Release 0.7.0

Submitting System Report Generator to Community Scripts

.devcontainer/.env.example

@@ -26,3 +26,6 @@ POSTGRES_PASS=postgrespass
 APP_PORT=80
 API_PORT=80
 HTTP_PROTOCOL=https
+DOCKER_NETWORK="172.21.0.0/24"
+DOCKER_NGINX_IP="172.21.0.20"
+NATS_PORTS="4222:4222"

.devcontainer/api.dockerfile

@@ -1,7 +1,6 @@
-FROM python:3.8-slim
+FROM python:3.9.2-slim
 
 ENV TACTICAL_DIR /opt/tactical
-ENV TACTICAL_GO_DIR /usr/local/rmmgo
 ENV TACTICAL_READY_FILE ${TACTICAL_DIR}/tmp/tactical.ready
 ENV WORKSPACE_DIR /workspace
 ENV TACTICAL_USER tactical
@@ -9,14 +8,11 @@ ENV VIRTUAL_ENV ${WORKSPACE_DIR}/api/tacticalrmm/env
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
-EXPOSE 8000
+EXPOSE 8000 8383 8005
 
 RUN groupadd -g 1000 tactical && \
     useradd -u 1000 -g 1000 tactical
 
-# Copy Go Files
-COPY --from=golang:1.15 /usr/local/go ${TACTICAL_GO_DIR}/go
-
 # Copy Dev python reqs
 COPY ./requirements.txt /
 

.devcontainer/docker-compose.yml

@@ -2,6 +2,7 @@ version: '3.4'
 
 services:
   api-dev:
+    container_name: trmm-api-dev
     image: api-dev
     restart: always
     build:
@@ -21,9 +22,10 @@ services:
           - tactical-backend
 
   app-dev:
-    image: node:12-alpine
+    container_name: trmm-app-dev
+    image: node:14-alpine
     restart: always
-    command: /bin/sh -c "npm install && npm run serve -- --host 0.0.0.0 --port ${APP_PORT}"
+    command: /bin/sh -c "npm install npm@latest -g && npm install && npm run serve -- --host 0.0.0.0 --port ${APP_PORT}"
     working_dir: /workspace/web
     volumes:
       - ..:/workspace:cached
@@ -36,6 +38,7 @@ services:
 
   # nats
   nats-dev:
+    container_name: trmm-nats-dev
     image: ${IMAGE_REPO}tactical-nats:${VERSION}
     restart: always
     environment:
@@ -43,7 +46,7 @@ services:
       API_PORT: ${API_PORT}
       DEV: 1
     ports:
-      - "4222:4222"
+      - "${NATS_PORTS}"
     volumes:
       - tactical-data-dev:/opt/tactical
       - ..:/workspace:cached
@@ -55,6 +58,7 @@ services:
 
   # meshcentral container
   meshcentral-dev:
+    container_name: trmm-meshcentral-dev
     image: ${IMAGE_REPO}tactical-meshcentral:${VERSION}
     restart: always
     environment: 
@@ -63,7 +67,7 @@ services:
       MESH_PASS: ${MESH_PASS}
       MONGODB_USER: ${MONGODB_USER}
       MONGODB_PASSWORD: ${MONGODB_PASSWORD}
-      NGINX_HOST_IP: 172.21.0.20
+      NGINX_HOST_IP: ${DOCKER_NGINX_IP}
     networks:
       dev:
         aliases:
@@ -77,6 +81,7 @@ services:
 
   # mongodb container for meshcentral
   mongodb-dev:
+    container_name: trmm-mongodb-dev
     image: mongo:4.4
     restart: always
     environment:
@@ -92,6 +97,7 @@ services:
 
   # postgres database for api service
   postgres-dev:
+    container_name: trmm-postgres-dev
     image: postgres:13-alpine
     restart: always
     environment:
@@ -107,14 +113,19 @@ services:
 
   # redis container for celery tasks
   redis-dev:
+    container_name: trmm-redis-dev
     restart: always
+    command: redis-server --appendonly yes
     image: redis:6.0-alpine
+    volumes: 
+      - redis-data-dev:/data
     networks:
       dev:
         aliases:
           - tactical-redis
 
   init-dev:
+    container_name: trmm-init-dev
     image: api-dev
     build:
       context: .
@@ -143,6 +154,7 @@ services:
 
   # container for celery worker service
   celery-dev:
+    container_name: trmm-celery-dev
     image: api-dev
     build:
       context: .
@@ -160,6 +172,7 @@ services:
 
   # container for celery beat service
   celerybeat-dev:
+    container_name: trmm-celerybeat-dev
     image: api-dev
     build:
       context: .
@@ -175,8 +188,29 @@ services:
       - postgres-dev
       - redis-dev
 
-  nginx-dev:
+  # container for websockets communication
+  websockets-dev:
+    container_name: trmm-websockets-dev
+    image: api-dev
+    build:
+      context: .
+      dockerfile: ./api.dockerfile
+    command: ["tactical-websockets-dev"]
+    restart: always
+    networks:
+      dev:
+        aliases:
+          - tactical-websockets
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - ..:/workspace:cached
+    depends_on:
+      - postgres-dev
+      - redis-dev
+
   # container for tactical reverse proxy
+  nginx-dev:
+    container_name: trmm-nginx-dev
     image: ${IMAGE_REPO}tactical-nginx:${VERSION}
     restart: always
     environment:
@@ -189,18 +223,34 @@ services:
       API_PORT: ${API_PORT}
     networks:
       dev:
-        ipv4_address: 172.21.0.20
+        ipv4_address: ${DOCKER_NGINX_IP}
     ports:
       - "80:80"
       - "443:443"
     volumes:
       - tactical-data-dev:/opt/tactical
 
+  mkdocs-dev:
+    container_name: trmm-mkdocs-dev
+    image: api-dev
+    restart: always
+    build:
+      context: .
+      dockerfile: ./api.dockerfile
+    command: ["tactical-mkdocs-dev"]
+    ports:
+      - "8005:8005"
+    volumes:
+      - ..:/workspace:cached
+    networks:
+      - dev
+
 volumes:
   tactical-data-dev:
   postgres-data-dev:
   mongo-dev-data:
   mesh-data-dev:
+  redis-data-dev:
 
 networks:
   dev:
@@ -208,4 +258,4 @@ networks:
     ipam:
       driver: default
       config:
-        - subnet: 172.21.0.0/24  
+        - subnet: ${DOCKER_NETWORK}

.devcontainer/entrypoint.sh

@@ -100,6 +100,7 @@ MESH_USERNAME = '${MESH_USER}'
 MESH_SITE = 'https://${MESH_HOST}'
 MESH_TOKEN_KEY = '${MESH_TOKEN}'
 REDIS_HOST    = '${REDIS_HOST}'
+ADMIN_ENABLED = True
 EOF
 )"
 
@@ -126,7 +127,7 @@ if [ "$1" = 'tactical-init-dev' ]; then
   test -f "${TACTICAL_READY_FILE}" && rm "${TACTICAL_READY_FILE}"
 
   # setup Python virtual env and install dependencies
-  ! test -e "${VIRTUAL_ENV}" && python -m venv --copies ${VIRTUAL_ENV}
+  ! test -e "${VIRTUAL_ENV}" && python -m venv ${VIRTUAL_ENV}
   "${VIRTUAL_ENV}"/bin/pip install --no-cache-dir -r /requirements.txt
 
   django_setup
@@ -135,10 +136,11 @@ if [ "$1" = 'tactical-init-dev' ]; then
   webenv="$(cat << EOF
 PROD_URL = "${HTTP_PROTOCOL}://${API_HOST}"
 DEV_URL = "${HTTP_PROTOCOL}://${API_HOST}"
-APP_URL = https://${APP_HOST}
+APP_URL = "https://${APP_HOST}"
+DOCKER_BUILD = 1
 EOF
 )"
-  echo "${webenv}" | tee ${WORKSPACE_DIR}/web/.env > /dev/null
+  echo "${webenv}" | tee "${WORKSPACE_DIR}"/web/.env > /dev/null
 
   # chown everything to tactical user
   chown -R "${TACTICAL_USER}":"${TACTICAL_USER}" "${WORKSPACE_DIR}"
@@ -149,9 +151,6 @@ EOF
 fi
 
 if [ "$1" = 'tactical-api' ]; then
-  cp "${WORKSPACE_DIR}"/api/tacticalrmm/core/goinstaller/bin/goversioninfo /usr/local/bin/goversioninfo
-  chmod +x /usr/local/bin/goversioninfo
-  
   check_tactical_ready
   "${VIRTUAL_ENV}"/bin/python manage.py runserver 0.0.0.0:"${API_PORT}"
 fi
@@ -166,3 +165,13 @@ if [ "$1" = 'tactical-celerybeat-dev' ]; then
   test -f "${WORKSPACE_DIR}/api/tacticalrmm/celerybeat.pid" && rm "${WORKSPACE_DIR}/api/tacticalrmm/celerybeat.pid"
   "${VIRTUAL_ENV}"/bin/celery -A tacticalrmm beat -l debug
 fi
+
+if [ "$1" = 'tactical-websockets-dev' ]; then
+  check_tactical_ready
+  "${VIRTUAL_ENV}"/bin/daphne tacticalrmm.asgi:application --port 8383 -b 0.0.0.0
+fi
+
+if [ "$1" = 'tactical-mkdocs-dev' ]; then
+  cd "${WORKSPACE_DIR}/docs"
+  "${VIRTUAL_ENV}"/bin/mkdocs serve
+fi

.devcontainer/requirements.txt

@@ -1,40 +1,26 @@
 # To ensure app dependencies are ported from your virtual environment/host machine into your container, run 'pip freeze > requirements.txt' in the terminal to overwrite this file
-amqp==5.0.5
-asgiref==3.3.1
-asyncio-nats-client==0.11.4
-billiard==3.6.3.0
-celery==5.0.5
-certifi==2020.12.5
-cffi==1.14.5
-chardet==4.0.0
-cryptography==3.4.4
-decorator==4.4.2
-Django==3.1.6
-django-cors-headers==3.7.0
-django-rest-knox==4.1.0
-djangorestframework==3.12.2
-future==0.18.2
-kombu==5.0.2
-loguru==0.5.3
-msgpack==1.0.2
-packaging==20.8
-psycopg2-binary==2.8.6
-pycparser==2.20
-pycryptodome==3.10.1
-pyotp==2.6.0
-pyparsing==2.4.7
-pytz==2021.1
-qrcode==6.1
-redis==3.5.3
-requests==2.25.1
-six==1.15.0
-sqlparse==0.4.1
-twilio==6.52.0
-urllib3==1.26.3
-validators==0.18.2
-vine==5.0.0
-websockets==8.1
-zipp==3.4.0
+asyncio-nats-client
+celery
+channels
+channels_redis
+Django
+django-cors-headers
+django-rest-knox
+djangorestframework
+loguru
+msgpack
+psycopg2-binary
+pycparser
+pycryptodome
+pyotp
+pyparsing
+pytz
+qrcode
+redis
+twilio
+packaging
+validators
+websockets
 black
 Werkzeug
 django-extensions
@@ -44,3 +30,7 @@ model_bakery
 mkdocs
 mkdocs-material
 pymdown-extensions
+Pygments
+mypy
+pysnooper
+isort

.github/FUNDING.yml

@@ -3,7 +3,7 @@
 github: wh1te909
 patreon: # Replace with a single Patreon username
 open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
+ko_fi: tacticalrmm
 tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
 community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
 liberapay: # Replace with a single Liberapay username

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a bug report
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Server Info (please complete the following information):**
+ - OS: [e.g. Ubuntu 20.04, Debian 10]
+ - Browser: [e.g. chrome, safari]
+ - RMM Version (as shown in top left of web UI):
+
+**Installation Method:**
+  - [ ] Standard
+  - [ ] Docker
+
+**Agent Info (please complete the following information):**
+- Agent version (as shown in the 'Summary' tab of the agent from web UI):
+- Agent OS: [e.g. Win 10 v2004, Server 2012 R2]
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/deploy-docs.yml

@@ -0,0 +1,22 @@
+name: Deploy Docs
+on:
+  push:
+    branches:
+      - master
+
+defaults:
+  run:
+    working-directory: docs
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.x
+      - run: pip install --upgrade pip
+      - run: pip install --upgrade setuptools wheel
+      - run: pip install mkdocs mkdocs-material pymdown-extensions
+      - run: mkdocs gh-deploy --force

.gitignore

@@ -45,3 +45,6 @@ htmlcov/
 docker-compose.dev.yml
 docs/.vuepress/dist
 nats-rmm.conf
+.mypy_cache
+docs/site/
+reset_db.sh

.vscode/settings.json

@@ -3,7 +3,14 @@
     "python.languageServer": "Pylance",
     "python.analysis.extraPaths": [
         "api/tacticalrmm",
+        "api/env",
     ],
+    "python.analysis.diagnosticSeverityOverrides": {
+        "reportUnusedImport": "error",
+        "reportDuplicateImport": "error",
+    },
+    "python.analysis.memory.keepLibraryAst": true,
+    "python.linting.mypyEnabled": true,
     "python.analysis.typeCheckingMode": "basic",
     "python.formatting.provider": "black",
     "editor.formatOnSave": true,

README.md

@@ -8,13 +8,13 @@
 Tactical RMM is a remote monitoring & management tool for Windows computers, built with Django and Vue.\
 It uses an [agent](https://github.com/wh1te909/rmmagent) written in golang and integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral)
 
-# [LIVE DEMO](https://rmm.xlawgaming.com/)
+# [LIVE DEMO](https://rmm.tacticalrmm.io/)
 Demo database resets every hour. Alot of features are disabled for obvious reasons due to the nature of this app.
 
-*Tactical RMM is currently in alpha and subject to breaking changes. Use in production at your own risk.*
-
 ### [Discord Chat](https://discord.gg/upGTkWp)
 
+### [Documentation](https://wh1te909.github.io/tacticalrmm/)
+
 ## Features
 
 - Teamviewer-like remote desktop control
@@ -33,98 +33,6 @@ Demo database resets every hour. Alot of features are disabled for obvious reaso
 
 - Windows 7, 8.1, 10, Server 2008R2, 2012R2, 2016, 2019
 
-## Installation
+## Installation / Backup / Restore / Usage
 
-### Requirements
-- VPS with 2GB ram (an install script is provided for Ubuntu Server 20.04 / Debian 10)
-- A domain you own with at least 3 subdomains
-- Google Authenticator app (2 factor is NOT optional)
-
-### Docker
-Refer to the [docker setup](docker/readme.md)
-
-
-### Installation example (Ubuntu server 20.04 LTS)
-
-Fresh VPS with latest updates\
-login as root and create a user and add to sudoers group (we will be creating a user called tactical)
-```
-apt update && apt -y upgrade
-adduser tactical
-usermod -a -G sudo tactical
-```
-
-switch to the tactical user and setup the firewall
-```
-su - tactical
-sudo ufw default deny incoming
-sudo ufw default allow outgoing
-sudo ufw allow ssh
-sudo ufw allow http
-sudo ufw allow https
-sudo ufw allow proto tcp from any to any port 4222
-sudo ufw enable && sudo ufw reload
-```
-
-Our domain for this example is tacticalrmm.com
-
-In the DNS manager of wherever our domain is hosted, we will create three A records, all pointing to the public IP address of our VPS
-
-Create A record ```api.tacticalrmm.com``` for the django rest backend\
-Create A record ```rmm.tacticalrmm.com``` for the vue frontend\
-Create A record ```mesh.tacticalrmm.com``` for meshcentral
-
-Download the install script and run it
-
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/install.sh
-chmod +x install.sh
-./install.sh
-```
-
- Links will be provided at the end of the install script.\
- Download the executable from the first link, then open ```rmm.tacticalrmm.com``` and login.\
- Upload the executable when prompted during the initial setup page.
-
-
-### Install an agent
-From the app's dashboard, choose Agents > Install Agent to generate an installer.
-
-## Updating
-Download and run [update.sh](https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh)
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh
-chmod +x update.sh
-./update.sh
-```
-
-## Backup
-Download [backup.sh](https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/backup.sh)
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/backup.sh
-```
-Change the postgres username and password at the top of the file (you can find them in `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` under the DATABASES section)
-
-Run it
-```
-chmod +x backup.sh
-./backup.sh
-```
-
-## Restore
-Change your 3 A records to point to new server's public IP
-
-Create same linux user account as old server and add to sudoers group and setup firewall (see install instructions above)
-
-Copy backup file to new server
-
-Download the restore script, and edit the postgres username/password at the top of the file. Same instructions as above in the backup steps.
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/restore.sh
-```
-
-Run the restore script, passing it the backup tar file as the first argument
-```
-chmod +x restore.sh
-./restore.sh rmm-backup-xxxxxxx.tar
-```
+### Refer to the [documentation](https://wh1te909.github.io/tacticalrmm/)

api/tacticalrmm/accounts/admin.py

@@ -1,8 +1,8 @@
 from django.contrib import admin
-
 from rest_framework.authtoken.admin import TokenAdmin
 
-from .models import User
+from .models import User, Role
 
 admin.site.register(User)
 TokenAdmin.raw_id_fields = ("user",)
+admin.site.register(Role)

api/tacticalrmm/accounts/management/commands/delete_tokens.py

@@ -1,6 +1,5 @@
-from django.utils import timezone as djangotime
-
 from django.core.management.base import BaseCommand
+from django.utils import timezone as djangotime
 from knox.models import AuthToken
 
 

api/tacticalrmm/accounts/management/commands/generate_barcode.py

@@ -1,11 +1,13 @@
-import pyotp
 import subprocess
+
+import pyotp
 from django.core.management.base import BaseCommand
+
 from accounts.models import User
 
 
 class Command(BaseCommand):
-    help = "Generates barcode for Google Authenticator and creates totp for user"
+    help = "Generates barcode for Authenticator and creates totp for user"
 
     def add_arguments(self, parser):
         parser.add_argument("code", type=str)
@@ -24,12 +26,10 @@ class Command(BaseCommand):
         url = pyotp.totp.TOTP(code).provisioning_uri(username, issuer_name=domain)
         subprocess.run(f'qr "{url}"', shell=True)
         self.stdout.write(
-            self.style.SUCCESS(
-                "Scan the barcode above with your google authenticator app"
-            )
+            self.style.SUCCESS("Scan the barcode above with your authenticator app")
         )
         self.stdout.write(
             self.style.SUCCESS(
-                f"If that doesn't work you may manually enter the key: {code}"
+                f"If that doesn't work you may manually enter the setup key: {code}"
             )
         )

api/tacticalrmm/accounts/management/commands/reset_2fa.py

@@ -0,0 +1,57 @@
+import os
+import subprocess
+
+import pyotp
+from django.core.management.base import BaseCommand
+
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Reset 2fa"
+
+    def add_arguments(self, parser):
+        parser.add_argument("username", type=str)
+
+    def handle(self, *args, **kwargs):
+        username = kwargs["username"]
+        try:
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
+            self.stdout.write(self.style.ERROR(f"User {username} doesn't exist"))
+            return
+
+        domain = "Tactical RMM"
+        nginx = "/etc/nginx/sites-available/frontend.conf"
+        found = None
+        if os.path.exists(nginx):
+            try:
+                with open(nginx, "r") as f:
+                    for line in f:
+                        if "server_name" in line:
+                            found = line
+                            break
+
+                if found:
+                    rep = found.replace("server_name", "").replace(";", "")
+                    domain = "".join(rep.split())
+            except:
+                pass
+
+        code = pyotp.random_base32()
+        user.totp_key = code
+        user.save(update_fields=["totp_key"])
+
+        url = pyotp.totp.TOTP(code).provisioning_uri(username, issuer_name=domain)
+        subprocess.run(f'qr "{url}"', shell=True)
+        self.stdout.write(
+            self.style.WARNING("Scan the barcode above with your authenticator app")
+        )
+        self.stdout.write(
+            self.style.WARNING(
+                f"If that doesn't work you may manually enter the setup key: {code}"
+            )
+        )
+        self.stdout.write(
+            self.style.SUCCESS(f"2fa was successfully reset for user {username}")
+        )

api/tacticalrmm/accounts/management/commands/reset_password.py

@@ -0,0 +1,22 @@
+from django.core.management.base import BaseCommand
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Reset password for user"
+
+    def add_arguments(self, parser):
+        parser.add_argument("username", type=str)
+
+    def handle(self, *args, **kwargs):
+        username = kwargs["username"]
+        try:
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
+            self.stdout.write(self.style.ERROR(f"User {username} doesn't exist"))
+            return
+
+        passwd = input("Enter new password: ")
+        user.set_password(passwd)
+        user.save()
+        self.stdout.write(self.style.SUCCESS(f"Password for {username} was reset!"))

api/tacticalrmm/accounts/migrations/0001_initial.py

@@ -2,8 +2,8 @@
 
 import django.contrib.auth.models
 import django.contrib.auth.validators
-from django.db import migrations, models
 import django.utils.timezone
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/accounts/migrations/0006_user_agent.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.1.2 on 2020-11-10 20:24
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/accounts/migrations/0012_user_agents_per_page.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-02-28 06:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0011_user_default_agent_tbl_tab'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='agents_per_page',
+            field=models.PositiveIntegerField(default=50),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0013_user_client_tree_sort.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-09 02:33
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0012_user_agents_per_page'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='client_tree_sort',
+            field=models.CharField(choices=[('alphafail', 'Move failing clients to the top'), ('alpha', 'Sort alphabetically')], default='alphafail', max_length=50),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0014_user_client_tree_splitter.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2 on 2021-04-11 01:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0013_user_client_tree_sort'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='client_tree_splitter',
+            field=models.PositiveIntegerField(default=11),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0015_user_loading_bar_color.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2 on 2021-04-11 03:03
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0014_user_client_tree_splitter'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='loading_bar_color',
+            field=models.CharField(default='red', max_length=255),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0016_auto_20210507_1526.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.2.1 on 2021-05-07 15:26
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0022_urlaction'),
+        ('accounts', '0015_user_loading_bar_color'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='url_action',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='user', to='core.urlaction'),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='agent_dblclick_action',
+            field=models.CharField(choices=[('editagent', 'Edit Agent'), ('takecontrol', 'Take Control'), ('remotebg', 'Remote Background'), ('urlaction', 'URL Action')], default='editagent', max_length=50),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0017_auto_20210508_1716.py

@@ -0,0 +1,173 @@
+# Generated by Django 3.2.1 on 2021-05-08 17:16
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0016_auto_20210507_1526'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='can_code_sign',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_do_server_maint',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_edit_agent',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_edit_core_settings',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_install_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_accounts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_alerts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_automation_policies',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_clients',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_deployments',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_notes',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_pendingactions',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_procs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_sites',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_software',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_winsvcs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_winupdates',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_reboot_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_bulk',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_send_cmd',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_uninstall_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_update_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_use_mesh',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_auditlogs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_debuglogs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_eventlogs',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0018_auto_20210511_0233.py

@@ -0,0 +1,181 @@
+# Generated by Django 3.2.1 on 2021-05-11 02:33
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0017_auto_20210508_1716'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Role',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, unique=True)),
+                ('is_superuser', models.BooleanField(default=False)),
+                ('can_use_mesh', models.BooleanField(default=False)),
+                ('can_uninstall_agents', models.BooleanField(default=False)),
+                ('can_update_agents', models.BooleanField(default=False)),
+                ('can_edit_agent', models.BooleanField(default=False)),
+                ('can_manage_procs', models.BooleanField(default=False)),
+                ('can_view_eventlogs', models.BooleanField(default=False)),
+                ('can_send_cmd', models.BooleanField(default=False)),
+                ('can_reboot_agents', models.BooleanField(default=False)),
+                ('can_install_agents', models.BooleanField(default=False)),
+                ('can_run_scripts', models.BooleanField(default=False)),
+                ('can_run_bulk', models.BooleanField(default=False)),
+                ('can_manage_notes', models.BooleanField(default=False)),
+                ('can_edit_core_settings', models.BooleanField(default=False)),
+                ('can_do_server_maint', models.BooleanField(default=False)),
+                ('can_code_sign', models.BooleanField(default=False)),
+                ('can_manage_checks', models.BooleanField(default=False)),
+                ('can_run_checks', models.BooleanField(default=False)),
+                ('can_manage_clients', models.BooleanField(default=False)),
+                ('can_manage_sites', models.BooleanField(default=False)),
+                ('can_manage_deployments', models.BooleanField(default=False)),
+                ('can_manage_automation_policies', models.BooleanField(default=False)),
+                ('can_manage_autotasks', models.BooleanField(default=False)),
+                ('can_run_autotasks', models.BooleanField(default=False)),
+                ('can_view_auditlogs', models.BooleanField(default=False)),
+                ('can_manage_pendingactions', models.BooleanField(default=False)),
+                ('can_view_debuglogs', models.BooleanField(default=False)),
+                ('can_manage_scripts', models.BooleanField(default=False)),
+                ('can_manage_alerts', models.BooleanField(default=False)),
+                ('can_manage_winsvcs', models.BooleanField(default=False)),
+                ('can_manage_software', models.BooleanField(default=False)),
+                ('can_manage_winupdates', models.BooleanField(default=False)),
+                ('can_manage_accounts', models.BooleanField(default=False)),
+            ],
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_code_sign',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_do_server_maint',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_edit_agent',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_edit_core_settings',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_install_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_accounts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_alerts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_automation_policies',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_autotasks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_checks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_clients',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_deployments',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_notes',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_pendingactions',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_procs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_scripts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_sites',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_software',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_winsvcs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_winupdates',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_reboot_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_autotasks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_bulk',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_checks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_scripts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_send_cmd',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_uninstall_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_update_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_use_mesh',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_auditlogs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_debuglogs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_eventlogs',
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0019_user_role.py

@@ -0,0 +1,25 @@
+# Generated by Django 3.2.1 on 2021-05-11 02:33
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0018_auto_20210511_0233"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="role",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="roles",
+                to="accounts.role",
+            ),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0020_role_can_manage_roles.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.1 on 2021-05-11 17:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0019_user_role'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_roles',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/migrations/0021_role_can_view_core_settings.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-17 04:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0020_role_can_manage_roles'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_view_core_settings',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/accounts/models.py

@@ -1,5 +1,5 @@
-from django.db import models
 from django.contrib.auth.models import AbstractUser
+from django.db import models
 
 from logs.models import BaseAuditModel
 
@@ -7,6 +7,7 @@ AGENT_DBLCLICK_CHOICES = [
     ("editagent", "Edit Agent"),
     ("takecontrol", "Take Control"),
     ("remotebg", "Remote Background"),
+    ("urlaction", "URL Action"),
 ]
 
 AGENT_TBL_TAB_CHOICES = [
@@ -15,6 +16,11 @@ AGENT_TBL_TAB_CHOICES = [
     ("mixed", "Mixed"),
 ]
 
+CLIENT_TREE_SORT_CHOICES = [
+    ("alphafail", "Move failing clients to the top"),
+    ("alpha", "Sort alphabetically"),
+]
+
 
 class User(AbstractUser, BaseAuditModel):
     is_active = models.BooleanField(default=True)
@@ -24,9 +30,22 @@ class User(AbstractUser, BaseAuditModel):
     agent_dblclick_action = models.CharField(
         max_length=50, choices=AGENT_DBLCLICK_CHOICES, default="editagent"
     )
+    url_action = models.ForeignKey(
+        "core.URLAction",
+        related_name="user",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+    )
     default_agent_tbl_tab = models.CharField(
         max_length=50, choices=AGENT_TBL_TAB_CHOICES, default="server"
     )
+    agents_per_page = models.PositiveIntegerField(default=50)  # not currently used
+    client_tree_sort = models.CharField(
+        max_length=50, choices=CLIENT_TREE_SORT_CHOICES, default="alphafail"
+    )
+    client_tree_splitter = models.PositiveIntegerField(default=11)
+    loading_bar_color = models.CharField(max_length=255, default="red")
 
     agent = models.OneToOneField(
         "agents.Agent",
@@ -36,9 +55,125 @@ class User(AbstractUser, BaseAuditModel):
         on_delete=models.CASCADE,
     )
 
+    role = models.ForeignKey(
+        "accounts.Role",
+        null=True,
+        blank=True,
+        related_name="roles",
+        on_delete=models.SET_NULL,
+    )
+
     @staticmethod
     def serialize(user):
         # serializes the task and returns json
         from .serializers import UserSerializer
 
         return UserSerializer(user).data
+
+
+class Role(models.Model):
+    name = models.CharField(max_length=255, unique=True)
+    is_superuser = models.BooleanField(default=False)
+
+    # agents
+    can_use_mesh = models.BooleanField(default=False)
+    can_uninstall_agents = models.BooleanField(default=False)
+    can_update_agents = models.BooleanField(default=False)
+    can_edit_agent = models.BooleanField(default=False)
+    can_manage_procs = models.BooleanField(default=False)
+    can_view_eventlogs = models.BooleanField(default=False)
+    can_send_cmd = models.BooleanField(default=False)
+    can_reboot_agents = models.BooleanField(default=False)
+    can_install_agents = models.BooleanField(default=False)
+    can_run_scripts = models.BooleanField(default=False)
+    can_run_bulk = models.BooleanField(default=False)
+
+    # core
+    can_manage_notes = models.BooleanField(default=False)
+    can_view_core_settings = models.BooleanField(default=False)
+    can_edit_core_settings = models.BooleanField(default=False)
+    can_do_server_maint = models.BooleanField(default=False)
+    can_code_sign = models.BooleanField(default=False)
+
+    # checks
+    can_manage_checks = models.BooleanField(default=False)
+    can_run_checks = models.BooleanField(default=False)
+
+    # clients
+    can_manage_clients = models.BooleanField(default=False)
+    can_manage_sites = models.BooleanField(default=False)
+    can_manage_deployments = models.BooleanField(default=False)
+
+    # automation
+    can_manage_automation_policies = models.BooleanField(default=False)
+
+    # automated tasks
+    can_manage_autotasks = models.BooleanField(default=False)
+    can_run_autotasks = models.BooleanField(default=False)
+
+    # logs
+    can_view_auditlogs = models.BooleanField(default=False)
+    can_manage_pendingactions = models.BooleanField(default=False)
+    can_view_debuglogs = models.BooleanField(default=False)
+
+    # scripts
+    can_manage_scripts = models.BooleanField(default=False)
+
+    # alerts
+    can_manage_alerts = models.BooleanField(default=False)
+
+    # win services
+    can_manage_winsvcs = models.BooleanField(default=False)
+
+    # software
+    can_manage_software = models.BooleanField(default=False)
+
+    # windows updates
+    can_manage_winupdates = models.BooleanField(default=False)
+
+    # accounts
+    can_manage_accounts = models.BooleanField(default=False)
+    can_manage_roles = models.BooleanField(default=False)
+
+    def __str__(self):
+        return self.name
+
+    @staticmethod
+    def perms():
+        return [
+            "is_superuser",
+            "can_use_mesh",
+            "can_uninstall_agents",
+            "can_update_agents",
+            "can_edit_agent",
+            "can_manage_procs",
+            "can_view_eventlogs",
+            "can_send_cmd",
+            "can_reboot_agents",
+            "can_install_agents",
+            "can_run_scripts",
+            "can_run_bulk",
+            "can_manage_notes",
+            "can_view_core_settings",
+            "can_edit_core_settings",
+            "can_do_server_maint",
+            "can_code_sign",
+            "can_manage_checks",
+            "can_run_checks",
+            "can_manage_clients",
+            "can_manage_sites",
+            "can_manage_deployments",
+            "can_manage_automation_policies",
+            "can_manage_autotasks",
+            "can_run_autotasks",
+            "can_view_auditlogs",
+            "can_manage_pendingactions",
+            "can_view_debuglogs",
+            "can_manage_scripts",
+            "can_manage_alerts",
+            "can_manage_winsvcs",
+            "can_manage_software",
+            "can_manage_winupdates",
+            "can_manage_accounts",
+            "can_manage_roles",
+        ]

api/tacticalrmm/accounts/permissions.py

@@ -0,0 +1,19 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class AccountsPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return True
+
+        return _has_perm(r, "can_manage_accounts")
+
+
+class RolesPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return True
+
+        return _has_perm(r, "can_manage_roles")

api/tacticalrmm/accounts/serializers.py

@@ -1,17 +1,28 @@
 import pyotp
+from rest_framework.serializers import ModelSerializer, SerializerMethodField
 
-from rest_framework.serializers import (
-    ModelSerializer,
-    SerializerMethodField,
-)
+from .models import User, Role
 
-from .models import User
+
+class UserUISerializer(ModelSerializer):
+    class Meta:
+        model = User
+        fields = [
+            "dark_mode",
+            "show_community_scripts",
+            "agent_dblclick_action",
+            "url_action",
+            "default_agent_tbl_tab",
+            "client_tree_sort",
+            "client_tree_splitter",
+            "loading_bar_color",
+        ]
 
 
 class UserSerializer(ModelSerializer):
     class Meta:
         model = User
-        fields = (
+        fields = [
             "id",
             "username",
             "first_name",
@@ -19,7 +30,8 @@ class UserSerializer(ModelSerializer):
             "email",
             "is_active",
             "last_login",
-        )
+            "role",
+        ]
 
 
 class TOTPSetupSerializer(ModelSerializer):
@@ -38,3 +50,9 @@ class TOTPSetupSerializer(ModelSerializer):
         return pyotp.totp.TOTP(obj.totp_key).provisioning_uri(
             obj.username, issuer_name="Tactical RMM"
         )
+
+
+class RoleSerializer(ModelSerializer):
+    class Meta:
+        model = Role
+        fields = "__all__"

api/tacticalrmm/accounts/tests.py

@@ -1,8 +1,9 @@
 from unittest.mock import patch
+
 from django.test import override_settings
 
