diff --git a/CHANGELOG.md b/CHANGELOG.md index 971810f7..90f55717 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,30 @@ All notable changes to ResolutionFlow are documented here. +## [0.1.0.0] - 2026-04-16 + +### Added +- **PSA Ticket Management** — dedicated `/tickets` page with URL-param filter state (board, status, priority, company, assignment, closed), paginated ticket list, and slide-in detail panel +- **TicketDetailPanel** — full ticket view with notes feed, configurations, related tickets, and resource manager; optimistic status updates via dropdown +- **NewTicketModal** — two-tab ticket creation: "Quick Create (AI)" parses natural language into a pre-filled form via Claude, "Full Form" for manual entry; validates required fields before submitting to CW +- **AiTicketParseForm** — natural language → structured ticket data using Claude; resolves board and assignee automatically, flags fields needing manual selection +- **TicketResourceManager** — add/remove CW members as ticket resources with member search autocomplete +- **Spin-off ticket creation from ResolutionAssist** — AI can detect when a new ticket should be created mid-session and surface the NewTicketModal pre-filled with session context +- **TicketQueue improvements** — dashboard widget now detects member mapping, caps at 5 items, shows "View All" link to `/tickets` +- **Board statuses endpoint** — `GET /integrations/boards/{board_id}/statuses` for direct status lookup without a ticket context +- **Paginated ticket search** — `search_tickets` returns `{items, total, page, page_size}`; parallel CW count fetch for accurate totals +- **Ticket service layer** — `ticket_service.py` wraps all PSA mutations (create, update status, list/add/remove resources) +- **Priority lookup endpoint** — `GET /integrations/tickets/priorities` for form dropdowns +- **PSA error surfacing** — `/tickets` page shows inline error banner with specific guidance when CW returns a permissions error (replaces silent empty state) + +### Fixed +- CW query injection: sanitize search `query` string to strip single quotes before interpolation into CW conditions +- `company_id` filter now correctly applied to CW ticket search conditions (was silently ignored) +- `linkedTicket` fetch in ResolutionAssist guarded with `currentChatRef` to prevent race condition on session switch +- Members endpoint auth gate no longer rejects engineers without a PSA mapping +- Board fallback: ticket list derives available boards from ticket data when the boards API returns empty (permissions) +- Assignment search and "Load More" removed from resource manager in favor of direct member list + ## [Unreleased] ### Added diff --git a/CLAUDE.md b/CLAUDE.md index c7def325..d228b3df 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -1,6 +1,6 @@ # CLAUDE.md - Patherly / ResolutionFlow Project Context -> **Last Updated:** April 6, 2026 +> **Last Updated:** April 16, 2026 --- @@ -20,18 +20,12 @@ | Docker containers | `resolutionflow_postgres`, `resolutionflow_frontend`, `resolutionflow_backend` | | Backend, frontend UI, production URLs | **ResolutionFlow** | -- **Design system:** [DESIGN-SYSTEM.md](DESIGN-SYSTEM.md) — THE source of truth for all design decisions -- **Design aesthetic:** Flat, high-contrast dark theme (Sentry/PostHog-inspired). No glass morphism, no gradients on surfaces, no ambient effects. Light mode planned. -- **Accent color:** Electric blue (#60a5fa dark / #2563eb light). Used sparingly — ≤5% of the UI. Warning is amber (#fbbf24), info is cyan (#67e8f9). -- **Fonts:** IBM Plex Sans (`font-sans`, body), Bricolage Grotesque (`font-heading`, headings), JetBrains Mono (`font-mono`, code) — loaded via Google Fonts -- **Logo:** 30px gradient square (ember orange) + "ResolutionFlow" in Bricolage Grotesque 700 -- **Layout:** Icon rail sidebar (72px default) with hover flyout panels. Pinnable to full 260px sidebar. See [DESIGN-SYSTEM.md](DESIGN-SYSTEM.md) - **Brand assets:** `brand-assets/` (source SVGs), `frontend/src/assets/brand/` (app assets), `frontend/public/icons/` (favicon) -- **Terminology:** User-facing label is "Flows" (not "Trees"). Procedural flows are called "Projects" in the UI. Step Library is called "Solutions Library" in the UI. Maintenance flows are hidden from UI for pilot (backend still supports them). `tree_type` column values unchanged in DB. +- **Logo:** 30px gradient square (ember orange) + "ResolutionFlow" in Bricolage Grotesque 700 +- **Layout:** Icon rail sidebar (72px default) with hover flyout panels. Pinnable to full 260px sidebar. +- **Terminology:** User-facing label is "Flows" (not "Trees"). Procedural flows are called "Projects" in the UI. Step Library is called "Solutions Library" in the UI. `tree_type` column values unchanged in DB. - **Reference mockups:** `docs/mockups/` (HTML files, open in browser) -**Component styling:** See Design System section below and [DESIGN-SYSTEM.md](DESIGN-SYSTEM.md). All colors via CSS variables. Use "Flows" not "Trees" in user-facing text; use "Projects" not "Procedures" for procedural flows. - ## Implementation Principles - Prefer correct architecture over minimal diff @@ -59,22 +53,10 @@ ## Tech Stack ### Backend - -- **Framework:** Python FastAPI -- **Database:** PostgreSQL 16 (async via SQLAlchemy 2.0 + asyncpg) -- **Migrations:** Alembic -- **Auth:** JWT (python-jose) + bcrypt, refresh token rotation (JTI-based) -- **Validation:** Pydantic v2 -- **Scheduling:** APScheduler 3.x (async, in-process with FastAPI lifespan) + croniter + pytz +Python FastAPI, PostgreSQL 16 (async SQLAlchemy 2.0 + asyncpg), Alembic, JWT (python-jose) + bcrypt, Pydantic v2, APScheduler 3.x ### Frontend - -- **Framework:** React 19 + Vite + TypeScript -- **Styling:** Tailwind CSS v4 (`@tailwindcss/vite` plugin, CSS-only config in `index.css`) — flat dark theme with ember orange accent (see [DESIGN-SYSTEM.md](DESIGN-SYSTEM.md)) -- **State:** Zustand (with immer + zundo for undo/redo) -- **Routing:** React Router v7 -- **API Client:** Axios with token refresh interceptor -- **Icons:** Lucide React +React 19 + Vite + TypeScript, Tailwind CSS v4 (CSS-only config in `index.css`), Zustand (immer + zundo), React Router v7, Axios, Lucide React --- @@ -82,37 +64,23 @@ ``` patherly/ -├── backend/ -│ ├── app/ -│ │ ├── main.py # FastAPI entry point -│ │ ├── api/endpoints/ # Route handlers (auth, trees, sessions, admin, steps, survey, copilot, assistant_chat, integrations) -│ │ │ ├── flow_proposals.py # Knowledge Flywheel review queue CRUD -│ │ │ └── flowpilot_analytics.py # FlowPilot dashboard metrics -│ │ ├── api/deps.py # Auth dependencies (includes require_team_admin) -│ │ ├── api/router.py # Route registration -│ │ ├── core/ # config, database, permissions, security, audit, rate_limit -│ │ ├── models/ # SQLAlchemy models (includes FlowProposal) -│ │ ├── schemas/ # Pydantic schemas -│ │ ├── services/psa/ # PSA provider abstraction (base, connectwise/, autotask/, halopsa/, cache, encryption, registry, types) -│ │ ├── services/knowledge_flywheel.py # AI session analysis → flow proposals -│ │ ├── services/knowledge_flywheel_scheduler.py # APScheduler job for batch analysis -│ │ └── services/knowledge_gap_service.py # Weak options & escalation signal detection -│ ├── alembic/ # Database migrations (001-070 sequential, then hash IDs) -│ ├── scripts/ # seed_data.py, seed_trees.py -│ └── tests/ # pytest integration tests -├── frontend/ -│ ├── src/ -│ │ ├── api/ # Axios client + endpoint modules -│ │ ├── components/ # common, layout, dashboard, tree-editor, session, procedural, procedural-editor, library, step-library, ui, flowpilot -│ │ ├── hooks/ # usePermissions, useSessionTimer, useKeyboardShortcuts -│ │ ├── pages/ # All page components -│ │ ├── store/ # Zustand stores (auth, treeEditor, proceduralEditor, userPreferences, scriptGeneratorStore) -│ │ └── types/ # TypeScript interfaces -│ └── (Tailwind v4: CSS-only config in src/index.css) -├── docs/plans/archive/ # Archived design/impl docs (pre-March 2026) -├── CLAUDE.md # This file -├── CURRENT-STATE.md # Detailed feature status -├── LESSONS-LEARNED.md # (Deprecated — consolidated into CLAUDE.md) +├── backend/app/ +│ ├── main.py # FastAPI entry point +│ ├── api/endpoints/ # Route handlers +│ ├── api/deps.py # Auth dependencies +│ ├── core/ # config, database, permissions, security, audit, rate_limit +│ ├── models/ # SQLAlchemy models +│ ├── schemas/ # Pydantic schemas +│ └── services/psa/ # PSA provider abstraction (connectwise/, autotask/, halopsa/) +├── backend/alembic/ # Migrations (001-070 sequential, then hash IDs) +├── backend/tests/ # pytest integration tests +├── frontend/src/ +│ ├── api/ # Axios client + endpoint modules +│ ├── components/ # UI components +│ ├── hooks/ # usePermissions, useSessionTimer, etc. +│ ├── pages/ # Page components +│ ├── store/ # Zustand stores +│ └── types/ # TypeScript interfaces └── docs/plans/ # Design docs & implementation plans ``` @@ -143,252 +111,163 @@ VITE_API_URL=http://localhost:8000 ## ConnectWise PSA Integration -ResolutionFlow integrates with ConnectWise PSA (formerly Manage) as the primary PSA integration. All ConnectWise API reference materials live in `docs/connectwise/`. +All reference materials in `docs/connectwise/`. See [CONNECTWISE-API-REFERENCE.md](docs/connectwise/CONNECTWISE-API-REFERENCE.md) first. ### Best Practices Documentation -Official ConnectWise developer guides live in `docs/connectwise/best-practices/`. Read these BEFORE implementing any CW API integration code: +Read `docs/connectwise/best-practices/` BEFORE implementing any CW API integration code: -- `PSA-API-Requests.md` — HTTP methods, response codes, condition query syntax, PATCH format, URL encoding, partial responses, custom fields. READ FIRST. -- `PSA-Callbacks.md` — Callback type/level matrix, retry behavior, URL parameter gotcha, HMAC signature verification. -- `PSA-Pagination.md` — Navigable vs Forward-Only pagination, Link headers, while-loop pattern. -- `PSA-Service-Tickets.md` — Ticket field philosophy, recommended field mappings. -- `PSA-Versioning.md` — Pin API version via Accept header. Use `application/vnd.connectwise.com+json; version=2025.16`. -- `PSA-Cloud-URL-Formatting.md` — Dynamic base URL construction via `/login/companyinfo/{companyId}`. -- `Bundled-Requests.md` — Batch multiple API calls into one request via `/system/bundles`. -- `PSA-Markdown.md` — Ticket notes support markdown. Format session documentation output accordingly. -- `PSA-Company-Synchronization.md` — Filter companies by Status/Type for mapping UI. -- `PSA-Data-Protection.md` — Security role model, request minimal permissions (MY not ALL). +- `PSA-API-Requests.md` — HTTP methods, condition syntax, PATCH format. READ FIRST. +- `PSA-Callbacks.md` — Callback matrix, HMAC verification. +- `PSA-Pagination.md` — Forward-Only vs Navigable, Link headers. +- `PSA-Service-Tickets.md` — Ticket field mappings. +- `PSA-Versioning.md` — Pin `application/vnd.connectwise.com+json; version=2025.16`. +- `PSA-Cloud-URL-Formatting.md` — Dynamic base URL via `/login/companyinfo/{companyId}`. +- `Bundled-Requests.md` — Batch via `/system/bundles`. +- `PSA-Markdown.md` — Notes support markdown. +- `PSA-Company-Synchronization.md` — Filter companies by Status/Type. +- `PSA-Data-Protection.md` — Request minimal permissions (MY not ALL). ### Reference Files (read in this order) -1. `docs/connectwise/CONNECTWISE-API-REFERENCE.md` — Read FIRST. Quick reference covering auth patterns, tiered endpoint map, key field mappings, and integration architecture flows. -2. `docs/connectwise/connectwise-psa-resolutionflow-reference.json` — Extracted OpenAPI 3.0.1 spec (v2025.16) with only the 670 endpoints and 342 schemas relevant to ResolutionFlow. Use for exact field types, request/response shapes, and parameter details. -3. `docs/connectwise/connectwise-psa-openapi-full.json` — Complete ConnectWise PSA OpenAPI spec (1838 endpoints, 842 schemas). Only consult if you need an endpoint outside the extracted subset. - -### Integration Architecture - -- **Session → Ticket Notes:** Post auto-generated session documentation to ConnectWise tickets as internal analysis notes via `POST /service/tickets/{id}/notes` -- **Ticket Context → Session Runner:** Pull ticket details, company info, and attached configurations to give FlowPilot AI real-world context -- **Callbacks:** Register webhooks via `/system/callbacks` for real-time ticket event notifications to suggest relevant Flows +1. `docs/connectwise/CONNECTWISE-API-REFERENCE.md` — Auth patterns, endpoint map, field mappings. +2. `docs/connectwise/connectwise-psa-resolutionflow-reference.json` — Extracted OpenAPI 3.0.1 spec (670 endpoints, 342 schemas). +3. `docs/connectwise/connectwise-psa-openapi-full.json` — Full spec (1838 endpoints). Only if you need something outside the subset. ### Key Implementation Rules - Auth: API Key auth (Base64 of `companyId+publicKey:privateKey`) + `clientId` header on every request -- `clientId` is server-side config (`CW_CLIENT_ID` in `config.py`) — identifies the ResolutionFlow app, NOT per-tenant. Per-connection credentials: `company_id`, `public_key`, `private_key`, `server_url` -- All PSA integration code in `services/psa/` — provider pattern with `PSAProvider` abstract base class, `ConnectWiseProvider` implementation, `PsaProviderRegistry` for multi-PSA dispatch +- `clientId` is server-side config (`CW_CLIENT_ID` in `config.py`) — identifies ResolutionFlow app, NOT per-tenant. Per-connection: `company_id`, `public_key`, `private_key`, `server_url` +- All PSA code in `services/psa/` — `PSAProvider` abstract base, `ConnectWiseProvider` impl, `PsaProviderRegistry` for multi-PSA dispatch - PSA endpoints in `api/endpoints/integrations.py` — connection CRUD, ticket ops, member mapping -- Credentials encrypted at rest via `services/psa/encryption.py` (Fernet) -- Each MSP tenant provides their own CW credentials — ResolutionFlow stores these per-team, never per-user -- Design for the Autotask integration following the same service layer pattern (future PSA) +- Credentials encrypted via `services/psa/encryption.py` (Fernet); stored per-team, never per-user - In-memory TTL cache in `services/psa/cache.py` for board/status/priority lookups -- Respect CW API: paginate with max 1000 per page, handle retries gracefully +- Integration flows: Session → Ticket Notes via `POST /service/tickets/{id}/notes`; Ticket Context → FlowPilot via ticket details/company/configs; Callbacks via `/system/callbacks` --- ## Development Commands -```powershell -# Start PostgreSQL (run from VPS SSH — docker not available inside code-server, see Lesson 103) +```bash +# PostgreSQL (run from VPS SSH — docker not available in code-server, see Lesson 103) docker start resolutionflow_postgres # Backend (from backend/) -source venv/bin/activate # Linux/Mac -# .\venv\Scripts\Activate # Windows +source venv/bin/activate uvicorn app.main:app --reload -# Frontend (from frontend/) +# Frontend (from frontend/) — requires Node 20 (use nvm: nvm use 20) npm run dev -# Run tests (from backend/) +# Tests (from backend/) pytest --override-ini="addopts=" -# First time only: create test database -docker exec -it resolutionflow_postgres psql -U postgres -c "CREATE DATABASE resolutionflow_test;" +# TypeScript check (use in code-server — avoids EACCES on dist/, see Lesson 105) +npx tsc -b -# Frontend build (IMPORTANT: stricter than tsc --noEmit — always use as final check) +# Frontend build — stricter than tsc, always use as final check before push cd frontend && npm run build -# Database migrations +# Migrations cd backend && alembic upgrade head -alembic revision --autogenerate -m "Description" -# Sequential 3-digit IDs (001–070) were used historically. New migrations use Alembic's default hex hash IDs. -# Do NOT pass --rev-id — let Alembic generate the hash automatically. +alembic revision --autogenerate -m "Description" # do NOT pass --rev-id; Alembic generates hash IDs -# Access PostgreSQL (run from VPS SSH — docker not available inside code-server, see Lesson 103) +# Access PostgreSQL (VPS SSH) docker exec -it resolutionflow_postgres psql -U postgres -d resolutionflow -# Seed data -cd backend && pip install httpx && python -m scripts.seed_trees - -# CI/CD debugging -# CI runs on Gitea (gitea.resolutionflow.com), NOT GitHub Actions — gh run list will return nothing useful -# Check CI status at: https://gitea.resolutionflow.com/chihlasm/resolutionflow/actions -# `gh` CLI is still used for GitHub Issues/PRs (mirrored repo), not for CI runs +# CI runs on Gitea (NOT GitHub Actions): https://gitea.resolutionflow.com/chihlasm/resolutionflow/actions ``` -### URLs +### URLs & Test Users -- Frontend: -- Backend API: -- API Docs: - -### Test Users (seeded via `scripts/seed_test_users.py`) - -- All share password: `TestPass123!` -- `admin@resolutionflow.example.com` (super_admin), `teamadmin@resolutionflow.example.com` (team_admin), `engineer@resolutionflow.example.com` (engineer), `pro@resolutionflow.example.com` (solo pro) +- Frontend: `http://localhost:5173` | Backend: `http://localhost:8000` | API Docs: `http://localhost:8000/api/docs` +- Test password: `TestPass123!` — users: `admin@`, `teamadmin@`, `engineer@`, `pro@` (all `@resolutionflow.example.com`) --- ## Critical Lessons Learned -> Lessons 1-40 archived to `docs/LESSONS-ARCHIVE.md` — fixes are baked into the codebase. Consult if you hit a regression. +> Lessons 1-70 archived to `docs/LESSONS-ARCHIVE.md` — fixes are baked into the codebase. -### Active Lessons (41+) +**71. Enhancement/branch_addition proposals cannot be directly approved:** Backend returns 400 — requires `modified_flow_data` via "Edit & Publish". Only `new_flow` proposals support direct approve. -**41. Assistant chat uses local React state, not Zustand:** `AssistantChatPage.tsx` uses `useState` for `chats`, `messages`, `input`, `loading`. No store. +**72. `ai_sessions.status` column is `VARCHAR(30)`:** Must fit `requesting_escalation` (23 chars). Verify length when adding new status values. -**42. Public pages use raw `fetch()`, not `apiClient`:** Survey, shared sessions, and no-auth pages use `fetch()` with full URL. `apiClient` requires auth tokens. +**73. `get_db` rolls back on exception:** Prevents `InFailedSQLTransaction` cascade. Never remove the `await session.rollback()` in the dependency. -**43. Adding new email types:** Add static async method to `EmailService` in `core/email.py`. Fire-and-forget from endpoints (log errors, don't fail). +**74. FlowPilot action bar height chain:** `ViewTransitionOutlet` wrapper needs `flex flex-col`. If action bar disappears, walk `getBoundingClientRect()` from `app-shell` down. -**44. AI Chat Builder is flow-type-aware:** `ai_chat_service.py` dispatches by `flow_type`. Troubleshooting: `[TREE_UPDATE]` markers. Procedural: `[STEPS_UPDATE]` markers. Both support `[METADATA]`. +**75. Dashboard prefill auto-submits:** `StartSessionInput` passes `{ state: { prefill } }`. Both `FlowPilotSessionPage` and `AssistantChatPage` auto-submit via `useEffect` + `prefillHandledRef` guard. -**45. Intake form field schema:** Uses `variable_name` and `field_type` (NOT `name` and `type`). +**76. Active session navigation guard:** `FlowPilotSessionPage` uses `useBlocker` to intercept navigation. "Pause & Leave" auto-pauses before proceeding. -**46. `CreateFlowDropdown` uses `AIPromptDialog`:** Opens prompt modal, starts AI session, generates flow, navigates to editor with `{ state: { aiPanelOpen: true, sessionId } }`. +**77. Prefer manual Alembic migrations for targeted changes:** `--autogenerate` picks up all table drift. For single-column fixes, use `alembic revision -m "desc"` and write `op.alter_column()` manually. -**47. Editor-Embedded Flow Assist:** `EditorAIPanel` (320px side panel) + `useEditorAI` hook. Ghost nodes use `_suggestion: true` flag. Actions route to model tiers via `settings.get_model_for_action()`. Delta responses use `[DELTA]...[/DELTA]` markers. +**78. Landing page subtitle is "AI-Powered Troubleshooting for MSPs":** Appears on login, register, and ``. Not "Decision Tree Platform". -**48. Tree orphan validation uses dynamic root ID:** Orphan check compares against `state.treeStructure?.id` (NOT hardcoded `'root'`). +**79. Custom modals must be mobile-responsive:** Use `items-end sm:items-center` + `max-w-full sm:max-w-lg`. See `Modal.tsx` and `PrepareSessionModal.tsx`. -**49. Full-stack features — verify both ends:** Check the full data flow: schema → endpoint → API client → hook → store → UI. +**80. TopBar search collapses to icon on mobile:** Full bar (`hidden sm:block`) + icon fallback (`sm:hidden`). Both open `CommandPalette`. -**50. Anthropic SDK retry:** Set `max_retries=1` to fail fast. Default `max_retries=2` can take 3× timeout. +**81. Never use `transition: all` in landing.css:** Specify exact properties. `transition: all` animates layout and causes jank. -**51. AI model tier routing:** Use `settings.get_model_for_action(action_type)`. Model IDs: use alias form (`claude-sonnet-4-6`). +**82. `bun` requires PATH setup:** `export BUN_INSTALL="$HOME/.bun" && export PATH="$BUN_INSTALL/bin:$PATH"`. Chromium deps: `libatk1.0-0 libatk-bridge2.0-0 libcups2 libxkbcommon0 libatspi2.0-0 libxcomposite1 libxdamage1 libxfixes3 libxrandr2 libgbm1 libasound2`. -**52. Mobile scroll-to-top:** Use `ref.current.scrollIntoView()`, not `window.scrollTo()`. Trigger via `useEffect`. +**84. AI session `abandoned` status is fully wired:** `POST /ai-sessions/{id}/abandon` with optional `reason`. Frontend: `aiSessionsApi.abandonSession()` → `useFlowPilotSession().abandonSession()`. -**53. Flex height chain:** Every ancestor must be a flex container for `flex-1` to work. Missing `flex` class collapses React Flow to 0 height. +**85. Date range filter end dates must use end-of-day:** Set `toDate.setHours(23, 59, 59, 999)`. For string inputs append `T23:59:59.999Z`. See `SessionHistoryPage.tsx`. -**54. React Flow CSS in Tailwind v4:** Import in `index.css`, not component JS. Override dark theme using `--xy-*` CSS custom properties. +**86. Script Builder:** `/script-builder` — `ScriptBuilderSession` model, `script_builder_service.py`, endpoints at `/scripts/builder/`. FlowPilot handoff via `action_type: "open_script_builder"` + sessionStorage context. -**55. App shell height chain:** Every wrapper between `.main-content` and canvas needs `flex` + `flex-1` + `min-h-0` or `h-full`. +**87. FlowPilot must ask GUI vs script preference:** Ask BEFORE suggesting either approach. See `FLOWPILOT_SYSTEM_PROMPT` in `flowpilot_engine.py`. -**56. Railway backend service name is `patherly`:** Production DB name is `railway`. Public Postgres proxy: `interchange.proxy.rlwy.net:45797`. +**88. Charcoal palette:** Sidebar `#0e1016`, page `#16181f`, cards `#1e2028`, borders `#2a2e3a`. All via CSS variables in `index.css` `@theme`. Accent is electric blue (#60a5fa). -**57. Node field priority:** `title` → `question` → `description` → `content` → `label`. See `copilot_service.py`. +**92. `tsc -b` in Dockerfile enforces `noUnusedLocals`/`noUnusedParameters` as hard errors.** After refactors, trace every import and destructured prop. Check IDE yellow squiggles before pushing. -**58. `scriptGeneratorStore.generate()` optional param:** Always wrap: `onClick={() => generate()}`, never `onClick={generate}`. +**93. FlowPilot actions live in the page header, not a bottom bar:** Resolve/Escalate/Share Update in header. Desktop: inline + `⋯` overflow (Pause/Close). Mobile: single `⋯`. Bottom = message input only. -**59. ConnectWise `clientId` is server-side config:** Set in `config.py` as `CW_CLIENT_ID`. Per-connection: `company_id`, `public_key`, `private_key`, `server_url`. +**94. Frontend chat uses `unified_chat_service`, not `assistant_chat_service`:** `AssistantChatPage` → `/ai-sessions/{id}/chat` → `unified_chat_service.py`. Never wire chat into `assistant_chat.py`. -**60. Dockerfile build args for Vite env vars:** Any new `VITE_*` or `VITE_PUBLIC_*` env var must be added as `ARG` + `ENV` in `frontend/Dockerfile` for Railway deploys. Railway env vars are runtime-only unless explicitly passed through as Docker build args. Without this, `import.meta.env.VITE_*` resolves to `undefined` in production builds. +**95. Image upload → AI vision:** `uploadsApi.upload()` → `upload_ids` in message → backend fetches S3 → `storage_service.resize_image_for_vision()` (Pillow, 1568px, PNG→JPEG) → base64 → Claude multimodal. Max 3 images/message. Images NOT stored in history. -**61. Procedural sessions auto-start on page load:** `ProceduralNavigationPage` calls `startSession()` immediately in `loadTree()` — there is no intake form screen or "Start" button. Variables are filled inline during execution. Troubleshooting flows DO have a start screen with ticket/client fields. Don't write tests or UI that assume a Start button on procedural flows. +**96. `bg-accent` is electric blue — never use for code/kbd.** Use `bg-code` for code blocks, `bg-white/[0.12]` for inline code/badges, `bg-white/[0.08]` for kbd. -**62. Playwright strict mode — scope selectors to avoid ambiguity:** Step titles appear in both the sidebar checklist and main content heading. Use `getByRole('heading', { name })` for the main content, or scope with `page.locator('.animate-scale-in')` for command palette items. `getByText()` frequently matches multiple elements due to the sidebar + main content layout. +**97. Railway S3 provisioned:** Bucket `resolutionflow-uploads`. Variables: `STORAGE_ENDPOINT`, `STORAGE_ACCESS_KEY`, `STORAGE_SECRET_KEY`, `STORAGE_BUCKET_NAME`, `STORAGE_REGION`. boto3 in `storage_service.py`. -**63. Node 20 required for frontend builds:** Vite 7+ requires Node 20.19+. The system Node may be v18; use nvm: `export NVM_DIR="$HOME/.nvm" && source "$NVM_DIR/nvm.sh" && nvm use 20`. For direct binary access without nvm sourcing: `PATH="$HOME/.nvm/versions/node/v20.19.0/bin:$PATH"`. +**98. `lazyWithRetry` for lazy routes:** Use instead of `React.lazy` — auto-reloads on chunk failures with 10s sessionStorage debounce. -**64. PostHog product analytics:** Initialized via `PostHogProvider` in `main.tsx` with explicit `posthog.init()` + `client` prop pattern. Event helpers in `lib/analytics.ts` — use `analytics.eventName(props)` to track. `identifyUser()` called in `authStore.fetchUser()`, `resetAnalytics()` on logout. Env vars: `VITE_PUBLIC_POSTHOG_KEY`, `VITE_PUBLIC_POSTHOG_HOST`. Autocapture enabled. +**99. `text-secondary` renders invisible on dark backgrounds:** Maps to `--color-secondary` (dark surface). Use `text-muted-foreground` (`#848b9b`) for readable secondary text. Never use `text-muted` for body text. -**65. Local Docker Compose uses `resolutionflow` database on port 5433:** Container name is `resolutionflow_postgres`, database is `resolutionflow` (not `patherly`), port mapped to `5433` (not `5432`). The `POSTGRES_PORT` env var controls this. Playwright config defaults must match: `postgresql+asyncpg://postgres:postgres@127.0.0.1:5433/resolutionflow`. +**100. Hover pop-out card pattern:** `pointer-events-none` on scrim (`z-40`), `z-50` expanded card with own `onClick`, dismiss via `onMouseLeave`. Never put handlers on scrim. -**66. Dev environment runs on Hostinger VPS (46.202.92.250), not localhost:** Code-server runs in Docker on a VPS (previously devserver01/192.168.0.9). Frontend/backend are accessed via `46.202.92.250`, not `localhost`. CORS must include the VPS IP in `CORS_ORIGINS` and `FRONTEND_URL`. Frontend `.env` must set `VITE_API_URL` to the VPS backend URL. See [DEV-ENV.md](DEV-ENV.md) for full setup, Docker config, networking, and known issues. +**101. AI marker format compliance:** `[QUESTIONS]`, `[ACTIONS]`, `[FORK]` parsed by `unified_chat_service.py`. History stores `display_content` (stripped). Each user message gets `[SYSTEM: ...]` reminder appended in `_call_anthropic_cached()`. -**67. Tree editor route is `/trees/new`:** NOT `/editor/new`. Check `router.tsx` line 156 for the canonical path. Use `getTreeEditorPath()` from `@/lib/routing` when navigating programmatically. +**102. TaskLane activation must happen in ALL chat response paths:** Three paths in `AssistantChatPage.tsx` — `handleSend`, `sendPrefill`, `handleResumeNew`. All must check `response.actions`/`response.questions` and call `setShowTaskLane(true)`. -**68. APScheduler jobs need `max_instances=1`:** Without it, overlapping scheduler runs can process the same records twice (TOCTOU race). Always set `max_instances=1` on interval jobs in `main.py`. +**103. Docker not available in code-server:** Use VPS SSH: `docker exec resolutionflow_postgres psql -U postgres -d resolutionflow -t -c "SQL"`. Python also not available in container. -**69. PostgreSQL `func.sum(case(...))` returns `Decimal` via asyncpg:** Cast to `int()` before storing in Pydantic `dict[str, Any]` fields, or JSON serialization may produce unexpected types. +**104. `landing.css` uses `--lp-*` variables:** Never use `var(--color-*)` tokens in `landing.css`. Extend the `--lp-*` palette for new landing page colors. -**70. Toast library uses `toast.warning()` not `toast.warn()`:** Import from `@/lib/toast`. Methods: `success`, `error`, `warning`, `info`. See `frontend/src/lib/toast.ts`. +**105. `npm run build` fails with `EACCES` on `dist/` in code-server:** Use `npx tsc -b` to verify TypeScript without writing to `dist/`. -**71. Enhancement/branch_addition proposals cannot be directly approved:** Backend returns 400 — they require `modified_flow_data` via "Edit & Publish" flow. Only `new_flow` proposals support direct approve. +**106. Guard async "select item → load data → apply state" flows:** Use `currentSelectionRef = useRef(id)` — update on every switch, bail after each `await` if ref no longer matches. See `AssistantChatPage.tsx` `currentChatRef`. -**72. `ai_sessions.status` column is `VARCHAR(30)`:** Must fit `requesting_escalation` (23 chars). If adding new status values, verify length. Migration `f0aad74ea51b` widened from 20→30. +**107. Startup routines use `_admin_session_factory()`:** RLS is enabled; `get_db()` at startup has no `app.current_account_id`, so queries return 0 rows. Affects lifespan, `ensure_service_account`, seed scripts. -**73. `get_db` rolls back on exception:** The dependency does `await session.rollback()` on error to prevent `InFailedSQLTransaction` cascade. Never remove this — without it, one failed request poisons subsequent requests on the same connection. +**108. Tables with no `account_id` (never add to RLS migrations):** `script_categories`, `platform_steps`, `template_trees`, `plan_feature_defaults`, `accounts`. Scan at class level, not file level — one `.py` file can have multiple classes with different columns. -**74. FlowPilot action bar height chain:** The action bar (Resolve/Escalate/Pause) requires every ancestor from `app-shell` grid down to have proper flex constraints. Key fix: `ViewTransitionOutlet` wrapper needs `flex flex-col`. If action bar disappears, check height chain with DevTools `getBoundingClientRect()` walk. +**109. `tree_shares.account_id` must equal `tree.account_id`:** Use tree owner's tenant, not the actor's. Cross-tenant admin shares become invisible after RLS enforcement. -**75. Dashboard prefill auto-submits:** `StartSessionInput` navigates to `/pilot` or `/assistant` with `{ state: { prefill } }`. `FlowPilotSessionPage` auto-submits via `useEffect` + `prefillHandledRef` guard — no double-enter. `AssistantChatPage` does the same pattern. +**110. Backfill `account_id` migrations require service-code audit:** Grep all `ModelClass(` sites, verify `account_id=` is passed. SQLAlchemy accepts `None` silently; RLS WITH CHECK surfaces it at runtime as `InsufficientPrivilegeError`. -**76. Active session navigation guard:** `FlowPilotSessionPage` uses `useBlocker` (same as `TreeEditorPage`) to intercept navigation during active sessions. "Pause & Leave" auto-pauses before proceeding. - -**77. Prefer manual Alembic migrations for targeted changes:** `alembic revision --autogenerate` picks up drift from all tables. For single-column fixes, use `alembic revision -m "desc"` and write `op.alter_column()` manually. - -**78. Landing page subtitle is "AI-Powered Troubleshooting for MSPs":** Not "Decision Tree Platform". This tagline appears on login, register, and the HTML `<title>`. The old "Decision Tree Platform" was internal jargon misaligned with user-facing branding. - -**79. Custom modals must be mobile-responsive:** Use `items-end sm:items-center` (bottom-sheet on mobile, centered on desktop) and `max-w-full sm:max-w-lg` (full-width on mobile). The shared `Modal.tsx` does this correctly — custom modal implementations must follow the same pattern. See `PrepareSessionModal.tsx` for the fix pattern. - -**80. TopBar search collapses to icon on mobile:** Full search bar (`hidden sm:block`) shows on desktop; magnifying glass icon button (`sm:hidden`) shows on mobile (<640px). Both open the same CommandPalette. Don't add `w-full` search bar without the mobile icon fallback. - -**81. Never use `transition: all` in landing.css:** Specify exact properties: `transition: background 0.3s, border-color 0.3s, box-shadow 0.3s, transform 0.3s, opacity 0.3s`. `transition: all` animates layout properties and causes jank. - -**82. `bun` requires PATH setup on devserver01:** `export BUN_INSTALL="$HOME/.bun" && export PATH="$BUN_INSTALL/bin:$PATH"`. The gstack browse binary and Playwright need this. Chromium system deps: `libatk1.0-0 libatk-bridge2.0-0 libcups2 libxkbcommon0 libatspi2.0-0 libxcomposite1 libxdamage1 libxfixes3 libxrandr2 libgbm1 libasound2`. - -**83. ~~FlowPilot ActionBar fixed bottom~~ (Superseded by Lesson 93):** Actions moved to the page header. `FlowPilotActionBar` component exists but is no longer used in the main session flow. The only fixed-bottom element is the message input. - -**84. AI session `abandoned` status is fully wired:** `POST /ai-sessions/{id}/abandon` sets status to `abandoned` with optional `reason` param. Frontend: `aiSessionsApi.abandonSession()`, `useFlowPilotSession().abandonSession()`, "Close" button in `FlowPilotActionBar`. Redirects to `/sessions` after closing. - -**85. Date range filter end dates must use end-of-day:** `toDate.toISOString()` sends midnight (start of day), excluding items created later that day. Always set `toDate.setHours(23, 59, 59, 999)` before sending. For string-based date inputs (AI sessions), append `T23:59:59.999Z`. See `SessionHistoryPage.tsx`. - -**86. Script Builder system:** AI-powered script generation at `/script-builder`. Chat-style interface generates PowerShell/Bash/Python scripts from natural language. Backend: `ScriptBuilderSession` model, `script_builder_service.py`, endpoints at `/scripts/builder/`. Frontend: `ScriptBuilderPage`, `ScriptCodeBlock`, `ScriptPreviewModal`, `SaveToLibraryDialog`. FlowPilot can hand off to Script Builder via `action_type: "open_script_builder"` with `sessionStorage` context passing. - -**87. FlowPilot must ask GUI vs script preference:** When a task can be done via GUI or script (e.g., creating AD users), FlowPilot must ask the engineer which approach they prefer BEFORE suggesting either. Never assume the user wants a script. See `FLOWPILOT_SYSTEM_PROMPT` rules in `flowpilot_engine.py`. - -**88. Charcoal palette — sidebar-darkest approach:** Sidebar `#0e1016`, page `#16181f`, cards `#1e2028`, borders `#2a2e3a`. This gives more contrast range than true-dark. All colors via CSS variables in `index.css` `@theme` block. Accent is electric blue (#60a5fa), not orange or cyan. - -*(Lessons 89–91 were retracted.)* - -**92. `tsc -b` in Dockerfile is stricter than `npx tsc --noEmit`:** The production build (`tsc -b && vite build`) enforces `noUnusedLocals` and `noUnusedParameters` as hard errors. After any refactor that moves logic between components or removes features, trace every import and destructured prop to remove orphans. IDE warnings (yellow squiggles) flag these — check them before pushing. - -**93. FlowPilot actions live in the page header, not a bottom bar:** `FlowPilotSessionPage` renders Resolve/Escalate/Share Update in the header bar. Desktop: inline buttons + `⋯` overflow (Pause/Close). Mobile: single `⋯` menu. The bottom only has the message input. `FlowPilotActionBar` component still exists but is no longer used in the main session flow. - -**94. Frontend chat uses unified_chat_service, not assistant_chat_service:** `AssistantChatPage` calls `/ai-sessions/{id}/chat` → `unified_chat_service.py`. The old `assistant_chat_service` endpoints were removed (only retention settings remain at `/assistant/retention`). When tracing chat features, start from `aiSessionsApi.sendChatMessage` → `ai_sessions.py` → `unified_chat_service.py`. Never wire chat features into `assistant_chat.py`. - -**95. Image upload → AI vision pipeline:** Paste/attach images → upload to Railway S3 bucket via `uploadsApi.upload()` → send `upload_ids` with chat message → backend fetches from S3 via `storage_service.download_file()` → resized via `storage_service.resize_image_for_vision()` (Pillow, 1568px max, PNG→JPEG) → base64-encoded → sent as Claude multimodal content blocks. Max 3 images/message. Images are NOT stored in conversation history (text-only). Vision helpers live in `storage_service.py`. - -**96. `bg-accent` is electric blue — never use for code/kbd elements:** In Tailwind v4, `bg-accent` maps to `--color-accent: #60a5fa` (dark) / `#2563eb` (light). Use `bg-code` for code blocks, `bg-white/[0.12] border border-white/[0.06]` for inline code/badges, `bg-white/[0.08]` for kbd shortcuts. Blue accent is reserved for interactive elements only (buttons, active nav, links). Ember orange (#f97316) is deprecated — do not use. - -**97. Railway Object Storage (S3 bucket) is provisioned:** Bucket `resolutionflow-uploads` on Railway canvas. Variables: `STORAGE_ENDPOINT`, `STORAGE_ACCESS_KEY`, `STORAGE_SECRET_KEY`, `STORAGE_BUCKET_NAME`, `STORAGE_REGION` — mapped via variable references on the `patherly` backend service. Accessed via boto3 in `storage_service.py`. Pillow (`Pillow>=10.0.0`) + `libjpeg-dev`/`zlib1g-dev` in Dockerfile for image resize. - -**98. `lazyWithRetry` for stale chunk errors:** All lazy-loaded routes use `lazyWithRetry` from `@/lib/lazyWithRetry.ts` instead of `React.lazy`. Auto-reloads the page on chunk load failures (stale deploys). Uses sessionStorage debounce (10s) to prevent loops. When adding new lazy routes, use `lazyWithRetry`, not `lazy`. - -**99. Tailwind v4 `text-secondary` renders invisible on dark backgrounds:** `text-secondary` maps to `--color-secondary: #2e3140` (a dark surface color), NOT `--color-text-secondary`. For readable secondary text, use `text-muted-foreground` (`#848b9b`). Also avoid `text-muted` (`#4f5666`) for body text — it's for labels only. This applies to ALL new components. - -**100. Hover pop-out card pattern:** For cards that expand on hover "in front of everything": use `pointer-events-none` on the scrim (`fixed inset-0 z-40 bg-black/30`), absolute-position the expanded card at `z-50` with its own `onClick` handler, and dismiss via `onMouseLeave` on the wrapper div. Never put interactive event handlers on the scrim — it blocks clicks on sibling elements. - -**101. AI marker format compliance:** The AI assistant uses `[QUESTIONS]`, `[ACTIONS]`, and `[FORK]` markers in responses. Parsed by `unified_chat_service.py` (`_parse_*_marker` functions), returned as structured data in the API response. System prompt in `assistant_chat_service.py` has a final reminder section, and each user message gets an invisible `[SYSTEM: ...]