatedTask, pk=pk)
         return Response(TaskGOGetSerializer(task).data)
 
     def patch(self, request, pk, agentid):
         from alerts.models import Alert
-        from logs.models import AuditLog
 
         agent = get_object_or_404(Agent, agent_id=agentid)
         task = get_object_or_404(AutomatedTask, pk=pk)
@@ -320,11 +369,20 @@ class TaskRunner(APIView):
             instance=task, data=request.data, partial=True
         )
         serializer.is_valid(raise_exception=True)
-        serializer.save(last_run=djangotime.now())
+        new_task = serializer.save(last_run=djangotime.now())
 
-        status = "failing" if task.retcode != 0 else "passing"
+        # check if task is a collector and update the custom field
+        if task.custom_field:
+            if not task.stderr:
+
+                task.save_collector_results()
+
+                status = "passing"
+            else:
+                status = "failing"
+        else:
+            status = "failing" if task.retcode != 0 else "passing"
 
-        new_task: AutomatedTask = AutomatedTask.objects.get(pk=task.pk)
         new_task.status = status
         new_task.save()
 
@@ -334,15 +392,6 @@ class TaskRunner(APIView):
         else:
             Alert.handle_alert_failure(new_task)
 
-        AuditLog.objects.create(
-            username=agent.hostname,
-            agent=agent.hostname,
-            object_type="agent",
-            action="task_run",
-            message=f"Scheduled Task {task.name} was run on {agent.hostname}",
-            after_value=AutomatedTask.serialize(new_task),
-        )
-
         return Response("ok")
 
 
@@ -362,7 +411,7 @@ class SysInfo(APIView):
 
 
 class MeshExe(APIView):
-    """ Sends the mesh exe to the installer """
+    """Sends the mesh exe to the installer"""
 
     def post(self, request):
         exe = "meshagent.exe" if request.data["arch"] == "64" else "meshagent-x86.exe"
@@ -433,6 +482,7 @@ class NewAgent(APIView):
             action="agent_install",
             message=f"{request.user} installed new agent {agent.hostname}",
             after_value=Agent.serialize(agent),
+            debug_info={"ip": request._client_ip},
         )
 
         return Response(
@@ -513,3 +563,40 @@ class ChocoResult(APIView):
         action.status = "completed"
         action.save(update_fields=["details", "status"])
         return Response("ok")
+
+
+class AgentRecovery(APIView):
+    authentication_classes = [TokenAuthentication]
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request, agentid):
+        agent = get_object_or_404(Agent, agent_id=agentid)
+        recovery = agent.recoveryactions.filter(last_run=None).last()  # type: ignore
+        ret = {"mode": "pass", "shellcmd": ""}
+        if recovery is None:
+            return Response(ret)
+
+        recovery.last_run = djangotime.now()
+        recovery.save(update_fields=["last_run"])
+
+        ret["mode"] = recovery.mode
+
+        if recovery.mode == "command":
+            ret["shellcmd"] = recovery.command
+        elif recovery.mode == "rpc":
+            reload_nats()
+
+        return Response(ret)
+
+
+class AgentHistoryResult(APIView):
+    authentication_classes = [TokenAuthentication]
+    permission_classes = [IsAuthenticated]
+
+    def patch(self, request, agentid, pk):
+        _ = get_object_or_404(Agent, agent_id=agentid)
+        hist = get_object_or_404(AgentHistory, pk=pk)
+        s = AgentHistorySerializer(instance=hist, data=request.data, partial=True)
+        s.is_valid(raise_exception=True)
+        s.save()
+        return Response("ok")

api/tacticalrmm/automation/migrations/0009_auto_20210917_1954.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.6 on 2021-09-17 19:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("automation", "0008_auto_20210302_0415"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="policy",
+            name="created_by",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name="policy",
+            name="modified_by",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]

api/tacticalrmm/automation/models.py

@@ -28,27 +28,34 @@ class Policy(BaseAuditModel):
     )
 
     def save(self, *args, **kwargs):
-        from automation.tasks import generate_agent_checks_from_policies_task
+        from alerts.tasks import cache_agents_alert_template
+        from automation.tasks import generate_agent_checks_task
 
         # get old policy if exists
         old_policy = type(self).objects.get(pk=self.pk) if self.pk else None
-        super(BaseAuditModel, self).save(*args, **kwargs)
+        super(Policy, self).save(old_model=old_policy, *args, **kwargs)
 
         # generate agent checks only if active and enforced were changed
         if old_policy:
             if old_policy.active != self.active or old_policy.enforced != self.enforced:
-                generate_agent_checks_from_policies_task.delay(
-                    policypk=self.pk,
+                generate_agent_checks_task.delay(
+                    policy=self.pk,
                     create_tasks=True,
                 )
 
+            if old_policy.alert_template != self.alert_template:
+                cache_agents_alert_template.delay()
+
     def delete(self, *args, **kwargs):
         from automation.tasks import generate_agent_checks_task
 
         agents = list(self.related_agents().only("pk").values_list("pk", flat=True))
-        super(BaseAuditModel, self).delete(*args, **kwargs)
+        super(Policy, self).delete(*args, **kwargs)
 
-        generate_agent_checks_task.delay(agents, create_tasks=True)
+        generate_agent_checks_task.delay(agents=agents, create_tasks=True)
+
+    def __str__(self):
+        return self.name
 
     @property
     def is_default_server_policy(self):
@@ -58,9 +65,6 @@ class Policy(BaseAuditModel):
     def is_default_workstation_policy(self):
         return self.default_workstation_policy.exists()  # type: ignore
 
-    def __str__(self):
-        return self.name
-
     def is_agent_excluded(self, agent):
         return (
             agent in self.excluded_agents.all()
@@ -90,20 +94,29 @@ class Policy(BaseAuditModel):
 
         filtered_agents_pks = Policy.objects.none()
 
-        filtered_agents_pks |= Agent.objects.filter(
-            site__in=[
-                site
-                for site in explicit_sites
-                if site.client not in explicit_clients
-                and site.client not in self.excluded_clients.all()
-            ],
-            monitoring_type=mon_type,
-        ).values_list("pk", flat=True)
+        filtered_agents_pks |= (
+            Agent.objects.exclude(block_policy_inheritance=True)
+            .filter(
+                site__in=[
+                    site
+                    for site in explicit_sites
+                    if site.client not in explicit_clients
+                    and site.client not in self.excluded_clients.all()
+                ],
+                monitoring_type=mon_type,
+            )
+            .values_list("pk", flat=True)
+        )
 
-        filtered_agents_pks |= Agent.objects.filter(
-            site__client__in=[client for client in explicit_clients],
-            monitoring_type=mon_type,
-        ).values_list("pk", flat=True)
+        filtered_agents_pks |= (
+            Agent.objects.exclude(block_policy_inheritance=True)
+            .exclude(site__block_policy_inheritance=True)
+            .filter(
+                site__client__in=[client for client in explicit_clients],
+                monitoring_type=mon_type,
+            )
+            .values_list("pk", flat=True)
+        )
 
         return Agent.objects.filter(
             models.Q(pk__in=filtered_agents_pks)
@@ -113,15 +126,12 @@ class Policy(BaseAuditModel):
     @staticmethod
     def serialize(policy):
         # serializes the policy and returns json
-        from .serializers import PolicySerializer
+        from .serializers import PolicyAuditSerializer
 
-        return PolicySerializer(policy).data
+        return PolicyAuditSerializer(policy).data
 
     @staticmethod
     def cascade_policy_tasks(agent):
-        from autotasks.models import AutomatedTask
-        from autotasks.tasks import delete_win_task_schedule
-        from logs.models import PendingAction
 
         # List of all tasks to be applied
         tasks = list()
@@ -150,6 +160,17 @@ class Policy(BaseAuditModel):
             client_policy = client.workstation_policy
             site_policy = site.workstation_policy
 
+        # check if client/site/agent is blocking inheritance and blank out policies
+        if agent.block_policy_inheritance:
+            site_policy = None
+            client_policy = None
+            default_policy = None
+        elif site.block_policy_inheritance:
+            client_policy = None
+            default_policy = None
+        elif client.block_policy_inheritance:
+            default_policy = None
+
         if (
             agent_policy
             and agent_policy.active
@@ -196,26 +217,16 @@ class Policy(BaseAuditModel):
                 if taskpk not in added_task_pks
             ]
         ):
-            delete_win_task_schedule.delay(task.pk)
+            if task.sync_status == "initial":
+                task.delete()
+            else:
+                task.sync_status = "pendingdeletion"
+                task.save()
 
-        # handle matching tasks that haven't synced to agent yet or pending deletion due to agent being offline
-        for action in agent.pendingactions.filter(action_type="taskaction").exclude(
-            status="completed"
-        ):
-            task = AutomatedTask.objects.get(pk=action.details["task_id"])
-            if (
-                task.parent_task in agent_tasks_parent_pks
-                and task.parent_task in added_task_pks
-            ):
-                agent.remove_matching_pending_task_actions(task.id)
-
-                PendingAction(
-                    agent=agent,
-                    action_type="taskaction",
-                    details={"action": "taskcreate", "task_id": task.id},
-                ).save()
-                task.sync_status = "notsynced"
-                task.save(update_fields=["sync_status"])
+        # change tasks from pendingdeletion to notsynced if policy was added or changed
+        agent.autotasks.filter(sync_status="pendingdeletion").filter(
+            parent_task__in=[taskpk for taskpk in added_task_pks]
+        ).update(sync_status="notsynced")
 
         return [task for task in tasks if task.pk not in agent_tasks_parent_pks]
 
@@ -247,6 +258,17 @@ class Policy(BaseAuditModel):
             client_policy = client.workstation_policy
             site_policy = site.workstation_policy
 
+        # check if client/site/agent is blocking inheritance and blank out policies
+        if agent.block_policy_inheritance:
+            site_policy = None
+            client_policy = None
+            default_policy = None
+        elif site.block_policy_inheritance:
+            client_policy = None
+            default_policy = None
+        elif client.block_policy_inheritance:
+            default_policy = None
+
         # Used to hold the policies that will be applied and the order in which they are applied
         # Enforced policies are applied first
         enforced_checks = list()
@@ -408,11 +430,12 @@ class Policy(BaseAuditModel):
 
         # remove policy checks from agent that fell out of policy scope
         agent.agentchecks.filter(
+            managed_by_policy=True,
             parent_check__in=[
                 checkpk
                 for checkpk in agent_checks_parent_pks
                 if checkpk not in [check.pk for check in final_list]
-            ]
+            ],
         ).delete()
 
         return [

api/tacticalrmm/automation/permissions.py

@@ -0,0 +1,11 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class AutomationPolicyPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return _has_perm(r, "can_list_automation_policies")
+        else:
+            return _has_perm(r, "can_manage_automation_policies")

api/tacticalrmm/automation/serializers.py

@@ -8,7 +8,7 @@ from agents.serializers import AgentHostnameSerializer
 from autotasks.models import AutomatedTask
 from checks.models import Check
 from clients.models import Client
-from clients.serializers import ClientSerializer, SiteSerializer
+from clients.serializers import ClientMinimumSerializer, SiteMinimumSerializer
 from winupdate.serializers import WinUpdatePolicySerializer
 
 from .models import Policy
@@ -21,25 +21,70 @@ class PolicySerializer(ModelSerializer):
 
 
 class PolicyTableSerializer(ModelSerializer):
-
     default_server_policy = ReadOnlyField(source="is_default_server_policy")
     default_workstation_policy = ReadOnlyField(source="is_default_workstation_policy")
     agents_count = SerializerMethodField(read_only=True)
     winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
     alert_template = ReadOnlyField(source="alert_template.id")
-    excluded_clients = ClientSerializer(many=True)
-    excluded_sites = SiteSerializer(many=True)
-    excluded_agents = AgentHostnameSerializer(many=True)
 
     class Meta:
         model = Policy
         fields = "__all__"
-        depth = 1
 
     def get_agents_count(self, policy):
         return policy.related_agents().count()
 
 
+class PolicyRelatedSerializer(ModelSerializer):
+    workstation_clients = SerializerMethodField()
+    server_clients = SerializerMethodField()
+    workstation_sites = SerializerMethodField()
+    server_sites = SerializerMethodField()
+    agents = SerializerMethodField()
+
+    def get_agents(self, policy):
+        return AgentHostnameSerializer(
+            policy.agents.filter_by_role(self.context["user"]).only(
+                "agent_id", "hostname"
+            ),
+            many=True,
+        ).data
+
+    def get_workstation_clients(self, policy):
+        return ClientMinimumSerializer(
+            policy.workstation_clients.filter_by_role(self.context["user"]), many=True
+        ).data
+
+    def get_server_clients(self, policy):
+        return ClientMinimumSerializer(
+            policy.server_clients.filter_by_role(self.context["user"]), many=True
+        ).data
+
+    def get_workstation_sites(self, policy):
+        return SiteMinimumSerializer(
+            policy.workstation_sites.filter_by_role(self.context["user"]), many=True
+        ).data
+
+    def get_server_sites(self, policy):
+        return SiteMinimumSerializer(
+            policy.server_sites.filter_by_role(self.context["user"]), many=True
+        ).data
+
+    class Meta:
+        model = Policy
+        fields = (
+            "pk",
+            "name",
+            "workstation_clients",
+            "workstation_sites",
+            "server_clients",
+            "server_sites",
+            "agents",
+            "is_default_server_policy",
+            "is_default_workstation_policy",
+        )
+
+
 class PolicyOverviewSerializer(ModelSerializer):
     class Meta:
         model = Client
@@ -48,7 +93,6 @@ class PolicyOverviewSerializer(ModelSerializer):
 
 
 class PolicyCheckStatusSerializer(ModelSerializer):
-
     hostname = ReadOnlyField(source="agent.hostname")
 
     class Meta:
@@ -57,7 +101,6 @@ class PolicyCheckStatusSerializer(ModelSerializer):
 
 
 class PolicyTaskStatusSerializer(ModelSerializer):
-
     hostname = ReadOnlyField(source="agent.hostname")
 
     class Meta:
@@ -65,26 +108,7 @@ class PolicyTaskStatusSerializer(ModelSerializer):
         fields = "__all__"
 
 
-class PolicyCheckSerializer(ModelSerializer):
+class PolicyAuditSerializer(ModelSerializer):
     class Meta:
-        model = Check
-        fields = (
-            "id",
-            "check_type",
-            "readable_desc",
-            "assignedtask",
-            "text_alert",
-            "email_alert",
-            "dashboard_alert",
-        )
-        depth = 1
-
-
-class AutoTasksFieldSerializer(ModelSerializer):
-    assigned_check = PolicyCheckSerializer(read_only=True)
-    script = ReadOnlyField(source="script.id")
-
-    class Meta:
-        model = AutomatedTask
+        model = Policy
         fields = "__all__"
-        depth = 1

api/tacticalrmm/automation/tasks.py

@@ -1,167 +1,153 @@
-from agents.models import Agent
-from automation.models import Policy
-from autotasks.models import AutomatedTask
-from checks.models import Check
+from typing import Any, Dict, List, Union
+
 from tacticalrmm.celery import app
 
 
-@app.task
-# generates policy checks on agents affected by a policy and optionally generate automated tasks
-def generate_agent_checks_from_policies_task(policypk, create_tasks=False):
+@app.task(retry_backoff=5, retry_jitter=True, retry_kwargs={"max_retries": 5})
+def generate_agent_checks_task(
+    policy: int = None,
+    site: int = None,
+    client: int = None,
+    agents: List[int] = list(),
+    all: bool = False,
+    create_tasks: bool = False,
+) -> Union[str, None]:
+    from agents.models import Agent
+    from automation.models import Policy
 
-    policy = Policy.objects.get(pk=policypk)
+    p = Policy.objects.get(pk=policy) if policy else None
 
-    if policy.is_default_server_policy and policy.is_default_workstation_policy:
-        agents = Agent.objects.prefetch_related("policy").only("pk", "monitoring_type")
-    elif policy.is_default_server_policy:
-        agents = Agent.objects.filter(monitoring_type="server").only(
-            "pk", "monitoring_type"
-        )
-    elif policy.is_default_workstation_policy:
-        agents = Agent.objects.filter(monitoring_type="workstation").only(
+    # generate checks on all agents if all is specified or if policy is default server/workstation policy
+    if (p and p.is_default_server_policy and p.is_default_workstation_policy) or all:
+        a = Agent.objects.prefetch_related("policy").only("pk", "monitoring_type")
+
+    # generate checks on all servers if policy is a default servers policy
+    elif p and p.is_default_server_policy:
+        a = Agent.objects.filter(monitoring_type="server").only("pk", "monitoring_type")
+
+    # generate checks on all workstations if policy is a default workstations policy
+    elif p and p.is_default_workstation_policy:
+        a = Agent.objects.filter(monitoring_type="workstation").only(
             "pk", "monitoring_type"
         )
+
+    # generate checks on a list of supplied agents
+    elif agents:
+        a = Agent.objects.filter(pk__in=agents)
+
+    # generate checks on agents affected by supplied policy
+    elif policy:
+        a = p.related_agents().only("pk")
+
+    # generate checks that has specified site
+    elif site:
+        a = Agent.objects.filter(site_id=site)
+
+    # generate checks that has specified client
+    elif client:
+        a = Agent.objects.filter(site__client_id=client)
     else:
-        agents = policy.related_agents().only("pk")
+        a = []
 
-    for agent in agents:
+    for agent in a:
         agent.generate_checks_from_policies()
         if create_tasks:
             agent.generate_tasks_from_policies()
 
-
-@app.task
-# generates policy checks on a list of agents and optionally generate automated tasks
-def generate_agent_checks_task(agentpks, create_tasks=False):
-    for agent in Agent.objects.filter(pk__in=agentpks):
-        agent.generate_checks_from_policies()
-
-        if create_tasks:
-            agent.generate_tasks_from_policies()
+    return "ok"
 
 
-@app.task
-# generates policy checks on agent servers or workstations within a certain client or site and optionally generate automated tasks
-def generate_agent_checks_by_location_task(location, mon_type, create_tasks=False):
-
-    for agent in Agent.objects.filter(**location).filter(monitoring_type=mon_type):
-        agent.generate_checks_from_policies()
-
-        if create_tasks:
-            agent.generate_tasks_from_policies()
-
-
-@app.task
-# generates policy checks on all agent servers or workstations and optionally generate automated tasks
-def generate_all_agent_checks_task(mon_type, create_tasks=False):
-    for agent in Agent.objects.filter(monitoring_type=mon_type):
-        agent.generate_checks_from_policies()
-
-        if create_tasks:
-            agent.generate_tasks_from_policies()
-
-
-@app.task
-# deletes a policy managed check from all agents
-def delete_policy_check_task(checkpk):
-
-    Check.objects.filter(parent_check=checkpk).delete()
-
-
-@app.task
+@app.task(
+    acks_late=True, retry_backoff=5, retry_jitter=True, retry_kwargs={"max_retries": 5}
+)
 # updates policy managed check fields on agents
-def update_policy_check_fields_task(checkpk):
+def update_policy_check_fields_task(check: int) -> str:
+    from checks.models import Check
 
-    check = Check.objects.get(pk=checkpk)
+    c: Check = Check.objects.get(pk=check)
+    update_fields: Dict[Any, Any] = {}
 
-    Check.objects.filter(parent_check=checkpk).update(
-        warning_threshold=check.warning_threshold,
-        error_threshold=check.error_threshold,
-        alert_severity=check.alert_severity,
-        name=check.name,
-        disk=check.disk,
-        fails_b4_alert=check.fails_b4_alert,
-        ip=check.ip,
-        script=check.script,
-        script_args=check.script_args,
-        info_return_codes=check.info_return_codes,
-        warning_return_codes=check.warning_return_codes,
-        timeout=check.timeout,
-        pass_if_start_pending=check.pass_if_start_pending,
-        pass_if_svc_not_exist=check.pass_if_svc_not_exist,
-        restart_if_stopped=check.restart_if_stopped,
-        log_name=check.log_name,
-        event_id=check.event_id,
-        event_id_is_wildcard=check.event_id_is_wildcard,
-        event_type=check.event_type,
-        event_source=check.event_source,
-        event_message=check.event_message,
-        fail_when=check.fail_when,
-        search_last_days=check.search_last_days,
-        email_alert=check.email_alert,
-        text_alert=check.text_alert,
-        dashboard_alert=check.dashboard_alert,
-    )
+    for field in c.policy_fields_to_copy:
+        update_fields[field] = getattr(c, field)
+
+    Check.objects.filter(parent_check=check).update(**update_fields)
+
+    return "ok"
 