-from tacticalrmm.test import TacticalTestCase
 from accounts.models import User
+from tacticalrmm.test import TacticalTestCase
 
 
 class TestAccounts(TacticalTestCase):
@@ -270,18 +271,15 @@ class TestUserAction(TacticalTestCase):
 
     def test_user_ui(self):
         url = "/accounts/users/ui/"
-        data = {"dark_mode": False}
-        r = self.client.patch(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
-
-        data = {"show_community_scripts": True}
-        r = self.client.patch(url, data, format="json")
-        self.assertEqual(r.status_code, 200)
 
         data = {
-            "userui": True,
+            "dark_mode": True,
+            "show_community_scripts": True,
             "agent_dblclick_action": "editagent",
             "default_agent_tbl_tab": "mixed",
+            "client_tree_sort": "alpha",
+            "client_tree_splitter": 14,
+            "loading_bar_color": "green",
         }
         r = self.client.patch(url, data, format="json")
         self.assertEqual(r.status_code, 200)

api/tacticalrmm/accounts/urls.py

@@ -1,4 +1,5 @@
 from django.urls import path
+
 from . import views
 
 urlpatterns = [
@@ -8,4 +9,7 @@ urlpatterns = [
     path("users/reset_totp/", views.UserActions.as_view()),
     path("users/setup_totp/", views.TOTPSetup.as_view()),
     path("users/ui/", views.UserUI.as_view()),
+    path("permslist/", views.PermsList.as_view()),
+    path("roles/", views.GetAddRoles.as_view()),
+    path("<int:pk>/role/", views.GetUpdateDeleteRole.as_view()),
 ]

api/tacticalrmm/accounts/views.py

@@ -1,23 +1,34 @@
 import pyotp
-
-from django.contrib.auth import login
 from django.conf import settings
-from django.shortcuts import get_object_or_404
+from django.contrib.auth import login
 from django.db import IntegrityError
-
-from rest_framework.views import APIView
-from rest_framework.authtoken.serializers import AuthTokenSerializer
+from django.shortcuts import get_object_or_404
 from knox.views import LoginView as KnoxLoginView
-from rest_framework.permissions import AllowAny
-from rest_framework.response import Response
 from rest_framework import status
+from rest_framework.authtoken.serializers import AuthTokenSerializer
+from rest_framework.permissions import AllowAny, IsAuthenticated
+from rest_framework.response import Response
+from rest_framework.views import APIView
 
-from .models import User
-from agents.models import Agent
 from logs.models import AuditLog
 from tacticalrmm.utils import notify_error
 
-from .serializers import UserSerializer, TOTPSetupSerializer
+from .models import User, Role
+from .permissions import AccountsPerms, RolesPerms
+from .serializers import (
+    TOTPSetupSerializer,
+    UserSerializer,
+    UserUISerializer,
+    RoleSerializer,
+)
+
+
+def _is_root_user(request, user) -> bool:
+    return (
+        hasattr(settings, "ROOT_USER")
+        and request.user != user
+        and user.username == settings.ROOT_USER
+    )
 
 
 class CheckCreds(KnoxLoginView):
@@ -73,6 +84,8 @@ class LoginView(KnoxLoginView):
 
 
 class GetAddUsers(APIView):
+    permission_classes = [IsAuthenticated, AccountsPerms]
+
     def get(self, request):
         users = User.objects.filter(agent=None)
 
@@ -81,7 +94,7 @@ class GetAddUsers(APIView):
     def post(self, request):
         # add new user
         try:
-            user = User.objects.create_user(
+            user = User.objects.create_user(  # type: ignore
                 request.data["username"],
                 request.data["email"],
                 request.data["password"],
@@ -93,13 +106,17 @@ class GetAddUsers(APIView):
 
         user.first_name = request.data["first_name"]
         user.last_name = request.data["last_name"]
-        # Can be changed once permissions and groups are introduced
-        user.is_superuser = True
+        if "role" in request.data.keys() and isinstance(request.data["role"], int):
+            role = get_object_or_404(Role, pk=request.data["role"])
+            user.role = role
+
         user.save()
         return Response(user.username)
 
 
 class GetUpdateDeleteUser(APIView):
+    permission_classes = [IsAuthenticated, AccountsPerms]
+
     def get(self, request, pk):
         user = get_object_or_404(User, pk=pk)
 
@@ -108,11 +125,7 @@ class GetUpdateDeleteUser(APIView):
     def put(self, request, pk):
         user = get_object_or_404(User, pk=pk)
 
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be modified from the UI")
 
         serializer = UserSerializer(instance=user, data=request.data, partial=True)
@@ -123,11 +136,7 @@ class GetUpdateDeleteUser(APIView):
 
     def delete(self, request, pk):
         user = get_object_or_404(User, pk=pk)
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be deleted from the UI")
 
         user.delete()
@@ -136,15 +145,11 @@ class GetUpdateDeleteUser(APIView):
 
 
 class UserActions(APIView):
-
+    permission_classes = [IsAuthenticated, AccountsPerms]
     # reset password
     def post(self, request):
         user = get_object_or_404(User, pk=request.data["id"])
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be modified from the UI")
 
         user.set_password(request.data["password"])
@@ -155,11 +160,7 @@ class UserActions(APIView):
     # reset two factor token
     def put(self, request):
         user = get_object_or_404(User, pk=request.data["id"])
-        if (
-            hasattr(settings, "ROOT_USER")
-            and request.user != user
-            and user.username == settings.ROOT_USER
-        ):
+        if _is_root_user(request, user):
             return notify_error("The root user cannot be modified from the UI")
 
         user.totp_key = ""
@@ -187,19 +188,48 @@ class TOTPSetup(APIView):
 
 class UserUI(APIView):
     def patch(self, request):
-        user = request.user
-
-        if "dark_mode" in request.data.keys():
-            user.dark_mode = request.data["dark_mode"]
-            user.save(update_fields=["dark_mode"])
-
-        if "show_community_scripts" in request.data.keys():
-            user.show_community_scripts = request.data["show_community_scripts"]
-            user.save(update_fields=["show_community_scripts"])
-
-        if "userui" in request.data.keys():
-            user.agent_dblclick_action = request.data["agent_dblclick_action"]
-            user.default_agent_tbl_tab = request.data["default_agent_tbl_tab"]
-            user.save(update_fields=["agent_dblclick_action", "default_agent_tbl_tab"])
-
+        serializer = UserUISerializer(
+            instance=request.user, data=request.data, partial=True
+        )
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("ok")
+
+
+class PermsList(APIView):
+    def get(self, request):
+        return Response(Role.perms())
+
+
+class GetAddRoles(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
+    def get(self, request):
+        roles = Role.objects.all()
+        return Response(RoleSerializer(roles, many=True).data)
+
+    def post(self, request):
+        serializer = RoleSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("ok")
+
+
+class GetUpdateDeleteRole(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
+    def get(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        return Response(RoleSerializer(role).data)
+
+    def put(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        serializer = RoleSerializer(instance=role, data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("ok")
+
+    def delete(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        role.delete()
         return Response("ok")

api/tacticalrmm/agents/admin.py

@@ -1,7 +1,8 @@
 from django.contrib import admin
 
-from .models import Agent, RecoveryAction, Note
+from .models import Agent, AgentCustomField, Note, RecoveryAction
 
 admin.site.register(Agent)
 admin.site.register(RecoveryAction)
 admin.site.register(Note)
+admin.site.register(AgentCustomField)

api/tacticalrmm/agents/baker_recipes.py

@@ -1,12 +1,12 @@
+import json
+import os
 import random
 import string
-import os
-import json
-
-from model_bakery.recipe import Recipe, foreign_key
 from itertools import cycle
-from django.utils import timezone as djangotime
+
 from django.conf import settings
+from django.utils import timezone as djangotime
+from model_bakery.recipe import Recipe, foreign_key, seq
 
 
 def generate_agent_id(hostname):
@@ -30,8 +30,7 @@ agent = Recipe(
     hostname="DESKTOP-TEST123",
     version="1.3.0",
     monitoring_type=cycle(["workstation", "server"]),
-    salt_id=generate_agent_id("DESKTOP-TEST123"),
-    agent_id="71AHC-AA813-HH1BC-AAHH5-00013|DESKTOP-TEST123",
+    agent_id=seq("asdkj3h4234-1234hg3h4g34-234jjh34|DESKTOP-TEST123"),
 )
 
 server_agent = agent.extend(
@@ -44,8 +43,12 @@ workstation_agent = agent.extend(
 
 online_agent = agent.extend(last_seen=djangotime.now())
 
+offline_agent = agent.extend(
+    last_seen=djangotime.now() - djangotime.timedelta(minutes=7)
+)
+
 overdue_agent = agent.extend(
-    last_seen=djangotime.now() - djangotime.timedelta(minutes=6)
+    last_seen=djangotime.now() - djangotime.timedelta(minutes=35)
 )
 
 agent_with_services = agent.extend(

api/tacticalrmm/agents/management/commands/bulk_change_checkin.py

@@ -0,0 +1,93 @@
+from django.core.management.base import BaseCommand
+
+from agents.models import Agent
+from clients.models import Client, Site
+
+
+class Command(BaseCommand):
+    help = "Bulk update agent offline/overdue time"
+
+    def add_arguments(self, parser):
+        parser.add_argument("time", type=int, help="Time in minutes")
+        parser.add_argument(
+            "--client",
+            type=str,
+            help="Client Name",
+        )
+        parser.add_argument(
+            "--site",
+            type=str,
+            help="Site Name",
+        )
+        parser.add_argument(
+            "--offline",
+            action="store_true",
+            help="Offline",
+        )
+        parser.add_argument(
+            "--overdue",
+            action="store_true",
+            help="Overdue",
+        )
+        parser.add_argument(
+            "--all",
+            action="store_true",
+            help="All agents",
+        )
+
+    def handle(self, *args, **kwargs):
+        time = kwargs["time"]
+        client_name = kwargs["client"]
+        site_name = kwargs["site"]
+        all_agents = kwargs["all"]
+        offline = kwargs["offline"]
+        overdue = kwargs["overdue"]
+        agents = None
+
+        if offline and time < 2:
+            self.stdout.write(self.style.ERROR("Minimum offline time is 2 minutes"))
+            return
+
+        if overdue and time < 3:
+            self.stdout.write(self.style.ERROR("Minimum overdue time is 3 minutes"))
+            return
+
+        if client_name:
+            try:
+                client = Client.objects.get(name=client_name)
+            except Client.DoesNotExist:
+                self.stdout.write(
+                    self.style.ERROR(f"Client {client_name} doesn't exist")
+                )
+                return
+
+            agents = Agent.objects.filter(site__client=client)
+
+        elif site_name:
+            try:
+                site = Site.objects.get(name=site_name)
+            except Site.DoesNotExist:
+                self.stdout.write(self.style.ERROR(f"Site {site_name} doesn't exist"))
+                return
+
+            agents = Agent.objects.filter(site=site)
+
+        elif all_agents:
+            agents = Agent.objects.all()
+
+        if agents:
+            if offline:
+                agents.update(offline_time=time)
+                self.stdout.write(
+                    self.style.SUCCESS(
+                        f"Changed offline time on {len(agents)} agents to {time} minutes"
+                    )
+                )
+
+            if overdue:
+                agents.update(overdue_time=time)
+                self.stdout.write(
+                    self.style.SUCCESS(
+                        f"Changed overdue time on {len(agents)} agents to {time} minutes"
+                    )
+                )

api/tacticalrmm/agents/management/commands/show_outdated_agents.py

@@ -0,0 +1,18 @@
+from django.conf import settings
+from django.core.management.base import BaseCommand
+
+from agents.models import Agent
+
+
+class Command(BaseCommand):
+    help = "Shows online agents that are not on the latest version"
+
+    def handle(self, *args, **kwargs):
+        q = Agent.objects.exclude(version=settings.LATEST_AGENT_VER).only(
+            "pk", "version", "last_seen", "overdue_time", "offline_time"
+        )
+        agents = [i for i in q if i.status == "online"]
+        for agent in agents:
+            self.stdout.write(
+                self.style.SUCCESS(f"{agent.hostname} - v{agent.version}")
+            )

api/tacticalrmm/agents/migrations/0001_initial.py

@@ -1,8 +1,8 @@
 # Generated by Django 3.0.6 on 2020-05-31 01:23
 
 import django.contrib.postgres.fields.jsonb
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/agents/migrations/0005_agent_policy.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.0.7 on 2020-06-09 16:07
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/agents/migrations/0011_recoveryaction.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.0.8 on 2020-08-09 05:31
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/agents/migrations/0015_note.py

@@ -1,8 +1,8 @@
 # Generated by Django 3.1.1 on 2020-09-22 20:57
 
+import django.db.models.deletion
 from django.conf import settings
 from django.db import migrations, models
-import django.db.models.deletion
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/agents/migrations/0021_agent_site_link.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.1.2 on 2020-11-01 22:53
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/agents/migrations/0031_agent_alert_template.py

@@ -0,0 +1,20 @@
+# Generated by Django 3.1.7 on 2021-03-04 03:57
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0006_auto_20210217_1736'),
+        ('agents', '0030_agent_offline_time'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='alert_template',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='agents', to='alerts.alerttemplate'),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0032_agentcustomfield.py

@@ -0,0 +1,24 @@
+# Generated by Django 3.1.7 on 2021-03-17 14:45
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0014_customfield'),
+        ('agents', '0031_agent_alert_template'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AgentCustomField',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('value', models.TextField(blank=True, null=True)),
+                ('agent', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='custom_fields', to='agents.agent')),
+                ('field', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='agent_fields', to='core.customfield')),
+            ],
+        ),
+    ]

api/tacticalrmm/agents/migrations/0033_agentcustomfield_multiple_value.py

@@ -0,0 +1,19 @@
+# Generated by Django 3.1.7 on 2021-03-29 02:51
+
+import django.contrib.postgres.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0032_agentcustomfield'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentcustomfield',
+            name='multiple_value',
+            field=django.contrib.postgres.fields.ArrayField(base_field=models.TextField(blank=True, null=True), blank=True, default=list, null=True, size=None),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0034_agentcustomfield_checkbox_value.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-29 03:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0033_agentcustomfield_multiple_value'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentcustomfield',
+            name='checkbox_value',
+            field=models.BooleanField(blank=True, default=False),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0035_auto_20210329_1709.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.1.7 on 2021-03-29 17:09
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0034_agentcustomfield_checkbox_value'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='agentcustomfield',
+            old_name='checkbox_value',
+            new_name='bool_value',
+        ),
+        migrations.RenameField(
+            model_name='agentcustomfield',
+            old_name='value',
+            new_name='string_value',
+        ),
+    ]

api/tacticalrmm/agents/migrations/0036_agent_block_policy_inheritance.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-04-17 01:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0035_auto_20210329_1709'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='block_policy_inheritance',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/agents/migrations/0037_auto_20210627_0014.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.4 on 2021-06-27 00:14
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0036_agent_block_policy_inheritance'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='has_patches_pending',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='agent',
+            name='pending_actions_count',
+            field=models.PositiveIntegerField(default=0),
+        ),
+    ]

api/tacticalrmm/agents/models.py

@@ -1,28 +1,26 @@
-import time
-import base64
-from Crypto.Cipher import AES
-from Crypto.Random import get_random_bytes
-from Crypto.Hash import SHA3_384
-from Crypto.Util.Padding import pad
-import validators
-import msgpack
-import re
-from collections import Counter
-from typing import List, Union, Any
-from loguru import logger
 import asyncio
-
-from packaging import version as pyver
+import base64
+import re
+import time
+from collections import Counter
 from distutils.version import LooseVersion
+from typing import Any
+
+import msgpack
+import validators
+from Crypto.Cipher import AES
+from Crypto.Hash import SHA3_384
+from Crypto.Random import get_random_bytes
+from Crypto.Util.Padding import pad
+from django.conf import settings
+from django.contrib.postgres.fields import ArrayField
+from django.db import models
+from django.utils import timezone as djangotime
+from loguru import logger
 from nats.aio.client import Client as NATS
 from nats.aio.errors import ErrTimeout
 
-from django.db import models
-from django.conf import settings
-from django.utils import timezone as djangotime
-from alerts.models import AlertTemplate
-
-from core.models import CoreSettings, TZ_CHOICES
+from core.models import TZ_CHOICES, CoreSettings
 from logs.models import BaseAuditModel
 
 logger.configure(**settings.LOG_CONFIG)
@@ -65,6 +63,16 @@ class Agent(BaseAuditModel):
         max_length=255, choices=TZ_CHOICES, null=True, blank=True
     )
     maintenance_mode = models.BooleanField(default=False)
+    block_policy_inheritance = models.BooleanField(default=False)
+    pending_actions_count = models.PositiveIntegerField(default=0)
+    has_patches_pending = models.BooleanField(default=False)
+    alert_template = models.ForeignKey(
+        "alerts.AlertTemplate",
+        related_name="agents",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+    )
     site = models.ForeignKey(
         "clients.Site",
         related_name="agents",
@@ -86,14 +94,16 @@ class Agent(BaseAuditModel):
         old_agent = type(self).objects.get(pk=self.pk) if self.pk else None
         super(BaseAuditModel, self).save(*args, **kwargs)
 
-        # check if new agent has been create
+        # check if new agent has been created
         # or check if policy have changed on agent
         # or if site has changed on agent and if so generate-policies
+        # or if agent was changed from server or workstation
         if (
             not old_agent
-            or old_agent
-            and old_agent.policy != self.policy
-            or old_agent.site != self.site
+            or (old_agent and old_agent.policy != self.policy)
+            or (old_agent.site != self.site)
+            or (old_agent.monitoring_type != self.monitoring_type)
+            or (old_agent.block_policy_inheritance != self.block_policy_inheritance)
         ):
             self.generate_checks_from_policies()
             self.generate_tasks_from_policies()
@@ -105,14 +115,6 @@ class Agent(BaseAuditModel):
     def client(self):
         return self.site.client
 
-    @property
-    def has_nats(self):
-        return pyver.parse(self.version) >= pyver.parse("1.1.0")
-
-    @property
-    def has_gotasks(self):
-        return pyver.parse(self.version) >= pyver.parse("1.1.1")
-
     @property
     def timezone(self):
         # return the default timezone unless the timezone is explicity set per agent
@@ -163,27 +165,30 @@ class Agent(BaseAuditModel):
         else:
             return "offline"
 
-    @property
-    def has_patches_pending(self):
-        return self.winupdates.filter(action="approve").filter(installed=False).exists()
-
     @property
     def checks(self):
-        total, passing, failing = 0, 0, 0
+        total, passing, failing, warning, info = 0, 0, 0, 0, 0
 
-        if self.agentchecks.exists():
-            for i in self.agentchecks.all():
+        if self.agentchecks.exists():  # type: ignore
+            for i in self.agentchecks.all():  # type: ignore
                 total += 1
                 if i.status == "passing":
                     passing += 1
                 elif i.status == "failing":
-                    failing += 1
+                    if i.alert_severity == "error":
+                        failing += 1
+                    elif i.alert_severity == "warning":
+                        warning += 1
+                    elif i.alert_severity == "info":
+                        info += 1
 
         ret = {
             "total": total,
             "passing": passing,
             "failing": failing,
-            "has_failing_checks": failing > 0,
+            "warning": warning,
+            "info": info,
+            "has_failing_checks": failing > 0 or warning > 0,
         }
         return ret
 
@@ -198,6 +203,27 @@ class Agent(BaseAuditModel):
         except:
             return ["unknown cpu model"]
 
+    @property
+    def graphics(self):
+        ret, mrda = [], []
+        try:
+            graphics = self.wmi_detail["graphics"]
+            for i in graphics:
+                caption = [x["Caption"] for x in i if "Caption" in x][0]
+                if "microsoft remote display adapter" in caption.lower():
+                    mrda.append("yes")
+                    continue
+
+                ret.append([x["Caption"] for x in i if "Caption" in x][0])
+
+            # only return this if no other graphics cards
+            if not ret and mrda:
+                return "Microsoft Remote Display Adapter"
+
+            return ", ".join(ret)
+        except:
+            return "Graphics info requires agent v1.4.14"
+
     @property
     def local_ips(self):
         ret = []
@@ -237,11 +263,17 @@ class Agent(BaseAuditModel):
                 make = [x["Manufacturer"] for x in mobo if "Manufacturer" in x][0]
                 model = [x["Product"] for x in mobo if "Product" in x][0]
 
+            if make.lower() == "lenovo":
+                sysfam = [x["SystemFamily"] for x in comp_sys if "SystemFamily" in x][0]
+                if "to be filled" not in sysfam.lower():
+                    model = sysfam
+
             return f"{make} {model}"
         except:
             pass
 
         try:
+            comp_sys_prod = self.wmi_detail["comp_sys_prod"][0]
             return [x["Version"] for x in comp_sys_prod if "Version" in x][0]
         except:
             pass
@@ -271,10 +303,24 @@ class Agent(BaseAuditModel):
         except:
             return ["unknown disk"]
 
+    def check_run_interval(self) -> int:
+        interval = self.check_interval
+        # determine if any agent checks have a custom interval and set the lowest interval
+        for check in self.agentchecks.filter(overriden_by_policy=False):  # type: ignore
+            if check.run_interval and check.run_interval < interval:
+
+                # don't allow check runs less than 15s
+                if check.run_interval < 15:
+                    interval = 15
+                else:
+                    interval = check.run_interval
+
+        return interval
+
     def run_script(
         self,
         scriptpk: int,
-        args: List[str] = [],
+        args: list[str] = [],
         timeout: int = 120,
         full: bool = False,
         wait: bool = False,
@@ -284,10 +330,13 @@ class Agent(BaseAuditModel):
         from scripts.models import Script
 
         script = Script.objects.get(pk=scriptpk)
+
+        parsed_args = script.parse_script_args(self, script.shell, args)
+
         data = {
             "func": "runscriptfull" if full else "runscript",
             "timeout": timeout,
-            "script_args": args,
+            "script_args": parsed_args,
             "payload": {
                 "code": script.code,
                 "shell": script.shell,
@@ -296,10 +345,10 @@ class Agent(BaseAuditModel):
 
         running_agent = self
         if run_on_any:
-            nats_ping = {"func": "ping", "timeout": 1}
+            nats_ping = {"func": "ping"}
 
             # try on self first
-            r = asyncio.run(self.nats_cmd(nats_ping))
+            r = asyncio.run(self.nats_cmd(nats_ping, timeout=1))
 
             if r == "pong":
                 running_agent = self
@@ -307,13 +356,13 @@ class Agent(BaseAuditModel):
                 online = [
                     agent
                     for agent in Agent.objects.only(
-                        "pk", "last_seen", "overdue_time", "offline_time"
+                        "pk", "agent_id", "last_seen", "overdue_time", "offline_time"
                     )
                     if agent.status == "online"
                 ]
 
                 for agent in online:
-                    r = asyncio.run(agent.nats_cmd(nats_ping))
+                    r = asyncio.run(agent.nats_cmd(nats_ping, timeout=1))
                     if r == "pong":
                         running_agent = agent
                         break
@@ -334,27 +383,27 @@ class Agent(BaseAuditModel):
 
         updates = list()
         if patch_policy.critical == "approve":
-            updates += self.winupdates.filter(
+            updates += self.winupdates.filter(  # type: ignore
                 severity="Critical", installed=False
             ).exclude(action="approve")
 
         if patch_policy.important == "approve":
-            updates += self.winupdates.filter(
+            updates += self.winupdates.filter(  # type: ignore
                 severity="Important", installed=False
             ).exclude(action="approve")
 
         if patch_policy.moderate == "approve":
-            updates += self.winupdates.filter(
+            updates += self.winupdates.filter(  # type: ignore
                 severity="Moderate", installed=False
             ).exclude(action="approve")
 
         if patch_policy.low == "approve":
-            updates += self.winupdates.filter(severity="Low", installed=False).exclude(
+            updates += self.winupdates.filter(severity="Low", installed=False).exclude(  # type: ignore
                 action="approve"
             )
 
         if patch_policy.other == "approve":
-            updates += self.winupdates.filter(severity="", installed=False).exclude(
+            updates += self.winupdates.filter(severity="", installed=False).exclude(  # type: ignore
                 action="approve"
             )
 
@@ -369,7 +418,7 @@ class Agent(BaseAuditModel):
         site = self.site
         core_settings = CoreSettings.objects.first()
         patch_policy = None
-        agent_policy = self.winupdatepolicy.get()
+        agent_policy = self.winupdatepolicy.get()  # type: ignore
 
         if self.monitoring_type == "server":
             # check agent policy first which should override client or site policy
@@ -378,21 +427,34 @@ class Agent(BaseAuditModel):
 
             # check site policy if agent policy doesn't have one
             elif site.server_policy and site.server_policy.winupdatepolicy.exists():
-                patch_policy = site.server_policy.winupdatepolicy.get()
+                # make sure agent isn;t blocking policy inheritance
+                if not self.block_policy_inheritance:
+                    patch_policy = site.server_policy.winupdatepolicy.get()
 
             # if site doesn't have a patch policy check the client
             elif (
                 site.client.server_policy
                 and site.client.server_policy.winupdatepolicy.exists()
             ):
-                patch_policy = site.client.server_policy.winupdatepolicy.get()
+                # make sure agent and site are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                ):
+                    patch_policy = site.client.server_policy.winupdatepolicy.get()
 
             # if patch policy still doesn't exist check default policy
             elif (
                 core_settings.server_policy
                 and core_settings.server_policy.winupdatepolicy.exists()
             ):
-                patch_policy = core_settings.server_policy.winupdatepolicy.get()
+                # make sure agent site and client are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                    and not site.client.block_policy_inheritance
+                ):
+                    patch_policy = core_settings.server_policy.winupdatepolicy.get()
 
         elif self.monitoring_type == "workstation":
             # check agent policy first which should override client or site policy
@@ -403,21 +465,36 @@ class Agent(BaseAuditModel):
                 site.workstation_policy
                 and site.workstation_policy.winupdatepolicy.exists()
             ):
-                patch_policy = site.workstation_policy.winupdatepolicy.get()
+                # make sure agent isn;t blocking policy inheritance
+                if not self.block_policy_inheritance:
+                    patch_policy = site.workstation_policy.winupdatepolicy.get()
 
             # if site doesn't have a patch policy check the client
             elif (
                 site.client.workstation_policy
                 and site.client.workstation_policy.winupdatepolicy.exists()
             ):
-                patch_policy = site.client.workstation_policy.winupdatepolicy.get()
+                # make sure agent and site are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                ):
+                    patch_policy = site.client.workstation_policy.winupdatepolicy.get()
 
             # if patch policy still doesn't exist check default policy
             elif (
                 core_settings.workstation_policy
                 and core_settings.workstation_policy.winupdatepolicy.exists()
             ):
-                patch_policy = core_settings.workstation_policy.winupdatepolicy.get()
+                # make sure agent site and client are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                    and not site.client.block_policy_inheritance
+                ):
+                    patch_policy = (
+                        core_settings.workstation_policy.winupdatepolicy.get()
+                    )
 
         # if policy still doesn't exist return the agent patch policy
         if not patch_policy:
@@ -454,16 +531,16 @@ class Agent(BaseAuditModel):
 
         return patch_policy
 
-    def get_approved_update_guids(self) -> List[str]:
+    def get_approved_update_guids(self) -> list[str]:
         return list(
-            self.winupdates.filter(action="approve", installed=False).values_list(
+            self.winupdates.filter(action="approve", installed=False).values_list(  # type: ignore
                 "guid", flat=True
             )
         )
 
-    # returns alert template assigned in the following order: policy, site, client, global
-    # will return None if nothing is found
-    def get_alert_template(self) -> Union[AlertTemplate, None]:
+    # sets alert template assigned in the following order: policy, site, client, global
+    # sets None if nothing is found
+    def set_alert_template(self):
 
         site = self.site
         client = self.client
@@ -479,62 +556,85 @@ class Agent(BaseAuditModel):
             templates.append(self.policy.alert_template)
 
         # check if policy with alert template is assigned to the site
-        elif (
+        if (
             self.monitoring_type == "server"
             and site.server_policy
             and site.server_policy.alert_template
             and site.server_policy.alert_template.is_active
+            and not self.block_policy_inheritance
         ):
             templates.append(site.server_policy.alert_template)
-        elif (
+        if (
             self.monitoring_type == "workstation"
             and site.workstation_policy
             and site.workstation_policy.alert_template
             and site.workstation_policy.alert_template.is_active
+            and not self.block_policy_inheritance
         ):
             templates.append(site.workstation_policy.alert_template)
 
         # check if alert template is assigned to site
-        elif site.alert_template and site.alert_template.is_active:
+        if site.alert_template and site.alert_template.is_active:
             templates.append(site.alert_template)
 
         # check if policy with alert template is assigned to the client
-        elif (
+        if (
             self.monitoring_type == "server"
             and client.server_policy
             and client.server_policy.alert_template
             and client.server_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
         ):
             templates.append(client.server_policy.alert_template)
-        elif (
+        if (
             self.monitoring_type == "workstation"
             and client.workstation_policy
             and client.workstation_policy.alert_template
             and client.workstation_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
         ):
             templates.append(client.workstation_policy.alert_template)
 
         # check if alert template is on client and return
-        elif client.alert_template and client.alert_template.is_active:
+        if (
+            client.alert_template
+            and client.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+        ):
             templates.append(client.alert_template)
 
         # check if alert template is applied globally and return
-        elif core.alert_template and core.alert_template.is_active:
+        if (
+            core.alert_template
+            and core.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
+        ):
             templates.append(core.alert_template)
 
         # if agent is a workstation, check if policy with alert template is assigned to the site, client, or core
-        elif (
+        if (
             self.monitoring_type == "server"
             and core.server_policy
             and core.server_policy.alert_template
             and core.server_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
         ):
             templates.append(core.server_policy.alert_template)
-        elif (
+        if (
             self.monitoring_type == "workstation"
             and core.workstation_policy
             and core.workstation_policy.alert_template
             and core.workstation_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
         ):
             templates.append(core.workstation_policy.alert_template)
 
@@ -542,29 +642,44 @@ class Agent(BaseAuditModel):
         for template in templates:
             # check if client, site, or agent has been excluded from template
             if (
-                client.pk in template.excluded_clients.all()
-                or site.pk in template.excluded_sites.all()
-                or self.pk in template.excluded_agents.all()
+                client.pk
+                in template.excluded_clients.all().values_list("pk", flat=True)
+                or site.pk in template.excluded_sites.all().values_list("pk", flat=True)
+                or self.pk
+                in template.excluded_agents.all()
+                .only("pk")
+                .values_list("pk", flat=True)
             ):
                 continue
 
-            # see if template is excluding desktops
-            if (
-                self.monitoring_type == "workstation"
-                and not template.agent_include_desktops
+            # check if template is excluding desktops
+            elif (
+                self.monitoring_type == "workstation" and template.exclude_workstations
             ):
                 continue
+
+            # check if template is excluding servers
+            elif self.monitoring_type == "server" and template.exclude_servers:
+                continue
+
             else:
+                # save alert_template to agent cache field
+                self.alert_template = template
+                self.save()
+
                 return template
 
         # no alert templates found or agent has been excluded
+        self.alert_template = None
+        self.save()
+
         return None
 
     def generate_checks_from_policies(self):
         from automation.models import Policy
 
         # Clear agent checks that have overriden_by_policy set
-        self.agentchecks.update(overriden_by_policy=False)
+        self.agentchecks.update(overriden_by_policy=False)  # type: ignore
 
         # Generate checks based on policies
         Policy.generate_policy_checks(self)
@@ -599,7 +714,7 @@ class Agent(BaseAuditModel):
         except Exception:
             return "err"
 
-    async def nats_cmd(self, data, timeout=30, wait=True):
+    async def nats_cmd(self, data: dict, timeout: int = 30, wait: bool = True):
         nc = NATS()
         options = {
             "servers": f"tls://{settings.ALLOWED_HOSTS[0]}:4222",
@@ -621,7 +736,11 @@ class Agent(BaseAuditModel):
             except ErrTimeout:
                 ret = "timeout"
             else:
-                ret = msgpack.loads(msg.data)
+                try:
+                    ret = msgpack.loads(msg.data)  # type: ignore
+                except Exception as e:
+                    logger.error(e)
+                    ret = str(e)
 
             await nc.close()
             return ret
@@ -643,12 +762,12 @@ class Agent(BaseAuditModel):
     def delete_superseded_updates(self):
         try:
             pks = []  # list of pks to delete
-            kbs = list(self.winupdates.values_list("kb", flat=True))
+            kbs = list(self.winupdates.values_list("kb", flat=True))  # type: ignore
             d = Counter(kbs)
             dupes = [k for k, v in d.items() if v > 1]
 
             for dupe in dupes:
-                titles = self.winupdates.filter(kb=dupe).values_list("title", flat=True)
+                titles = self.winupdates.filter(kb=dupe).values_list("title", flat=True)  # type: ignore
                 # extract the version from the title and sort from oldest to newest
                 # skip if no version info is available therefore nothing to parse
                 try:
@@ -661,194 +780,33 @@ class Agent(BaseAuditModel):
                     continue
                 # append all but the latest version to our list of pks to delete
                 for ver in sorted_vers[:-1]:
-                    q = self.winupdates.filter(kb=dupe).filter(title__contains=ver)
+                    q = self.winupdates.filter(kb=dupe).filter(title__contains=ver)  # type: ignore
                     pks.append(q.first().pk)
 
             pks = list(set(pks))
-            self.winupdates.filter(pk__in=pks).delete()
+            self.winupdates.filter(pk__in=pks).delete()  # type: ignore
         except:
             pass
 