` reminder appended in `_call_anthropic_cached()`. If markers stop appearing: check conversation history stores `display_content` (stripped), verify system prompt final reminder exists, check user message reminder injection is active. - -**102. TaskLane activation must happen in ALL chat response paths:** `AssistantChatPage.tsx` has three code paths calling `sendChatMessage`: `handleSend` (regular messages), `sendPrefill` (dashboard handoff), `handleResumeNew` (resume from concluded session). ALL three must check `response.actions`/`response.questions` and call `setShowTaskLane(true)`. Missing this in any path causes TaskLane to not appear on first message. - -**103. Docker not available in code-server container:** The dev environment runs code-server inside Docker on the VPS. The `docker` CLI is not available inside the code-server container. To query the database, use the VPS SSH session: `docker exec resolutionflow_postgres psql -U postgres -d resolutionflow -t -c "SQL"`. Python is also not available in the container. - -**104. `landing.css` uses self-contained `--lp-*` color variables:** The landing page defines its own color palette at the top of `landing.css` (`--lp-bg`, `--lp-accent`, `--lp-text-*`, etc.). Never use `var(--color-*)` theme tokens in `landing.css` — they may resolve incorrectly outside the app shell context. Extend the `--lp-*` palette for any new landing page colors. - -**105. `npm run build` fails with `EACCES: permission denied` on `dist/` in code-server:** This is a filesystem permission issue in the Docker environment, not a TypeScript error — the TS compilation completes successfully. Use `npx tsc -b` to verify TypeScript cleanly without needing to write to `dist/`. - -**106. Guard async "select item → load data → apply state" flows with a ref:** When a component lets the user switch between items (chat sessions, flows, scripts) and loads data asynchronously on each switch, the load for item A can complete *after* the user has already switched to item B — overwriting B's state with A's stale data. Fix pattern: keep a `currentSelectionRef = useRef(initialId)` and update it synchronously whenever the selection changes (in every creation/switch path). After every `await`, bail out if `currentSelectionRef.current !== thisItemId`. See `AssistantChatPage.tsx` `selectChat` for the reference implementation (`currentChatRef`). - -**107. Startup routines must use `_admin_session_factory()` after Phase 4 RLS:** Any code that runs at startup (lifespan, `ensure_service_account`, seed scripts) and touches tenant-isolated tables (`users`, etc.) must use `_admin_session_factory()` — not `get_db()`. Phase 4 enabled RLS on `users`; a tenant-scoped session has no `app.current_account_id` set at startup, so all queries return 0 rows or fail. `get_service_account_id` in `deps.py` is safe — it reads from `app.state` cached at startup, never hits the DB per-request. - -**108. Tables with no `account_id` column (never add to RLS migrations):** `script_categories`, `platform_steps`, `template_trees`, `plan_feature_defaults`, `accounts` — global/platform tables documented with "No account_id. No RLS." in their model files. When writing RLS migrations, scan at the class level (check for `account_id: Mapped` within the class block), not the file level — multiple classes in one `.py` file can have different columns (e.g. `ScriptCategory` vs `ScriptTemplate` in `script_template.py`). - -**109. `tree_shares.account_id` must equal `tree.account_id`, not the actor's account:** When creating a `TreeShare`, always use `account_id=tree.account_id` (tree owner's tenant). A super admin in tenant A sharing tenant B's tree must produce a share row in tenant B's RLS context — using `current_user.account_id` instead makes the share invisible to the tree owner after RLS is enforced. - -**110. Backfill migrations for `account_id` require a service-code audit:** When a migration adds `account_id` to an existing model via backfill (nullable → backfill → NOT NULL), grep for ALL `ModelClass(` instantiation sites in service code and verify `account_id=` is passed. SQLAlchemy accepts `None` silently with no warning; Phase 4 RLS WITH CHECK only surfaces the problem at runtime as `InsufficientPrivilegeError: new row violates row-level security policy`. Fixed example: `AISessionStep` — all 5 creation sites in `flowpilot_engine.py` were missing `account_id` until April 2026. - -**111. Global Axios interceptor fires before component `.catch()` — fix optional-data endpoints at the source:** The global 5xx handler in `client.ts` fires for ALL non-401 5xx responses, even when a component does `.catch(() => {})`. If an endpoint returns optional UI data (e.g., board filters, PSA config), return `[]` / `{}` on provider failure rather than raising 502. Silencing the error in the component is not enough — the toast appears anyway. See `list_boards` in `integrations.py` for the fixed pattern. +**111. Global Axios interceptor fires before component `.catch()`:** Fix optional-data endpoints at the source — return `[]`/`{}` on provider failure instead of raising 502. See `list_boards` in `integrations.py`. ## RBAC & Permissions - **Role hierarchy:** super_admin > team_admin > engineer > viewer - **Team Admin:** `role='engineer'` + `is_team_admin=True` + valid `team_id` -- **Backend deps:** `get_current_active_user(user, db)` (any active + auto-downgrades expired trials), `require_engineer_or_admin` (blocks viewers), `require_admin` (super admin only) +- **Backend deps:** `get_current_active_user`, `require_engineer_or_admin` (blocks viewers), `require_admin` (super admin only) - **Never use** `role == "admin"` — use `is_super_admin` instead - **Frontend:** `usePermissions()` hook for all permission checks - **Centralized:** `backend/app/core/permissions.py`, `frontend/src/hooks/usePermissions.ts` @@ -397,18 +276,16 @@ cd backend && pip install httpx && python -m scripts.seed_trees ## Design System -**Source of truth:** [DESIGN-SYSTEM.md](DESIGN-SYSTEM.md) — always read this before making visual or UI decisions. +**Source of truth:** [DESIGN-SYSTEM.md](DESIGN-SYSTEM.md) — always read before visual/UI decisions. -- **Theme:** Flat, high-contrast dark theme (Sentry/PostHog-inspired). No glass morphism, no backdrop blur, no ambient orbs, no gradient backgrounds on surfaces. Light mode fully specified (v6). +- **Theme:** Flat, high-contrast dark (Sentry/PostHog-inspired). No glass morphism, no backdrop blur, no gradients on surfaces. Fonts: IBM Plex Sans (body), Bricolage Grotesque (headings), JetBrains Mono (code). - **Backgrounds:** `bg-page` (`#16181f`), `bg-sidebar` (`#0e1016`), `bg-card` (`#1e2028`), `bg-elevated` (`#2a2d38`) -- **Cards:** `bg-card` with 1px `border-default` (`#2a2e3a`), 8px radius. No shadows, no blur, no gradients. Hover: `border-hover` (`#3d4252`) -- **Buttons:** Primary: solid `accent` (#60a5fa dark / #2563eb light), white text, 5px radius. Ghost: transparent + 1px border, hover `bg-elevated` -- **Inputs:** `bg-input` (`#252830`) with 1px `border-default`, 5px radius. Focus: `border-color: accent` + `box-shadow: 0 0 0 2px accent-dim` -- **Text:** `text-heading` (`#f0f2f5`) → `text-primary` (`#e2e5eb`) → `text-muted-foreground` (`#848b9b`) → `text-muted` (`#4f5666`). NEVER use `text-secondary` — in Tailwind v4 it maps to a surface color, not a text color. -- **Borders:** `border-default` (`#2a2e3a`), `border-hover` (`#3d4252`) -- **Functional colors:** `#34d399` (success), `#fbbf24` (warning/amber), `#f87171` (danger), `#67e8f9` (info/cyan) — each with `-dim` variant at 10% opacity -- **Accent:** Electric blue `#60a5fa` (dark) / `#2563eb` (light) — used sparingly (≤5% of UI). `accent-dim` = `rgba(96,165,250,0.10)`, `accent-text` = `#93c5fd` -- **Deprecated:** Do NOT use `glass-card`, `glass-stat`, `bg-gradient-brand`, `text-gradient-brand`, `backdrop-filter: blur()`, ambient orbs, purple gradients, ember orange (`#f97316`), or cyan (`#22d3ee`) as accent — cyan is now the info color only +- **Cards:** `bg-card` + 1px `border-default` (`#2a2e3a`), 8px radius. Hover: `border-hover` (`#3d4252`) +- **Buttons:** Primary: solid `accent` (#60a5fa / #2563eb), white text, 5px radius. Ghost: transparent + 1px border. +- **Inputs:** `bg-input` (`#252830`) + 1px `border-default`, 5px radius. Focus: `border-color: accent` + `box-shadow: 0 0 0 2px accent-dim` +- **Text:** `text-heading` → `text-primary` → `text-muted-foreground` (`#848b9b`). **NEVER `text-secondary`** — maps to a dark surface color. +- **Functional colors:** `#34d399` success, `#fbbf24` warning, `#f87171` danger, `#67e8f9` info — each has `-dim` at 10% opacity +- **Deprecated:** No `glass-card`, `backdrop-filter: blur()`, ambient orbs, ember orange (`#f97316`), or cyan as accent --- @@ -416,23 +293,21 @@ cd backend && pip install httpx && python -m scripts.seed_trees - **Component guidelines:** Use `cn()` from `@/lib/utils`, Lucide icons (wrap in `<span>` for title), modals with fixed header/footer - **Type organization:** Create in `types/`, export from `types/index.ts`, import with `import type { T } from '@/types'` -- **Scratchpad overlay:** `position: fixed`, `onOpenChange` callback for parent padding adjustment, `right-2` positioning -- **Custom step flow:** `CustomStepModal` → `PostStepActionModal` → `ContinuationModal` → custom step view. Key state: `pendingStep`, `pendingContinuationNodeId`, `customBranchMode`, `branchOriginNodeId`. Use `findCustomStep()` not `findNode()` for custom step UUIDs. -- **Session sharing:** `ShareSessionModal` manages share links, `SharedSessionPage` renders public/account views. Helper utils in `lib/sessionShare.ts`. Share URLs use `/shared/sessions/:token`. -- **Procedural navigation:** `ProceduralNavigationPage` handles intake forms, step-by-step execution, and resume via `location.state.sessionId`. Uses `StepChecklist`, `StepDetail`, `ProgressBar`, `CompletionSummary` components. +- **Custom step flow:** `CustomStepModal` → `PostStepActionModal` → `ContinuationModal`. Use `findCustomStep()` not `findNode()` for custom step UUIDs. +- **Session sharing:** `ShareSessionModal` + `SharedSessionPage`. Utils in `lib/sessionShare.ts`. Share URLs: `/shared/sessions/:token`. - **Routing helper:** Use `getTreeNavigatePath()` and `getTreeEditorPath()` from `@/lib/routing` for all tree/session navigation. -- **Account section layout:** `AccountLayout` has NO sidebar nav. Account sub-pages (categories, target-lists) are reached via link cards on `AccountSettingsPage.tsx`. New account pages: add route in `router.tsx` under `account` children + add a link card in `AccountSettingsPage`. -- **Dashboard cockpit:** `QuickStartPage` is the copilot-first launchpad. Greeting + "What are you troubleshooting?" + ChatGPT-style `StartSessionInput` (auto-growing textarea, paste images, drag-drop files, attach button, paste logs, suggestion chips). Below: `PendingEscalations`, `ActiveFlowPilotSessions`, `RecentFlowPilotSessions`. Collapsible "Dashboard" section for `PerformanceCards`, `KnowledgeBaseCards`, `TeamSummary`. -- **Sidebar sections:** Amber "New Session" button → Home → RESOLVE (History) → KNOWLEDGE (Flows with Solutions Library sub-item, Scripts) → INSIGHTS (Data). Footer: Account, Pin/Unpin. No help/guides/feedback in sidebar — accessible via TopBar. +- **Account section:** `AccountLayout` has NO sidebar nav. New account pages: route under `account` children in `router.tsx` + link card in `AccountSettingsPage`. +- **Dashboard cockpit:** `QuickStartPage` — `StartSessionInput` + `PendingEscalations`, `ActiveFlowPilotSessions`, `RecentFlowPilotSessions`. Collapsible section for `PerformanceCards`, `KnowledgeBaseCards`, `TeamSummary`. +- **Sidebar:** Amber "New Session" → Home → RESOLVE → KNOWLEDGE (Flows, Scripts) → INSIGHTS. Footer: Account, Pin/Unpin. --- ## Common Tasks - **New endpoint:** Create in `endpoints/` → add to `router.py` → schema in `schemas/` → tests → frontend API client -- **New page:** Create in `pages/` → add route in `router.tsx` → nav link in `AppLayout.tsx` -- **New public route (no auth):** Add at top level in `router.tsx` alongside `/login`, `/register` — NOT inside the `ProtectedRoute`/`AppLayout` children. -- **Schema change:** Update model → `alembic revision --autogenerate -m "desc" --rev-id=NNN` (NNN = next sequential number, e.g., 068 → 069) → review → `alembic upgrade head` +- **New page:** Create in `pages/` → route in `router.tsx` → nav link in `AppLayout.tsx` +- **New public route:** Add at top level in `router.tsx` (alongside `/login`) — NOT inside `ProtectedRoute`/`AppLayout` +- **Schema change:** Update model → `alembic revision -m "desc"` (no `--rev-id`) → review → `alembic upgrade head` - **New frontend API module:** Types in `types/` → export from `types/index.ts` → client in `api/` → export from `api/index.ts` --- @@ -440,80 +315,41 @@ cd backend && pip install httpx && python -m scripts.seed_trees ## Coding Standards ### Python - -- Type hints everywhere, async/await for DB, Pydantic for validation, `DateTime(timezone=True)` always +Type hints everywhere, async/await for DB, Pydantic validation, `DateTime(timezone=True)` always. ### TypeScript - -- Interfaces for all data, `const` over `let`, functional components + hooks, reusable logic in custom hooks +Interfaces for all data, `const` over `let`, functional components + hooks. ### Git - - Format: `type: description` (feat, fix, refactor, docs, test, chore) - Always include `Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>` -- Always create feature branch BEFORE committing: `git checkout -b feat/feature-name` -- Large features: commit per phase with `npm run build` validation -- **Remote is Gitea, not GitHub directly:** Push to `gitea.resolutionflow.com/chihlasm/resolutionflow`. Gitea auto-mirrors to GitHub via `.gitea/workflows/mirror-to-github.yml` — never push directly to GitHub. +- Create feature branch BEFORE committing: `git checkout -b feat/feature-name` +- **Remote is Gitea:** Push to `gitea.resolutionflow.com/chihlasm/resolutionflow`. Mirrors to GitHub via `.gitea/workflows/mirror-to-github.yml` — never push directly to GitHub. ### After Completing Work - -When a feature, fix, or significant piece of work is finished and merged/committed: - -1. **Update `CURRENT-STATE.md`** — move completed items, update "In Progress" and "What's Next" sections -2. **Update `03-DEVELOPMENT-ROADMAP.md`** — check off completed work, update phase status -3. **Close related GitHub Issues** — use `gh issue close #N` for any issues resolved by the work -4. **Update `CLAUDE.md`** if the work introduced new patterns, lessons learned, or changed project structure +1. Update `CURRENT-STATE.md` +2. Update `03-DEVELOPMENT-ROADMAP.md` +3. Close related GitHub Issues: `gh issue close #N` +4. Update `CLAUDE.md` if new patterns or lessons emerged --- ## gstack (Browser & Workflow Skills) -**Web browsing:** Always use the `/browse` skill from gstack for all web browsing needs. Never use `mcp__claude-in-chrome__*` tools. +**Web browsing:** Always use `/browse`. Never use `mcp__claude-in-chrome__*` tools. -**Available skills:** - -| Skill | Purpose | -|-------|---------| -| `/office-hours` | Brainstorm new ideas (YC-style office hours) | -| `/plan-ceo-review` | CEO/founder-mode plan review (scope, ambition) | -| `/plan-eng-review` | Engineering plan review (architecture, edge cases) | -| `/plan-design-review` | Design plan review (UI/UX critique) | -| `/design-consultation` | Create a design system / DESIGN.md | -| `/review` | Pre-landing PR code review | -| `/ship` | Ship workflow (tests, review, PR creation) | -| `/browse` | Headless browser for QA testing and site dogfooding | -| `/qa` | Systematic QA testing + auto-fix bugs found | -| `/qa-only` | QA report only (no fixes) | -| `/design-review` | Visual QA — find and fix design inconsistencies | -| `/setup-browser-cookies` | Import cookies from real browser for authenticated testing | -| `/retro` | Weekly engineering retrospective | -| `/investigate` | Systematic debugging with root cause analysis | -| `/document-release` | Post-ship documentation updates | -| `/codex` | Second opinion via OpenAI Codex CLI | -| `/careful` | Safety guardrails for destructive commands | -| `/freeze` | Restrict edits to a specific directory | -| `/guard` | Full safety mode (careful + freeze) | -| `/unfreeze` | Remove edit restrictions | -| `/gstack-upgrade` | Upgrade gstack to latest version | +**Skills:** `/office-hours` · `/plan-ceo-review` · `/plan-eng-review` · `/plan-design-review` · `/design-consultation` · `/review` (PR review) · `/ship` · `/browse` (headless QA) · `/qa` (QA + fix) · `/qa-only` · `/design-review` (visual QA) · `/setup-browser-cookies` · `/retro` · `/investigate` · `/document-release` · `/codex` · `/careful` · `/freeze` · `/unfreeze` · `/guard` · `/gstack-upgrade` --- ## Deployment (Railway) - **Production:** `resolutionflow.com` (frontend), `api.resolutionflow.com` (backend) -- Auto-deploys via: push to Gitea → Gitea mirrors to GitHub → Railway watches GitHub `main` and deploys -- PR environments auto-created (need manual domain generation in Railway dashboard) -- PR envs need `VITE_API_URL` set with `https://` prefix on frontend service +- Deploy pipeline: push to Gitea → mirrors to GitHub → Railway watches `main` +- PR envs: need manual domain generation + `VITE_API_URL` with `https://` prefix - `ALLOW_RAILWAY_ORIGINS=true` enables CORS for `*.up.railway.app` -- Shared Variables (project-level in Railway dashboard) auto-propagate to all environments including PR envs — use for secrets like `ANTHROPIC_API_KEY` -- Super admin utility: `backend/make_superadmin_simple.py list|<email>` - ---- - -## Future Roadmap - -- **Phase 3:** PSA integrations (ConnectWise in progress), file attachments, client context, analytics -- **Phase 4:** Additional PSA integrations (Autotask/Kaseya), PowerShell automation, enterprise SSO +- Shared Variables auto-propagate to all PR envs — use for `ANTHROPIC_API_KEY` etc. +- Super admin: `backend/make_superadmin_simple.py list|<email>` --- @@ -521,13 +357,12 @@ When a feature, fix, or significant piece of work is finished and merged/committ | What | Where | |------|-------| -| API Docs | <http://localhost:8000/api/docs> | +| API Docs | http://localhost:8000/api/docs | | Detailed Status | [CURRENT-STATE.md](CURRENT-STATE.md) | | Development Roadmap | [03-DEVELOPMENT-ROADMAP.md](03-DEVELOPMENT-ROADMAP.md) | | GitHub Issues | `gh issue list --state open` | -| Bugs & Fixes | CLAUDE.md → Critical Lessons Learned section | | Design System | [DESIGN-SYSTEM.md](DESIGN-SYSTEM.md) | -| Dev Environment | [DEV-ENV.md](DEV-ENV.md) — 46.202.92.250 setup, Docker, CORS, networking | +| Dev Environment | [DEV-ENV.md](DEV-ENV.md) — VPS setup, Docker, CORS, networking | <!-- gitnexus:start --> diff --git a/VERSION b/VERSION new file mode 100644 index 00000000..482e997a --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.1.0.0 diff --git a/docs/LESSONS-ARCHIVE.md b/docs/LESSONS-ARCHIVE.md index d5c04d06..94995335 100644 --- a/docs/LESSONS-ARCHIVE.md +++ b/docs/LESSONS-ARCHIVE.md @@ -1,4 +1,4 @@ -# Lessons Archive (1-40) +# Lessons Archive (1-70) > These lessons were originally in CLAUDE.md. They've been archived because the fixes are now baked into the codebase. Consult this file if you encounter a regression in any of these areas. @@ -81,3 +81,67 @@ **39. Platform settings for feature toggles:** Use `SettingsManager.get("key", db, default=True)`. **40. Survey public routes:** Add at top level in `router.tsx` alongside `/login`. + +--- + +## Archived Lessons (41-70) + +**41. Assistant chat uses local React state, not Zustand:** `AssistantChatPage.tsx` uses `useState` for `chats`, `messages`, `input`, `loading`. No store. + +**42. Public pages use raw `fetch()`, not `apiClient`:** Survey, shared sessions, and no-auth pages use `fetch()` with full URL. `apiClient` requires auth tokens. + +**43. Adding new email types:** Add static async method to `EmailService` in `core/email.py`. Fire-and-forget from endpoints (log errors, don't fail). + +**44. AI Chat Builder is flow-type-aware:** `ai_chat_service.py` dispatches by `flow_type`. Troubleshooting: `[TREE_UPDATE]` markers. Procedural: `[STEPS_UPDATE]` markers. Both support `[METADATA]`. + +**45. Intake form field schema:** Uses `variable_name` and `field_type` (NOT `name` and `type`). + +**46. `CreateFlowDropdown` uses `AIPromptDialog`:** Opens prompt modal, starts AI session, generates flow, navigates to editor with `{ state: { aiPanelOpen: true, sessionId } }`. + +**47. Editor-Embedded Flow Assist:** `EditorAIPanel` (320px side panel) + `useEditorAI` hook. Ghost nodes use `_suggestion: true` flag. Delta responses use `[DELTA]...[/DELTA]` markers. + +**48. Tree orphan validation uses dynamic root ID:** Orphan check compares against `state.treeStructure?.id` (NOT hardcoded `'root'`). + +**49. Full-stack features — verify both ends:** schema → endpoint → API client → hook → store → UI. + +**50. Anthropic SDK retry:** Set `max_retries=1` to fail fast. Default `max_retries=2` can take 3× timeout. + +**51. AI model tier routing:** Use `settings.get_model_for_action(action_type)`. Model IDs: alias form (`claude-sonnet-4-6`). + +**52. Mobile scroll-to-top:** Use `ref.current.scrollIntoView()`, not `window.scrollTo()`. Trigger via `useEffect`. + +**53. Flex height chain:** Every ancestor must be a flex container for `flex-1` to work. Missing `flex` class collapses React Flow to 0 height. + +**54. React Flow CSS in Tailwind v4:** Import in `index.css`, not component JS. Override dark theme using `--xy-*` CSS custom properties. + +**55. App shell height chain:** Every wrapper between `.main-content` and canvas needs `flex` + `flex-1` + `min-h-0` or `h-full`. + +**56. Railway backend service name is `patherly`:** Production DB name is `railway`. Public Postgres proxy: `interchange.proxy.rlwy.net:45797`. + +**57. Node field priority:** `title` → `question` → `description` → `content` → `label`. See `copilot_service.py`. + +**58. `scriptGeneratorStore.generate()` optional param:** Always wrap: `onClick={() => generate()}`, never `onClick={generate}`. + +**59. ConnectWise `clientId` is server-side config:** Set in `config.py` as `CW_CLIENT_ID`. Per-connection: `company_id`, `public_key`, `private_key`, `server_url`. + +**60. Dockerfile build args for Vite env vars:** Any new `VITE_*` var must be added as `ARG` + `ENV` in `frontend/Dockerfile`. Railway env vars are runtime-only without this; `import.meta.env.VITE_*` resolves to `undefined` in production builds. + +**61. Procedural sessions auto-start on page load:** `ProceduralNavigationPage` calls `startSession()` immediately in `loadTree()` — no intake form screen or "Start" button. Variables filled inline. Troubleshooting flows DO have a start screen. + +**62. Playwright strict mode — scope selectors:** Step titles appear in both sidebar and main heading. Use `getByRole('heading', { name })` for main content. + +**63. Node 20 required for frontend builds:** `export NVM_DIR="$HOME/.nvm" && source "$NVM_DIR/nvm.sh" && nvm use 20`. Or: `PATH="$HOME/.nvm/versions/node/v20.19.0/bin:$PATH"`. + +**64. PostHog product analytics:** `PostHogProvider` in `main.tsx`. Event helpers in `lib/analytics.ts`. `identifyUser()` in `authStore.fetchUser()`, `resetAnalytics()` on logout. Env vars: `VITE_PUBLIC_POSTHOG_KEY`, `VITE_PUBLIC_POSTHOG_HOST`. + +**65. Local Docker Compose uses `resolutionflow` database on port 5433:** Container `resolutionflow_postgres`, DB `resolutionflow` (not `patherly`), port `5433`. Playwright config defaults must match. + +**66. Dev environment runs on Hostinger VPS (46.202.92.250):** CORS must include VPS IP in `CORS_ORIGINS` and `FRONTEND_URL`. See DEV-ENV.md. + +**67. Tree editor route is `/trees/new`:** NOT `/editor/new`. Use `getTreeEditorPath()` from `@/lib/routing`. + +**68. APScheduler jobs need `max_instances=1`:** Without it, overlapping runs can process the same records twice (TOCTOU race). + +**69. PostgreSQL `func.sum(case(...))` returns `Decimal` via asyncpg:** Cast to `int()` before storing in Pydantic `dict[str, Any]` fields. + +**70. Toast library uses `toast.warning()` not `toast.warn()`:** Import from `@/lib/toast`. Methods: `success`, `error`, `warning`, `info`. diff --git a/docs/connectwise/CW_Security_Roles/README.md b/docs/connectwise/CW_Security_Roles/README.md new file mode 100644 index 00000000..28c12dff --- /dev/null +++ b/docs/connectwise/CW_Security_Roles/README.md @@ -0,0 +1,63 @@ +# ConnectWise integration docs + +Reference material for ResolutionFlow's ConnectWise Manage integration. +This folder pairs a **human-editable source** (the XLSX) with two +**generated artifacts** (YAML + Markdown). Code reads the YAML; humans +read the Markdown; edits happen in the XLSX. + +## Files + +| File | Role | Edit? | +|------|------|-------| +| `api-member-security-roles.md` | Human-readable reference — browse on GitHub, link in PRs, onboard new contributors. | Generated — do not edit | +| `api-member-security-roles.yaml` | Machine-readable source of truth — imported by integration code, queried by Claude Code when writing permission checks. | Generated — do not edit | +| `source/Security_Roles_Matrix_11132017.xlsx` | Canonical source. The matrix as published by ConnectWise (with any corrections we've applied). | Yes — this is the editing surface | +| `source/generate_role_docs.py` | Regenerates the YAML and Markdown from the XLSX. Deterministic. | Only if the matrix schema itself changes | +| `source/requirements.txt` | Python deps for the generator (`openpyxl`, `PyYAML`). | Only when bumping deps | + +## Regeneration workflow + +After editing the XLSX: + +```bash +cd docs/integrations/connectwise/source +pip install -r requirements.txt +python generate_role_docs.py \ + --source Security_Roles_Matrix_11132017.xlsx \ + --out-yaml ../api-member-security-roles.yaml \ + --out-md ../api-member-security-roles.md +``` + +Commit all three files together (XLSX, YAML, MD). The diff on the YAML +is what reviewers should scrutinize — it is the source of truth for code. + +## Querying the YAML from integration code + +The YAML groups permissions by module and action. Example — checking +what `Inquire: ALL` means for Service Desk → Service Tickets: + +```python +import yaml +from pathlib import Path + +doc = yaml.safe_load( + Path("docs/integrations/connectwise/api-member-security-roles.yaml").read_text() +) +levels = doc["modules"]["Service Desk"]["actions"]["Service Tickets"]["inquire"]["levels"] +print(levels["ALL"]) +``` + +This is the pattern `ConnectWiseAuthManager` and the proxy authorization +layer should use when the required permission level for a given API +endpoint needs to be documented or validated against an assigned role. + +## Conventions + +- **Levels are ordered most-to-least privileged:** `ALL`, `MY`, `MINE`, `NONE`. +- **Verbs are always in this order:** `add`, `edit`, `delete`, `inquire`. +- **`Not applicable` notes** in a verb's cell mean the meaningful level + is documented under another verb (almost always `inquire`) — the + generator preserves these as `note:` fields rather than inventing + placeholder levels. +- **The XLSX is the single source of input.** Never hand-edit the YAML + or Markdown; your changes will be overwritten on the next regeneration. diff --git a/docs/connectwise/CW_Security_Roles/Security_Roles_Matrix_11132017.xlsx b/docs/connectwise/CW_Security_Roles/Security_Roles_Matrix_11132017.xlsx new file mode 100644 index 00000000..d7f4adf3 Binary files /dev/null and b/docs/connectwise/CW_Security_Roles/Security_Roles_Matrix_11132017.xlsx differ diff --git a/docs/connectwise/CW_Security_Roles/api-member-security-roles.md b/docs/connectwise/CW_Security_Roles/api-member-security-roles.md new file mode 100644 index 00000000..8b3276c5 --- /dev/null +++ b/docs/connectwise/CW_Security_Roles/api-member-security-roles.md @@ -0,0 +1,1373 @@ +# ConnectWise API Member — Security Roles Reference + +_Generated 2026-04-16 from `Security_Roles_Matrix_11132017.xlsx`. Do not edit by hand — update the XLSX and re-run `generate_role_docs.py`._ + +## How to read this document + +Each ConnectWise module lists the actions it governs. For every action, four permission verbs — **Add**, **Edit**, **Delete**, **Inquire** — can be granted at one of these levels, most to least privileged: + +| Level | Meaning | +|-------|---------| +| `ALL` | Access to all records in the system. | +| `MY` | Access to records owned by the user's team. | +| `MINE` | Access only to records owned by the user. | +| `NONE` | No access. | + +Not every level applies to every action — the source matrix only documents the levels that are meaningful for each cell. Cells marked _Not applicable_ reference another verb (usually Inquire) where the meaningful level is defined. + +The machine-readable form of this document is [`api-member-security-roles.yaml`](./api-member-security-roles.yaml). Use the YAML when writing integration code; use this Markdown when reviewing, discussing, or onboarding. + +## Table of contents + +- [Companies](#companies) — 15 actions +- [Finance](#finance) — 12 actions +- [Marketing](#marketing) — 4 actions +- [Procurement](#procurement) — 10 actions +- [Project](#project) — 16 actions +- [Sales](#sales) — 8 actions +- [Service Desk](#service-desk) — 19 actions +- [System](#system) — 16 actions +- [Time and Expense](#time-and-expense) — 6 actions + +## Companies + +### Company Maintenance + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create companies within the system. | +| Add | `NONE` | Retricts the ability to create companies within the system. | +| Edit | `ALL` | Allows the ability to edit existing companies within the system. | +| Edit | `NONE` | Retricts the ability to edit existing companies within the system. | +| Delete | `ALL` | Allows the ability to delete existing companies within the system. | +| Delete | `NONE` | Retricts the ability to delete existing companies within the system. | +| Inquire | `ALL` | Allows the ability to review existing companies within the system. | +| Inquire | `NONE` | Retricts the ability to review existing companies within the system. | + +### Company/Contact Group Maintenance + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create/add Group information on the Groups Tab of a company. | +| Add | `MY` | Not Applicable. | +| Add | `NONE` | Retricts the ability to create/add Group information on the Groups Tab of a company. | +| Edit | `ALL` | Allows the ability to edit existing Group information on the Groups Tab of a company. | +| Edit | `MY` | Not Applicable. | +| Edit | `NONE` | Retricts the ability to edit existing Group information on the Groups Tab of a company. | +| Delete | `ALL` | Allows the ability to delete existing Group information on the Groups Tab of a company. | +| Delete | `MY` | Not Applicable. | +| Delete | `NONE` | Retricts the ability to delete existing Group information on the Groups Tab of a company. | +| Inquire | `ALL` | Allows the ability to review Group information on the Groups Tab of a company. | +| Inquire | `MY` | Not Applicable. | +| Inquire | `NONE` | Retricts the ability to review Group information on the Groups Tab of a company. | + +### Configuration - Display Passwords + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | When reviewing configurations at the company level, Custom Configuration Questions that are labeled as "Password" in the Configuratoin Type Setup Table will be visible. | +| Inquire | `NONE` | When reviewing configurations at the company level, Custom Configuration Questions that are labeled as "Password" in the Configuration Type Setup Table will be encrypted. | + +### Configurations + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create configurations within the system. | +| Add | `NONE` | Retricts the ability to create configurations within the system. | +| Edit | `ALL` | Allows the ability to edit existing configurations within the system. | +| Edit | `NONE` | Retricts the ability to edit existing configurations within the system. | +| Delete | `ALL` | Allows the ability to delete existing configurations within the system. | +| Delete | `NONE` | Retricts the ability to delete existing configurations within the system. | +| Inquire | `ALL` | Allows the ability to review existing configurations within the system. | +| Inquire | `NONE` | Retricts the ability to review existing configurations within the system. | + +### Contacts + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create contacts within the system. | +| Add | `NONE` | Retricts the ability to create contacts within the system. | +| Edit | `ALL` | Allows the ability to edit existing contacts within the system. | +| Edit | `NONE` | Retricts the ability to edit existing contacts within the system. | +| Delete | `ALL` | Allows the ability to delete existing contacts within the system. | +| Delete | `NONE` | Retricts the ability to delete existing contacts within the system. | +| Inquire | `ALL` | Allows the ability to review existing contacts within the system. | +| Inquire | `NONE` | Retricts the ability to review existing contacts within the system. | + +### CRM/Sales Activities + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add new activities. | +| Add | `MY` | Allows the ability to add new activities (same as ALL). | +| Add | `NONE` | Restricts the ability to add new activities. | +| Edit | `ALL` | Allows the ability to edit all existing activities within the system. | +| Edit | `MY` | Allows the ability to edit only the activities that belong to a particular member. An activity belongs to me if I created it, if I assigned someone to it, or if I am assigned to it. | +| Edit | `NONE` | Retricts the ability to edit existing activities within the system. | +| Delete | `ALL` | Allows the ability to delete all existing activities within the system. | +| Delete | `MY` | Allows the ability to delete activities that belong to a particular member. An activity belongs to me if I created it, if I assigned someone to it, or if I am assigned to it. | +| Delete | `NONE` | Retricts the ability to delete existing activities within the system. | +| Inquire | `ALL` | Allows the ability to review all existing activities within the system. | +| Inquire | `MY` | Allows the ability to review only the activities that belong to a particular member. An activity belongs to me if I created it, if I assigned someone to it, or if I am assigned to it. | +| Inquire | `NONE` | Retricts the ability to review existing activities within the system. NOTE: If set to "None" the My Activities Screen will no longer be visible. | + +### Lead Import + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | — | _Not sure why this has a My / All option. It only controls whether or not I can see the Import Contacts menu icon._ | + +### Manage Documents + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add documents within the system. | +| Add | `MY` | Allows the ability to add documents that particular member uploaded within the system. | +| Add | `NONE` | Retricts the ability to add documents within the system. NOTE: This setting applies to the Documents Tab of Agreements, Companies, Contacts, Configurations, Expenses, Opportunities, Projects, and Service Tickets. | +| Edit | `ALL` | Allows the ability to edit all existing documents within the system. | +| Edit | `MY` | Allows the ability to edit only the documents that particular member uploaded within the system. | +| Edit | `NONE` | Retricts the ability to edit existing documents within the system. NOTE: This setting applies to the Documents Tab of Agreements, Companies, Contacts, Configurations, Expenses, Opportunities, Projects, and Service Tickets. | +| Delete | `ALL` | Allows the ability to delete all existing documents within the system. | +| Delete | `MY` | Allows the ability to delete only the documents that particular member uploaded within the system. | +| Delete | `NONE` | Retricts the ability to delete existing documents within the system. NOTE: This setting applies to the Documents Tab