 
-@app.task
+@app.task(retry_backoff=5, retry_jitter=True, retry_kwargs={"max_retries": 5})
 # generates policy tasks on agents affected by a policy
-def generate_agent_tasks_from_policies_task(policypk):
+def generate_agent_autotasks_task(policy: int = None) -> str:
+    from agents.models import Agent
+    from automation.models import Policy
 
-    policy = Policy.objects.get(pk=policypk)
+    p: Policy = Policy.objects.get(pk=policy)
 
-    if policy.is_default_server_policy and policy.is_default_workstation_policy:
+    if p and p.is_default_server_policy and p.is_default_workstation_policy:
         agents = Agent.objects.prefetch_related("policy").only("pk", "monitoring_type")
-    elif policy.is_default_server_policy:
+    elif p and p.is_default_server_policy:
         agents = Agent.objects.filter(monitoring_type="server").only(
             "pk", "monitoring_type"
         )
-    elif policy.is_default_workstation_policy:
+    elif p and p.is_default_workstation_policy:
         agents = Agent.objects.filter(monitoring_type="workstation").only(
             "pk", "monitoring_type"
         )
     else:
-        agents = policy.related_agents().only("pk")
+        agents = p.related_agents().only("pk")
 
     for agent in agents:
         agent.generate_tasks_from_policies()
 
+    return "ok"
 
-@app.task
-def delete_policy_autotask_task(taskpk):
+
+@app.task(
+    acks_late=True,
+    retry_backoff=5,
+    retry_jitter=True,
+    retry_kwargs={"max_retries": 5},
+)
+def delete_policy_autotasks_task(task: int) -> str:
     from autotasks.models import AutomatedTask
-    from autotasks.tasks import delete_win_task_schedule
 
-    for task in AutomatedTask.objects.filter(parent_task=taskpk):
-        delete_win_task_schedule.delay(task.pk)
+    for t in AutomatedTask.objects.filter(parent_task=task):
+        t.delete_task_on_agent()
+
+    return "ok"
 
 
 @app.task
-def run_win_policy_autotask_task(task_pks):
-    from autotasks.tasks import run_win_task
+def run_win_policy_autotasks_task(task: int) -> str:
+    from autotasks.models import AutomatedTask
 
-    for task in task_pks:
-        run_win_task.delay(task)
+    for t in AutomatedTask.objects.filter(parent_task=task):
+        t.run_win_task()
+
+    return "ok"
 
 
-@app.task
-def update_policy_task_fields_task(taskpk, update_agent=False):
-    from autotasks.tasks import enable_or_disable_win_task
+@app.task(
+    acks_late=True,
+    retry_backoff=5,
+    retry_jitter=True,
+    retry_kwargs={"max_retries": 5},
+)
+def update_policy_autotasks_fields_task(task: int, update_agent: bool = False) -> str:
+    from autotasks.models import AutomatedTask
 
-    task = AutomatedTask.objects.get(pk=taskpk)
+    t = AutomatedTask.objects.get(pk=task)
+    update_fields: Dict[str, Any] = {}
 
-    AutomatedTask.objects.filter(parent_task=taskpk).update(
-        alert_severity=task.alert_severity,
-        email_alert=task.email_alert,
-        text_alert=task.text_alert,
-        dashboard_alert=task.dashboard_alert,
-        script=task.script,
-        script_args=task.script_args,
-        name=task.name,
-        timeout=task.timeout,
-        enabled=task.enabled,
-    )
+    for field in t.policy_fields_to_copy:
+        update_fields[field] = getattr(t, field)
+
+    AutomatedTask.objects.filter(parent_task=task).update(**update_fields)
 
     if update_agent:
-        for task in AutomatedTask.objects.filter(parent_task=taskpk):
-            enable_or_disable_win_task.delay(task.pk, task.enabled)
+        for t in AutomatedTask.objects.filter(parent_task=task).exclude(
+            sync_status="initial"
+        ):
+            t.modify_task_on_agent()
+
+    return "ok"

api/tacticalrmm/automation/tests.py

@@ -1,20 +1,16 @@
 from itertools import cycle
 from unittest.mock import patch
 
-from model_bakery import baker, seq
-
 from agents.models import Agent
 from core.models import CoreSettings
+from model_bakery import baker, seq
 from tacticalrmm.test import TacticalTestCase
 from winupdate.models import WinUpdatePolicy
 
 from .serializers import (
-    AutoTasksFieldSerializer,
-    PolicyCheckSerializer,
     PolicyCheckStatusSerializer,
     PolicyOverviewSerializer,
     PolicySerializer,
-    PolicyTableSerializer,
     PolicyTaskStatusSerializer,
 )
 
@@ -27,12 +23,10 @@ class TestPolicyViews(TacticalTestCase):
     def test_get_all_policies(self):
         url = "/automation/policies/"
 
-        policies = baker.make("automation.Policy", _quantity=3)
+        baker.make("automation.Policy", _quantity=3)
         resp = self.client.get(url, format="json")
-        serializer = PolicyTableSerializer(policies, many=True)
-
         self.assertEqual(resp.status_code, 200)
-        self.assertEqual(resp.data, serializer.data)  # type: ignore
+        self.assertEqual(len(resp.data), 3)
 
         self.check_not_authenticated("get", url)
 
@@ -52,7 +46,10 @@ class TestPolicyViews(TacticalTestCase):
 
         self.check_not_authenticated("get", url)
 
-    def test_add_policy(self):
+    @patch("autotasks.models.AutomatedTask.create_task_on_agent")
+    def test_add_policy(self, create_task):
+        from automation.models import Policy
+
         url = "/automation/policies/"
 
         data = {
@@ -71,8 +68,12 @@ class TestPolicyViews(TacticalTestCase):
 
         # create policy with tasks and checks
         policy = baker.make("automation.Policy")
-        self.create_checks(policy=policy)
-        baker.make("autotasks.AutomatedTask", policy=policy, _quantity=3)
+        checks = self.create_checks(policy=policy)
+        tasks = baker.make("autotasks.AutomatedTask", policy=policy, _quantity=3)
+
+        # assign a task to a check
+        tasks[0].assigned_check = checks[0]  # type: ignore
+        tasks[0].save()  # type: ignore
 
         # test copy tasks and checks to another policy
         data = {
@@ -85,13 +86,21 @@ class TestPolicyViews(TacticalTestCase):
 
         resp = self.client.post(f"/automation/policies/", data, format="json")
         self.assertEqual(resp.status_code, 200)
-        self.assertEqual(policy.autotasks.count(), 3)  # type: ignore
-        self.assertEqual(policy.policychecks.count(), 7)  # type: ignore
+
+        copied_policy = Policy.objects.get(name=data["name"])
+
+        self.assertEqual(copied_policy.autotasks.count(), 3)  # type: ignore
+        self.assertEqual(copied_policy.policychecks.count(), 7)  # type: ignore
+
+        # make sure correct task was assign to the check
+        self.assertEqual(copied_policy.autotasks.get(name=tasks[0].name).assigned_check.check_type, checks[0].check_type)  # type: ignore
+
+        create_task.assert_not_called()
 
         self.check_not_authenticated("post", url)
 
-    @patch("automation.tasks.generate_agent_checks_from_policies_task.delay")
-    def test_update_policy(self, generate_agent_checks_from_policies_task):
+    @patch("automation.tasks.generate_agent_checks_task.delay")
+    def test_update_policy(self, generate_agent_checks_task):
         # returns 404 for invalid policy pk
         resp = self.client.put("/automation/policies/500/", format="json")
         self.assertEqual(resp.status_code, 404)
@@ -109,8 +118,8 @@ class TestPolicyViews(TacticalTestCase):
         resp = self.client.put(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
 
-        # only called if active or enforced are updated
-        generate_agent_checks_from_policies_task.assert_not_called()
+        # only called if active, enforced, or excluded objects are updated
+        generate_agent_checks_task.assert_not_called()
 
         data = {
             "name": "Test Policy Update",
@@ -121,8 +130,25 @@ class TestPolicyViews(TacticalTestCase):
 
         resp = self.client.put(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
-        generate_agent_checks_from_policies_task.assert_called_with(
-            policypk=policy.pk, create_tasks=True  # type: ignore
+        generate_agent_checks_task.assert_called_with(
+            policy=policy.pk, create_tasks=True  # type: ignore
+        )
+        generate_agent_checks_task.reset_mock()
+
+        # make sure policies are re-evaluated when excluded changes
+        agents = baker.make_recipe("agents.agent", _quantity=2)
+        clients = baker.make("clients.Client", _quantity=2)
+        sites = baker.make("clients.Site", _quantity=2)
+        data = {
+            "excluded_agents": [agent.pk for agent in agents],  # type: ignore
+            "excluded_sites": [site.pk for site in sites],  # type: ignore
+            "excluded_clients": [client.pk for client in clients],  # type: ignore
+        }
+
+        resp = self.client.put(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        generate_agent_checks_task.assert_called_with(
+            policy=policy.pk, create_tasks=True  # type: ignore
         )
 
         self.check_not_authenticated("put", url)
@@ -145,43 +171,11 @@ class TestPolicyViews(TacticalTestCase):
         self.assertEqual(resp.status_code, 200)
 
         generate_agent_checks_task.assert_called_with(
-            [agent.pk for agent in agents], create_tasks=True
+            agents=[agent.pk for agent in agents], create_tasks=True
         )
 
         self.check_not_authenticated("delete", url)
 
-    def test_get_all_policy_tasks(self):
-        # create policy with tasks
-        policy = baker.make("automation.Policy")
-        tasks = baker.make("autotasks.AutomatedTask", policy=policy, _quantity=3)
-        url = f"/automation/{policy.pk}/policyautomatedtasks/"  # type: ignore
-
-        resp = self.client.get(url, format="json")
-        serializer = AutoTasksFieldSerializer(tasks, many=True)
-
-        self.assertEqual(resp.status_code, 200)
-        self.assertEqual(resp.data, serializer.data)  # type: ignore
-        self.assertEqual(len(resp.data), 3)  # type: ignore
-
-        self.check_not_authenticated("get", url)
-
-    def test_get_all_policy_checks(self):
-
-        # setup data
-        policy = baker.make("automation.Policy")
-        checks = self.create_checks(policy=policy)
-
-        url = f"/automation/{policy.pk}/policychecks/"  # type: ignore
-
-        resp = self.client.get(url, format="json")
-        serializer = PolicyCheckSerializer(checks, many=True)
-
-        self.assertEqual(resp.status_code, 200)
-        self.assertEqual(resp.data, serializer.data)  # type: ignore
-        self.assertEqual(len(resp.data), 7)  # type: ignore
-
-        self.check_not_authenticated("get", url)
-
     def test_get_policy_check_status(self):
         # setup data
         site = baker.make("clients.Site")
@@ -194,14 +188,14 @@ class TestPolicyViews(TacticalTestCase):
             managed_by_policy=True,
             parent_check=policy_diskcheck.pk,
         )
-        url = f"/automation/policycheckstatus/{policy_diskcheck.pk}/check/"
+        url = f"/automation/checks/{policy_diskcheck.pk}/status/"
 
-        resp = self.client.patch(url, format="json")
+        resp = self.client.get(url, format="json")
         serializer = PolicyCheckStatusSerializer([managed_check], many=True)
 
         self.assertEqual(resp.status_code, 200)
         self.assertEqual(resp.data, serializer.data)  # type: ignore
-        self.check_not_authenticated("patch", url)
+        self.check_not_authenticated("get", url)
 
     def test_policy_overview(self):
         from clients.models import Client
@@ -261,17 +255,17 @@ class TestPolicyViews(TacticalTestCase):
             "autotasks.AutomatedTask", parent_task=task.id, _quantity=5  # type: ignore
         )
 
-        url = f"/automation/policyautomatedtaskstatus/{task.id}/task/"  # type: ignore
+        url = f"/automation/tasks/{task.id}/status/"  # type: ignore
 
         serializer = PolicyTaskStatusSerializer(policy_tasks, many=True)
-        resp = self.client.patch(url, format="json")
+        resp = self.client.get(url, format="json")
         self.assertEqual(resp.status_code, 200)
         self.assertEqual(resp.data, serializer.data)  # type: ignore
         self.assertEqual(len(resp.data), 5)  # type: ignore
 
-        self.check_not_authenticated("patch", url)
+        self.check_not_authenticated("get", url)
 
-    @patch("automation.tasks.run_win_policy_autotask_task.delay")
+    @patch("automation.tasks.run_win_policy_autotasks_task.delay")
     def test_run_win_task(self, mock_task):
 
         # create managed policy tasks
@@ -281,16 +275,17 @@ class TestPolicyViews(TacticalTestCase):
             parent_task=1,
             _quantity=6,
         )
-        url = "/automation/runwintask/1/"
-        resp = self.client.put(url, format="json")
+
+        url = "/automation/tasks/1/run/"
+        resp = self.client.post(url, format="json")
         self.assertEqual(resp.status_code, 200)
 
-        mock_task.assert_called_once_with([task.pk for task in tasks])  # type: ignore
+        mock_task.assert_called()  # type: ignore
 
-        self.check_not_authenticated("put", url)
+        self.check_not_authenticated("post", url)
 
     def test_create_new_patch_policy(self):
-        url = "/automation/winupdatepolicy/"
+        url = "/automation/patchpolicy/"
 
         # test policy doesn't exist
         data = {"policy": 500}
@@ -321,15 +316,14 @@ class TestPolicyViews(TacticalTestCase):
     def test_update_patch_policy(self):
 
         # test policy doesn't exist
-        resp = self.client.put("/automation/winupdatepolicy/500/", format="json")
+        resp = self.client.put("/automation/patchpolicy/500/", format="json")
         self.assertEqual(resp.status_code, 404)
 
         policy = baker.make("automation.Policy")
         patch_policy = baker.make("winupdate.WinUpdatePolicy", policy=policy)
-        url = f"/automation/winupdatepolicy/{patch_policy.pk}/"  # type: ignore
+        url = f"/automation/patchpolicy/{patch_policy.pk}/"  # type: ignore
 
         data = {
-            "id": patch_policy.pk,  # type: ignore
             "policy": policy.pk,  # type: ignore
             "critical": "approve",
             "important": "approve",
@@ -345,7 +339,7 @@ class TestPolicyViews(TacticalTestCase):
         self.check_not_authenticated("put", url)
 
     def test_reset_patch_policy(self):
-        url = "/automation/winupdatepolicy/reset/"
+        url = "/automation/patchpolicy/reset/"
 
         inherit_fields = {
             "critical": "inherit",
@@ -374,7 +368,7 @@ class TestPolicyViews(TacticalTestCase):
         # test reset agents in site
         data = {"site": sites[0].id}  # type: ignore
 
-        resp = self.client.patch(url, data, format="json")
+        resp = self.client.post(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
 
         agents = Agent.objects.filter(site=sites[0])  # type: ignore
@@ -386,7 +380,7 @@ class TestPolicyViews(TacticalTestCase):
         # test reset agents in client
         data = {"client": clients[1].id}  # type: ignore
 
-        resp = self.client.patch(url, data, format="json")
+        resp = self.client.post(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
 
         agents = Agent.objects.filter(site__client=clients[1])  # type: ignore
@@ -398,7 +392,7 @@ class TestPolicyViews(TacticalTestCase):
         # test reset all agents
         data = {}
 
-        resp = self.client.patch(url, data, format="json")
+        resp = self.client.post(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
 
         agents = Agent.objects.all()
@@ -406,17 +400,17 @@ class TestPolicyViews(TacticalTestCase):
             for k, v in inherit_fields.items():
                 self.assertEqual(getattr(agent.winupdatepolicy.get(), k), v)
 
-        self.check_not_authenticated("patch", url)
+        self.check_not_authenticated("post", url)
 
     def test_delete_patch_policy(self):
         # test patch policy doesn't exist
-        resp = self.client.delete("/automation/winupdatepolicy/500/", format="json")
+        resp = self.client.delete("/automation/patchpolicy/500/", format="json")
         self.assertEqual(resp.status_code, 404)
 
         winupdate_policy = baker.make_recipe(
             "winupdate.winupdate_policy", policy__name="Test Policy"
         )
-        url = f"/automation/winupdatepolicy/{winupdate_policy.pk}/"
+        url = f"/automation/patchpolicy/{winupdate_policy.pk}/"
 
         resp = self.client.delete(url, format="json")
         self.assertEqual(resp.status_code, 200)
@@ -426,6 +420,25 @@ class TestPolicyViews(TacticalTestCase):
 
         self.check_not_authenticated("delete", url)
 
+    @patch("automation.tasks.generate_agent_checks_task.delay")
+    def test_sync_policy(self, generate_checks):
+        url = "/automation/sync/"
+
+        # test invalid data
+        data = {"invalid": 7}
+
+        resp = self.client.post(url, data, format="json")
+        self.assertEqual(resp.status_code, 400)
+
+        policy = baker.make("automation.Policy", active=True)
+        data = {"policy": policy.pk}  # type: ignore
+
+        resp = self.client.post(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        generate_checks.assert_called_with(policy=policy.pk, create_tasks=True)  # type: ignore
+
+        self.check_not_authenticated("post", url)
+
 
 class TestPolicyTasks(TacticalTestCase):
     def setUp(self):
@@ -452,7 +465,7 @@ class TestPolicyTasks(TacticalTestCase):
 
         # Add Client to Policy
         policy.server_clients.add(server_agents[13].client)  # type: ignore
-        policy.workstation_clients.add(workstation_agents[15].client)  # type: ignore
+        policy.workstation_clients.add(workstation_agents[13].client)  # type: ignore
 
         resp = self.client.get(
             f"/automation/policies/{policy.pk}/related/", format="json"  # type: ignore
@@ -460,25 +473,31 @@ class TestPolicyTasks(TacticalTestCase):
 
         self.assertEqual(resp.status_code, 200)
         self.assertEquals(len(resp.data["server_clients"]), 1)  # type: ignore
-        self.assertEquals(len(resp.data["server_sites"]), 5)  # type: ignore
+        self.assertEquals(len(resp.data["server_sites"]), 0)  # type: ignore
         self.assertEquals(len(resp.data["workstation_clients"]), 1)  # type: ignore
-        self.assertEquals(len(resp.data["workstation_sites"]), 5)  # type: ignore
-        self.assertEquals(len(resp.data["agents"]), 10)  # type: ignore
+        self.assertEquals(len(resp.data["workstation_sites"]), 0)  # type: ignore
+        self.assertEquals(len(resp.data["agents"]), 0)  # type: ignore
 
-        # Add Site to Policy and the agents and sites length shouldn't change
-        policy.server_sites.add(server_agents[13].site)  # type: ignore
-        policy.workstation_sites.add(workstation_agents[15].site)  # type: ignore
-        self.assertEquals(len(resp.data["server_sites"]), 5)  # type: ignore
-        self.assertEquals(len(resp.data["workstation_sites"]), 5)  # type: ignore
-        self.assertEquals(len(resp.data["agents"]), 10)  # type: ignore
+        # Add Site to Policy
+        policy.server_sites.add(server_agents[10].site)  # type: ignore
+        policy.workstation_sites.add(workstation_agents[10].site)  # type: ignore
+        resp = self.client.get(
+            f"/automation/policies/{policy.pk}/related/", format="json"  # type: ignore
+        )
+        self.assertEquals(len(resp.data["server_sites"]), 1)  # type: ignore
+        self.assertEquals(len(resp.data["workstation_sites"]), 1)  # type: ignore
+        self.assertEquals(len(resp.data["agents"]), 0)  # type: ignore
 