-    # define how the agent should handle pending actions
-    def handle_pending_actions(self):
-        pending_actions = self.pendingactions.filter(status="pending")
-
-        for action in pending_actions:
-            if action.action_type == "taskaction":
-                from autotasks.tasks import (
-                    create_win_task_schedule,
-                    enable_or_disable_win_task,
-                    delete_win_task_schedule,
-                )
-
-                task_id = action.details["task_id"]
-
-                if action.details["action"] == "taskcreate":
-                    create_win_task_schedule.delay(task_id, pending_action=action.id)
-                elif action.details["action"] == "tasktoggle":
-                    enable_or_disable_win_task.delay(
-                        task_id, action.details["value"], pending_action=action.id
-                    )
-                elif action.details["action"] == "taskdelete":
-                    delete_win_task_schedule.delay(task_id, pending_action=action.id)
-
-    # for clearing duplicate pending actions on agent
-    def remove_matching_pending_task_actions(self, task_id):
-        # remove any other pending actions on agent with same task_id
-        for action in self.pendingactions.exclude(status="completed"):
-            if action.details["task_id"] == task_id:
-                action.delete()
-
-    def handle_alert(self, checkin: bool = False) -> None:
-        from alerts.models import Alert
-        from agents.tasks import (
-            agent_recovery_email_task,
-            agent_recovery_sms_task,
-            agent_outage_email_task,
-            agent_outage_sms_task,
-        )
-
-        # return if agent is in maintenace mode
-        if self.maintenance_mode:
-            return
-
-        alert_template = self.get_alert_template()
-
-        # called when agent is back online
-        if checkin:
-            if Alert.objects.filter(agent=self, resolved=False).exists():
-
-                # resolve alert if exists
-                alert = Alert.objects.get(agent=self, resolved=False)
-                alert.resolve()
-
-                # check if a resolved notification should be emailed
-                if (
-                    not alert.resolved_email_sent
-                    and alert_template
-                    and alert_template.agent_email_on_resolved
-                    or self.overdue_email_alert
-                ):
-                    agent_recovery_email_task.delay(pk=alert.pk)
-
-                # check if a resolved notification should be texted
-                if (
-                    not alert.resolved_sms_sent
-                    and alert_template
-                    and alert_template.agent_text_on_resolved
-                    or self.overdue_text_alert
-                ):
-                    agent_recovery_sms_task.delay(pk=alert.pk)
-
-                # check if any scripts should be run
-                if (
-                    not alert.resolved_action_run
-                    and alert_template
-                    and alert_template.resolved_action
-                ):
-                    r = self.run_script(
-                        scriptpk=alert_template.resolved_action.pk,
-                        args=alert_template.resolved_action_args,
-                        timeout=alert_template.resolved_action_timeout,
-                        wait=True,
-                        full=True,
-                        run_on_any=True,
-                    )
-
-                    # command was successful
-                    if type(r) == dict:
-                        alert.resolved_action_retcode = r["retcode"]
-                        alert.resolved_action_stdout = r["stdout"]
-                        alert.resolved_action_stderr = r["stderr"]
-                        alert.resolved_action_execution_time = "{:.4f}".format(
-                            r["execution_time"]
-                        )
-                        alert.resolved_action_run = djangotime.now()
-                        alert.save()
-                    else:
-                        logger.error(
-                            f"Resolved action: {alert_template.resolved_action} failed to run on any agent for {self.hostname} resolved outage"
-                        )
-
-        # called when agent is offline
-        else:
-            # check if alert hasn't been created yet so create it
-            if not Alert.objects.filter(agent=self, resolved=False).exists():
-
-                alert = Alert.create_availability_alert(self)
-
-                # add a null check history to allow gaps in graph
-                for check in self.agentchecks.all():
-                    check.add_check_history(None)
-            else:
-                alert = Alert.objects.get(agent=self, resolved=False)
-
-            # create dashboard alert if enabled
-            if (
+    def should_create_alert(self, alert_template=None):
+        return (
+            self.overdue_dashboard_alert
+            or self.overdue_email_alert
+            or self.overdue_text_alert
+            or (
                 alert_template
-                and alert_template.agent_always_alert
-                or self.overdue_dashboard_alert
-            ):
-                alert.hidden = False
-                alert.save()
-
-            # send email alert if enabled
-            if (
-                not alert.email_sent
-                and alert_template
-                and alert_template.agent_always_email
-                or self.overdue_email_alert
-            ):
-                agent_outage_email_task.delay(
-                    pk=alert.pk,
-                    alert_interval=alert_template.check_periodic_alert_days
-                    if alert_template
-                    else None,
+                and (
+                    alert_template.agent_always_alert
+                    or alert_template.agent_always_email
+                    or alert_template.agent_always_text
                 )
-
-            # send text message if enabled
-            if (
-                not alert.sms_sent
-                and alert_template
-                and alert_template.agent_always_text
-                or self.overdue_text_alert
-            ):
-                agent_outage_sms_task.delay(
-                    pk=alert.pk,
-                    alert_interval=alert_template.check_periodic_alert_days
-                    if alert_template
-                    else None,
-                )
-
-            # check if any scripts should be run
-            if not alert.action_run and alert_template and alert_template.action:
-                r = self.run_script(
-                    scriptpk=alert_template.action.pk,
-                    args=alert_template.action_args,
-                    timeout=alert_template.action_timeout,
-                    wait=True,
-                    full=True,
-                    run_on_any=True,
-                )
-
-                # command was successful
-                if type(r) == dict:
-                    alert.action_retcode = r["retcode"]
-                    alert.action_stdout = r["stdout"]
-                    alert.action_stderr = r["stderr"]
-                    alert.action_execution_time = "{:.4f}".format(r["execution_time"])
-                    alert.action_run = djangotime.now()
-                    alert.save()
-                else:
-                    logger.error(
-                        f"Failure action: {alert_template.action.name} failed to run on any agent for {self.hostname} outage"
-                    )
+            )
+        )
 
     def send_outage_email(self):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.get_alert_template()
         CORE.send_mail(
             f"{self.client.name}, {self.site.name}, {self.hostname} - data overdue",
             (
@@ -857,14 +815,13 @@ class Agent(BaseAuditModel):
                 f"agent {self.hostname} "
                 "within the expected time."
             ),
-            alert_template=alert_template,
+            alert_template=self.alert_template,
         )
 
     def send_recovery_email(self):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.get_alert_template()
         CORE.send_mail(
             f"{self.client.name}, {self.site.name}, {self.hostname} - data received",
             (
@@ -873,27 +830,25 @@ class Agent(BaseAuditModel):
                 f"agent {self.hostname} "
                 "after an interruption in data transmission."
             ),
-            alert_template=alert_template,
+            alert_template=self.alert_template,
         )
 
     def send_outage_sms(self):
         from core.models import CoreSettings
 
-        alert_template = self.get_alert_template()
         CORE = CoreSettings.objects.first()
         CORE.send_sms(
             f"{self.client.name}, {self.site.name}, {self.hostname} - data overdue",
-            alert_template=alert_template,
+            alert_template=self.alert_template,
         )
 
     def send_recovery_sms(self):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.get_alert_template()
         CORE.send_sms(
             f"{self.client.name}, {self.site.name}, {self.hostname} - data received",
-            alert_template=alert_template,
+            alert_template=self.alert_template,
         )
 
 
@@ -919,12 +874,6 @@ class RecoveryAction(models.Model):
     def __str__(self):
         return f"{self.agent.hostname} - {self.mode}"
 
-    def send(self):
-        ret = {"recovery": self.mode}
-        if self.mode == "command":
-            ret["cmd"] = self.command
-        return ret
-
 
 class Note(models.Model):
     agent = models.ForeignKey(
@@ -944,3 +893,38 @@ class Note(models.Model):
 
     def __str__(self):
         return self.agent.hostname
+
+
+class AgentCustomField(models.Model):
+    agent = models.ForeignKey(
+        Agent,
+        related_name="custom_fields",
+        on_delete=models.CASCADE,
+    )
+
+    field = models.ForeignKey(
+        "core.CustomField",
+        related_name="agent_fields",
+        on_delete=models.CASCADE,
+    )
+
+    string_value = models.TextField(null=True, blank=True)
+    bool_value = models.BooleanField(blank=True, default=False)
+    multiple_value = ArrayField(
+        models.TextField(null=True, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+
+    def __str__(self):
+        return self.field
+
+    @property
+    def value(self):
+        if self.field.type == "multiple":
+            return self.multiple_value
+        elif self.field.type == "checkbox":
+            return self.bool_value
+        else:
+            return self.string_value

api/tacticalrmm/agents/permissions.py

@@ -0,0 +1,63 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class MeshPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_use_mesh")
+
+
+class UninstallPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_uninstall_agents")
+
+
+class UpdateAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_update_agents")
+
+
+class EditAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_edit_agent")
+
+
+class ManageProcPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_manage_procs")
+
+
+class EvtLogPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_view_eventlogs")
+
+
+class SendCMDPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_send_cmd")
+
+
+class RebootAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_reboot_agents")
+
+
+class InstallAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_install_agents")
+
+
+class RunScriptPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_run_scripts")
+
+
+class ManageNotesPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_manage_notes")
+
+
+class RunBulkPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_run_bulk")

api/tacticalrmm/agents/serializers.py

@@ -1,23 +1,21 @@
 import pytz
-
 from rest_framework import serializers
-from rest_framework.fields import ReadOnlyField
 
-from .models import Agent, Note
-
-from winupdate.serializers import WinUpdatePolicySerializer
 from clients.serializers import ClientSerializer
+from winupdate.serializers import WinUpdatePolicySerializer
+
+from .models import Agent, AgentCustomField, Note
 
 
 class AgentSerializer(serializers.ModelSerializer):
     # for vue
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
     winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
     status = serializers.ReadOnlyField()
     cpu_model = serializers.ReadOnlyField()
     local_ips = serializers.ReadOnlyField()
     make_model = serializers.ReadOnlyField()
     physical_disks = serializers.ReadOnlyField()
+    graphics = serializers.ReadOnlyField()
     checks = serializers.ReadOnlyField()
     timezone = serializers.ReadOnlyField()
     all_timezones = serializers.SerializerMethodField()
@@ -46,8 +44,6 @@ class AgentOverdueActionSerializer(serializers.ModelSerializer):
 
 
 class AgentTableSerializer(serializers.ModelSerializer):
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
-    pending_actions = serializers.SerializerMethodField()
     status = serializers.ReadOnlyField()
     checks = serializers.ReadOnlyField()
     last_seen = serializers.SerializerMethodField()
@@ -56,9 +52,19 @@ class AgentTableSerializer(serializers.ModelSerializer):
     logged_username = serializers.SerializerMethodField()
     italic = serializers.SerializerMethodField()
     policy = serializers.ReadOnlyField(source="policy.id")
+    alert_template = serializers.SerializerMethodField()
 
-    def get_pending_actions(self, obj):
-        return obj.pendingactions.filter(status="pending").count()
+    def get_alert_template(self, obj):
+
+        if not obj.alert_template:
+            return None
+        else:
+            return {
+                "name": obj.alert_template.name,
+                "always_email": obj.alert_template.agent_always_email,
+                "always_text": obj.alert_template.agent_always_text,
+                "always_alert": obj.alert_template.agent_always_alert,
+            }
 
     def get_last_seen(self, obj) -> str:
         if obj.time_zone is not None:
@@ -66,7 +72,7 @@ class AgentTableSerializer(serializers.ModelSerializer):
         else:
             agent_tz = self.context["default_tz"]
 
-        return obj.last_seen.astimezone(agent_tz).timestamp()
+        return obj.last_seen.astimezone(agent_tz).strftime("%m %d %Y %H:%M")
 
     def get_logged_username(self, obj) -> str:
         if obj.logged_in_username == "None" and obj.status == "online":
@@ -83,6 +89,7 @@ class AgentTableSerializer(serializers.ModelSerializer):
         model = Agent
         fields = [
             "id",
+            "alert_template",
             "hostname",
             "agent_id",
             "site_name",
@@ -90,8 +97,8 @@ class AgentTableSerializer(serializers.ModelSerializer):
             "monitoring_type",
             "description",
             "needs_reboot",
-            "patches_pending",
-            "pending_actions",
+            "has_patches_pending",
+            "pending_actions_count",
             "status",
             "overdue_text_alert",
             "overdue_email_alert",
@@ -103,14 +110,35 @@ class AgentTableSerializer(serializers.ModelSerializer):
             "logged_username",
             "italic",
             "policy",
+            "block_policy_inheritance",
         ]
         depth = 2
 
 
+class AgentCustomFieldSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = AgentCustomField
+        fields = (
+            "id",
+            "field",
+            "agent",
+            "value",
+            "string_value",
+            "bool_value",
+            "multiple_value",
+        )
+        extra_kwargs = {
+            "string_value": {"write_only": True},
+            "bool_value": {"write_only": True},
+            "multiple_value": {"write_only": True},
+        }
+
+
 class AgentEditSerializer(serializers.ModelSerializer):
     winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
     all_timezones = serializers.SerializerMethodField()
     client = ClientSerializer(read_only=True)
+    custom_fields = AgentCustomFieldSerializer(many=True, read_only=True)
 
     def get_all_timezones(self, obj):
         return pytz.all_timezones
@@ -134,15 +162,11 @@ class AgentEditSerializer(serializers.ModelSerializer):
             "all_timezones",
             "winupdatepolicy",
             "policy",
+            "custom_fields",
         ]
 
 
 class WinAgentSerializer(serializers.ModelSerializer):
-    # for the windows agent
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
-    winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
-    status = serializers.ReadOnlyField()
-
     class Meta:
         model = Agent
         fields = "__all__"

api/tacticalrmm/agents/tasks.py

@@ -1,30 +1,34 @@
 import asyncio
-from loguru import logger
-from time import sleep
-import random
-from packaging import version as pyver
-from typing import List, Union
 import datetime as dt
+import random
+import tempfile
+import json
+import subprocess
+import urllib.parse
+from time import sleep
+from typing import Union
 
-from django.utils import timezone as djangotime
 from django.conf import settings
-from scripts.models import Script
+from django.utils import timezone as djangotime
+from loguru import logger
+from packaging import version as pyver
 
-from tacticalrmm.celery import app
 from agents.models import Agent
-from core.models import CoreSettings
+from core.models import CodeSignToken, CoreSettings
 from logs.models import PendingAction
+from scripts.models import Script
+from tacticalrmm.celery import app
+from tacticalrmm.utils import run_nats_api_cmd
 
 logger.configure(**settings.LOG_CONFIG)
 
 
-def agent_update(pk: int) -> str:
+def agent_update(pk: int, codesigntoken: str = None, force: bool = False) -> str:
+    from agents.utils import get_exegen_url
+
     agent = Agent.objects.get(pk=pk)
 
-    if pyver.parse(agent.version) <= pyver.parse("1.1.11"):
-        logger.warning(
-            f"{agent.hostname} v{agent.version} is running an unsupported version. Refusing to auto update."
-        )
+    if pyver.parse(agent.version) <= pyver.parse("1.3.0"):
         return "not supported"
 
     # skip if we can't determine the arch
@@ -34,35 +38,33 @@ def agent_update(pk: int) -> str:
         )
         return "noarch"
 
-    # removed sqlite in 1.4.0 to get rid of cgo dependency
-    # 1.3.0 has migration func to move from sqlite to win registry, so force an upgrade to 1.3.0 if old agent
-    if pyver.parse(agent.version) >= pyver.parse("1.3.0"):
-        version = settings.LATEST_AGENT_VER
-        url = agent.winagent_dl
-        inno = agent.win_inno_exe
+    version = settings.LATEST_AGENT_VER
+    inno = agent.win_inno_exe
+
+    if codesigntoken is not None and pyver.parse(version) >= pyver.parse("1.5.0"):
+        base_url = get_exegen_url() + "/api/v1/winagents/?"
+        params = {"version": version, "arch": agent.arch, "token": codesigntoken}
+        url = base_url + urllib.parse.urlencode(params)
     else:
-        version = "1.3.0"
-        inno = (
-            "winagent-v1.3.0.exe" if agent.arch == "64" else "winagent-v1.3.0-x86.exe"
-        )
-        url = f"https://github.com/wh1te909/rmmagent/releases/download/v1.3.0/{inno}"
+        url = agent.winagent_dl
 
-    if agent.pendingactions.filter(
-        action_type="agentupdate", status="pending"
-    ).exists():
-        agent.pendingactions.filter(
+    if not force:
+        if agent.pendingactions.filter(
             action_type="agentupdate", status="pending"
-        ).delete()
+        ).exists():
+            agent.pendingactions.filter(
+                action_type="agentupdate", status="pending"
+            ).delete()
 
-    PendingAction.objects.create(
-        agent=agent,
-        action_type="agentupdate",
-        details={
-            "url": url,
-            "version": version,
-            "inno": inno,
-        },
-    )
+        PendingAction.objects.create(
+            agent=agent,
+            action_type="agentupdate",
+            details={
+                "url": url,
+                "version": version,
+                "inno": inno,
+            },
+        )
 
     nats_data = {
         "func": "agentupdate",
@@ -77,11 +79,31 @@ def agent_update(pk: int) -> str:
 
 
 @app.task
-def send_agent_update_task(pks: List[int]) -> None:
+def force_code_sign(pks: list[int]) -> None:
+    try:
+        token = CodeSignToken.objects.first().token
+    except:
+        return
+
+    chunks = (pks[i : i + 50] for i in range(0, len(pks), 50))
+    for chunk in chunks:
+        for pk in chunk:
+            agent_update(pk=pk, codesigntoken=token, force=True)
+            sleep(0.05)
+        sleep(4)
+
+
+@app.task
+def send_agent_update_task(pks: list[int]) -> None:
+    try:
+        codesigntoken = CodeSignToken.objects.first().token
+    except:
+        codesigntoken = None
+
     chunks = (pks[i : i + 30] for i in range(0, len(pks), 30))
     for chunk in chunks:
         for pk in chunk:
-            agent_update(pk)
+            agent_update(pk, codesigntoken)
             sleep(0.05)
         sleep(4)
 
@@ -92,8 +114,13 @@ def auto_self_agent_update_task() -> None:
     if not core.agent_auto_update:
         return
 
+    try:
+        codesigntoken = CodeSignToken.objects.first().token
+    except:
+        codesigntoken = None
+
     q = Agent.objects.only("pk", "version")
-    pks: List[int] = [
+    pks: list[int] = [
         i.pk
         for i in q
         if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
@@ -102,7 +129,7 @@ def auto_self_agent_update_task() -> None:
     chunks = (pks[i : i + 30] for i in range(0, len(pks), 30))
     for chunk in chunks:
         for pk in chunk:
-            agent_update(pk)
+            agent_update(pk, codesigntoken)
             sleep(0.05)
         sleep(4)
 
@@ -183,8 +210,11 @@ def agent_recovery_sms_task(pk: int) -> str:
 
 @app.task
 def agent_outages_task() -> None:
+    from alerts.models import Alert
+
     agents = Agent.objects.only(
         "pk",
+        "agent_id",
         "last_seen",
         "offline_time",
         "overdue_time",
@@ -195,30 +225,22 @@ def agent_outages_task() -> None:
 
     for agent in agents:
         if agent.status == "overdue":
-            agent.handle_alert()
-
-
-@app.task
-def handle_agent_recovery_task(pk: int) -> None:
-    sleep(10)
-    from agents.models import RecoveryAction
-
-    action = RecoveryAction.objects.get(pk=pk)
-    if action.mode == "command":
-        data = {"func": "recoverycmd", "recoverycommand": action.command}
-    else:
-        data = {"func": "recover", "payload": {"mode": action.mode}}
-
-    asyncio.run(action.agent.nats_cmd(data, wait=False))
+            Alert.handle_alert_failure(agent)
 
 
 @app.task
 def run_script_email_results_task(
-    agentpk: int, scriptpk: int, nats_timeout: int, emails: List[str]
+    agentpk: int,
+    scriptpk: int,
+    nats_timeout: int,
+    emails: list[str],
+    args: list[str] = [],
 ):
     agent = Agent.objects.get(pk=agentpk)
     script = Script.objects.get(pk=scriptpk)
-    r = agent.run_script(scriptpk=script.pk, full=True, timeout=nats_timeout, wait=True)
+    r = agent.run_script(
+        scriptpk=script.pk, args=args, full=True, timeout=nats_timeout, wait=True
+    )
     if r == "timeout":
         logger.error(f"{agent.hostname} timed out running script.")
         return
@@ -258,3 +280,68 @@ def run_script_email_results_task(
                 server.quit()
     except Exception as e:
         logger.error(e)
+
+
+@app.task
+def clear_faults_task(older_than_days: int) -> None:
+    # https://github.com/wh1te909/tacticalrmm/issues/484
+    agents = Agent.objects.exclude(last_seen__isnull=True).filter(
+        last_seen__lt=djangotime.now() - djangotime.timedelta(days=older_than_days)
+    )
+    for agent in agents:
+        if agent.agentchecks.exists():
+            for check in agent.agentchecks.all():
+                # reset check status
+                check.status = "passing"
+                check.save(update_fields=["status"])
+                if check.alert.filter(resolved=False).exists():
+                    check.alert.get(resolved=False).resolve()
+
+        # reset overdue alerts
+        agent.overdue_email_alert = False
+        agent.overdue_text_alert = False
+        agent.overdue_dashboard_alert = False
+        agent.save(
+            update_fields=[
+                "overdue_email_alert",
+                "overdue_text_alert",
+                "overdue_dashboard_alert",
+            ]
+        )
+
+
+@app.task
+def monitor_agents_task() -> None:
+    agents = Agent.objects.only(
+        "pk", "agent_id", "last_seen", "overdue_time", "offline_time"
+    )
+    ids = [i.agent_id for i in agents if i.status != "online"]
+    run_nats_api_cmd("monitor", ids)
+
+
+@app.task
+def get_wmi_task() -> None:
+    agents = Agent.objects.only(
+        "pk", "agent_id", "last_seen", "overdue_time", "offline_time"
+    )
+    ids = [i.agent_id for i in agents if i.status == "online"]
+    run_nats_api_cmd("wmi", ids, timeout=45)
+
+
+@app.task
+def agent_checkin_task() -> None:
+    db = settings.DATABASES["default"]
+    config = {
+        "key": settings.SECRET_KEY,
+        "natsurl": f"tls://{settings.ALLOWED_HOSTS[0]}:4222",
+        "user": db["USER"],
+        "pass": db["PASSWORD"],
+        "host": db["HOST"],
+        "port": int(db["PORT"]),
+        "dbname": db["NAME"],
+    }
+    with tempfile.NamedTemporaryFile() as fp:
+        with open(fp.name, "w") as f:
+            json.dump(config, f)
+        cmd = ["/usr/local/bin/nats-api", "-c", fp.name, "-m", "checkin"]
+        subprocess.run(cmd, timeout=30)

api/tacticalrmm/agents/tests.py

@@ -1,23 +1,77 @@
 import json
 import os
+from itertools import cycle
 from unittest.mock import patch
 
+from django.conf import settings
 from model_bakery import baker
-from itertools import cycle
-from typing import List
 from packaging import version as pyver
 
-
-from django.conf import settings
-
 from logs.models import PendingAction
-
 from tacticalrmm.test import TacticalTestCase
-from .serializers import AgentSerializer
-from winupdate.serializers import WinUpdatePolicySerializer
-from .models import Agent
-from .tasks import auto_self_agent_update_task
 from winupdate.models import WinUpdatePolicy
+from winupdate.serializers import WinUpdatePolicySerializer
+
+from .models import Agent, AgentCustomField
+from .serializers import AgentSerializer
+from .tasks import auto_self_agent_update_task
+
+
+class TestAgentsList(TacticalTestCase):
+    def setUp(self):
+        self.authenticate()
+        self.setup_coresettings()
+
+    def test_agents_list(self):
+        url = "/agents/listagents/"
+
+        # 36 total agents
+        company1 = baker.make("clients.Client")
+        company2 = baker.make("clients.Client")
+        site1 = baker.make("clients.Site", client=company1)
+        site2 = baker.make("clients.Site", client=company1)
+        site3 = baker.make("clients.Site", client=company2)
+
+        baker.make_recipe(
+            "agents.online_agent", site=site1, monitoring_type="server", _quantity=15
+        )
+        baker.make_recipe(
+            "agents.online_agent",
+            site=site2,
+            monitoring_type="workstation",
+            _quantity=10,
+        )
+        baker.make_recipe(
+            "agents.online_agent",
+            site=site3,
+            monitoring_type="server",
+            _quantity=4,
+        )
+        baker.make_recipe(
+            "agents.online_agent",
+            site=site3,
+            monitoring_type="workstation",
+            _quantity=7,
+        )
+
+        # test all agents
+        r = self.client.patch(url, format="json")
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(len(r.data), 36)  # type: ignore
+
+        # test client1
+        data = {"clientPK": company1.pk}  # type: ignore
+        r = self.client.patch(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(len(r.data), 25)  # type: ignore
+
+        # test site3
+        data = {"sitePK": site3.pk}  # type: ignore
+        r = self.client.patch(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(len(r.data), 11)  # type: ignore
+
+        self.check_not_authenticated("patch", url)
 
 
 class TestAgentViews(TacticalTestCase):
@@ -80,12 +134,12 @@ class TestAgentViews(TacticalTestCase):
             _quantity=15,
         )
 
-        pks: List[int] = list(
+        pks: list[int] = list(
             Agent.objects.only("pk", "version").values_list("pk", flat=True)
         )
 
         data = {"pks": pks}
-        expected: List[int] = [
+        expected: list[int] = [
             i.pk
             for i in Agent.objects.only("pk", "version")
             if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
@@ -98,8 +152,9 @@ class TestAgentViews(TacticalTestCase):
 
         self.check_not_authenticated("post", url)
 
+    @patch("time.sleep")
     @patch("agents.models.Agent.nats_cmd")
-    def test_ping(self, nats_cmd):
+    def test_ping(self, nats_cmd, mock_sleep):
         url = f"/agents/{self.agent.pk}/ping/"
 
         nats_cmd.return_value = "timeout"
@@ -144,11 +199,6 @@ class TestAgentViews(TacticalTestCase):
 
     @patch("agents.models.Agent.nats_cmd")
     def test_get_processes(self, mock_ret):
-        agent_old = baker.make_recipe("agents.online_agent", version="1.1.12")
-        url_old = f"/agents/{agent_old.pk}/getprocs/"
-        r = self.client.get(url_old)
-        self.assertEqual(r.status_code, 400)
-
         agent = baker.make_recipe("agents.online_agent", version="1.2.0")
         url = f"/agents/{agent.pk}/getprocs/"
 
@@ -259,7 +309,7 @@ class TestAgentViews(TacticalTestCase):
         mock_ret.return_value = "nt authority\system"
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 200)
-        self.assertIsInstance(r.data, str)
+        self.assertIsInstance(r.data, str)  # type: ignore
 
         mock_ret.return_value = "timeout"
         r = self.client.post(url, data, format="json")
@@ -279,15 +329,16 @@ class TestAgentViews(TacticalTestCase):
         nats_cmd.return_value = "ok"
         r = self.client.patch(url, data, format="json")
         self.assertEqual(r.status_code, 200)
-        self.assertEqual(r.data["time"], "August 29, 2025 at 06:41 PM")
-        self.assertEqual(r.data["agent"], self.agent.hostname)
+        self.assertEqual(r.data["time"], "August 29, 2025 at 06:41 PM")  # type: ignore
+        self.assertEqual(r.data["agent"], self.agent.hostname)  # type: ignore
 
         nats_data = {
             "func": "schedtask",
             "schedtaskpayload": {
                 "type": "schedreboot",
+                "deleteafter": True,
                 "trigger": "once",
-                "name": r.data["task_name"],
+                "name": r.data["task_name"],  # type: ignore
                 "year": 2025,
                 "month": "August",
                 "day": 29,
@@ -308,53 +359,43 @@ class TestAgentViews(TacticalTestCase):
         r = self.client.patch(url, data_invalid, format="json")
 
         self.assertEqual(r.status_code, 400)
-        self.assertEqual(r.data, "Invalid date")
+        self.assertEqual(r.data, "Invalid date")  # type: ignore
 
         self.check_not_authenticated("patch", url)
 
     @patch("os.path.exists")
-    @patch("subprocess.run")
-    def test_install_agent(self, mock_subprocess, mock_file_exists):
-        url = f"/agents/installagent/"
+    def test_install_agent(self, mock_file_exists):
+        url = "/agents/installagent/"
 
         site = baker.make("clients.Site")
         data = {
-            "client": site.client.id,
-            "site": site.id,
+            "client": site.client.id,  # type: ignore
+            "site": site.id,  # type: ignore
             "arch": "64",
             "expires": 23,
-            "installMethod": "exe",
+            "installMethod": "manual",
             "api": "https://api.example.com",
             "agenttype": "server",
             "rdp": 1,
             "ping": 0,
             "power": 0,
+            "fileName": "rmm-client-site-server.exe",
         }
 
         mock_file_exists.return_value = False
-        mock_subprocess.return_value.returncode = 0
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 406)
 
         mock_file_exists.return_value = True
-        mock_subprocess.return_value.returncode = 1
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 413)
-
-        mock_file_exists.return_value = True
-        mock_subprocess.return_value.returncode = 0
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 200)
 
         data["arch"] = "32"
-        mock_subprocess.return_value.returncode = 0
         mock_file_exists.return_value = False
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 415)
 
-        data["installMethod"] = "manual"
         data["arch"] = "64"
-        mock_subprocess.return_value.returncode = 0
         mock_file_exists.return_value = True
         r = self.client.post(url, data, format="json")
         self.assertIn("rdp", r.json()["cmd"])
@@ -365,52 +406,74 @@ class TestAgentViews(TacticalTestCase):
         self.assertIn("power", r.json()["cmd"])
         self.assertIn("ping", r.json()["cmd"])
 
+        data["installMethod"] = "powershell"
+        self.assertEqual(r.status_code, 200)
+
         self.check_not_authenticated("post", url)
 
-    def test_recover(self):
+    @patch("agents.models.Agent.nats_cmd")
+    def test_recover(self, nats_cmd):
         from agents.models import RecoveryAction
 
-        self.agent.version = "0.11.1"
-        self.agent.save(update_fields=["version"])
+        RecoveryAction.objects.all().delete()
         url = "/agents/recover/"
-        data = {"pk": self.agent.pk, "cmd": None, "mode": "mesh"}
+        agent = baker.make_recipe("agents.online_agent")
+
+        # test mesh realtime
+        data = {"pk": agent.pk, "cmd": None, "mode": "mesh"}
+        nats_cmd.return_value = "ok"
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 200)
+        self.assertEqual(RecoveryAction.objects.count(), 0)
+        nats_cmd.assert_called_with(
+            {"func": "recover", "payload": {"mode": "mesh"}}, timeout=10
+        )
+        nats_cmd.reset_mock()
 
-        data["mode"] = "mesh"
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 400)
-        self.assertIn("pending", r.json())
-
-        RecoveryAction.objects.all().delete()
-        data["mode"] = "command"
-        data["cmd"] = "ipconfig /flushdns"
+        # test mesh with agent rpc not working
+        data = {"pk": agent.pk, "cmd": None, "mode": "mesh"}
+        nats_cmd.return_value = "timeout"
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 200)
-
-        RecoveryAction.objects.all().delete()
-        data["cmd"] = None
-        r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 400)
-
+        self.assertEqual(RecoveryAction.objects.count(), 1)
+        mesh_recovery = RecoveryAction.objects.first()
+        self.assertEqual(mesh_recovery.mode, "mesh")
+        nats_cmd.reset_mock()
         RecoveryAction.objects.all().delete()
 
-        self.agent.version = "0.9.4"
-        self.agent.save(update_fields=["version"])
-        data["mode"] = "mesh"
+        # test tacagent realtime
+        data = {"pk": agent.pk, "cmd": None, "mode": "tacagent"}
+        nats_cmd.return_value = "ok"
         r = self.client.post(url, data, format="json")
-        self.assertEqual(r.status_code, 400)
-        self.assertIn("0.9.5", r.json())
-
-        self.check_not_authenticated("post", url)
-
-    def test_agents_list(self):
-        url = "/agents/listagents/"
-
-        r = self.client.get(url)
         self.assertEqual(r.status_code, 200)
+        self.assertEqual(RecoveryAction.objects.count(), 0)
+        nats_cmd.assert_called_with(
+            {"func": "recover", "payload": {"mode": "tacagent"}}, timeout=10
+        )
+        nats_cmd.reset_mock()
 