of Agreements, Companies, Contacts, Configurations, Expenses, Opportunities, Projects, and Service Tickets. | +| Inquire | `ALL` | Allows the ability to review all existing documents within the system. | +| Inquire | `MY` | Allows the ability to review only the documents that particular member uploaded within the system. | +| Inquire | `NONE` | Retricts the ability to review existing documents within the system. NOTE: This setting applies to the Documents Tab of Agreements, Companies, Contacts, Configurations, Expenses, Opportunities, Projects, and Service Tickets. | + +### Management + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add information on the Management Tab of a company. | +| Add | `NONE` | Retricts the ability to add information on the Management Tab of a company. | +| Edit | `ALL` | Allows the ability to edit existing information on the Management Tab of a company. | +| Edit | `NONE` | Retricts the ability to edit existing information on the Management Tab of a company. | +| Delete | `ALL` | Allows the ability to delete existing information on the Management Tab of a company. | +| Delete | `NONE` | Retricts the ability to delete existing information on the Management Tab of a company. | +| Inquire | `ALL` | Allows the ability to review existing information on the Management Tab of a company. | +| Inquire | `NONE` | Retricts the ability to review existing information on the Management Tab of a company. | + +### Notes + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add information on the Notes Tab of a company or contact. | +| Add | `NONE` | Retricts the ability to add information on the Notes Tab of a company or contact. | +| Edit | `ALL` | Allows the ability to edit existing information on the Notes Tab of a company or contact. | +| Edit | `NONE` | Retricts the ability to edit existing information on the Notes Tab of a company or contact. | +| Delete | `ALL` | Allows the ability to delete existing information on the Notes Tab of a company or contact. | +| Delete | `NONE` | Retricts the ability to delete existing information on the Notes Tab of a company or contact. | +| Inquire | `ALL` | Allows the ability to review information on the Notes Tab of a company or contact. | +| Inquire | `NONE` | Retricts the ability to review information on the Notes Tab of a company or contact. | + +### Reports + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review reports located in the Companies Category of the reports module. By default, when this option is selected, access to all company and contact reports is allows, but access can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Retricts the ability to review reports located in the Companies and Contacts Category of the reports module. | + +### Surveys + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. | +| Add | `NONE` | Retricts the ability to add information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. | +| Edit | `ALL` | Allows the ability to edit information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. | +| Edit | `NONE` | Retricts the ability to edit information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. | +| Delete | `ALL` | Allows the ability to delete information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. | +| Delete | `NONE` | Retricts the ability to delete information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. | +| Inquire | `ALL` | Allows the ability to review information on the Surveys Tab of a company or contact. This applies to both CRM and Service Surveys. | +| Inquire | `NONE` | Retricts the ability to review information on the Surveys Tab of a company or contact. This applies to both CRM and Service Surveys. | + +### Team Members + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add Team Role information on the Team Tab of a company or contact. | +| Add | `NONE` | Retricts the ability to add Team Role information on the Team Tab of a company or contact. | +| Edit | `ALL` | Allows the ability to edit existing Team Role information on the Team Tab of a company or contact. | +| Edit | `NONE` | Retricts the ability to edit existing Team Role information on the Team Tab of a company or contact. | +| Delete | `ALL` | Allows the ability to delete existing Team Role information on the Team Tab of a company or contact. | +| Delete | `NONE` | Retricts the ability to delete existing Team Role information on the Team Tab of a company or contact. | +| Inquire | `ALL` | Allows the ability to review existing Team Role information on the Team Tab of a company or contact. | +| Inquire | `NONE` | Retricts the ability to review existing Team Role information on the Team Tab of a company or contact. | + +### Tracks + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add Track Items to the Tracks Tab of a company or contact. | +| Add | `NONE` | Retricts the ability to add Track Items to the Tracks Tab of a company or contact. | +| Edit | `ALL` | Allows the ability to edit existing Track Items to the Tracks Tab of a company or contact. | +| Edit | `NONE` | Retricts the ability to edit existing Track Items to the Tracks Tab of a company or contact. | +| Delete | `ALL` | Allows the ability to delete existing Track Items to the Tracks Tab of a company or contact. | +| Delete | `NONE` | Retricts the ability to delete existing Track Items to the Tracks Tab of a company or contact. | +| Inquire | `ALL` | Allows the ability to review Track Items to the Tracks Tab of a company or contact. | +| Inquire | `NONE` | Retricts the ability to review Track Items to the Tracks Tab of a company or contact. | + +### UserCentric + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not Applicable. See Inquire Level._ | +| Edit | — | _Not Applicable. See Inquire Level._ | +| Delete | — | _Not Applicable. See Inquire Level._ | +| Inquire | `ALL` | Allows access to the UserCentric Icon under the Companies Module. | +| Inquire | `NONE` | Retricts access to the UserCentric Icon under the Companies Module. | + +## Finance + +### Accounting Interface + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | `ALL` | Allows the ability to delete GL Batches from the Open Batches tab and to Remove Records on the Unposted Invoices, Unposted Expenses and Unposted Procurement tabs. | +| Delete | `NONE` | Restricts the ability to delete GL Batches from the Open Batches tab and to Remove Records on the Unposted Invoices, Unposted Expenses and Unposted Procurement tabs. | +| Inquire | `ALL` | Allows access to the Accounting Interface Screen. | +| Inquire | `NONE` | Retricts access to the Accounting Interface Screen. | + +### Agreement Invoicing + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create agreement invoices within the system. | +| Add | `NONE` | Retricts the ability to create agreement invoices within the system. | +| Edit | `ALL` | Allows the ability to edit existing agreement invoices within the system. | +| Edit | `NONE` | Retricts the ability to edit existing agreement invoices within the system. | +| Delete | `ALL` | Allows the ability to delete existing agreement invoices within the system. | +| Delete | `NONE` | Retricts the ability to delete existing agreement invoices within the system. | +| Inquire | `ALL` | Allows the ability to review existing agreement invoices within the system. | +| Inquire | `NONE` | Retricts the ability to review existing agreement invoices within the system. | + +### Agreement Sales + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire and Edit levels._ | +| Edit | `ALL` | Allows the use of the actions on the Agreement Sales screen. | +| Edit | `NONE` | Restricts the ability to use the actions on the Agreement Sales screen. | +| Delete | — | _Not applicable. See Inquire and Edit levels._ | +| Inquire | `ALL` | Allows access to the Agreement Sales screen. | +| Inquire | `NONE` | Restricts access to the Agreement Sales screen. | + +### Agreements + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create agreements within the system. | +| Add | `NONE` | Retricts the ability to create agreements within the system. | +| Edit | `ALL` | Allows the ability to edit existing agreements within the system. This also includes all tabs on the agreement. | +| Edit | `NONE` | Retricts the ability to edit existing agreements within the system. This also includes all tabs on the agreement. | +| Delete | `ALL` | Allows the ability to delete existing agreements within the system. | +| Delete | `NONE` | Retricts the ability to delete existing agreements within the system. | +| Inquire | `ALL` | Allows the ability to review existing agreements within the system. | +| Inquire | `NONE` | Retricts the ability to review existing agreements within the system. | + +### Billing Rate Maintenance + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add custom work roles (agreements, companies). | +| Add | `NONE` | Restricts the ability to add custom work roles (agreements, companies). | +| Edit | `ALL` | Allows the ability to edit custom work roles (agreements, companies). | +| Edit | `NONE` | Restricts the ability to edit custom work roles (agreements, companies). | +| Delete | `ALL` | Allows the ability to delete custom work roles (agreements, companies). | +| Delete | `NONE` | Restricts the ability to delete custom work roles (agreements, companies). | +| Inquire | `ALL` | Allows the ability to view custom work roles (agreements, companies). | +| Inquire | `NONE` | Restricts the ability to view custom work roles (agreements, companies). | + +### Billing view Time + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire level._ | +| Edit | `ALL` | Enables you to edit the Billing Options pod. | +| Edit | `NONE` | Restricts the ability to view the Billing Options pod on a time or expense entry. | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to view billing options section on a time or expense entry. | +| Inquire | `NONE` | Restricts the ability to view billing options section on a time or expense entry. | + +### Company Finance + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to edit the Company Finance Screen information for companies within the system. | +| Edit | `NONE` | Retricts the ability to edit the Company Finance Screen information for companies within the system. | +| Delete | — | _Not Applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to review the Company Finance Screen for companies within the system. | +| Inquire | `NONE` | Retricts the ability to review the Company Finance Screen for companies within the system. | + +### Expense Reimbursement + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows access to the Expense Reimbursement Screen. | +| Inquire | `NONE` | Retricts access to the Expense Reimbursement Screen. | + +### Financial Dashboard + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not Applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review the Financial Dashboard. | +| Inquire | `NONE` | Retricts the ability to review the Financial Dashboard. | + +### Invoice Approval + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to approve (route) any invoices within the system. | +| Edit | `MY` | Allows the ability to approve (route) any invoices that are currently routed to the particular member. | +| Edit | `NONE` | Restricts the ability to approve (route) invoices within the system. | +| Delete | — | _Not applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Restricts access to email invoices via the Invoice Batch Emailing screen and also approvals via the My Invoices Screen. | +| Inquire | `MY` | Same as ALL. | + +### Invoicing + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create invoices within the system. | +| Add | `MY` | Allows the ability to create invoices within the system (same as ALL). | +| Add | `NONE` | Retricts the ability to create invoices within the system. | +| Edit | `ALL` | Allows the ability to edit all existing invoices within the system. | +| Edit | `MY` | Allows the ability to edit only the existing invoices that are routed to a particular member in the system. | +| Edit | `NONE` | Retricts the ability to edit existing invoices within the system. | +| Delete | `ALL` | Allows the ability to delete all existing invoices within the system. | +| Delete | `MY` | Allows the ability to delete only the existing invoices that are routed to a particular member within the system. | +| Delete | `NONE` | Retricts the ability to delete existing invoices within the system. | +| Inquire | `ALL` | Allows the ability to view all existing invoices in the system. | +| Inquire | `MY` | Allows the ability to view only the existing invoices that are routed to a particular member within the system. | +| Inquire | `NONE` | Retricts the ability to review the Invoicing, Invoice Search, or Special Invoices screens. | + +### Reports + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review reports located in the Finance Category of the reports module. By default, when this option is selected, access to all company and contact reports is allows, but access can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Retricts the ability to review reports located in the Finance Category of the reports module. | + +## Marketing + +### ConnectWise Campaign + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to view ConnectWise Campaign in the left nacigation. | +| Inquire | `NONE` | Retricts the ability to view or interact with ConnectWise Campaign. | + +### Marketing Groups + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create new Groups. | +| Add | `NONE` | Restricts the ability to create new Groups. | +| Edit | `ALL` | Allows the ability to edit existing Groups. | +| Edit | `NONE` | Restricts the ability to edit existing Groups. | +| Delete | `ALL` | Allows the ability to delete existing Groups. | +| Delete | `NONE` | Restricts the ability to delete existing Groups. | +| Inquire | `ALL` | Allows the ability to access the Marketing Groups screen. | +| Inquire | `NONE` | Restricts the ability to access the Marketing Groups screen. | + +### Marketing Management + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create marketing items located within the Marketing Module. | +| Add | `MY` | Allows the ability to create marketing items located within the Marketing Module only for those items that member is the Owner. | +| Add | `NONE` | Retricts the ability to create marketing items located within the Marketing Module. | +| Edit | `ALL` | Allows the ability to edit marketing items located within the Marketing Module. | +| Edit | `MY` | Allows the ability to edit marketing items located within the Marketing Module only for those items that member is the Owner. | +| Edit | `NONE` | Retricts the ability to edit marketing items located within the Marketing Module. | +| Delete | `ALL` | Allows the ability to delete marketing items located within the Marketing Module. | +| Delete | `MY` | Allows the ability to delete marketing items located within the Marketing Module only for those items that member is the Owner. | +| Delete | `NONE` | Retricts the ability to delete marketing items located within the Marketing Module. | +| Inquire | `ALL` | Allows the ability to review marketing items located within the Marketing Module. | +| Inquire | `MY` | Allows the ability to review marketing items located within the Marketing Module only for those items that member is the Owner. | +| Inquire | `NONE` | Retricts the ability to review marketing items located within the Marketing Module. | + +### Marketing Reports + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review reports located in the Marketing Category of the reports module. By default, when this option is selected, access to all marketing reports is allowed, but access can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Retricts the ability to review reports located in the Marketing Category of the reports module. | + +## Procurement + +### Inventory Adjustments + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create new Inventory Adjustments. | +| Add | `NONE` | Retricts the ability to create new Inventory Adjustments. | +| Edit | `ALL` | Allows the ability to edit existing open Inventory Adjustment item information. | +| Edit | `NONE` | Retricts the ability to edit existing Inventory Adjustment item information. | +| Delete | `ALL` | Allows the ability to delete existing open Inventory Adjustment items. | +| Delete | `NONE` | Retricts the ability to delete existing Inventory Adjustment items. | +| Inquire | `ALL` | Allows the ability to review existing Inventory Adjustment item information. | +| Inquire | `NONE` | Retricts the ability to review existing Inventory Adjustment item information. | + +### Inventory Transfers + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to complete a Inventory Transfer. | +| Edit | `NONE` | Retricts the ability to complete a Inventory Transfer. | +| Delete | — | _Not applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to review existing Inventory Transfer information. | +| Inquire | `NONE` | Retricts the ability to review existing Inventory Transfer information. | + +### Product Catalog + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create new Products in the Product Catalog. | +| Add | `NONE` | Restricts the ability to create new products in the Product Catalog. | +| Edit | `ALL` | Allows the ability to edit existing products in the Products Catalog. | +| Edit | `NONE` | Restricts the ability to edit existing products in the Products Catalog. | +| Delete | `ALL` | Allows the ability to delete existing Products in the Products Catalog. | +| Delete | `NONE` | Restricts the ability to delete existing Products in the Products Catalog. | +| Inquire | `ALL` | Allows the ability to review existing Product information in the Product Catalog. | +| Inquire | `NONE` | Restricts the ability to review existing Product information in the Product Catalog. | + +### Products + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add Products to Opportunities, Sales Orders, and Service Tickets. | +| Add | `NONE` | Retricts the ability to add Products to Opportunities, Sales Orders, and Service Tickets. NOTE: This option also controls the ability to pick and ship products. | +| Edit | `ALL` | Allows the ability to edit Products on Opportunities, Sales Orders, Service Tickets, and Invoices. | +| Edit | `NONE` | Restricts the ability to edit Products on Opportunities, Sales Orders, Service Tickets, and Invoices. | +| Delete | `ALL` | Allows the ability to delete products added to Opportunities, Sales Orders, Service Tickets, and Invoices. | +| Delete | `NONE` | Restricts the ability to delete products added to Opportunities, Sales Orders, Service Tickets, and Invoices. | +| Inquire | `ALL` | Allows the ability to review information for products added to Opportunities, Sales Orders, and Service Tickets. | +| Inquire | `NONE` | Retricts the ability to review information for products added to Opportunities, Sales Orders, and Service Tickets. | + +### Purchase Orders + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create new POs. | +| Add | `MY` | Allows the ability to create new POs. | +| Add | `NONE` | Restricts the ability to create new POs. | +| Edit | `ALL` | Allows the ability to edit existing POs. | +| Edit | `MY` | Allows the ability to edit existing PO's where the Member is listed in the Entered By field on the PO. | +| Edit | `NONE` | Restricts the ability to edit existing POs. | +| Delete | `ALL` | Allows the ability to delete existing POs. | +| Delete | `MY` | Allows the ability to delete existing PO's where the Member is listed in the Entered By field on the PO. | +| Delete | `NONE` | Restricts the ability to delete existing POs. | +| Inquire | `ALL` | Allows the ability to view existing POs. | +| Inquire | `MY` | Allows the ability to delete existing PO's where the Member is listed in the Entered By field on the PO. | +| Inquire | `NONE` | Restricts the ability to view existing POs. | + +### Purchasing Approvals + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to use actionable options for items in the Purchasing Approvals Search Screen. | +| Edit | `NONE` | Retricts the ability to use actionable options for items in the Purchasing Approvals Search Screen. | +| Delete | — | _Not applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to review information for items in the Purchasing Approvals Search Screen. | +| Inquire | `NONE` | Retricts the ability to review information for items in the Purchasing Approvals Search Screen. | + +### Purchasing Demand + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to use actionable options for items in the Purchasing Search Screen. | +| Edit | `NONE` | Retricts the ability to use actionable options for items in the Purchasing Search Screen. | +| Delete | — | _Not applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to review information for items in the Purchasing Search Screen. | +| Inquire | `NONE` | Retricts the ability to review information for items in the Purchasing Search Screen. | + +### Reports + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review reports located in the Procurement Category of the reports module. By default, when this option is selected, access to all procurement reports is allowed, but access can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Retricts the ability to review reports located in the Procurement Category of the reports module. | + +### RMA Entry + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create new RMA Tags. | +| Add | `NONE` | Restricts the ability to create new RMA Tags. | +| Edit | `ALL` | Allows the ability to edit existing RMA Tags. | +| Edit | `NONE` | Restricts the ability to edit existing RMA Tags. | +| Delete | `ALL` | Allows the ability to delete existing RMA Tags. | +| Delete | `NONE` | Restricts the ability to delete existing RMA Tags. | +| Inquire | `ALL` | Allows the ability to view existing RMA Tags. | +| Inquire | `NONE` | Restricts the ability to view existing RMA Tags. | + +### RMA Processing + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to view vendor, shipping, and closing sections of RMA tags. | +| Inquire | `NONE` | Restricts the ability to view vendor, shipping, and closing sections of RMA tags. | + +## Project + +### Close Project Tickets + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit level._ | +| Edit | `ALL` | Allows the ability to close and re-open Projects and Project Tickets. | +| Edit | `NONE` | Retricts the ability to close and re-open Projects and Project Tickets. | +| Delete | — | _Not applicable. See Edit level._ | +| Inquire | — | _Not applicable. See Edit level._ | + +### Close Projects + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to set existing Projects to a closed status. | +| Edit | `NONE` | Disallows the ability to set existing Projects to a closed status. | +| Delete | — | _Not applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to view Closed statuses on the Project tab of a Project. | +| Inquire | `NONE` | Disallows the ability to view Closed statuses on the Project tab of a Project. | + +### Project Contacts + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add contact information to the Contacts Tab of existing projects. | +| Add | `MY` | The ability to add contact information to the Contacts Tab for projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Add | `NONE` | Retricts the ability to add contact information to the Contacts Tab of existing projects. | +| Edit | `ALL` | Allows the ability to edit contact information to the Contacts Tab of existing projects. | +| Edit | `MY` | The ability to edit contact information on the Contacts Tab for projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Edit | `NONE` | Retricts the ability to edit contact information to the Contacts Tab of existing projects. | +| Delete | `ALL` | Allows the ability to delete contact information to the Contacts Tab of existing projects. | +| Delete | `MY` | The ability to delete contact information from the Contacts Tab for projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Delete | `NONE` | Retricts the ability to delete contact information to the Contacts Tab of existing projects. | +| Inquire | `ALL` | Allows the ability to review contact information to the Contacts Tab of existing projects. | +| Inquire | `MY` | The ability to review contact information on the Contacts Tab of projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Inquire | `NONE` | Retricts the ability to review contact information to the Contacts Tab of existing projects. | + +### Project Finance + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to edit the Project Finance, Recap, and Invoice tabs of existing projects. | +| Edit | `MY` | Access to the Finance, Recap, and Invoices tabs of the project or project ticket is determined by the settings of the project role the member is assigned to on the specific project. | +| Edit | `NONE` | Restricts the ability to edit the Project Finance, Recap, and Invoice tabs of existing projects. | +| Delete | — | _Not applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to review the Project Finance, Recap, and Invoice tabs of existing projects. Also allows access to the Project budget by Variance view in the Views tab. | +| Inquire | `MY` | The ability to review the Finance, Recap or Invoices Tabs of the project or project ticket is determined by the settings of the project role the member is assigned to on the specific project. | +| Inquire | `NONE` | Restricts the ability to review the Project Finance, Recap, and Invoice tabs of existing projects. Also restricts access to the Project budget by Variance view in the Views tab. NOTE: If you select None, the Project Boards icon will no longer be visible. In order to see the Project Board icon, the user needs Project Management Inquire set to All, AND Project Finance Inquire set to My at the very least. | + +### Project Headers + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add new projects. | +| Add | `MY` | The ability to add new projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Add | `NONE` | Restricts the ability to add new projects. | +| Edit | `ALL` | Allows the ability to edit the general tab of existing projects. | +| Edit | `MY` | The ability to edit the general tab of existing projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Edit | `NONE` | Restricts the ability to edit the general tab of existing projects. | +| Delete | `ALL` | Allows the ability to delete existing projects. | +| Delete | `MY` | The ability to delete existing projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Delete | `NONE` | Restricts the ability to delete existing projects. | +| Inquire | `ALL` | Allows the ability to view existing projects. | +| Inquire | `MY` | The ability to view existing projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Inquire | `NONE` | Restricts the ability to view existing projects. | + +### Project Management + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to view Project Boards. | +| Inquire | `MY` | Not Applicable. | +| Inquire | `NONE` | Retricts the ability to view Project Boards. NOTE: The only available options are All or None. If you select None, the Project Boards icon will no longer be visible. In order to see the Project Board icon, the user needs Project Management Inquire set to All, AND Project Finance Inquire set to My at the very least. | + +### Project Notes + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add information on the Notes Tab of a Project. | +| Add | `MY` | The ability to add information on the Notes Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Add | `NONE` | Retricts the ability to add information on the Notes Tab of a Project. | +| Edit | `ALL` | Allows the ability to edit information on the Notes Tab of a Project. | +| Edit | `MY` | The ability to edit information on the Notes Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Edit | `NONE` | Retricts the ability to edit information on the Notes Tab of a Project. | +| Delete | `ALL` | Allows the ability to delete information on the Notes Tab of a Project. | +| Delete | `MY` | The ability to delete information on the Notes Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Delete | `NONE` | Retricts the ability to delete information on the Notes Tab of a Project. | +| Inquire | `ALL` | Allows the ability to review information on the Notes Tab of a Project. | +| Inquire | `MY` | The ability to view information on the Notes Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Inquire | `NONE` | Retricts the ability to review information on the Notes Tab of a Project. | + +### Project Phase + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add a new Phase on the Workplan Tab of a Project. | +| Add | `MY` | The ability to add a new Phase on the Workplan Tab to a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Add | `NONE` | Retricts the ability to add a new Phase on the Workplan Tab of a Project. | +| Edit | `ALL` | Allows the ability to edit an existing Phase on the Workplan Tab of a Project. | +| Edit | `MY` | The ability to edit a Phase on the Workplan Tab to a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Edit | `NONE` | Retricts the ability to edit an existing Phase on the Workplan Tab of a Project. | +| Delete | `ALL` | Allows the ability to delete an existing Phase on the Workplan Tab of a Project. | +| Delete | `MY` | The ability to delete a Phase on the Workplan Tab to a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Delete | `NONE` | Retricts the ability to delete an existing Phase on the Workplan Tab of a Project. | +| Inquire | `ALL` | Allows the ability to review an existing Phase on the Workplan Tab of a Project. | +| Inquire | `MY` | The ability to view a Phase on the Workplan Tab to a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Inquire | `NONE` | Retricts the ability to review an existing Phase on the Workplan Tab of a Project. | + +### Project Product + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add product items to the ProductsTab of existing projects. | +| Add | `MY` | The ability to add product items to the ProductsTab of projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Add | `NONE` | Retricts the ability to add product items to the ProductsTab of existing projects. | +| Edit | `ALL` | Allows the ability to edit product items to the ProductsTab of existing projects. | +| Edit | `MY` | The ability to edit product items on the ProductsTab of projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Edit | `NONE` | Retricts the ability to edit product items to the ProductsTab of existing projects. | +| Delete | `ALL` | Allows the ability to delete product items to the ProductsTab of existing projects. | +| Delete | `MY` | The ability to delete product items from the ProductsTab of projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Delete | `NONE` | Retricts the ability to delete product items to the ProductsTab of existing projects. | +| Inquire | `ALL` | Allows the ability to review product items to the ProductsTab of existing projects. | +| Inquire | `MY` | The ability to view product items on the ProductsTab of projects is determined by the settings of the project role the member is assigned to on the specific project. | +| Inquire | `NONE` | Retricts the ability to review product items to the ProductsTab of existing projects. | + +### Project Reports + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review reports located in the Project Category of the reports module. By default, when this option is selected, access to all marketing reports is allowed, but access can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Retricts the ability to review reports located in the Project Category of the reports module. | + +### Project Scheduling + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add information on the Schedule Tab of an all existing Projects. | +| Add | `MY` | The ability to add information on the Schedule Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Add | `NONE` | Retricts the ability to add information on the Schedule Tab of a Project. | +| Edit | `ALL` | Allows the ability to edit the information stored on the Schedule Tab of an all existing Projects. | +| Edit | `MY` | The ability to edit information on the Schedule Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Edit | `NONE` | Retricts the ability to edit the information stored on the Schedule Tab of a Project. | +| Delete | `ALL` | Allows the ability to delete the information stored on the Schedule Tab of an all existing Projects. | +| Delete | `MY` | The ability to delete information on the Schedule Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Delete | `NONE` | Retricts the ability to delete the information stored on the Schedule Tab of a Project. | +| Inquire | `ALL` | Allows the ability to review the information stored on the Schedule Tab of an all existing Projects. | +| Inquire | `MY` | The ability to view information on the Schedule Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. | +| Inquire | `NONE` | Retricts the review the information stored on the Schedule Tab of a Project. | + +### Project Teams + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add members on the Project Team Tab of an all existing Projects. Also allows the ability to convert Project tickets to Service Tickets. | +| Add | `MY` | The ability to add members on the Team Tab of a Project is determined by the settings of the project role the member is assigned to on the specific project. | +| Add | `NONE` | Retricts the ability to add members on the Project Team Tab of a Project. | +| Edit | `ALL` | Allows the ability to edit members on the Project Team Tab of a Project. | +| Edit | `MY` | The ability to edit members on the Team Tab of a Project is determined by the settings of the project role the member is assigned to on the specific project. | +| Edit | `NONE` | Retricts the ability to edit members on the Project Team Tab of a Project. | +| Delete | `ALL` | Allows the ability to delete members on the Project Team Tab of a Project. | +| Delete | `MY` | The ability to delete members from the Team Tab of a Project is determined by the settings of the project role the member is assigned to on the specific project. | +| Delete | `NONE` | Retricts the ability to delete members on the Project Team Tab of a Project. | +| Inquire | `ALL` | Allows the ability to review member details on the Project Team Tab of a Project. Also allows the ability to convert Project tickets to Service Tickets. | +| Inquire | `MY` | The ability to view members on the Team Tab of a Project is determined by the settings of the project role the member is assigned to on the specific project. | +| Inquire | `NONE` | Retricts the ability to review member details on the Project Team Tab of a Project. | + +### Project Templates + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create Project Templates. | +| Add | `NONE` | Retricts the ability to create Project Templates. | +| Edit | `ALL` | Allows the ability to edit Project Templates. | +| Edit | `NONE` | Retricts the ability to edit Project Templates. | +| Delete | `ALL` | Allows the ability to delete Project Templates. | +| Delete | `NONE` | Retricts the ability to delete Project Templates. | +| Inquire | `ALL` | Allows the ability to review Project Templates. | +| Inquire | `NONE` | Retricts the ability to review Project Templates. | + +### Project Ticket - Dependencies + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to append predecessor tickets to a project ticket. | +| Add | `NONE` | Disallows the ability to append predecessor tickets to a project ticket. | +| Edit | `ALL` | Allows the ability to edit the existing predecessor ticket on a project ticket. | +| Edit | `NONE` | Disallows the ability to edit the existing predecessor ticket on a project ticket. | +| Delete | `ALL` | Allows the ability to remove an existing predecessor ticket on a project ticket. | +| Delete | `NONE` | Disallows the ability to remove an existing predecessor ticket on a project ticket. | +| Inquire | `ALL` | Allows the ability to view existing predecessor ticket info on a project ticket. | +| Inquire | `NONE` | Disallows the ability to view existing predecessor ticket info on a project ticket. | + +### Project Ticket Tasks + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add tasks to Project Tickets. | +| Add | `MY` | The ability to add tasks to Project Tickets(not Projects) is determined by the settings of the project role the member is assigned to on the specific project. | +| Add | `NONE` | Retricts the ability to add tasks to Project Tickets. | +| Edit | `ALL` | Allows the ability to edit tasks on Project Tickets. | +| Edit | `MY` | The ability to edit tasks on Project Tickets(not Projects) is determined by the settings of the project role the member is assigned to on the specific project. | +| Edit | `NONE` | Retricts the ability to edit tasks on Project Tickets. | +| Delete | `ALL` | Allows the ability to delete tasks on Project Tickets. | +| Delete | `MY` | The ability to delete tasks from Project Tickets(not Projects) is determined by the settings of the project role the member is assigned to on the specific project. | +| Delete | `NONE` | Retricts the ability to delete tasks on Project Tickets. | +| Inquire | `ALL` | Allows the ability to review tasks on Project Tickets. | +| Inquire | `MY` | The ability to review tasks on Project Tickets(not Projects) is determined by the settings of the project role the member is assigned to on the specific project. | +| Inquire | `NONE` | Retricts the ability to review tasks on Project Tickets. | + +### Project Tickets + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create Project Tickets. | +| Add | `MY` | The ability to create project tickets is determined by the settings of the project role the member is assigned to on the specific project. | +| Add | `NONE` | Retricts the ability to create Project Tickets. | +| Edit | `ALL` | Allows the ability to edit existing Project Tickets. | +| Edit | `MY` | The ability to edit Project Tickets is determined by the settings of the project role the member is assigned to on the specific project. | +| Edit | `NONE` | Retricts the ability to edit existing Project Ticket information. | +| Delete | `ALL` | Allows the ability to delete existing Project Tickets. | +| Delete | `MY` | The ability to delete existing Project Tickets is determined by the settings of the project role the member is assigned to on the specific project. | +| Delete | `NONE` | Retricts the ability to review existing delete existing Project Tickets. | +| Inquire | `ALL` | Allows the ability to review existing Project Ticket information. Allows the ability to view Project Tickets and Issues on the My List screen. | +| Inquire | `MY` | The ability to review Project Tickets is determned by the settings of the project role the member is assigned to on the specific project. Allows the ability to view Project Tickets and Issues on the My List screen. | +| Inquire | `NONE` | Retricts the ability to review existing Project Ticket information. NOTE: Controls the ability to view the Project and Issues tabs on the My List screen | + +## Sales + +### Closed Opportunity + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit level._ | +| Edit | `ALL` | Allows the ability to close and re-open opportunities. | +| Edit | `NONE` | Restricts the ability to close and re-open opportunities. | +| Delete | — | _Not applicable. See Edit level._ | +| Inquire | — | _Not applicable. See Edit level._ | + +### Opportunity + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create Opportunities. | +| Add | `MY` | Allows the ability to create Opportunities. | +| Add | `NONE` | Retricts the ability to create Opportunities. | +| Edit | `ALL` | Allows the ability to edit existing Opportunities. | +| Edit | `MY` | Allows the ability to edit only those Opportunities for which the member is part of the team or is the teammate of a member of the team that has the Allow Access checkbox checked. | +| Edit | `NONE` | Retricts the ability to edit existing Opportunities. | +| Delete | `ALL` | Allows the ability to delete existing Opportunities. | +| Delete | `MY` | Allows the ability to edit only those Opportunities for which the member is part of the team or is the teammate of a member on the team that has the Allow Access checkbox checked. | +| Delete | `NONE` | Retricts the ability to delete existing Opportunities. | +| Inquire | `ALL` | Allows the ability to review existing Opportunities. | +| Inquire | `MY` | Allows the ability to edit only those Opportunities for which the member is part of the team or is the teammate of a member of the team that has the Allow Access checkbox checked. | +| Inquire | `NONE` | Retricts the ability to review existing Opportunities. | + +### Opportunity Finance + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review the Finance Tab of Opportunities. | +| Inquire | `NONE` | Retricts the ability to review the Finance Tab of Opportunities. | + +### Reports + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review reports located in the Sales Category of the reports module. By default, when this option is selected, access to all marketing reports is allowed, but access can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Retricts the ability to review reports located in the Sales Category of the reports module. | + +### Sales Dashboard + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review the Sales Overview screen. | +| Inquire | `NONE` | Retricts the ability to review the Sales Overview screen. | + +### Sales Funnel + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review the Sales Funnel screen. | +| Inquire | `NONE` | Retricts the ability to review the Sales Funnel screen. | + +### Sales Order Finance + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review the Finance Tab of Opportunities. | +| Inquire | `NONE` | Restricts the ability to review the Finance Tab of Opportunities. NOTE: The ability to edit the Finance tab of a Sales Order is based on the security persmissions for this role in the Sales Order field. | + +### Sales Orders + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create Sales Orders. | +| Add | `NONE` | Retricts the ability to create Sales Orders. | +| Edit | `ALL` | Allows the ability to edit existing Sales Orders. | +| Edit | `NONE` | Retricts the ability to edit existing Sales Orders. | +| Delete | `ALL` | Allows the ability to delete existing Sales Orders. | +| Delete | `NONE` | Retricts the ability to delete existing Sales Orders. | +| Inquire | `ALL` | Allows the ability to review existing Sales Orders. | +| Inquire | `NONE` | Retricts the ability to review existing Sales Orders. | + +## Service Desk + +### Agile Board + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to view and use the Agile board. | +| Inquire | `NONE` | Retricts the ability to view and use the Agile board. | + +### ChatAssist + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows access to the ChatAssist Icon under the Service Desk Module. | +| Inquire | `NONE` | Retricts access to the ChatAssist Icon under the Service Desk Module. | + +### Close Service Tickets + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows users to set a new ticket to a closed status before saving it for the first time. | +| Add | `NONE` | Restricts the ability to set a new ticket to a closed status before saving it for the first time. | +| Edit | `ALL` | Allows the ability to close and re-open service tickets. | +| Edit | `NONE` | Restricts the ability to close and re-open service tickets. | +| Delete | — | _Not Applicable. See Add, Edit, and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to view closed statuses in Service Ticket Status dropdown | +| Inquire | `NONE` | Restricts the ability to view closed statuses in Service Ticket Status dropdown. | + +### CloudConsole + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows access to the CloudConsole Icon under the Service Desk Module. | +| Inquire | `NONE` | Retricts access to the CloudConsole Icon under the Service Desk Module. | + +### ConnectWise Control + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Enables the ScreenConnect Button on tickets allowing the ability to create a ScreenConnect session. | +| Inquire | `NONE` | Disables the ScreenConnect Button on tickets disallowing the ability to create a ScreenConnect session. | + +### ConnectWise Manage Network + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Add and Inquire levels._ | +| Edit | — | _Not applicable. See Add and Inquire levels._ | +| Delete | `ALL` | Allows the ability to remove holds from the ConnectWise Manage Network. | +| Delete | `NONE` | Restricts the ability to remove holds from the ConnectWise Manage Network. | +| Inquire | `ALL` | Allows access to the ConnectWise Manage Network. | +| Inquire | `NONE` | Retricts access to the ConnectWise Manage Network. | + +### Knowledge Base Approver + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit, Delete, and Inquire levels._ | +| Edit | `ALL` | Allows the ability to approve and reject Knowledge Base articles that are pending approval. | +| Edit | `NONE` | Restricts the ability to approve and reject Knowledge Base articles that are pending approval. | +| Delete | `ALL` | Allows the ability to delete Knowledge Base articles in any status created by any member. | +| Delete | `NONE` | Restricts the ability to delete any Knowledge Base articles. | +| Inquire | `ALL` | Allows the ability to review Knowledge Base articles in any status. NONEL Restricts the ability to review any Knowledge Base articles. | + +### Knowledge Base Creator + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add draft Knowledge Base articles and submit for approval. | +| Add | `MY` | Allows the ability to add draft Knowledge Base articles and submit for approval. | +| Add | `NONE` | Restricts the ability to add draft Knowledge Base articles and submit for approval. | +| Edit | `ALL` | Allows the ability to edit Knowledge Base articles in Draft, Rejected, and Revise status for any member. | +| Edit | `MY` | Allows the ability to edit Knowledge Base articles in Draft, Rejected, and Revise status created by the logged in member. | +| Edit | `NONE` | Restricts the ability to edit Knowledge Base articles. | +| Delete | `ALL` | Allows the ability to delete Knowledge Base articles in Draft, Rejected, and Revise status created by any member. | +| Delete | `MY` | Allows the ability to delete Knowledge Base articles in Draft, Rejected, and Revise status created by the logged in member. | +| Delete | `NONE` | Restricts the ability to delete Knowledge Base articles. | +| Inquire | `ALL` | Allows the ability to review Knowledge Base articles created by any member. | +| Inquire | `MY` | Allows the ability for a member to review Knowledge Base articles created by the logged in member. | +| Inquire | `NONE` | Restricts the ability to review any Knowledge Base articles. | + +### Launch Remote Access + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to launch Automate or Control access from any ticket. | +| Inquire | `MY` | Allows the ability to launch Automate or Control access from any ticket the member is a resource on. | +| Inquire | `NONE` | Restricts the ability to launch Automate or Control access. Hides the Launch column in the Configuration pod. | + +### Merge Tickets + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to merge tickets. | +| Add | `NONE` | Restricts the ability to merge tickets | +| Edit | `ALL` | Allows for Open merged tickets to be set to a Closed status. | +| Edit | `NONE` | Restricts the ability to merge tickets | +| Delete | — | _Not applicable. See Add, Edit, and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to view the relationship of merged tickets. | +| Inquire | `NONE` | Restricts the ability to view the relationship of merged tickets. | + +### Print Service Signoff + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to print the Signoff form for any service ticket. | +| Inquire | `MY` | Allows the ability to print the Signoff form for tickets you are a resource on, tickets you have assigned another resource on, and tickets created by you. | +| Inquire | `NONE` | Restricts the ability to print the Signoff form for all tickets. | + +### Reports + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review reports located in the Service Desk Category of the reports module. By default, when this option is selected, access to all Service reports is allowed, but access can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Retricts the ability to review reports located in the Service Desk Category of the reports module. | + +### Resource Scheduling + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add resources on Service Tickets and Activities. | +| Add | `MY` | Allows the ability for a member to add themselves as a resource on a Service Ticket or Activity. | +| Add | `NONE` | Retricts the ability to add resources on Service Tickets and Activities. NOTE: This includes the My Calendar and Dispatch Portal Screens. | +| Edit | `ALL` | Allows the ability to edit resources on Service Tickets and Activities. | +| Edit | `MY` | Allows the ability for a member to edit themselves as a resource on a Service Ticket or Activity. | +| Edit | `NONE` | Retricts the ability to edit resources on Service Tickets and Activities. NOTE: This includes the My Calendar and Dispatch Portal Screens. | +| Delete | `ALL` | Allows the ability to delete resources on Service Tickets and Activities. | +| Delete | `MY` | Allows the ability for a member to delete themselves as a resource on a Service Ticket or Activity. | +| Delete | `NONE` | Retricts the ability to delete resources on Service Tickets and Activities. NOTE: This includes the My Calendar and Dispatch Portal Screens. | +| Inquire | `ALL` | Allows the ability to review resources on Service Tickets and Activities. | +| Inquire | `MY` | Allows the ability for a member to review only their resource records on a Service Ticket or Activity. | +| Inquire | `NONE` | Retricts the ability to review resources on Service Tickets and Activities. NOTE: This includes the My Calendar and Dispatch Portal Screens. | + +### Service Dashboard + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows access to the Service Dashboard under the Service Desk Module. | +| Inquire | `NONE` | Retricts access to the Service Dashboard under the Service Desk Module. | + +### Service Ticket - Dependencies + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to append predecessor tickets to a service ticket. | +| Add | `NONE` | Disallows the ability to append predecessor tickets to a service ticket. | +| Edit | `ALL` | Allows the ability to edit the existing predecessor ticket on a service ticket. | +| Edit | `NONE` | Disallows the ability to edit the existing predecessor ticket on a service ticket. | +| Delete | `ALL` | Allows the ability to remove an existing predecessor ticket on a service ticket. | +| Delete | `NONE` | Disallows the ability to remove an existing predecessor ticket on a service ticket. | +| Inquire | `ALL` | Allows the ability to view existing predecessor ticket info on a service ticket. | +| Inquire | `NONE` | Disallows the ability to view existing predecessor ticket info on a service ticket. | + +### Service Ticket - Finance + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to edit information on the Finance Tab of Service Tickets. | +| Edit | `NONE` | Retricts the ability to edit information on the Finance Tab of Service Tickets. | +| Delete | — | _Not applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Allows access to the Finance Tab of Service Tickets. | +| Inquire | `NONE` | Retricts access to the Finance Tab of Service Tickets. | + +### Service Tickets + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create Service Tickets. | +| Add | `MY` | Allows the ability to create Service Tickets. | +| Add | `NONE` | Retricts the ability to create Service Tickets. | +| Edit | `ALL` | Allows the ability to edit existing Service Tickets. Allows the ability to follow Service Tickets. | +| Edit | `MY` | Allows the ability to edit only existing Service Tickets that belong to the member. A ticket belongs to me if I created it, assigned it to someone, or I am assigned to it. Allows the ability to follow Service Tickets I am a resource on. | +| Edit | `NONE` | Retricts the ability to edit existing Service Tickets. | +| Delete | `ALL` | Allows the ability to delete existing Service Tickets. | +| Delete | `MY` | Allows the ability to delete only existing Service Tickets that belong to the member. A ticket belongs to me if I created it, assigned it to someone, or I am assigned to it. | +| Delete | `NONE` | Retricts the ability to delete existing Service Tickets. | +| Inquire | `ALL` | Allows the ability to review existing Service Tickets. | +| Inquire | `MY` | Allows the ability to review only existing Service Tickets that belong to the member. A ticket belongs to me if I created it, assigned it to someone, or I am assigned to it. | +| Inquire | `NONE` | Retricts the ability to review existing Service Tickets. | + +### SLA Dashboard + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to access the On Call and Duty Mgr pickers on the SLA Dashboard and Service Board. | +| Edit | `MY` | Restricts the ability to access the On Call and Duty Mgr pickers on the SLA Dashboard and Service Board. | +| Edit | `NONE` | Restricts the ability to access the On Call and Duty Mgr pickers on the SLA Dashboard and Service Board. | +| Delete | — | _Not applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to select any member from the member filter on the SLA Dashboard. Also allows the ability to access the On Call and Duty Mgr pickers on the Service Board and SLA Dashboard | +| Inquire | `MY` | Restricts the ability to select other members from the member filter on the SLA Dashboard. | +| Inquire | `NONE` | Restricts access to the SLA Dashboard. | + +### Ticket Templates + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. | +| Add | `MY` | Same as ALL | +| Add | `NONE` | Restricts the ability to create Ticket Templates at the Company Level. This includes the Ticket Templates Tab of a company or agreement. Note: This does not control the application of Ticket Templates to existing tickets using the protractor icon. | +| Edit | `ALL` | Allows the ability to edit Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. | +| Edit | `MY` | Allows the ability to edit Ticket Templates only where the member has access to the service board, location and group associated with the template. This includes the Ticket Templates tab of a company or agreement. | +| Edit | `NONE` | Restricts the ability to edit Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. Note: This does not control the application of Ticket Templates to existing tickets using the protractor icon. | +| Delete | `ALL` | Allows the ability to delete Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. | +| Delete | `MY` | Allows the ability to delete Ticket Templates only where the member has access to the service board, location and group associated with the template. This includes the Ticket Templates tab of a company or agreement. | +| Delete | `NONE` | Restricts the ability to delete Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. Note: This does not control the application of Ticket Templates to existing tickets using the protractor icon. | +| Inquire | `ALL` | Allows the ability to review Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. | +| Inquire | `MY` | Allows the ability to review Ticket Templates only where the member has access to the service board, location and group associated with the template. This includes the Ticket Templates tab of a company or agreement. | +| Inquire | `NONE` | Restricts the ability to review Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. Note: This does not control the application of Ticket Templates to existing tickets using the protractor icon. | + +## System + +### API Reports + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the user to access the API Reporting Views when using an API Member. | +| Inquire | `NONE` | Restricts the ability to review the API Reporting Views when using an API Member. | + +### Chat with ConnectWise Manage Support + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows access to the Chat with Support button in the top navigation menu. | +| Inquire | `NONE` | Restricts access to the Chat with Support button in the top navigation menu. | + +### ConnectWise Manage Labs + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit level._ | +| Edit | `ALL` | Allows the ability to turn labs on and off | +| Edit | `NONE` | Restricts the ablility to turn labs on and off | +| Delete | — | _Not applicable. See Edit level._ | +| Inquire | — | _Not applicable. See Edit level._ | + +### Custom Menu Entry + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review custom menu entries in the modules they are assigned to. By default, when this option is selected, access to all Custom Menu Entries is allowed, but access can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Restricts the ability to review existing Custom Menu Entries. | + +### Email Audit + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows access to the Email Audit icon under the Service Desk module and the Email Audit tab on the Company screen | +| Inquire | `NONE` | Restricts access to the Email Audit icon under the Service Desk module and the Email Audit tab on the Company screen. | + +### List View Export + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to export list view items to an Excel Spreadsheet. | +| Inquire | `NONE` | Restricts the ability to export list view items to an Excel Spreadsheet. | + +### Marketplace Sharing + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to upload items to the ConnectWise Marketplace. | +| Add | `NONE` | Restricts the ability to upload items to the ConnectWise Marketplace. | +| Edit | — | _Not applicable. See Add and Inquire levels._ | +| Delete | — | _Not applicable. See Add and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to import items from the ConnectWise Marketplace. | +| Inquire | `NONE` | Restricts the ability to import items from the ConnectWise Marketplace. | + +### Mass Maintenance + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add new items via the Mass Maintenance screens. Access to each screen can be customized using the Customize Option for this module. | +| Add | `NONE` | Restricts the ability to add new items via the Mass Maintenance screens. | +| Edit | `ALL` | Allows the ability to edit existing items via the Mass Maintenance screens. Access to each screen can be customized using the Customize Option for this module. | +| Edit | `NONE` | Restricts the ability to edit existing items via the Mass Maintenance screens. | +| Delete | `ALL` | Allows the ability to delete existing items via the Mass Maintenance screens. Access to each screen can be customized using the Customize Option for this module. | +| Delete | `NONE` | Restricts the ability to delete existing items via the Mass Maintenance screens. | +| Inquire | `ALL` | Allows the ability to review existing items via the Mass Maintenance screens. Access to each screen can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Restricts the ability to review existing items via the Mass Maintenance screens. | + +### Member Maintenance + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create new member profiles. | +| Add | `NONE` | Restricts the ability to create new member profiles. | +| Edit | `ALL` | Allows the ability to edit existing member profiles. | +| Edit | `NONE` | Restricts the ability to edit existing member profiles. | +| Delete | `ALL` | Allows the ability to delete existing member profiles. | +| Delete | `NONE` | Restricts the ability to deleteexisting member profiles. | +| Inquire | `ALL` | Allows the ability to review existing member profiles. | +| Inquire | `NONE` | Restricts the ability to review existing member profiles. | + +### My Account + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to edit the information on the MY Account Screen for all members. | +| Edit | `MY` | Allows the ability to edit the information on the MY Account Screen for only the member logged in. | +| Edit | `NONE` | Retricts the ability to edit the information on the MY Account Screen | +| Delete | — | _Not applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to review the information on the MY Account Screen for all members. | +| Inquire | `MY` | Allows the ability to review the information on the MY Account Screen for only the member logged in. | +| Inquire | `NONE` | Retricts the ability to review the information on the MY Account Screen | + +### My Company + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add new structure and group levels to the My Company Screen. | +| Add | `NONE` | Restricts the ability to add new structure and group levels to the My Company Screen. | +| Edit | `ALL` | Allows the ability to edit the information on the My Company Screen. | +| Edit | `NONE` | Restricts the ability to edit the information on the My Company Screen. | +| Delete | `ALL` | Allows the ability to delete structure and group levels from the My Company Screen. | +| Delete | `NONE` | Restricts the ability to delete structure and group levels from the My Company Screen | +| Inquire | `ALL` | Allows the ability to review the information on the My Company Screen. | +| Inquire | `NONE` | Restricts the ability to review the information on the My Company Screen. | + +### Report Writer + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows access to the report writer designer | +| Add | `NONE` | Restricts access to the report writer designer | +| Edit | — | _Not applicable. See Add and Inquire levels._ | +| Delete | — | _Not applicable. See Add and Inquire levels._ | +| Inquire | `ALL` | Allows access to view report writer reports and dashboards. | +| Inquire | `NONE` | Restricts access to view report writer reports and dashboards. | + +### Security Roles + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create new security roles. | +| Add | `NONE` | Restricts the ability to create new security roles. | +| Edit | `ALL` | Allows the ability to edit the settings for existing security roles. | +| Edit | `NONE` | Restricts the ability to edit the settings for existing security roles. | +| Delete | `ALL` | Allows the ability to delete existing security roles. | +| Delete | `NONE` | Restricts the ability to delete existing security roles. | +| Inquire | `ALL` | Allows the ability to review the settings for existing security roles. | +| Inquire | `NONE` | Restricts the ability to review the settings for existing security roles. | + +### System Reports + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review reports located in the System Category of the reports module. By default, when this option is selected, access to all System reports is allowed, but access can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Retricts the ability to review reports located in the System Category of the reports module. | + +### Table Setup + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create new items within each of the Setup Tables. By default, when this option is selected, access to all Setup Tables is allowed, but access can be customized using the Customize Option for this module. | +| Add | `NONE` | Restricts the ability to create new items within each of the Setup Tables. | +| Edit | `ALL` | Allows the ability to edit existing items within each of the Setup Tables. By default, when this option is selected, access to all Setup Tables is allowed, but access can be customized using the Customize Option for this module. | +| Edit | `NONE` | Restricts the ability to edit existing items within each of the Setup Tables. | +| Delete | `ALL` | Allows the ability to delete existing items within each of the Setup Tables. By default, when this option is selected, access to all Setup Tables is allowed, but access can be customized using the Customize Option for this module. | +| Delete | `NONE` | Restricts the ability to delete existing items within each of the Setup Tables. | +| Inquire | `ALL` | Allows the ability to review existing items within each of the Setup Tables. By default, when this option is selected, access to all Setup Tables is allowed, but access can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Restricts the ability to review existing items within each of the Setup Tables. | + +### Today Links + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to view and browse to the links setup on the Today screen. | +| Inquire | `NONE` | Restricts the ability to view and browse to the links setup on the Today screen. | + +## Time and Expense + +### Expense Approvals + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to approve expense reports and reverse expense report approvals. | +| Edit | `NONE` | Restricts the ability to approve expense reports and reverse expense report approvals. | +| Delete | — | _Not applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to view expense reports submitted for approval. | +| Inquire | `NONE` | Restricts the ability to view expense reports submitted for approval. | + +### Expense Report Entry + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to add expense records within the system. This includes expense records for other members while on their Expense Report. | +| Add | `MY` | Allows the ability to add expenses only for the member logged in. | +| Add | `NONE` | Retricts the ability to add expense records within the system. | +| Edit | `ALL` | Allows the ability to edit all existing expense records within the system. | +| Edit | `MY` | Allows the ability to edit only the expenses that particular member has entered within the system. | +| Edit | `NONE` | Retricts the ability to edit existing expenses within the system. | +| Delete | `ALL` | Allows the ability to delete all existing expense records within the system. This includes expense records for other members. | +| Delete | `MY` | Allows the ability to delete only the expenses that particular member has entered within the system. | +| Delete | `NONE` | Retricts the ability to delete existing expenses within the system. | +| Inquire | `ALL` | Allows the ability to review all existing expense records within the system. | +| Inquire | `MY` | Allows the ability to review only the expenses that particular member has entered within the system. | +| Inquire | `NONE` | Retricts the ability to review existing expenses within the system. | + +### Reports + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Inquire level._ | +| Edit | — | _Not applicable. See Inquire level._ | +| Delete | — | _Not applicable. See Inquire level._ | +| Inquire | `ALL` | Allows the ability to review reports located in the Time Entry Category of the reports module. By default, when this option is selected, access to all Time Entry reports is allowed, but access can be customized using the Customize Option for this module. | +| Inquire | `NONE` | Retricts the ability to review reports located in the Time Entry Category of the reports module. | + +### Stopwatch + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to use the Stopwatch on both the All Tickets tab and in the Ticket screen. | +| Add | `NONE` | Restricts the ability to use the Stopwatch on the All Tickets tab. | +| Edit | — | _Not applicable. See Add and Inquire levels._ | +| Delete | — | _Not applicable. See Add and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to view the Stopwatch on the All Tickets tab, and grants the ability to use the Stopwatch in the Ticket screen. | +| Inquire | `NONE` | Restricts the ability to view the Stopwatch in the Ticket screen or in the All Tickets tab. | + +### Time Approval + +| Verb | Level | Description | +|------|-------|-------------| +| Add | — | _Not applicable. See Edit and Inquire levels._ | +| Edit | `ALL` | Allows the ability to approve/reject Time Sheet Approvals for all members. | +| Edit | `MY` | Allows the ability to approve/reject Time Sheet Approvals for only the users the member logged in is the approver for. | +| Edit | `NONE` | Retricts the ability to approve/reject Time Sheet Approvals. | +| Delete | — | _Not applicable. See Edit and Inquire levels._ | +| Inquire | `ALL` | Allows the ability to review Time Sheet Approvals for all members. | +| Inquire | `MY` | Allows the ability to review Time Sheet Approvals for only the users the member logged in is the approver for. | +| Inquire | `NONE` | Retricts the ability to review Time Sheet Approvals. | + +### Time Entry + +| Verb | Level | Description | +|------|-------|-------------| +| Add | `ALL` | Allows the ability to create time entries for all members. | +| Add | `MY` | Allows the ability tocreate time entries for only the member logged in. | +| Add | `NONE` | Retricts the ability to create time entries. | +| Edit | `ALL` | Allows the ability to edit existing time entries for all members. | +| Edit | `MY` | Allows the ability to edit existing time entries for only the member logged in. | +| Edit | `NONE` | Retricts the ability to edit existing time entries. | +| Delete | `ALL` | Allows the ability to delete existing time entries for all members. | +| Delete | `MY` | Allows the ability to delete existing time entries for only the member logged in. | +| Delete | `NONE` | Retricts the ability to delete existing time entries. | +| Inquire | `ALL` | Allows the ability to review existing time entries for all members. | +| Inquire | `MY` | Allows the ability to view existing time entries for only the member logged in. This includes the time tab and audit trail. Time entry notes will still appear in the notes pod and in the audit trail for all members. | +| Inquire | `NONE` | Retricts the ability to review existing time entries. | + diff --git a/docs/connectwise/CW_Security_Roles/api-member-security-roles.yaml b/docs/connectwise/CW_Security_Roles/api-member-security-roles.yaml new file mode 100644 index 00000000..320f75ee --- /dev/null +++ b/docs/connectwise/CW_Security_Roles/api-member-security-roles.yaml @@ -0,0 +1,1913 @@ +# ConnectWise API Member Security Roles — reference matrix. +# Generated from the source XLSX; do not edit by hand. +# Re-run generate_role_docs.py after updating the XLSX. + +metadata: + source_file: Security_Roles_Matrix_11132017.xlsx + generated_on: '2026-04-16' + generator: docs/integrations/connectwise/source/generate_role_docs.py + description: |- + ConnectWise security-role matrix. Each (module, action) entry describes what each access level (ALL, MY, MINE, NONE) means for the Add, Edit, Delete, and Inquire verbs. This is a reference catalog, not a per-role assignment — role assignments live in ConnectWise and are mirrored in the ResolutionFlow integration config. + level_order_most_to_least_privileged: + - ALL + - MY + - MINE + - NONE +modules: + Companies: + actions: + Company Maintenance: + add: + levels: + ALL: Allows the ability to create companies within the system. + NONE: Retricts the ability to create companies within the system. + edit: + levels: + ALL: Allows the ability to edit existing companies within the system. + NONE: Retricts the ability to edit existing companies within the system. + delete: + levels: + ALL: Allows the ability to delete existing companies within the system. + NONE: Retricts the ability to delete existing companies within the system. + inquire: + levels: + ALL: Allows the ability to review existing companies within the system. + NONE: Retricts the ability to review existing companies within the system. + Company/Contact Group Maintenance: + add: + levels: + ALL: |- + Allows the ability to create/add Group information on the Groups Tab of a company. + MY: Not Applicable. + NONE: |- + Retricts the ability to create/add Group information on the Groups Tab of a company. + edit: + levels: + ALL: |- + Allows the ability to edit existing Group information on the Groups Tab of a company. + MY: Not Applicable. + NONE: |- + Retricts the ability to edit existing Group information on the Groups Tab of a company. + delete: + levels: + ALL: |- + Allows the ability to delete existing Group information on the Groups Tab of a company. + MY: Not Applicable. + NONE: |- + Retricts the ability to delete existing Group information on the Groups Tab of a company. + inquire: + levels: + ALL: Allows the ability to review Group information on the Groups Tab of a company. + MY: Not Applicable. + NONE: Retricts the ability to review Group information on the Groups Tab of a company. + Configuration - Display Passwords: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + When reviewing configurations at the company level, Custom Configuration Questions that are labeled as "Password" in the Configuratoin Type Setup Table will be visible. + NONE: |- + When reviewing configurations at the company level, Custom Configuration Questions that are labeled as "Password" in the Configuration Type Setup Table will be encrypted. + Configurations: + add: + levels: + ALL: Allows the ability to create configurations within the system. + NONE: Retricts the ability to create configurations within the system. + edit: + levels: + ALL: Allows the ability to edit existing configurations within the system. + NONE: Retricts the ability to edit existing configurations within the system. + delete: + levels: + ALL: Allows the ability to delete existing configurations within the system. + NONE: Retricts the ability to delete existing configurations within the system. + inquire: + levels: + ALL: Allows the ability to review existing configurations within the system. + NONE: Retricts the ability to review existing configurations within the system. + Contacts: + add: + levels: + ALL: Allows the ability to create contacts within the system. + NONE: Retricts the ability to create contacts within the system. + edit: + levels: + ALL: Allows the ability to edit existing contacts within the system. + NONE: Retricts the ability to edit existing contacts within the system. + delete: + levels: + ALL: Allows the ability to delete existing contacts within the system. + NONE: Retricts the ability to delete existing contacts within the system. + inquire: + levels: + ALL: Allows the ability to review existing contacts within the system. + NONE: Retricts the ability to review existing contacts within the system. + CRM/Sales Activities: + add: + levels: + ALL: Allows the ability to add new activities. + MY: Allows the ability to add new activities (same as ALL). + NONE: Restricts the ability to add new activities. + edit: + levels: + ALL: Allows the ability to edit all existing activities within the system. + MY: |- + Allows the ability to edit only the activities that belong to a particular member. An activity belongs to me if I created it, if I assigned someone to it, or if I am assigned to it. + NONE: Retricts the ability to edit existing activities within the system. + delete: + levels: + ALL: Allows the ability to delete all existing activities within the system. + MY: |- + Allows the ability to delete activities that belong to a particular member. An activity belongs to me if I created it, if I assigned someone to it, or if I am assigned to it. + NONE: Retricts