-        # Add Agent to Policy and the agents length shouldn't change
-        policy.agents.add(server_agents[13])  # type: ignore
-        policy.agents.add(workstation_agents[15])  # type: ignore
-        self.assertEquals(len(resp.data["agents"]), 10)  # type: ignore
+        # Add Agent to Policy
+        policy.agents.add(server_agents[2])  # type: ignore
+        policy.agents.add(workstation_agents[2])  # type: ignore
+        resp = self.client.get(
+            f"/automation/policies/{policy.pk}/related/", format="json"  # type: ignore
+        )
+        self.assertEquals(len(resp.data["agents"]), 2)  # type: ignore
 
     def test_generating_agent_policy_checks(self):
-        from .tasks import generate_agent_checks_from_policies_task
+        from .tasks import generate_agent_checks_task
 
         # setup data
         policy = baker.make("automation.Policy", active=True)
@@ -486,7 +505,7 @@ class TestPolicyTasks(TacticalTestCase):
         agent = baker.make_recipe("agents.agent", policy=policy)
 
         # test policy assigned to agent
-        generate_agent_checks_from_policies_task(policy.id)  # type: ignore
+        generate_agent_checks_task(policy=policy.id)  # type: ignore
 
         # make sure all checks were created. should be 7
         agent_checks = Agent.objects.get(pk=agent.id).agentchecks.all()
@@ -526,7 +545,7 @@ class TestPolicyTasks(TacticalTestCase):
                 self.assertEqual(check.event_type, checks[6].event_type)
 
     def test_generating_agent_policy_checks_with_enforced(self):
-        from .tasks import generate_agent_checks_from_policies_task
+        from .tasks import generate_agent_checks_task
 
         # setup data
         policy = baker.make("automation.Policy", active=True, enforced=True)
@@ -536,7 +555,7 @@ class TestPolicyTasks(TacticalTestCase):
         agent = baker.make_recipe("agents.agent", site=site, policy=policy)
         self.create_checks(agent=agent, script=script)
 
-        generate_agent_checks_from_policies_task(policy.id, create_tasks=True)  # type: ignore
+        generate_agent_checks_task(policy=policy.id, create_tasks=True)  # type: ignore
 
         # make sure each agent check says overriden_by_policy
         self.assertEqual(Agent.objects.get(pk=agent.id).agentchecks.count(), 14)
@@ -547,13 +566,12 @@ class TestPolicyTasks(TacticalTestCase):
             7,
         )
 
-    @patch("automation.tasks.generate_agent_checks_by_location_task.delay")
+    @patch("autotasks.models.AutomatedTask.create_task_on_agent")
+    @patch("automation.tasks.generate_agent_checks_task.delay")
     def test_generating_agent_policy_checks_by_location(
-        self, generate_agent_checks_by_location_task
+        self, generate_agent_checks_mock, create_task
     ):
-        from automation.tasks import (
-            generate_agent_checks_by_location_task as generate_agent_checks,
-        )
+        from automation.tasks import generate_agent_checks_task
 
         # setup data
         policy = baker.make("automation.Policy", active=True)
@@ -577,16 +595,14 @@ class TestPolicyTasks(TacticalTestCase):
         workstation_agent.client.save()
 
         # should trigger task in save method on core
-        generate_agent_checks_by_location_task.assert_called_with(
-            location={"site__client_id": workstation_agent.client.pk},
-            mon_type="workstation",
+        generate_agent_checks_mock.assert_called_with(
+            client=workstation_agent.client.pk,
             create_tasks=True,
         )
-        generate_agent_checks_by_location_task.reset_mock()
+        generate_agent_checks_mock.reset_mock()
 
-        generate_agent_checks(
-            location={"site__client_id": workstation_agent.client.pk},
-            mon_type="workstation",
+        generate_agent_checks_task(
+            client=workstation_agent.client.pk,
             create_tasks=True,
         )
 
@@ -601,16 +617,14 @@ class TestPolicyTasks(TacticalTestCase):
         workstation_agent.client.save()
 
         # should trigger task in save method on core
-        generate_agent_checks_by_location_task.assert_called_with(
-            location={"site__client_id": workstation_agent.client.pk},
-            mon_type="workstation",
+        generate_agent_checks_mock.assert_called_with(
+            client=workstation_agent.client.pk,
             create_tasks=True,
         )
-        generate_agent_checks_by_location_task.reset_mock()
+        generate_agent_checks_mock.reset_mock()
 
-        generate_agent_checks(
-            location={"site__client_id": workstation_agent.client.pk},
-            mon_type="workstation",
+        generate_agent_checks_task(
+            client=workstation_agent.client.pk,
             create_tasks=True,
         )
 
@@ -625,16 +639,14 @@ class TestPolicyTasks(TacticalTestCase):
         server_agent.client.save()
 
         # should trigger task in save method on core
-        generate_agent_checks_by_location_task.assert_called_with(
-            location={"site__client_id": server_agent.client.pk},
-            mon_type="server",
+        generate_agent_checks_mock.assert_called_with(
+            client=server_agent.client.pk,
             create_tasks=True,
         )
-        generate_agent_checks_by_location_task.reset_mock()
+        generate_agent_checks_mock.reset_mock()
 
-        generate_agent_checks(
-            location={"site__client_id": server_agent.client.pk},
-            mon_type="server",
+        generate_agent_checks_task(
+            client=server_agent.client.pk,
             create_tasks=True,
         )
 
@@ -649,16 +661,14 @@ class TestPolicyTasks(TacticalTestCase):
         server_agent.client.save()
 
         # should trigger task in save method on core
-        generate_agent_checks_by_location_task.assert_called_with(
-            location={"site__client_id": server_agent.client.pk},
-            mon_type="server",
+        generate_agent_checks_mock.assert_called_with(
+            client=server_agent.client.pk,
             create_tasks=True,
         )
-        generate_agent_checks_by_location_task.reset_mock()
+        generate_agent_checks_mock.reset_mock()
 
-        generate_agent_checks(
-            location={"site__client_id": server_agent.client.pk},
-            mon_type="server",
+        generate_agent_checks_task(
+            client=server_agent.client.pk,
             create_tasks=True,
         )
 
@@ -673,16 +683,14 @@ class TestPolicyTasks(TacticalTestCase):
         workstation_agent.site.save()
 
         # should trigger task in save method on core
-        generate_agent_checks_by_location_task.assert_called_with(
-            location={"site_id": workstation_agent.site.pk},
-            mon_type="workstation",
+        generate_agent_checks_mock.assert_called_with(
+            site=workstation_agent.site.pk,
             create_tasks=True,
         )
-        generate_agent_checks_by_location_task.reset_mock()
+        generate_agent_checks_mock.reset_mock()
 
-        generate_agent_checks(
-            location={"site_id": workstation_agent.site.pk},
-            mon_type="workstation",
+        generate_agent_checks_task(
+            site=workstation_agent.site.pk,
             create_tasks=True,
         )
 
@@ -697,16 +705,14 @@ class TestPolicyTasks(TacticalTestCase):
         workstation_agent.site.save()
 
         # should trigger task in save method on core
-        generate_agent_checks_by_location_task.assert_called_with(
-            location={"site_id": workstation_agent.site.pk},
-            mon_type="workstation",
+        generate_agent_checks_mock.assert_called_with(
+            site=workstation_agent.site.pk,
             create_tasks=True,
         )
-        generate_agent_checks_by_location_task.reset_mock()
+        generate_agent_checks_mock.reset_mock()
 
-        generate_agent_checks(
-            location={"site_id": workstation_agent.site.pk},
-            mon_type="workstation",
+        generate_agent_checks_task(
+            site=workstation_agent.site.pk,
             create_tasks=True,
         )
 
@@ -721,16 +727,14 @@ class TestPolicyTasks(TacticalTestCase):
         server_agent.site.save()
 
         # should trigger task in save method on core
-        generate_agent_checks_by_location_task.assert_called_with(
-            location={"site_id": server_agent.site.pk},
-            mon_type="server",
+        generate_agent_checks_mock.assert_called_with(
+            site=server_agent.site.pk,
             create_tasks=True,
         )
-        generate_agent_checks_by_location_task.reset_mock()
+        generate_agent_checks_mock.reset_mock()
 
-        generate_agent_checks(
-            location={"site_id": server_agent.site.pk},
-            mon_type="server",
+        generate_agent_checks_task(
+            site=server_agent.site.pk,
             create_tasks=True,
         )
 
@@ -745,16 +749,14 @@ class TestPolicyTasks(TacticalTestCase):
         server_agent.site.save()
 
         # should trigger task in save method on core
-        generate_agent_checks_by_location_task.assert_called_with(
-            location={"site_id": server_agent.site.pk},
-            mon_type="server",
+        generate_agent_checks_mock.assert_called_with(
+            site=server_agent.site.pk,
             create_tasks=True,
         )
-        generate_agent_checks_by_location_task.reset_mock()
+        generate_agent_checks_mock.reset_mock()
 
-        generate_agent_checks(
-            location={"site_id": server_agent.site.pk},
-            mon_type="server",
+        generate_agent_checks_task(
+            site=server_agent.site.pk,
             create_tasks=True,
         )
 
@@ -764,13 +766,11 @@ class TestPolicyTasks(TacticalTestCase):
             Agent.objects.get(pk=workstation_agent.id).agentchecks.count(), 0
         )
 
-    @patch("automation.tasks.generate_all_agent_checks_task.delay")
-    def test_generating_policy_checks_for_all_agents(
-        self, generate_all_agent_checks_task
-    ):
+    @patch("automation.tasks.generate_agent_checks_task.delay")
+    def test_generating_policy_checks_for_all_agents(self, generate_agent_checks_mock):
         from core.models import CoreSettings
 
-        from .tasks import generate_all_agent_checks_task as generate_all_checks
+        from .tasks import generate_agent_checks_task
 
         # setup data
         policy = baker.make("automation.Policy", active=True)
@@ -782,11 +782,9 @@ class TestPolicyTasks(TacticalTestCase):
         core.server_policy = policy
         core.save()
 
-        generate_all_agent_checks_task.assert_called_with(
-            mon_type="server", create_tasks=True
-        )
-        generate_all_agent_checks_task.reset_mock()
-        generate_all_checks(mon_type="server", create_tasks=True)
+        generate_agent_checks_mock.assert_called_with(all=True, create_tasks=True)
+        generate_agent_checks_mock.reset_mock()
+        generate_agent_checks_task(all=True, create_tasks=True)
 
         # all servers should have 7 checks
         for agent in server_agents:
@@ -799,15 +797,9 @@ class TestPolicyTasks(TacticalTestCase):
         core.workstation_policy = policy
         core.save()
 
-        generate_all_agent_checks_task.assert_any_call(
-            mon_type="workstation", create_tasks=True
-        )
-        generate_all_agent_checks_task.assert_any_call(
-            mon_type="server", create_tasks=True
-        )
-        generate_all_agent_checks_task.reset_mock()
-        generate_all_checks(mon_type="server", create_tasks=True)
-        generate_all_checks(mon_type="workstation", create_tasks=True)
+        generate_agent_checks_mock.assert_any_call(all=True, create_tasks=True)
+        generate_agent_checks_mock.reset_mock()
+        generate_agent_checks_task(all=True, create_tasks=True)
 
         # all workstations should have 7 checks
         for agent in server_agents:
@@ -819,11 +811,9 @@ class TestPolicyTasks(TacticalTestCase):
         core.workstation_policy = None
         core.save()
 
-        generate_all_agent_checks_task.assert_called_with(
-            mon_type="workstation", create_tasks=True
-        )
-        generate_all_agent_checks_task.reset_mock()
-        generate_all_checks(mon_type="workstation", create_tasks=True)
+        generate_agent_checks_mock.assert_called_with(all=True, create_tasks=True)
+        generate_agent_checks_mock.reset_mock()
+        generate_agent_checks_task(all=True, create_tasks=True)
 
         # nothing should have the checks
         for agent in server_agents:
@@ -832,31 +822,8 @@ class TestPolicyTasks(TacticalTestCase):
         for agent in workstation_agents:
             self.assertEqual(Agent.objects.get(pk=agent.id).agentchecks.count(), 0)
 
-    def test_delete_policy_check(self):
-        from .models import Policy
-        from .tasks import delete_policy_check_task
-
-        policy = baker.make("automation.Policy", active=True)
-        self.create_checks(policy=policy)
-        agent = baker.make_recipe("agents.server_agent", policy=policy)
-
-        # make sure agent has 7 checks
-        self.assertEqual(Agent.objects.get(pk=agent.id).agentchecks.count(), 7)
-
-        # pick a policy check and delete it from the agent
-        policy_check_id = Policy.objects.get(pk=policy.id).policychecks.first().id  # type: ignore
-
-        delete_policy_check_task(policy_check_id)
-
-        # make sure policy check doesn't exist on agent
-        self.assertEqual(Agent.objects.get(pk=agent.id).agentchecks.count(), 6)
-        self.assertFalse(
-            Agent.objects.get(pk=agent.id)
-            .agentchecks.filter(parent_check=policy_check_id)
-            .exists()
-        )
-
-    def update_policy_check_fields(self):
+    @patch("autotasks.models.AutomatedTask.create_task_on_agent")
+    def update_policy_check_fields(self, create_task):
         from .models import Policy
         from .tasks import update_policy_check_fields_task
 
@@ -886,8 +853,9 @@ class TestPolicyTasks(TacticalTestCase):
             "12.12.12.12",
         )
 
-    def test_generate_agent_tasks(self):
-        from .tasks import generate_agent_tasks_from_policies_task
+    @patch("autotasks.models.AutomatedTask.create_task_on_agent")
+    def test_generate_agent_tasks(self, create_task):
+        from .tasks import generate_agent_autotasks_task
 
         # create test data
         policy = baker.make("automation.Policy", active=True)
@@ -896,7 +864,7 @@ class TestPolicyTasks(TacticalTestCase):
         )
         agent = baker.make_recipe("agents.server_agent", policy=policy)
 
-        generate_agent_tasks_from_policies_task(policy.id)  # type: ignore
+        generate_agent_autotasks_task(policy=policy.id)  # type: ignore
 
         agent_tasks = Agent.objects.get(pk=agent.id).autotasks.all()
 
@@ -915,56 +883,70 @@ class TestPolicyTasks(TacticalTestCase):
                 self.assertEqual(task.parent_task, tasks[2].id)  # type: ignore
                 self.assertEqual(task.name, tasks[2].name)  # type: ignore
 
-    @patch("autotasks.tasks.delete_win_task_schedule.delay")
-    def test_delete_policy_tasks(self, delete_win_task_schedule):
-        from .tasks import delete_policy_autotask_task
+    @patch("autotasks.models.AutomatedTask.create_task_on_agent")
+    @patch("autotasks.models.AutomatedTask.delete_task_on_agent")
+    def test_delete_policy_tasks(self, delete_task_on_agent, create_task):
+        from .tasks import delete_policy_autotasks_task, generate_agent_checks_task
 
         policy = baker.make("automation.Policy", active=True)
         tasks = baker.make("autotasks.AutomatedTask", policy=policy, _quantity=3)
         agent = baker.make_recipe("agents.server_agent", policy=policy)
 
-        delete_policy_autotask_task(tasks[0].id)  # type: ignore
+        generate_agent_checks_task(agents=[agent.pk], create_tasks=True)
 
-        delete_win_task_schedule.assert_called_with(
-            agent.autotasks.get(parent_task=tasks[0].id).id  # type: ignore
+        delete_policy_autotasks_task(task=tasks[0].id)  # type: ignore
+
+        delete_task_on_agent.assert_called()
+
+    @patch("autotasks.models.AutomatedTask.create_task_on_agent")
+    @patch("autotasks.models.AutomatedTask.run_win_task")
+    def test_run_policy_task(self, run_win_task, create_task):
+        from .tasks import run_win_policy_autotasks_task, generate_agent_checks_task
+
+        policy = baker.make("automation.Policy", active=True)
+        tasks = baker.make("autotasks.AutomatedTask", policy=policy, _quantity=3)
+        agent = baker.make_recipe("agents.server_agent", policy=policy)
+
+        generate_agent_checks_task(agents=[agent.pk], create_tasks=True)
+
+        run_win_policy_autotasks_task(task=tasks[0].id)  # type: ignore
+
+        run_win_task.assert_called_once()
+
+    @patch("autotasks.models.AutomatedTask.create_task_on_agent")
+    @patch("autotasks.models.AutomatedTask.modify_task_on_agent")
+    def test_update_policy_tasks(self, modify_task_on_agent, create_task):
+        from .tasks import (
+            update_policy_autotasks_fields_task,
+            generate_agent_checks_task,
         )
 
-    @patch("autotasks.tasks.run_win_task.delay")
-    def test_run_policy_task(self, run_win_task):
-        from .tasks import run_win_policy_autotask_task
-
-        tasks = baker.make("autotasks.AutomatedTask", _quantity=3)
-
-        run_win_policy_autotask_task([task.id for task in tasks])  # type: ignore
-
-        run_win_task.side_effect = [task.id for task in tasks]  # type: ignore
-        self.assertEqual(run_win_task.call_count, 3)
-        for task in tasks:  # type: ignore
-            run_win_task.assert_any_call(task.id)  # type: ignore
-
-    @patch("autotasks.tasks.enable_or_disable_win_task.delay")
-    def test_update_policy_tasks(self, enable_or_disable_win_task):
-        from .tasks import update_policy_task_fields_task
-
         # setup data
         policy = baker.make("automation.Policy", active=True)
         tasks = baker.make(
-            "autotasks.AutomatedTask", enabled=True, policy=policy, _quantity=3
+            "autotasks.AutomatedTask",
+            enabled=True,
+            policy=policy,
+            _quantity=3,
         )
         agent = baker.make_recipe("agents.server_agent", policy=policy)
 
+        generate_agent_checks_task(agents=[agent.pk], create_tasks=True)
+
         tasks[0].enabled = False  # type: ignore
         tasks[0].save()  # type: ignore
 
-        update_policy_task_fields_task(tasks[0].id)  # type: ignore
-        enable_or_disable_win_task.assert_not_called()
+        update_policy_autotasks_fields_task(task=tasks[0].id)  # type: ignore
+        modify_task_on_agent.assert_not_called()
 
         self.assertFalse(agent.autotasks.get(parent_task=tasks[0].id).enabled)  # type: ignore
 
-        update_policy_task_fields_task(tasks[0].id, update_agent=True)  # type: ignore
-        enable_or_disable_win_task.assert_called_with(
-            agent.autotasks.get(parent_task=tasks[0].id).id, False  # type: ignore
-        )
+        update_policy_autotasks_fields_task(task=tasks[0].id, update_agent=True)  # type: ignore
+        modify_task_on_agent.assert_not_called()
+
+        agent.autotasks.update(sync_status="synced")
+        update_policy_autotasks_fields_task(task=tasks[0].id, update_agent=True)  # type: ignore
+        modify_task_on_agent.assert_called_once()
 
     @patch("agents.models.Agent.generate_tasks_from_policies")
     @patch("agents.models.Agent.generate_checks_from_policies")
@@ -977,17 +959,21 @@ class TestPolicyTasks(TacticalTestCase):
         generate_checks.reset_mock()
         generate_tasks.reset_mock()
 
-        generate_agent_checks_task([agent.pk for agent in agents])
+        generate_agent_checks_task(agents=[agent.pk for agent in agents])
         self.assertEquals(generate_checks.call_count, 5)
         generate_tasks.assert_not_called()
         generate_checks.reset_mock()
 
-        generate_agent_checks_task([agent.pk for agent in agents], create_tasks=True)
+        generate_agent_checks_task(
+            agents=[agent.pk for agent in agents], create_tasks=True
+        )
         self.assertEquals(generate_checks.call_count, 5)
         self.assertEquals(generate_checks.call_count, 5)
 
-    @patch("autotasks.tasks.delete_win_task_schedule.delay")
-    def test_policy_exclusions(self, delete_task):
+    @patch("autotasks.models.AutomatedTask.create_task_on_agent")
+    def test_policy_exclusions(self, create_task):
+        from .tasks import generate_agent_checks_task
+
         # setup data
         policy = baker.make("automation.Policy", active=True)
         baker.make_recipe("checks.memory_check", policy=policy)
@@ -996,6 +982,8 @@ class TestPolicyTasks(TacticalTestCase):
             "agents.agent", policy=policy, monitoring_type="server"
         )
 