-        self.check_not_authenticated("get", url)
+        # test tacagent with rpc not working
+        data = {"pk": agent.pk, "cmd": None, "mode": "tacagent"}
+        nats_cmd.return_value = "timeout"
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 400)
+        self.assertEqual(RecoveryAction.objects.count(), 0)
+        nats_cmd.reset_mock()
+
+        # test shell cmd without command
+        data = {"pk": agent.pk, "cmd": None, "mode": "command"}
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 400)
+        self.assertEqual(RecoveryAction.objects.count(), 0)
+
+        # test shell cmd
+        data = {"pk": agent.pk, "cmd": "shutdown /r /t 10 /f", "mode": "command"}
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(RecoveryAction.objects.count(), 1)
+        cmd_recovery = RecoveryAction.objects.first()
+        self.assertEqual(cmd_recovery.mode, "command")
+        self.assertEqual(cmd_recovery.command, "shutdown /r /t 10 /f")
 
     def test_agents_agent_detail(self):
         url = f"/agents/{self.agent.pk}/agentdetail/"
@@ -428,7 +491,7 @@ class TestAgentViews(TacticalTestCase):
 
         edit = {
             "id": self.agent.pk,
-            "site": site.id,
+            "site": site.id,  # type: ignore
             "monitoring_type": "workstation",
             "description": "asjdk234andasd",
             "offline_time": 4,
@@ -459,12 +522,41 @@ class TestAgentViews(TacticalTestCase):
 
         agent = Agent.objects.get(pk=self.agent.pk)
         data = AgentSerializer(agent).data
-        self.assertEqual(data["site"], site.id)
+        self.assertEqual(data["site"], site.id)  # type: ignore
 
         policy = WinUpdatePolicy.objects.get(agent=self.agent)
         data = WinUpdatePolicySerializer(policy).data
         self.assertEqual(data["run_time_days"], [2, 3, 6])
 
+        # test adding custom fields
+        field = baker.make("core.CustomField", model="agent", type="number")
+        edit = {
+            "id": self.agent.pk,
+            "site": site.id,  # type: ignore
+            "description": "asjdk234andasd",
+            "custom_fields": [{"field": field.id, "string_value": "123"}],  # type: ignore
+        }
+
+        r = self.client.patch(url, edit, format="json")
+        self.assertEqual(r.status_code, 200)
+        self.assertTrue(
+            AgentCustomField.objects.filter(agent=self.agent, field=field).exists()
+        )
+
+        # test edit custom field
+        edit = {
+            "id": self.agent.pk,
+            "site": site.id,  # type: ignore
+            "description": "asjdk234andasd",
+            "custom_fields": [{"field": field.id, "string_value": "456"}],  # type: ignore
+        }
+
+        r = self.client.patch(url, edit, format="json")
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(
+            AgentCustomField.objects.get(agent=agent, field=field).value,
+            "456",
+        )
         self.check_not_authenticated("patch", url)
 
     @patch("agents.models.Agent.get_login_token")
@@ -477,21 +569,21 @@ class TestAgentViews(TacticalTestCase):
         # TODO
         # decode the cookie
 
-        self.assertIn("&viewmode=13", r.data["file"])
-        self.assertIn("&viewmode=12", r.data["terminal"])
-        self.assertIn("&viewmode=11", r.data["control"])
+        self.assertIn("&viewmode=13", r.data["file"])  # type: ignore
+        self.assertIn("&viewmode=12", r.data["terminal"])  # type: ignore
+        self.assertIn("&viewmode=11", r.data["control"])  # type: ignore
 
-        self.assertIn("&gotonode=", r.data["file"])
-        self.assertIn("&gotonode=", r.data["terminal"])
-        self.assertIn("&gotonode=", r.data["control"])
+        self.assertIn("&gotonode=", r.data["file"])  # type: ignore
+        self.assertIn("&gotonode=", r.data["terminal"])  # type: ignore
+        self.assertIn("&gotonode=", r.data["control"])  # type: ignore
 
-        self.assertIn("?login=", r.data["file"])
-        self.assertIn("?login=", r.data["terminal"])
-        self.assertIn("?login=", r.data["control"])
+        self.assertIn("?login=", r.data["file"])  # type: ignore
+        self.assertIn("?login=", r.data["terminal"])  # type: ignore
+        self.assertIn("?login=", r.data["control"])  # type: ignore
 
-        self.assertEqual(self.agent.hostname, r.data["hostname"])
-        self.assertEqual(self.agent.client.name, r.data["client"])
-        self.assertEqual(self.agent.site.name, r.data["site"])
+        self.assertEqual(self.agent.hostname, r.data["hostname"])  # type: ignore
+        self.assertEqual(self.agent.client.name, r.data["client"])  # type: ignore
+        self.assertEqual(self.agent.site.name, r.data["site"])  # type: ignore
 
         self.assertEqual(r.status_code, 200)
 
@@ -501,32 +593,6 @@ class TestAgentViews(TacticalTestCase):
 
         self.check_not_authenticated("get", url)
 
-    def test_by_client(self):
-        url = f"/agents/byclient/{self.agent.client.id}/"
-
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        self.assertTrue(r.data)
-
-        url = f"/agents/byclient/500/"
-        r = self.client.get(url)
-        self.assertFalse(r.data)  # returns empty list
-
-        self.check_not_authenticated("get", url)
-
-    def test_by_site(self):
-        url = f"/agents/bysite/{self.agent.site.id}/"
-
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        self.assertTrue(r.data)
-
-        url = f"/agents/bysite/500/"
-        r = self.client.get(url)
-        self.assertEqual(r.data, [])
-
-        self.check_not_authenticated("get", url)
-
     def test_overdue_action(self):
         url = "/agents/overdueaction/"
 
@@ -535,14 +601,14 @@ class TestAgentViews(TacticalTestCase):
         self.assertEqual(r.status_code, 200)
         agent = Agent.objects.get(pk=self.agent.pk)
         self.assertTrue(agent.overdue_email_alert)
-        self.assertEqual(self.agent.hostname, r.data)
+        self.assertEqual(self.agent.hostname, r.data)  # type: ignore
 
         payload = {"pk": self.agent.pk, "overdue_text_alert": False}
         r = self.client.post(url, payload, format="json")
         self.assertEqual(r.status_code, 200)
         agent = Agent.objects.get(pk=self.agent.pk)
         self.assertFalse(agent.overdue_text_alert)
-        self.assertEqual(self.agent.hostname, r.data)
+        self.assertEqual(self.agent.hostname, r.data)  # type: ignore
 
         self.check_not_authenticated("post", url)
 
@@ -686,9 +752,9 @@ class TestAgentViews(TacticalTestCase):
         nats_cmd.return_value = "ok"
         r = self.client.get(url)
         self.assertEqual(r.status_code, 200)
-        self.assertIn(self.agent.hostname, r.data)
+        self.assertIn(self.agent.hostname, r.data)  # type: ignore
         nats_cmd.assert_called_with(
-            {"func": "recover", "payload": {"mode": "mesh"}}, timeout=45
+            {"func": "recover", "payload": {"mode": "mesh"}}, timeout=90
         )
 
         nats_cmd.return_value = "timeout"
@@ -701,13 +767,84 @@ class TestAgentViews(TacticalTestCase):
 
         self.check_not_authenticated("get", url)
 
+    @patch("agents.tasks.run_script_email_results_task.delay")
+    @patch("agents.models.Agent.run_script")
+    def test_run_script(self, run_script, email_task):
+        run_script.return_value = "ok"
+        url = "/agents/runscript/"
+        script = baker.make_recipe("scripts.script")
+
+        # test wait
+        data = {
+            "pk": self.agent.pk,
+            "scriptPK": script.pk,
+            "output": "wait",
+            "args": [],
+            "timeout": 15,
+        }
+
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+        run_script.assert_called_with(
+            scriptpk=script.pk, args=[], timeout=18, wait=True
+        )
+        run_script.reset_mock()
+
+        # test email default
+        data = {
+            "pk": self.agent.pk,
+            "scriptPK": script.pk,
+            "output": "email",
+            "args": ["abc", "123"],
+            "timeout": 15,
+            "emailmode": "default",
+            "emails": ["admin@example.com", "bob@example.com"],
+        }
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+        email_task.assert_called_with(
+            agentpk=self.agent.pk,
+            scriptpk=script.pk,
+            nats_timeout=18,
+            emails=[],
+            args=["abc", "123"],
+        )
+        email_task.reset_mock()
+
+        # test email overrides
+        data["emailmode"] = "custom"
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+        email_task.assert_called_with(
+            agentpk=self.agent.pk,
+            scriptpk=script.pk,
+            nats_timeout=18,
+            emails=["admin@example.com", "bob@example.com"],
+            args=["abc", "123"],
+        )
+
+        # test fire and forget
+        data = {
+            "pk": self.agent.pk,
+            "scriptPK": script.pk,
+            "output": "forget",
+            "args": ["hello", "world"],
+            "timeout": 22,
+        }
+
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+        run_script.assert_called_with(
+            scriptpk=script.pk, args=["hello", "world"], timeout=25
+        )
+
 
 class TestAgentViewsNew(TacticalTestCase):
     def setUp(self):
         self.authenticate()
         self.setup_coresettings()
 
-    def test_agent_counts(self):
+    """ def test_agent_counts(self):
         url = "/agents/agent_counts/"
 
         # create some data
@@ -732,9 +869,9 @@ class TestAgentViewsNew(TacticalTestCase):
 
         r = self.client.post(url, format="json")
         self.assertEqual(r.status_code, 200)
-        self.assertEqual(r.data, data)
+        self.assertEqual(r.data, data)  # type: ignore
 
-        self.check_not_authenticated("post", url)
+        self.check_not_authenticated("post", url) """
 
     def test_agent_maintenance_mode(self):
         url = "/agents/maintenance/"
@@ -744,14 +881,14 @@ class TestAgentViewsNew(TacticalTestCase):
         agent = baker.make_recipe("agents.agent", site=site)
 
         # Test client toggle maintenance mode
-        data = {"type": "Client", "id": site.client.id, "action": True}
+        data = {"type": "Client", "id": site.client.id, "action": True}  # type: ignore
 
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 200)
         self.assertTrue(Agent.objects.get(pk=agent.pk).maintenance_mode)
 
         # Test site toggle maintenance mode
-        data = {"type": "Site", "id": site.id, "action": False}
+        data = {"type": "Site", "id": site.id, "action": False}  # type: ignore
 
         r = self.client.post(url, data, format="json")
         self.assertEqual(r.status_code, 200)
@@ -778,8 +915,9 @@ class TestAgentTasks(TacticalTestCase):
         self.authenticate()
         self.setup_coresettings()
 
+    @patch("agents.utils.get_exegen_url")
     @patch("agents.models.Agent.nats_cmd")
-    def test_agent_update(self, nats_cmd):
+    def test_agent_update(self, nats_cmd, get_exe):
         from agents.tasks import agent_update
 
         agent_noarch = baker.make_recipe(
@@ -790,63 +928,96 @@ class TestAgentTasks(TacticalTestCase):
         r = agent_update(agent_noarch.pk)
         self.assertEqual(r, "noarch")
 
-        agent_1111 = baker.make_recipe(
-            "agents.agent",
-            operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
-            version="1.1.11",
-        )
-        r = agent_update(agent_1111.pk)
-        self.assertEqual(r, "not supported")
-
-        agent64_1112 = baker.make_recipe(
-            "agents.agent",
-            operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
-            version="1.1.12",
-        )
-
-        r = agent_update(agent64_1112.pk)
-        self.assertEqual(r, "created")
-        action = PendingAction.objects.get(agent__pk=agent64_1112.pk)
-        self.assertEqual(action.action_type, "agentupdate")
-        self.assertEqual(action.status, "pending")
-        self.assertEqual(
-            action.details["url"],
-            "https://github.com/wh1te909/rmmagent/releases/download/v1.3.0/winagent-v1.3.0.exe",
-        )
-        self.assertEqual(action.details["inno"], "winagent-v1.3.0.exe")
-        self.assertEqual(action.details["version"], "1.3.0")
-        nats_cmd.assert_called_with(
-            {
-                "func": "agentupdate",
-                "payload": {
-                    "url": "https://github.com/wh1te909/rmmagent/releases/download/v1.3.0/winagent-v1.3.0.exe",
-                    "version": "1.3.0",
-                    "inno": "winagent-v1.3.0.exe",
-                },
-            },
-            wait=False,
-        )
-
-        agent_64_130 = baker.make_recipe(
+        agent_130 = baker.make_recipe(
             "agents.agent",
             operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
             version="1.3.0",
         )
-        nats_cmd.return_value = "ok"
-        r = agent_update(agent_64_130.pk)
+        r = agent_update(agent_130.pk)
+        self.assertEqual(r, "not supported")
+
+        # test __without__ code signing
+        agent64_nosign = baker.make_recipe(
+            "agents.agent",
+            operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
+            version="1.4.14",
+        )
+
+        r = agent_update(agent64_nosign.pk, None)
         self.assertEqual(r, "created")
+        action = PendingAction.objects.get(agent__pk=agent64_nosign.pk)
+        self.assertEqual(action.action_type, "agentupdate")
+        self.assertEqual(action.status, "pending")
+        self.assertEqual(
+            action.details["url"],
+            f"https://github.com/wh1te909/rmmagent/releases/download/v{settings.LATEST_AGENT_VER}/winagent-v{settings.LATEST_AGENT_VER}.exe",
+        )
+        self.assertEqual(
+            action.details["inno"], f"winagent-v{settings.LATEST_AGENT_VER}.exe"
+        )
+        self.assertEqual(action.details["version"], settings.LATEST_AGENT_VER)
         nats_cmd.assert_called_with(
             {
                 "func": "agentupdate",
                 "payload": {
-                    "url": settings.DL_64,
+                    "url": f"https://github.com/wh1te909/rmmagent/releases/download/v{settings.LATEST_AGENT_VER}/winagent-v{settings.LATEST_AGENT_VER}.exe",
                     "version": settings.LATEST_AGENT_VER,
                     "inno": f"winagent-v{settings.LATEST_AGENT_VER}.exe",
                 },
             },
             wait=False,
         )
-        action = PendingAction.objects.get(agent__pk=agent_64_130.pk)
+
+        # test __with__ code signing (64 bit)
+        codesign = baker.make("core.CodeSignToken", token="testtoken123")
+        agent64_sign = baker.make_recipe(
+            "agents.agent",
+            operating_system="Windows 10 Pro, 64 bit (build 19041.450)",
+            version="1.4.14",
+        )
+
+        nats_cmd.return_value = "ok"
+        get_exe.return_value = "https://exe.tacticalrmm.io"
+        r = agent_update(agent64_sign.pk, codesign.token)  # type: ignore
+        self.assertEqual(r, "created")
+        nats_cmd.assert_called_with(
+            {
+                "func": "agentupdate",
+                "payload": {
+                    "url": f"https://exe.tacticalrmm.io/api/v1/winagents/?version={settings.LATEST_AGENT_VER}&arch=64&token=testtoken123",  # type: ignore
+                    "version": settings.LATEST_AGENT_VER,
+                    "inno": f"winagent-v{settings.LATEST_AGENT_VER}.exe",
+                },
+            },
+            wait=False,
+        )
+        action = PendingAction.objects.get(agent__pk=agent64_sign.pk)
+        self.assertEqual(action.action_type, "agentupdate")
+        self.assertEqual(action.status, "pending")
+
+        # test __with__ code signing (32 bit)
+        agent32_sign = baker.make_recipe(
+            "agents.agent",
+            operating_system="Windows 10 Pro, 32 bit (build 19041.450)",
+            version="1.4.14",
+        )
+
+        nats_cmd.return_value = "ok"
+        get_exe.return_value = "https://exe.tacticalrmm.io"
+        r = agent_update(agent32_sign.pk, codesign.token)  # type: ignore
+        self.assertEqual(r, "created")
+        nats_cmd.assert_called_with(
+            {
+                "func": "agentupdate",
+                "payload": {
+                    "url": f"https://exe.tacticalrmm.io/api/v1/winagents/?version={settings.LATEST_AGENT_VER}&arch=32&token=testtoken123",  # type: ignore
+                    "version": settings.LATEST_AGENT_VER,
+                    "inno": f"winagent-v{settings.LATEST_AGENT_VER}-x86.exe",
+                },
+            },
+            wait=False,
+        )
+        action = PendingAction.objects.get(agent__pk=agent32_sign.pk)
         self.assertEqual(action.action_type, "agentupdate")
         self.assertEqual(action.status, "pending")
 

api/tacticalrmm/agents/urls.py

@@ -1,12 +1,11 @@
 from django.urls import path
+
 from . import views
 
 urlpatterns = [
     path("listagents/", views.AgentsTableList.as_view()),
     path("listagentsnodetail/", views.list_agents_no_detail),
     path("<int:pk>/agenteditdetails/", views.agent_edit_details),
-    path("byclient/<int:clientpk>/", views.by_client),
-    path("bysite/<int:sitepk>/", views.by_site),
     path("overdueaction/", views.overdue_action),
     path("sendrawcmd/", views.send_raw_cmd),
     path("<pk>/agentdetail/", views.agent_detail),
@@ -28,7 +27,6 @@ urlpatterns = [
     path("<int:pk>/notes/", views.GetAddNotes.as_view()),
     path("<int:pk>/note/", views.GetEditDeleteNote.as_view()),
     path("bulk/", views.bulk),
-    path("agent_counts/", views.agent_counts),
     path("maintenance/", views.agent_maintenance),
     path("<int:pk>/wmi/", views.WMI.as_view()),
 ]

api/tacticalrmm/agents/utils.py

@@ -0,0 +1,37 @@
+import random
+import urllib.parse
+
+import requests
+from django.conf import settings
+
+
+def get_exegen_url() -> str:
+    urls: list[str] = settings.EXE_GEN_URLS
+    for url in urls:
+        try:
+            r = requests.get(url, timeout=10)
+        except:
+            continue
+
+        if r.status_code == 200:
+            return url
+
+    return random.choice(urls)
+
+
+def get_winagent_url(arch: str) -> str:
+    from core.models import CodeSignToken
+
+    try:
+        codetoken = CodeSignToken.objects.first().token
+        base_url = get_exegen_url() + "/api/v1/winagents/?"
+        params = {
+            "version": settings.LATEST_AGENT_VER,
+            "arch": arch,
+            "token": codetoken,
+        }
+        dl_url = base_url + urllib.parse.urlencode(params)
+    except:
+        dl_url = settings.DL_64 if arch == "64" else settings.DL_32
+
+    return dl_url

api/tacticalrmm/agents/views.py

@@ -1,54 +1,62 @@
 import asyncio
-from loguru import logger
+import datetime as dt
 import os
-import subprocess
-import pytz
 import random
 import string
-import datetime as dt
-from packaging import version as pyver
-from typing import List
+import time
 
 from django.conf import settings
-from django.shortcuts import get_object_or_404
 from django.http import HttpResponse
-
-from rest_framework.decorators import api_view
-from rest_framework.views import APIView
+from django.shortcuts import get_object_or_404
+from loguru import logger
+from packaging import version as pyver
+from rest_framework import status
+from rest_framework.decorators import api_view, permission_classes
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
-from rest_framework import status, generics
+from rest_framework.views import APIView
 
-from .models import Agent, RecoveryAction, Note
 from core.models import CoreSettings
-from scripts.models import Script
 from logs.models import AuditLog, PendingAction
+from scripts.models import Script
+from scripts.tasks import handle_bulk_command_task, handle_bulk_script_task
+from tacticalrmm.utils import get_default_timezone, notify_error, reload_nats
+from winupdate.serializers import WinUpdatePolicySerializer
+from winupdate.tasks import bulk_check_for_updates_task, bulk_install_updates_task
 
+from .models import Agent, AgentCustomField, Note, RecoveryAction
+from .permissions import (
+    EditAgentPerms,
+    EvtLogPerms,
+    InstallAgentPerms,
+    ManageNotesPerms,
+    ManageProcPerms,
+    MeshPerms,
+    RebootAgentPerms,
+    RunBulkPerms,
+    RunScriptPerms,
+    SendCMDPerms,
+    UninstallPerms,
+    UpdateAgentPerms,
+)
 from .serializers import (
-    AgentSerializer,
-    AgentHostnameSerializer,
-    AgentTableSerializer,
+    AgentCustomFieldSerializer,
     AgentEditSerializer,
+    AgentHostnameSerializer,
+    AgentOverdueActionSerializer,
+    AgentSerializer,
+    AgentTableSerializer,
     NoteSerializer,
     NotesSerializer,
-    AgentOverdueActionSerializer,
 )
-from winupdate.serializers import WinUpdatePolicySerializer
-
-from .tasks import (
-    send_agent_update_task,
-    run_script_email_results_task,
-)
-from winupdate.tasks import bulk_check_for_updates_task, bulk_install_updates_task
-from scripts.tasks import handle_bulk_command_task, handle_bulk_script_task
-
-from tacticalrmm.utils import notify_error, reload_nats
+from .tasks import run_script_email_results_task, send_agent_update_task
 
 logger.configure(**settings.LOG_CONFIG)
 
 
 @api_view()
 def get_agent_versions(request):
-    agents = Agent.objects.only("pk")
+    agents = Agent.objects.prefetch_related("site").only("pk", "hostname")
     return Response(
         {
             "versions": [settings.LATEST_AGENT_VER],
@@ -58,9 +66,10 @@ def get_agent_versions(request):
 
 
 @api_view(["POST"])
+@permission_classes([IsAuthenticated, UpdateAgentPerms])
 def update_agents(request):
     q = Agent.objects.filter(pk__in=request.data["pks"]).only("pk", "version")
-    pks: List[int] = [
+    pks: list[int] = [
         i.pk
         for i in q
         if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
@@ -70,30 +79,39 @@ def update_agents(request):
 
 
 @api_view()
+@permission_classes([IsAuthenticated, UninstallPerms])
 def ping(request, pk):
     agent = get_object_or_404(Agent, pk=pk)
     status = "offline"
-    if agent.has_nats:
-        r = asyncio.run(agent.nats_cmd({"func": "ping"}, timeout=5))
+    attempts = 0
+    while 1:
+        r = asyncio.run(agent.nats_cmd({"func": "ping"}, timeout=2))
         if r == "pong":
             status = "online"
+            break
+        else:
+            attempts += 1
+            time.sleep(1)
+
+        if attempts >= 5:
+            break
 
     return Response({"name": agent.hostname, "status": status})
 
 
 @api_view(["DELETE"])
+@permission_classes([IsAuthenticated, UninstallPerms])
 def uninstall(request):
     agent = get_object_or_404(Agent, pk=request.data["pk"])
-    if agent.has_nats:
-        asyncio.run(agent.nats_cmd({"func": "uninstall"}, wait=False))
-
+    asyncio.run(agent.nats_cmd({"func": "uninstall"}, wait=False))
     name = agent.hostname
     agent.delete()
     reload_nats()
     return Response(f"{name} will now be uninstalled.")
 
 
-@api_view(["PATCH"])
+@api_view(["PATCH", "PUT"])
+@permission_classes([IsAuthenticated, EditAgentPerms])
 def edit_agent(request):
     agent = get_object_or_404(Agent, pk=request.data["id"])
 
@@ -102,17 +120,41 @@ def edit_agent(request):
     a_serializer.save()
 
     if "winupdatepolicy" in request.data.keys():
-        policy = agent.winupdatepolicy.get()
+        policy = agent.winupdatepolicy.get()  # type: ignore
         p_serializer = WinUpdatePolicySerializer(
             instance=policy, data=request.data["winupdatepolicy"][0]
         )
         p_serializer.is_valid(raise_exception=True)
         p_serializer.save()
 
+    if "custom_fields" in request.data.keys():
+
+        for field in request.data["custom_fields"]:
+
+            custom_field = field
+            custom_field["agent"] = agent.id  # type: ignore
+
+            if AgentCustomField.objects.filter(
+                field=field["field"], agent=agent.id  # type: ignore
+            ):
+                value = AgentCustomField.objects.get(
+                    field=field["field"], agent=agent.id  # type: ignore
+                )
+                serializer = AgentCustomFieldSerializer(
+                    instance=value, data=custom_field
+                )
+                serializer.is_valid(raise_exception=True)
+                serializer.save()
+            else:
+                serializer = AgentCustomFieldSerializer(data=custom_field)
+                serializer.is_valid(raise_exception=True)
+                serializer.save()
+
     return Response("ok")
 
 
 @api_view()
+@permission_classes([IsAuthenticated, MeshPerms])
 def meshcentral(request, pk):
     agent = get_object_or_404(Agent, pk=pk)
     core = CoreSettings.objects.first()
@@ -151,9 +193,6 @@ def agent_detail(request, pk):
 @api_view()
 def get_processes(request, pk):
     agent = get_object_or_404(Agent, pk=pk)
-    if pyver.parse(agent.version) < pyver.parse("1.2.0"):
-        return notify_error("Requires agent version 1.2.0 or greater")
-
     r = asyncio.run(agent.nats_cmd(data={"func": "procs"}, timeout=5))
     if r == "timeout":
         return notify_error("Unable to contact the agent")
@@ -161,11 +200,9 @@ def get_processes(request, pk):
 
 
 @api_view()
+@permission_classes([IsAuthenticated, ManageProcPerms])
 def kill_proc(request, pk, pid):
     agent = get_object_or_404(Agent, pk=pk)
-    if not agent.has_nats:
-        return notify_error("Requires agent version 1.1.0 or greater")
-
     r = asyncio.run(
         agent.nats_cmd({"func": "killproc", "procpid": int(pid)}, timeout=15)
     )
@@ -179,10 +216,9 @@ def kill_proc(request, pk, pid):
 
 
 @api_view()
+@permission_classes([IsAuthenticated, EvtLogPerms])
 def get_event_log(request, pk, logtype, days):
     agent = get_object_or_404(Agent, pk=pk)
-    if not agent.has_nats:
-        return notify_error("Requires agent version 1.1.0 or greater")
     timeout = 180 if logtype == "Security" else 30
     data = {
         "func": "eventlog",
@@ -200,10 +236,9 @@ def get_event_log(request, pk, logtype, days):
 
 
 @api_view(["POST"])
+@permission_classes([IsAuthenticated, SendCMDPerms])
 def send_raw_cmd(request):
     agent = get_object_or_404(Agent, pk=request.data["pk"])
-    if not agent.has_nats:
-        return notify_error("Requires agent version 1.1.0 or greater")
     timeout = int(request.data["timeout"])
     data = {
         "func": "rawcmd",
@@ -228,15 +263,32 @@ def send_raw_cmd(request):
     return Response(r)
 
 
-class AgentsTableList(generics.ListAPIView):
-    queryset = (
-        Agent.objects.select_related("site")
-        .prefetch_related("agentchecks")
-        .only(
+class AgentsTableList(APIView):
+    def patch(self, request):
+        if "sitePK" in request.data.keys():
+            queryset = (
+                Agent.objects.select_related("site", "policy", "alert_template")
+                .prefetch_related("agentchecks")
+                .filter(site_id=request.data["sitePK"])
+            )
+        elif "clientPK" in request.data.keys():
+            queryset = (
+                Agent.objects.select_related("site", "policy", "alert_template")
+                .prefetch_related("agentchecks")
+                .filter(site__client_id=request.data["clientPK"])
+            )
+        else:
+            queryset = Agent.objects.select_related(
+                "site", "policy", "alert_template"
+            ).prefetch_related("agentchecks")
+
+        queryset = queryset.only(
             "pk",
             "hostname",
             "agent_id",
             "site",
+            "policy",
+            "alert_template",
             "monitoring_type",
             "description",
             "needs_reboot",
@@ -250,15 +302,10 @@ class AgentsTableList(generics.ListAPIView):
             "last_logged_in_user",
             "time_zone",
             "maintenance_mode",
+            "pending_actions_count",
+            "has_patches_pending",
         )
-    )
-    serializer_class = AgentTableSerializer
-
-    def list(self, request):
-        queryset = self.get_queryset()
-        ctx = {
-            "default_tz": pytz.timezone(CoreSettings.objects.first().default_time_zone)
-        }
+        ctx = {"default_tz": get_default_timezone()}
         serializer = AgentTableSerializer(queryset, many=True, context=ctx)
         return Response(serializer.data)
 
@@ -275,66 +322,6 @@ def agent_edit_details(request, pk):
     return Response(AgentEditSerializer(agent).data)
 
 
-@api_view()
-def by_client(request, clientpk):
-    agents = (
-        Agent.objects.select_related("site")
-        .filter(site__client_id=clientpk)
-        .prefetch_related("agentchecks")
-        .only(
-            "pk",
-            "hostname",
-            "agent_id",
-            "site",
-            "monitoring_type",
-            "description",
-            "needs_reboot",
-            "overdue_text_alert",
-            "overdue_email_alert",
-            "overdue_time",
-            "offline_time",
-            "last_seen",
-            "boot_time",
-            "logged_in_username",
-            "last_logged_in_user",
-            "time_zone",
-            "maintenance_mode",
-        )
-    )
-    ctx = {"default_tz": pytz.timezone(CoreSettings.objects.first().default_time_zone)}
-    return Response(AgentTableSerializer(agents, many=True, context=ctx).data)
-
-
-@api_view()
-def by_site(request, sitepk):
-    agents = (
-        Agent.objects.filter(site_id=sitepk)
-        .select_related("site")
-        .prefetch_related("agentchecks")
-        .only(
-            "pk",
-            "hostname",
-            "agent_id",
-            "site",
-            "monitoring_type",
-            "description",
-            "needs_reboot",
-            "overdue_text_alert",
-            "overdue_email_alert",
-            "overdue_time",
-            "offline_time",
-            "last_seen",
-            "boot_time",
-            "logged_in_username",
-            "last_logged_in_user",
-            "time_zone",
-            "maintenance_mode",
-        )
-    )
-    ctx = {"default_tz": pytz.timezone(CoreSettings.objects.first().default_time_zone)}
-    return Response(AgentTableSerializer(agents, many=True, context=ctx).data)
-
-
 @api_view(["POST"])
 def overdue_action(request):
     agent = get_object_or_404(Agent, pk=request.data["pk"])
@@ -347,12 +334,10 @@ def overdue_action(request):
 
 
 class Reboot(APIView):
+    permission_classes = [IsAuthenticated, RebootAgentPerms]
     # reboot now
     def post(self, request):
         agent = get_object_or_404(Agent, pk=request.data["pk"])
-        if not agent.has_nats:
-            return notify_error("Requires agent version 1.1.0 or greater")
-
         r = asyncio.run(agent.nats_cmd({"func": "rebootnow"}, timeout=10))
         if r != "ok":
             return notify_error("Unable to contact the agent")
@@ -362,8 +347,6 @@ class Reboot(APIView):
     # reboot later
     def patch(self, request):
         agent = get_object_or_404(Agent, pk=request.data["pk"])
-        if not agent.has_gotasks:
-            return notify_error("Requires agent version 1.1.1 or greater")
 
         try:
             obj = dt.datetime.strptime(request.data["datetime"], "%Y-%m-%d %H:%M")
@@ -378,6 +361,7 @@ class Reboot(APIView):
             "func": "schedtask",
             "schedtaskpayload": {
                 "type": "schedreboot",
+                "deleteafter": True,
                 "trigger": "once",
                 "name": task_name,
                 "year": int(dt.datetime.strftime(obj, "%Y")),
@@ -388,9 +372,6 @@ class Reboot(APIView):
             },
         }
 
-        if pyver.parse(agent.version) >= pyver.parse("1.1.2"):
-            nats_data["schedtaskpayload"]["deleteafter"] = True
-
         r = asyncio.run(agent.nats_cmd(nats_data, timeout=10))
         if r != "ok":
             return notify_error(r)
@@ -406,9 +387,12 @@ class Reboot(APIView):
 
 
 @api_view(["POST"])
+@permission_classes([IsAuthenticated, InstallAgentPerms])
 def install_agent(request):
     from knox.models import AuthToken
 
+    from agents.utils import get_winagent_url
+
     client_id = request.data["client"]
     site_id = request.data["site"]
     version = settings.LATEST_AGENT_VER
@@ -429,131 +413,27 @@ def install_agent(request):
     inno = (
         f"winagent-v{version}.exe" if arch == "64" else f"winagent-v{version}-x86.exe"
     )
-    download_url = settings.DL_64 if arch == "64" else settings.DL_32
+    download_url = get_winagent_url(arch)
 
     _, token = AuthToken.objects.create(
         user=request.user, expiry=dt.timedelta(hours=request.data["expires"])
     )
 
     if request.data["installMethod"] == "exe":
-        go_bin = "/usr/local/rmmgo/go/bin/go"
+        from tacticalrmm.utils import generate_winagent_exe
 