the ability to delete existing activities within the system. + inquire: + levels: + ALL: Allows the ability to review all existing activities within the system. + MY: |- + Allows the ability to review only the activities that belong to a particular member. An activity belongs to me if I created it, if I assigned someone to it, or if I am assigned to it. + NONE: |- + Retricts the ability to review existing activities within the system. NOTE: If set to "None" the My Activities Screen will no longer be visible. + Lead Import: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + note: |- + Not sure why this has a My / All option. It only controls whether or not I can see the Import Contacts menu icon. + Manage Documents: + add: + levels: + ALL: Allows the ability to add documents within the system. + MY: |- + Allows the ability to add documents that particular member uploaded within the system. + NONE: |- + Retricts the ability to add documents within the system. NOTE: This setting applies to the Documents Tab of Agreements, Companies, Contacts, Configurations, Expenses, Opportunities, Projects, and Service Tickets. + edit: + levels: + ALL: Allows the ability to edit all existing documents within the system. + MY: |- + Allows the ability to edit only the documents that particular member uploaded within the system. + NONE: |- + Retricts the ability to edit existing documents within the system. NOTE: This setting applies to the Documents Tab of Agreements, Companies, Contacts, Configurations, Expenses, Opportunities, Projects, and Service Tickets. + delete: + levels: + ALL: Allows the ability to delete all existing documents within the system. + MY: |- + Allows the ability to delete only the documents that particular member uploaded within the system. + NONE: |- + Retricts the ability to delete existing documents within the system. NOTE: This setting applies to the Documents Tab of Agreements, Companies, Contacts, Configurations, Expenses, Opportunities, Projects, and Service Tickets. + inquire: + levels: + ALL: Allows the ability to review all existing documents within the system. + MY: |- + Allows the ability to review only the documents that particular member uploaded within the system. + NONE: |- + Retricts the ability to review existing documents within the system. NOTE: This setting applies to the Documents Tab of Agreements, Companies, Contacts, Configurations, Expenses, Opportunities, Projects, and Service Tickets. + Management: + add: + levels: + ALL: Allows the ability to add information on the Management Tab of a company. + NONE: Retricts the ability to add information on the Management Tab of a company. + edit: + levels: + ALL: |- + Allows the ability to edit existing information on the Management Tab of a company. + NONE: |- + Retricts the ability to edit existing information on the Management Tab of a company. + delete: + levels: + ALL: |- + Allows the ability to delete existing information on the Management Tab of a company. + NONE: |- + Retricts the ability to delete existing information on the Management Tab of a company. + inquire: + levels: + ALL: |- + Allows the ability to review existing information on the Management Tab of a company. + NONE: |- + Retricts the ability to review existing information on the Management Tab of a company. + Notes: + add: + levels: + ALL: Allows the ability to add information on the Notes Tab of a company or contact. + NONE: |- + Retricts the ability to add information on the Notes Tab of a company or contact. + edit: + levels: + ALL: |- + Allows the ability to edit existing information on the Notes Tab of a company or contact. + NONE: |- + Retricts the ability to edit existing information on the Notes Tab of a company or contact. + delete: + levels: + ALL: |- + Allows the ability to delete existing information on the Notes Tab of a company or contact. + NONE: |- + Retricts the ability to delete existing information on the Notes Tab of a company or contact. + inquire: + levels: + ALL: |- + Allows the ability to review information on the Notes Tab of a company or contact. + NONE: |- + Retricts the ability to review information on the Notes Tab of a company or contact. + Reports: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Allows the ability to review reports located in the Companies Category of the reports module. By default, when this option is selected, access to all company and contact reports is allows, but access can be customized using the Customize Option for this module. + NONE: |- + Retricts the ability to review reports located in the Companies and Contacts Category of the reports module. + Surveys: + add: + levels: + ALL: |- + Allows the ability to add information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. + NONE: |- + Retricts the ability to add information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. + edit: + levels: + ALL: |- + Allows the ability to edit information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. + NONE: |- + Retricts the ability to edit information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. + delete: + levels: + ALL: |- + Allows the ability to delete information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. + NONE: |- + Retricts the ability to delete information on the Surveys Tab of a company or contact. This applies only to CRM Surveys. + inquire: + levels: + ALL: |- + Allows the ability to review information on the Surveys Tab of a company or contact. This applies to both CRM and Service Surveys. + NONE: |- + Retricts the ability to review information on the Surveys Tab of a company or contact. This applies to both CRM and Service Surveys. + Team Members: + add: + levels: + ALL: |- + Allows the ability to add Team Role information on the Team Tab of a company or contact. + NONE: |- + Retricts the ability to add Team Role information on the Team Tab of a company or contact. + edit: + levels: + ALL: |- + Allows the ability to edit existing Team Role information on the Team Tab of a company or contact. + NONE: |- + Retricts the ability to edit existing Team Role information on the Team Tab of a company or contact. + delete: + levels: + ALL: |- + Allows the ability to delete existing Team Role information on the Team Tab of a company or contact. + NONE: |- + Retricts the ability to delete existing Team Role information on the Team Tab of a company or contact. + inquire: + levels: + ALL: |- + Allows the ability to review existing Team Role information on the Team Tab of a company or contact. + NONE: |- + Retricts the ability to review existing Team Role information on the Team Tab of a company or contact. + Tracks: + add: + levels: + ALL: Allows the ability to add Track Items to the Tracks Tab of a company or contact. + NONE: |- + Retricts the ability to add Track Items to the Tracks Tab of a company or contact. + edit: + levels: + ALL: |- + Allows the ability to edit existing Track Items to the Tracks Tab of a company or contact. + NONE: |- + Retricts the ability to edit existing Track Items to the Tracks Tab of a company or contact. + delete: + levels: + ALL: |- + Allows the ability to delete existing Track Items to the Tracks Tab of a company or contact. + NONE: |- + Retricts the ability to delete existing Track Items to the Tracks Tab of a company or contact. + inquire: + levels: + ALL: |- + Allows the ability to review Track Items to the Tracks Tab of a company or contact. + NONE: |- + Retricts the ability to review Track Items to the Tracks Tab of a company or contact. + UserCentric: + add: + note: Not Applicable. See Inquire Level. + edit: + note: Not Applicable. See Inquire Level. + delete: + note: Not Applicable. See Inquire Level. + inquire: + levels: + ALL: Allows access to the UserCentric Icon under the Companies Module. + NONE: Retricts access to the UserCentric Icon under the Companies Module. + Finance: + actions: + Accounting Interface: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + levels: + ALL: |- + Allows the ability to delete GL Batches from the Open Batches tab and to Remove Records on the Unposted Invoices, Unposted Expenses and Unposted Procurement tabs. + NONE: |- + Restricts the ability to delete GL Batches from the Open Batches tab and to Remove Records on the Unposted Invoices, Unposted Expenses and Unposted Procurement tabs. + inquire: + levels: + ALL: Allows access to the Accounting Interface Screen. + NONE: Retricts access to the Accounting Interface Screen. + Agreement Invoicing: + add: + levels: + ALL: Allows the ability to create agreement invoices within the system. + NONE: Retricts the ability to create agreement invoices within the system. + edit: + levels: + ALL: Allows the ability to edit existing agreement invoices within the system. + NONE: Retricts the ability to edit existing agreement invoices within the system. + delete: + levels: + ALL: Allows the ability to delete existing agreement invoices within the system. + NONE: Retricts the ability to delete existing agreement invoices within the system. + inquire: + levels: + ALL: Allows the ability to review existing agreement invoices within the system. + NONE: Retricts the ability to review existing agreement invoices within the system. + Agreement Sales: + add: + note: Not applicable. See Inquire and Edit levels. + edit: + levels: + ALL: Allows the use of the actions on the Agreement Sales screen. + NONE: Restricts the ability to use the actions on the Agreement Sales screen. + delete: + note: Not applicable. See Inquire and Edit levels. + inquire: + levels: + ALL: Allows access to the Agreement Sales screen. + NONE: Restricts access to the Agreement Sales screen. + Agreements: + add: + levels: + ALL: Allows the ability to create agreements within the system. + NONE: Retricts the ability to create agreements within the system. + edit: + levels: + ALL: |- + Allows the ability to edit existing agreements within the system. This also includes all tabs on the agreement. + NONE: |- + Retricts the ability to edit existing agreements within the system. This also includes all tabs on the agreement. + delete: + levels: + ALL: Allows the ability to delete existing agreements within the system. + NONE: Retricts the ability to delete existing agreements within the system. + inquire: + levels: + ALL: Allows the ability to review existing agreements within the system. + NONE: Retricts the ability to review existing agreements within the system. + Billing Rate Maintenance: + add: + levels: + ALL: Allows the ability to add custom work roles (agreements, companies). + NONE: Restricts the ability to add custom work roles (agreements, companies). + edit: + levels: + ALL: Allows the ability to edit custom work roles (agreements, companies). + NONE: Restricts the ability to edit custom work roles (agreements, companies). + delete: + levels: + ALL: Allows the ability to delete custom work roles (agreements, companies). + NONE: Restricts the ability to delete custom work roles (agreements, companies). + inquire: + levels: + ALL: Allows the ability to view custom work roles (agreements, companies). + NONE: Restricts the ability to view custom work roles (agreements, companies). + Billing view Time: + add: + note: Not applicable. See Edit and Inquire level. + edit: + levels: + ALL: Enables you to edit the Billing Options pod. + NONE: |- + Restricts the ability to view the Billing Options pod on a time or expense entry. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to view billing options section on a time or expense entry. + NONE: |- + Restricts the ability to view billing options section on a time or expense entry. + Company Finance: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: |- + Allows the ability to edit the Company Finance Screen information for companies within the system. + NONE: |- + Retricts the ability to edit the Company Finance Screen information for companies within the system. + delete: + note: Not Applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: |- + Allows the ability to review the Company Finance Screen for companies within the system. + NONE: |- + Retricts the ability to review the Company Finance Screen for companies within the system. + Expense Reimbursement: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows access to the Expense Reimbursement Screen. + NONE: Retricts access to the Expense Reimbursement Screen. + Financial Dashboard: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not Applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to review the Financial Dashboard. + NONE: Retricts the ability to review the Financial Dashboard. + Invoice Approval: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: Allows the ability to approve (route) any invoices within the system. + MY: |- + Allows the ability to approve (route) any invoices that are currently routed to the particular member. + NONE: Restricts the ability to approve (route) invoices within the system. + delete: + note: Not applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: |- + Restricts access to email invoices via the Invoice Batch Emailing screen and also approvals via the My Invoices Screen. + MY: Same as ALL. + Invoicing: + add: + levels: + ALL: Allows the ability to create invoices within the system. + MY: Allows the ability to create invoices within the system (same as ALL). + NONE: Retricts the ability to create invoices within the system. + edit: + levels: + ALL: Allows the ability to edit all existing invoices within the system. + MY: |- + Allows the ability to edit only the existing invoices that are routed to a particular member in the system. + NONE: Retricts the ability to edit existing invoices within the system. + delete: + levels: + ALL: Allows the ability to delete all existing invoices within the system. + MY: |- + Allows the ability to delete only the existing invoices that are routed to a particular member within the system. + NONE: Retricts the ability to delete existing invoices within the system. + inquire: + levels: + ALL: Allows the ability to view all existing invoices in the system. + MY: |- + Allows the ability to view only the existing invoices that are routed to a particular member within the system. + NONE: |- + Retricts the ability to review the Invoicing, Invoice Search, or Special Invoices screens. + Reports: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Allows the ability to review reports located in the Finance Category of the reports module. By default, when this option is selected, access to all company and contact reports is allows, but access can be customized using the Customize Option for this module. + NONE: |- + Retricts the ability to review reports located in the Finance Category of the reports module. + Marketing: + actions: + ConnectWise Campaign: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to view ConnectWise Campaign in the left nacigation. + NONE: Retricts the ability to view or interact with ConnectWise Campaign. + Marketing Groups: + add: + levels: + ALL: Allows the ability to create new Groups. + NONE: Restricts the ability to create new Groups. + edit: + levels: + ALL: Allows the ability to edit existing Groups. + NONE: Restricts the ability to edit existing Groups. + delete: + levels: + ALL: Allows the ability to delete existing Groups. + NONE: Restricts the ability to delete existing Groups. + inquire: + levels: + ALL: Allows the ability to access the Marketing Groups screen. + NONE: Restricts the ability to access the Marketing Groups screen. + Marketing Management: + add: + levels: + ALL: |- + Allows the ability to create marketing items located within the Marketing Module. + MY: |- + Allows the ability to create marketing items located within the Marketing Module only for those items that member is the Owner. + NONE: |- + Retricts the ability to create marketing items located within the Marketing Module. + edit: + levels: + ALL: Allows the ability to edit marketing items located within the Marketing Module. + MY: |- + Allows the ability to edit marketing items located within the Marketing Module only for those items that member is the Owner. + NONE: |- + Retricts the ability to edit marketing items located within the Marketing Module. + delete: + levels: + ALL: |- + Allows the ability to delete marketing items located within the Marketing Module. + MY: |- + Allows the ability to delete marketing items located within the Marketing Module only for those items that member is the Owner. + NONE: |- + Retricts the ability to delete marketing items located within the Marketing Module. + inquire: + levels: + ALL: |- + Allows the ability to review marketing items located within the Marketing Module. + MY: |- + Allows the ability to review marketing items located within the Marketing Module only for those items that member is the Owner. + NONE: |- + Retricts the ability to review marketing items located within the Marketing Module. + Marketing Reports: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Allows the ability to review reports located in the Marketing Category of the reports module. By default, when this option is selected, access to all marketing reports is allowed, but access can be customized using the Customize Option for this module. + NONE: |- + Retricts the ability to review reports located in the Marketing Category of the reports module. + Procurement: + actions: + Inventory Adjustments: + add: + levels: + ALL: Allows the ability to create new Inventory Adjustments. + NONE: Retricts the ability to create new Inventory Adjustments. + edit: + levels: + ALL: Allows the ability to edit existing open Inventory Adjustment item information. + NONE: Retricts the ability to edit existing Inventory Adjustment item information. + delete: + levels: + ALL: Allows the ability to delete existing open Inventory Adjustment items. + NONE: Retricts the ability to delete existing Inventory Adjustment items. + inquire: + levels: + ALL: Allows the ability to review existing Inventory Adjustment item information. + NONE: Retricts the ability to review existing Inventory Adjustment item information. + Inventory Transfers: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: Allows the ability to complete a Inventory Transfer. + NONE: Retricts the ability to complete a Inventory Transfer. + delete: + note: Not applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: Allows the ability to review existing Inventory Transfer information. + NONE: Retricts the ability to review existing Inventory Transfer information. + Product Catalog: + add: + levels: + ALL: Allows the ability to create new Products in the Product Catalog. + NONE: Restricts the ability to create new products in the Product Catalog. + edit: + levels: + ALL: Allows the ability to edit existing products in the Products Catalog. + NONE: Restricts the ability to edit existing products in the Products Catalog. + delete: + levels: + ALL: Allows the ability to delete existing Products in the Products Catalog. + NONE: Restricts the ability to delete existing Products in the Products Catalog. + inquire: + levels: + ALL: |- + Allows the ability to review existing Product information in the Product Catalog. + NONE: |- + Restricts the ability to review existing Product information in the Product Catalog. + Products: + add: + levels: + ALL: |- + Allows the ability to add Products to Opportunities, Sales Orders, and Service Tickets. + NONE: |- + Retricts the ability to add Products to Opportunities, Sales Orders, and Service Tickets. NOTE: This option also controls the ability to pick and ship products. + edit: + levels: + ALL: |- + Allows the ability to edit Products on Opportunities, Sales Orders, Service Tickets, and Invoices. + NONE: |- + Restricts the ability to edit Products on Opportunities, Sales Orders, Service Tickets, and Invoices. + delete: + levels: + ALL: |- + Allows the ability to delete products added to Opportunities, Sales Orders, Service Tickets, and Invoices. + NONE: |- + Restricts the ability to delete products added to Opportunities, Sales Orders, Service Tickets, and Invoices. + inquire: + levels: + ALL: |- + Allows the ability to review information for products added to Opportunities, Sales Orders, and Service Tickets. + NONE: |- + Retricts the ability to review information for products added to Opportunities, Sales Orders, and Service Tickets. + Purchase Orders: + add: + levels: + ALL: Allows the ability to create new POs. + MY: Allows the ability to create new POs. + NONE: Restricts the ability to create new POs. + edit: + levels: + ALL: Allows the ability to edit existing POs. + MY: |- + Allows the ability to edit existing PO's where the Member is listed in the Entered By field on the PO. + NONE: Restricts the ability to edit existing POs. + delete: + levels: + ALL: Allows the ability to delete existing POs. + MY: |- + Allows the ability to delete existing PO's where the Member is listed in the Entered By field on the PO. + NONE: Restricts the ability to delete existing POs. + inquire: + levels: + ALL: Allows the ability to view existing POs. + MY: |- + Allows the ability to delete existing PO's where the Member is listed in the Entered By field on the PO. + NONE: Restricts the ability to view existing POs. + Purchasing Approvals: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: |- + Allows the ability to use actionable options for items in the Purchasing Approvals Search Screen. + NONE: |- + Retricts the ability to use actionable options for items in the Purchasing Approvals Search Screen. + delete: + note: Not applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: |- + Allows the ability to review information for items in the Purchasing Approvals Search Screen. + NONE: |- + Retricts the ability to review information for items in the Purchasing Approvals Search Screen. + Purchasing Demand: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: |- + Allows the ability to use actionable options for items in the Purchasing Search Screen. + NONE: |- + Retricts the ability to use actionable options for items in the Purchasing Search Screen. + delete: + note: Not applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: |- + Allows the ability to review information for items in the Purchasing Search Screen. + NONE: |- + Retricts the ability to review information for items in the Purchasing Search Screen. + Reports: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Allows the ability to review reports located in the Procurement Category of the reports module. By default, when this option is selected, access to all procurement reports is allowed, but access can be customized using the Customize Option for this module. + NONE: |- + Retricts the ability to review reports located in the Procurement Category of the reports module. + RMA Entry: + add: + levels: + ALL: Allows the ability to create new RMA Tags. + NONE: Restricts the ability to create new RMA Tags. + edit: + levels: + ALL: Allows the ability to edit existing RMA Tags. + NONE: Restricts the ability to edit existing RMA Tags. + delete: + levels: + ALL: Allows the ability to delete existing RMA Tags. + NONE: Restricts the ability to delete existing RMA Tags. + inquire: + levels: + ALL: Allows the ability to view existing RMA Tags. + NONE: Restricts the ability to view existing RMA Tags. + RMA Processing: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to view vendor, shipping, and closing sections of RMA tags. + NONE: |- + Restricts the ability to view vendor, shipping, and closing sections of RMA tags. + Project: + actions: + Close Project Tickets: + add: + note: Not applicable. See Edit level. + edit: + levels: + ALL: Allows the ability to close and re-open Projects and Project Tickets. + NONE: Retricts the ability to close and re-open Projects and Project Tickets. + delete: + note: Not applicable. See Edit level. + inquire: + note: Not applicable. See Edit level. + Close Projects: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: Allows the ability to set existing Projects to a closed status. + NONE: Disallows the ability to set existing Projects to a closed status. + delete: + note: Not applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: Allows the ability to view Closed statuses on the Project tab of a Project. + NONE: Disallows the ability to view Closed statuses on the Project tab of a Project. + Project Contacts: + add: + levels: + ALL: |- + Allows the ability to add contact information to the Contacts Tab of existing projects. + MY: |- + The ability to add contact information to the Contacts Tab for projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to add contact information to the Contacts Tab of existing projects. + edit: + levels: + ALL: |- + Allows the ability to edit contact information to the Contacts Tab of existing projects. + MY: |- + The ability to edit contact information on the Contacts Tab for projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to edit contact information to the Contacts Tab of existing projects. + delete: + levels: + ALL: |- + Allows the ability to delete contact information to the Contacts Tab of existing projects. + MY: |- + The ability to delete contact information from the Contacts Tab for projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to delete contact information to the Contacts Tab of existing projects. + inquire: + levels: + ALL: |- + Allows the ability to review contact information to the Contacts Tab of existing projects. + MY: |- + The ability to review contact information on the Contacts Tab of projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to review contact information to the Contacts Tab of existing projects. + Project Finance: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: |- + Allows the ability to edit the Project Finance, Recap, and Invoice tabs of existing projects. + MY: |- + Access to the Finance, Recap, and Invoices tabs of the project or project ticket is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Restricts the ability to edit the Project Finance, Recap, and Invoice tabs of existing projects. + delete: + note: Not applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: |- + Allows the ability to review the Project Finance, Recap, and Invoice tabs of existing projects. Also allows access to the Project budget by Variance view in the Views tab. + MY: |- + The ability to review the Finance, Recap or Invoices Tabs of the project or project ticket is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Restricts the ability to review the Project Finance, Recap, and Invoice tabs of existing projects. Also restricts access to the Project budget by Variance view in the Views tab. NOTE: If you select None, the Project Boards icon will no longer be visible. In order to see the Project Board icon, the user needs Project Management Inquire set to All, AND Project Finance Inquire set to My at the very least. + Project Headers: + add: + levels: + ALL: Allows the ability to add new projects. + MY: |- + The ability to add new projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Restricts the ability to add new projects. + edit: + levels: + ALL: Allows the ability to edit the general tab of existing projects. + MY: |- + The ability to edit the general tab of existing projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Restricts the ability to edit the general tab of existing projects. + delete: + levels: + ALL: Allows the ability to delete existing projects. + MY: |- + The ability to delete existing projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Restricts the ability to delete existing projects. + inquire: + levels: + ALL: Allows the ability to view existing projects. + MY: |- + The ability to view existing projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Restricts the ability to view existing projects. + Project Management: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to view Project Boards. + MY: Not Applicable. + NONE: |- + Retricts the ability to view Project Boards. NOTE: The only available options are All or None. If you select None, the Project Boards icon will no longer be visible. In order to see the Project Board icon, the user needs Project Management Inquire set to All, AND Project Finance Inquire set to My at the very least. + Project Notes: + add: + levels: + ALL: Allows the ability to add information on the Notes Tab of a Project. + MY: |- + The ability to add information on the Notes Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to add information on the Notes Tab of a Project. + edit: + levels: + ALL: Allows the ability to edit information on the Notes Tab of a Project. + MY: |- + The ability to edit information on the Notes Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to edit information on the Notes Tab of a Project. + delete: + levels: + ALL: Allows the ability to delete information on the Notes Tab of a Project. + MY: |- + The ability to delete information on the Notes Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to delete information on the Notes Tab of a Project. + inquire: + levels: + ALL: Allows the ability to review information on the Notes Tab of a Project. + MY: |- + The ability to view information on the Notes Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to review information on the Notes Tab of a Project. + Project Phase: + add: + levels: + ALL: Allows the ability to add a new Phase on the Workplan Tab of a Project. + MY: |- + The ability to add a new Phase on the Workplan Tab to a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to add a new Phase on the Workplan Tab of a Project. + edit: + levels: + ALL: Allows the ability to edit an existing Phase on the Workplan Tab of a Project. + MY: |- + The ability to edit a Phase on the Workplan Tab to a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to edit an existing Phase on the Workplan Tab of a Project. + delete: + levels: + ALL: Allows the ability to delete an existing Phase on the Workplan Tab of a Project. + MY: |- + The ability to delete a Phase on the Workplan Tab to a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to delete an existing Phase on the Workplan Tab of a Project. + inquire: + levels: + ALL: Allows the ability to review an existing Phase on the Workplan Tab of a Project. + MY: |- + The ability to view a Phase on the Workplan Tab to a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to review an existing Phase on the Workplan Tab of a Project. + Project Product: + add: + levels: + ALL: Allows the ability to add product items to the ProductsTab of existing projects. + MY: |- + The ability to add product items to the ProductsTab of projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to add product items to the ProductsTab of existing projects. + edit: + levels: + ALL: |- + Allows the ability to edit product items to the ProductsTab of existing projects. + MY: |- + The ability to edit product items on the ProductsTab of projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to edit product items to the ProductsTab of existing projects. + delete: + levels: + ALL: |- + Allows the ability to delete product items to the ProductsTab of existing projects. + MY: |- + The ability to delete product items from the ProductsTab of projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to delete product items to the ProductsTab of existing projects. + inquire: + levels: + ALL: |- + Allows the ability to review product items to the ProductsTab of existing projects. + MY: |- + The ability to view product items on the ProductsTab of projects is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to review product items to the ProductsTab of existing projects. + Project Reports: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Allows the ability to review reports located in the Project Category of the reports module. By default, when this option is selected, access to all marketing reports is allowed, but access can be customized using the Customize Option for this module. + NONE: |- + Retricts the ability to review reports located in the Project Category of the reports module. + Project Scheduling: + add: + levels: + ALL: |- + Allows the ability to add information on the Schedule Tab of an all existing Projects. + MY: |- + The ability to add information on the Schedule Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to add information on the Schedule Tab of a Project. + edit: + levels: + ALL: |- + Allows the ability to edit the information stored on the Schedule Tab of an all existing Projects. + MY: |- + The ability to edit information on the Schedule Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to edit the information stored on the Schedule Tab of a Project. + delete: + levels: + ALL: |- + Allows the ability to delete the information stored on the Schedule Tab of an all existing Projects. + MY: |- + The ability to delete information on the Schedule Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to delete the information stored on the Schedule Tab of a Project. + inquire: + levels: + ALL: |- + Allows the ability to review the information stored on the Schedule Tab of an all existing Projects. + MY: |- + The ability to view information on the Schedule Tab of a project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the review the information stored on the Schedule Tab of a Project. + Project Teams: + add: + levels: + ALL: |- + Allows the ability to add members on the Project Team Tab of an all existing Projects. Also allows the ability to convert Project tickets to Service Tickets. + MY: |- + The ability to add members on the Team Tab of a Project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to add members on the Project Team Tab of a Project. + edit: + levels: + ALL: Allows the ability to edit members on the Project Team Tab of a Project. + MY: |- + The ability to edit members on the Team Tab of a Project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to edit members on the Project Team Tab of a Project. + delete: + levels: + ALL: Allows the ability to delete members on the Project Team Tab of a Project. + MY: |- + The ability to delete members from the Team Tab of a Project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to delete members on the Project Team Tab of a Project. + inquire: + levels: + ALL: |- + Allows the ability to review member details on the Project Team Tab of a Project. Also allows the ability to convert Project tickets to Service Tickets. + MY: |- + The ability to view members on the Team Tab of a Project is determined by the settings of the project role the member is assigned to on the specific project. + NONE: |- + Retricts the ability to review member details on the Project Team Tab of a Project. + Project Templates: + add: + levels: + ALL: Allows the ability to create Project Templates. + NONE: Retricts the ability to create Project Templates. + edit: + levels: + ALL: Allows the ability to edit Project Templates. + NONE: Retricts the ability to edit Project Templates. + delete: + levels: + ALL: Allows the ability to delete Project Templates. + NONE: Retricts the ability to delete Project Templates. + inquire: + levels: + ALL: Allows the ability to review Project Templates. + NONE: Retricts the ability to review Project Templates. + Project Ticket - Dependencies: + add: + levels: + ALL: Allows the ability to append predecessor tickets to a project ticket. + NONE: Disallows the ability to append predecessor tickets to a project ticket. + edit: + levels: + ALL: Allows the ability to edit the existing predecessor ticket on a project ticket. + NONE: |- + Disallows the ability to edit the existing predecessor ticket on a project ticket. + delete: + levels: + ALL: Allows the ability to remove an existing predecessor ticket on a project ticket. + NONE: |- + Disallows the ability to remove an existing predecessor ticket on a project ticket. + inquire: + levels: + ALL: Allows the ability to view existing predecessor ticket info on a project ticket. + NONE: |- + Disallows the ability to view existing predecessor ticket info on a project ticket. + Project Ticket Tasks: + add: + levels: + ALL: Allows the ability to add tasks to Project Tickets. + MY: |- + The ability to add tasks to Project Tickets(not Projects) is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to add tasks to Project Tickets. + edit: + levels: + ALL: Allows the ability to edit tasks on Project Tickets. + MY: |- + The ability to edit tasks on Project Tickets(not Projects) is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to edit tasks on Project Tickets. + delete: + levels: + ALL: Allows the ability to delete tasks on Project Tickets. + MY: |- + The ability to delete tasks from Project Tickets(not Projects) is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to delete tasks on Project Tickets. + inquire: + levels: + ALL: Allows the ability to review tasks on Project Tickets. + MY: |- + The ability to review tasks on Project Tickets(not Projects) is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to review tasks on Project Tickets. + Project Tickets: + add: + levels: + ALL: Allows the ability to create Project Tickets. + MY: |- + The ability to create project tickets is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to create Project Tickets. + edit: + levels: + ALL: Allows the ability to edit existing Project Tickets. + MY: |- + The ability to edit Project Tickets is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to edit existing Project Ticket information. + delete: + levels: + ALL: Allows the ability to delete existing Project Tickets. + MY: |- + The ability to delete existing Project Tickets is determined by the settings of the project role the member is assigned to on the specific project. + NONE: Retricts the ability to review existing delete existing Project