+        generate_agent_checks_task(agents=[agent.pk], create_tasks=True)
+
         # make sure related agents on policy returns correctly
         self.assertEqual(policy.related_agents().count(), 1)  # type: ignore
         self.assertEqual(agent.agentchecks.count(), 1)  # type: ignore
@@ -1009,8 +997,6 @@ class TestPolicyTasks(TacticalTestCase):
 
         self.assertEqual(policy.related_agents().count(), 0)  # type: ignore
         self.assertEqual(agent.agentchecks.count(), 0)  # type: ignore
-        delete_task.assert_called()
-        delete_task.reset_mock()
 
         # delete agent tasks
         agent.autotasks.all().delete()
@@ -1032,8 +1018,6 @@ class TestPolicyTasks(TacticalTestCase):
 
         self.assertEqual(policy.related_agents().count(), 0)  # type: ignore
         self.assertEqual(agent.agentchecks.count(), 0)  # type: ignore
-        delete_task.assert_called()
-        delete_task.reset_mock()
 
         # delete agent tasks and reset
         agent.autotasks.all().delete()
@@ -1055,8 +1039,6 @@ class TestPolicyTasks(TacticalTestCase):
 
         self.assertEqual(policy.related_agents().count(), 0)  # type: ignore
         self.assertEqual(agent.agentchecks.count(), 0)  # type: ignore
-        delete_task.assert_called()
-        delete_task.reset_mock()
 
         # delete agent tasks and reset
         agent.autotasks.all().delete()
@@ -1084,11 +1066,88 @@ class TestPolicyTasks(TacticalTestCase):
 
         self.assertEqual(policy.related_agents().count(), 0)  # type: ignore
         self.assertEqual(agent.agentchecks.count(), 0)  # type: ignore
-        delete_task.assert_called()
-        delete_task.reset_mock()
 
-    def test_removing_duplicate_pending_task_actions(self):
-        pass
+    @patch("autotasks.models.AutomatedTask.create_task_on_agent")
+    def test_policy_inheritance_blocking(self, create_task):
+        # setup data
+        policy = baker.make("automation.Policy", active=True)
+        baker.make_recipe("checks.memory_check", policy=policy)
+        baker.make("autotasks.AutomatedTask", policy=policy)
+        agent = baker.make_recipe("agents.agent", monitoring_type="server")
 
-    def test_creating_checks_with_assigned_tasks(self):
-        pass
+        core = CoreSettings.objects.first()
+        core.server_policy = policy
+        core.save()
+
+        agent.generate_checks_from_policies()
+        agent.generate_tasks_from_policies()
+
+        # should get policies from default policy
+        self.assertTrue(agent.autotasks.all())
+        self.assertTrue(agent.agentchecks.all())
+
+        # test client blocking inheritance
+        agent.site.client.block_policy_inheritance = True
+        agent.site.client.save()
+
+        agent.generate_checks_from_policies()
+        agent.generate_tasks_from_policies()
+
+        self.assertFalse(agent.autotasks.all())
+        self.assertFalse(agent.agentchecks.all())
+
+        agent.site.client.server_policy = policy
+        agent.site.client.save()
+
+        agent.generate_checks_from_policies()
+        agent.generate_tasks_from_policies()
+
+        # should get policies from client policy
+        self.assertTrue(agent.autotasks.all())
+        self.assertTrue(agent.agentchecks.all())
+
+        # test site blocking inheritance
+        agent.site.block_policy_inheritance = True
+        agent.site.save()
+
+        agent.generate_checks_from_policies()
+        agent.generate_tasks_from_policies()
+
+        self.assertFalse(agent.autotasks.all())
+        self.assertFalse(agent.agentchecks.all())
+
+        agent.site.server_policy = policy
+        agent.site.save()
+
+        agent.generate_checks_from_policies()
+        agent.generate_tasks_from_policies()
+
+        # should get policies from site policy
+        self.assertTrue(agent.autotasks.all())
+        self.assertTrue(agent.agentchecks.all())
+
+        # test agent blocking inheritance
+        agent.block_policy_inheritance = True
+        agent.save()
+
+        agent.generate_checks_from_policies()
+        agent.generate_tasks_from_policies()
+
+        self.assertFalse(agent.autotasks.all())
+        self.assertFalse(agent.agentchecks.all())
+
+        agent.policy = policy
+        agent.save()
+
+        agent.generate_checks_from_policies()
+        agent.generate_tasks_from_policies()
+
+        # should get policies from agent policy
+        self.assertTrue(agent.autotasks.all())
+        self.assertTrue(agent.agentchecks.all())
+
+
+class TestAutomationPermission(TacticalTestCase):
+    def setUp(self):
+        self.client_setup()
+        self.setup_coresettings()

api/tacticalrmm/automation/urls.py

@@ -1,18 +1,23 @@
 from django.urls import path
 
 from . import views
+from checks.views import GetAddChecks
+from autotasks.views import GetAddAutoTasks
 
 urlpatterns = [
     path("policies/", views.GetAddPolicies.as_view()),
     path("policies/<int:pk>/related/", views.GetRelated.as_view()),
     path("policies/overview/", views.OverviewPolicy.as_view()),
     path("policies/<int:pk>/", views.GetUpdateDeletePolicy.as_view()),
-    path("<int:pk>/policychecks/", views.PolicyCheck.as_view()),
-    path("<int:pk>/policyautomatedtasks/", views.PolicyAutoTask.as_view()),
-    path("policycheckstatus/<int:check>/check/", views.PolicyCheck.as_view()),
-    path("policyautomatedtaskstatus/<int:task>/task/", views.PolicyAutoTask.as_view()),
-    path("runwintask/<int:task>/", views.PolicyAutoTask.as_view()),
-    path("winupdatepolicy/", views.UpdatePatchPolicy.as_view()),
-    path("winupdatepolicy/<int:patchpolicy>/", views.UpdatePatchPolicy.as_view()),
-    path("winupdatepolicy/reset/", views.UpdatePatchPolicy.as_view()),
+    path("sync/", views.PolicySync.as_view()),
+    # alias to get policy checks
+    path("policies/<int:policy>/checks/", GetAddChecks.as_view()),
+    # alias to get policy tasks
+    path("policies/<int:policy>/tasks/", GetAddAutoTasks.as_view()),
+    path("checks/<int:check>/status/", views.PolicyCheck.as_view()),
+    path("tasks/<int:task>/status/", views.PolicyAutoTask.as_view()),
+    path("tasks/<int:task>/run/", views.PolicyAutoTask.as_view()),
+    path("patchpolicy/", views.UpdatePatchPolicy.as_view()),
+    path("patchpolicy/<int:pk>/", views.UpdatePatchPolicy.as_view()),
+    path("patchpolicy/reset/", views.ResetPatchPolicy.as_view()),
 ]

api/tacticalrmm/automation/views.py

@@ -1,34 +1,40 @@
-from django.shortcuts import get_object_or_404
-from rest_framework.response import Response
-from rest_framework.views import APIView
-
 from agents.models import Agent
-from agents.serializers import AgentHostnameSerializer
 from autotasks.models import AutomatedTask
 from checks.models import Check
 from clients.models import Client
-from clients.serializers import ClientSerializer, SiteSerializer
+from django.shortcuts import get_object_or_404
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+from rest_framework.views import APIView
+from rest_framework.exceptions import PermissionDenied
+from tacticalrmm.utils import notify_error
+from tacticalrmm.permissions import _has_perm_on_client, _has_perm_on_site
 from winupdate.models import WinUpdatePolicy
 from winupdate.serializers import WinUpdatePolicySerializer
 
 from .models import Policy
+from .permissions import AutomationPolicyPerms
 from .serializers import (
-    AutoTasksFieldSerializer,
-    PolicyCheckSerializer,
     PolicyCheckStatusSerializer,
+    PolicyRelatedSerializer,
     PolicyOverviewSerializer,
     PolicySerializer,
     PolicyTableSerializer,
     PolicyTaskStatusSerializer,
 )
-from .tasks import run_win_policy_autotask_task
 
 
 class GetAddPolicies(APIView):
+    permission_classes = [IsAuthenticated, AutomationPolicyPerms]
+
     def get(self, request):
         policies = Policy.objects.all()
 
-        return Response(PolicyTableSerializer(policies, many=True).data)
+        return Response(
+            PolicyTableSerializer(
+                policies, context={"user": request.user}, many=True
+            ).data
+        )
 
     def post(self, request):
         serializer = PolicySerializer(data=request.data, partial=True)
@@ -52,18 +58,30 @@ class GetAddPolicies(APIView):
 
 
 class GetUpdateDeletePolicy(APIView):
+    permission_classes = [IsAuthenticated, AutomationPolicyPerms]
+
     def get(self, request, pk):
         policy = get_object_or_404(Policy, pk=pk)
 
         return Response(PolicySerializer(policy).data)
 
     def put(self, request, pk):
+        from .tasks import generate_agent_checks_task
+
         policy = get_object_or_404(Policy, pk=pk)
 
         serializer = PolicySerializer(instance=policy, data=request.data, partial=True)
         serializer.is_valid(raise_exception=True)
         serializer.save()
 
+        # check for excluding objects and in the request and if present generate policies
+        if (
+            "excluded_sites" in request.data.keys()
+            or "excluded_clients" in request.data.keys()
+            or "excluded_agents" in request.data.keys()
+        ):
+            generate_agent_checks_task.delay(policy=pk, create_tasks=True)
+
         return Response("ok")
 
     def delete(self, request, pk):
@@ -72,31 +90,39 @@ class GetUpdateDeletePolicy(APIView):
         return Response("ok")
 
 
+class PolicySync(APIView):
+    def post(self, request):
+        if "policy" in request.data.keys():
+            from automation.tasks import generate_agent_checks_task
+
+            generate_agent_checks_task.delay(
+                policy=request.data["policy"], create_tasks=True
+            )
+            return Response("ok")
+
+        else:
+            return notify_error("The request was invalid")
+
+
 class PolicyAutoTask(APIView):
 
-    # tasks associated with policy
-    def get(self, request, pk):
-        tasks = AutomatedTask.objects.filter(policy=pk)
-        return Response(AutoTasksFieldSerializer(tasks, many=True).data)
-
     # get status of all tasks
-    def patch(self, request, task):
+    def get(self, request, task):
         tasks = AutomatedTask.objects.filter(parent_task=task)
         return Response(PolicyTaskStatusSerializer(tasks, many=True).data)
 
     # bulk run win tasks associated with policy
-    def put(self, request, task):
-        tasks = AutomatedTask.objects.filter(parent_task=task)
-        run_win_policy_autotask_task.delay([task.id for task in tasks])
+    def post(self, request, task):
+        from .tasks import run_win_policy_autotasks_task
+
+        run_win_policy_autotasks_task.delay(task=task)
         return Response("Affected agent tasks will run shortly")
 
 
 class PolicyCheck(APIView):
-    def get(self, request, pk):
-        checks = Check.objects.filter(policy__pk=pk, agent=None)
-        return Response(PolicyCheckSerializer(checks, many=True).data)
+    permission_classes = [IsAuthenticated, AutomationPolicyPerms]
 
-    def patch(self, request, check):
+    def get(self, request, check):
         checks = Check.objects.filter(parent_check=check)
         return Response(PolicyCheckStatusSerializer(checks, many=True).data)
 
@@ -111,8 +137,6 @@ class OverviewPolicy(APIView):
 class GetRelated(APIView):
     def get(self, request, pk):
 
-        response = {}
-
         policy = (
             Policy.objects.filter(pk=pk)
             .prefetch_related(
@@ -124,47 +148,13 @@ class GetRelated(APIView):
             .first()
         )
 
-        response["default_server_policy"] = policy.is_default_server_policy
-        response["default_workstation_policy"] = policy.is_default_workstation_policy
-
-        response["server_clients"] = ClientSerializer(
-            policy.server_clients.all(), many=True
-        ).data
-        response["workstation_clients"] = ClientSerializer(
-            policy.workstation_clients.all(), many=True
-        ).data
-
-        filtered_server_sites = list()
-        filtered_workstation_sites = list()
-
-        for client in policy.server_clients.all():
-            for site in client.sites.all():
-                if site not in policy.server_sites.all():
-                    filtered_server_sites.append(site)
-
-        response["server_sites"] = SiteSerializer(
-            filtered_server_sites + list(policy.server_sites.all()), many=True
-        ).data
-
-        for client in policy.workstation_clients.all():
-            for site in client.sites.all():
-                if site not in policy.workstation_sites.all():
-                    filtered_workstation_sites.append(site)
-
-        response["workstation_sites"] = SiteSerializer(
-            filtered_workstation_sites + list(policy.workstation_sites.all()), many=True
-        ).data
-
-        response["agents"] = AgentHostnameSerializer(
-            policy.related_agents().only("pk", "hostname"),
-            many=True,
-        ).data
-
-        return Response(response)
+        return Response(
+            PolicyRelatedSerializer(policy, context={"user": request.user}).data
+        )
 
 
 class UpdatePatchPolicy(APIView):
-
+    permission_classes = [IsAuthenticated, AutomationPolicyPerms]
     # create new patch policy
     def post(self, request):
         policy = get_object_or_404(Policy, pk=request.data["policy"])
@@ -177,8 +167,8 @@ class UpdatePatchPolicy(APIView):
         return Response("ok")
 
     # update patch policy
-    def put(self, request, patchpolicy):
-        policy = get_object_or_404(WinUpdatePolicy, pk=patchpolicy)
+    def put(self, request, pk):
+        policy = get_object_or_404(WinUpdatePolicy, pk=pk)
 
         serializer = WinUpdatePolicySerializer(
             instance=policy, data=request.data, partial=True
@@ -188,20 +178,41 @@ class UpdatePatchPolicy(APIView):
 
         return Response("ok")
 
-    # bulk reset agent patch policy
-    def patch(self, request):
+    # delete patch policy
+    def delete(self, request, pk):
+        get_object_or_404(WinUpdatePolicy, pk=pk).delete()
+
+        return Response("ok")
+
+
+class ResetPatchPolicy(APIView):
+    # bulk reset agent patch policy
+    def post(self, request):
 
-        agents = None
         if "client" in request.data:
-            agents = Agent.objects.prefetch_related("winupdatepolicy").filter(
-                site__client_id=request.data["client"]
+            if not _has_perm_on_client(request.user, request.data["client"]):
+                raise PermissionDenied()
+
+            agents = (
+                Agent.objects.filter_by_role(request.user)
+                .prefetch_related("winupdatepolicy")
+                .filter(site__client_id=request.data["client"])
             )
         elif "site" in request.data:
-            agents = Agent.objects.prefetch_related("winupdatepolicy").filter(
-                site_id=request.data["site"]
+            if not _has_perm_on_site(request.user, request.data["site"]):
+                raise PermissionDenied()
+
+            agents = (
+                Agent.objects.filter_by_role(request.user)
+                .prefetch_related("winupdatepolicy")
+                .filter(site_id=request.data["site"])
             )
         else:
-            agents = Agent.objects.prefetch_related("winupdatepolicy").only("pk")
+            agents = (
+                Agent.objects.filter_by_role(request.user)
+                .prefetch_related("winupdatepolicy")
+                .only("pk")
+            )
 
         for agent in agents:
             winupdatepolicy = agent.winupdatepolicy.get()
@@ -226,10 +237,4 @@ class UpdatePatchPolicy(APIView):
                 ]
             )
 
-        return Response("ok")
-
-    # delete patch policy
-    def delete(self, request, patchpolicy):
-        get_object_or_404(WinUpdatePolicy, pk=patchpolicy).delete()
-
-        return Response("ok")
+        return Response("The patch policy on the affected agents has been reset.")

api/tacticalrmm/autotasks/migrations/0019_auto_20210404_0032.py

@@ -0,0 +1,31 @@
+# Generated by Django 3.1.7 on 2021-04-04 00:32
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0019_globalkvstore'),
+        ('scripts', '0007_script_args'),
+        ('autotasks', '0018_automatedtask_run_asap_after_missed'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='automatedtask',
+            name='custom_field',
+            field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='autotask', to='core.customfield'),
+        ),
+        migrations.AddField(
+            model_name='automatedtask',
+            name='retvalue',
+            field=models.TextField(blank=True, null=True),
+        ),
+        migrations.AlterField(
+            model_name='automatedtask',
+            name='script',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='autoscript', to='scripts.script'),
+        ),
+    ]

api/tacticalrmm/autotasks/migrations/0020_auto_20210421_0226.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-04-21 02:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('autotasks', '0019_auto_20210404_0032'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='automatedtask',
+            name='sync_status',
+            field=models.CharField(choices=[('synced', 'Synced With Agent'), ('notsynced', 'Waiting On Agent Checkin'), ('pendingdeletion', 'Pending Deletion on Agent'), ('initial', 'Initial Task Sync')], default='initial', max_length=100),
+        ),
+    ]

api/tacticalrmm/autotasks/migrations/0021_alter_automatedtask_custom_field.py

@@ -0,0 +1,20 @@
+# Generated by Django 3.1.7 on 2021-04-27 14:11
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0021_customfield_hide_in_ui'),
+        ('autotasks', '0020_auto_20210421_0226'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='automatedtask',
+            name='custom_field',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='autotasks', to='core.customfield'),
+        ),
+    ]

api/tacticalrmm/autotasks/migrations/0022_automatedtask_collector_all_output.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.1 on 2021-05-29 03:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('autotasks', '0021_alter_automatedtask_custom_field'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='automatedtask',
+            name='collector_all_output',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/autotasks/migrations/0023_auto_20210917_1954.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.6 on 2021-09-17 19:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("autotasks", "0022_automatedtask_collector_all_output"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="automatedtask",
+            name="created_by",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name="automatedtask",
+            name="modified_by",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]

api/tacticalrmm/autotasks/models.py

@@ -1,20 +1,21 @@
+import asyncio
 import datetime as dt
 import random
 import string
+from typing import List
 
 import pytz
-from django.conf import settings
+from alerts.models import SEVERITY_CHOICES
 from django.contrib.postgres.fields import ArrayField
 from django.db import models
 from django.db.models.fields import DateTimeField
-from loguru import logger
-
-from alerts.models import SEVERITY_CHOICES
-from logs.models import BaseAuditModel
+from django.db.utils import DatabaseError
+from django.utils import timezone as djangotime
+from logs.models import BaseAuditModel, DebugLog
+from tacticalrmm.models import PermissionQuerySet
+from packaging import version as pyver
 from tacticalrmm.utils import bitdays_to_string
 
-logger.configure(**settings.LOG_CONFIG)
-
 RUN_TIME_DAY_CHOICES = [
     (0, "Monday"),
     (1, "Tuesday"),
@@ -36,6 +37,7 @@ SYNC_STATUS_CHOICES = [
     ("synced", "Synced With Agent"),
     ("notsynced", "Waiting On Agent Checkin"),
     ("pendingdeletion", "Pending Deletion on Agent"),
+    ("initial", "Initial Task Sync"),
 ]
 
 TASK_STATUS_CHOICES = [
@@ -46,6 +48,8 @@ TASK_STATUS_CHOICES = [
 
 
 class AutomatedTask(BaseAuditModel):
+    objects = PermissionQuerySet.as_manager()
+
     agent = models.ForeignKey(
         "agents.Agent",
         related_name="autotasks",
@@ -60,12 +64,19 @@ class AutomatedTask(BaseAuditModel):
         blank=True,
         on_delete=models.CASCADE,
     )
+    custom_field = models.ForeignKey(
+        "core.CustomField",
+        related_name="autotasks",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+    )
     script = models.ForeignKey(
         "scripts.Script",
         null=True,
         blank=True,
         related_name="autoscript",
-        on_delete=models.CASCADE,
+        on_delete=models.SET_NULL,
     )
     script_args = ArrayField(
         models.CharField(max_length=255, null=True, blank=True),
@@ -93,6 +104,7 @@ class AutomatedTask(BaseAuditModel):
     task_type = models.CharField(
         max_length=100, choices=TASK_TYPE_CHOICES, default="manual"
     )
+    collector_all_output = models.BooleanField(default=False)
     run_time_date = DateTimeField(null=True, blank=True)
     remove_if_not_scheduled = models.BooleanField(default=False)
     run_asap_after_missed = models.BooleanField(default=False)  # added in agent v1.4.7
@@ -100,6 +112,7 @@ class AutomatedTask(BaseAuditModel):
     parent_task = models.PositiveIntegerField(null=True, blank=True)
     win_task_name = models.CharField(max_length=255, null=True, blank=True)
     timeout = models.PositiveIntegerField(default=120)
+    retvalue = models.TextField(null=True, blank=True)
     retcode = models.IntegerField(null=True, blank=True)
     stdout = models.TextField(null=True, blank=True)
     stderr = models.TextField(null=True, blank=True)
@@ -110,7 +123,7 @@ class AutomatedTask(BaseAuditModel):
         max_length=30, choices=TASK_STATUS_CHOICES, default="pending"
     )
     sync_status = models.CharField(
-        max_length=100, choices=SYNC_STATUS_CHOICES, default="notsynced"
+        max_length=100, choices=SYNC_STATUS_CHOICES, default="initial"
     )
     alert_severity = models.CharField(
         max_length=30, choices=SEVERITY_CHOICES, default="info"
@@ -122,6 +135,31 @@ class AutomatedTask(BaseAuditModel):
     def __str__(self):
         return self.name
 