-        if not os.path.exists(go_bin):
-            return Response("nogolang", status=status.HTTP_409_CONFLICT)
-
-        api = request.data["api"]
-        atype = request.data["agenttype"]
-        rdp = request.data["rdp"]
-        ping = request.data["ping"]
-        power = request.data["power"]
-
-        file_name = "rmm-installer.exe"
-        exe = os.path.join(settings.EXE_DIR, file_name)
-
-        if os.path.exists(exe):
-            try:
-                os.remove(exe)
-            except Exception as e:
-                logger.error(str(e))
-
-        goarch = "amd64" if arch == "64" else "386"
-        cmd = [
-            "env",
-            "GOOS=windows",
-            f"GOARCH={goarch}",
-            go_bin,
-            "build",
-            f"-ldflags=\"-s -w -X 'main.Inno={inno}'",
-            f"-X 'main.Api={api}'",
-            f"-X 'main.Client={client_id}'",
-            f"-X 'main.Site={site_id}'",
-            f"-X 'main.Atype={atype}'",
-            f"-X 'main.Rdp={rdp}'",
-            f"-X 'main.Ping={ping}'",
-            f"-X 'main.Power={power}'",
-            f"-X 'main.DownloadUrl={download_url}'",
-            f"-X 'main.Token={token}'\"",
-            "-o",
-            exe,
-        ]
-
-        build_error = False
-        gen_error = False
-
-        gen = [
-            "env",
-            "GOOS=windows",
-            f"GOARCH={goarch}",
-            go_bin,
-            "generate",
-        ]
-        try:
-            r1 = subprocess.run(
-                " ".join(gen),
-                capture_output=True,
-                shell=True,
-                cwd=os.path.join(settings.BASE_DIR, "core/goinstaller"),
-            )
-        except Exception as e:
-            gen_error = True
-            logger.error(str(e))
-            return Response(
-                "genfailed", status=status.HTTP_413_REQUEST_ENTITY_TOO_LARGE
-            )
-
-        if r1.returncode != 0:
-            gen_error = True
-            if r1.stdout:
-                logger.error(r1.stdout.decode("utf-8", errors="ignore"))
-
-            if r1.stderr:
-                logger.error(r1.stderr.decode("utf-8", errors="ignore"))
-
-            logger.error(f"Go build failed with return code {r1.returncode}")
-
-        if gen_error:
-            return Response(
-                "genfailed", status=status.HTTP_413_REQUEST_ENTITY_TOO_LARGE
-            )
-
-        try:
-            r = subprocess.run(
-                " ".join(cmd),
-                capture_output=True,
-                shell=True,
-                cwd=os.path.join(settings.BASE_DIR, "core/goinstaller"),
-            )
-        except Exception as e:
-            build_error = True
-            logger.error(str(e))
-            return Response("buildfailed", status=status.HTTP_412_PRECONDITION_FAILED)
-
-        if r.returncode != 0:
-            build_error = True
-            if r.stdout:
-                logger.error(r.stdout.decode("utf-8", errors="ignore"))
-
-            if r.stderr:
-                logger.error(r.stderr.decode("utf-8", errors="ignore"))
-
-            logger.error(f"Go build failed with return code {r.returncode}")
-
-        if build_error:
-            return Response("buildfailed", status=status.HTTP_412_PRECONDITION_FAILED)
-
-        if settings.DEBUG:
-            with open(exe, "rb") as f:
-                response = HttpResponse(
-                    f.read(),
-                    content_type="application/vnd.microsoft.portable-executable",
-                )
-                response["Content-Disposition"] = f"inline; filename={file_name}"
-                return response
-        else:
-            response = HttpResponse()
-            response["Content-Disposition"] = f"attachment; filename={file_name}"
-            response["X-Accel-Redirect"] = f"/private/exe/{file_name}"
-            return response
+        return generate_winagent_exe(
+            client=client_id,
+            site=site_id,
+            agent_type=request.data["agenttype"],
+            rdp=request.data["rdp"],
+            ping=request.data["ping"],
+            power=request.data["power"],
+            arch=arch,
+            token=token,
+            api=request.data["api"],
+            file_name=request.data["fileName"],
+        )
 
     elif request.data["installMethod"] == "manual":
         cmd = [
@@ -647,22 +527,14 @@ def recover(request):
     agent = get_object_or_404(Agent, pk=request.data["pk"])
     mode = request.data["mode"]
 
-    if pyver.parse(agent.version) <= pyver.parse("0.9.5"):
-        return notify_error("Only available in agent version greater than 0.9.5")
+    # attempt a realtime recovery, otherwise fall back to old recovery method
+    if mode == "tacagent" or mode == "mesh":
+        data = {"func": "recover", "payload": {"mode": mode}}
+        r = asyncio.run(agent.nats_cmd(data, timeout=10))
+        if r == "ok":
+            return Response("Successfully completed recovery")
 
-    if not agent.has_nats:
-        if mode == "tacagent" or mode == "rpc":
-            return notify_error("Requires agent version 1.1.0 or greater")
-
-    # attempt a realtime recovery if supported, otherwise fall back to old recovery method
-    if agent.has_nats:
-        if mode == "tacagent" or mode == "mesh":
-            data = {"func": "recover", "payload": {"mode": mode}}
-            r = asyncio.run(agent.nats_cmd(data, timeout=10))
-            if r == "ok":
-                return Response("Successfully completed recovery")
-
-    if agent.recoveryactions.filter(last_run=None).exists():
+    if agent.recoveryactions.filter(last_run=None).exists():  # type: ignore
         return notify_error(
             "A recovery action is currently pending. Please wait for the next agent check-in."
         )
@@ -688,12 +560,12 @@ def recover(request):
 
 
 @api_view(["POST"])
+@permission_classes([IsAuthenticated, RunScriptPerms])
 def run_script(request):
     agent = get_object_or_404(Agent, pk=request.data["pk"])
-    if not agent.has_nats:
-        return notify_error("Requires agent version 1.1.0 or greater")
     script = get_object_or_404(Script, pk=request.data["scriptPK"])
     output = request.data["output"]
+    args = request.data["args"]
     req_timeout = int(request.data["timeout"]) + 3
 
     AuditLog.audit_script_run(
@@ -703,13 +575,12 @@ def run_script(request):
     )
 
     if output == "wait":
-        r = agent.run_script(scriptpk=script.pk, timeout=req_timeout, wait=True)
+        r = agent.run_script(
+            scriptpk=script.pk, args=args, timeout=req_timeout, wait=True
+        )
         return Response(r)
 
     elif output == "email":
-        if not pyver.parse(agent.version) >= pyver.parse("1.1.12"):
-            return notify_error("Requires agent version 1.1.12 or greater")
-
         emails = (
             [] if request.data["emailmode"] == "default" else request.data["emails"]
         )
@@ -718,9 +589,10 @@ def run_script(request):
             scriptpk=script.pk,
             nats_timeout=req_timeout,
             emails=emails,
+            args=args,
         )
     else:
-        agent.run_script(scriptpk=script.pk, timeout=req_timeout)
+        agent.run_script(scriptpk=script.pk, args=args, timeout=req_timeout)
 
     return Response(f"{script.name} will now be run on {agent.hostname}")
 
@@ -728,11 +600,8 @@ def run_script(request):
 @api_view()
 def recover_mesh(request, pk):
     agent = get_object_or_404(Agent, pk=pk)
-    if not agent.has_nats:
-        return notify_error("Requires agent version 1.1.0 or greater")
-
     data = {"func": "recover", "payload": {"mode": "mesh"}}
-    r = asyncio.run(agent.nats_cmd(data, timeout=45))
+    r = asyncio.run(agent.nats_cmd(data, timeout=90))
     if r != "ok":
         return notify_error("Unable to contact the agent")
 
@@ -774,6 +643,8 @@ class GetAddNotes(APIView):
 
 
 class GetEditDeleteNote(APIView):
+    permission_classes = [IsAuthenticated, ManageNotesPerms]
+
     def get(self, request, pk):
         note = get_object_or_404(Note, pk=pk)
         return Response(NoteSerializer(note).data)
@@ -792,6 +663,7 @@ class GetEditDeleteNote(APIView):
 
 
 @api_view(["POST"])
+@permission_classes([IsAuthenticated, RunBulkPerms])
 def bulk(request):
     if request.data["target"] == "agents" and not request.data["agentPKs"]:
         return notify_error("Must select at least 1 agent")
@@ -812,7 +684,7 @@ def bulk(request):
     elif request.data["monType"] == "workstations":
         q = q.filter(monitoring_type="workstation")
 
-    agents: List[int] = [agent.pk for agent in q]
+    agents: list[int] = [agent.pk for agent in q]
 
     AuditLog.audit_bulk_action(request.user, request.data["mode"], request.data)
 
@@ -841,49 +713,6 @@ def bulk(request):
     return notify_error("Something went wrong")
 
 
-@api_view(["POST"])
-def agent_counts(request):
-
-    server_offline_count = len(
-        [
-            agent
-            for agent in Agent.objects.filter(monitoring_type="server").only(
-                "pk",
-                "last_seen",
-                "overdue_time",
-                "offline_time",
-            )
-            if not agent.status == "online"
-        ]
-    )
-
-    workstation_offline_count = len(
-        [
-            agent
-            for agent in Agent.objects.filter(monitoring_type="workstation").only(
-                "pk",
-                "last_seen",
-                "overdue_time",
-                "offline_time",
-            )
-            if not agent.status == "online"
-        ]
-    )
-
-    return Response(
-        {
-            "total_server_count": Agent.objects.filter(
-                monitoring_type="server"
-            ).count(),
-            "total_server_offline_count": server_offline_count,
-            "total_workstation_count": Agent.objects.filter(
-                monitoring_type="workstation"
-            ).count(),
-            "total_workstation_offline_count": workstation_offline_count,
-        }
-    )
-
-
 @api_view(["POST"])
 def agent_maintenance(request):
     if request.data["type"] == "Client":
@@ -910,9 +739,6 @@ def agent_maintenance(request):
 class WMI(APIView):
     def get(self, request, pk):
         agent = get_object_or_404(Agent, pk=pk)
-        if pyver.parse(agent.version) < pyver.parse("1.1.2"):
-            return notify_error("Requires agent version 1.1.2 or greater")
-
         r = asyncio.run(agent.nats_cmd({"func": "sysinfo"}, timeout=20))
         if r != "ok":
             return notify_error("Unable to contact the agent")

api/tacticalrmm/alerts/admin.py

@@ -2,6 +2,5 @@ from django.contrib import admin
 
 from .models import Alert, AlertTemplate
 
-
 admin.site.register(Alert)
 admin.site.register(AlertTemplate)

api/tacticalrmm/alerts/migrations/0001_initial.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.1 on 2020-08-15 15:31
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/alerts/migrations/0003_auto_20201021_1815.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.1.2 on 2020-10-21 18:15
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/alerts/migrations/0004_auto_20210212_1408.py

@@ -1,8 +1,8 @@
 # Generated by Django 3.1.4 on 2021-02-12 14:08
 
 import django.contrib.postgres.fields
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/alerts/migrations/0006_auto_20210217_1736.py

@@ -0,0 +1,72 @@
+# Generated by Django 3.1.6 on 2021-02-17 17:36
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0005_auto_20210212_1745'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='alerttemplate',
+            name='agent_include_desktops',
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='exclude_servers',
+            field=models.BooleanField(blank=True, default=False, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='exclude_workstations',
+            field=models.BooleanField(blank=True, default=False, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='agent_always_alert',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='agent_always_email',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='agent_always_text',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='check_always_alert',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='check_always_email',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='check_always_text',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='task_always_alert',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='task_always_email',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='task_always_text',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+    ]

api/tacticalrmm/alerts/models.py

@@ -1,7 +1,21 @@
-from django.db import models
+from __future__ import annotations
+
+import re
+from typing import TYPE_CHECKING, Union
+
+from django.conf import settings
 from django.contrib.postgres.fields import ArrayField
+from django.db import models
 from django.db.models.fields import BooleanField, PositiveIntegerField
 from django.utils import timezone as djangotime
+from loguru import logger
+
+if TYPE_CHECKING:
+    from agents.models import Agent
+    from autotasks.models import AutomatedTask
+    from checks.models import Check
+
+logger.configure(**settings.LOG_CONFIG)
 
 SEVERITY_CHOICES = [
     ("info", "Informational"),
@@ -78,18 +92,20 @@ class Alert(models.Model):
         self.save()
 
     @classmethod
-    def create_availability_alert(cls, agent):
+    def create_or_return_availability_alert(cls, agent):
         if not cls.objects.filter(agent=agent, resolved=False).exists():
             return cls.objects.create(
                 agent=agent,
                 alert_type="availability",
                 severity="error",
-                message=f"{agent.hostname} in {agent.client.name}\\{agent.site.name} is Offline.",
+                message=f"{agent.hostname} in {agent.client.name}\\{agent.site.name} is overdue.",
                 hidden=True,
             )
+        else:
+            return cls.objects.get(agent=agent, resolved=False)
 
     @classmethod
-    def create_check_alert(cls, check):
+    def create_or_return_check_alert(cls, check):
 
         if not cls.objects.filter(assigned_check=check, resolved=False).exists():
             return cls.objects.create(
@@ -99,9 +115,11 @@ class Alert(models.Model):
                 message=f"{check.agent.hostname} has a {check.check_type} check: {check.readable_desc} that failed.",
                 hidden=True,
             )
+        else:
+            return cls.objects.get(assigned_check=check, resolved=False)
 
     @classmethod
-    def create_task_alert(cls, task):
+    def create_or_return_task_alert(cls, task):
 
         if not cls.objects.filter(assigned_task=task, resolved=False).exists():
             return cls.objects.create(
@@ -111,10 +129,335 @@ class Alert(models.Model):
                 message=f"{task.agent.hostname} has task: {task.name} that failed.",
                 hidden=True,
             )
+        else:
+            return cls.objects.get(assigned_task=task, resolved=False)
 
     @classmethod
-    def create_custom_alert(cls, custom):
-        pass
+    def handle_alert_failure(cls, instance: Union[Agent, AutomatedTask, Check]) -> None:
+        from agents.models import Agent
+        from autotasks.models import AutomatedTask
+        from checks.models import Check
+
+        # set variables
+        dashboard_severities = None
+        email_severities = None
+        text_severities = None
+        always_dashboard = None
+        always_email = None
+        always_text = None
+        alert_interval = None
+        email_task = None
+        text_task = None
+
+        # check what the instance passed is
+        if isinstance(instance, Agent):
+            from agents.tasks import agent_outage_email_task, agent_outage_sms_task
+
+            email_task = agent_outage_email_task
+            text_task = agent_outage_sms_task
+
+            email_alert = instance.overdue_email_alert
+            text_alert = instance.overdue_text_alert
+            dashboard_alert = instance.overdue_dashboard_alert
+            alert_template = instance.alert_template
+            maintenance_mode = instance.maintenance_mode
+            alert_severity = "error"
+            agent = instance
+
+            # set alert_template settings
+            if alert_template:
+                dashboard_severities = ["error"]
+                email_severities = ["error"]
+                text_severities = ["error"]
+                always_dashboard = alert_template.agent_always_alert
+                always_email = alert_template.agent_always_email
+                always_text = alert_template.agent_always_text
+                alert_interval = alert_template.agent_periodic_alert_days
+
+            if instance.should_create_alert(alert_template):
+                alert = cls.create_or_return_availability_alert(instance)
+            else:
+                # check if there is an alert that exists
+                if cls.objects.filter(agent=instance, resolved=False).exists():
+                    alert = cls.objects.get(agent=instance, resolved=False)
+                else:
+                    alert = None
+
+        elif isinstance(instance, Check):
+            from checks.tasks import (
+                handle_check_email_alert_task,
+                handle_check_sms_alert_task,
+            )
+
+            email_task = handle_check_email_alert_task
+            text_task = handle_check_sms_alert_task
+
+            email_alert = instance.email_alert
+            text_alert = instance.text_alert
+            dashboard_alert = instance.dashboard_alert
+            alert_template = instance.agent.alert_template
+            maintenance_mode = instance.agent.maintenance_mode
+            alert_severity = instance.alert_severity
+            agent = instance.agent
+
+            # set alert_template settings
+            if alert_template:
+                dashboard_severities = alert_template.check_dashboard_alert_severity
+                email_severities = alert_template.check_email_alert_severity
+                text_severities = alert_template.check_text_alert_severity
+                always_dashboard = alert_template.check_always_alert
+                always_email = alert_template.check_always_email
+                always_text = alert_template.check_always_text
+                alert_interval = alert_template.check_periodic_alert_days
+
+            if instance.should_create_alert(alert_template):
+                alert = cls.create_or_return_check_alert(instance)
+            else:
+                # check if there is an alert that exists
+                if cls.objects.filter(assigned_check=instance, resolved=False).exists():
+                    alert = cls.objects.get(assigned_check=instance, resolved=False)
+                else:
+                    alert = None
+
+        elif isinstance(instance, AutomatedTask):
+            from autotasks.tasks import handle_task_email_alert, handle_task_sms_alert
+
+            email_task = handle_task_email_alert
+            text_task = handle_task_sms_alert
+
+            email_alert = instance.email_alert
+            text_alert = instance.text_alert
+            dashboard_alert = instance.dashboard_alert
+            alert_template = instance.agent.alert_template
+            maintenance_mode = instance.agent.maintenance_mode
+            alert_severity = instance.alert_severity
+            agent = instance.agent
+
+            # set alert_template settings
+            if alert_template:
+                dashboard_severities = alert_template.task_dashboard_alert_severity
+                email_severities = alert_template.task_email_alert_severity
+                text_severities = alert_template.task_text_alert_severity
+                always_dashboard = alert_template.task_always_alert
+                always_email = alert_template.task_always_email
+                always_text = alert_template.task_always_text
+                alert_interval = alert_template.task_periodic_alert_days
+
+            if instance.should_create_alert(alert_template):
+                alert = cls.create_or_return_task_alert(instance)
+            else:
+                # check if there is an alert that exists
+                if cls.objects.filter(assigned_task=instance, resolved=False).exists():
+                    alert = cls.objects.get(assigned_task=instance, resolved=False)
+                else:
+                    alert = None
+        else:
+            return
+
+        # return if agent is in maintenance mode
+        if maintenance_mode or not alert:
+            return
+
+        # check if alert severity changed on check and update the alert
+        if alert_severity != alert.severity:
+            alert.severity = alert_severity
+            alert.save(update_fields=["severity"])
+
+        # create alert in dashboard if enabled
+        if dashboard_alert or always_dashboard:
+
+            # check if alert template is set and specific severities are configured
+            if alert_template and alert.severity not in dashboard_severities:  # type: ignore
+                pass
+            else:
+                alert.hidden = False
+                alert.save()
+
+        # send email if enabled
+        if email_alert or always_email:
+
+            # check if alert template is set and specific severities are configured
+            if alert_template and alert.severity not in email_severities:  # type: ignore
+                pass
+            else:
+                email_task.delay(
+                    pk=alert.pk,
+                    alert_interval=alert_interval,
+                )
+
+        # send text if enabled
+        if text_alert or always_text:
+
+            # check if alert template is set and specific severities are configured
+            if alert_template and alert.severity not in text_severities:  # type: ignore
+                pass
+            else:
+                text_task.delay(pk=alert.pk, alert_interval=alert_interval)
+
+        # check if any scripts should be run
+        if alert_template and alert_template.action and not alert.action_run:
+            r = agent.run_script(
+                scriptpk=alert_template.action.pk,
+                args=alert.parse_script_args(alert_template.action_args),
+                timeout=alert_template.action_timeout,
+                wait=True,
+                full=True,
+                run_on_any=True,
+            )
+
+            # command was successful
+            if type(r) == dict:
+                alert.action_retcode = r["retcode"]
+                alert.action_stdout = r["stdout"]
+                alert.action_stderr = r["stderr"]
+                alert.action_execution_time = "{:.4f}".format(r["execution_time"])
+                alert.action_run = djangotime.now()
+                alert.save()
+            else:
+                logger.error(
+                    f"Failure action: {alert_template.action.name} failed to run on any agent for {agent.hostname} failure alert"
+                )
+
+    @classmethod
+    def handle_alert_resolve(cls, instance: Union[Agent, AutomatedTask, Check]) -> None:
+        from agents.models import Agent
+        from autotasks.models import AutomatedTask
+        from checks.models import Check
+
+        # set variables
+        email_on_resolved = False
+        text_on_resolved = False
+        resolved_email_task = None
+        resolved_text_task = None
+
+        # check what the instance passed is
+        if isinstance(instance, Agent):
+            from agents.tasks import agent_recovery_email_task, agent_recovery_sms_task
+
+            resolved_email_task = agent_recovery_email_task
+            resolved_text_task = agent_recovery_sms_task
+
+            alert_template = instance.alert_template
+            alert = cls.objects.get(agent=instance, resolved=False)
+            maintenance_mode = instance.maintenance_mode
+            agent = instance
+
+            if alert_template:
+                email_on_resolved = alert_template.agent_email_on_resolved
+                text_on_resolved = alert_template.agent_text_on_resolved
+
+        elif isinstance(instance, Check):
+            from checks.tasks import (
+                handle_resolved_check_email_alert_task,
+                handle_resolved_check_sms_alert_task,
+            )
+
+            resolved_email_task = handle_resolved_check_email_alert_task
+            resolved_text_task = handle_resolved_check_sms_alert_task
+
+            alert_template = instance.agent.alert_template
+            alert = cls.objects.get(assigned_check=instance, resolved=False)
+            maintenance_mode = instance.agent.maintenance_mode
+            agent = instance.agent
+
+            if alert_template:
+                email_on_resolved = alert_template.check_email_on_resolved
+                text_on_resolved = alert_template.check_text_on_resolved
+
+        elif isinstance(instance, AutomatedTask):
+            from autotasks.tasks import (
+                handle_resolved_task_email_alert,
+                handle_resolved_task_sms_alert,
+            )
+
+            resolved_email_task = handle_resolved_task_email_alert
+            resolved_text_task = handle_resolved_task_sms_alert
+
+            alert_template = instance.agent.alert_template
+            alert = cls.objects.get(assigned_task=instance, resolved=False)
+            maintenance_mode = instance.agent.maintenance_mode
+            agent = instance.agent
+
+            if alert_template:
+                email_on_resolved = alert_template.task_email_on_resolved
+                text_on_resolved = alert_template.task_text_on_resolved
+
+        else:
+            return
+
+        # return if agent is in maintenance mode
+        if maintenance_mode:
+            return
+
+        alert.resolve()
+
+        # check if a resolved email notification should be send
+        if email_on_resolved and not alert.resolved_email_sent:
+            resolved_email_task.delay(pk=alert.pk)
+
+        # check if resolved text should be sent
+        if text_on_resolved and not alert.resolved_sms_sent:
+            resolved_text_task.delay(pk=alert.pk)
+
+        # check if resolved script should be run
+        if (
+            alert_template
+            and alert_template.resolved_action
+            and not alert.resolved_action_run
+        ):
+            r = agent.run_script(
+                scriptpk=alert_template.resolved_action.pk,
+                args=alert.parse_script_args(alert_template.resolved_action_args),
+                timeout=alert_template.resolved_action_timeout,
+                wait=True,
+                full=True,
+                run_on_any=True,
+            )
+
+            # command was successful
+            if type(r) == dict:
+                alert.resolved_action_retcode = r["retcode"]
+                alert.resolved_action_stdout = r["stdout"]
+                alert.resolved_action_stderr = r["stderr"]
+                alert.resolved_action_execution_time = "{:.4f}".format(
+                    r["execution_time"]
+                )
+                alert.resolved_action_run = djangotime.now()
+                alert.save()
+            else:
+                logger.error(
+                    f"Resolved action: {alert_template.action.name} failed to run on any agent for {agent.hostname} resolved alert"
+                )
+
+    def parse_script_args(self, args: list[str]):
+
+        if not args:
+            return []
+
+        temp_args = list()
+        # pattern to match for injection
+        pattern = re.compile(".*\\{\\{alert\\.(.*)\\}\\}.*")
+
+        for arg in args:
+            match = pattern.match(arg)
+            if match:
+                name = match.group(1)
+
+                if hasattr(self, name):
+                    value = f"'{getattr(self, name)}'"
+                else:
+                    continue
+
+                try:
+                    temp_args.append(re.sub("\\{\\{.*\\}\\}", value, arg))  # type: ignore
+                except Exception as e:
+                    logger.error(e)
+                    continue
+
+            else:
+                temp_args.append(arg)
+
+        return temp_args
 
 
 class AlertTemplate(models.Model):
@@ -170,10 +513,9 @@ class AlertTemplate(models.Model):
     # agent alert settings
     agent_email_on_resolved = BooleanField(null=True, blank=True, default=False)
     agent_text_on_resolved = BooleanField(null=True, blank=True, default=False)
-    agent_include_desktops = BooleanField(null=True, blank=True, default=False)
-    agent_always_email = BooleanField(null=True, blank=True, default=False)
-    agent_always_text = BooleanField(null=True, blank=True, default=False)
-    agent_always_alert = BooleanField(null=True, blank=True, default=False)
+    agent_always_email = BooleanField(null=True, blank=True, default=None)
+    agent_always_text = BooleanField(null=True, blank=True, default=None)
+    agent_always_alert = BooleanField(null=True, blank=True, default=None)
     agent_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
 
     # check alert settings
@@ -194,9 +536,9 @@ class AlertTemplate(models.Model):
     )
     check_email_on_resolved = BooleanField(null=True, blank=True, default=False)
     check_text_on_resolved = BooleanField(null=True, blank=True, default=False)
-    check_always_email = BooleanField(null=True, blank=True, default=False)
-    check_always_text = BooleanField(null=True, blank=True, default=False)
-    check_always_alert = BooleanField(null=True, blank=True, default=False)
+    check_always_email = BooleanField(null=True, blank=True, default=None)
+    check_always_text = BooleanField(null=True, blank=True, default=None)
+    check_always_alert = BooleanField(null=True, blank=True, default=None)
     check_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
 
     # task alert settings
@@ -217,11 +559,15 @@ class AlertTemplate(models.Model):
     )
     task_email_on_resolved = BooleanField(null=True, blank=True, default=False)
     task_text_on_resolved = BooleanField(null=True, blank=True, default=False)
-    task_always_email = BooleanField(null=True, blank=True, default=False)
-    task_always_text = BooleanField(null=True, blank=True, default=False)
-    task_always_alert = BooleanField(null=True, blank=True, default=False)
+    task_always_email = BooleanField(null=True, blank=True, default=None)
+    task_always_text = BooleanField(null=True, blank=True, default=None)
+    task_always_alert = BooleanField(null=True, blank=True, default=None)
     task_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
 
+    # exclusion settings
+    exclude_workstations = BooleanField(null=True, blank=True, default=False)
+    exclude_servers = BooleanField(null=True, blank=True, default=False)
+
     excluded_sites = models.ManyToManyField(
         "clients.Site", related_name="alert_exclusions", blank=True
     )
@@ -240,7 +586,6 @@ class AlertTemplate(models.Model):
         return (
             self.agent_email_on_resolved
             or self.agent_text_on_resolved
-            or self.agent_include_desktops
             or self.agent_always_email
             or self.agent_always_text
             or self.agent_always_alert
@@ -281,4 +626,4 @@ class AlertTemplate(models.Model):
 
     @property
     def is_default_template(self) -> bool:
-        return self.default_alert_template.exists()
+        return self.default_alert_template.exists()  # type: ignore

api/tacticalrmm/alerts/permissions.py

@@ -0,0 +1,11 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class ManageAlertsPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET" or r.method == "PATCH":
+            return True
+
+        return _has_perm(r, "can_manage_alerts")

api/tacticalrmm/alerts/serializers.py

@@ -1,13 +1,10 @@
 from rest_framework.fields import SerializerMethodField
-from rest_framework.serializers import (
-    ModelSerializer,
-    ReadOnlyField,
-)
+from rest_framework.serializers import ModelSerializer, ReadOnlyField
 
-from clients.serializers import ClientSerializer, SiteSerializer
 from automation.serializers import PolicySerializer
-
+from clients.serializers import ClientSerializer, SiteSerializer
 from tacticalrmm.utils import get_default_timezone
+
 from .models import Alert, AlertTemplate
 
 

api/tacticalrmm/alerts/tasks.py

@@ -1,8 +1,7 @@
 from django.utils import timezone as djangotime
 
-from tacticalrmm.celery import app
-
 from alerts.models import Alert
+from tacticalrmm.celery import app
 
 
 @app.task
@@ -13,3 +12,13 @@ def unsnooze_alerts() -> str:
     )
 
     return "ok"
+
+
+@app.task
+def cache_agents_alert_template():
+    from agents.models import Agent
+
+    for agent in Agent.objects.only("pk"):
+        agent.set_alert_template()
+
+    return "ok"

api/tacticalrmm/alerts/urls.py

@@ -1,4 +1,5 @@
 from django.urls import path
+
 from . import views
 
 urlpatterns = [

api/tacticalrmm/alerts/views.py

@@ -1,22 +1,27 @@
-from django.shortcuts import get_object_or_404
-from django.db.models import Q
 from datetime import datetime as dt
+
+from django.db.models import Q
+from django.shortcuts import get_object_or_404
 from django.utils import timezone as djangotime
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+from rest_framework.views import APIView
 
 from tacticalrmm.utils import notify_error
-from rest_framework.views import APIView
-from rest_framework.response import Response
 
 from .models import Alert, AlertTemplate
-
+from .permissions import ManageAlertsPerms
 from .serializers import (
     AlertSerializer,
-    AlertTemplateSerializer,
     AlertTemplateRelationSerializer,
+    AlertTemplateSerializer,
 )
+from .tasks import cache_agents_alert_template
 
 
 class GetAddAlerts(APIView):
+    permission_classes = [IsAuthenticated, ManageAlertsPerms]
+
     def patch(self, request):
 
         # top 10 alerts for dashboard icon
@@ -108,6 +113,8 @@ class GetAddAlerts(APIView):
 
 
 class GetUpdateDeleteAlert(APIView):
+    permission_classes = [IsAuthenticated, ManageAlertsPerms]
+
     def get(self, request, pk):
         alert = get_object_or_404(Alert, pk=pk)
 
@@ -162,6 +169,8 @@ class GetUpdateDeleteAlert(APIView):
 
 
 class BulkAlerts(APIView):
+    permission_classes = [IsAuthenticated, ManageAlertsPerms]
+
     def post(self, request):
         if request.data["bulk_action"] == "resolve":
             Alert.objects.filter(id__in=request.data["alerts"]).update(
@@ -184,6 +193,8 @@ class BulkAlerts(APIView):
 
 
 class GetAddAlertTemplates(APIView):
+    permission_classes = [IsAuthenticated, ManageAlertsPerms]
+
     def get(self, request):
         alert_templates = AlertTemplate.objects.all()
 
@@ -194,10 +205,15 @@ class GetAddAlertTemplates(APIView):
         serializer.is_valid(raise_exception=True)
         serializer.save()
 
+        # cache alert_template value on agents
+        cache_agents_alert_template.delay()
+
         return Response("ok")
 
 
 class GetUpdateDeleteAlertTemplate(APIView):
+    permission_classes = [IsAuthenticated, ManageAlertsPerms]
+
     def get(self, request, pk):
         alert_template = get_object_or_404(AlertTemplate, pk=pk)
 
@@ -212,11 +228,17 @@ class GetUpdateDeleteAlertTemplate(APIView):
         serializer.is_valid(raise_exception=True)
         serializer.save()
 
+        # cache alert_template value on agents
+        cache_agents_alert_template.delay()
+
         return Response("ok")
 
     def delete(self, request, pk):
         get_object_or_404(AlertTemplate, pk=pk).delete()
 
+        # cache alert_template value on agents
+        cache_agents_alert_template.delay()
+
         return Response("ok")
 
 

api/tacticalrmm/apiv3/tests.py

@@ -1,11 +1,13 @@
-import os
 import json
+import os
+from unittest.mock import patch
 
 from django.conf import settings
-from tacticalrmm.test import TacticalTestCase
-from unittest.mock import patch
+from django.utils import timezone as djangotime
 from model_bakery import baker
-from itertools import cycle
+
+from autotasks.models import AutomatedTask
+from tacticalrmm.test import TacticalTestCase
 
 
 class TestAPIv3(TacticalTestCase):
@@ -17,8 +19,44 @@ class TestAPIv3(TacticalTestCase):
     def test_get_checks(self):
         url = f"/api/v3/{self.agent.agent_id}/checkrunner/"
 