Tickets. + inquire: + levels: + ALL: |- + Allows the ability to review existing Project Ticket information. Allows the ability to view Project Tickets and Issues on the My List screen. + MY: |- + The ability to review Project Tickets is determned by the settings of the project role the member is assigned to on the specific project. Allows the ability to view Project Tickets and Issues on the My List screen. + NONE: |- + Retricts the ability to review existing Project Ticket information. NOTE: Controls the ability to view the Project and Issues tabs on the My List screen + Sales: + actions: + Closed Opportunity: + add: + note: Not applicable. See Edit level. + edit: + levels: + ALL: Allows the ability to close and re-open opportunities. + NONE: Restricts the ability to close and re-open opportunities. + delete: + note: Not applicable. See Edit level. + inquire: + note: Not applicable. See Edit level. + Opportunity: + add: + levels: + ALL: Allows the ability to create Opportunities. + MY: Allows the ability to create Opportunities. + NONE: Retricts the ability to create Opportunities. + edit: + levels: + ALL: Allows the ability to edit existing Opportunities. + MY: |- + Allows the ability to edit only those Opportunities for which the member is part of the team or is the teammate of a member of the team that has the Allow Access checkbox checked. + NONE: Retricts the ability to edit existing Opportunities. + delete: + levels: + ALL: Allows the ability to delete existing Opportunities. + MY: |- + Allows the ability to edit only those Opportunities for which the member is part of the team or is the teammate of a member on the team that has the Allow Access checkbox checked. + NONE: Retricts the ability to delete existing Opportunities. + inquire: + levels: + ALL: Allows the ability to review existing Opportunities. + MY: |- + Allows the ability to edit only those Opportunities for which the member is part of the team or is the teammate of a member of the team that has the Allow Access checkbox checked. + NONE: Retricts the ability to review existing Opportunities. + Opportunity Finance: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to review the Finance Tab of Opportunities. + NONE: Retricts the ability to review the Finance Tab of Opportunities. + Reports: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Allows the ability to review reports located in the Sales Category of the reports module. By default, when this option is selected, access to all marketing reports is allowed, but access can be customized using the Customize Option for this module. + NONE: |- + Retricts the ability to review reports located in the Sales Category of the reports module. + Sales Dashboard: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to review the Sales Overview screen. + NONE: Retricts the ability to review the Sales Overview screen. + Sales Funnel: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to review the Sales Funnel screen. + NONE: Retricts the ability to review the Sales Funnel screen. + Sales Order Finance: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to review the Finance Tab of Opportunities. + NONE: |- + Restricts the ability to review the Finance Tab of Opportunities. NOTE: The ability to edit the Finance tab of a Sales Order is based on the security persmissions for this role in the Sales Order field. + Sales Orders: + add: + levels: + ALL: Allows the ability to create Sales Orders. + NONE: Retricts the ability to create Sales Orders. + edit: + levels: + ALL: Allows the ability to edit existing Sales Orders. + NONE: Retricts the ability to edit existing Sales Orders. + delete: + levels: + ALL: Allows the ability to delete existing Sales Orders. + NONE: Retricts the ability to delete existing Sales Orders. + inquire: + levels: + ALL: Allows the ability to review existing Sales Orders. + NONE: Retricts the ability to review existing Sales Orders. + Service Desk: + actions: + Agile Board: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to view and use the Agile board. + NONE: Retricts the ability to view and use the Agile board. + ChatAssist: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows access to the ChatAssist Icon under the Service Desk Module. + NONE: Retricts access to the ChatAssist Icon under the Service Desk Module. + Close Service Tickets: + add: + levels: + ALL: |- + Allows users to set a new ticket to a closed status before saving it for the first time. + NONE: |- + Restricts the ability to set a new ticket to a closed status before saving it for the first time. + edit: + levels: + ALL: Allows the ability to close and re-open service tickets. + NONE: Restricts the ability to close and re-open service tickets. + delete: + note: Not Applicable. See Add, Edit, and Inquire levels. + inquire: + levels: + ALL: Allows the ability to view closed statuses in Service Ticket Status dropdown + NONE: Restricts the ability to view closed statuses in Service Ticket Status dropdown. + CloudConsole: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows access to the CloudConsole Icon under the Service Desk Module. + NONE: Retricts access to the CloudConsole Icon under the Service Desk Module. + ConnectWise Control: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Enables the ScreenConnect Button on tickets allowing the ability to create a ScreenConnect session. + NONE: |- + Disables the ScreenConnect Button on tickets disallowing the ability to create a ScreenConnect session. + ConnectWise Manage Network: + add: + note: Not applicable. See Add and Inquire levels. + edit: + note: Not applicable. See Add and Inquire levels. + delete: + levels: + ALL: Allows the ability to remove holds from the ConnectWise Manage Network. + NONE: Restricts the ability to remove holds from the ConnectWise Manage Network. + inquire: + levels: + ALL: Allows access to the ConnectWise Manage Network. + NONE: Retricts access to the ConnectWise Manage Network. + Knowledge Base Approver: + add: + note: Not applicable. See Edit, Delete, and Inquire levels. + edit: + levels: + ALL: |- + Allows the ability to approve and reject Knowledge Base articles that are pending approval. + NONE: |- + Restricts the ability to approve and reject Knowledge Base articles that are pending approval. + delete: + levels: + ALL: |- + Allows the ability to delete Knowledge Base articles in any status created by any member. + NONE: Restricts the ability to delete any Knowledge Base articles. + inquire: + levels: + ALL: |- + Allows the ability to review Knowledge Base articles in any status. NONEL Restricts the ability to review any Knowledge Base articles. + Knowledge Base Creator: + add: + levels: + ALL: Allows the ability to add draft Knowledge Base articles and submit for approval. + MY: Allows the ability to add draft Knowledge Base articles and submit for approval. + NONE: |- + Restricts the ability to add draft Knowledge Base articles and submit for approval. + edit: + levels: + ALL: |- + Allows the ability to edit Knowledge Base articles in Draft, Rejected, and Revise status for any member. + MY: |- + Allows the ability to edit Knowledge Base articles in Draft, Rejected, and Revise status created by the logged in member. + NONE: Restricts the ability to edit Knowledge Base articles. + delete: + levels: + ALL: |- + Allows the ability to delete Knowledge Base articles in Draft, Rejected, and Revise status created by any member. + MY: |- + Allows the ability to delete Knowledge Base articles in Draft, Rejected, and Revise status created by the logged in member. + NONE: Restricts the ability to delete Knowledge Base articles. + inquire: + levels: + ALL: Allows the ability to review Knowledge Base articles created by any member. + MY: |- + Allows the ability for a member to review Knowledge Base articles created by the logged in member. + NONE: Restricts the ability to review any Knowledge Base articles. + Launch Remote Access: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to launch Automate or Control access from any ticket. + MY: |- + Allows the ability to launch Automate or Control access from any ticket the member is a resource on. + NONE: |- + Restricts the ability to launch Automate or Control access. Hides the Launch column in the Configuration pod. + Merge Tickets: + add: + levels: + ALL: Allows the ability to merge tickets. + NONE: Restricts the ability to merge tickets + edit: + levels: + ALL: Allows for Open merged tickets to be set to a Closed status. + NONE: Restricts the ability to merge tickets + delete: + note: Not applicable. See Add, Edit, and Inquire levels. + inquire: + levels: + ALL: Allows the ability to view the relationship of merged tickets. + NONE: Restricts the ability to view the relationship of merged tickets. + Print Service Signoff: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to print the Signoff form for any service ticket. + MY: |- + Allows the ability to print the Signoff form for tickets you are a resource on, tickets you have assigned another resource on, and tickets created by you. + NONE: Restricts the ability to print the Signoff form for all tickets. + Reports: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Allows the ability to review reports located in the Service Desk Category of the reports module. By default, when this option is selected, access to all Service reports is allowed, but access can be customized using the Customize Option for this module. + NONE: |- + Retricts the ability to review reports located in the Service Desk Category of the reports module. + Resource Scheduling: + add: + levels: + ALL: Allows the ability to add resources on Service Tickets and Activities. + MY: |- + Allows the ability for a member to add themselves as a resource on a Service Ticket or Activity. + NONE: |- + Retricts the ability to add resources on Service Tickets and Activities. NOTE: This includes the My Calendar and Dispatch Portal Screens. + edit: + levels: + ALL: Allows the ability to edit resources on Service Tickets and Activities. + MY: |- + Allows the ability for a member to edit themselves as a resource on a Service Ticket or Activity. + NONE: |- + Retricts the ability to edit resources on Service Tickets and Activities. NOTE: This includes the My Calendar and Dispatch Portal Screens. + delete: + levels: + ALL: Allows the ability to delete resources on Service Tickets and Activities. + MY: |- + Allows the ability for a member to delete themselves as a resource on a Service Ticket or Activity. + NONE: |- + Retricts the ability to delete resources on Service Tickets and Activities. NOTE: This includes the My Calendar and Dispatch Portal Screens. + inquire: + levels: + ALL: Allows the ability to review resources on Service Tickets and Activities. + MY: |- + Allows the ability for a member to review only their resource records on a Service Ticket or Activity. + NONE: |- + Retricts the ability to review resources on Service Tickets and Activities. NOTE: This includes the My Calendar and Dispatch Portal Screens. + Service Dashboard: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows access to the Service Dashboard under the Service Desk Module. + NONE: Retricts access to the Service Dashboard under the Service Desk Module. + Service Ticket - Dependencies: + add: + levels: + ALL: Allows the ability to append predecessor tickets to a service ticket. + NONE: Disallows the ability to append predecessor tickets to a service ticket. + edit: + levels: + ALL: Allows the ability to edit the existing predecessor ticket on a service ticket. + NONE: |- + Disallows the ability to edit the existing predecessor ticket on a service ticket. + delete: + levels: + ALL: Allows the ability to remove an existing predecessor ticket on a service ticket. + NONE: |- + Disallows the ability to remove an existing predecessor ticket on a service ticket. + inquire: + levels: + ALL: Allows the ability to view existing predecessor ticket info on a service ticket. + NONE: |- + Disallows the ability to view existing predecessor ticket info on a service ticket. + Service Ticket - Finance: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: Allows the ability to edit information on the Finance Tab of Service Tickets. + NONE: Retricts the ability to edit information on the Finance Tab of Service Tickets. + delete: + note: Not applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: Allows access to the Finance Tab of Service Tickets. + NONE: Retricts access to the Finance Tab of Service Tickets. + Service Tickets: + add: + levels: + ALL: Allows the ability to create Service Tickets. + MY: Allows the ability to create Service Tickets. + NONE: Retricts the ability to create Service Tickets. + edit: + levels: + ALL: |- + Allows the ability to edit existing Service Tickets. Allows the ability to follow Service Tickets. + MY: |- + Allows the ability to edit only existing Service Tickets that belong to the member. A ticket belongs to me if I created it, assigned it to someone, or I am assigned to it. Allows the ability to follow Service Tickets I am a resource on. + NONE: Retricts the ability to edit existing Service Tickets. + delete: + levels: + ALL: Allows the ability to delete existing Service Tickets. + MY: |- + Allows the ability to delete only existing Service Tickets that belong to the member. A ticket belongs to me if I created it, assigned it to someone, or I am assigned to it. + NONE: Retricts the ability to delete existing Service Tickets. + inquire: + levels: + ALL: Allows the ability to review existing Service Tickets. + MY: |- + Allows the ability to review only existing Service Tickets that belong to the member. A ticket belongs to me if I created it, assigned it to someone, or I am assigned to it. + NONE: Retricts the ability to review existing Service Tickets. + SLA Dashboard: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: |- + Allows the ability to access the On Call and Duty Mgr pickers on the SLA Dashboard and Service Board. + MY: |- + Restricts the ability to access the On Call and Duty Mgr pickers on the SLA Dashboard and Service Board. + NONE: |- + Restricts the ability to access the On Call and Duty Mgr pickers on the SLA Dashboard and Service Board. + delete: + note: Not applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: |- + Allows the ability to select any member from the member filter on the SLA Dashboard. Also allows the ability to access the On Call and Duty Mgr pickers on the Service Board and SLA Dashboard + MY: |- + Restricts the ability to select other members from the member filter on the SLA Dashboard. + NONE: Restricts access to the SLA Dashboard. + Ticket Templates: + add: + levels: + ALL: |- + Allows the ability to create Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. + MY: Same as ALL + NONE: |- + Restricts the ability to create Ticket Templates at the Company Level. This includes the Ticket Templates Tab of a company or agreement. Note: This does not control the application of Ticket Templates to existing tickets using the protractor icon. + edit: + levels: + ALL: |- + Allows the ability to edit Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. + MY: |- + Allows the ability to edit Ticket Templates only where the member has access to the service board, location and group associated with the template. This includes the Ticket Templates tab of a company or agreement. + NONE: |- + Restricts the ability to edit Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. Note: This does not control the application of Ticket Templates to existing tickets using the protractor icon. + delete: + levels: + ALL: |- + Allows the ability to delete Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. + MY: |- + Allows the ability to delete Ticket Templates only where the member has access to the service board, location and group associated with the template. This includes the Ticket Templates tab of a company or agreement. + NONE: |- + Restricts the ability to delete Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. Note: This does not control the application of Ticket Templates to existing tickets using the protractor icon. + inquire: + levels: + ALL: |- + Allows the ability to review Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. + MY: |- + Allows the ability to review Ticket Templates only where the member has access to the service board, location and group associated with the template. This includes the Ticket Templates tab of a company or agreement. + NONE: |- + Restricts the ability to review Ticket Templates at the Company Level. This includes the Ticket Templates tab of a company or agreement. Note: This does not control the application of Ticket Templates to existing tickets using the protractor icon. + System: + actions: + API Reports: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the user to access the API Reporting Views when using an API Member. + NONE: |- + Restricts the ability to review the API Reporting Views when using an API Member. + Chat with ConnectWise Manage Support: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows access to the Chat with Support button in the top navigation menu. + NONE: Restricts access to the Chat with Support button in the top navigation menu. + ConnectWise Manage Labs: + add: + note: Not applicable. See Edit level. + edit: + levels: + ALL: Allows the ability to turn labs on and off + NONE: Restricts the ablility to turn labs on and off + delete: + note: Not applicable. See Edit level. + inquire: + note: Not applicable. See Edit level. + Custom Menu Entry: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Allows the ability to review custom menu entries in the modules they are assigned to. By default, when this option is selected, access to all Custom Menu Entries is allowed, but access can be customized using the Customize Option for this module. + NONE: Restricts the ability to review existing Custom Menu Entries. + Email Audit: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Allows access to the Email Audit icon under the Service Desk module and the Email Audit tab on the Company screen + NONE: |- + Restricts access to the Email Audit icon under the Service Desk module and the Email Audit tab on the Company screen. + List View Export: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to export list view items to an Excel Spreadsheet. + NONE: Restricts the ability to export list view items to an Excel Spreadsheet. + Marketplace Sharing: + add: + levels: + ALL: Allows the ability to upload items to the ConnectWise Marketplace. + NONE: Restricts the ability to upload items to the ConnectWise Marketplace. + edit: + note: Not applicable. See Add and Inquire levels. + delete: + note: Not applicable. See Add and Inquire levels. + inquire: + levels: + ALL: Allows the ability to import items from the ConnectWise Marketplace. + NONE: Restricts the ability to import items from the ConnectWise Marketplace. + Mass Maintenance: + add: + levels: + ALL: |- + Allows the ability to add new items via the Mass Maintenance screens. Access to each screen can be customized using the Customize Option for this module. + NONE: Restricts the ability to add new items via the Mass Maintenance screens. + edit: + levels: + ALL: |- + Allows the ability to edit existing items via the Mass Maintenance screens. Access to each screen can be customized using the Customize Option for this module. + NONE: Restricts the ability to edit existing items via the Mass Maintenance screens. + delete: + levels: + ALL: |- + Allows the ability to delete existing items via the Mass Maintenance screens. Access to each screen can be customized using the Customize Option for this module. + NONE: Restricts the ability to delete existing items via the Mass Maintenance screens. + inquire: + levels: + ALL: |- + Allows the ability to review existing items via the Mass Maintenance screens. Access to each screen can be customized using the Customize Option for this module. + NONE: Restricts the ability to review existing items via the Mass Maintenance screens. + Member Maintenance: + add: + levels: + ALL: Allows the ability to create new member profiles. + NONE: Restricts the ability to create new member profiles. + edit: + levels: + ALL: Allows the ability to edit existing member profiles. + NONE: Restricts the ability to edit existing member profiles. + delete: + levels: + ALL: Allows the ability to delete existing member profiles. + NONE: Restricts the ability to deleteexisting member profiles. + inquire: + levels: + ALL: Allows the ability to review existing member profiles. + NONE: Restricts the ability to review existing member profiles. + My Account: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: |- + Allows the ability to edit the information on the MY Account Screen for all members. + MY: |- + Allows the ability to edit the information on the MY Account Screen for only the member logged in. + NONE: Retricts the ability to edit the information on the MY Account Screen + delete: + note: Not applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: |- + Allows the ability to review the information on the MY Account Screen for all members. + MY: |- + Allows the ability to review the information on the MY Account Screen for only the member logged in. + NONE: Retricts the ability to review the information on the MY Account Screen + My Company: + add: + levels: + ALL: |- + Allows the ability to add new structure and group levels to the My Company Screen. + NONE: |- + Restricts the ability to add new structure and group levels to the My Company Screen. + edit: + levels: + ALL: Allows the ability to edit the information on the My Company Screen. + NONE: Restricts the ability to edit the information on the My Company Screen. + delete: + levels: + ALL: |- + Allows the ability to delete structure and group levels from the My Company Screen. + NONE: |- + Restricts the ability to delete structure and group levels from the My Company Screen + inquire: + levels: + ALL: Allows the ability to review the information on the My Company Screen. + NONE: Restricts the ability to review the information on the My Company Screen. + Report Writer: + add: + levels: + ALL: Allows access to the report writer designer + NONE: Restricts access to the report writer designer + edit: + note: Not applicable. See Add and Inquire levels. + delete: + note: Not applicable. See Add and Inquire levels. + inquire: + levels: + ALL: Allows access to view report writer reports and dashboards. + NONE: Restricts access to view report writer reports and dashboards. + Security Roles: + add: + levels: + ALL: Allows the ability to create new security roles. + NONE: Restricts the ability to create new security roles. + edit: + levels: + ALL: Allows the ability to edit the settings for existing security roles. + NONE: Restricts the ability to edit the settings for existing security roles. + delete: + levels: + ALL: Allows the ability to delete existing security roles. + NONE: Restricts the ability to delete existing security roles. + inquire: + levels: + ALL: Allows the ability to review the settings for existing security roles. + NONE: Restricts the ability to review the settings for existing security roles. + System Reports: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Allows the ability to review reports located in the System Category of the reports module. By default, when this option is selected, access to all System reports is allowed, but access can be customized using the Customize Option for this module. + NONE: |- + Retricts the ability to review reports located in the System Category of the reports module. + Table Setup: + add: + levels: + ALL: |- + Allows the ability to create new items within each of the Setup Tables. By default, when this option is selected, access to all Setup Tables is allowed, but access can be customized using the Customize Option for this module. + NONE: Restricts the ability to create new items within each of the Setup Tables. + edit: + levels: + ALL: |- + Allows the ability to edit existing items within each of the Setup Tables. By default, when this option is selected, access to all Setup Tables is allowed, but access can be customized using the Customize Option for this module. + NONE: Restricts the ability to edit existing items within each of the Setup Tables. + delete: + levels: + ALL: |- + Allows the ability to delete existing items within each of the Setup Tables. By default, when this option is selected, access to all Setup Tables is allowed, but access can be customized using the Customize Option for this module. + NONE: Restricts the ability to delete existing items within each of the Setup Tables. + inquire: + levels: + ALL: |- + Allows the ability to review existing items within each of the Setup Tables. By default, when this option is selected, access to all Setup Tables is allowed, but access can be customized using the Customize Option for this module. + NONE: Restricts the ability to review existing items within each of the Setup Tables. + Today Links: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: Allows the ability to view and browse to the links setup on the Today screen. + NONE: Restricts the ability to view and browse to the links setup on the Today screen. + Time and Expense: + actions: + Expense Approvals: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: |- + Allows the ability to approve expense reports and reverse expense report approvals. + NONE: |- + Restricts the ability to approve expense reports and reverse expense report approvals. + delete: + note: Not applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: Allows the ability to view expense reports submitted for approval. + NONE: Restricts the ability to view expense reports submitted for approval. + Expense Report Entry: + add: + levels: + ALL: |- + Allows the ability to add expense records within the system. This includes expense records for other members while on their Expense Report. + MY: Allows the ability to add expenses only for the member logged in. + NONE: Retricts the ability to add expense records within the system. + edit: + levels: + ALL: Allows the ability to edit all existing expense records within the system. + MY: |- + Allows the ability to edit only the expenses that particular member has entered within the system. + NONE: Retricts the ability to edit existing expenses within the system. + delete: + levels: + ALL: |- + Allows the ability to delete all existing expense records within the system. This includes expense records for other members. + MY: |- + Allows the ability to delete only the expenses that particular member has entered within the system. + NONE: Retricts the ability to delete existing expenses within the system. + inquire: + levels: + ALL: Allows the ability to review all existing expense records within the system. + MY: |- + Allows the ability to review only the expenses that particular member has entered within the system. + NONE: Retricts the ability to review existing expenses within the system. + Reports: + add: + note: Not applicable. See Inquire level. + edit: + note: Not applicable. See Inquire level. + delete: + note: Not applicable. See Inquire level. + inquire: + levels: + ALL: |- + Allows the ability to review reports located in the Time Entry Category of the reports module. By default, when this option is selected, access to all Time Entry reports is allowed, but access can be customized using the Customize Option for this module. + NONE: |- + Retricts the ability to review reports located in the Time Entry Category of the reports module. + Stopwatch: + add: + levels: + ALL: |- + Allows the ability to use the Stopwatch on both the All Tickets tab and in the Ticket screen. + NONE: Restricts the ability to use the Stopwatch on the All Tickets tab. + edit: + note: Not applicable. See Add and Inquire levels. + delete: + note: Not applicable. See Add and Inquire levels. + inquire: + levels: + ALL: |- + Allows the ability to view the Stopwatch on the All Tickets tab, and grants the ability to use the Stopwatch in the Ticket screen. + NONE: |- + Restricts the ability to view the Stopwatch in the Ticket screen or in the All Tickets tab. + Time Approval: + add: + note: Not applicable. See Edit and Inquire levels. + edit: + levels: + ALL: Allows the ability to approve/reject Time Sheet Approvals for all members. + MY: |- + Allows the ability to approve/reject Time Sheet Approvals for only the users the member logged in is the approver for. + NONE: Retricts the ability to approve/reject Time Sheet Approvals. + delete: + note: Not applicable. See Edit and Inquire levels. + inquire: + levels: + ALL: Allows the ability to review Time Sheet Approvals for all members. + MY: |- + Allows the ability to review Time Sheet Approvals for only the users the member logged in is the approver for. + NONE: Retricts the ability to review Time Sheet Approvals. + Time Entry: + add: + levels: + ALL: Allows the ability to create time entries for all members. + MY: Allows the ability tocreate time entries for only the member logged in. + NONE: Retricts the ability to create time entries. + edit: + levels: + ALL: Allows the ability to edit existing time entries for all members. + MY: Allows the ability to edit existing time entries for only the member logged in. + NONE: Retricts the ability to edit existing time entries. + delete: + levels: + ALL: Allows the ability to delete existing time entries for all members. + MY: |- + Allows the ability to delete existing time entries for only the member logged in. + NONE: Retricts the ability to delete existing time entries. + inquire: + levels: + ALL: Allows the ability to review existing time entries for all members. + MY: |- + Allows the ability to view existing time entries for only the member logged in. This includes the time tab and audit trail. Time entry notes will still appear in the notes pod and in the audit trail for all members. + NONE: Retricts the ability to review existing time entries. diff --git a/docs/connectwise/CW_Security_Roles/generate_role_docs.py b/docs/connectwise/CW_Security_Roles/generate_role_docs.py new file mode 100644 index 00000000..de3d8e44 --- /dev/null +++ b/docs/connectwise/CW_Security_Roles/generate_role_docs.py @@ -0,0 +1,361 @@ +""" +Generate ConnectWise security-role documentation from the source XLSX. + +Produces: + - api-member-security-roles.yaml : machine-readable source of truth + - api-member-security-roles.md : human-readable reference + +Re-run this script after editing the source XLSX. Both outputs are +deterministic — they will produce identical content from identical input, +so diffs in version control reflect only real permission-model changes. + +Usage: + python generate_role_docs.py \ + --source source/Security_Roles_Matrix_11132017.xlsx \ + --out-yaml ../api-member-security-roles.yaml \ + --out-md ../api-member-security-roles.md +""" +from __future__ import annotations + +import argparse +import re +from dataclasses import dataclass, field +from datetime import date +from pathlib import Path +from typing import Dict, List, Optional + +import yaml +from openpyxl import load_workbook + +# --------------------------------------------------------------------------- +# Parsing +# --------------------------------------------------------------------------- + +# A level description line looks like "ALL: text..." or "NONE: text..." +# We capture the prefix (ALL | NONE | MINE | MY) and the trailing description. +LEVEL_LINE = re.compile(r"^(ALL|NONE|MINE|MY)\s*:\s*(.*)$", re.DOTALL) + +# Recognized ConnectWise permission levels, most-to-least privileged. +LEVEL_ORDER = ["ALL", "MY", "MINE", "NONE"] + +VERBS = ["add", "edit", "delete", "inquire"] +VERB_COLS = {"add": 3, "edit": 4, "delete": 5, "inquire": 6} + + +@dataclass +class CellPermission: + """Parsed contents of a single (action, verb) cell.""" + + levels: Dict[str, str] = field(default_factory=dict) # level -> description + note: Optional[str] = None # for "Not applicable. See Inquire level." etc. + raw: str = "" # original cell text, preserved for audit + + +@dataclass +class ActionRow: + module: str + action: str + permissions: Dict[str, CellPermission] # verb -> CellPermission + + +def parse_cell(raw: Optional[str]) -> CellPermission: + """Parse a single cell's multi-line content into levels + note.""" + if raw is None: + return CellPermission(raw="") + text = str(raw).strip() + cp = CellPermission(raw=text) + if not text: + return cp + + # Split into candidate entries. Each entry is typically one line that + # starts with a level prefix, but description text can itself contain + # newlines. We therefore split on newlines and accumulate continuation + # lines into the preceding entry. + current_level: Optional[str] = None + current_buf: List[str] = [] + note_buf: List[str] = [] + + def flush_level() -> None: + nonlocal current_level, current_buf + if current_level is not None: + cp.levels[current_level] = " ".join(current_buf).strip() + current_level = None + current_buf = [] + + for line in text.splitlines(): + line = line.strip() + if not line: + continue + m = LEVEL_LINE.match(line) + if m: + flush_level() + current_level = m.group(1).upper() + current_buf = [m.group(2).strip()] + elif current_level is not None: + current_buf.append(line) + else: + # No level prefix yet — belongs to the note. + note_buf.append(line) + flush_level() + + if note_buf: + cp.note = " ".join(note_buf).strip() + + return cp + + +def read_matrix(xlsx_path: Path) -> List[ActionRow]: + wb = load_workbook(xlsx_path, data_only=True) + ws = wb.active # Single sheet in this workbook. + + # Header row is row 2 per the source file; data begins row 3. + actions: List[ActionRow] = [] + for r in range(3, ws.max_row + 1): + module = ws.cell(row=r, column=1).value + action = ws.cell(row=r, column=2).value + if not (module or action): + continue # skip fully empty rows + if not module or not action: + # Partial row — keep but flag. This shouldn't happen in the + # current source; if it does, the generator should fail loudly + # rather than silently produce wrong output. + raise ValueError( + f"Row {r} has a missing Module or Action: " + f"module={module!r}, action={action!r}" + ) + + perms: Dict[str, CellPermission] = {} + for verb, col in VERB_COLS.items(): + perms[verb] = parse_cell(ws.cell(row=r, column=col).value) + + actions.append( + ActionRow(module=module.strip(), action=action.strip(), permissions=perms) + ) + return actions + + +# --------------------------------------------------------------------------- +# Output: YAML +# --------------------------------------------------------------------------- + +def build_yaml_document(actions: List[ActionRow], source_file: str) -> dict: + """Build a plain-dict representation that YAML dumps cleanly.""" + # Group by module, preserving action order within each module. + modules: Dict[str, List[ActionRow]] = {} + for a in actions: + modules.setdefault(a.module, []).append(a) + + doc = { + "metadata": { + "source_file": source_file, + "generated_on": date.today().isoformat(), + "generator": "docs/integrations/connectwise/source/generate_role_docs.py", + "description": ( + "ConnectWise security-role matrix. Each (module, action) entry " + "describes what each access level (ALL, MY, MINE, NONE) means " + "for the Add, Edit, Delete, and Inquire verbs. This is a " + "reference catalog, not a per-role assignment — role " + "assignments live in ConnectWise and are mirrored in the " + "ResolutionFlow integration config." + ), + "level_order_most_to_least_privileged": LEVEL_ORDER, + }, + "modules": {}, + } + + for module_name, rows in modules.items(): + module_block = {"actions": {}} + for a in rows: + action_block: Dict[str, object] = {} + for verb in VERBS: + cell = a.permissions[verb] + entry: Dict[str, object] = {} + if cell.levels: + # Emit levels in canonical order, only those present. + entry["levels"] = { + lvl: cell.levels[lvl] + for lvl in LEVEL_ORDER + if lvl in cell.levels + } + if cell.note: + entry["note"] = cell.note + if not entry: + # Truly empty cell — represent explicitly so downstream + # consumers can distinguish "empty" from "missing". + entry["note"] = "(no description provided)" + action_block[verb] = entry + module_block["actions"][a.action] = action_block + doc["modules"][module_name] = module_block + + return doc + + +class _LiteralStr(str): + """Marker type so PyYAML renders long strings as block literals.""" + + +def _literal_presenter(dumper, data): + return dumper.represent_scalar("tag:yaml.org,2002:str", data, style="|") + + +yaml.add_representer(_LiteralStr, _literal_presenter) + + +def _use_block_style_for_long_strings(obj): + """Recursively wrap long strings so the YAML is readable, not one-line.""" + if isinstance(obj, dict): + return {k: _use_block_style_for_long_strings(v) for k, v in obj.items()} + if isinstance(obj, list): + return [_use_block_style_for_long_strings(v) for v in obj] + if isinstance(obj, str) and (len(obj) > 80 or "\n" in obj): + return _LiteralStr(obj) + return obj + + +def dump_yaml(doc: dict, out_path: Path) -> None: + prepared = _use_block_style_for_long_strings(doc) + out_path.parent.mkdir(parents=True, exist_ok=True) + with out_path.open("w", encoding="utf-8") as f: + f.write("# ConnectWise API Member Security Roles — reference matrix.\n") + f.write("# Generated from the source XLSX; do not edit by hand.\n") + f.write("# Re-run generate_role_docs.py after updating the XLSX.