+    def save(self, *args, **kwargs):
+        from autotasks.tasks import enable_or_disable_win_task
+        from automation.tasks import update_policy_autotasks_fields_task
+
+        # get old agent if exists
+        old_task = AutomatedTask.objects.get(pk=self.pk) if self.pk else None
+        super(AutomatedTask, self).save(old_model=old_task, *args, **kwargs)
+
+        # check if automated task was enabled/disabled and send celery task
+        if old_task and old_task.enabled != self.enabled:
+            if self.agent:
+                enable_or_disable_win_task.delay(pk=self.pk)
+
+            # check if automated task was enabled/disabled and send celery task
+            elif old_task.policy:
+                update_policy_autotasks_fields_task.delay(
+                    task=self.pk, update_agent=True
+                )
+        # check if policy task was edited and then check if it was a field worth copying to rest of agent tasks
+        elif old_task and old_task.policy:
+            for field in self.policy_fields_to_copy:
+                if getattr(self, field) != getattr(old_task, field):
+                    update_policy_autotasks_fields_task.delay(task=self.pk)
+                    break
+
     @property
     def schedule(self):
         if self.task_type == "manual":
@@ -147,6 +185,32 @@ class AutomatedTask(BaseAuditModel):
 
         return self.last_run
 
+    # These fields will be duplicated on the agent tasks that are managed by a policy
+    @property
+    def policy_fields_to_copy(self) -> List[str]:
+        return [
+            "alert_severity",
+            "email_alert",
+            "text_alert",
+            "dashboard_alert",
+            "script",
+            "script_args",
+            "assigned_check",
+            "name",
+            "run_time_days",
+            "run_time_minute",
+            "run_time_bit_weekdays",
+            "run_time_date",
+            "task_type",
+            "win_task_name",
+            "timeout",
+            "enabled",
+            "remove_if_not_scheduled",
+            "run_asap_after_missed",
+            "custom_field",
+            "collector_all_output",
+        ]
+
     @staticmethod
     def generate_task_name():
         chars = string.ascii_letters
@@ -155,75 +219,243 @@ class AutomatedTask(BaseAuditModel):
     @staticmethod
     def serialize(task):
         # serializes the task and returns json
-        from .serializers import TaskSerializer
+        from .serializers import TaskAuditSerializer
 
-        return TaskSerializer(task).data
+        return TaskAuditSerializer(task).data
 
-    def create_policy_task(self, agent=None, policy=None):
-        from .tasks import create_win_task_schedule
+    def create_policy_task(self, agent=None, policy=None, assigned_check=None):
+
+        # added to allow new policy tasks to be assigned to check only when the agent check exists already
+        if (
+            self.assigned_check
+            and agent
+            and agent.agentchecks.filter(parent_check=self.assigned_check.id).exists()
+        ):
+            assigned_check = agent.agentchecks.get(parent_check=self.assigned_check.id)
 
         # if policy is present, then this task is being copied to another policy
         # if agent is present, then this task is being created on an agent from a policy
         # exit if neither are set or if both are set
-        if not agent and not policy or agent and policy:
+        # also exit if assigned_check is set because this task will be created when the check is
+        if (
+            (not agent and not policy)
+            or (agent and policy)
+            or (self.assigned_check and not assigned_check)
+        ):
             return
 
-        assigned_check = None
-
-        # get correct assigned check to task if set
-        if agent and self.assigned_check:
-            # check if there is a matching check on the agent
-            if agent.agentchecks.filter(parent_check=self.assigned_check.pk).exists():
-                assigned_check = agent.agentchecks.filter(
-                    parent_check=self.assigned_check.pk
-                ).first()
-            # check was overriden by agent and we need to use that agents check
-            else:
-                if agent.agentchecks.filter(
-                    check_type=self.assigned_check.check_type, overriden_by_policy=True
-                ).exists():
-                    assigned_check = agent.agentchecks.filter(
-                        check_type=self.assigned_check.check_type,
-                        overriden_by_policy=True,
-                    ).first()
-        elif policy and self.assigned_check:
-            if policy.policychecks.filter(name=self.assigned_check.name).exists():
-                assigned_check = policy.policychecks.filter(
-                    name=self.assigned_check.name
-                ).first()
-            else:
-                assigned_check = policy.policychecks.filter(
-                    check_type=self.assigned_check.check_type
-                ).first()
-
         task = AutomatedTask.objects.create(
             agent=agent,
             policy=policy,
             managed_by_policy=bool(agent),
             parent_task=(self.pk if agent else None),
-            alert_severity=self.alert_severity,
-            email_alert=self.email_alert,
-            text_alert=self.text_alert,
-            dashboard_alert=self.dashboard_alert,
-            script=self.script,
-            script_args=self.script_args,
             assigned_check=assigned_check,
-            name=self.name,
-            run_time_days=self.run_time_days,
-            run_time_minute=self.run_time_minute,
-            run_time_bit_weekdays=self.run_time_bit_weekdays,
-            run_time_date=self.run_time_date,
-            task_type=self.task_type,
-            win_task_name=self.win_task_name,
-            timeout=self.timeout,
-            enabled=self.enabled,
-            remove_if_not_scheduled=self.remove_if_not_scheduled,
-            run_asap_after_missed=self.run_asap_after_missed,
         )
 
-        create_win_task_schedule.delay(task.pk)
+        for field in self.policy_fields_to_copy:
+            if field != "assigned_check":
+                setattr(task, field, getattr(self, field))
 
-    def should_create_alert(self, alert_template):
+        task.save()
+
+        if agent:
+            task.create_task_on_agent()
+
+    def create_task_on_agent(self):
+        from agents.models import Agent
+
+        agent = (
+            Agent.objects.filter(pk=self.agent.pk)
+            .only("pk", "version", "hostname", "agent_id")
+            .first()
+        )
+
+        if self.task_type == "scheduled":
+            nats_data = {
+                "func": "schedtask",
+                "schedtaskpayload": {
+                    "type": "rmm",
+                    "trigger": "weekly",
+                    "weekdays": self.run_time_bit_weekdays,
+                    "pk": self.pk,
+                    "name": self.win_task_name,
+                    "hour": dt.datetime.strptime(self.run_time_minute, "%H:%M").hour,
+                    "min": dt.datetime.strptime(self.run_time_minute, "%H:%M").minute,
+                },
+            }
+
+        elif self.task_type == "runonce":
+            # check if scheduled time is in the past
+            agent_tz = pytz.timezone(agent.timezone)  # type: ignore
+            task_time_utc = self.run_time_date.replace(tzinfo=agent_tz).astimezone(
+                pytz.utc
+            )
+            now = djangotime.now()
+            if task_time_utc < now:
+                self.run_time_date = now.astimezone(agent_tz).replace(
+                    tzinfo=pytz.utc
+                ) + djangotime.timedelta(minutes=5)
+                self.save(update_fields=["run_time_date"])
+
+            nats_data = {
+                "func": "schedtask",
+                "schedtaskpayload": {
+                    "type": "rmm",
+                    "trigger": "once",
+                    "pk": self.pk,
+                    "name": self.win_task_name,
+                    "year": int(dt.datetime.strftime(self.run_time_date, "%Y")),
+                    "month": dt.datetime.strftime(self.run_time_date, "%B"),
+                    "day": int(dt.datetime.strftime(self.run_time_date, "%d")),
+                    "hour": int(dt.datetime.strftime(self.run_time_date, "%H")),
+                    "min": int(dt.datetime.strftime(self.run_time_date, "%M")),
+                },
+            }
+
+            if self.run_asap_after_missed and pyver.parse(agent.version) >= pyver.parse(  # type: ignore
+                "1.4.7"
+            ):
+                nats_data["schedtaskpayload"]["run_asap_after_missed"] = True
+
+            if self.remove_if_not_scheduled:
+                nats_data["schedtaskpayload"]["deleteafter"] = True
+
+        elif self.task_type == "checkfailure" or self.task_type == "manual":
+            nats_data = {
+                "func": "schedtask",
+                "schedtaskpayload": {
+                    "type": "rmm",
+                    "trigger": "manual",
+                    "pk": self.pk,
+                    "name": self.win_task_name,
+                },
+            }
+        else:
+            return "error"
+
+        r = asyncio.run(agent.nats_cmd(nats_data, timeout=5))  # type: ignore
+
+        if r != "ok":
+            self.sync_status = "initial"
+            self.save(update_fields=["sync_status"])
+            DebugLog.warning(
+                agent=agent,
+                log_type="agent_issues",
+                message=f"Unable to create scheduled task {self.name} on {agent.hostname}. It will be created when the agent checks in.",  # type: ignore
+            )
+            return "timeout"
+        else:
+            self.sync_status = "synced"
+            self.save(update_fields=["sync_status"])
+            DebugLog.info(
+                agent=agent,
+                log_type="agent_issues",
+                message=f"{agent.hostname} task {self.name} was successfully created",  # type: ignore
+            )
+
+        return "ok"
+
+    def modify_task_on_agent(self):
+        from agents.models import Agent
+
+        agent = (
+            Agent.objects.filter(pk=self.agent.pk)
+            .only("pk", "version", "hostname", "agent_id")
+            .first()
+        )
+
+        nats_data = {
+            "func": "enableschedtask",
+            "schedtaskpayload": {
+                "name": self.win_task_name,
+                "enabled": self.enabled,
+            },
+        }
+        r = asyncio.run(agent.nats_cmd(nats_data, timeout=5))  # type: ignore
+
+        if r != "ok":
+            self.sync_status = "notsynced"
+            self.save(update_fields=["sync_status"])
+            DebugLog.warning(
+                agent=agent,
+                log_type="agent_issues",
+                message=f"Unable to modify scheduled task {self.name} on {agent.hostname}({agent.pk}). It will try again on next agent checkin",  # type: ignore
+            )
+            return "timeout"
+        else:
+            self.sync_status = "synced"
+            self.save(update_fields=["sync_status"])
+            DebugLog.info(
+                agent=agent,
+                log_type="agent_issues",
+                message=f"{agent.hostname} task {self.name} was successfully modified",  # type: ignore
+            )
+
+        return "ok"
+
+    def delete_task_on_agent(self):
+        from agents.models import Agent
+
+        agent = (
+            Agent.objects.filter(pk=self.agent.pk)
+            .only("pk", "version", "hostname", "agent_id")
+            .first()
+        )
+
+        nats_data = {
+            "func": "delschedtask",
+            "schedtaskpayload": {"name": self.win_task_name},
+        }
+        r = asyncio.run(agent.nats_cmd(nats_data, timeout=10))  # type: ignore
+
+        if r != "ok" and "The system cannot find the file specified" not in r:
+            self.sync_status = "pendingdeletion"
+
+            try:
+                self.save(update_fields=["sync_status"])
+            except DatabaseError:
+                pass
+
+            DebugLog.warning(
+                agent=agent,
+                log_type="agent_issues",
+                message=f"{agent.hostname} task {self.name} will be deleted on next checkin",  # type: ignore
+            )
+            return "timeout"
+        else:
+            self.delete()
+            DebugLog.info(
+                agent=agent,
+                log_type="agent_issues",
+                message=f"{agent.hostname}({agent.pk}) task {self.name} was deleted",  # type: ignore
+            )
+
+        return "ok"
+
+    def run_win_task(self):
+        from agents.models import Agent
+
+        agent = (
+            Agent.objects.filter(pk=self.agent.pk)
+            .only("pk", "version", "hostname", "agent_id")
+            .first()
+        )
+
+        asyncio.run(agent.nats_cmd({"func": "runtask", "taskpk": self.pk}, wait=False))  # type: ignore
+        return "ok"
+
+    def save_collector_results(self):
+
+        agent_field = self.custom_field.get_or_create_field_value(self.agent)
+
+        value = (
+            self.stdout.strip()
+            if self.collector_all_output
+            else self.stdout.strip().split("\n")[-1].strip()
+        )
+        agent_field.save_to_field(value)
+
+    def should_create_alert(self, alert_template=None):
         return (
             self.dashboard_alert
             or self.email_alert
@@ -242,10 +474,9 @@ class AutomatedTask(BaseAuditModel):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.agent.get_alert_template()
-
+        # Format of Email sent when Task has email alert
         if self.agent:
-            subject = f"{self.agent.client.name}, {self.agent.site.name}, {self} Failed"
+            subject = f"{self.agent.client.name}, {self.agent.site.name}, {self.agent.hostname} - {self} Failed"
         else:
             subject = f"{self} Failed"
 
@@ -254,17 +485,15 @@ class AutomatedTask(BaseAuditModel):
             + f" - Return code: {self.retcode}\nStdout:{self.stdout}\nStderr: {self.stderr}"
         )
 
-        CORE.send_mail(subject, body, alert_template)
+        CORE.send_mail(subject, body, self.agent.alert_template)  # type: ignore
 
     def send_sms(self):
-
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.agent.get_alert_template()
-
+        # Format of SMS sent when Task has SMS alert
         if self.agent:
-            subject = f"{self.agent.client.name}, {self.agent.site.name}, {self} Failed"
+            subject = f"{self.agent.client.name}, {self.agent.site.name}, {self.agent.hostname} - {self} Failed"
         else:
             subject = f"{self} Failed"
 
@@ -273,13 +502,11 @@ class AutomatedTask(BaseAuditModel):
             + f" - Return code: {self.retcode}\nStdout:{self.stdout}\nStderr: {self.stderr}"
         )
 
-        CORE.send_sms(body, alert_template=alert_template)
+        CORE.send_sms(body, alert_template=self.agent.alert_template)  # type: ignore
 
     def send_resolved_email(self):
         from core.models import CoreSettings
 
-        alert_template = self.agent.get_alert_template()
-
         CORE = CoreSettings.objects.first()
         subject = f"{self.agent.client.name}, {self.agent.site.name}, {self} Resolved"
         body = (
@@ -287,16 +514,15 @@ class AutomatedTask(BaseAuditModel):
             + f" - Return code: {self.retcode}\nStdout:{self.stdout}\nStderr: {self.stderr}"
         )
 
-        CORE.send_mail(subject, body, alert_template=alert_template)
+        CORE.send_mail(subject, body, alert_template=self.agent.alert_template)  # type: ignore
 
     def send_resolved_sms(self):
         from core.models import CoreSettings
 
-        alert_template = self.agent.get_alert_template()
         CORE = CoreSettings.objects.first()
         subject = f"{self.agent.client.name}, {self.agent.site.name}, {self} Resolved"
         body = (
             subject
             + f" - Return code: {self.retcode}\nStdout:{self.stdout}\nStderr: {self.stderr}"
         )
-        CORE.send_sms(body, alert_template=alert_template)
+        CORE.send_sms(body, alert_template=self.agent.alert_template)  # type: ignore

api/tacticalrmm/autotasks/permissions.py

@@ -0,0 +1,21 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm, _has_perm_on_agent
+
+
+class AutoTaskPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            if "agent_id" in view.kwargs.keys():
+                return _has_perm(r, "can_list_autotasks") and _has_perm_on_agent(
+                    r.user, view.kwargs["agent_id"]
+                )
+            else:
+                return _has_perm(r, "can_list_autotasks")
+        else:
+            return _has_perm(r, "can_manage_autotasks")
+
+
+class RunAutoTaskPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_run_autotasks")

api/tacticalrmm/autotasks/serializers.py

@@ -10,7 +10,7 @@ from .models import AutomatedTask
 
 class TaskSerializer(serializers.ModelSerializer):
 
-    assigned_check = CheckSerializer(read_only=True)
+    check_name = serializers.ReadOnlyField(source="assigned_check.readable_desc")
     schedule = serializers.ReadOnlyField()
     last_run = serializers.ReadOnlyField(source="last_run_as_timezone")
     alert_template = serializers.SerializerMethodField()
@@ -18,7 +18,7 @@ class TaskSerializer(serializers.ModelSerializer):
     def get_alert_template(self, obj):
 
         if obj.agent:
-            alert_template = obj.agent.get_alert_template()
+            alert_template = obj.agent.alert_template
         else:
             alert_template = None
 
@@ -37,19 +37,6 @@ class TaskSerializer(serializers.ModelSerializer):
         fields = "__all__"
 
 
-class AutoTaskSerializer(serializers.ModelSerializer):
-
-    autotasks = TaskSerializer(many=True, read_only=True)
-
-    class Meta:
-        model = Agent
-        fields = (
-            "pk",
-            "hostname",
-            "autotasks",
-        )
-
-
 # below is for the windows agent
 class TaskRunnerScriptField(serializers.ModelSerializer):
     class Meta:
@@ -68,6 +55,12 @@ class TaskRunnerGetSerializer(serializers.ModelSerializer):
 
 class TaskGOGetSerializer(serializers.ModelSerializer):
     script = ScriptCheckSerializer(read_only=True)
+    script_args = serializers.SerializerMethodField()
+
+    def get_script_args(self, obj):
+        return Script.parse_script_args(
+            agent=obj.agent, shell=obj.script.shell, args=obj.script_args
+        )
 
     class Meta:
         model = AutomatedTask
@@ -78,3 +71,9 @@ class TaskRunnerPatchSerializer(serializers.ModelSerializer):
     class Meta:
         model = AutomatedTask
         fields = "__all__"
+
+
+class TaskAuditSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = AutomatedTask
+        fields = "__all__"

api/tacticalrmm/autotasks/tasks.py

@@ -1,210 +1,47 @@
 import asyncio
 import datetime as dt
+from logging import log
 import random
 from time import sleep
 from typing import Union
 
-import pytz
-from django.conf import settings
 from django.utils import timezone as djangotime
-from loguru import logger
-from packaging import version as pyver
 
-from logs.models import PendingAction
+from autotasks.models import AutomatedTask
+from logs.models import DebugLog
 from tacticalrmm.celery import app
 
-from .models import AutomatedTask
-
-logger.configure(**settings.LOG_CONFIG)
-
 
 @app.task
-def create_win_task_schedule(pk, pending_action=False):
+def create_win_task_schedule(pk):
     task = AutomatedTask.objects.get(pk=pk)
 