+        # add a check
+        check1 = baker.make_recipe("checks.ping_check", agent=self.agent)
         r = self.client.get(url)
         self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.data["check_interval"], self.agent.check_interval)  # type: ignore
+        self.assertEqual(len(r.data["checks"]), 1)  # type: ignore
+
+        # override check run interval
+        check2 = baker.make_recipe(
+            "checks.ping_check", agent=self.agent, run_interval=20
+        )
+
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.data["check_interval"], 20)  # type: ignore
+        self.assertEqual(len(r.data["checks"]), 2)  # type: ignore
+
+        # Set last_run on both checks and should return an empty list
+        check1.last_run = djangotime.now()
+        check1.save()
+        check2.last_run = djangotime.now()
+        check2.save()
+
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.data["check_interval"], 20)  # type: ignore
+        self.assertFalse(r.data["checks"])  # type: ignore
+
+        # set last_run greater than interval
+        check1.last_run = djangotime.now() - djangotime.timedelta(seconds=200)
+        check1.save()
+        check2.last_run = djangotime.now() - djangotime.timedelta(seconds=200)
+        check2.save()
+
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.data["check_interval"], 20)  # type: ignore
+        self.assertEquals(len(r.data["checks"]), 2)  # type: ignore
 
         url = "/api/v3/Maj34ACb324j234asdj2n34kASDjh34-DESKTOPTEST123/checkrunner/"
         r = self.client.get(url)
@@ -52,3 +90,253 @@ class TestAPIv3(TacticalTestCase):
             r.json(),
             {"agent": self.agent.pk, "check_interval": self.agent.check_interval},
         )
+
+        # add check to agent with check interval set
+        check = baker.make_recipe(
+            "checks.ping_check", agent=self.agent, run_interval=30
+        )
+
+        r = self.client.get(url, format="json")
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(
+            r.json(),
+            {"agent": self.agent.pk, "check_interval": 30},
+        )
+
+        # minimum check run interval is 15 seconds
+        check = baker.make_recipe("checks.ping_check", agent=self.agent, run_interval=5)
+
+        r = self.client.get(url, format="json")
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(
+            r.json(),
+            {"agent": self.agent.pk, "check_interval": 15},
+        )
+
+    def test_run_checks(self):
+        # force run all checks regardless of interval
+        agent = baker.make_recipe("agents.online_agent")
+        baker.make_recipe("checks.ping_check", agent=agent)
+        baker.make_recipe("checks.diskspace_check", agent=agent)
+        baker.make_recipe("checks.cpuload_check", agent=agent)
+        baker.make_recipe("checks.memory_check", agent=agent)
+        baker.make_recipe("checks.eventlog_check", agent=agent)
+        for _ in range(10):
+            baker.make_recipe("checks.script_check", agent=agent)
+
+        url = f"/api/v3/{agent.agent_id}/runchecks/"
+        r = self.client.get(url)
+        self.assertEqual(r.json()["agent"], agent.pk)
+        self.assertIsInstance(r.json()["check_interval"], int)
+        self.assertEqual(len(r.json()["checks"]), 15)
+
+    def test_checkin_patch(self):
+        from logs.models import PendingAction
+
+        url = "/api/v3/checkin/"
+        agent_updated = baker.make_recipe("agents.agent", version="1.3.0")
+        PendingAction.objects.create(
+            agent=agent_updated,
+            action_type="agentupdate",
+            details={
+                "url": agent_updated.winagent_dl,
+                "version": agent_updated.version,
+                "inno": agent_updated.win_inno_exe,
+            },
+        )
+        action = agent_updated.pendingactions.filter(action_type="agentupdate").first()
+        self.assertEqual(action.status, "pending")
+
+        # test agent failed to update and still on same version
+        payload = {
+            "func": "hello",
+            "agent_id": agent_updated.agent_id,
+            "version": "1.3.0",
+        }
+        r = self.client.patch(url, payload, format="json")
+        self.assertEqual(r.status_code, 200)
+        action = agent_updated.pendingactions.filter(action_type="agentupdate").first()
+        self.assertEqual(action.status, "pending")
+
+        # test agent successful update
+        payload["version"] = settings.LATEST_AGENT_VER
+        r = self.client.patch(url, payload, format="json")
+        self.assertEqual(r.status_code, 200)
+        action = agent_updated.pendingactions.filter(action_type="agentupdate").first()
+        self.assertEqual(action.status, "completed")
+        action.delete()
+
+    @patch("apiv3.views.reload_nats")
+    def test_agent_recovery(self, reload_nats):
+        reload_nats.return_value = "ok"
+        r = self.client.get("/api/v3/34jahsdkjasncASDjhg2b3j4r/recover/")
+        self.assertEqual(r.status_code, 404)
+
+        agent = baker.make_recipe("agents.online_agent")
+        url = f"/api/v3/{agent.agent_id}/recovery/"
+
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.json(), {"mode": "pass", "shellcmd": ""})
+        reload_nats.assert_not_called()
+
+        baker.make("agents.RecoveryAction", agent=agent, mode="mesh")
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.json(), {"mode": "mesh", "shellcmd": ""})
+        reload_nats.assert_not_called()
+
+        baker.make(
+            "agents.RecoveryAction",
+            agent=agent,
+            mode="command",
+            command="shutdown /r /t 5 /f",
+        )
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(
+            r.json(), {"mode": "command", "shellcmd": "shutdown /r /t 5 /f"}
+        )
+        reload_nats.assert_not_called()
+
+        baker.make("agents.RecoveryAction", agent=agent, mode="rpc")
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r.json(), {"mode": "rpc", "shellcmd": ""})
+        reload_nats.assert_called_once()
+
+    def test_task_runner_get(self):
+        from autotasks.serializers import TaskGOGetSerializer
+
+        r = self.client.get("/api/v3/500/asdf9df9dfdf/taskrunner/")
+        self.assertEqual(r.status_code, 404)
+
+        # setup data
+        agent = baker.make_recipe("agents.agent")
+        script = baker.make_recipe("scripts.script")
+        task = baker.make("autotasks.AutomatedTask", agent=agent, script=script)
+
+        url = f"/api/v3/{task.pk}/{agent.agent_id}/taskrunner/"  # type: ignore
+
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(TaskGOGetSerializer(task).data, r.data)  # type: ignore
+
+    def test_task_runner_results(self):
+        from agents.models import AgentCustomField
+
+        r = self.client.patch("/api/v3/500/asdf9df9dfdf/taskrunner/")
+        self.assertEqual(r.status_code, 404)
+
+        # setup data
+        agent = baker.make_recipe("agents.agent")
+        task = baker.make("autotasks.AutomatedTask", agent=agent)
+
+        url = f"/api/v3/{task.pk}/{agent.agent_id}/taskrunner/"  # type: ignore
+
+        # test passing task
+        data = {
+            "stdout": "test test \ntestest stdgsd\n",
+            "stderr": "",
+            "retcode": 0,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertTrue(AutomatedTask.objects.get(pk=task.pk).status == "passing")  # type: ignore
+
+        # test failing task
+        data = {
+            "stdout": "test test \ntestest stdgsd\n",
+            "stderr": "",
+            "retcode": 1,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertTrue(AutomatedTask.objects.get(pk=task.pk).status == "failing")  # type: ignore
+
+        # test collector task
+        text = baker.make("core.CustomField", model="agent", type="text", name="Test")
+        boolean = baker.make(
+            "core.CustomField", model="agent", type="checkbox", name="Test1"
+        )
+        multiple = baker.make(
+            "core.CustomField", model="agent", type="multiple", name="Test2"
+        )
+
+        # test text fields
+        task.custom_field = text  # type: ignore
+        task.save()  # type: ignore
+
+        # test failing failing with stderr
+        data = {
+            "stdout": "test test \nthe last line",
+            "stderr": "This is an error",
+            "retcode": 1,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertTrue(AutomatedTask.objects.get(pk=task.pk).status == "failing")  # type: ignore
+
+        # test saving to text field
+        data = {
+            "stdout": "test test \nthe last line",
+            "stderr": "",
+            "retcode": 0,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertEqual(AgentCustomField.objects.get(field=text, agent=task.agent).value, "the last line")  # type: ignore
+
+        # test saving to checkbox field
+        task.custom_field = boolean  # type: ignore
+        task.save()  # type: ignore
+
+        data = {
+            "stdout": "1",
+            "stderr": "",
+            "retcode": 0,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertTrue(AgentCustomField.objects.get(field=boolean, agent=task.agent).value)  # type: ignore
+
+        # test saving to multiple field with commas
+        task.custom_field = multiple  # type: ignore
+        task.save()  # type: ignore
+
+        data = {
+            "stdout": "this,is,an,array",
+            "stderr": "",
+            "retcode": 0,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertEqual(AgentCustomField.objects.get(field=multiple, agent=task.agent).value, ["this", "is", "an", "array"])  # type: ignore
+
+        # test mutiple with a single value
+        data = {
+            "stdout": "this",
+            "stderr": "",
+            "retcode": 0,
+            "execution_time": 3.560,
+        }
+
+        r = self.client.patch(url, data)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(AutomatedTask.objects.get(pk=task.pk).status, "passing")  # type: ignore
+        self.assertEqual(AgentCustomField.objects.get(field=multiple, agent=task.agent).value, ["this"])  # type: ignore

api/tacticalrmm/apiv3/urls.py

@@ -1,9 +1,11 @@
 from django.urls import path
+
 from . import views
 
 urlpatterns = [
     path("checkrunner/", views.CheckRunner.as_view()),
     path("<str:agentid>/checkrunner/", views.CheckRunner.as_view()),
+    path("<str:agentid>/runchecks/", views.RunChecks.as_view()),
     path("<str:agentid>/checkinterval/", views.CheckRunnerInterval.as_view()),
     path("<int:pk>/<str:agentid>/taskrunner/", views.TaskRunner.as_view()),
     path("meshexe/", views.MeshExe.as_view()),
@@ -16,4 +18,6 @@ urlpatterns = [
     path("choco/", views.Choco.as_view()),
     path("winupdates/", views.WinUpdates.as_view()),
     path("superseded/", views.SupersededWinUpdate.as_view()),
+    path("<int:pk>/chocoresult/", views.ChocoResult.as_view()),
+    path("<str:agentid>/recovery/", views.AgentRecovery.as_view()),
 ]

api/tacticalrmm/apiv3/views.py

@@ -1,32 +1,31 @@
 import asyncio
 import os
 import time
-from loguru import logger
-from packaging import version as pyver
 
 from django.conf import settings
+from django.http import HttpResponse
 from django.shortcuts import get_object_or_404
 from django.utils import timezone as djangotime
-from django.http import HttpResponse
-
+from loguru import logger
+from packaging import version as pyver
+from rest_framework.authentication import TokenAuthentication
+from rest_framework.authtoken.models import Token
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
-from rest_framework.authentication import TokenAuthentication
-from rest_framework.permissions import IsAuthenticated
-from rest_framework.authtoken.models import Token
 
-from agents.models import Agent
-from checks.models import Check
-from checks.utils import bytes2human
-from autotasks.models import AutomatedTask
 from accounts.models import User
-from winupdate.models import WinUpdate, WinUpdatePolicy
-from software.models import InstalledSoftware
-from checks.serializers import CheckRunnerGetSerializer
-from autotasks.serializers import TaskGOGetSerializer, TaskRunnerPatchSerializer
+from agents.models import Agent, AgentCustomField
 from agents.serializers import WinAgentSerializer
-
-from tacticalrmm.utils import notify_error, reload_nats, filter_software, SoftwareList
+from autotasks.models import AutomatedTask
+from autotasks.serializers import TaskGOGetSerializer, TaskRunnerPatchSerializer
+from checks.models import Check
+from checks.serializers import CheckRunnerGetSerializer
+from checks.utils import bytes2human
+from logs.models import PendingAction
+from software.models import InstalledSoftware
+from tacticalrmm.utils import SoftwareList, filter_software, notify_error, reload_nats
+from winupdate.models import WinUpdate, WinUpdatePolicy
 
 logger.configure(**settings.LOG_CONFIG)
 
@@ -37,6 +36,8 @@ class CheckIn(APIView):
     permission_classes = [IsAuthenticated]
 
     def patch(self, request):
+        from alerts.models import Alert
+
         updated = False
         agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
         if pyver.parse(request.data["version"]) > pyver.parse(
@@ -52,27 +53,29 @@ class CheckIn(APIView):
         # change agent update pending status to completed if agent has just updated
         if (
             updated
-            and agent.pendingactions.filter(
+            and agent.pendingactions.filter(  # type: ignore
                 action_type="agentupdate", status="pending"
             ).exists()
         ):
-            agent.pendingactions.filter(
+            agent.pendingactions.filter(  # type: ignore
                 action_type="agentupdate", status="pending"
             ).update(status="completed")
 
         # handles any alerting actions
-        agent.handle_alert(checkin=True)
+        if Alert.objects.filter(agent=agent, resolved=False).exists():
+            Alert.handle_alert_resolve(agent)
 
-        recovery = agent.recoveryactions.filter(last_run=None).last()
-        if recovery is not None:
-            recovery.last_run = djangotime.now()
-            recovery.save(update_fields=["last_run"])
-            handle_agent_recovery_task.delay(pk=recovery.pk)
-            return Response("ok")
+        # sync scheduled tasks
+        if agent.autotasks.exclude(sync_status="synced").exists():  # type: ignore
+            tasks = agent.autotasks.exclude(sync_status="synced")  # type: ignore
 
-        # get any pending actions
-        if agent.pendingactions.filter(status="pending").exists():
-            agent.handle_pending_actions()
+            for task in tasks:
+                if task.sync_status == "pendingdeletion":
+                    task.delete_task_on_agent()
+                elif task.sync_status == "initial":
+                    task.modify_task_on_agent()
+                elif task.sync_status == "notsynced":
+                    task.create_task_on_agent()
 
         return Response("ok")
 
@@ -113,7 +116,7 @@ class CheckIn(APIView):
             if not InstalledSoftware.objects.filter(agent=agent).exists():
                 InstalledSoftware(agent=agent, software=sw).save()
             else:
-                s = agent.installedsoftware_set.first()
+                s = agent.installedsoftware_set.first()  # type: ignore
                 s.software = sw
                 s.save(update_fields=["software"])
 
@@ -186,7 +189,7 @@ class WinUpdates(APIView):
 
     def patch(self, request):
         agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
-        u = agent.winupdates.filter(guid=request.data["guid"]).last()
+        u = agent.winupdates.filter(guid=request.data["guid"]).last()  # type: ignore
         success: bool = request.data["success"]
         if success:
             u.result = "success"
@@ -212,8 +215,8 @@ class WinUpdates(APIView):
         agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
         updates = request.data["wua_updates"]
         for update in updates:
-            if agent.winupdates.filter(guid=update["guid"]).exists():
-                u = agent.winupdates.filter(guid=update["guid"]).last()
+            if agent.winupdates.filter(guid=update["guid"]).exists():  # type: ignore
+                u = agent.winupdates.filter(guid=update["guid"]).last()  # type: ignore
                 u.downloaded = update["downloaded"]
                 u.installed = update["installed"]
                 u.save(update_fields=["downloaded", "installed"])
@@ -244,7 +247,7 @@ class WinUpdates(APIView):
 
         # more superseded updates cleanup
         if pyver.parse(agent.version) <= pyver.parse("1.4.2"):
-            for u in agent.winupdates.filter(
+            for u in agent.winupdates.filter(  # type: ignore
                 date_installed__isnull=True, result="failed"
             ).exclude(installed=True):
                 u.delete()
@@ -258,25 +261,20 @@ class SupersededWinUpdate(APIView):
 
     def post(self, request):
         agent = get_object_or_404(Agent, agent_id=request.data["agent_id"])
-        updates = agent.winupdates.filter(guid=request.data["guid"])
+        updates = agent.winupdates.filter(guid=request.data["guid"])  # type: ignore
         for u in updates:
             u.delete()
 
         return Response("ok")
 
 
-class CheckRunner(APIView):
-    """
-    For the windows golang agent
-    """
-
+class RunChecks(APIView):
     authentication_classes = [TokenAuthentication]
     permission_classes = [IsAuthenticated]
 
     def get(self, request, agentid):
         agent = get_object_or_404(Agent, agent_id=agentid)
         checks = Check.objects.filter(agent__pk=agent.pk, overriden_by_policy=False)
-
         ret = {
             "agent": agent.pk,
             "check_interval": agent.check_interval,
@@ -284,13 +282,55 @@ class CheckRunner(APIView):
         }
         return Response(ret)
 
+
+class CheckRunner(APIView):
+    authentication_classes = [TokenAuthentication]
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request, agentid):
+        agent = get_object_or_404(Agent, agent_id=agentid)
+        checks = agent.agentchecks.filter(overriden_by_policy=False)  # type: ignore
+
+        run_list = [
+            check
+            for check in checks
+            # always run if check hasn't run yet
+            if not check.last_run
+            # if a check interval is set, see if the correct amount of seconds have passed
+            or (
+                check.run_interval
+                and (
+                    check.last_run
+                    < djangotime.now()
+                    - djangotime.timedelta(seconds=check.run_interval)
+                )
+            )
+            # if check interval isn't set, make sure the agent's check interval has passed before running
+            or (
+                not check.run_interval
+                and check.last_run
+                < djangotime.now() - djangotime.timedelta(seconds=agent.check_interval)
+            )
+        ]
+        ret = {
+            "agent": agent.pk,
+            "check_interval": agent.check_run_interval(),
+            "checks": CheckRunnerGetSerializer(run_list, many=True).data,
+        }
+        return Response(ret)
+
     def patch(self, request):
         check = get_object_or_404(Check, pk=request.data["id"])
+        if pyver.parse(check.agent.version) < pyver.parse("1.5.7"):
+            return notify_error("unsupported")
+
         check.last_run = djangotime.now()
         check.save(update_fields=["last_run"])
-        status = check.handle_checkv2(request.data)
+        status = check.handle_check(request.data)
+        if status == "failing" and check.assignedtask.exists():  # type: ignore
+            check.handle_assigned_task()
 
-        return Response(status)
+        return Response("ok")
 
 
 class CheckRunnerInterval(APIView):
@@ -299,14 +339,13 @@ class CheckRunnerInterval(APIView):
 
     def get(self, request, agentid):
         agent = get_object_or_404(Agent, agent_id=agentid)
-        return Response({"agent": agent.pk, "check_interval": agent.check_interval})
+
+        return Response(
+            {"agent": agent.pk, "check_interval": agent.check_run_interval()}
+        )
 
 
 class TaskRunner(APIView):
-    """
-    For the windows golang agent
-    """
-
     authentication_classes = [TokenAuthentication]
     permission_classes = [IsAuthenticated]
 
@@ -316,6 +355,7 @@ class TaskRunner(APIView):
         return Response(TaskGOGetSerializer(task).data)
 
     def patch(self, request, pk, agentid):
+        from alerts.models import Alert
         from logs.models import AuditLog
 
         agent = get_object_or_404(Agent, agent_id=agentid)
@@ -325,10 +365,59 @@ class TaskRunner(APIView):
             instance=task, data=request.data, partial=True
         )
         serializer.is_valid(raise_exception=True)
-        serializer.save(last_run=djangotime.now())
+        new_task = serializer.save(last_run=djangotime.now())
 
-        new_task = AutomatedTask.objects.get(pk=task.pk)
-        new_task.handle_alert()
+        # check if task is a collector and update the custom field
+        if task.custom_field:
+            if not task.stderr:
+
+                if AgentCustomField.objects.filter(
+                    field=task.custom_field, agent=task.agent
+                ).exists():
+                    agent_field = AgentCustomField.objects.get(
+                        field=task.custom_field, agent=task.agent
+                    )
+                else:
+                    agent_field = AgentCustomField.objects.create(
+                        field=task.custom_field, agent=task.agent
+                    )
+
+                # get last line of stdout
+                value = (
+                    new_task.stdout
+                    if task.collector_all_output
+                    else new_task.stdout.split("\n")[-1].strip()
+                )
+
+                if task.custom_field.type in [
+                    "text",
+                    "number",
+                    "single",
+                    "datetime",
+                ]:
+                    agent_field.string_value = value
+                    agent_field.save()
+                elif task.custom_field.type == "multiple":
+                    agent_field.multiple_value = value.split(",")
+                    agent_field.save()
+                elif task.custom_field.type == "checkbox":
+                    agent_field.bool_value = bool(value)
+                    agent_field.save()
+
+                status = "passing"
+            else:
+                status = "failing"
+        else:
+            status = "failing" if task.retcode != 0 else "passing"
+
+        new_task.status = status
+        new_task.save()
+
+        if status == "passing":
+            if Alert.objects.filter(assigned_task=new_task, resolved=False).exists():
+                Alert.handle_alert_resolve(new_task)
+        else:
+            Alert.handle_alert_failure(new_task)
 
         AuditLog.objects.create(
             username=agent.hostname,
@@ -358,7 +447,7 @@ class SysInfo(APIView):
 
 
 class MeshExe(APIView):
-    """ Sends the mesh exe to the installer """
+    """Sends the mesh exe to the installer"""
 
     def post(self, request):
         exe = "meshagent.exe" if request.data["arch"] == "64" else "meshagent-x86.exe"
@@ -406,10 +495,10 @@ class NewAgent(APIView):
         agent.salt_id = f"{agent.hostname}-{agent.pk}"
         agent.save(update_fields=["salt_id"])
 
-        user = User.objects.create_user(
+        user = User.objects.create_user(  # type: ignore
             username=request.data["agent_id"],
             agent=agent,
-            password=User.objects.make_random_password(60),
+            password=User.objects.make_random_password(60),  # type: ignore
         )
 
         token = Token.objects.create(user=user)
@@ -454,7 +543,7 @@ class Software(APIView):
         if not InstalledSoftware.objects.filter(agent=agent).exists():
             InstalledSoftware(agent=agent, software=sw).save()
         else:
-            s = agent.installedsoftware_set.first()
+            s = agent.installedsoftware_set.first()  # type: ignore
             s.software = sw
             s.save(update_fields=["software"])
 
@@ -477,3 +566,59 @@ class Installer(APIView):
             )
 
         return Response("ok")
+
+
+class ChocoResult(APIView):
+    authentication_classes = [TokenAuthentication]
+    permission_classes = [IsAuthenticated]
+
+    def patch(self, request, pk):
+        action = get_object_or_404(PendingAction, pk=pk)
+        results: str = request.data["results"]
+
+        software_name = action.details["name"].lower()
+        success = [
+            "install",
+            "of",
+            software_name,
+            "was",
+            "successful",
+            "installed",
+        ]
+        duplicate = [software_name, "already", "installed", "--force", "reinstall"]
+        installed = False
+
+        if all(x in results.lower() for x in success):
+            installed = True
+        elif all(x in results.lower() for x in duplicate):
+            installed = True
+
+        action.details["output"] = results
+        action.details["installed"] = installed
+        action.status = "completed"
+        action.save(update_fields=["details", "status"])
+        return Response("ok")
+
+
+class AgentRecovery(APIView):
+    authentication_classes = [TokenAuthentication]
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request, agentid):
+        agent = get_object_or_404(Agent, agent_id=agentid)
+        recovery = agent.recoveryactions.filter(last_run=None).last()  # type: ignore
+        ret = {"mode": "pass", "shellcmd": ""}
+        if recovery is None:
+            return Response(ret)
+
+        recovery.last_run = djangotime.now()
+        recovery.save(update_fields=["last_run"])
+
+        ret["mode"] = recovery.mode
+
+        if recovery.mode == "command":
+            ret["shellcmd"] = recovery.command
+        elif recovery.mode == "rpc":
+            reload_nats()
+
+        return Response(ret)

api/tacticalrmm/automation/migrations/0002_auto_20200604_1713.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.0.6 on 2020-06-04 17:13
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/automation/migrations/0007_policy_alert_template.py

@@ -1,7 +1,7 @@
 # Generated by Django 3.1.4 on 2021-02-12 14:08
 
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/automation/migrations/0008_auto_20210302_0415.py

@@ -0,0 +1,30 @@
+# Generated by Django 3.1.7 on 2021-03-02 04:15
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0030_agent_offline_time'),
+        ('clients', '0009_auto_20210212_1408'),
+        ('automation', '0007_policy_alert_template'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='policy',
+            name='excluded_agents',
+            field=models.ManyToManyField(blank=True, related_name='policy_exclusions', to='agents.Agent'),
+        ),
+        migrations.AddField(
+            model_name='policy',
+            name='excluded_clients',
+            field=models.ManyToManyField(blank=True, related_name='policy_exclusions', to='clients.Client'),
+        ),
+        migrations.AddField(
+            model_name='policy',
+            name='excluded_sites',
+            field=models.ManyToManyField(blank=True, related_name='policy_exclusions', to='clients.Site'),
+        ),
+    ]

api/tacticalrmm/automation/models.py

@@ -1,4 +1,5 @@
 from django.db import models
+
 from agents.models import Agent
 from core.models import CoreSettings
 from logs.models import BaseAuditModel
@@ -16,9 +17,19 @@ class Policy(BaseAuditModel):
         null=True,
         blank=True,
     )
+    excluded_sites = models.ManyToManyField(
+        "clients.Site", related_name="policy_exclusions", blank=True
+    )
+    excluded_clients = models.ManyToManyField(
+        "clients.Client", related_name="policy_exclusions", blank=True
+    )
+    excluded_agents = models.ManyToManyField(
+        "agents.Agent", related_name="policy_exclusions", blank=True
+    )
 
     def save(self, *args, **kwargs):
-        from automation.tasks import generate_agent_checks_from_policies_task
+        from alerts.tasks import cache_agents_alert_template
+        from automation.tasks import generate_agent_checks_task
 
         # get old policy if exists
         old_policy = type(self).objects.get(pk=self.pk) if self.pk else None
@@ -27,51 +38,85 @@ class Policy(BaseAuditModel):
         # generate agent checks only if active and enforced were changed
         if old_policy:
             if old_policy.active != self.active or old_policy.enforced != self.enforced:
-                generate_agent_checks_from_policies_task.delay(
-                    policypk=self.pk,
+                generate_agent_checks_task.delay(
+                    policy=self.pk,
                     create_tasks=True,
                 )
 
+            if old_policy.alert_template != self.alert_template:
+                cache_agents_alert_template.delay()
+
     def delete(self, *args, **kwargs):
         from automation.tasks import generate_agent_checks_task
 
         agents = list(self.related_agents().only("pk").values_list("pk", flat=True))
         super(BaseAuditModel, self).delete(*args, **kwargs)
 
-        generate_agent_checks_task.delay(agents, create_tasks=True)
-
-    @property
-    def is_default_server_policy(self):
-        return self.default_server_policy.exists()
-
-    @property
-    def is_default_workstation_policy(self):
-        return self.default_workstation_policy.exists()
+        generate_agent_checks_task.delay(agents=agents, create_tasks=True)
 
     def __str__(self):
         return self.name
 
+    @property
+    def is_default_server_policy(self):
+        return self.default_server_policy.exists()  # type: ignore
+
+    @property
+    def is_default_workstation_policy(self):
+        return self.default_workstation_policy.exists()  # type: ignore
+
+    def is_agent_excluded(self, agent):
+        return (
+            agent in self.excluded_agents.all()
+            or agent.site in self.excluded_sites.all()
+            or agent.client in self.excluded_clients.all()
+        )
+
     def related_agents(self):
         return self.get_related("server") | self.get_related("workstation")
 
     def get_related(self, mon_type):
-        explicit_agents = self.agents.filter(monitoring_type=mon_type)
-        explicit_clients = getattr(self, f"{mon_type}_clients").all()
-        explicit_sites = getattr(self, f"{mon_type}_sites").all()
+        explicit_agents = (
+            self.agents.filter(monitoring_type=mon_type)  # type: ignore
+            .exclude(
+                pk__in=self.excluded_agents.only("pk").values_list("pk", flat=True)
+            )
+            .exclude(site__in=self.excluded_sites.all())
+            .exclude(site__client__in=self.excluded_clients.all())
+        )
+
+        explicit_clients = getattr(self, f"{mon_type}_clients").exclude(
+            pk__in=self.excluded_clients.all()
+        )
+        explicit_sites = getattr(self, f"{mon_type}_sites").exclude(
+            pk__in=self.excluded_sites.all()
+        )
 
         filtered_agents_pks = Policy.objects.none()
 
-        filtered_agents_pks |= Agent.objects.filter(
-            site__in=[
-                site for site in explicit_sites if site.client not in explicit_clients
-            ],
-            monitoring_type=mon_type,
-        ).values_list("pk", flat=True)
+        filtered_agents_pks |= (
+            Agent.objects.exclude(block_policy_inheritance=True)
+            .filter(
+                site__in=[
+                    site
+                    for site in explicit_sites
+                    if site.client not in explicit_clients
+                    and site.client not in self.excluded_clients.all()
+                ],
+                monitoring_type=mon_type,
+            )
+            .values_list("pk", flat=True)
+        )
 
-        filtered_agents_pks |= Agent.objects.filter(
-            site__client__in=[client for client in explicit_clients],
-            monitoring_type=mon_type,
-        ).values_list("pk", flat=True)
+        filtered_agents_pks |= (
+            Agent.objects.exclude(block_policy_inheritance=True)
+            .exclude(site__block_policy_inheritance=True)
+            .filter(
+                site__client__in=[client for client in explicit_clients],
+                monitoring_type=mon_type,
+            )
+            .values_list("pk", flat=True)
+        )
 
         return Agent.objects.filter(
             models.Q(pk__in=filtered_agents_pks)
@@ -87,10 +132,6 @@ class Policy(BaseAuditModel):
 
     @staticmethod
     def cascade_policy_tasks(agent):
-        from autotasks.tasks import delete_win_task_schedule
-
-        from autotasks.models import AutomatedTask
-        from logs.models import PendingAction
 
         # List of all tasks to be applied
         tasks = list()
@@ -119,23 +160,50 @@ class Policy(BaseAuditModel):
             client_policy = client.workstation_policy
             site_policy = site.workstation_policy
 
-        if agent_policy and agent_policy.active:
+        # check if client/site/agent is blocking inheritance and blank out policies
+        if agent.block_policy_inheritance:
+            site_policy = None
+            client_policy = None
+            default_policy = None
+        elif site.block_policy_inheritance:
+            client_policy = None
+            default_policy = None
+        elif client.block_policy_inheritance:
+            default_policy = None
+
+        if (
+            agent_policy
+            and agent_policy.active
+            and not agent_policy.is_agent_excluded(agent)
+        ):
             for task in agent_policy.autotasks.all():
                 if task.pk not in added_task_pks:
                     tasks.append(task)
                     added_task_pks.append(task.pk)
-        if site_policy and site_policy.active:
+        if (
+            site_policy
+            and site_policy.active
+            and not site_policy.is_agent_excluded(agent)
+        ):
             for task in site_policy.autotasks.all():
                 if task.pk not in added_task_pks:
                     tasks.append(task)
                     added_task_pks.append(task.pk)
-        if client_policy and client_policy.active:
+        if (
+            client_policy
+            and client_policy.active
+            and not client_policy.is_agent_excluded(agent)
+        ):
             for task in client_policy.autotasks.all():
                 if task.pk not in added_task_pks:
                     tasks.append(task)
                     added_task_pks.append(task.pk)
 
-        if default_policy and default_policy.active:
+        if (
+            default_policy
+            and default_policy.active
+            and not default_policy.is_agent_excluded(agent)
+        ):
             for task in default_policy.autotasks.all():
                 if task.pk not in added_task_pks:
                     tasks.append(task)
@@ -149,26 +217,16 @@ class Policy(BaseAuditModel):
                 if taskpk not in added_task_pks
             ]
         ):
-            delete_win_task_schedule.delay(task.pk)
+            if task.sync_status == "initial":
+                task.delete()
+            else:
+                task.sync_status = "pendingdeletion"
+                task.save()
 
-        # handle matching tasks that haven't synced to agent yet or pending deletion due to agent being offline
-        for action in agent.pendingactions.filter(action_type="taskaction").exclude(
-            status="completed"
-        ):
-            task = AutomatedTask.objects.get(pk=action.details["task_id"])
-            if (
-                task.parent_task in agent_tasks_parent_pks
-                and task.parent_task in added_task_pks
-            ):
-                agent.remove_matching_pending_task_actions(task.id)
-
-                PendingAction(
-                    agent=agent,
-                    action_type="taskaction",
-                    details={"action": "taskcreate", "task_id": task.id},
-                ).save()
-                task.sync_status = "notsynced"
-                task.save(update_fields=["sync_status"])
+        # change tasks from pendingdeletion to notsynced if policy was added or changed
+        agent.autotasks.filter(sync_status="pendingdeletion").filter(
+            parent_task__in=[taskpk for taskpk in added_task_pks]
+        ).update(sync_status="notsynced")
 
         return [task for task in tasks if task.pk not in agent_tasks_parent_pks]
 
@@ -200,12 +258,27 @@ class Policy(BaseAuditModel):
             client_policy = client.workstation_policy
             site_policy = site.workstation_policy
 
+        # check if client/site/agent is blocking inheritance and blank out policies
+        if agent.block_policy_inheritance:
+            site_policy = None
+            client_policy = None
+            default_policy = None
+        elif site.block_policy_inheritance:
+            client_policy = None
+            default_policy = None
+        elif client.block_policy_inheritance:
+            default_policy = None
+
         # Used to hold the policies that will be applied and the order in which they are applied
         # Enforced policies are applied first
         enforced_checks = list()
         policy_checks = list()
 
-        if agent_policy and agent_policy.active:
+        if (
+            agent_policy
+            and agent_policy.active
+            and not agent_policy.is_agent_excluded(agent)
+        ):
             if agent_policy.enforced:
                 for check in agent_policy.policychecks.all():
                     enforced_checks.append(check)
@@ -213,7 +286,11 @@ class Policy(BaseAuditModel):
                 for check in agent_policy.policychecks.all():
                     policy_checks.append(check)
 
-        if site_policy and site_policy.active:
+        if (
+            site_policy
+            and site_policy.active
+            and not site_policy.is_agent_excluded(agent)
+        ):
             if site_policy.enforced:
                 for check in site_policy.policychecks.all():
                     enforced_checks.append(check)
@@ -221,7 +298,11 @@ class Policy(BaseAuditModel):
                 for check in site_policy.policychecks.all():
                     policy_checks.append(check)
 
-        if client_policy and client_policy.active:
+        if (
+            client_policy
+            and client_policy.active
+            and not client_policy.is_agent_excluded(agent)
+        ):
             if client_policy.enforced:
                 for check in client_policy.policychecks.all():
                     enforced_checks.append(check)
@@ -229,7 +310,11 @@ class Policy(BaseAuditModel):
                 for check in client_policy.policychecks.all():
                     policy_checks.append(check)
 