\n\n") + yaml.dump( + prepared, + f, + sort_keys=False, + allow_unicode=True, + width=100, + default_flow_style=False, + ) + + +# --------------------------------------------------------------------------- +# Output: Markdown +# --------------------------------------------------------------------------- + +def _md_escape(text: str) -> str: + """Escape pipes and collapse whitespace for Markdown table cells.""" + return text.replace("|", "\\|").replace("\n", " ").strip() + + +def build_markdown(actions: List[ActionRow], source_file: str) -> str: + modules: Dict[str, List[ActionRow]] = {} + for a in actions: + modules.setdefault(a.module, []).append(a) + + lines: List[str] = [] + lines.append("# ConnectWise API Member — Security Roles Reference") + lines.append("") + lines.append( + f"_Generated {date.today().isoformat()} from " + f"`{source_file}`. Do not edit by hand — update the XLSX and " + f"re-run `generate_role_docs.py`._" + ) + lines.append("") + lines.append("## How to read this document") + lines.append("") + lines.append( + "Each ConnectWise module lists the actions it governs. For every " + "action, four permission verbs — **Add**, **Edit**, **Delete**, " + "**Inquire** — can be granted at one of these levels, most to " + "least privileged:" + ) + lines.append("") + lines.append("| Level | Meaning |") + lines.append("|-------|---------|") + lines.append("| `ALL` | Access to all records in the system. |") + lines.append("| `MY` | Access to records owned by the user's team. |") + lines.append("| `MINE` | Access only to records owned by the user. |") + lines.append("| `NONE` | No access. |") + lines.append("") + lines.append( + "Not every level applies to every action — the source matrix " + "only documents the levels that are meaningful for each cell. " + "Cells marked _Not applicable_ reference another verb (usually " + "Inquire) where the meaningful level is defined." + ) + lines.append("") + lines.append( + "The machine-readable form of this document is " + "[`api-member-security-roles.yaml`](./api-member-security-roles.yaml). " + "Use the YAML when writing integration code; use this Markdown " + "when reviewing, discussing, or onboarding." + ) + lines.append("") + lines.append("## Table of contents") + lines.append("") + for module_name in modules: + anchor = module_name.lower().replace(" ", "-").replace("/", "") + lines.append(f"- [{module_name}](#{anchor}) — {len(modules[module_name])} actions") + lines.append("") + + for module_name, rows in modules.items(): + lines.append(f"## {module_name}") + lines.append("") + for a in rows: + lines.append(f"### {a.action}") + lines.append("") + lines.append("| Verb | Level | Description |") + lines.append("|------|-------|-------------|") + wrote_any = False + for verb in VERBS: + cell = a.permissions[verb] + if cell.levels: + for lvl in LEVEL_ORDER: + if lvl in cell.levels: + lines.append( + f"| {verb.capitalize()} | `{lvl}` | " + f"{_md_escape(cell.levels[lvl])} |" + ) + wrote_any = True + elif cell.note: + lines.append( + f"| {verb.capitalize()} | — | " + f"_{_md_escape(cell.note)}_ |" + ) + wrote_any = True + if not wrote_any: + lines.append("| — | — | _(no description provided)_ |") + lines.append("") + + return "\n".join(lines) + "\n" + + +def write_markdown(md_text: str, out_path: Path) -> None: + out_path.parent.mkdir(parents=True, exist_ok=True) + out_path.write_text(md_text, encoding="utf-8") + + +# --------------------------------------------------------------------------- +# Entry point +# --------------------------------------------------------------------------- + +def main() -> None: + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument("--source", type=Path, required=True, + help="Path to the source .xlsx") + parser.add_argument("--out-yaml", type=Path, required=True, + help="Path to write the YAML output") + parser.add_argument("--out-md", type=Path, required=True, + help="Path to write the Markdown output") + args = parser.parse_args() + + actions = read_matrix(args.source) + doc = build_yaml_document(actions, source_file=args.source.name) + dump_yaml(doc, args.out_yaml) + + md = build_markdown(actions, source_file=args.source.name) + write_markdown(md, args.out_md) + + # Quick data-quality summary to stdout — helpful when re-running after edits. + from collections import Counter + modules_seen = Counter(a.module for a in actions) + print(f"Parsed {len(actions)} actions across {len(modules_seen)} modules:") + for m, n in modules_seen.most_common(): + print(f" {m}: {n}") + print(f"\nWrote {args.out_yaml}") + print(f"Wrote {args.out_md}") + + +if __name__ == "__main__": + main() diff --git a/docs/connectwise/CW_Security_Roles/requirements.txt b/docs/connectwise/CW_Security_Roles/requirements.txt new file mode 100644 index 00000000..fd83a4c7 --- /dev/null +++ b/docs/connectwise/CW_Security_Roles/requirements.txt @@ -0,0 +1,5 @@ +# Dependencies for generate_role_docs.py. +# These are only needed when regenerating the role docs from the XLSX — +# they are not runtime dependencies of ResolutionFlow itself. +openpyxl>=3.1,<4.0 +PyYAML>=6.0,<7.0 diff --git a/docs/superpowers/plans/2026-04-16-psa-ticket-management.md b/docs/superpowers/plans/2026-04-16-psa-ticket-management.md new file mode 100644 index 00000000..cefa932d --- /dev/null +++ b/docs/superpowers/plans/2026-04-16-psa-ticket-management.md @@ -0,0 +1,3075 @@ +# PSA Ticket Management Implementation Plan + +> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking. + +**Goal:** Add PSA ticket management to ResolutionFlow — a dedicated Tickets page, an updated TicketQueue dashboard widget, and spin-off ticket creation from ResolutionAssist sessions. + +**Architecture:** Dedicated `ticket_service.py` wraps PSA provider mutations; new normalized DTOs in `psa_tickets.py`; `search_tickets` updated to return paginated results via parallel CW count fetch. Frontend uses URL params for filter/pagination state, `TicketDetailPanel` hydrates via existing `getTicketContext` + new `listResources` endpoint. + +**Tech Stack:** FastAPI, SQLAlchemy async, Pydantic v2, Anthropic SDK (AI parse), React 19, TypeScript, Tailwind v4, React Router v7 `useSearchParams`, Lucide icons. + +--- + +## Phase 1 — Backend: Provider Foundations + +### Task 1: Add PaginatedTicketResult type + update provider base + +**Files:** +- Modify: `backend/app/services/psa/types.py` +- Modify: `backend/app/services/psa/base.py` + +- [ ] **Step 1: Add PaginatedTicketResult to types.py** + +```python +# backend/app/services/psa/types.py — add after PSABoard class + +from dataclasses import dataclass + +@dataclass +class PaginatedTicketResult: + items: list["PSATicket"] + total: int + page: int + page_size: int +``` + +- [ ] **Step 2: Update search_tickets signature in base.py** + +```python +# backend/app/services/psa/base.py +from .types import ( + ConnectionTestResult, + PSATicket, + PaginatedTicketResult, # add + PSANote, + PSAStatus, + PSACompany, + PSAMember, + PSAConfiguration, + PSATimeEntry, + PSABoard, +) + +# Change the search_tickets abstract method: +@abstractmethod +async def search_tickets(self, query: str, **filters) -> PaginatedTicketResult: + ... +``` + +- [ ] **Step 3: Commit** + +```bash +git add backend/app/services/psa/types.py backend/app/services/psa/base.py +git commit -m "feat(psa): add PaginatedTicketResult type, update provider search_tickets signature" +``` + +--- + +### Task 2: Add new abstract provider methods + +**Files:** +- Modify: `backend/app/services/psa/types.py` +- Modify: `backend/app/services/psa/base.py` + +- [ ] **Step 1: Add PSAResource + PSACreatedTicket types to types.py** + +```python +# backend/app/services/psa/types.py — add after PaginatedTicketResult + +class PSAResource(BaseModel): + member_id: int + member_name: str + member_identifier: str + is_rf_user: bool = False + +class PSACreatedTicket(BaseModel): + id: int + summary: str + board_name: str + status_name: str + priority_name: str + company_name: str + resources: list[PSAResource] = [] + +class TicketCreatePayload(BaseModel): + summary: str + company_id: int + board_id: int + status_id: int + priority_id: int + description: str | None = None + assigned_member_id: int | None = None +``` + +- [ ] **Step 2: Add 4 abstract methods to base.py** + +```python +# backend/app/services/psa/base.py — add these after get_ticket_configurations + +@abstractmethod +async def list_resources(self, ticket_id: int) -> list[PSAResource]: + ... + +@abstractmethod +async def add_resource(self, ticket_id: int, member_id: int) -> PSAResource: + ... + +@abstractmethod +async def remove_resource(self, ticket_id: int, member_id: int) -> None: + ... + +@abstractmethod +async def create_ticket(self, payload: TicketCreatePayload) -> PSACreatedTicket: + ... +``` + +Also add `list_priorities` for the full-form dropdown: + +```python +@abstractmethod +async def list_priorities(self) -> list[dict]: + ... +``` + +- [ ] **Step 3: Update base.py imports** + +```python +from .types import ( + ConnectionTestResult, + PSATicket, + PaginatedTicketResult, + PSANote, + PSAStatus, + PSACompany, + PSAMember, + PSAConfiguration, + PSATimeEntry, + PSABoard, + PSAResource, + PSACreatedTicket, + TicketCreatePayload, +) +``` + +- [ ] **Step 4: Commit** + +```bash +git add backend/app/services/psa/types.py backend/app/services/psa/base.py +git commit -m "feat(psa): add PSAResource, TicketCreatePayload types and abstract provider methods" +``` + +--- + +### Task 3: Implement new CW provider methods + +**Files:** +- Modify: `backend/app/services/psa/connectwise/provider.py` + +- [ ] **Step 1: Update CW search_tickets to return PaginatedTicketResult** + +In `ConnectWiseProvider.search_tickets()`, replace the final `return [...]` block with a parallel count fetch: + +```python +async def search_tickets(self, query: str, **filters) -> PaginatedTicketResult: + page_size = filters.get("page_size", 10) + page = filters.get("page", 1) + + params: dict = { + "fields": "id,summary,company,board,status,priority,closedFlag", + "orderBy": "priority/sort asc,dateEntered desc", + "pageSize": page_size, + "page": page, + } + + conditions: list[str] = [] + if query: + conditions.append(f"summary contains '{query}'") + if filters.get("board_id"): + conditions.append(f"board/id = {filters['board_id']}") + if filters.get("status_id"): + conditions.append(f"status/id = {filters['status_id']}") + if not filters.get("include_closed", False): + conditions.append("closedFlag = false") + if filters.get("member_identifier") is not None: + conditions.append(f"resources contains '{filters['member_identifier']}'") + if filters.get("unassigned", False): + conditions.append("resources = null") + board_ids: list[int] = filters.get("board_ids") or [] + if board_ids: + board_list = ", ".join(str(bid) for bid in board_ids) + conditions.append(f"board/id in ({board_list})") + + condition_str = " and ".join(conditions) if conditions else "" + if condition_str: + params["conditions"] = condition_str + + count_params: dict = {} + if condition_str: + count_params["conditions"] = condition_str + + # Fire page fetch + count in parallel + data, count_data = await asyncio.gather( + self.client.get("/service/tickets", params=params), + self.client.get("/service/tickets/count", params=count_params), + ) + + items = [self._map_ticket(t) for t in (data if isinstance(data, list) else [])] + total = count_data.get("count", len(items)) if isinstance(count_data, dict) else len(items) + + return PaginatedTicketResult(items=items, total=total, page=page, page_size=page_size) +``` + +- [ ] **Step 2: Add update import in provider.py** + +```python +from app.services.psa.types import ( + ConnectionTestResult, + PSATicket, + PaginatedTicketResult, + PSANote, + PSAStatus, + PSACompany, + PSAMember, + PSAConfiguration, + PSATimeEntry, + PSABoard, + PSAResource, + PSACreatedTicket, + TicketCreatePayload, +) +``` + +- [ ] **Step 3: Update _map_ticket to expose company_id and board_id** + +```python +@staticmethod +def _map_ticket(data: dict) -> PSATicket: + company = data.get("company") or {} + board = data.get("board") or {} + status = data.get("status") or {} + priority = data.get("priority") or {} + return PSATicket( + id=str(data.get("id", "")), + summary=data.get("summary", ""), + company_name=company.get("name"), + company_id=str(company.get("id")) if company.get("id") else None, + board_name=board.get("name"), + board_id=board.get("id"), + status_name=status.get("name"), + status_id=status.get("id"), + priority_name=priority.get("name"), + priority_id=priority.get("id"), + closed=data.get("closedFlag", False), + ) +``` + +- [ ] **Step 4: Implement list_resources** + +```python +async def list_resources(self, ticket_id: int) -> list[PSAResource]: + data = await self.client.get(f"/service/tickets/{ticket_id}/members") + results = [] + for m in (data if isinstance(data, list) else []): + member = m.get("member") or {} + results.append(PSAResource( + member_id=member.get("id", 0), + member_name=member.get("name", ""), + member_identifier=member.get("identifier", ""), + )) + return results +``` + +- [ ] **Step 5: Implement add_resource** + +```python +async def add_resource(self, ticket_id: int, member_id: int) -> PSAResource: + data = await self.client.post( + f"/service/tickets/{ticket_id}/members", + json={"member": {"id": member_id}}, + ) + member = (data.get("member") or {}) if isinstance(data, dict) else {} + return PSAResource( + member_id=member.get("id", member_id), + member_name=member.get("name", ""), + member_identifier=member.get("identifier", ""), + ) +``` + +- [ ] **Step 6: Implement remove_resource** + +```python +async def remove_resource(self, ticket_id: int, member_id: int) -> None: + # CW DELETE /service/tickets/{id}/members requires the member record id, + # not the member id. Fetch the list first to find the record id. + members_data = await self.client.get(f"/service/tickets/{ticket_id}/members") + record_id = None + for m in (members_data if isinstance(members_data, list) else []): + if (m.get("member") or {}).get("id") == member_id: + record_id = m.get("id") + break + if record_id is None: + return # Already not assigned — idempotent + await self.client.delete(f"/service/tickets/{ticket_id}/members/{record_id}") +``` + +- [ ] **Step 7: Implement create_ticket** + +```python +async def create_ticket(self, payload: TicketCreatePayload) -> PSACreatedTicket: + body: dict = { + "summary": payload.summary, + "board": {"id": payload.board_id}, + "company": {"id": payload.company_id}, + "status": {"id": payload.status_id}, + "priority": {"id": payload.priority_id}, + } + if payload.description: + body["initialDescription"] = payload.description + if payload.assigned_member_id: + body["owner"] = {"id": payload.assigned_member_id} + + data = await self.client.post("/service/tickets", json=body) + + # Fetch resources for the created ticket + ticket_id = data.get("id") + resources: list[PSAResource] = [] + if ticket_id and payload.assigned_member_id: + try: + resources = await self.list_resources(ticket_id) + except Exception: + pass + + company = data.get("company") or {} + board = data.get("board") or {} + status = data.get("status") or {} + priority = data.get("priority") or {} + + return PSACreatedTicket( + id=ticket_id or 0, + summary=data.get("summary", payload.summary), + board_name=board.get("name", ""), + status_name=status.get("name", ""), + priority_name=priority.get("name", ""), + company_name=company.get("name", ""), + resources=resources, + ) +``` + +- [ ] **Step 8: Implement list_priorities** + +```python +async def list_priorities(self) -> list[dict]: + data = await self.client.get("/service/priorities", params={"pageSize": 50}) + return [ + {"id": p.get("id"), "name": p.get("name")} + for p in (data if isinstance(data, list) else []) + ] +``` + +- [ ] **Step 9: Commit** + +```bash +git add backend/app/services/psa/connectwise/provider.py +git commit -m "feat(psa): implement list/add/remove resources, create_ticket, paginated search in CW provider" +``` + +--- + +### Task 4: Update PSATicketInfo schema + add psa_tickets.py schemas + +**Files:** +- Modify: `backend/app/schemas/psa_connection.py` +- Create: `backend/app/schemas/psa_tickets.py` + +- [ ] **Step 1: Add company_id and board_id to PSATicketInfo in psa_connection.py** + +The existing `PSATicketInfo` equivalent for API responses is `PSATicketSearchResult`. Add company_id/board_id fields and a new `PSATicketInfoFull` for the get_ticket endpoint: + +```python +# backend/app/schemas/psa_connection.py — update PSATicketSearchResult +class PSATicketSearchResult(BaseModel): + id: str + summary: str + company_name: str | None = None + company_id: str | None = None # add + board_name: str | None = None + board_id: int | None = None # add + status_name: str | None = None + status_id: int | None = None # add + priority_name: str | None = None + priority_id: int | None = None # add + closed: bool = False +``` + +- [ ] **Step 2: Create psa_tickets.py with all new schemas** + +```python +# backend/app/schemas/psa_tickets.py +"""Normalized DTOs for ticket management endpoints.""" +from __future__ import annotations +from pydantic import BaseModel + + +class PSAResourceSchema(BaseModel): + member_id: int + member_name: str + member_identifier: str + is_rf_user: bool = False + + +class PSATicketCreatedSchema(BaseModel): + id: int + summary: str + board_name: str + status_name: str + priority_name: str + company_name: str + resources: list[PSAResourceSchema] = [] + + +class PSATicketStatusUpdateSchema(BaseModel): + ticket_id: int + previous_status: str + new_status: str + + +class TicketCreatePayloadSchema(BaseModel): + summary: str + company_id: int + board_id: int + status_id: int + priority_id: int + description: str | None = None + assigned_member_id: int | None = None + + +class TicketListResponseSchema(BaseModel): + items: list # list[PSATicketSearchResult] — imported in endpoints + total: int + page: int + page_size: int + + +class AiParseRequestSchema(BaseModel): + prompt: str + + +class AiParseResponseSchema(BaseModel): + summary: str | None = None + company_id: int | None = None + board_id: int | None = None + priority_id: int | None = None + status_id: int | None = None + assigned_member_id: int | None = None + description: str | None = None + missing_fields: list[str] = [] + warnings: list[str] = [] + + +class PSAPrioritySchema(BaseModel): + id: int + name: str +``` + +- [ ] **Step 3: Commit** + +```bash +git add backend/app/schemas/psa_connection.py backend/app/schemas/psa_tickets.py +git commit -m "feat(psa): expand PSATicketSearchResult with IDs, add psa_tickets.py schemas" +``` + +--- + +## Phase 2 — Backend: ticket_service.py + Endpoints + +### Task 5: Create ticket_service.py + +**Files:** +- Create: `backend/app/services/ticket_service.py` + +- [ ] **Step 1: Write ticket_service.py** + +```python +# backend/app/services/ticket_service.py +"""Ticket mutation service — wraps PSA provider, resolves is_rf_user flag.""" +from __future__ import annotations + +import logging +from uuid import UUID + +from sqlalchemy import select +from sqlalchemy.ext.asyncio import AsyncSession + +from app.models.psa_connection import PsaConnection +from app.models.psa_member_mapping import PsaMemberMapping +from app.schemas.psa_tickets import ( + PSAResourceSchema, + PSATicketCreatedSchema, + PSATicketStatusUpdateSchema, +) +from app.services.psa.registry import get_provider_for_account +from app.services.psa.types import TicketCreatePayload + +logger = logging.getLogger(__name__) + + +async def _get_mapped_member_ids(account_id: UUID, db: AsyncSession) -> set[int]: + """Return set of external_member_id ints that are mapped to RF users.""" + conn_result = await db.execute( + select(PsaConnection).where(PsaConnection.account_id == account_id) + ) + conn = conn_result.scalar_one_or_none() + if not conn: + return set() + mappings = await db.execute( + select(PsaMemberMapping).where(PsaMemberMapping.psa_connection_id == conn.id) + ) + return {int(m.external_member_id) for m in mappings.scalars().all() if m.external_member_id} + + +async def list_resources( + account_id: UUID, ticket_id: int, db: AsyncSession +) -> list[PSAResourceSchema]: + provider = await get_provider_for_account(account_id, db) + mapped_ids = await _get_mapped_member_ids(account_id, db) + resources = await provider.list_resources(ticket_id) + return [ + PSAResourceSchema( + member_id=r.member_id, + member_name=r.member_name, + member_identifier=r.member_identifier, + is_rf_user=r.member_id in mapped_ids, + ) + for r in resources + ] + + +async def add_resource( + account_id: UUID, ticket_id: int, member_id: int, db: AsyncSession +) -> PSAResourceSchema: + provider = await get_provider_for_account(account_id, db) + mapped_ids = await _get_mapped_member_ids(account_id, db) + resource = await provider.add_resource(ticket_id, member_id) + return PSAResourceSchema( + member_id=resource.member_id, + member_name=resource.member_name, + member_identifier=resource.member_identifier, + is_rf_user=resource.member_id in mapped_ids, + ) + + +async def remove_resource( + account_id: UUID, ticket_id: int, member_id: int, db: AsyncSession +) -> None: + provider = await get_provider_for_account(account_id, db) + await provider.remove_resource(ticket_id, member_id) + + +async def update_status( + account_id: UUID, ticket_id: int, status_id: int, db: AsyncSession +) -> PSATicketStatusUpdateSchema: + provider = await get_provider_for_account(account_id, db) + # get current status before updating + ticket = await provider.get_ticket(str(ticket_id)) + previous_status = ticket.status_name or "" + await provider.update_ticket_status(str(ticket_id), status_id) + # get new status name from statuses list + statuses = await provider.get_ticket_statuses(ticket.board_id or 0) + new_status = next((s.name for s in statuses if s.id == status_id), str(status_id)) + return PSATicketStatusUpdateSchema( + ticket_id=ticket_id, + previous_status=previous_status, + new_status=new_status, + ) + + +async def create_ticket( + account_id: UUID, payload: TicketCreatePayload, db: AsyncSession +) -> PSATicketCreatedSchema: + provider = await get_provider_for_account(account_id, db) + mapped_ids = await _get_mapped_member_ids(account_id, db) + result = await provider.create_ticket(payload) + return PSATicketCreatedSchema( + id=result.id, + summary=result.summary, + board_name=result.board_name, + status_name=result.status_name, + priority_name=result.priority_name, + company_name=result.company_name, + resources=[ + PSAResourceSchema( + member_id=r.member_id, + member_name=r.member_name, + member_identifier=r.member_identifier, + is_rf_user=r.member_id in mapped_ids, + ) + for r in result.resources + ], + ) +``` + +- [ ] **Step 2: Commit** + +```bash +git add backend/app/services/ticket_service.py +git commit -m "feat(psa): add ticket_service.py with list/add/remove resource, update_status, create_ticket" +``` + +--- + +### Task 6: Update search endpoint + add new ticket endpoints + +**Files:** +- Modify: `backend/app/api/endpoints/integrations.py` + +- [ ] **Step 1: Add new imports at top of integrations.py** + +```python +from app.schemas.psa_tickets import ( + PSAResourceSchema, + PSATicketCreatedSchema, + PSATicketStatusUpdateSchema, + TicketCreatePayloadSchema, + AiParseRequestSchema, + AiParseResponseSchema, + PSAPrioritySchema, +) +import app.services.ticket_service as ticket_svc +``` + +- [ ] **Step 2: Update search_tickets endpoint to return paginated response** + +Replace the existing `@router.get("/tickets/search", ...)` endpoint with: + +```python +@router.get("/tickets/search") +async def search_tickets( + current_user: Annotated[User, Depends(require_engineer_or_admin)], + db: Annotated[AsyncSession, Depends(get_db)], + query: str = "", + board_id: int | None = None, + status_id: int | None = None, + include_closed: bool = False, + assigned_to_me: bool = False, + unassigned: bool = False, + board_ids: str = "", + priority: str | None = None, + company_id: int | None = None, + page: int = 1, + page_size: int = 25, +): + """Search ConnectWise tickets — returns paginated TicketListResponse.""" + if not current_user.account_id: + raise HTTPException(status_code=400, detail="User has no account") + + from app.services.psa.registry import get_provider_for_account + from app.services.psa.exceptions import PSAError + + member_identifier: str | None = None + if assigned_to_me: + conn_result = await db.execute( + select(PsaConnection).where( + PsaConnection.account_id == current_user.account_id, + PsaConnection.is_active.is_(True), + ) + ) + conn = conn_result.scalar_one_or_none() + if conn: + mapping_result = await db.execute( + select(PsaMemberMapping).where( + PsaMemberMapping.psa_connection_id == conn.id, + PsaMemberMapping.user_id == current_user.id, + ) + ) + mapping = mapping_result.scalar_one_or_none() + if not mapping: + return {"items": [], "total": 0, "page": page, "page_size": page_size} + try: + _provider = await get_provider_for_account(current_user.account_id, db) + cw_members = await _provider.list_members() + matched = next((m for m in cw_members if m.id == mapping.external_member_id), None) + if matched: + member_identifier = matched.identifier + else: + return {"items": [], "total": 0, "page": page, "page_size": page_size} + except PSAError: + return {"items": [], "total": 0, "page": page, "page_size": page_size} + + parsed_board_ids: list[int] = [] + if board_ids: + try: + parsed_board_ids = [int(bid.strip()) for bid in board_ids.split(",") if bid.strip()] + except ValueError: + raise HTTPException(status_code=400, detail="board_ids must be comma-separated integers") + + try: + provider = await get_provider_for_account(current_user.account_id, db) + result = await provider.search_tickets( + query, + board_id=board_id, + status_id=status_id, + include_closed=include_closed, + member_identifier=member_identifier, + unassigned=unassigned, + board_ids=parsed_board_ids, + company_id=company_id, + page=page, + page_size=page_size, + ) + items = [ + PSATicketSearchResult( + id=t.id, + summary=t.summary, + company_name=t.company_name, + company_id=t.company_id, + board_name=t.board_name, + board_id=t.board_id, + status_name=t.status_name, + status_id=t.status_id, + priority_name=t.priority_name, + priority_id=t.priority_id, + closed=t.closed, + ) + for t in result.items + ] + return {"items": items, "total": result.total, "page": result.page, "page_size": result.page_size} + except PSAError as e: + raise HTTPException(status_code=502, detail=str(e)) +``` + +- [ ] **Step 3: Add POST /tickets endpoint** + +```python +@router.post("/tickets", response_model=PSATicketCreatedSchema, status_code=201) +async def create_ticket( + data: TicketCreatePayloadSchema, + current_user: Annotated[User, Depends(require_engineer_or_admin)], + db: Annotated[AsyncSession, Depends(get_db)], +): + """Create a new PSA ticket.""" + if not current_user.account_id: + raise HTTPException(status_code=400, detail="User has no account") + from app.services.psa.exceptions import PSAError + from app.services.psa.types import TicketCreatePayload + try: + return await ticket_svc.create_ticket( + current_user.account_id, + TicketCreatePayload(**data.model_dump()), + db, + ) + except PSAError as e: + raise HTTPException(status_code=502, detail=str(e)) +``` + +- [ ] **Step 4: Add PATCH /tickets/{id}/status endpoint** + +```python +@router.patch("/tickets/{ticket_id}/status", response_model=PSATicketStatusUpdateSchema) +async def update_ticket_status_endpoint( + ticket_id: int, + status_id: int, + current_user: Annotated[User, Depends(require_engineer_or_admin)], + db: Annotated[AsyncSession, Depends(get_db)], +): + """Update a ticket's status.""" + if not current_user.account_id: + raise HTTPException(status_code=400, detail="User has no account") + from app.services.psa.exceptions import PSAError + try: + return await ticket_svc.update_status(current_user.account_id, ticket_id, status_id, db) + except PSAError as e: + raise HTTPException(status_code=502, detail=str(e)) +``` + +- [ ] **Step 5: Add resource CRUD endpoints** + +```python +@router.get("/tickets/{ticket_id}/resources", response_model=list[PSAResourceSchema]) +async def list_ticket_resources( + ticket_id: int, + current_user: Annotated[User, Depends(require_engineer_or_admin)], + db: Annotated[AsyncSession, Depends(get_db)], +): + if not current_user.account_id: + raise HTTPException(status_code=400, detail="User has no account") + from app.services.psa.exceptions import PSAError + try: + return await ticket_svc.list_resources(current_user.account_id, ticket_id, db) + except PSAError as e: + raise HTTPException(status_code=502, detail=str(e)) + + +@router.post("/tickets/{ticket_id}/resources", response_model=PSAResourceSchema, status_code=201) +async def add_ticket_resource( + ticket_id: int, + member_id: int, + current_user: Annotated[User, Depends(require_engineer_or_admin)], + db: Annotated[AsyncSession, Depends(get_db)], +): + if not current_user.account_id: + raise HTTPException(status_code=400, detail="User has no account") + from app.services.psa.exceptions import PSAError + try: + return await ticket_svc.add_resource(current_user.account_id, ticket_id, member_id, db) + except PSAError as e: + raise HTTPException(status_code=502, detail=str(e)) + + +@router.delete("/tickets/{ticket_id}/resources/{member_id}", status_code=204) +async def remove_ticket_resource( + ticket_id: int, + member_id: int, + current_user: Annotated[User, Depends(require_engineer_or_admin)], + db: Annotated[AsyncSession, Depends(get_db)], +): + if not current_user.account_id: + raise HTTPException(status_code=400, detail="User has no account") + from app.services.psa.exceptions import PSAError + try: + await ticket_svc.remove_resource(current_user.account_id, ticket_id, member_id, db) + except PSAError as e: + raise HTTPException(status_code=502, detail=str(e)) +``` + +- [ ] **Step 6: Add GET /priorities endpoint** + +```python +@router.get("/priorities", response_model=list[PSAPrioritySchema]) +async def list_priorities( + current_user: Annotated[User, Depends(require_engineer_or_admin)], + db: Annotated[AsyncSession, Depends(get_db)], +): + """List PSA priority levels for ticket creation form.""" + if not current_user.account_id: + raise HTTPException(status_code=400, detail="User has no account") + from app.services.psa.registry import get_provider_for_account + from app.services.psa.exceptions import PSAError + try: + provider = await get_provider_for_account(current_user.account_id, db) + raw = await provider.list_priorities() + return [PSAPrioritySchema(id=p["id"], name=p["name"]) for p in raw if p.get("id")] + except PSAError: + return [] +``` + +- [ ] **Step 7: Commit** + +```bash +git add backend/app/api/endpoints/integrations.py +git commit -m "feat(psa): update search endpoint for pagination, add create/status/resource/priority endpoints" +``` + +--- + +### Task 7: Add AI parse endpoint + +**Files:** +- Modify: `backend/app/api/endpoints/integrations.py` + +- [ ] **Step 1: Add ai-parse endpoint** + +```python +@router.post("/tickets/ai-parse", response_model=AiParseResponseSchema) +async def ai_parse_ticket( + data: AiParseRequestSchema, + current_user: Annotated[User, Depends(require_engineer_or_admin)], + db: Annotated[AsyncSession, Depends(get_db)], +): + """Parse natural language into a ticket pre-fill payload using Claude.""" + if not current_user.account_id: + raise HTTPException(status_code=400, detail="User has no account") + + from app.services.psa.registry import get_provider_for_account + from app.services.psa.exceptions import PSAError + from app.core.config import settings + import anthropic + import json + + # Fetch boards + members for context (both cached) + boards = [] + members = [] + try: + provider = await get_provider_for_account(current_user.account_id, db) + boards = await provider.list_boards() + members = await provider.list_members() + except PSAError: + pass + + boards_list = [{"id": b.id, "name": b.name} for b in boards] + members_list = [{"id": m.id, "name": m.name, "identifier": m.identifier} for m in members] + + system_prompt = """You are a ticket triage assistant for an MSP help desk. +Extract structured ticket information from the engineer's natural language description. +Return ONLY valid JSON matching this exact schema — no other text: +{ + "summary": "short one-line ticket title or null", + "board_id": "integer matching one of the provided boards or null", + "priority_name": "one of: Critical, High, Medium, Low, or null", + "description": "expanded description or null", + "assignee_identifier": "member identifier string from the provided members list or null", + "warnings": ["list of strings explaining what could not be resolved"] +}""" + + user_msg = f"""Available boards: {json.dumps(boards_list)} +Available members: {json.dumps(members_list[:50])} + +Engineer's description: {data.prompt}""" + + missing_fields: list[str] = [] + warnings: list[str] = [] + response_data = AiParseResponseSchema() + + try: + client = anthropic.AsyncAnthropic( + api_key=settings.ANTHROPIC_API_KEY, + max_retries=1, + ) + msg = await client.messages.create( + model=settings.get_model_for_action("default"), + max_tokens=512, + system=system_prompt, + messages=[{"role": "user", "content": user_msg}], + ) + raw = msg.content[0].text.strip() + # Strip markdown fences if present + if raw.startswith("```"): + import re + raw = re.sub(r'^```(?:json)?