-    if task.task_type == "scheduled":
-        nats_data = {
-            "func": "schedtask",
-            "schedtaskpayload": {
-                "type": "rmm",
-                "trigger": "weekly",
-                "weekdays": task.run_time_bit_weekdays,
-                "pk": task.pk,
-                "name": task.win_task_name,
-                "hour": dt.datetime.strptime(task.run_time_minute, "%H:%M").hour,
-                "min": dt.datetime.strptime(task.run_time_minute, "%H:%M").minute,
-            },
-        }
-
-    elif task.task_type == "runonce":
-        # check if scheduled time is in the past
-        agent_tz = pytz.timezone(task.agent.timezone)
-        task_time_utc = task.run_time_date.replace(tzinfo=agent_tz).astimezone(pytz.utc)
-        now = djangotime.now()
-        if task_time_utc < now:
-            task.run_time_date = now.astimezone(agent_tz).replace(
-                tzinfo=pytz.utc
-            ) + djangotime.timedelta(minutes=5)
-            task.save(update_fields=["run_time_date"])
-
-        nats_data = {
-            "func": "schedtask",
-            "schedtaskpayload": {
-                "type": "rmm",
-                "trigger": "once",
-                "pk": task.pk,
-                "name": task.win_task_name,
-                "year": int(dt.datetime.strftime(task.run_time_date, "%Y")),
-                "month": dt.datetime.strftime(task.run_time_date, "%B"),
-                "day": int(dt.datetime.strftime(task.run_time_date, "%d")),
-                "hour": int(dt.datetime.strftime(task.run_time_date, "%H")),
-                "min": int(dt.datetime.strftime(task.run_time_date, "%M")),
-            },
-        }
-
-        if task.run_asap_after_missed and pyver.parse(
-            task.agent.version
-        ) >= pyver.parse("1.4.7"):
-            nats_data["schedtaskpayload"]["run_asap_after_missed"] = True
-
-        if task.remove_if_not_scheduled:
-            nats_data["schedtaskpayload"]["deleteafter"] = True
-
-    elif task.task_type == "checkfailure" or task.task_type == "manual":
-        nats_data = {
-            "func": "schedtask",
-            "schedtaskpayload": {
-                "type": "rmm",
-                "trigger": "manual",
-                "pk": task.pk,
-                "name": task.win_task_name,
-            },
-        }
-    else:
-        return "error"
-
-    r = asyncio.run(task.agent.nats_cmd(nats_data, timeout=10))
-
-    if r != "ok":
-        # don't create pending action if this task was initiated by a pending action
-        if not pending_action:
-
-            # complete any other pending actions on agent with same task_id
-            task.agent.remove_matching_pending_task_actions(task.id)
-
-            PendingAction(
-                agent=task.agent,
-                action_type="taskaction",
-                details={"action": "taskcreate", "task_id": task.id},
-            ).save()
-            task.sync_status = "notsynced"
-            task.save(update_fields=["sync_status"])
-
-        logger.error(
-            f"Unable to create scheduled task {task.win_task_name} on {task.agent.hostname}. It will be created when the agent checks in."
-        )
-        return
-
-    # clear pending action since it was successful
-    if pending_action:
-        pendingaction = PendingAction.objects.get(pk=pending_action)
-        pendingaction.status = "completed"
-        pendingaction.save(update_fields=["status"])
-
-    task.sync_status = "synced"
-    task.save(update_fields=["sync_status"])
-
-    logger.info(f"{task.agent.hostname} task {task.name} was successfully created")
+    task.create_task_on_agent()
 
     return "ok"
 
 
 @app.task
-def enable_or_disable_win_task(pk, action, pending_action=False):
+def enable_or_disable_win_task(pk):
     task = AutomatedTask.objects.get(pk=pk)
 
-    nats_data = {
-        "func": "enableschedtask",
-        "schedtaskpayload": {
-            "name": task.win_task_name,
-            "enabled": action,
-        },
-    }
-    r = asyncio.run(task.agent.nats_cmd(nats_data))
-
-    if r != "ok":
-        # don't create pending action if this task was initiated by a pending action
-        if not pending_action:
-            PendingAction(
-                agent=task.agent,
-                action_type="taskaction",
-                details={
-                    "action": "tasktoggle",
-                    "value": action,
-                    "task_id": task.id,
-                },
-            ).save()
-            task.sync_status = "notsynced"
-            task.save(update_fields=["sync_status"])
-
-        return
-
-    # clear pending action since it was successful
-    if pending_action:
-        pendingaction = PendingAction.objects.get(pk=pending_action)
-        pendingaction.status = "completed"
-        pendingaction.save(update_fields=["status"])
-
-    task.sync_status = "synced"
-    task.save(update_fields=["sync_status"])
+    task.modify_task_on_agent()
 
     return "ok"
 
 
 @app.task
-def delete_win_task_schedule(pk, pending_action=False):
+def delete_win_task_schedule(pk):
     task = AutomatedTask.objects.get(pk=pk)
 
-    nats_data = {
-        "func": "delschedtask",
-        "schedtaskpayload": {"name": task.win_task_name},
-    }
-    r = asyncio.run(task.agent.nats_cmd(nats_data, timeout=10))
-
-    if r != "ok" and "The system cannot find the file specified" not in r:
-        # don't create pending action if this task was initiated by a pending action
-        if not pending_action:
-
-            # complete any other pending actions on agent with same task_id
-            task.agent.remove_matching_pending_task_actions(task.id)
-
-            PendingAction(
-                agent=task.agent,
-                action_type="taskaction",
-                details={"action": "taskdelete", "task_id": task.id},
-            ).save()
-            task.sync_status = "pendingdeletion"
-            task.save(update_fields=["sync_status"])
-
-        return "timeout"
-
-    # complete pending action since it was successful
-    if pending_action:
-        pendingaction = PendingAction.objects.get(pk=pending_action)
-        pendingaction.status = "completed"
-        pendingaction.save(update_fields=["status"])
-
-    # complete any other pending actions on agent with same task_id
-    task.agent.remove_matching_pending_task_actions(task.id)
-
-    task.delete()
+    task.delete_task_on_agent()
     return "ok"
 
 
 @app.task
 def run_win_task(pk):
     task = AutomatedTask.objects.get(pk=pk)
-    asyncio.run(task.agent.nats_cmd({"func": "runtask", "taskpk": task.pk}, wait=False))
+    task.run_win_task()
     return "ok"
 
 
@@ -214,12 +51,20 @@ def remove_orphaned_win_tasks(agentpk):
 
     agent = Agent.objects.get(pk=agentpk)
 
-    logger.info(f"Orphaned task cleanup initiated on {agent.hostname}.")
+    DebugLog.info(
+        agent=agent,
+        log_type="agent_issues",
+        message=f"Orphaned task cleanup initiated on {agent.hostname}.",
+    )
 
     r = asyncio.run(agent.nats_cmd({"func": "listschedtasks"}, timeout=10))
 
     if not isinstance(r, list) and not r:  # empty list
-        logger.error(f"Unable to clean up scheduled tasks on {agent.hostname}: {r}")
+        DebugLog.error(
+            agent=agent,
+            log_type="agent_issues",
+            message=f"Unable to clean up scheduled tasks on {agent.hostname}: {r}",
+        )
         return "notlist"
 
     agent_task_names = list(agent.autotasks.values_list("win_task_name", flat=True))
@@ -244,13 +89,23 @@ def remove_orphaned_win_tasks(agentpk):
             }
             ret = asyncio.run(agent.nats_cmd(nats_data, timeout=10))
             if ret != "ok":
-                logger.error(
-                    f"Unable to clean up orphaned task {task} on {agent.hostname}: {ret}"
+                DebugLog.error(
+                    agent=agent,
+                    log_type="agent_issues",
+                    message=f"Unable to clean up orphaned task {task} on {agent.hostname}: {ret}",
                 )
             else:
-                logger.info(f"Removed orphaned task {task} from {agent.hostname}")
+                DebugLog.info(
+                    agent=agent,
+                    log_type="agent_issues",
+                    message=f"Removed orphaned task {task} from {agent.hostname}",
+                )
 
-    logger.info(f"Orphaned task cleanup finished on {agent.hostname}")
+    DebugLog.info(
+        agent=agent,
+        log_type="agent_issues",
+        message=f"Orphaned task cleanup finished on {agent.hostname}",
+    )
 
 
 @app.task

api/tacticalrmm/autotasks/tests.py

@@ -4,77 +4,79 @@ from unittest.mock import call, patch
 from django.utils import timezone as djangotime
 from model_bakery import baker
 
-from logs.models import PendingAction
 from tacticalrmm.test import TacticalTestCase
 
 from .models import AutomatedTask
-from .serializers import AutoTaskSerializer
+from .serializers import TaskSerializer
 from .tasks import create_win_task_schedule, remove_orphaned_win_tasks, run_win_task
 
+base_url = "/tasks"
+
 
 class TestAutotaskViews(TacticalTestCase):
     def setUp(self):
         self.authenticate()
         self.setup_coresettings()
 
-    @patch("automation.tasks.generate_agent_tasks_from_policies_task.delay")
+    def test_get_autotasks(self):
+        # setup data
+        agent = baker.make_recipe("agents.agent")
+        baker.make("autotasks.AutomatedTask", agent=agent, _quantity=3)
+        policy = baker.make("automation.Policy")
+        baker.make("autotasks.AutomatedTask", policy=policy, _quantity=4)
+        baker.make("autotasks.AutomatedTask", _quantity=7)
+
+        # test returning all tasks
+        url = f"{base_url}/"
+        resp = self.client.get(url, format="json")
+        self.assertEqual(resp.status_code, 200)
+        self.assertEqual(len(resp.data), 14)
+
+        # test returning tasks for a specific agent
+        url = f"/agents/{agent.agent_id}/tasks/"
+        resp = self.client.get(url, format="json")
+        self.assertEqual(resp.status_code, 200)
+        self.assertEqual(len(resp.data), 3)
+
+        # test returning tasks for a specific policy
+        url = f"/automation/policies/{policy.id}/tasks/"
+        resp = self.client.get(url, format="json")
+        self.assertEqual(resp.status_code, 200)
+        self.assertEqual(len(resp.data), 4)
+
+    @patch("automation.tasks.generate_agent_autotasks_task.delay")
     @patch("autotasks.tasks.create_win_task_schedule.delay")
     def test_add_autotask(
-        self, create_win_task_schedule, generate_agent_tasks_from_policies_task
+        self, create_win_task_schedule, generate_agent_autotasks_task
     ):
-        url = "/tasks/automatedtasks/"
+        url = f"{base_url}/"
 
         # setup data
         script = baker.make_recipe("scripts.script")
         agent = baker.make_recipe("agents.agent")
         policy = baker.make("automation.Policy")
         check = baker.make_recipe("checks.diskspace_check", agent=agent)
-        old_agent = baker.make_recipe("agents.agent", version="1.1.0")
-
-        # test script set to invalid pk
-        data = {"autotask": {"script": 500}}
-
-        resp = self.client.post(url, data, format="json")
-        self.assertEqual(resp.status_code, 404)
-
-        # test invalid policy
-        data = {"autotask": {"script": script.id}, "policy": 500}
-
-        resp = self.client.post(url, data, format="json")
-        self.assertEqual(resp.status_code, 404)
 
         # test invalid agent
         data = {
-            "autotask": {"script": script.id},
-            "agent": 500,
+            "agent": "13kfs89as9d89asd8f98df8df8dfhdf",
         }
 
         resp = self.client.post(url, data, format="json")
         self.assertEqual(resp.status_code, 404)
 
-        # test old agent version
-        data = {
-            "autotask": {"script": script.id},
-            "agent": old_agent.id,
-        }
-
-        resp = self.client.post(url, data, format="json")
-        self.assertEqual(resp.status_code, 400)
-
         # test add task to agent
         data = {
-            "autotask": {
-                "name": "Test Task Scheduled with Assigned Check",
-                "run_time_days": ["Sunday", "Monday", "Friday"],
-                "run_time_minute": "10:00",
-                "timeout": 120,
-                "enabled": True,
-                "script": script.id,
-                "script_args": None,
-                "task_type": "scheduled",
-                "assigned_check": check.id,
-            },
-            "agent": agent.id,
+            "agent": agent.agent_id,
+            "name": "Test Task Scheduled with Assigned Check",
+            "run_time_days": ["Sunday", "Monday", "Friday"],
+            "run_time_minute": "10:00",
+            "timeout": 120,
+            "enabled": True,
+            "script": script.id,
+            "script_args": None,
+            "task_type": "scheduled",
+            "assigned_check": check.id,
         }
 
         resp = self.client.post(url, data, format="json")
@@ -84,23 +86,21 @@ class TestAutotaskViews(TacticalTestCase):
 
         # test add task to policy
         data = {
-            "autotask": {
-                "name": "Test Task Manual",
-                "run_time_days": [],
-                "timeout": 120,
-                "enabled": True,
-                "script": script.id,
-                "script_args": None,
-                "task_type": "manual",
-                "assigned_check": None,
-            },
-            "policy": policy.id,
+            "policy": policy.id,  # type: ignore
+            "name": "Test Task Manual",
+            "run_time_days": [],
+            "timeout": 120,
+            "enabled": True,
+            "script": script.id,
+            "script_args": None,
+            "task_type": "manual",
+            "assigned_check": None,
         }
 
         resp = self.client.post(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
 
-        generate_agent_tasks_from_policies_task.assert_called_with(policy.id)
+        generate_agent_autotasks_task.assert_called_with(policy=policy.id)  # type: ignore
 
         self.check_not_authenticated("post", url)
 
@@ -108,59 +108,74 @@ class TestAutotaskViews(TacticalTestCase):
 
         # setup data
         agent = baker.make_recipe("agents.agent")
-        baker.make("autotasks.AutomatedTask", agent=agent, _quantity=3)
+        task = baker.make("autotasks.AutomatedTask", agent=agent)
 
-        url = f"/tasks/{agent.id}/automatedtasks/"
+        url = f"{base_url}/{task.id}/"
 
         resp = self.client.get(url, format="json")
-        serializer = AutoTaskSerializer(agent)
+        serializer = TaskSerializer(task)
 
         self.assertEqual(resp.status_code, 200)
-        self.assertEqual(resp.data, serializer.data)
+        self.assertEqual(resp.data, serializer.data)  # type: ignore
 
         self.check_not_authenticated("get", url)
 
     @patch("autotasks.tasks.enable_or_disable_win_task.delay")
-    @patch("automation.tasks.update_policy_task_fields_task.delay")
+    @patch("automation.tasks.update_policy_autotasks_fields_task.delay")
     def test_update_autotask(
-        self, update_policy_task_fields_task, enable_or_disable_win_task
+        self, update_policy_autotasks_fields_task, enable_or_disable_win_task
     ):
         # setup data
         agent = baker.make_recipe("agents.agent")
         agent_task = baker.make("autotasks.AutomatedTask", agent=agent)
         policy = baker.make("automation.Policy")
-        policy_task = baker.make("autotasks.AutomatedTask", policy=policy)
+        policy_task = baker.make("autotasks.AutomatedTask", enabled=True, policy=policy)
 
         # test invalid url
-        resp = self.client.patch("/tasks/500/automatedtasks/", format="json")
+        resp = self.client.put(f"{base_url}/500/", format="json")
         self.assertEqual(resp.status_code, 404)
 
-        url = f"/tasks/{agent_task.id}/automatedtasks/"
+        url = f"{base_url}/{agent_task.id}/"  # type: ignore
 
-        # test editing agent task
-        data = {"enableordisable": False}
+        # test editing task with no task called
+        data = {"name": "New Name"}
 
-        resp = self.client.patch(url, data, format="json")
+        resp = self.client.put(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
-        enable_or_disable_win_task.assert_called_with(pk=agent_task.id, action=False)
+        enable_or_disable_win_task.not_called()  # type: ignore
 
-        url = f"/tasks/{policy_task.id}/automatedtasks/"
+        # test editing task
+        data = {"enabled": False}
+
+        resp = self.client.put(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        enable_or_disable_win_task.assert_called_with(pk=agent_task.id)  # type: ignore
+
+        url = f"{base_url}/{policy_task.id}/"  # type: ignore
 
         # test editing policy task
-        data = {"enableordisable": True}
+        data = {"enabled": False}
 
-        resp = self.client.patch(url, data, format="json")
+        resp = self.client.put(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
-        update_policy_task_fields_task.assert_called_with(
-            policy_task.id, update_agent=True
+        update_policy_autotasks_fields_task.assert_called_with(
+            task=policy_task.id, update_agent=True  # type: ignore
         )
+        update_policy_autotasks_fields_task.reset_mock()
 
-        self.check_not_authenticated("patch", url)
+        # test editing policy task with no agent update
+        data = {"name": "New Name"}
+
+        resp = self.client.put(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        update_policy_autotasks_fields_task.assert_called_with(task=policy_task.id)
+
+        self.check_not_authenticated("put", url)
 
     @patch("autotasks.tasks.delete_win_task_schedule.delay")
-    @patch("automation.tasks.delete_policy_autotask_task.delay")
+    @patch("automation.tasks.delete_policy_autotasks_task.delay")
     def test_delete_autotask(
-        self, delete_policy_autotask_task, delete_win_task_schedule
+        self, delete_policy_autotasks_task, delete_win_task_schedule
     ):
         # setup data
         agent = baker.make_recipe("agents.agent")
@@ -169,48 +184,41 @@ class TestAutotaskViews(TacticalTestCase):
         policy_task = baker.make("autotasks.AutomatedTask", policy=policy)
 
         # test invalid url
-        resp = self.client.delete("/tasks/500/automatedtasks/", format="json")
+        resp = self.client.delete(f"{base_url}/500/", format="json")
         self.assertEqual(resp.status_code, 404)
 
         # test delete agent task
-        url = f"/tasks/{agent_task.id}/automatedtasks/"
+        url = f"{base_url}/{agent_task.id}/"  # type: ignore
         resp = self.client.delete(url, format="json")
         self.assertEqual(resp.status_code, 200)
-        delete_win_task_schedule.assert_called_with(pk=agent_task.id)
+        delete_win_task_schedule.assert_called_with(pk=agent_task.id)  # type: ignore
 
         # test delete policy task
-        url = f"/tasks/{policy_task.id}/automatedtasks/"
+        url = f"{base_url}/{policy_task.id}/"  # type: ignore
         resp = self.client.delete(url, format="json")
         self.assertEqual(resp.status_code, 200)
-        delete_policy_autotask_task.assert_called_with(policy_task.id)
+        self.assertFalse(AutomatedTask.objects.filter(pk=policy_task.id))  # type: ignore
+        delete_policy_autotasks_task.assert_called_with(task=policy_task.id)  # type: ignore
 
         self.check_not_authenticated("delete", url)
 
-    @patch("agents.models.Agent.nats_cmd")
-    def test_run_autotask(self, nats_cmd):
+    @patch("autotasks.tasks.run_win_task.delay")
+    def test_run_autotask(self, run_win_task):
         # setup data
         agent = baker.make_recipe("agents.agent", version="1.1.0")
         task = baker.make("autotasks.AutomatedTask", agent=agent)
 
         # test invalid url
-        resp = self.client.get("/tasks/runwintask/500/", format="json")
+        resp = self.client.post(f"{base_url}/500/run/", format="json")
         self.assertEqual(resp.status_code, 404)
 
         # test run agent task
-        url = f"/tasks/runwintask/{task.id}/"
-        resp = self.client.get(url, format="json")
+        url = f"{base_url}/{task.id}/run/"  # type: ignore
+        resp = self.client.post(url, format="json")
         self.assertEqual(resp.status_code, 200)
-        nats_cmd.assert_called_with({"func": "runtask", "taskpk": task.id}, wait=False)
-        nats_cmd.reset_mock()
+        run_win_task.assert_called()
 
-        old_agent = baker.make_recipe("agents.agent", version="1.0.2")
-        task2 = baker.make("autotasks.AutomatedTask", agent=old_agent)
-        url = f"/tasks/runwintask/{task2.id}/"
-        resp = self.client.get(url, format="json")
-        self.assertEqual(resp.status_code, 400)
-        nats_cmd.assert_not_called()
-
-        self.check_not_authenticated("get", url)
+        self.check_not_authenticated("post", url)
 
 
 class TestAutoTaskCeleryTasks(TacticalTestCase):
@@ -301,9 +309,9 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
             run_time_bit_weekdays=127,
             run_time_minute="21:55",
         )
-        self.assertEqual(self.task1.sync_status, "notsynced")
+        self.assertEqual(self.task1.sync_status, "initial")
         nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(pk=self.task1.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task1.pk).apply()
         self.assertEqual(nats_cmd.call_count, 1)
         nats_cmd.assert_called_with(
             {
@@ -318,29 +326,16 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
                     "min": 55,
                 },
             },
-            timeout=10,
+            timeout=5,
         )
         self.task1 = AutomatedTask.objects.get(pk=self.task1.pk)
         self.assertEqual(self.task1.sync_status, "synced")
 
         nats_cmd.return_value = "timeout"
-        ret = create_win_task_schedule.s(pk=self.task1.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task1.pk).apply()
         self.assertEqual(ret.status, "SUCCESS")
         self.task1 = AutomatedTask.objects.get(pk=self.task1.pk)
-        self.assertEqual(self.task1.sync_status, "notsynced")
-
-        # test pending action
-        self.pending_action = PendingAction.objects.create(
-            agent=self.agent, action_type="taskaction"
-        )
-        self.assertEqual(self.pending_action.status, "pending")
-        nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(
-            pk=self.task1.pk, pending_action=self.pending_action.pk
-        ).apply()
-        self.assertEqual(ret.status, "SUCCESS")
-        self.pending_action = PendingAction.objects.get(pk=self.pending_action.pk)
-        self.assertEqual(self.pending_action.status, "completed")
+        self.assertEqual(self.task1.sync_status, "initial")
 