-        if default_policy and default_policy.active:
+        if (
+            default_policy
+            and default_policy.active
+            and not default_policy.is_agent_excluded(agent)
+        ):
             if default_policy.enforced:
                 for check in default_policy.policychecks.all():
                     enforced_checks.append(check)
@@ -345,11 +430,12 @@ class Policy(BaseAuditModel):
 
         # remove policy checks from agent that fell out of policy scope
         agent.agentchecks.filter(
+            managed_by_policy=True,
             parent_check__in=[
                 checkpk
                 for checkpk in agent_checks_parent_pks
                 if checkpk not in [check.pk for check in final_list]
-            ]
+            ],
         ).delete()
 
         return [

api/tacticalrmm/automation/permissions.py

@@ -0,0 +1,11 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class AutomationPolicyPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return True
+
+        return _has_perm(r, "can_manage_automation_policies")

api/tacticalrmm/automation/serializers.py

@@ -1,16 +1,18 @@
-from django.db.models.base import Model
 from rest_framework.serializers import (
     ModelSerializer,
-    SerializerMethodField,
     ReadOnlyField,
+    SerializerMethodField,
 )
 
-from .models import Policy
+from agents.serializers import AgentHostnameSerializer
 from autotasks.models import AutomatedTask
 from checks.models import Check
 from clients.models import Client
+from clients.serializers import ClientSerializer, SiteSerializer
 from winupdate.serializers import WinUpdatePolicySerializer
 
+from .models import Policy
+
 
 class PolicySerializer(ModelSerializer):
     class Meta:
@@ -25,6 +27,9 @@ class PolicyTableSerializer(ModelSerializer):
     agents_count = SerializerMethodField(read_only=True)
     winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
     alert_template = ReadOnlyField(source="alert_template.id")
+    excluded_clients = ClientSerializer(many=True)
+    excluded_sites = SiteSerializer(many=True)
+    excluded_agents = AgentHostnameSerializer(many=True)
 
     class Meta:
         model = Policy
@@ -78,6 +83,7 @@ class PolicyCheckSerializer(ModelSerializer):
 class AutoTasksFieldSerializer(ModelSerializer):
     assigned_check = PolicyCheckSerializer(read_only=True)
     script = ReadOnlyField(source="script.id")
+    custom_field = ReadOnlyField(source="custom_field.id")
 
     class Meta:
         model = AutomatedTask

api/tacticalrmm/automation/tasks.py

@@ -1,168 +1,153 @@
-from automation.models import Policy
-from autotasks.models import AutomatedTask
-from checks.models import Check
-from agents.models import Agent
+from typing import Any, Dict, List, Union
 
 from tacticalrmm.celery import app
 
 
-@app.task
-# generates policy checks on agents affected by a policy and optionally generate automated tasks
-def generate_agent_checks_from_policies_task(policypk, create_tasks=False):
+@app.task(retry_backoff=5, retry_jitter=True, retry_kwargs={"max_retries": 5})
+def generate_agent_checks_task(
+    policy: int = None,
+    site: int = None,
+    client: int = None,
+    agents: List[int] = list(),
+    all: bool = False,
+    create_tasks: bool = False,
+) -> Union[str, None]:
+    from agents.models import Agent
+    from automation.models import Policy
 
-    policy = Policy.objects.get(pk=policypk)
+    p = Policy.objects.get(pk=policy) if policy else None
 
-    if policy.is_default_server_policy and policy.is_default_workstation_policy:
-        agents = Agent.objects.prefetch_related("policy").only("pk", "monitoring_type")
-    elif policy.is_default_server_policy:
-        agents = Agent.objects.filter(monitoring_type="server").only(
-            "pk", "monitoring_type"
-        )
-    elif policy.is_default_workstation_policy:
-        agents = Agent.objects.filter(monitoring_type="workstation").only(
+    # generate checks on all agents if all is specified or if policy is default server/workstation policy
+    if (p and p.is_default_server_policy and p.is_default_workstation_policy) or all:
+        a = Agent.objects.prefetch_related("policy").only("pk", "monitoring_type")
+
+    # generate checks on all servers if policy is a default servers policy
+    elif p and p.is_default_server_policy:
+        a = Agent.objects.filter(monitoring_type="server").only("pk", "monitoring_type")
+
+    # generate checks on all workstations if policy is a default workstations policy
+    elif p and p.is_default_workstation_policy:
+        a = Agent.objects.filter(monitoring_type="workstation").only(
             "pk", "monitoring_type"
         )
+
+    # generate checks on a list of supplied agents
+    elif agents:
+        a = Agent.objects.filter(pk__in=agents)
+
+    # generate checks on agents affected by supplied policy
+    elif policy:
+        a = p.related_agents().only("pk")
+
+    # generate checks that has specified site
+    elif site:
+        a = Agent.objects.filter(site_id=site)
+
+    # generate checks that has specified client
+    elif client:
+        a = Agent.objects.filter(site__client_id=client)
     else:
-        agents = policy.related_agents().only("pk")
+        a = []
 
-    for agent in agents:
+    for agent in a:
         agent.generate_checks_from_policies()
         if create_tasks:
             agent.generate_tasks_from_policies()
 
-
-@app.task
-# generates policy checks on a list of agents and optionally generate automated tasks
-def generate_agent_checks_task(agentpks, create_tasks=False):
-    for agent in Agent.objects.filter(pk__in=agentpks):
-        agent.generate_checks_from_policies()
-
-        if create_tasks:
-            agent.generate_tasks_from_policies()
+    return "ok"
 
 
-@app.task
-# generates policy checks on agent servers or workstations within a certain client or site and optionally generate automated tasks
-def generate_agent_checks_by_location_task(location, mon_type, create_tasks=False):
-
-    for agent in Agent.objects.filter(**location).filter(monitoring_type=mon_type):
-        agent.generate_checks_from_policies()
-
-        if create_tasks:
-            agent.generate_tasks_from_policies()
-
-
-@app.task
-# generates policy checks on all agent servers or workstations and optionally generate automated tasks
-def generate_all_agent_checks_task(mon_type, create_tasks=False):
-    for agent in Agent.objects.filter(monitoring_type=mon_type):
-        agent.generate_checks_from_policies()
-
-        if create_tasks:
-            agent.generate_tasks_from_policies()
-
-
-@app.task
-# deletes a policy managed check from all agents
-def delete_policy_check_task(checkpk):
-
-    Check.objects.filter(parent_check=checkpk).delete()
-
-
-@app.task
+@app.task(
+    acks_late=True, retry_backoff=5, retry_jitter=True, retry_kwargs={"max_retries": 5}
+)
 # updates policy managed check fields on agents
-def update_policy_check_fields_task(checkpk):
+def update_policy_check_fields_task(check: int) -> str:
+    from checks.models import Check
 
-    check = Check.objects.get(pk=checkpk)
+    c: Check = Check.objects.get(pk=check)
+    update_fields: Dict[Any, Any] = {}
 
-    Check.objects.filter(parent_check=checkpk).update(
-        warning_threshold=check.warning_threshold,
-        error_threshold=check.error_threshold,
-        alert_severity=check.alert_severity,
-        name=check.name,
-        disk=check.disk,
-        fails_b4_alert=check.fails_b4_alert,
-        ip=check.ip,
-        script=check.script,
-        script_args=check.script_args,
-        info_return_codes=check.info_return_codes,
-        warning_return_codes=check.warning_return_codes,
-        timeout=check.timeout,
-        pass_if_start_pending=check.pass_if_start_pending,
-        pass_if_svc_not_exist=check.pass_if_svc_not_exist,
-        restart_if_stopped=check.restart_if_stopped,
-        log_name=check.log_name,
-        event_id=check.event_id,
-        event_id_is_wildcard=check.event_id_is_wildcard,
-        event_type=check.event_type,
-        event_source=check.event_source,
-        event_message=check.event_message,
-        fail_when=check.fail_when,
-        search_last_days=check.search_last_days,
-        email_alert=check.email_alert,
-        text_alert=check.text_alert,
-        dashboard_alert=check.dashboard_alert,
-    )
+    for field in c.policy_fields_to_copy:
+        update_fields[field] = getattr(c, field)
+
+    Check.objects.filter(parent_check=check).update(**update_fields)
+
+    return "ok"
 
 
-@app.task
+@app.task(retry_backoff=5, retry_jitter=True, retry_kwargs={"max_retries": 5})
 # generates policy tasks on agents affected by a policy
-def generate_agent_tasks_from_policies_task(policypk):
+def generate_agent_autotasks_task(policy: int = None) -> str:
+    from agents.models import Agent
+    from automation.models import Policy
 
-    policy = Policy.objects.get(pk=policypk)
+    p: Policy = Policy.objects.get(pk=policy)
 
-    if policy.is_default_server_policy and policy.is_default_workstation_policy:
+    if p and p.is_default_server_policy and p.is_default_workstation_policy:
         agents = Agent.objects.prefetch_related("policy").only("pk", "monitoring_type")
-    elif policy.is_default_server_policy:
+    elif p and p.is_default_server_policy:
         agents = Agent.objects.filter(monitoring_type="server").only(
             "pk", "monitoring_type"
         )
-    elif policy.is_default_workstation_policy:
+    elif p and p.is_default_workstation_policy:
         agents = Agent.objects.filter(monitoring_type="workstation").only(
             "pk", "monitoring_type"
         )
     else:
-        agents = policy.related_agents().only("pk")
+        agents = p.related_agents().only("pk")
 
     for agent in agents:
         agent.generate_tasks_from_policies()
 
+    return "ok"
 
-@app.task
-def delete_policy_autotask_task(taskpk):
-    from autotasks.tasks import delete_win_task_schedule
+
+@app.task(
+    acks_late=True,
+    retry_backoff=5,
+    retry_jitter=True,
+    retry_kwargs={"max_retries": 5},
+)
+def delete_policy_autotasks_task(task: int) -> str:
     from autotasks.models import AutomatedTask
 
-    for task in AutomatedTask.objects.filter(parent_task=taskpk):
-        delete_win_task_schedule.delay(task.pk)
+    for t in AutomatedTask.objects.filter(parent_task=task):
+        t.delete_task_on_agent()
+
+    return "ok"
 
 
 @app.task
-def run_win_policy_autotask_task(task_pks):
-    from autotasks.tasks import run_win_task
+def run_win_policy_autotasks_task(task: int) -> str:
+    from autotasks.models import AutomatedTask
 
-    for task in task_pks:
-        run_win_task.delay(task)
+    for t in AutomatedTask.objects.filter(parent_task=task):
+        t.run_win_task()
+
+    return "ok"
 
 
-@app.task
-def update_policy_task_fields_task(taskpk, update_agent=False):
-    from autotasks.tasks import enable_or_disable_win_task
+@app.task(
+    acks_late=True,
+    retry_backoff=5,
+    retry_jitter=True,
+    retry_kwargs={"max_retries": 5},
+)
+def update_policy_autotasks_fields_task(task: int, update_agent: bool = False) -> str:
+    from autotasks.models import AutomatedTask
 
-    task = AutomatedTask.objects.get(pk=taskpk)
+    t = AutomatedTask.objects.get(pk=task)
+    update_fields: Dict[str, Any] = {}
 
-    AutomatedTask.objects.filter(parent_task=taskpk).update(
-        alert_severity=task.alert_severity,
-        email_alert=task.email_alert,
-        text_alert=task.text_alert,
-        dashboard_alert=task.dashboard_alert,
-        script=task.script,
-        script_args=task.script_args,
-        name=task.name,
-        timeout=task.timeout,
-        enabled=task.enabled,
-    )
+    for field in t.policy_fields_to_copy:
+        update_fields[field] = getattr(t, field)
+
+    AutomatedTask.objects.filter(parent_task=task).update(**update_fields)
 
     if update_agent:
-        for task in AutomatedTask.objects.filter(parent_task=taskpk):
-            enable_or_disable_win_task.delay(task.pk, task.enabled)
+        for t in AutomatedTask.objects.filter(parent_task=task).exclude(
+            sync_status="initial"
+        ):
+            t.modify_task_on_agent()
+
+    return "ok"

api/tacticalrmm/automation/urls.py

@@ -1,4 +1,5 @@
 from django.urls import path
+
 from . import views
 
 urlpatterns = [
@@ -6,6 +7,7 @@ urlpatterns = [
     path("policies/<int:pk>/related/", views.GetRelated.as_view()),
     path("policies/overview/", views.OverviewPolicy.as_view()),
     path("policies/<int:pk>/", views.GetUpdateDeletePolicy.as_view()),
+    path("sync/", views.PolicySync.as_view()),
     path("<int:pk>/policychecks/", views.PolicyCheck.as_view()),
     path("<int:pk>/policyautomatedtasks/", views.PolicyAutoTask.as_view()),
     path("policycheckstatus/<int:check>/check/", views.PolicyCheck.as_view()),

api/tacticalrmm/automation/views.py

@@ -1,35 +1,33 @@
-from django.shortcuts import get_object_or_404
-
-from rest_framework.views import APIView
-from rest_framework.response import Response
-
-from .models import Policy
 from agents.models import Agent
-from clients.models import Client
-from checks.models import Check
-from autotasks.models import AutomatedTask
-from winupdate.models import WinUpdatePolicy
-
-from clients.serializers import ClientSerializer, SiteSerializer
 from agents.serializers import AgentHostnameSerializer
+from autotasks.models import AutomatedTask
+from checks.models import Check
+from clients.models import Client
+from clients.serializers import ClientSerializer, SiteSerializer
+from django.shortcuts import get_object_or_404
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+from rest_framework.views import APIView
+from tacticalrmm.utils import notify_error
+from winupdate.models import WinUpdatePolicy
 from winupdate.serializers import WinUpdatePolicySerializer
 
+from .models import Policy
+from .permissions import AutomationPolicyPerms
 from .serializers import (
+    AutoTasksFieldSerializer,
+    PolicyCheckSerializer,
+    PolicyCheckStatusSerializer,
+    PolicyOverviewSerializer,
     PolicySerializer,
     PolicyTableSerializer,
-    PolicyOverviewSerializer,
-    PolicyCheckStatusSerializer,
-    PolicyCheckSerializer,
     PolicyTaskStatusSerializer,
-    AutoTasksFieldSerializer,
-)
-
-from .tasks import (
-    run_win_policy_autotask_task,
 )
 
 
 class GetAddPolicies(APIView):
+    permission_classes = [IsAuthenticated, AutomationPolicyPerms]
+
     def get(self, request):
         policies = Policy.objects.all()
 
@@ -57,18 +55,30 @@ class GetAddPolicies(APIView):
 
 
 class GetUpdateDeletePolicy(APIView):
+    permission_classes = [IsAuthenticated, AutomationPolicyPerms]
+
     def get(self, request, pk):
         policy = get_object_or_404(Policy, pk=pk)
 
         return Response(PolicySerializer(policy).data)
 
     def put(self, request, pk):
+        from .tasks import generate_agent_checks_task
+
         policy = get_object_or_404(Policy, pk=pk)
 
         serializer = PolicySerializer(instance=policy, data=request.data, partial=True)
         serializer.is_valid(raise_exception=True)
         serializer.save()
 
+        # check for excluding objects and in the request and if present generate policies
+        if (
+            "excluded_sites" in request.data.keys()
+            or "excluded_clients" in request.data.keys()
+            or "excluded_agents" in request.data.keys()
+        ):
+            generate_agent_checks_task.delay(policy=pk, create_tasks=True)
+
         return Response("ok")
 
     def delete(self, request, pk):
@@ -77,8 +87,22 @@ class GetUpdateDeletePolicy(APIView):
         return Response("ok")
 
 
-class PolicyAutoTask(APIView):
+class PolicySync(APIView):
+    def post(self, request):
+        if "policy" in request.data.keys():
+            from automation.tasks import generate_agent_checks_task
 
+            generate_agent_checks_task.delay(
+                policy=request.data["policy"], create_tasks=True
+            )
+            return Response("ok")
+
+        else:
+            return notify_error("The request was invalid")
+
+
+class PolicyAutoTask(APIView):
+    permission_classes = [IsAuthenticated, AutomationPolicyPerms]
     # tasks associated with policy
     def get(self, request, pk):
         tasks = AutomatedTask.objects.filter(policy=pk)
@@ -91,12 +115,15 @@ class PolicyAutoTask(APIView):
 
     # bulk run win tasks associated with policy
     def put(self, request, task):
-        tasks = AutomatedTask.objects.filter(parent_task=task)
-        run_win_policy_autotask_task.delay([task.id for task in tasks])
+        from .tasks import run_win_policy_autotasks_task
+
+        run_win_policy_autotasks_task.delay(task=task)
         return Response("Affected agent tasks will run shortly")
 
 
 class PolicyCheck(APIView):
+    permission_classes = [IsAuthenticated, AutomationPolicyPerms]
+
     def get(self, request, pk):
         checks = Check.objects.filter(policy__pk=pk, agent=None)
         return Response(PolicyCheckSerializer(checks, many=True).data)
@@ -169,14 +196,14 @@ class GetRelated(APIView):
 
 
 class UpdatePatchPolicy(APIView):
-
+    permission_classes = [IsAuthenticated, AutomationPolicyPerms]
     # create new patch policy
     def post(self, request):
         policy = get_object_or_404(Policy, pk=request.data["policy"])
 
         serializer = WinUpdatePolicySerializer(data=request.data, partial=True)
         serializer.is_valid(raise_exception=True)
-        serializer.policy = policy
+        serializer.policy = policy  # type: ignore
         serializer.save()
 
         return Response("ok")

api/tacticalrmm/autotasks/management/commands/remove_orphaned_tasks.py

@@ -1,4 +1,5 @@
 from django.core.management.base import BaseCommand
+
 from agents.models import Agent
 from autotasks.tasks import remove_orphaned_win_tasks
 

api/tacticalrmm/autotasks/migrations/0001_initial.py

@@ -1,8 +1,8 @@
 # Generated by Django 3.0.6 on 2020-05-31 01:23
 
 import django.contrib.postgres.fields
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):

api/tacticalrmm/autotasks/migrations/0010_migrate_days_to_bitdays.py

@@ -1,4 +1,5 @@
 from django.db import migrations
+
 from tacticalrmm.utils import get_bit_days
 
 DAYS_OF_WEEK = {

api/tacticalrmm/autotasks/migrations/0018_automatedtask_run_asap_after_missed.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-02-24 05:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('autotasks', '0017_auto_20210210_1512'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='automatedtask',
+            name='run_asap_after_missed',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/autotasks/migrations/0019_auto_20210404_0032.py

@@ -0,0 +1,31 @@
+# Generated by Django 3.1.7 on 2021-04-04 00:32
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0019_globalkvstore'),
+        ('scripts', '0007_script_args'),
+        ('autotasks', '0018_automatedtask_run_asap_after_missed'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='automatedtask',
+            name='custom_field',
+            field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='autotask', to='core.customfield'),
+        ),
+        migrations.AddField(
+            model_name='automatedtask',
+            name='retvalue',
+            field=models.TextField(blank=True, null=True),
+        ),
+        migrations.AlterField(
+            model_name='automatedtask',
+            name='script',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='autoscript', to='scripts.script'),
+        ),
+    ]

api/tacticalrmm/autotasks/migrations/0020_auto_20210421_0226.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-04-21 02:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('autotasks', '0019_auto_20210404_0032'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='automatedtask',
+            name='sync_status',
+            field=models.CharField(choices=[('synced', 'Synced With Agent'), ('notsynced', 'Waiting On Agent Checkin'), ('pendingdeletion', 'Pending Deletion on Agent'), ('initial', 'Initial Task Sync')], default='initial', max_length=100),
+        ),
+    ]

api/tacticalrmm/autotasks/migrations/0021_alter_automatedtask_custom_field.py

@@ -0,0 +1,20 @@
+# Generated by Django 3.1.7 on 2021-04-27 14:11
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0021_customfield_hide_in_ui'),
+        ('autotasks', '0020_auto_20210421_0226'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='automatedtask',
+            name='custom_field',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='autotasks', to='core.customfield'),
+        ),
+    ]

api/tacticalrmm/autotasks/migrations/0022_automatedtask_collector_all_output.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.1 on 2021-05-29 03:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('autotasks', '0021_alter_automatedtask_custom_field'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='automatedtask',
+            name='collector_all_output',
+            field=models.BooleanField(default=False),
+        ),
+    ]

api/tacticalrmm/autotasks/models.py

@@ -1,19 +1,21 @@
-import pytz
+import asyncio
+import datetime as dt
 import random
 import string
-import datetime as dt
-
-from django.utils import timezone as djangotime
-from django.conf import settings
-from django.db import models
-from django.contrib.postgres.fields import ArrayField
-from django.db.models.fields import DateTimeField
-from logs.models import BaseAuditModel
-from tacticalrmm.utils import bitdays_to_string
-
-from loguru import logger
+from typing import List
 
+import pytz
 from alerts.models import SEVERITY_CHOICES
+from django.conf import settings
+from django.contrib.postgres.fields import ArrayField
+from django.db import models
+from django.db.models.fields import DateTimeField
+from django.db.utils import DatabaseError
+from django.utils import timezone as djangotime
+from logs.models import BaseAuditModel
+from loguru import logger
+from packaging import version as pyver
+from tacticalrmm.utils import bitdays_to_string
 
 logger.configure(**settings.LOG_CONFIG)
 
@@ -38,6 +40,7 @@ SYNC_STATUS_CHOICES = [
     ("synced", "Synced With Agent"),
     ("notsynced", "Waiting On Agent Checkin"),
     ("pendingdeletion", "Pending Deletion on Agent"),
+    ("initial", "Initial Task Sync"),
 ]
 
 TASK_STATUS_CHOICES = [
@@ -62,12 +65,19 @@ class AutomatedTask(BaseAuditModel):
         blank=True,
         on_delete=models.CASCADE,
     )
+    custom_field = models.ForeignKey(
+        "core.CustomField",
+        related_name="autotasks",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+    )
     script = models.ForeignKey(
         "scripts.Script",
         null=True,
         blank=True,
         related_name="autoscript",
-        on_delete=models.CASCADE,
+        on_delete=models.SET_NULL,
     )
     script_args = ArrayField(
         models.CharField(max_length=255, null=True, blank=True),
@@ -95,12 +105,15 @@ class AutomatedTask(BaseAuditModel):
     task_type = models.CharField(
         max_length=100, choices=TASK_TYPE_CHOICES, default="manual"
     )
+    collector_all_output = models.BooleanField(default=False)
     run_time_date = DateTimeField(null=True, blank=True)
     remove_if_not_scheduled = models.BooleanField(default=False)
+    run_asap_after_missed = models.BooleanField(default=False)  # added in agent v1.4.7
     managed_by_policy = models.BooleanField(default=False)
     parent_task = models.PositiveIntegerField(null=True, blank=True)
     win_task_name = models.CharField(max_length=255, null=True, blank=True)
     timeout = models.PositiveIntegerField(default=120)
+    retvalue = models.TextField(null=True, blank=True)
     retcode = models.IntegerField(null=True, blank=True)
     stdout = models.TextField(null=True, blank=True)
     stderr = models.TextField(null=True, blank=True)
@@ -111,7 +124,7 @@ class AutomatedTask(BaseAuditModel):
         max_length=30, choices=TASK_STATUS_CHOICES, default="pending"
     )
     sync_status = models.CharField(
-        max_length=100, choices=SYNC_STATUS_CHOICES, default="notsynced"
+        max_length=100, choices=SYNC_STATUS_CHOICES, default="initial"
     )
     alert_severity = models.CharField(
         max_length=30, choices=SEVERITY_CHOICES, default="info"
@@ -148,6 +161,32 @@ class AutomatedTask(BaseAuditModel):
 
         return self.last_run
 
+    # These fields will be duplicated on the agent tasks that are managed by a policy
+    @property
+    def policy_fields_to_copy(self) -> List[str]:
+        return [
+            "alert_severity",
+            "email_alert",
+            "text_alert",
+            "dashboard_alert",
+            "script",
+            "script_args",
+            "assigned_check",
+            "name",
+            "run_time_days",
+            "run_time_minute",
+            "run_time_bit_weekdays",
+            "run_time_date",
+            "task_type",
+            "win_task_name",
+            "timeout",
+            "enabled",
+            "remove_if_not_scheduled",
+            "run_asap_after_missed",
+            "custom_field",
+            "collector_all_output",
+        ]
+
     @staticmethod
     def generate_task_name():
         chars = string.ascii_letters
@@ -160,224 +199,220 @@ class AutomatedTask(BaseAuditModel):
 
         return TaskSerializer(task).data
 
-    def create_policy_task(self, agent=None, policy=None):
-        from .tasks import create_win_task_schedule
+    def create_policy_task(self, agent=None, policy=None, assigned_check=None):
 
         # if policy is present, then this task is being copied to another policy
         # if agent is present, then this task is being created on an agent from a policy
-
         # exit if neither are set or if both are set
-        if not agent and not policy or agent and policy:
+        # also exit if assigned_check is set because this task will be created when the check is
+        if (
+            (not agent and not policy)
+            or (agent and policy)
+            or (self.assigned_check and not assigned_check)
+        ):
             return
 
-        assigned_check = None
-
-        # get correct assigned check to task if set
-        if agent and self.assigned_check:
-            # check if there is a matching check on the agent
-            if agent.agentchecks.filter(parent_check=self.assigned_check.pk).exists():
-                assigned_check = agent.agentchecks.filter(
-                    parent_check=self.assigned_check.pk
-                ).first()
-            # check was overriden by agent and we need to use that agents check
-            else:
-                if agent.agentchecks.filter(
-                    check_type=self.assigned_check.check_type, overriden_by_policy=True
-                ).exists():
-                    assigned_check = agent.agentchecks.filter(
-                        check_type=self.assigned_check.check_type,
-                        overriden_by_policy=True,
-                    ).first()
-        elif policy and self.assigned_check:
-            if policy.policychecks.filter(name=self.assigned_check.name).exists():
-                assigned_check = policy.policychecks.filter(
-                    name=self.assigned_check.name
-                ).first()
-            else:
-                assigned_check = policy.policychecks.filter(
-                    check_type=self.assigned_check.check_type
-                ).first()
-
         task = AutomatedTask.objects.create(
             agent=agent,
             policy=policy,
             managed_by_policy=bool(agent),
             parent_task=(self.pk if agent else None),
-            alert_severity=self.alert_severity,
-            email_alert=self.email_alert,
-            text_alert=self.text_alert,
-            dashboard_alert=self.dashboard_alert,
-            script=self.script,
-            script_args=self.script_args,
             assigned_check=assigned_check,
-            name=self.name,
-            run_time_days=self.run_time_days,
-            run_time_minute=self.run_time_minute,
-            run_time_bit_weekdays=self.run_time_bit_weekdays,
-            run_time_date=self.run_time_date,
-            task_type=self.task_type,
-            win_task_name=self.win_task_name,
-            timeout=self.timeout,
-            enabled=self.enabled,
-            remove_if_not_scheduled=self.remove_if_not_scheduled,
         )
 
-        create_win_task_schedule.delay(task.pk)
+        for field in self.policy_fields_to_copy:
+            if field != "assigned_check":
+                setattr(task, field, getattr(self, field))
 
-    def handle_alert(self) -> None:
-        from alerts.models import Alert, AlertTemplate
-        from autotasks.tasks import (
-            handle_task_email_alert,
-            handle_task_sms_alert,
-            handle_resolved_task_sms_alert,
-            handle_resolved_task_email_alert,
+        task.save()
+
+        if agent:
+            task.create_task_on_agent()
+
+    def create_task_on_agent(self):
+        from agents.models import Agent
+
+        agent = (
+            Agent.objects.filter(pk=self.agent.pk)
+            .only("pk", "version", "hostname", "agent_id")
+            .first()
         )
 
-        self.status = "failing" if self.retcode != 0 else "passing"
-        self.save()
+        if self.task_type == "scheduled":
+            nats_data = {
+                "func": "schedtask",
+                "schedtaskpayload": {
+                    "type": "rmm",
+                    "trigger": "weekly",
+                    "weekdays": self.run_time_bit_weekdays,
+                    "pk": self.pk,
+                    "name": self.win_task_name,
+                    "hour": dt.datetime.strptime(self.run_time_minute, "%H:%M").hour,
+                    "min": dt.datetime.strptime(self.run_time_minute, "%H:%M").minute,
+                },
+            }
 
-        # return if agent is in maintenance mode
-        if self.agent.maintenance_mode:
-            return
+        elif self.task_type == "runonce":
+            # check if scheduled time is in the past
+            agent_tz = pytz.timezone(agent.timezone)
+            task_time_utc = self.run_time_date.replace(tzinfo=agent_tz).astimezone(
+                pytz.utc
+            )
+            now = djangotime.now()
+            if task_time_utc < now:
+                self.run_time_date = now.astimezone(agent_tz).replace(
+                    tzinfo=pytz.utc
+                ) + djangotime.timedelta(minutes=5)
+                self.save(update_fields=["run_time_date"])
 
-        # see if agent has an alert template and use that
-        alert_template = self.agent.get_alert_template()
+            nats_data = {
+                "func": "schedtask",
+                "schedtaskpayload": {
+                    "type": "rmm",
+                    "trigger": "once",
+                    "pk": self.pk,
+                    "name": self.win_task_name,
+                    "year": int(dt.datetime.strftime(self.run_time_date, "%Y")),
+                    "month": dt.datetime.strftime(self.run_time_date, "%B"),
+                    "day": int(dt.datetime.strftime(self.run_time_date, "%d")),
+                    "hour": int(dt.datetime.strftime(self.run_time_date, "%H")),
+                    "min": int(dt.datetime.strftime(self.run_time_date, "%M")),
+                },
+            }
 
-        # resolve alert if it exists
-        if self.status == "passing":
-            if Alert.objects.filter(assigned_task=self, resolved=False).exists():
-                alert = Alert.objects.get(assigned_task=self, resolved=False)
-                alert.resolve()
+            if self.run_asap_after_missed and pyver.parse(agent.version) >= pyver.parse(
+                "1.4.7"
+            ):
+                nats_data["schedtaskpayload"]["run_asap_after_missed"] = True
 
-                # check if resolved email should be send
-                if (
-                    not alert.resolved_email_sent
-                    and self.email_alert
-                    or alert_template
-                    and alert_template.task_email_on_resolved
-                ):
-                    handle_resolved_task_email_alert.delay(pk=alert.pk)
+            if self.remove_if_not_scheduled:
+                nats_data["schedtaskpayload"]["deleteafter"] = True
 
-                # check if resolved text should be sent
-                if (
-                    not alert.resolved_sms_sent
-                    and self.text_alert
-                    or alert_template
-                    and alert_template.task_text_on_resolved
-                ):
-                    handle_resolved_task_sms_alert.delay(pk=alert.pk)
-
-                # check if resolved script should be run
-                if (
-                    alert_template
-                    and alert_template.resolved_action
-                    and not alert.resolved_action_run
-                ):
-
-                    r = self.agent.run_script(
-                        scriptpk=alert_template.resolved_action.pk,
-                        args=alert_template.resolved_action_args,
-                        timeout=alert_template.resolved_action_timeout,
-                        wait=True,
-                        full=True,
-                        run_on_any=True,
-                    )
-
-                    # command was successful
-                    if type(r) == dict:
-                        alert.resolved_action_retcode = r["retcode"]
-                        alert.resolved_action_stdout = r["stdout"]
-                        alert.resolved_action_stderr = r["stderr"]
-                        alert.resolved_action_execution_time = "{:.4f}".format(
-                            r["execution_time"]
-                        )
-                        alert.resolved_action_run = djangotime.now()
-                        alert.save()
-                    else:
-                        logger.error(
-                            f"Resolved action: {alert_template.action.name} failed to run on any agent for {self.agent.hostname} resolved alert for task: {self.name}"
-                        )
-
-        # create alert if task is failing
+        elif self.task_type == "checkfailure" or self.task_type == "manual":
+            nats_data = {
+                "func": "schedtask",
+                "schedtaskpayload": {
+                    "type": "rmm",
+                    "trigger": "manual",
+                    "pk": self.pk,
+                    "name": self.win_task_name,
+                },
+            }
         else:
-            if not Alert.objects.filter(assigned_task=self, resolved=False).exists():
-                alert = Alert.create_task_alert(self)
-            else:
-                alert = Alert.objects.get(assigned_task=self, resolved=False)
+            return "error"
 
-                # check if alert severity changed on task and update the alert
-                if self.alert_severity != alert.severity:
-                    alert.severity = self.alert_severity
-                    alert.save(update_fields=["severity"])
+        r = asyncio.run(agent.nats_cmd(nats_data, timeout=5))
 
-            # create alert in dashboard if enabled
-            if (
-                self.dashboard_alert
-                or alert_template
-                and alert_template.task_always_alert
-            ):
-                alert.hidden = False
-                alert.save()
+        if r != "ok":
+            self.sync_status = "initial"
+            self.save(update_fields=["sync_status"])
+            logger.warning(
+                f"Unable to create scheduled task {self.name} on {agent.hostname}. It will be created when the agent checks in."
+            )
+            return "timeout"
+        else:
+            self.sync_status = "synced"
+            self.save(update_fields=["sync_status"])
+            logger.info(f"{agent.hostname} task {self.name} was successfully created")
 