         # test runonce with future date
         nats_cmd.reset_mock()
@@ -354,7 +349,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
             run_time_date=run_time_date,
         )
         nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(pk=self.task2.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task2.pk).apply()
         nats_cmd.assert_called_with(
             {
                 "func": "schedtask",
@@ -370,7 +365,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
                     "min": int(dt.datetime.strftime(self.task2.run_time_date, "%M")),
                 },
             },
-            timeout=10,
+            timeout=5,
         )
         self.assertEqual(ret.status, "SUCCESS")
 
@@ -386,7 +381,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
             run_time_date=run_time_date,
         )
         nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(pk=self.task3.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task3.pk).apply()
         self.task3 = AutomatedTask.objects.get(pk=self.task3.pk)
         self.assertEqual(ret.status, "SUCCESS")
 
@@ -402,7 +397,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
             assigned_check=self.check,
         )
         nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(pk=self.task4.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task4.pk).apply()
         nats_cmd.assert_called_with(
             {
                 "func": "schedtask",
@@ -413,7 +408,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
                     "name": task_name,
                 },
             },
-            timeout=10,
+            timeout=5,
         )
         self.assertEqual(ret.status, "SUCCESS")
 
@@ -427,7 +422,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
             task_type="manual",
         )
         nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(pk=self.task5.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task5.pk).apply()
         nats_cmd.assert_called_with(
             {
                 "func": "schedtask",
@@ -438,6 +433,224 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
                     "name": task_name,
                 },
             },
-            timeout=10,
+            timeout=5,
         )
         self.assertEqual(ret.status, "SUCCESS")
+
+
+class TestTaskPermissions(TacticalTestCase):
+    def setUp(self):
+        self.setup_coresettings()
+        self.client_setup()
+
+    def test_get_tasks_permissions(self):
+        agent = baker.make_recipe("agents.agent")
+        policy = baker.make("automation.Policy")
+        unauthorized_agent = baker.make_recipe("agents.agent")
+        task = baker.make("autotasks.AutomatedTask", agent=agent, _quantity=5)
+        unauthorized_task = baker.make(
+            "autotasks.AutomatedTask", agent=unauthorized_agent, _quantity=7
+        )
+
+        policy_tasks = baker.make("autotasks.AutomatedTask", policy=policy, _quantity=2)
+
+        # test super user access
+        self.check_authorized_superuser("get", f"{base_url}/")
+        self.check_authorized_superuser("get", f"/agents/{agent.agent_id}/tasks/")
+        self.check_authorized_superuser(
+            "get", f"/agents/{unauthorized_agent.agent_id}/tasks/"
+        )
+        self.check_authorized_superuser(
+            "get", f"/automation/policies/{policy.id}/tasks/"
+        )
+
+        user = self.create_user_with_roles([])
+        self.client.force_authenticate(user=user)
+
+        self.check_not_authorized("get", f"{base_url}/")
+        self.check_not_authorized("get", f"/agents/{agent.agent_id}/tasks/")
+        self.check_not_authorized(
+            "get", f"/agents/{unauthorized_agent.agent_id}/tasks/"
+        )
+        self.check_not_authorized("get", f"/automation/policies/{policy.id}/tasks/")
+
+        # add list software role to user
+        user.role.can_list_autotasks = True
+        user.role.save()
+
+        r = self.check_authorized("get", f"{base_url}/")
+        self.assertEqual(len(r.data), 14)
+        r = self.check_authorized("get", f"/agents/{agent.agent_id}/tasks/")
+        self.assertEqual(len(r.data), 5)
+        r = self.check_authorized(
+            "get", f"/agents/{unauthorized_agent.agent_id}/tasks/"
+        )
+        self.assertEqual(len(r.data), 7)
+        r = self.check_authorized("get", f"/automation/policies/{policy.id}/tasks/")
+        self.assertEqual(len(r.data), 2)
+
+        # test limiting to client
+        user.role.can_view_clients.set([agent.client])
+        self.check_not_authorized(
+            "get", f"/agents/{unauthorized_agent.agent_id}/tasks/"
+        )
+        self.check_authorized("get", f"/agents/{agent.agent_id}/tasks/")
+        self.check_authorized("get", f"/automation/policies/{policy.id}/tasks/")
+
+        # make sure queryset is limited too
+        r = self.client.get(f"{base_url}/")
+        self.assertEqual(len(r.data), 7)
+
+    def test_add_task_permissions(self):
+        agent = baker.make_recipe("agents.agent")
+        unauthorized_agent = baker.make_recipe("agents.agent")
+        policy = baker.make("automation.Policy")
+        script = baker.make("scripts.Script")
+
+        policy_data = {
+            "policy": policy.id,  # type: ignore
+            "name": "Test Task Manual",
+            "run_time_days": [],
+            "timeout": 120,
+            "enabled": True,
+            "script": script.id,
+            "script_args": [],
+            "task_type": "manual",
+            "assigned_check": None,
+        }
+
+        agent_data = {
+            "agent": agent.agent_id,
+            "name": "Test Task Manual",
+            "run_time_days": [],
+            "timeout": 120,
+            "enabled": True,
+            "script": script.id,
+            "script_args": [],
+            "task_type": "manual",
+            "assigned_check": None,
+        }
+
+        unauthorized_agent_data = {
+            "agent": unauthorized_agent.agent_id,
+            "name": "Test Task Manual",
+            "run_time_days": [],
+            "timeout": 120,
+            "enabled": True,
+            "script": script.id,
+            "script_args": [],
+            "task_type": "manual",
+            "assigned_check": None,
+        }
+
+        url = f"{base_url}/"
+
+        for data in [policy_data, agent_data]:
+            # test superuser access
+            self.check_authorized_superuser("post", url, data)
+
+            user = self.create_user_with_roles([])
+            self.client.force_authenticate(user=user)
+
+            # test user without role
+            self.check_not_authorized("post", url, data)
+
+            # add user to role and test
+            setattr(user.role, "can_manage_autotasks", True)
+            user.role.save()
+
+            self.check_authorized("post", url, data)
+
+            # limit user to client
+            user.role.can_view_clients.set([agent.client])
+            if "agent" in data.keys():
+                self.check_authorized("post", url, data)
+                self.check_not_authorized("post", url, unauthorized_agent_data)
+            else:
+                self.check_authorized("post", url, data)
+
+    # mock the task delete method so it actually isn't deleted
+    @patch("autotasks.models.AutomatedTask.delete")
+    def test_task_get_edit_delete_permissions(self, delete_task):
+        agent = baker.make_recipe("agents.agent")
+        unauthorized_agent = baker.make_recipe("agents.agent")
+        policy = baker.make("automation.Policy")
+        task = baker.make("autotasks.AutomatedTask", agent=agent)
+        unauthorized_task = baker.make(
+            "autotasks.AutomatedTask", agent=unauthorized_agent
+        )
+        policy_task = baker.make("autotasks.AutomatedTask", policy=policy)
+
+        for method in ["get", "put", "delete"]:
+
+            url = f"{base_url}/{task.id}/"
+            unauthorized_url = f"{base_url}/{unauthorized_task.id}/"
+            policy_url = f"{base_url}/{policy_task.id}/"
+
+            # test superuser access
+            self.check_authorized_superuser(method, url)
+            self.check_authorized_superuser(method, unauthorized_url)
+            self.check_authorized_superuser(method, policy_url)
+
+            user = self.create_user_with_roles([])
+            self.client.force_authenticate(user=user)
+
+            # test user without role
+            self.check_not_authorized(method, url)
+            self.check_not_authorized(method, unauthorized_url)
+            self.check_not_authorized(method, policy_url)
+
+            # add user to role and test
+            setattr(
+                user.role,
+                "can_list_autotasks" if method == "get" else "can_manage_autotasks",
+                True,
+            )
+            user.role.save()
+
+            self.check_authorized(method, url)
+            self.check_authorized(method, unauthorized_url)
+            self.check_authorized(method, policy_url)
+
+            # limit user to client if agent task
+            user.role.can_view_clients.set([agent.client])
+
+            self.check_authorized(method, url)
+            self.check_not_authorized(method, unauthorized_url)
+            self.check_authorized(method, policy_url)
+
+    def test_task_action_permissions(self):
+
+        agent = baker.make_recipe("agents.agent")
+        unauthorized_agent = baker.make_recipe("agents.agent")
+        task = baker.make("autotasks.AutomatedTask", agent=agent)
+        unauthorized_task = baker.make(
+            "autotasks.AutomatedTask", agent=unauthorized_agent
+        )
+
+        url = f"{base_url}/{task.id}/run/"
+        unauthorized_url = f"{base_url}/{unauthorized_task.id}/run/"
+
+        # test superuser access
+        self.check_authorized_superuser("post", url)
+        self.check_authorized_superuser("post", unauthorized_url)
+
+        user = self.create_user_with_roles([])
+        self.client.force_authenticate(user=user)
+
+        # test user without role
+        self.check_not_authorized("post", url)
+        self.check_not_authorized("post", unauthorized_url)
+
+        # add user to role and test
+        user.role.can_run_autotasks = True
+        user.role.save()
+
+        self.check_authorized("post", url)
+        self.check_authorized("post", unauthorized_url)
+
+        # limit user to client if agent task
+        user.role.can_view_sites.set([agent.site])
+
+        self.check_authorized("post", url)
+        self.check_not_authorized("post", unauthorized_url)

api/tacticalrmm/autotasks/urls.py

@@ -3,7 +3,7 @@ from django.urls import path
 from . import views
 
 urlpatterns = [
-    path("<int:pk>/automatedtasks/", views.AutoTask.as_view()),
-    path("automatedtasks/", views.AddAutoTask.as_view()),
-    path("runwintask/<int:pk>/", views.run_task),
+    path("", views.GetAddAutoTasks.as_view()),
+    path("<int:pk>/", views.GetEditDeleteAutoTask.as_view()),
+    path("<int:pk>/run/", views.RunAutoTask.as_view()),
 ]

api/tacticalrmm/autotasks/views.py

@@ -1,135 +1,126 @@
-import asyncio
-
 from django.shortcuts import get_object_or_404
-from rest_framework.decorators import api_view
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
+from rest_framework.exceptions import PermissionDenied
 
 from agents.models import Agent
-from checks.models import Check
-from scripts.models import Script
-from tacticalrmm.utils import get_bit_days, get_default_timezone, notify_error
+from automation.models import Policy
+from tacticalrmm.utils import get_bit_days
+from tacticalrmm.permissions import _has_perm_on_agent
 
 from .models import AutomatedTask
-from .serializers import AutoTaskSerializer, TaskSerializer
-from .tasks import (
-    create_win_task_schedule,
-    delete_win_task_schedule,
-    enable_or_disable_win_task,
-)
+from .permissions import AutoTaskPerms, RunAutoTaskPerms
+from .serializers import TaskSerializer
 
 
-class AddAutoTask(APIView):
-    def post(self, request):
-        from automation.models import Policy
-        from automation.tasks import generate_agent_tasks_from_policies_task
+class GetAddAutoTasks(APIView):
+    permission_classes = [IsAuthenticated, AutoTaskPerms]
 
-        data = request.data
-        script = get_object_or_404(Script, pk=data["autotask"]["script"])
+    def get(self, request, agent_id=None, policy=None):
 
-        # Determine if adding check to Policy or Agent
-        if "policy" in data:
-            policy = get_object_or_404(Policy, id=data["policy"])
-            # Object used for filter and save
-            parent = {"policy": policy}
+        if agent_id:
+            agent = get_object_or_404(Agent, agent_id=agent_id)
+            tasks = AutomatedTask.objects.filter(agent=agent)
+        elif policy:
+            policy = get_object_or_404(Policy, id=policy)
+            tasks = AutomatedTask.objects.filter(policy=policy)
         else:
-            agent = get_object_or_404(Agent, pk=data["agent"])
-            if not agent.has_gotasks:
-                return notify_error("Requires agent version 1.1.1 or greater")
+            tasks = AutomatedTask.objects.filter_by_role(request.user)
+        return Response(TaskSerializer(tasks, many=True).data)
 
-            parent = {"agent": agent}
+    def post(self, request):
+        from automation.tasks import generate_agent_autotasks_task
+        from autotasks.tasks import create_win_task_schedule
 
-        check = None
-        if data["autotask"]["assigned_check"]:
-            check = get_object_or_404(Check, pk=data["autotask"]["assigned_check"])
+        data = request.data.copy()
+
+        # Determine if adding to an agent and replace agent_id with pk
+        if "agent" in data.keys():
+            agent = get_object_or_404(Agent, agent_id=data["agent"])
+
+            if not _has_perm_on_agent(request.user, agent.agent_id):
+                raise PermissionDenied()
+
+            data["agent"] = agent.pk
 
         bit_weekdays = None
-        if data["autotask"]["run_time_days"]:
-            bit_weekdays = get_bit_days(data["autotask"]["run_time_days"])
+        if "run_time_days" in data.keys():
+            if data["run_time_days"]:
+                bit_weekdays = get_bit_days(data["run_time_days"])
+            data.pop("run_time_days")
 
-        del data["autotask"]["run_time_days"]
-        serializer = TaskSerializer(data=data["autotask"], partial=True, context=parent)
+        serializer = TaskSerializer(data=data)
         serializer.is_valid(raise_exception=True)
-        obj = serializer.save(
-            **parent,
-            script=script,
+        task = serializer.save(
             win_task_name=AutomatedTask.generate_task_name(),
-            assigned_check=check,
             run_time_bit_weekdays=bit_weekdays,
         )
 
-        if not "policy" in data:
-            create_win_task_schedule.delay(pk=obj.pk)
+        if task.agent:
+            create_win_task_schedule.delay(pk=task.pk)
 
-        if "policy" in data:
-            generate_agent_tasks_from_policies_task.delay(data["policy"])
+        elif task.policy:
+            generate_agent_autotasks_task.delay(policy=task.policy.pk)
 
-        return Response("Task will be created shortly!")
+        return Response(
+            "The task has been created. It will show up on the agent on next checkin"
+        )
 
 
-class AutoTask(APIView):
+class GetEditDeleteAutoTask(APIView):
+    permission_classes = [IsAuthenticated, AutoTaskPerms]
+
     def get(self, request, pk):
 
-        agent = get_object_or_404(Agent, pk=pk)
-        ctx = {
-            "default_tz": get_default_timezone(),
-            "agent_tz": agent.time_zone,
-        }
-        return Response(AutoTaskSerializer(agent, context=ctx).data)
+        task = get_object_or_404(AutomatedTask, pk=pk)
+
+        if task.agent and not _has_perm_on_agent(request.user, task.agent.agent_id):
+            raise PermissionDenied()
+
+        return Response(TaskSerializer(task).data)
 
     def put(self, request, pk):
-        from automation.tasks import update_policy_task_fields_task
 
         task = get_object_or_404(AutomatedTask, pk=pk)
 
+        if task.agent and not _has_perm_on_agent(request.user, task.agent.agent_id):
+            raise PermissionDenied()
+
         serializer = TaskSerializer(instance=task, data=request.data, partial=True)
         serializer.is_valid(raise_exception=True)
         serializer.save()
 
-        if task.policy:
-            update_policy_task_fields_task.delay(task.pk)
-
-        return Response("ok")
-
-    def patch(self, request, pk):
-        from automation.tasks import update_policy_task_fields_task
-
-        task = get_object_or_404(AutomatedTask, pk=pk)
-
-        if "enableordisable" in request.data:
-            action = request.data["enableordisable"]
-
-            if not task.policy:
-                enable_or_disable_win_task.delay(pk=task.pk, action=action)
-
-            else:
-                update_policy_task_fields_task.delay(task.pk, update_agent=True)
-
-            task.enabled = action
-            task.save(update_fields=["enabled"])
-            action = "enabled" if action else "disabled"
-            return Response(f"Task will be {action} shortly")
+        return Response("The task was updated")
 
     def delete(self, request, pk):
-        from automation.tasks import delete_policy_autotask_task
+        from automation.tasks import delete_policy_autotasks_task
+        from autotasks.tasks import delete_win_task_schedule
 
         task = get_object_or_404(AutomatedTask, pk=pk)
 
-        if not task.policy:
-            delete_win_task_schedule.delay(pk=task.pk)
+        if task.agent and not _has_perm_on_agent(request.user, task.agent.agent_id):
+            raise PermissionDenied()
 
-        if task.policy:
-            delete_policy_autotask_task.delay(task.pk)
+        if task.agent:
+            delete_win_task_schedule.delay(pk=task.pk)
+        elif task.policy:
+            delete_policy_autotasks_task.delay(task=task.pk)
             task.delete()
 
         return Response(f"{task.name} will be deleted shortly")
 
 
-@api_view()
-def run_task(request, pk):
-    task = get_object_or_404(AutomatedTask, pk=pk)
-    if not task.agent.has_nats:
-        return notify_error("Requires agent version 1.1.0 or greater")
+class RunAutoTask(APIView):
+    permission_classes = [IsAuthenticated, RunAutoTaskPerms]
 
-    asyncio.run(task.agent.nats_cmd({"func": "runtask", "taskpk": task.pk}, wait=False))
-    return Response(f"{task.name} will now be run on {task.agent.hostname}")
+    def post(self, request, pk):
+        from autotasks.tasks import run_win_task
+
+        task = get_object_or_404(AutomatedTask, pk=pk)
+
+        if task.agent and not _has_perm_on_agent(request.user, task.agent.agent_id):
+            raise PermissionDenied()
+
+        run_win_task.delay(pk=pk)
+        return Response(f"{task.name} will now be run on {task.agent.hostname}")

api/tacticalrmm/checks/migrations/0022_check_number_of_events_b4_alert.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-06 02:18
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('checks', '0021_auto_20210212_1429'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='check',
+            name='number_of_events_b4_alert',
+            field=models.PositiveIntegerField(blank=True, default=1, null=True),
+        ),
+    ]

api/tacticalrmm/checks/migrations/0023_check_run_interval.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-06 02:59
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('checks', '0022_check_number_of_events_b4_alert'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='check',
+            name='run_interval',
+            field=models.PositiveIntegerField(blank=True, default=0),
+        ),
+    ]

api/tacticalrmm/checks/migrations/0024_auto_20210606_1632.py

@@ -0,0 +1,22 @@
+# Generated by Django 3.2.1 on 2021-06-06 16:32
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('checks', '0023_check_run_interval'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='checkhistory',
+            name='check_history',
+        ),
+        migrations.AddField(
+            model_name='checkhistory',
+            name='check_id',
+            field=models.PositiveIntegerField(default=0),
+        ),
+    ]

api/tacticalrmm/checks/migrations/0025_auto_20210917_1954.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.6 on 2021-09-17 19:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("checks", "0024_auto_20210606_1632"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="check",
+            name="created_by",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name="check",
+            name="modified_by",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]

api/tacticalrmm/checks/models.py

@@ -1,4 +1,3 @@
-import asyncio
 import json
 import os
 import string
@@ -6,19 +5,14 @@ from statistics import mean
 from typing import Any
 
 import pytz
+from alerts.models import SEVERITY_CHOICES
+from core.models import CoreSettings
 from django.conf import settings
 from django.contrib.postgres.fields import ArrayField
 from django.core.validators import MaxValueValidator, MinValueValidator
 from django.db import models
-from loguru import logger
-
-from alerts.models import SEVERITY_CHOICES
-from core.models import CoreSettings
 from logs.models import BaseAuditModel
-
-from .utils import bytes2human
-
-logger.configure(**settings.LOG_CONFIG)
+from tacticalrmm.models import PermissionQuerySet
 
 CHECK_TYPE_CHOICES = [
     ("diskspace", "Disk Space Check"),
@@ -57,6 +51,7 @@ EVT_LOG_FAIL_WHEN_CHOICES = [
 
 
 class Check(BaseAuditModel):
+    objects = PermissionQuerySet.as_manager()
 
     # common fields
 
@@ -93,6 +88,7 @@ class Check(BaseAuditModel):
     fail_count = models.PositiveIntegerField(default=0)
     outage_history = models.JSONField(null=True, blank=True)  # store
     extra_details = models.JSONField(null=True, blank=True)
+    run_interval = models.PositiveIntegerField(blank=True, default=0)
     # check specific fields
 
     # for eventlog, script, ip, and service alert severity
@@ -181,6 +177,9 @@ class Check(BaseAuditModel):
         max_length=255, choices=EVT_LOG_FAIL_WHEN_CHOICES, null=True, blank=True
     )
     search_last_days = models.PositiveIntegerField(null=True, blank=True)
+    number_of_events_b4_alert = models.PositiveIntegerField(
+        null=True, blank=True, default=1
+    )
 
     def __str__(self):
         if self.agent:
@@ -233,16 +232,16 @@ class Check(BaseAuditModel):
 
         return self.last_run
 
-    @property
-    def non_editable_fields(self) -> list[str]:
+    @staticmethod
+    def non_editable_fields() -> list[str]:
         return [
             "check_type",
-            "status",
             "more_info",
             "last_run",
             "fail_count",
             "outage_history",
             "extra_details",
+            "status",
             "stdout",
             "stderr",
             "retcode",
@@ -259,7 +258,43 @@ class Check(BaseAuditModel):
             "modified_time",
         ]
 
-    def should_create_alert(self, alert_template):
+    @property
+    def policy_fields_to_copy(self) -> list[str]:
+        return [
+            "warning_threshold",
+            "error_threshold",
+            "alert_severity",
+            "name",
+            "run_interval",
+            "disk",
+            "fails_b4_alert",
+            "ip",
+            "script",
+            "script_args",
+            "info_return_codes",
+            "warning_return_codes",
+            "timeout",
+            "svc_name",
+            "svc_display_name",
+            "svc_policy_mode",
+            "pass_if_start_pending",
+            "pass_if_svc_not_exist",
+            "restart_if_stopped",
+            "log_name",
+            "event_id",
+            "event_id_is_wildcard",
+            "event_type",
+            "event_source",
+            "event_message",
+            "fail_when",
+            "search_last_days",
+            "number_of_events_b4_alert",
+            "email_alert",
+            "text_alert",
+            "dashboard_alert",
+        ]
+
+    def should_create_alert(self, alert_template=None):
 
         return (
             self.dashboard_alert
@@ -276,9 +311,9 @@ class Check(BaseAuditModel):
         )
 
     def add_check_history(self, value: int, more_info: Any = None) -> None:
-        CheckHistory.objects.create(check_history=self, y=value, results=more_info)
+        CheckHistory.objects.create(check_id=self.pk, y=value, results=more_info)
 
-    def handle_checkv2(self, data):
+    def handle_check(self, data):
         from alerts.models import Alert
 
         # cpuload or mem checks
@@ -309,9 +344,6 @@ class Check(BaseAuditModel):
         elif self.check_type == "diskspace":
             if data["exists"]:
                 percent_used = round(data["percent_used"])
-                total = bytes2human(data["total"])
-                free = bytes2human(data["free"])
-
                 if self.error_threshold and (100 - percent_used) < self.error_threshold:
                     self.status = "failing"
                     self.alert_severity = "error"
@@ -325,7 +357,7 @@ class Check(BaseAuditModel):
                 else:
                     self.status = "passing"
 
-                self.more_info = f"Total: {total}B, Free: {free}B"
+                self.more_info = data["more_info"]
 
                 # add check history
                 self.add_check_history(100 - percent_used)
@@ -341,12 +373,7 @@ class Check(BaseAuditModel):
             self.stdout = data["stdout"]
             self.stderr = data["stderr"]
             self.retcode = data["retcode"]
-            try:
-                # python agent
-                self.execution_time = "{:.4f}".format(data["stop"] - data["start"])
-            except:
-                # golang agent
-                self.execution_time = "{:.4f}".format(data["runtime"])
+            self.execution_time = "{:.4f}".format(data["runtime"])
 
             if data["retcode"] in self.info_return_codes:
                 self.alert_severity = "info"
@@ -382,18 +409,8 @@ class Check(BaseAuditModel):
 
         # ping checks
         elif self.check_type == "ping":
-            success = ["Reply", "bytes", "time", "TTL"]
-            output = data["output"]
-
-            if data["has_stdout"]:
-                if all(x in output for x in success):
-                    self.status = "passing"
-                else:
-                    self.status = "failing"
-            elif data["has_stderr"]:
-                self.status = "failing"
-
-            self.more_info = output
+            self.status = data["status"]
+            self.more_info = data["output"]
             self.save(update_fields=["more_info"])
 
             self.add_check_history(
@@ -402,41 +419,8 @@ class Check(BaseAuditModel):
 
         # windows service checks
         elif self.check_type == "winsvc":
-            svc_stat = data["status"]
-            self.more_info = f"Status {svc_stat.upper()}"
-
-            if data["exists"]:
-                if svc_stat == "running":
-                    self.status = "passing"
-                elif svc_stat == "start_pending" and self.pass_if_start_pending:
-                    self.status = "passing"
-                else:
-                    if self.agent and self.restart_if_stopped:
-                        nats_data = {
-                            "func": "winsvcaction",
-                            "payload": {"name": self.svc_name, "action": "start"},
-                        }
-                        r = asyncio.run(self.agent.nats_cmd(nats_data, timeout=32))
-                        if r == "timeout" or r == "natsdown":
-                            self.status = "failing"
-                        elif not r["success"] and r["errormsg"]:
-                            self.status = "failing"
-                        elif r["success"]:
-                            self.status = "passing"
-                            self.more_info = f"Status RUNNING"
-                        else:
-                            self.status = "failing"
-                    else:
-                        self.status = "failing"
-
-            else:
-                if self.pass_if_svc_not_exist:
-                    self.status = "passing"
-                else:
-                    self.status = "failing"
-
-                self.more_info = f"Service {self.svc_name} does not exist"
-
+            self.status = data["status"]
+            self.more_info = data["more_info"]
             self.save(update_fields=["more_info"])
 
             self.add_check_history(
@@ -444,57 +428,15 @@ class Check(BaseAuditModel):
             )
 
         elif self.check_type == "eventlog":
-            log = []
-            is_wildcard = self.event_id_is_wildcard
-            eventType = self.event_type
-            eventID = self.event_id
-            source = self.event_source
-            message = self.event_message
-            r = data["log"]
-
-            for i in r:
-                if i["eventType"] == eventType:
-                    if not is_wildcard and not int(i["eventID"]) == eventID:
-                        continue
-
-                    if not source and not message:
-                        if is_wildcard:
-                            log.append(i)
-                        elif int(i["eventID"]) == eventID:
-                            log.append(i)
-                        continue
-
-                    if source and message:
-                        if is_wildcard:
-                            if source in i["source"] and message in i["message"]:
-                                log.append(i)
-
-                        elif int(i["eventID"]) == eventID:
-                            if source in i["source"] and message in i["message"]:
-                                log.append(i)
-
-                        continue
-
-                    if source and source in i["source"]:
-                        if is_wildcard:
-                            log.append(i)
-                        elif int(i["eventID"]) == eventID:
-                            log.append(i)
-
-                    if message and message in i["message"]:
-                        if is_wildcard:
-                            log.append(i)
-                        elif int(i["eventID"]) == eventID:
-                            log.append(i)
-
+            log = data["log"]
             if self.fail_when == "contains":
-                if log:
+                if log and len(log) >= self.number_of_events_b4_alert:
                     self.status = "failing"
                 else:
                     self.status = "passing"
 
             elif self.fail_when == "not_contains":
-                if log:
+                if log and len(log) >= self.number_of_events_b4_alert:
                     self.status = "passing"
                 else:
                     self.status = "failing"
@@ -517,77 +459,51 @@ class Check(BaseAuditModel):
 
         elif self.status == "passing":
             self.fail_count = 0
-            self.save(update_fields=["status", "fail_count", "alert_severity"])
+            self.save()
             if Alert.objects.filter(assigned_check=self, resolved=False).exists():
                 Alert.handle_alert_resolve(self)
 
         return self.status
 
+    def handle_assigned_task(self) -> None:
+        for task in self.assignedtask.all():  # type: ignore
+            if task.enabled:
+                task.run_win_task()
+
     @staticmethod
     def serialize(check):
         # serializes the check and returns json
-        from .serializers import CheckSerializer
+        from .serializers import CheckAuditSerializer
 
-        return CheckSerializer(check).data
-
-    # for policy diskchecks
-    @staticmethod
-    def all_disks():
-        return [f"{i}:" for i in string.ascii_uppercase]
-
-    # for policy service checks
-    @staticmethod
-    def load_default_services():
-        with open(
-            os.path.join(settings.BASE_DIR, "services/default_services.json")
-        ) as f:
-            default_services = json.load(f)
-
-        return default_services
+        return CheckAuditSerializer(check).data
 
     def create_policy_check(self, agent=None, policy=None):
 
-        if not agent and not policy or agent and policy:
+        if (not agent and not policy) or (agent and policy):
             return
 
-        Check.objects.create(
+        check = Check.objects.create(
             agent=agent,
             policy=policy,
             managed_by_policy=bool(agent),
             parent_check=(self.pk if agent else None),
-            name=self.name,
-            alert_severity=self.alert_severity,
             check_type=self.check_type,
-            email_alert=self.email_alert,
-            dashboard_alert=self.dashboard_alert,
-            text_alert=self.text_alert,
-            fails_b4_alert=self.fails_b4_alert,
-            extra_details=self.extra_details,
-            error_threshold=self.error_threshold,
-            warning_threshold=self.warning_threshold,
-            disk=self.disk,
-            ip=self.ip,
             script=self.script,
-            script_args=self.script_args,
-            timeout=self.timeout,
-            info_return_codes=self.info_return_codes,
-            warning_return_codes=self.warning_return_codes,
-            svc_name=self.svc_name,
-            svc_display_name=self.svc_display_name,
-            pass_if_start_pending=self.pass_if_start_pending,
-            pass_if_svc_not_exist=self.pass_if_svc_not_exist,
-            restart_if_stopped=self.restart_if_stopped,
-            svc_policy_mode=self.svc_policy_mode,
-            log_name=self.log_name,
-            event_id=self.event_id,
-            event_id_is_wildcard=self.event_id_is_wildcard,
-            event_type=self.event_type,
-            event_source=self.event_source,
-            event_message=self.event_message,
-            fail_when=self.fail_when,
-            search_last_days=self.search_last_days,
         )
 
+        for task in self.assignedtask.all():  # type: ignore
+            if policy or (
+                agent and not agent.autotasks.filter(parent_task=task.pk).exists()
+            ):
+                task.create_policy_task(
+                    agent=agent, policy=policy, assigned_check=check
+                )
+
+        for field in self.policy_fields_to_copy:
+            setattr(check, field, getattr(self, field))
+
+        check.save()
+
     def is_duplicate(self, check):
         if self.check_type == "diskspace":
             return self.disk == check.disk
@@ -613,11 +529,10 @@ class Check(BaseAuditModel):
     def send_email(self):
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.agent.get_alert_template()
 
         body: str = ""
         if self.agent:
-            subject = f"{self.agent.client.name}, {self.agent.site.name}, {self} Failed"
+            subject = f"{self.agent.client.name}, {self.agent.site.name}, {self.agent.hostname} - {self} Failed"
         else:
             subject = f"{self} Failed"
 
@@ -628,12 +543,15 @@ class Check(BaseAuditModel):
             if self.error_threshold:
                 text += f" Error Threshold: {self.error_threshold}%"
 
-            percent_used = [
-                d["percent"] for d in self.agent.disks if d["device"] == self.disk
-            ][0]
-            percent_free = 100 - percent_used
+            try:
+                percent_used = [
+                    d["percent"] for d in self.agent.disks if d["device"] == self.disk
+                ][0]
+                percent_free = 100 - percent_used
 
-            body = subject + f" - Free: {percent_free}%, {text}"
+                body = subject + f" - Free: {percent_free}%, {text}"
+            except:
+                body = subject + f" - Disk {self.disk} does not exist"
 
         elif self.check_type == "script":
 
@@ -662,16 +580,7 @@ class Check(BaseAuditModel):
                 body = subject + f" - Average memory usage: {avg}%, {text}"
 
         elif self.check_type == "winsvc":
-
-            try:
-                status = list(
-                    filter(lambda x: x["name"] == self.svc_name, self.agent.services)
-                )[0]["status"]
-            # catch services that don't exist if policy check
-            except:
-                status = "Unknown"
-
-            body = subject + f" - Status: {status.upper()}"
+            body = subject + f" - Status: {self.more_info}"
 
         elif self.check_type == "eventlog":
 
@@ -695,12 +604,11 @@ class Check(BaseAuditModel):
                 except:
                     continue
 
-        CORE.send_mail(subject, body, alert_template=alert_template)
+        CORE.send_mail(subject, body, alert_template=self.agent.alert_template)
 
     def send_sms(self):
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.agent.get_alert_template()
         body: str = ""
 
         if self.agent:
@@ -715,11 +623,15 @@ class Check(BaseAuditModel):
             if self.error_threshold:
                 text += f" Error Threshold: {self.error_threshold}%"
 
-            percent_used = [
-                d["percent"] for d in self.agent.disks if d["device"] == self.disk
-            ][0]
-            percent_free = 100 - percent_used
-            body = subject + f" - Free: {percent_free}%, {text}"
+            try:
+                percent_used = [
+                    d["percent"] for d in self.agent.disks if d["device"] == self.disk
+                ][0]
+                percent_free = 100 - percent_used
+                body = subject + f" - Free: {percent_free}%, {text}"
+            except:
+                body = subject + f" - Disk {self.disk} does not exist"
+
         elif self.check_type == "script":
             body = subject + f" - Return code: {self.retcode}"
         elif self.check_type == "ping":
@@ -737,39 +649,34 @@ class Check(BaseAuditModel):
             elif self.check_type == "memory":
                 body = subject + f" - Average memory usage: {avg}%, {text}"
         elif self.check_type == "winsvc":
-            status = list(
-                filter(lambda x: x["name"] == self.svc_name, self.agent.services)
-            )[0]["status"]
-            body = subject + f" - Status: {status.upper()}"
+            body = subject + f" - Status: {self.more_info}"
         elif self.check_type == "eventlog":
             body = subject
 
-        CORE.send_sms(body, alert_template=alert_template)
+        CORE.send_sms(body, alert_template=self.agent.alert_template)
 
     def send_resolved_email(self):
         CORE = CoreSettings.objects.first()
-        alert_template = self.agent.get_alert_template()
+
         subject = f"{self.agent.client.name}, {self.agent.site.name}, {self} Resolved"
         body = f"{self} is now back to normal"
 
-        CORE.send_mail(subject, body, alert_template=alert_template)
+        CORE.send_mail(subject, body, alert_template=self.agent.alert_template)
 
     def send_resolved_sms(self):
         CORE = CoreSettings.objects.first()
-        alert_template = self.agent.get_alert_template()
+
         subject = f"{self.agent.client.name}, {self.agent.site.name}, {self} Resolved"
-        CORE.send_sms(subject, alert_template=alert_template)
+        CORE.send_sms(subject, alert_template=self.agent.alert_template)
 
 
 class CheckHistory(models.Model):
-    check_history = models.ForeignKey(
-        Check,
-        related_name="check_history",
-        on_delete=models.CASCADE,
-    )
+    objects = PermissionQuerySet.as_manager()
+
+    check_id = models.PositiveIntegerField(default=0)
     x = models.DateTimeField(auto_now_add=True)
     y = models.PositiveIntegerField(null=True, blank=True, default=None)
     results = models.JSONField(null=True, blank=True)
 
     def __str__(self):
-        return self.check_history.readable_desc
+        return self.x

api/tacticalrmm/checks/permissions.py

@@ -0,0 +1,23 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm, _has_perm_on_agent
+
+
+class ChecksPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET" or r.method == "PATCH":
+            if "agent_id" in view.kwargs.keys():
+                return _has_perm(r, "can_list_checks") and _has_perm_on_agent(
+                    r.user, view.kwargs["agent_id"]
+                )
+            else:
+                return _has_perm(r, "can_list_checks")
+        else:
+            return _has_perm(r, "can_manage_checks")
+
+
+class RunChecksPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_run_checks") and _has_perm_on_agent(
+            r.user, view.kwargs["agent_id"]
+        )

api/tacticalrmm/checks/serializers.py

@@ -3,9 +3,10 @@ import validators as _v
 from rest_framework import serializers
 
 from autotasks.models import AutomatedTask
-from scripts.serializers import ScriptCheckSerializer, ScriptSerializer
+from scripts.serializers import ScriptCheckSerializer
 
 from .models import Check, CheckHistory
+from scripts.models import Script
 
 
 class AssignedTaskField(serializers.ModelSerializer):
@@ -17,7 +18,6 @@ class AssignedTaskField(serializers.ModelSerializer):
 class CheckSerializer(serializers.ModelSerializer):
 
     readable_desc = serializers.ReadOnlyField()
-    script = ScriptSerializer(read_only=True)
     assigned_task = serializers.SerializerMethodField()
     last_run = serializers.ReadOnlyField(source="last_run_as_timezone")
     history_info = serializers.ReadOnlyField()
@@ -25,7 +25,7 @@ class CheckSerializer(serializers.ModelSerializer):
 
     def get_alert_template(self, obj):
         if obj.agent:
-            alert_template = obj.agent.get_alert_template()
+            alert_template = obj.agent.alert_template
         else:
             alert_template = None
 
@@ -56,6 +56,11 @@ class CheckSerializer(serializers.ModelSerializer):
     def validate(self, val):
         try:
             check_type = val["check_type"]
+            filter = (
+                {"agent": val["agent"]}
+                if "agent" in val.keys()
+                else {"policy": val["policy"]}
+            )
         except KeyError:
             return val
 
@@ -64,7 +69,7 @@ class CheckSerializer(serializers.ModelSerializer):
         if check_type == "diskspace":
             if not self.instance:  # only on create
                 checks = (
-                    Check.objects.filter(**self.context)
+                    Check.objects.filter(**filter)
                     .filter(check_type="diskspace")
                     .exclude(managed_by_policy=True)
                 )
@@ -101,7 +106,7 @@ class CheckSerializer(serializers.ModelSerializer):
 
         if check_type == "cpuload" and not self.instance:
             if (
-                Check.objects.filter(**self.context, check_type="cpuload")
+                Check.objects.filter(**filter, check_type="cpuload")
                 .exclude(managed_by_policy=True)
                 .exists()
             ):
@@ -125,7 +130,7 @@ class CheckSerializer(serializers.ModelSerializer):
 
         if check_type == "memory" and not self.instance:
             if (
-                Check.objects.filter(**self.context, check_type="memory")
+                Check.objects.filter(**filter, check_type="memory")
                 .exclude(managed_by_policy=True)
                 .exists()
             ):
@@ -158,13 +163,16 @@ class AssignedTaskCheckRunnerField(serializers.ModelSerializer):
 
 class CheckRunnerGetSerializer(serializers.ModelSerializer):
     # only send data needed for agent to run a check
-    assigned_tasks = serializers.SerializerMethodField()
     script = ScriptCheckSerializer(read_only=True)
+    script_args = serializers.SerializerMethodField()
 
-    def get_assigned_tasks(self, obj):
-        if obj.assignedtask.exists():
-            tasks = obj.assignedtask.all()
-            return AssignedTaskCheckRunnerField(tasks, many=True).data
+    def get_script_args(self, obj):
+        if obj.check_type != "script":
+            return []
+
+        return Script.parse_script_args(
+            agent=obj.agent, shell=obj.script.shell, args=obj.script_args
+        )
 
     class Meta:
         model = Check
@@ -193,6 +201,7 @@ class CheckRunnerGetSerializer(serializers.ModelSerializer):
             "modified_by",
             "modified_time",
             "history",
+            "dashboard_alert",
         ]
 
 
@@ -215,3 +224,9 @@ class CheckHistorySerializer(serializers.ModelSerializer):
     class Meta:
         model = CheckHistory
         fields = ("x", "y", "results")
+
+
+class CheckAuditSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Check
+        fields = "__all__"