-            # send email if enabled
-            if (
-                not alert.email_sent
-                and self.email_alert
-                or alert_template
-                and self.alert_severity in alert_template.task_email_alert_severity
-                and alert_template.check_always_email
-            ):
-                handle_task_email_alert.delay(
-                    pk=alert.pk,
-                    alert_template=alert_template.check_periodic_alert_days
-                    if alert_template
-                    else None,
+        return "ok"
+
+    def modify_task_on_agent(self):
+        from agents.models import Agent
+
+        agent = (
+            Agent.objects.filter(pk=self.agent.pk)
+            .only("pk", "version", "hostname", "agent_id")
+            .first()
+        )
+
+        nats_data = {
+            "func": "enableschedtask",
+            "schedtaskpayload": {
+                "name": self.win_task_name,
+                "enabled": self.enabled,
+            },
+        }
+        r = asyncio.run(agent.nats_cmd(nats_data, timeout=5))
+
+        if r != "ok":
+            self.sync_status = "notsynced"
+            self.save(update_fields=["sync_status"])
+            logger.warning(
+                f"Unable to modify scheduled task {self.name} on {agent.hostname}. It will try again on next agent checkin"
+            )
+            return "timeout"
+        else:
+            self.sync_status = "synced"
+            self.save(update_fields=["sync_status"])
+            logger.info(f"{agent.hostname} task {self.name} was successfully modified")
+
+        return "ok"
+
+    def delete_task_on_agent(self):
+        from agents.models import Agent
+
+        agent = (
+            Agent.objects.filter(pk=self.agent.pk)
+            .only("pk", "version", "hostname", "agent_id")
+            .first()
+        )
+
+        nats_data = {
+            "func": "delschedtask",
+            "schedtaskpayload": {"name": self.win_task_name},
+        }
+        r = asyncio.run(agent.nats_cmd(nats_data, timeout=10))
+
+        if r != "ok" and "The system cannot find the file specified" not in r:
+            self.sync_status = "pendingdeletion"
+
+            try:
+                self.save(update_fields=["sync_status"])
+            except DatabaseError:
+                pass
+
+            logger.warning(
+                f"{agent.hostname} task {self.name} will be deleted on next checkin"
+            )
+            return "timeout"
+        else:
+            self.delete()
+            logger.info(f"{agent.hostname} task {self.name} was deleted")
+
+        return "ok"
+
+    def run_win_task(self):
+        from agents.models import Agent
+
+        agent = (
+            Agent.objects.filter(pk=self.agent.pk)
+            .only("pk", "version", "hostname", "agent_id")
+            .first()
+        )
+
+        asyncio.run(agent.nats_cmd({"func": "runtask", "taskpk": self.pk}, wait=False))
+        return "ok"
+
+    def should_create_alert(self, alert_template=None):
+        return (
+            self.dashboard_alert
+            or self.email_alert
+            or self.text_alert
+            or (
+                alert_template
+                and (
+                    alert_template.task_always_alert
+                    or alert_template.task_always_email
+                    or alert_template.task_always_text
                 )
-
-            # send text if enabled
-            if (
-                not alert.sms_sent
-                and self.text_alert
-                or alert_template
-                and self.alert_severity in alert_template.task_text_alert_severity
-                and alert_template.check_always_text
-            ):
-                handle_task_sms_alert.delay(
-                    pk=alert.pk,
-                    alert_template=alert_template.check_periodic_alert_days
-                    if alert_template
-                    else None,
-                )
-
-            # check if any scripts should be run
-            if alert_template and alert_template.action and not alert.action_run:
-                r = self.agent.run_script(
-                    scriptpk=alert_template.action.pk,
-                    args=alert_template.action_args,
-                    timeout=alert_template.action_timeout,
-                    wait=True,
-                    full=True,
-                    run_on_any=True,
-                )
-
-                # command was successful
-                if type(r) == dict:
-                    alert.action_retcode = r["retcode"]
-                    alert.action_stdout = r["stdout"]
-                    alert.action_stderr = r["stderr"]
-                    alert.action_execution_time = "{:.4f}".format(r["execution_time"])
-                    alert.action_run = djangotime.now()
-                    alert.save()
-                else:
-                    logger.error(
-                        f"Failure action: {alert_template.action.name} failed to run on any agent for {self.agent.hostname} failure alert for task: {self.name}"
-                    )
+            )
+        )
 
     def send_email(self):
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.agent.get_alert_template()
 
         if self.agent:
             subject = f"{self.agent.client.name}, {self.agent.site.name}, {self} Failed"
@@ -389,14 +424,13 @@ class AutomatedTask(BaseAuditModel):
             + f" - Return code: {self.retcode}\nStdout:{self.stdout}\nStderr: {self.stderr}"
         )
 
-        CORE.send_mail(subject, body, alert_template)
+        CORE.send_mail(subject, body, self.agent.alert_template)
 
     def send_sms(self):
 
         from core.models import CoreSettings
 
         CORE = CoreSettings.objects.first()
-        alert_template = self.agent.get_alert_template()
 
         if self.agent:
             subject = f"{self.agent.client.name}, {self.agent.site.name}, {self} Failed"
@@ -408,13 +442,11 @@ class AutomatedTask(BaseAuditModel):
             + f" - Return code: {self.retcode}\nStdout:{self.stdout}\nStderr: {self.stderr}"
         )
 
-        CORE.send_sms(body, alert_template=alert_template)
+        CORE.send_sms(body, alert_template=self.agent.alert_template)
 
     def send_resolved_email(self):
         from core.models import CoreSettings
 
-        alert_template = self.agent.get_alert_template()
-
         CORE = CoreSettings.objects.first()
         subject = f"{self.agent.client.name}, {self.agent.site.name}, {self} Resolved"
         body = (
@@ -422,16 +454,15 @@ class AutomatedTask(BaseAuditModel):
             + f" - Return code: {self.retcode}\nStdout:{self.stdout}\nStderr: {self.stderr}"
         )
 
-        CORE.send_mail(subject, body, alert_template=alert_template)
+        CORE.send_mail(subject, body, alert_template=self.agent.alert_template)
 
     def send_resolved_sms(self):
         from core.models import CoreSettings
 
-        alert_template = self.agent.get_alert_template()
         CORE = CoreSettings.objects.first()
         subject = f"{self.agent.client.name}, {self.agent.site.name}, {self} Resolved"
         body = (
             subject
             + f" - Return code: {self.retcode}\nStdout:{self.stdout}\nStderr: {self.stderr}"
         )
-        CORE.send_sms(body, alert_template=alert_template)
+        CORE.send_sms(body, alert_template=self.agent.alert_template)

api/tacticalrmm/autotasks/permissions.py

@@ -0,0 +1,16 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class ManageAutoTaskPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return True
+
+        return _has_perm(r, "can_manage_autotasks")
+
+
+class RunAutoTaskPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_run_autotasks")

api/tacticalrmm/autotasks/serializers.py

@@ -1,12 +1,11 @@
-import pytz
 from rest_framework import serializers
 
-from .models import AutomatedTask
 from agents.models import Agent
-from scripts.models import Script
-
-from scripts.serializers import ScriptCheckSerializer
 from checks.serializers import CheckSerializer
+from scripts.models import Script
+from scripts.serializers import ScriptCheckSerializer
+
+from .models import AutomatedTask
 
 
 class TaskSerializer(serializers.ModelSerializer):
@@ -14,6 +13,24 @@ class TaskSerializer(serializers.ModelSerializer):
     assigned_check = CheckSerializer(read_only=True)
     schedule = serializers.ReadOnlyField()
     last_run = serializers.ReadOnlyField(source="last_run_as_timezone")
+    alert_template = serializers.SerializerMethodField()
+
+    def get_alert_template(self, obj):
+
+        if obj.agent:
+            alert_template = obj.agent.alert_template
+        else:
+            alert_template = None
+
+        if not alert_template:
+            return None
+        else:
+            return {
+                "name": alert_template.name,
+                "always_email": alert_template.task_always_email,
+                "always_text": alert_template.task_always_text,
+                "always_alert": alert_template.task_always_alert,
+            }
 
     class Meta:
         model = AutomatedTask
@@ -51,6 +68,12 @@ class TaskRunnerGetSerializer(serializers.ModelSerializer):
 
 class TaskGOGetSerializer(serializers.ModelSerializer):
     script = ScriptCheckSerializer(read_only=True)
+    script_args = serializers.SerializerMethodField()
+
+    def get_script_args(self, obj):
+        return Script.parse_script_args(
+            agent=obj.agent, shell=obj.script.shell, args=obj.script_args
+        )
 
     class Meta:
         model = AutomatedTask

api/tacticalrmm/autotasks/tasks.py

@@ -1,205 +1,49 @@
 import asyncio
 import datetime as dt
-from loguru import logger
-from tacticalrmm.celery import app
-from django.conf import settings
-import pytz
-from django.utils import timezone as djangotime
-from packaging import version as pyver
-from typing import Union
 import random
 from time import sleep
+from typing import Union
 
-from .models import AutomatedTask
-from logs.models import PendingAction
+from django.conf import settings
+from django.utils import timezone as djangotime
+from loguru import logger
+
+from autotasks.models import AutomatedTask
+from tacticalrmm.celery import app
 
 logger.configure(**settings.LOG_CONFIG)
 
 
 @app.task
-def create_win_task_schedule(pk, pending_action=False):
+def create_win_task_schedule(pk):
     task = AutomatedTask.objects.get(pk=pk)
 
-    if task.task_type == "scheduled":
-        nats_data = {
-            "func": "schedtask",
-            "schedtaskpayload": {
-                "type": "rmm",
-                "trigger": "weekly",
-                "weekdays": task.run_time_bit_weekdays,
-                "pk": task.pk,
-                "name": task.win_task_name,
-                "hour": dt.datetime.strptime(task.run_time_minute, "%H:%M").hour,
-                "min": dt.datetime.strptime(task.run_time_minute, "%H:%M").minute,
-            },
-        }
-
-    elif task.task_type == "runonce":
-        # check if scheduled time is in the past
-        agent_tz = pytz.timezone(task.agent.timezone)
-        task_time_utc = task.run_time_date.replace(tzinfo=agent_tz).astimezone(pytz.utc)
-        now = djangotime.now()
-        if task_time_utc < now:
-            task.run_time_date = now.astimezone(agent_tz).replace(
-                tzinfo=pytz.utc
-            ) + djangotime.timedelta(minutes=5)
-            task.save()
-
-        nats_data = {
-            "func": "schedtask",
-            "schedtaskpayload": {
-                "type": "rmm",
-                "trigger": "once",
-                "pk": task.pk,
-                "name": task.win_task_name,
-                "year": int(dt.datetime.strftime(task.run_time_date, "%Y")),
-                "month": dt.datetime.strftime(task.run_time_date, "%B"),
-                "day": int(dt.datetime.strftime(task.run_time_date, "%d")),
-                "hour": int(dt.datetime.strftime(task.run_time_date, "%H")),
-                "min": int(dt.datetime.strftime(task.run_time_date, "%M")),
-            },
-        }
-
-        if task.remove_if_not_scheduled and pyver.parse(
-            task.agent.version
-        ) >= pyver.parse("1.1.2"):
-            nats_data["schedtaskpayload"]["deleteafter"] = True
-
-    elif task.task_type == "checkfailure" or task.task_type == "manual":
-        nats_data = {
-            "func": "schedtask",
-            "schedtaskpayload": {
-                "type": "rmm",
-                "trigger": "manual",
-                "pk": task.pk,
-                "name": task.win_task_name,
-            },
-        }
-    else:
-        return "error"
-
-    r = asyncio.run(task.agent.nats_cmd(nats_data, timeout=10))
-
-    if r != "ok":
-        # don't create pending action if this task was initiated by a pending action
-        if not pending_action:
-
-            # complete any other pending actions on agent with same task_id
-            task.agent.remove_matching_pending_task_actions(task.id)
-
-            PendingAction(
-                agent=task.agent,
-                action_type="taskaction",
-                details={"action": "taskcreate", "task_id": task.id},
-            ).save()
-            task.sync_status = "notsynced"
-            task.save(update_fields=["sync_status"])
-
-        logger.error(
-            f"Unable to create scheduled task {task.win_task_name} on {task.agent.hostname}. It will be created when the agent checks in."
-        )
-        return
-
-    # clear pending action since it was successful
-    if pending_action:
-        pendingaction = PendingAction.objects.get(pk=pending_action)
-        pendingaction.status = "completed"
-        pendingaction.save(update_fields=["status"])
-
-    task.sync_status = "synced"
-    task.save(update_fields=["sync_status"])
-
-    logger.info(f"{task.agent.hostname} task {task.name} was successfully created")
+    task.create_task_on_agent()
 
     return "ok"
 
 
 @app.task
-def enable_or_disable_win_task(pk, action, pending_action=False):
+def enable_or_disable_win_task(pk):
     task = AutomatedTask.objects.get(pk=pk)
 
-    nats_data = {
-        "func": "enableschedtask",
-        "schedtaskpayload": {
-            "name": task.win_task_name,
-            "enabled": action,
-        },
-    }
-    r = asyncio.run(task.agent.nats_cmd(nats_data))
-
-    if r != "ok":
-        # don't create pending action if this task was initiated by a pending action
-        if not pending_action:
-            PendingAction(
-                agent=task.agent,
-                action_type="taskaction",
-                details={
-                    "action": "tasktoggle",
-                    "value": action,
-                    "task_id": task.id,
-                },
-            ).save()
-            task.sync_status = "notsynced"
-            task.save(update_fields=["sync_status"])
-
-        return
-
-    # clear pending action since it was successful
-    if pending_action:
-        pendingaction = PendingAction.objects.get(pk=pending_action)
-        pendingaction.status = "completed"
-        pendingaction.save(update_fields=["status"])
-
-    task.sync_status = "synced"
-    task.save(update_fields=["sync_status"])
+    task.modify_task_on_agent()
 
     return "ok"
 
 
 @app.task
-def delete_win_task_schedule(pk, pending_action=False):
+def delete_win_task_schedule(pk):
     task = AutomatedTask.objects.get(pk=pk)
 
-    nats_data = {
-        "func": "delschedtask",
-        "schedtaskpayload": {"name": task.win_task_name},
-    }
-    r = asyncio.run(task.agent.nats_cmd(nats_data, timeout=10))
-
-    if r != "ok" and "The system cannot find the file specified" not in r:
-        # don't create pending action if this task was initiated by a pending action
-        if not pending_action:
-
-            # complete any other pending actions on agent with same task_id
-            task.agent.remove_matching_pending_task_actions(task.id)
-
-            PendingAction(
-                agent=task.agent,
-                action_type="taskaction",
-                details={"action": "taskdelete", "task_id": task.id},
-            ).save()
-            task.sync_status = "pendingdeletion"
-            task.save(update_fields=["sync_status"])
-
-        return "timeout"
-
-    # complete pending action since it was successful
-    if pending_action:
-        pendingaction = PendingAction.objects.get(pk=pending_action)
-        pendingaction.status = "completed"
-        pendingaction.save(update_fields=["status"])
-
-    # complete any other pending actions on agent with same task_id
-    task.agent.remove_matching_pending_task_actions(task.id)
-
-    task.delete()
+    task.delete_task_on_agent()
     return "ok"
 
 
 @app.task
 def run_win_task(pk):
     task = AutomatedTask.objects.get(pk=pk)
-    asyncio.run(task.agent.nats_cmd({"func": "runtask", "taskpk": task.pk}, wait=False))
+    task.run_win_task()
     return "ok"
 
 

api/tacticalrmm/autotasks/tests.py

@@ -1,14 +1,14 @@
 import datetime as dt
-from unittest.mock import patch, call
-from model_bakery import baker
+from unittest.mock import call, patch
+
 from django.utils import timezone as djangotime
+from model_bakery import baker
 
 from tacticalrmm.test import TacticalTestCase
 
 from .models import AutomatedTask
-from logs.models import PendingAction
 from .serializers import AutoTaskSerializer
-from .tasks import remove_orphaned_win_tasks, run_win_task, create_win_task_schedule
+from .tasks import create_win_task_schedule, remove_orphaned_win_tasks, run_win_task
 
 
 class TestAutotaskViews(TacticalTestCase):
@@ -16,10 +16,10 @@ class TestAutotaskViews(TacticalTestCase):
         self.authenticate()
         self.setup_coresettings()
 
-    @patch("automation.tasks.generate_agent_tasks_from_policies_task.delay")
+    @patch("automation.tasks.generate_agent_autotasks_task.delay")
     @patch("autotasks.tasks.create_win_task_schedule.delay")
     def test_add_autotask(
-        self, create_win_task_schedule, generate_agent_tasks_from_policies_task
+        self, create_win_task_schedule, generate_agent_autotasks_task
     ):
         url = "/tasks/automatedtasks/"
 
@@ -28,7 +28,6 @@ class TestAutotaskViews(TacticalTestCase):
         agent = baker.make_recipe("agents.agent")
         policy = baker.make("automation.Policy")
         check = baker.make_recipe("checks.diskspace_check", agent=agent)
-        old_agent = baker.make_recipe("agents.agent", version="1.1.0")
 
         # test script set to invalid pk
         data = {"autotask": {"script": 500}}
@@ -51,15 +50,6 @@ class TestAutotaskViews(TacticalTestCase):
         resp = self.client.post(url, data, format="json")
         self.assertEqual(resp.status_code, 404)
 
-        # test old agent version
-        data = {
-            "autotask": {"script": script.id},
-            "agent": old_agent.id,
-        }
-
-        resp = self.client.post(url, data, format="json")
-        self.assertEqual(resp.status_code, 400)
-
         # test add task to agent
         data = {
             "autotask": {
@@ -93,13 +83,13 @@ class TestAutotaskViews(TacticalTestCase):
                 "task_type": "manual",
                 "assigned_check": None,
             },
-            "policy": policy.id,
+            "policy": policy.id,  # type: ignore
         }
 
         resp = self.client.post(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
 
-        generate_agent_tasks_from_policies_task.assert_called_with(policy.id)
+        generate_agent_autotasks_task.assert_called_with(policy=policy.id)  # type: ignore
 
         self.check_not_authenticated("post", url)
 
@@ -115,14 +105,14 @@ class TestAutotaskViews(TacticalTestCase):
         serializer = AutoTaskSerializer(agent)
 
         self.assertEqual(resp.status_code, 200)
-        self.assertEqual(resp.data, serializer.data)
+        self.assertEqual(resp.data, serializer.data)  # type: ignore
 
         self.check_not_authenticated("get", url)
 
     @patch("autotasks.tasks.enable_or_disable_win_task.delay")
-    @patch("automation.tasks.update_policy_task_fields_task.delay")
+    @patch("automation.tasks.update_policy_autotasks_fields_task.delay")
     def test_update_autotask(
-        self, update_policy_task_fields_task, enable_or_disable_win_task
+        self, update_policy_autotasks_fields_task, enable_or_disable_win_task
     ):
         # setup data
         agent = baker.make_recipe("agents.agent")
@@ -134,32 +124,32 @@ class TestAutotaskViews(TacticalTestCase):
         resp = self.client.patch("/tasks/500/automatedtasks/", format="json")
         self.assertEqual(resp.status_code, 404)
 
-        url = f"/tasks/{agent_task.id}/automatedtasks/"
+        url = f"/tasks/{agent_task.id}/automatedtasks/"  # type: ignore
 
         # test editing agent task
         data = {"enableordisable": False}
 
         resp = self.client.patch(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
-        enable_or_disable_win_task.assert_called_with(pk=agent_task.id, action=False)
+        enable_or_disable_win_task.assert_called_with(pk=agent_task.id)  # type: ignore
 
-        url = f"/tasks/{policy_task.id}/automatedtasks/"
+        url = f"/tasks/{policy_task.id}/automatedtasks/"  # type: ignore
 
         # test editing policy task
         data = {"enableordisable": True}
 
         resp = self.client.patch(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
-        update_policy_task_fields_task.assert_called_with(
-            policy_task.id, update_agent=True
+        update_policy_autotasks_fields_task.assert_called_with(
+            task=policy_task.id, update_agent=True  # type: ignore
         )
 
         self.check_not_authenticated("patch", url)
 
     @patch("autotasks.tasks.delete_win_task_schedule.delay")
-    @patch("automation.tasks.delete_policy_autotask_task.delay")
+    @patch("automation.tasks.delete_policy_autotasks_task.delay")
     def test_delete_autotask(
-        self, delete_policy_autotask_task, delete_win_task_schedule
+        self, delete_policy_autotasks_task, delete_win_task_schedule
     ):
         # setup data
         agent = baker.make_recipe("agents.agent")
@@ -172,21 +162,22 @@ class TestAutotaskViews(TacticalTestCase):
         self.assertEqual(resp.status_code, 404)
 
         # test delete agent task
-        url = f"/tasks/{agent_task.id}/automatedtasks/"
+        url = f"/tasks/{agent_task.id}/automatedtasks/"  # type: ignore
         resp = self.client.delete(url, format="json")
         self.assertEqual(resp.status_code, 200)
-        delete_win_task_schedule.assert_called_with(pk=agent_task.id)
+        delete_win_task_schedule.assert_called_with(pk=agent_task.id)  # type: ignore
 
         # test delete policy task
-        url = f"/tasks/{policy_task.id}/automatedtasks/"
+        url = f"/tasks/{policy_task.id}/automatedtasks/"  # type: ignore
         resp = self.client.delete(url, format="json")
         self.assertEqual(resp.status_code, 200)
-        delete_policy_autotask_task.assert_called_with(policy_task.id)
+        self.assertFalse(AutomatedTask.objects.filter(pk=policy_task.id))  # type: ignore
+        delete_policy_autotasks_task.assert_called_with(task=policy_task.id)  # type: ignore
 
         self.check_not_authenticated("delete", url)
 
-    @patch("agents.models.Agent.nats_cmd")
-    def test_run_autotask(self, nats_cmd):
+    @patch("autotasks.tasks.run_win_task.delay")
+    def test_run_autotask(self, run_win_task):
         # setup data
         agent = baker.make_recipe("agents.agent", version="1.1.0")
         task = baker.make("autotasks.AutomatedTask", agent=agent)
@@ -196,18 +187,10 @@ class TestAutotaskViews(TacticalTestCase):
         self.assertEqual(resp.status_code, 404)
 
         # test run agent task
-        url = f"/tasks/runwintask/{task.id}/"
+        url = f"/tasks/runwintask/{task.id}/"  # type: ignore
         resp = self.client.get(url, format="json")
         self.assertEqual(resp.status_code, 200)
-        nats_cmd.assert_called_with({"func": "runtask", "taskpk": task.id}, wait=False)
-        nats_cmd.reset_mock()
-
-        old_agent = baker.make_recipe("agents.agent", version="1.0.2")
-        task2 = baker.make("autotasks.AutomatedTask", agent=old_agent)
-        url = f"/tasks/runwintask/{task2.id}/"
-        resp = self.client.get(url, format="json")
-        self.assertEqual(resp.status_code, 400)
-        nats_cmd.assert_not_called()
+        run_win_task.assert_called()
 
         self.check_not_authenticated("get", url)
 
@@ -300,9 +283,9 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
             run_time_bit_weekdays=127,
             run_time_minute="21:55",
         )
-        self.assertEqual(self.task1.sync_status, "notsynced")
+        self.assertEqual(self.task1.sync_status, "initial")
         nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(pk=self.task1.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task1.pk).apply()
         self.assertEqual(nats_cmd.call_count, 1)
         nats_cmd.assert_called_with(
             {
@@ -317,29 +300,16 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
                     "min": 55,
                 },
             },
-            timeout=10,
+            timeout=5,
         )
         self.task1 = AutomatedTask.objects.get(pk=self.task1.pk)
         self.assertEqual(self.task1.sync_status, "synced")
 
         nats_cmd.return_value = "timeout"
-        ret = create_win_task_schedule.s(pk=self.task1.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task1.pk).apply()
         self.assertEqual(ret.status, "SUCCESS")
         self.task1 = AutomatedTask.objects.get(pk=self.task1.pk)
-        self.assertEqual(self.task1.sync_status, "notsynced")
-
-        # test pending action
-        self.pending_action = PendingAction.objects.create(
-            agent=self.agent, action_type="taskaction"
-        )
-        self.assertEqual(self.pending_action.status, "pending")
-        nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(
-            pk=self.task1.pk, pending_action=self.pending_action.pk
-        ).apply()
-        self.assertEqual(ret.status, "SUCCESS")
-        self.pending_action = PendingAction.objects.get(pk=self.pending_action.pk)
-        self.assertEqual(self.pending_action.status, "completed")
+        self.assertEqual(self.task1.sync_status, "initial")
 
         # test runonce with future date
         nats_cmd.reset_mock()
@@ -353,7 +323,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
             run_time_date=run_time_date,
         )
         nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(pk=self.task2.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task2.pk).apply()
         nats_cmd.assert_called_with(
             {
                 "func": "schedtask",
@@ -369,7 +339,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
                     "min": int(dt.datetime.strftime(self.task2.run_time_date, "%M")),
                 },
             },
-            timeout=10,
+            timeout=5,
         )
         self.assertEqual(ret.status, "SUCCESS")
 
@@ -385,7 +355,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
             run_time_date=run_time_date,
         )
         nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(pk=self.task3.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task3.pk).apply()
         self.task3 = AutomatedTask.objects.get(pk=self.task3.pk)
         self.assertEqual(ret.status, "SUCCESS")
 
@@ -401,7 +371,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
             assigned_check=self.check,
         )
         nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(pk=self.task4.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task4.pk).apply()
         nats_cmd.assert_called_with(
             {
                 "func": "schedtask",
@@ -412,7 +382,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
                     "name": task_name,
                 },
             },
-            timeout=10,
+            timeout=5,
         )
         self.assertEqual(ret.status, "SUCCESS")
 
@@ -426,7 +396,7 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
             task_type="manual",
         )
         nats_cmd.return_value = "ok"
-        ret = create_win_task_schedule.s(pk=self.task5.pk, pending_action=False).apply()
+        ret = create_win_task_schedule.s(pk=self.task5.pk).apply()
         nats_cmd.assert_called_with(
             {
                 "func": "schedtask",
@@ -437,6 +407,6 @@ class TestAutoTaskCeleryTasks(TacticalTestCase):
                     "name": task_name,
                 },
             },
-            timeout=10,
+            timeout=5,
         )
         self.assertEqual(ret.status, "SUCCESS")

api/tacticalrmm/autotasks/urls.py

@@ -1,4 +1,5 @@
 from django.urls import path
+
 from . import views
 
 urlpatterns = [

api/tacticalrmm/autotasks/views.py

@@ -1,32 +1,26 @@
-import asyncio
-import pytz
 from django.shortcuts import get_object_or_404
-
-from rest_framework.views import APIView
+from rest_framework.decorators import api_view, permission_classes
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
-from rest_framework.decorators import api_view
+from rest_framework.views import APIView
 
-from .models import AutomatedTask
 from agents.models import Agent
 from checks.models import Check
-
 from scripts.models import Script
-from core.models import CoreSettings
+from tacticalrmm.utils import get_bit_days, get_default_timezone, notify_error
 
-from .serializers import TaskSerializer, AutoTaskSerializer
-
-from .tasks import (
-    create_win_task_schedule,
-    delete_win_task_schedule,
-    enable_or_disable_win_task,
-)
-from tacticalrmm.utils import notify_error, get_bit_days
+from .models import AutomatedTask
+from .permissions import ManageAutoTaskPerms, RunAutoTaskPerms
+from .serializers import AutoTaskSerializer, TaskSerializer
 
 
 class AddAutoTask(APIView):
+    permission_classes = [IsAuthenticated, ManageAutoTaskPerms]
+
     def post(self, request):
-        from automation.tasks import generate_agent_tasks_from_policies_task
         from automation.models import Policy
+        from automation.tasks import generate_agent_autotasks_task
+        from autotasks.tasks import create_win_task_schedule
 
         data = request.data
         script = get_object_or_404(Script, pk=data["autotask"]["script"])
@@ -38,9 +32,6 @@ class AddAutoTask(APIView):
             parent = {"policy": policy}
         else:
             agent = get_object_or_404(Agent, pk=data["agent"])
-            if not agent.has_gotasks:
-                return notify_error("Requires agent version 1.1.1 or greater")
-
             parent = {"agent": agent}
 
         check = None
@@ -54,7 +45,7 @@ class AddAutoTask(APIView):
         del data["autotask"]["run_time_days"]
         serializer = TaskSerializer(data=data["autotask"], partial=True, context=parent)
         serializer.is_valid(raise_exception=True)
-        obj = serializer.save(
+        task = serializer.save(
             **parent,
             script=script,
             win_task_name=AutomatedTask.generate_task_name(),
@@ -62,27 +53,29 @@ class AddAutoTask(APIView):
             run_time_bit_weekdays=bit_weekdays,
         )
 
-        if not "policy" in data:
-            create_win_task_schedule.delay(pk=obj.pk)
+        if task.agent:
+            create_win_task_schedule.delay(pk=task.pk)
 
-        if "policy" in data:
-            generate_agent_tasks_from_policies_task.delay(data["policy"])
+        elif task.policy:
+            generate_agent_autotasks_task.delay(policy=task.policy.pk)
 
         return Response("Task will be created shortly!")
 
 
 class AutoTask(APIView):
+    permission_classes = [IsAuthenticated, ManageAutoTaskPerms]
+
     def get(self, request, pk):
 
         agent = get_object_or_404(Agent, pk=pk)
         ctx = {
-            "default_tz": pytz.timezone(CoreSettings.objects.first().default_time_zone),
+            "default_tz": get_default_timezone(),
             "agent_tz": agent.time_zone,
         }
         return Response(AutoTaskSerializer(agent, context=ctx).data)
 
     def put(self, request, pk):
-        from automation.tasks import update_policy_task_fields_task
+        from automation.tasks import update_policy_autotasks_fields_task
 
         task = get_object_or_404(AutomatedTask, pk=pk)
 
@@ -91,49 +84,54 @@ class AutoTask(APIView):
         serializer.save()
 
         if task.policy:
-            update_policy_task_fields_task.delay(task.pk)
+            update_policy_autotasks_fields_task.delay(task=task.pk)
 
         return Response("ok")
 
     def patch(self, request, pk):
-        from automation.tasks import update_policy_task_fields_task
+        from automation.tasks import update_policy_autotasks_fields_task
+        from autotasks.tasks import enable_or_disable_win_task
 
         task = get_object_or_404(AutomatedTask, pk=pk)
 
         if "enableordisable" in request.data:
             action = request.data["enableordisable"]
-
-            if not task.policy:
-                enable_or_disable_win_task.delay(pk=task.pk, action=action)
-
-            else:
-                update_policy_task_fields_task.delay(task.pk, update_agent=True)
-
             task.enabled = action
             task.save(update_fields=["enabled"])
             action = "enabled" if action else "disabled"
+
+            if task.policy:
+                update_policy_autotasks_fields_task.delay(
+                    task=task.pk, update_agent=True
+                )
+            elif task.agent:
+                enable_or_disable_win_task.delay(pk=task.pk)
+
             return Response(f"Task will be {action} shortly")
 
+        else:
+            return notify_error("The request was invalid")
+
     def delete(self, request, pk):
-        from automation.tasks import delete_policy_autotask_task
+        from automation.tasks import delete_policy_autotasks_task
+        from autotasks.tasks import delete_win_task_schedule
 
         task = get_object_or_404(AutomatedTask, pk=pk)
 
-        if not task.policy:
+        if task.agent:
             delete_win_task_schedule.delay(pk=task.pk)
-
-        if task.policy:
-            delete_policy_autotask_task.delay(task.pk)
+        elif task.policy:
+            delete_policy_autotasks_task.delay(task=task.pk)
             task.delete()
 
         return Response(f"{task.name} will be deleted shortly")
 
 
 @api_view()
+@permission_classes([IsAuthenticated, RunAutoTaskPerms])
 def run_task(request, pk):
-    task = get_object_or_404(AutomatedTask, pk=pk)
-    if not task.agent.has_nats:
-        return notify_error("Requires agent version 1.1.0 or greater")
+    from autotasks.tasks import run_win_task
 
-    asyncio.run(task.agent.nats_cmd({"func": "runtask", "taskpk": task.pk}, wait=False))
+    task = get_object_or_404(AutomatedTask, pk=pk)
+    run_win_task.delay(pk=pk)
     return Response(f"{task.name} will now be run on {task.agent.hostname}")

api/tacticalrmm/checks/baker_recipes.py

@@ -3,7 +3,7 @@ from model_bakery.recipe import Recipe
 check = Recipe("checks.Check")
 
 diskspace_check = check.extend(
-    check_type="diskspace", disk="C:", warning_threshold=30, error_threshold=75
+    check_type="diskspace", disk="C:", warning_threshold=30, error_threshold=10
 )
 
 cpuload_check = check.extend(
@@ -13,7 +13,7 @@ cpuload_check = check.extend(
 ping_check = check.extend(check_type="ping", ip="10.10.10.10")
 
 memory_check = check.extend(
-    check_type="memory", warning_threshold=30, error_threshold=75
+    check_type="memory", warning_threshold=60, error_threshold=75
 )
 
 winsvc_check = check.extend(
@@ -21,6 +21,7 @@ winsvc_check = check.extend(
     svc_name="ServiceName",
     svc_display_name="ServiceName",
     svc_policy_mode="manual",
+    pass_if_svc_not_exist=False,
 )
 
 eventlog_check = check.extend(