\s*', '', raw) + raw = re.sub(r'\s*```$', '', raw.strip()) + parsed = json.loads(raw) + + response_data.summary = parsed.get("summary") + response_data.description = parsed.get("description") + warnings = parsed.get("warnings", []) + + # Resolve board_id + if parsed.get("board_id"): + board_match = next((b for b in boards if b.id == int(parsed["board_id"])), None) + if board_match: + response_data.board_id = board_match.id + else: + missing_fields.append("board_id") + warnings.append(f"Board ID {parsed['board_id']} not found") + else: + missing_fields.append("board_id") + + # Resolve assignee + if parsed.get("assignee_identifier"): + member = next((m for m in members if m.identifier == parsed["assignee_identifier"]), None) + if member: + response_data.assigned_member_id = int(member.id) + else: + warnings.append(f"Member '{parsed['assignee_identifier']}' not found") + + # Priority/status always need manual selection — they're board-dependent + missing_fields.extend(["status_id", "priority_id", "company_id"]) + + except Exception as e: + logger.warning("AI parse failed: %s", e) + missing_fields = ["summary", "board_id", "status_id", "priority_id", "company_id"] + warnings = ["AI parsing failed — please fill in manually"] + + response_data.missing_fields = missing_fields + response_data.warnings = warnings + return response_data +``` + +- [ ] **Step 2: Commit** + +```bash +git add backend/app/api/endpoints/integrations.py +git commit -m "feat(psa): add AI ticket parse endpoint" +``` + +--- + +### Task 8: Update assistant_chat_service.py system prompt + +**Files:** +- Modify: `backend/app/services/assistant_chat_service.py` + +- [ ] **Step 1: Add spin-off ticket rule to ASSISTANT_SYSTEM_PROMPT** + +Find the end of `ASSISTANT_SYSTEM_PROMPT` in `assistant_chat_service.py` and append this section before the closing `"""`: + +```python +# Add as the last section of ASSISTANT_SYSTEM_PROMPT, before the closing triple-quote: + +## SPIN-OFF TICKET CREATION + +When you identify a second distinct issue that is clearly separate from the primary topic \ +of this session, suggest creating a spin-off ticket using the [ACTIONS] marker below. \ +Use this sparingly — only when the issue is genuinely independent, not for every tangential mention. + +Format: +[ACTIONS] +[ + { + "label": "Create ticket: <brief issue title>", + "command": "create_spin_off_ticket", + "description": "<one sentence description of the separate issue>" + } +] +[/ACTIONS] +``` + +- [ ] **Step 2: Write a backend test for the new endpoints** + +```python +# backend/tests/test_psa_tickets.py +"""Routing and auth tests for new ticket management endpoints.""" +import pytest + + +@pytest.mark.asyncio +async def test_create_ticket_requires_auth(client): + """POST /tickets returns 401 without auth.""" + response = await client.post( + "/api/v1/integrations/psa/tickets", + json={ + "summary": "Test", "company_id": 1, "board_id": 1, + "status_id": 1, "priority_id": 1 + }, + ) + assert response.status_code == 401 + + +@pytest.mark.asyncio +async def test_list_resources_requires_auth(client): + response = await client.get("/api/v1/integrations/psa/tickets/1/resources") + assert response.status_code == 401 + + +@pytest.mark.asyncio +async def test_search_tickets_returns_paginated_shape(client, auth_headers): + """search endpoint returns TicketListResponse shape when no PSA connected.""" + response = await client.get( + "/api/v1/integrations/psa/tickets/search", + headers=auth_headers, + ) + # No PSA connection → 400 + assert response.status_code in (200, 400, 502) + if response.status_code == 200: + data = response.json() + assert "items" in data + assert "total" in data + assert "page" in data + + +@pytest.mark.asyncio +async def test_update_status_requires_auth(client): + response = await client.patch( + "/api/v1/integrations/psa/tickets/1/status?status_id=5" + ) + assert response.status_code == 401 + + +@pytest.mark.asyncio +async def test_ai_parse_requires_auth(client): + response = await client.post( + "/api/v1/integrations/psa/tickets/ai-parse", + json={"prompt": "New ticket for Acme"}, + ) + assert response.status_code == 401 +``` + +- [ ] **Step 3: Run tests** + +```bash +cd backend && pytest tests/test_psa_tickets.py -v --override-ini="addopts=" +``` + +Expected: all pass. + +- [ ] **Step 4: Commit** + +```bash +git add backend/app/services/assistant_chat_service.py backend/tests/test_psa_tickets.py +git commit -m "feat(psa): add spin-off ticket system prompt rule, backend routing tests" +``` + +--- + +## Phase 3 — Frontend: Types + API Client + +### Task 9: Create types/tickets.ts + update types/integrations.ts + +**Files:** +- Create: `frontend/src/types/tickets.ts` +- Modify: `frontend/src/types/integrations.ts` + +- [ ] **Step 1: Create types/tickets.ts** + +```typescript +// frontend/src/types/tickets.ts +import type { PSATicketSearchResult } from '@/types/integrations' + +export interface TicketFilters { + search: string + board_id: number | null + status_id: number | null + priority: string | null + company_id: number | null + assigned: 'me' | 'unassigned' | 'all' | number + include_closed: boolean +} + +export const DEFAULT_TICKET_FILTERS: TicketFilters = { + search: '', + board_id: null, + status_id: null, + priority: null, + company_id: null, + assigned: 'all', + include_closed: false, +} + +export interface TicketCreationPayload { + summary: string + company_id: number | null + board_id: number | null + status_id: number | null + priority_id: number | null + description: string + assigned_member_id: number | null +} + +export interface AiParseResponse { + summary: string | null + company_id: number | null + board_id: number | null + priority_id: number | null + status_id: number | null + assigned_member_id: number | null + description: string | null + missing_fields: string[] + warnings: string[] +} + +export interface PSAResource { + member_id: number + member_name: string + member_identifier: string + is_rf_user: boolean +} + +export interface PSATicketCreated { + id: number + summary: string + board_name: string + status_name: string + priority_name: string + company_name: string + resources: PSAResource[] +} + +export interface PSATicketStatusUpdate { + ticket_id: number + previous_status: string + new_status: string +} + +export interface TicketListResponse { + items: PSATicketSearchResult[] + total: number + page: number + page_size: number +} + +export interface PSAPriority { + id: number + name: string +} +``` + +- [ ] **Step 2: Update PSATicketSearchResult and PSATicketInfo in types/integrations.ts** + +```typescript +// frontend/src/types/integrations.ts — update these interfaces + +export interface PSATicketInfo { + id: string + summary: string + company_name: string | null + company_id: number | null // add + board_name: string | null + board_id: number | null // add + status_name: string | null + status_id: number | null // add + priority_name: string | null + priority_id: number | null // add +} + +export interface PSATicketSearchResult { + id: string + summary: string + company_name: string | null + company_id: string | null // add + board_name: string | null + board_id: number | null // add + status_name: string | null + status_id: number | null // add + priority_name: string | null + priority_id: number | null // add + closed: boolean +} +``` + +- [ ] **Step 3: Export new types from types/index.ts (if it exists)** + +```bash +grep -n "tickets" /home/coder/root-workspace/resolutionflow/frontend/src/types/index.ts +``` + +If `types/index.ts` exists and exports from other type files, add: +```typescript +export * from './tickets' +``` + +- [ ] **Step 4: Commit** + +```bash +git add frontend/src/types/tickets.ts frontend/src/types/integrations.ts +git commit -m "feat(tickets): add tickets types, expand PSATicketSearchResult/PSATicketInfo with IDs" +``` + +--- + +### Task 10: Create api/tickets.ts + update api/integrations.ts + +**Files:** +- Create: `frontend/src/api/tickets.ts` +- Modify: `frontend/src/api/integrations.ts` + +- [ ] **Step 1: Create api/tickets.ts** + +```typescript +// frontend/src/api/tickets.ts +import { apiClient } from './client' +import type { + PSAResource, + PSATicketCreated, + PSATicketStatusUpdate, + TicketCreationPayload, + AiParseResponse, + TicketListResponse, + PSAPriority, +} from '@/types/tickets' + +export const ticketsApi = { + listResources: (ticketId: number): Promise<PSAResource[]> => + apiClient.get<PSAResource[]>(`/integrations/psa/tickets/${ticketId}/resources`).then(r => r.data), + + addResource: (ticketId: number, memberId: number): Promise<PSAResource> => + apiClient.post<PSAResource>(`/integrations/psa/tickets/${ticketId}/resources?member_id=${memberId}`).then(r => r.data), + + removeResource: (ticketId: number, memberId: number): Promise<void> => + apiClient.delete(`/integrations/psa/tickets/${ticketId}/resources/${memberId}`).then(() => undefined), + + updateStatus: (ticketId: number, statusId: number): Promise<PSATicketStatusUpdate> => + apiClient.patch<PSATicketStatusUpdate>(`/integrations/psa/tickets/${ticketId}/status?status_id=${statusId}`).then(r => r.data), + + createTicket: (payload: TicketCreationPayload): Promise<PSATicketCreated> => + apiClient.post<PSATicketCreated>('/integrations/psa/tickets', payload).then(r => r.data), + + aiParse: (prompt: string): Promise<AiParseResponse> => + apiClient.post<AiParseResponse>('/integrations/psa/tickets/ai-parse', { prompt }).then(r => r.data), + + listPriorities: (): Promise<PSAPriority[]> => + apiClient.get<PSAPriority[]>('/integrations/psa/priorities').then(r => r.data), + + searchTickets: (params: { + query?: string + board_id?: number | null + status_id?: number | null + include_closed?: boolean + assigned_to_me?: boolean + unassigned?: boolean + board_ids?: string + priority?: string | null + company_id?: number | null + page?: number + page_size?: number + }): Promise<TicketListResponse> => + apiClient.get<TicketListResponse>('/integrations/psa/tickets/search', { params }).then(r => r.data), +} +``` + +- [ ] **Step 2: Update return types in api/integrations.ts** + +```typescript +// frontend/src/api/integrations.ts — update these two methods: +import type { TicketListResponse } from '@/types/tickets' + +searchTickets: (params: { query?: string; board_id?: number; include_closed?: boolean }) => + apiClient.get<TicketListResponse>('/integrations/psa/tickets/search', { params }).then(r => r.data), + +searchTicketsQueue: (params: { + assigned_to_me?: boolean + unassigned?: boolean + board_ids?: string + page?: number + page_size?: number +}) => + apiClient.get<TicketListResponse>('/integrations/psa/tickets/search', { params }).then(r => r.data), +``` + +- [ ] **Step 3: Update TicketQueue.tsx and TicketPickerModal.tsx to read .items** + +In `frontend/src/components/dashboard/TicketQueue.tsx`, find every place that uses the result of `searchTicketsQueue()` or `searchTickets()` as an array and change it to read `.items`: + +```bash +grep -n "searchTicketsQueue\|searchTickets" /home/coder/root-workspace/resolutionflow/frontend/src/components/dashboard/TicketQueue.tsx +``` + +Change any `setTickets(data)` or similar to `setTickets(data.items)`. + +In `frontend/src/components/session/TicketPickerModal.tsx`: +```bash +grep -n "searchTickets" /home/coder/root-workspace/resolutionflow/frontend/src/components/session/TicketPickerModal.tsx +``` + +Change any usage from array result to `.items` access. + +- [ ] **Step 4: Commit** + +```bash +git add frontend/src/api/tickets.ts frontend/src/api/integrations.ts \ + frontend/src/components/dashboard/TicketQueue.tsx \ + frontend/src/components/session/TicketPickerModal.tsx +git commit -m "feat(tickets): add tickets API client, update integrations API for paginated search" +``` + +--- + +## Phase 4 — Tickets Page + +### Task 11: Create TicketFilterBar.tsx + +**Files:** +- Create: `frontend/src/components/tickets/TicketFilterBar.tsx` + +- [ ] **Step 1: Create the config-driven filter bar** + +```tsx +// frontend/src/components/tickets/TicketFilterBar.tsx +import { Search, X } from 'lucide-react' +import { cn } from '@/lib/utils' +import type { TicketFilters } from '@/types/tickets' +import type { PSABoard, PSATicketStatusItem } from '@/types/integrations' +import type { PSAPriority } from '@/types/tickets' + +interface TicketFilterBarProps { + filters: TicketFilters + onChange: (updated: Partial<TicketFilters>) => void + boards: PSABoard[] + statuses: PSATicketStatusItem[] + priorities: PSAPriority[] + members: { id: number; name: string }[] + total: number + page: number + pageSize: number + onPageChange: (page: number) => void + loading: boolean +} + +export function TicketFilterBar({ + filters, onChange, boards, statuses, priorities, members, + total, page, pageSize, onPageChange, loading, +}: TicketFilterBarProps) { + const start = (page - 1) * pageSize + 1 + const end = Math.min(page * pageSize, total) + const hasNext = page * pageSize < total + const hasPrev = page > 1 + + return ( + <div className="space-y-3"> + {/* Filter row */} + <div className="flex flex-wrap gap-2 items-center"> + {/* Search */} + <div className="relative"> + <Search className="absolute left-2.5 top-1/2 -translate-y-1/2 w-3.5 h-3.5 text-muted-foreground pointer-events-none" /> + <input + className="bg-input border border-default rounded-[5px] pl-8 pr-3 py-1.5 text-sm text-primary placeholder:text-muted-foreground focus:border-accent focus:outline-none w-48" + placeholder="Search tickets..." + value={filters.search} + onChange={e => onChange({ search: e.target.value })} + /> + </div> + + {/* Assignment */} + <select + className="bg-input border border-default rounded-[5px] px-3 py-1.5 text-sm text-primary focus:border-accent focus:outline-none" + value={typeof filters.assigned === 'number' ? String(filters.assigned) : filters.assigned} + onChange={e => { + const v = e.target.value + onChange({ assigned: v === 'me' || v === 'unassigned' || v === 'all' ? v : Number(v) }) + }} + > + <option value="all">All Tickets</option> + <option value="me">My Tickets</option> + <option value="unassigned">Unassigned</option> + {members.map(m => ( + <option key={m.id} value={String(m.id)}>{m.name}</option> + ))} + </select> + + {/* Board */} + <select + className="bg-input border border-default rounded-[5px] px-3 py-1.5 text-sm text-primary focus:border-accent focus:outline-none" + value={filters.board_id ?? ''} + onChange={e => onChange({ board_id: e.target.value ? Number(e.target.value) : null })} + > + <option value="">All Boards</option> + {boards.map(b => <option key={b.id} value={b.id}>{b.name}</option>)} + </select> + + {/* Status */} + <select + className="bg-input border border-default rounded-[5px] px-3 py-1.5 text-sm text-primary focus:border-accent focus:outline-none" + value={filters.status_id ?? ''} + onChange={e => onChange({ status_id: e.target.value ? Number(e.target.value) : null })} + > + <option value="">All Statuses</option> + {statuses.map(s => <option key={s.id} value={s.id}>{s.name}</option>)} + </select> + + {/* Priority */} + <select + className="bg-input border border-default rounded-[5px] px-3 py-1.5 text-sm text-primary focus:border-accent focus:outline-none" + value={filters.priority ?? ''} + onChange={e => onChange({ priority: e.target.value || null })} + > + <option value="">All Priorities</option> + {priorities.map(p => <option key={p.id} value={p.name}>{p.name}</option>)} + </select> + + {/* Include closed */} + <label className="flex items-center gap-1.5 text-sm text-muted-foreground cursor-pointer select-none"> + <input + type="checkbox" + className="accent-accent" + checked={filters.include_closed} + onChange={e => onChange({ include_closed: e.target.checked })} + /> + Include closed + </label> + + {/* Clear filters */} + {(filters.search || filters.board_id || filters.status_id || filters.priority || filters.assigned !== 'all' || filters.include_closed) && ( + <button + onClick={() => onChange({ search: '', board_id: null, status_id: null, priority: null, assigned: 'all', include_closed: false })} + className="flex items-center gap-1 text-xs text-muted-foreground hover:text-primary transition-colors" + > + <X className="w-3 h-3" /> Clear + </button> + )} + </div> + + {/* Pagination row */} + {total > 0 && ( + <div className="flex items-center justify-between text-xs text-muted-foreground"> + <span> + {loading ? 'Loading…' : `Showing ${start}–${end} of ${total} tickets`} + </span> + <div className="flex gap-1"> + <button + disabled={!hasPrev} + onClick={() => onPageChange(page - 1)} + className={cn( + 'px-2 py-1 rounded border text-xs transition-colors', + hasPrev + ? 'border-default text-primary hover:border-hover' + : 'border-default text-muted-foreground opacity-40 cursor-not-allowed' + )} + > + Prev + </button> + <button + disabled={!hasNext} + onClick={() => onPageChange(page + 1)} + className={cn( + 'px-2 py-1 rounded border text-xs transition-colors', + hasNext + ? 'border-default text-primary hover:border-hover' + : 'border-default text-muted-foreground opacity-40 cursor-not-allowed' + )} + > + Next + </button> + </div> + </div> + )} + </div> + ) +} +``` + +- [ ] **Step 2: Commit** + +```bash +git add frontend/src/components/tickets/TicketFilterBar.tsx +git commit -m "feat(tickets): add config-driven TicketFilterBar with pagination controls" +``` + +--- + +### Task 12: Create TicketListRow.tsx + +**Files:** +- Create: `frontend/src/components/tickets/TicketListRow.tsx` + +- [ ] **Step 1: Create compact row component** + +```tsx +// frontend/src/components/tickets/TicketListRow.tsx +import { cn } from '@/lib/utils' +import type { PSATicketSearchResult } from '@/types/integrations' + +interface TicketListRowProps { + ticket: PSATicketSearchResult + selected: boolean + onClick: () => void +} + +const PRIORITY_STYLES: Record<string, string> = { + Critical: 'text-danger', + High: 'text-danger', + Medium: 'text-warning', + Low: 'text-muted-foreground', +} + +const STATUS_STYLES: Record<string, { bg: string; text: string }> = { + New: { bg: 'bg-accent/10', text: 'text-accent' }, + 'In Progress': { bg: 'bg-warning/10', text: 'text-warning' }, + Waiting: { bg: 'bg-success/10', text: 'text-success' }, + Resolved: { bg: 'bg-muted/10', text: 'text-muted-foreground' }, +} + +function statusStyle(name: string | null) { + if (!name) return { bg: 'bg-elevated', text: 'text-muted-foreground' } + return STATUS_STYLES[name] ?? { bg: 'bg-elevated', text: 'text-muted-foreground' } +} + +export function TicketListRow({ ticket, selected, onClick }: TicketListRowProps) { + const { bg, text } = statusStyle(ticket.status_name) + const priorityClass = PRIORITY_STYLES[ticket.priority_name ?? ''] ?? 'text-muted-foreground' + + return ( + <div + role="button" + tabIndex={0} + onClick={onClick} + onKeyDown={e => e.key === 'Enter' && onClick()} + className={cn( + 'flex items-center gap-3 px-4 py-2.5 cursor-pointer transition-colors border-b border-default text-sm', + selected ? 'bg-accent/5' : 'hover:bg-elevated' + )} + > + {/* ID */} + <span className="w-12 shrink-0 text-accent text-xs font-mono">#{ticket.id}</span> + + {/* Summary */} + <span className="flex-1 truncate text-primary font-medium">{ticket.summary}</span> + + {/* Company */} + <span className="w-32 shrink-0 truncate text-muted-foreground text-xs hidden md:block"> + {ticket.company_name ?? '—'} + </span> + + {/* Board */} + <span className="w-28 shrink-0 truncate text-muted-foreground text-xs hidden lg:block"> + {ticket.board_name ?? '—'} + </span> + + {/* Status badge */} + <span className={cn('shrink-0 px-1.5 py-0.5 rounded text-[11px] font-medium', bg, text)}> + {ticket.status_name ?? '—'} + </span> + + {/* Priority */} + <span className={cn('w-14 shrink-0 text-xs text-right', priorityClass)}> + {ticket.priority_name ?? '—'} + </span> + </div> + ) +} +``` + +- [ ] **Step 2: Commit** + +```bash +git add frontend/src/components/tickets/TicketListRow.tsx +git commit -m "feat(tickets): add compact TicketListRow component" +``` + +--- + +### Task 13: Create TicketsPage.tsx + +**Files:** +- Create: `frontend/src/pages/TicketsPage.tsx` + +- [ ] **Step 1: Create TicketsPage with URL-param filter state** + +```tsx +// frontend/src/pages/TicketsPage.tsx +import { useEffect, useState, useCallback } from 'react' +import { useSearchParams } from 'react-router-dom' +import { Plus, Ticket } from 'lucide-react' +import { PageMeta } from '@/components/common/PageMeta' +import { TicketFilterBar } from '@/components/tickets/TicketFilterBar' +import { TicketListRow } from '@/components/tickets/TicketListRow' +import { TicketDetailPanel } from '@/components/tickets/TicketDetailPanel' +import { NewTicketModal } from '@/components/tickets/NewTicketModal' +import { integrationsApi } from '@/api/integrations' +import { ticketsApi } from '@/api/tickets' +import type { PSATicketSearchResult, PSABoard, PSATicketStatusItem } from '@/types/integrations' +import type { TicketFilters, PSAPriority } from '@/types/tickets' +import { DEFAULT_TICKET_FILTERS } from '@/types/tickets' + +const PAGE_SIZE = 25 + +function filtersFromParams(params: URLSearchParams): TicketFilters & { page: number } { + const assigned = params.get('assigned') ?? 'all' + return { + search: params.get('search') ?? '', + board_id: params.get('board') ? Number(params.get('board')) : null, + status_id: params.get('status') ? Number(params.get('status')) : null, + priority: params.get('priority') ?? null, + company_id: params.get('company') ? Number(params.get('company')) : null, + assigned: (assigned === 'me' || assigned === 'unassigned' || assigned === 'all') + ? assigned + : Number(assigned), + include_closed: params.get('closed') === 'true', + page: params.get('page') ? Number(params.get('page')) : 1, + } +} + +export default function TicketsPage() { + const [searchParams, setSearchParams] = useSearchParams() + const { page, ...filters } = filtersFromParams(searchParams) + + const [tickets, setTickets] = useState<PSATicketSearchResult[]>([]) + const [total, setTotal] = useState(0) + const [loading, setLoading] = useState(false) + const [boards, setBoards] = useState<PSABoard[]>([]) + const [statuses, setStatuses] = useState<PSATicketStatusItem[]>([]) + const [priorities, setPriorities] = useState<PSAPriority[]>([]) + const [members, setMembers] = useState<{ id: number; name: string }[]>([]) + const [selectedTicket, setSelectedTicket] = useState<PSATicketSearchResult | null>(null) + const [showNewTicket, setShowNewTicket] = useState(false) + + // Load filter option data once + useEffect(() => { + integrationsApi.listBoards().then(setBoards).catch(() => {}) + ticketsApi.listPriorities().then(setPriorities).catch(() => {}) + integrationsApi.listMembers() + .then(ms => setMembers(ms.map(m => ({ id: Number(m.id), name: m.name })))) + .catch(() => {}) + }, []) + + // Load statuses when board changes + useEffect(() => { + if (filters.board_id) { + integrationsApi.getTicketStatuses(String(filters.board_id)) + .then(setStatuses).catch(() => {}) + } else { + setStatuses([]) + } + }, [filters.board_id]) + + // Fetch tickets on filter/page change + const fetchTickets = useCallback(async () => { + setLoading(true) + try { + const result = await ticketsApi.searchTickets({ + query: filters.search || undefined, + board_id: filters.board_id ?? undefined, + status_id: filters.status_id ?? undefined, + include_closed: filters.include_closed, + assigned_to_me: filters.assigned === 'me', + unassigned: filters.assigned === 'unassigned', + priority: filters.priority ?? undefined, + company_id: filters.company_id ?? undefined, + page, + page_size: PAGE_SIZE, + }) + setTickets(result.items) + setTotal(result.total) + } catch { + setTickets([]) + setTotal(0) + } finally { + setLoading(false) + } + }, [filters.search, filters.board_id, filters.status_id, filters.include_closed, + filters.assigned, filters.priority, filters.company_id, page]) + + useEffect(() => { fetchTickets() }, [fetchTickets]) + + function updateFilters(updated: Partial<TicketFilters>) { + const next = new URLSearchParams(searchParams) + if ('search' in updated) updated.search ? next.set('search', updated.search!) : next.delete('search') + if ('board_id' in updated) updated.board_id ? next.set('board', String(updated.board_id)) : next.delete('board') + if ('status_id' in updated) updated.status_id ? next.set('status', String(updated.status_id)) : next.delete('status') + if ('priority' in updated) updated.priority ? next.set('priority', updated.priority!) : next.delete('priority') + if ('company_id' in updated) updated.company_id ? next.set('company', String(updated.company_id)) : next.delete('company') + if ('assigned' in updated) { + const a = updated.assigned + a === 'all' ? next.delete('assigned') : next.set('assigned', String(a)) + } + if ('include_closed' in updated) updated.include_closed ? next.set('closed', 'true') : next.delete('closed') + next.delete('page') // reset to 1 on filter change + setSearchParams(next) + } + + function updatePage(p: number) { + const next = new URLSearchParams(searchParams) + p === 1 ? next.delete('page') : next.set('page', String(p)) + setSearchParams(next) + } + + return ( + <div className="flex flex-col h-full overflow-hidden"> + <PageMeta title="Tickets — ResolutionFlow" /> + + {/* Header */} + <div className="flex items-center justify-between px-6 py-4 border-b border-default shrink-0"> + <div className="flex items-center gap-2"> + <Ticket className="w-5 h-5 text-muted-foreground" /> + <h1 className="font-heading text-xl font-bold text-heading">Tickets</h1> + </div> + <button + onClick={() => setShowNewTicket(true)} + className="flex items-center gap-1.5 px-3 py-1.5 bg-accent text-white text-sm font-medium rounded-[5px] hover:bg-accent/90 transition-colors" + > + <Plus className="w-4 h-4" /> New Ticket + </button> + </div> + + {/* Filters */} + <div className="px-6 py-3 border-b border-default shrink-0"> + <TicketFilterBar + filters={filters} + onChange={updateFilters} + boards={boards} + statuses={statuses} + priorities={priorities} + members={members} + total={total} + page={page} + pageSize={PAGE_SIZE} + onPageChange={updatePage} + loading={loading} + /> + </div> + + {/* List + Detail Panel */} + <div className="flex flex-1 overflow-hidden"> + {/* Ticket list */} + <div className={`flex flex-col overflow-y-auto ${selectedTicket ? 'w-1/2' : 'w-full'} transition-all`}> + {loading && tickets.length === 0 && ( + <div className="flex items-center justify-center py-16 text-muted-foreground text-sm"> + Loading tickets… + </div> + )} + {!loading && tickets.length === 0 && ( + <div className="flex flex-col items-center justify-center py-16 text-muted-foreground text-sm gap-2"> + <Ticket className="w-8 h-8 opacity-30" /> + No tickets match your filters + </div> + )} + {tickets.map(t => ( + <TicketListRow + key={t.id} + ticket={t} + selected={selectedTicket?.id === t.id} + onClick={() => setSelectedTicket(t)} + /> + ))} + </div> + + {/* Detail panel */} + {selectedTicket && ( + <div className="w-1/2 border-l border-default overflow-y-auto"> + <TicketDetailPanel + ticket={selectedTicket} + onClose={() => setSelectedTicket(null)} + onStatusUpdated={(ticketId, newStatus) => { + setTickets(prev => prev.map(t => + t.id === String(ticketId) ? { ...t, status_name: newStatus } : t + )) + }} + /> + </div> + )} + </div> + + {/* New Ticket Modal */} + {showNewTicket && ( + <NewTicketModal + defaultTab="quick" + onClose={() => setShowNewTicket(false)} + onCreated={() => { setShowNewTicket(false); fetchTickets() }} + /> + )} + </div> + ) +} +``` + +- [ ] **Step 2: Commit** + +```bash +git add frontend/src/pages/TicketsPage.tsx +git commit -m "feat(tickets): add TicketsPage with URL-param filter state and slide-out detail" +``` + +--- + +### Task 14: Add route + sidebar nav + +**Files:** +- Modify: `frontend/src/router.tsx` +- Modify: `frontend/src/components/layout/Sidebar.tsx` + +- [ ] **Step 1: Add TicketsPage to router.tsx** + +After the existing lazy imports, add: +```typescript +const TicketsPage = lazyWithRetry(() => import('@/pages/TicketsPage')) +``` + +Inside the protected route children array (alongside other routes like `/sessions`), add: +```typescript +{ path: 'tickets', element: <Suspense fallback={<PageLoader />}><TicketsPage /></Suspense> }, +``` + +- [ ] **Step 2: Add Tickets nav item to Sidebar.tsx** + +In `Sidebar.tsx`, find the `railGroups` array. Add a Tickets entry in the RESOLVE section. Find the History entry: +```typescript +{ + href: '/sessions', icon: History, label: 'History', shortLabel: 'History', + ... +}, +``` + +Add after it: +```typescript +{ + href: '/tickets', icon: Ticket, label: 'Tickets', shortLabel: 'Tickets', + matchPaths: ['/tickets'], +}, +``` + +Also add `Ticket` to the Lucide imports at the top of `Sidebar.tsx`. + +- [ ] **Step 3: Commit** + +```bash +git add frontend/src/router.tsx frontend/src/components/layout/Sidebar.tsx +git commit -m "feat(tickets): add /tickets route and sidebar nav item" +``` + +--- + +## Phase 5 — Ticket Detail Panel + +### Task 15: Create detail subcomponents + +**Files:** +- Create: `frontend/src/components/tickets/detail/TicketDetailHeader.tsx` +- Create: `frontend/src/components/tickets/detail/TicketNotesFeed.tsx` +- Create: `frontend/src/components/tickets/detail/TicketAddNote.tsx` +- Create: `frontend/src/components/tickets/detail/TicketConfigs.tsx` +- Create: `frontend/src/components/tickets/detail/TicketRelated.tsx` + +- [ ] **Step 1: Create TicketDetailHeader.tsx** + +```tsx +// frontend/src/components/tickets/detail/TicketDetailHeader.tsx +import { ExternalLink } from 'lucide-react' +import type { PSATicketSearchResult } from '@/types/integrations' +import type { PSATicketStatusUpdate } from '@/types/tickets' +import type { PSATicketStatusItem } from '@/types/integrations' +import { ticketsApi } from '@/api/tickets' +import { toast } from '@/lib/toast' +import { useState } from 'react' + +interface Props { + ticket: PSATicketSearchResult + statuses: PSATicketStatusItem[] + onStatusUpdated: (ticketId: number, newStatus: string) => void +} + +export function TicketDetailHeader({ ticket, statuses, onStatusUpdated }: Props) { + const [updating, setUpdating] = useState(false) + + async function handleStatusChange(statusId: number) { + if (!ticket.id) return + setUpdating(true) + try { + const result: PSATicketStatusUpdate = await ticketsApi.updateStatus(Number(ticket.id), statusId) + onStatusUpdated(result.ticket_id, result.new_status) + toast.success(`Status updated to ${result.new_status}`) + } catch { + toast.error('Failed to update status') + } finally { + setUpdating(false) + } + } + + return ( + <div className="p-4 border-b border-default space-y-3"> + <div className="flex items-start justify-between gap-2"> + <div> + <div className="flex items-center gap-2 mb-1"> + <span className="text-accent text-xs font-mono">#{ticket.id}</span> + {ticket.board_name && ( + <span className="text-xs text-muted-foreground">{ticket.board_name}</span> + )} + </div> + <h2 className="font-heading font-semibold text-heading text-base leading-snug"> + {ticket.summary} + </h2> + {ticket.company_name && ( + <p className="text-sm text-muted-foreground mt-0.5">{ticket.company_name}</p> + )} + </div> + </div> + + {/* Status + Priority */} + <div className="flex items-center gap-2 flex-wrap"> + {statuses.length > 0 ? ( + <select + disabled={updating} + value={ticket.status_id ?? ''} + onChange={e => handleStatusChange(Number(e.target.value))} + className="bg-input border border-default rounded-[5px] px-2 py-1 text-xs text-primary focus:border-accent focus:outline-none" + > + {statuses.map(s => ( + <option key={s.id} value={s.id}>{s.name}</option> + ))} + </select> + ) : ( + ticket.status_name && ( + <span className="px-2 py-0.5 bg-elevated rounded text-xs text-muted-foreground"> + {ticket.status_name} + </span> + ) + )} + {ticket.priority_name && ( + <span className="px-2 py-0.5 bg-elevated rounded text-xs text-muted-foreground"> + {ticket.priority_name} + </span> + )} + </div> + </div> + ) +} +``` + +- [ ] **Step 2: Create TicketNotesFeed.tsx** + +```tsx +// frontend/src/components/tickets/detail/TicketNotesFeed.tsx +import type { TicketNote } from '@/api/psaContext' + +interface Props { notes: TicketNote[] } + +export function TicketNotesFeed({ notes }: Props) { + if (notes.length === 0) { + return <p className="text-xs text-muted-foreground px-4 py-3">No notes yet.</p> + } + return ( + <div className="divide-y divide-default"> + {notes.map((note, i) => ( + <div key={i} className="px-4 py-3 space-y-1"> + <div className="flex items-center justify-between text-xs text-muted-foreground"> + <span>{note.member ?? 'Unknown'}</span> + <span>{new Date(note.date_created).toLocaleDateString()}</span> + </div> + {note.internal_analysis_flag && ( + <span className="text-[10px] uppercase tracking-wider text-warning">Internal</span> + )} + <p className="text-sm text-primary whitespace-pre-wrap">{note.text}</p> + </div> + ))} + </div> + ) +} +``` + +- [ ] **Step 3: Create TicketAddNote.tsx** + +```tsx +// frontend/src/components/tickets/detail/TicketAddNote.tsx +import { useState } from 'react' +import { sessionPsaApi } from '@/api/integrations' +import { toast } from '@/lib/toast' + +interface Props { + ticketId: string + sessionId?: string + onPosted: () => void +} + +export function TicketAddNote({ ticketId, sessionId, onPosted }: Props) { + const [text, setText] = useState('') + const [noteType, setNoteType] = useState<'internal_analysis' | 'description'>('internal_analysis') + const [posting, setPosting] = useState(false) + + // Note posting requires a session link — if no session, show info + if (!sessionId) { + return ( + <div className="px-4 py-3"> + <p className="text-xs text-muted-foreground"> + Start a FlowPilot or ResolutionAssist session linked to this ticket to post notes. + </p> + </div> + ) + } + + async function handlePost() { + if (!text.trim()) return + setPosting(true) + try { + await sessionPsaApi.postToTicket(sessionId!, { + note_type: noteType, + update_status_id: undefined, + }) + setText('') + toast.success('Note posted to ticket') + onPosted() + } catch { + toast.error('Failed to post note') + } finally { + setPosting(false) + } + } + + return ( + <div className="px-4 py-3 space-y-2"> + <select + className="bg-input border border-default rounded-[5px] px-2 py-1 text-xs text-primary focus:border-accent focus:outline-none" + value={noteType} + onChange={e => setNoteType(e.target.value as 'internal_analysis' | 'description')} + > + <option value="internal_analysis">Internal Analysis</option> + <option value="description">Description</option> + </select> + <textarea + className="w-full bg-input border border-default rounded-[5px] px-3 py-2 text-sm text-primary placeholder:text-muted-foreground focus:border-accent focus:outline-none resize-none" + rows={3} + placeholder="Add a note to this ticket…" + value={text} + onChange={e => setText(e.target.value)} + /> + <button + disabled={!text.trim() || posting} + onClick={handlePost} + className="px-3 py-1.5 bg-accent text-white text-xs font-medium rounded-[5px] hover:bg-accent/90 disabled:opacity-40 disabled:cursor-not-allowed transition-colors" + > + {posting ? 'Posting…' : 'Post Note'} + </button> + </div> + ) +} +``` + +- [ ] **Step 4: Create TicketConfigs.tsx** + +```tsx +// frontend/src/components/tickets/detail/TicketConfigs.tsx +import type { ConfigItemInfo } from '@/api/psaContext' + +interface Props { configs: ConfigItemInfo[] } + +export function TicketConfigs({ configs }: Props) { + if (configs.length === 0) return null + return ( + <div className="px-4 py-3 space-y-2"> + <h4 className="text-xs uppercase tracking-wider text-muted-foreground font-semibold"> + Configurations + </h4> + {configs.map((c, i) => ( + <div key={i} className="bg-elevated rounded border border-default p-2 text-xs space-y-0.5"> + <div className="font-medium text-primary">{c.device_identifier}</div> + <div className="text-muted-foreground"> + {[c.type, c.os_type, c.ip_address].filter(Boolean).join(' · ')} + </div> + </div> + ))} + </div> + ) +} +``` + +- [ ] **Step 5: Create TicketRelated.tsx** + +```tsx +// frontend/src/components/tickets/detail/TicketRelated.tsx +import type { RelatedTicket } from '@/api/psaContext' + +interface Props { + related: RelatedTicket[] + onSelect: (id: number) => void +} + +export function TicketRelated({ related, onSelect }: Props) { + if (related.length === 0) return null + return ( + <div className="px-4 py-3 space-y-2"> + <h4 className="text-xs uppercase tracking-wider text-muted-foreground font-semibold"> + Related Tickets + </h4> + {related.map(r => ( + <button + key={r.id} + onClick={() => onSelect(r.id)} + className="w-full text-left bg-elevated rounded border border-default p-2 hover:border-hover transition-colors text-xs space-y-0.5" + > + <div className="flex items-center justify-between"> + <span className="text-accent font-mono">#{r.id}</span> + <span className="text-muted-foreground">{r.status}</span> + </div> + <div className="text-primary truncate">{r.summary}</div> + </button> + ))} + </div> + ) +} +``` + +- [ ] **Step 6: Commit** + +```bash +git add frontend/src/components/tickets/detail/ +git commit -m "feat(tickets): add ticket detail subcomponents (header, notes, configs, related)" +``` + +--- + +### Task 16: Create TicketResourceManager.tsx + TicketDetailPanel.tsx + +**Files:** +- Create: `frontend/src/components/tickets/detail/TicketResourceManager.tsx` +- Create: `frontend/src/components/tickets/TicketDetailPanel.tsx` + +- [ ] **Step 1: Create TicketResourceManager.tsx** + +```tsx +// frontend/src/components/tickets/detail/TicketResourceManager.tsx +import { useState } from 'react' +import { UserPlus, X, User } from 'lucide-react' +import { ticketsApi } from '@/api/tickets' +import { toast } from '@/lib/toast' +import type { PSAResource } from '@/types/tickets' +import type { PsaMemberResponse } from '@/types/integrations' +import { cn } from '@/lib/utils' + +interface Props { + ticketId: number + resources: PSAResource[] + allMembers: PsaMemberResponse[] + onChanged: () => void +} + +export function TicketResourceManager({ ticketId, resources, allMembers, onChanged }: Props) { + const [adding, setAdding] = useState(false) + const [selectedMemberId, setSelectedMemberId] = useState<string>('') + const [busy, setBusy] = useState<number | null>(null) + + async function handleAdd() { + if (!selectedMemberId) return + setBusy(Number(selectedMemberId)) + try { + await ticketsApi.addResource(ticketId, Number(selectedMemberId)) + toast.success('Resource added') + setAdding(false) + setSelectedMemberId('') + onChanged() + } catch { + toast.error('Failed to add resource') + } finally { + setBusy(null) + } + } + + async function handleRemove(memberId: number) { + setBusy(memberId) + try { + await ticketsApi.removeResource(ticketId, memberId) + toast.success('Resource removed') + onChanged() + } catch { + toast.error('Failed to remove resource') + } finally { + setBusy(null) + } + } + + const assignedIds = new Set(resources.map(r => r.member_id)) + + return ( + <div className="px-4 py-3 space-y-2"> + <div className="flex items-center justify-between"> + <h4 className="text-xs uppercase tracking-wider text-muted-foreground font-semibold"> + Resources + </h4> + <button + onClick={() => setAdding(!adding)} + className="flex items-center gap-1 text-xs text-accent hover:text-accent/80 transition-colors" + > + <UserPlus className="w-3.5 h-3.5" /> Assign + </button> + </div> + + {/* Add member selector */} + {adding && ( + <div className="flex gap-2"> + <select + className="flex-1 bg-input border border-default rounded-[5px] px-2 py-1 text-xs text-primary focus:border-accent focus:outline-none" + value={selectedMemberId} + onChange={e => setSelectedMemberId(e.target.value)} + > + <option value="">Select member…</option> + {allMembers + .filter(m => !assignedIds.has(Number(m.id))) + .map(m => ( + <option key={m.id} value={m.id}> + {m.name} {/* is_rf_user badge handled below */} + </option> + ))} + </select> + <button + onClick={handleAdd} + disabled={!selectedMemberId || busy !== null} + className="px-2 py-1 bg-accent text-white text-xs rounded-[5px] disabled:opacity-40" + > + Add + </button> + </div> + )} + + {/* Current resources */} + {resources.length === 0 ? ( + <p className="text-xs text-muted-foreground">No resources assigned.</p> + ) : ( + <div className="space-y-1"> + {resources.map(r => ( + <div key={r.member_id} className="flex items-center justify-between"> + <div className="flex items-center gap-1.5 text-xs text-primary"> + <User className="w-3 h-3 text-muted-foreground" /> + {r.member_name} + {r.is_rf_user && ( + <span className="px-1 py-0.5 bg-accent/10 text-accent rounded text-[10px] font-medium"> + RF + </span> + )} + </div> + <button + onClick={() => handleRemove(r.member_id)} + disabled={busy === r.member_id} + className={cn( + 'text-muted-foreground hover:text-danger transition-colors', + busy === r.member_id && 'opacity-40' + )} + > + <X className="w-3.5 h-3.5" /> + </button> + </div> + ))} + </div> + )} + </div> + ) +} +``` + +- [ ] **Step 2: Create TicketDetailPanel.tsx** + +```tsx +// frontend/src/components/tickets/TicketDetailPanel.tsx +import { useEffect, useState } from 'react' +import { X, Loader2 } from 'lucide-react' +import { psaContextApi } from '@/api/psaContext' +import { integrationsApi } from '@/api/integrations' +import { ticketsApi } from '@/api/tickets' +import { TicketDetailHeader } from './detail/TicketDetailHeader' +import { TicketResourceManager } from './detail/TicketResourceManager' +import { TicketNotesFeed } from './detail/TicketNotesFeed' +import { TicketAddNote } from './detail/TicketAddNote' +import { TicketConfigs } from './detail/TicketConfigs' +import { TicketRelated } from './detail/TicketRelated' +import type { PSATicketSearchResult, PSATicketStatusItem, PsaMemberResponse } from '@/types/integrations' +import type { PSAResource } from '@/types/tickets' +import type { TicketContext } from '@/api/psaContext' + +interface Props { + ticket: PSATicketSearchResult + onClose: () => void + onStatusUpdated?: (ticketId: number, newStatus: string) => void +} + +export function TicketDetailPanel({ ticket, onClose, onStatusUpdated }: Props) { + const [context, setContext] = useState<TicketContext | null>(null) + const [resources, setResources] = useState<PSAResource[]>([]) + const [allMembers, setAllMembers] = useState<PsaMemberResponse[]>([]) + const [statuses, setStatuses] = useState<PSATicketStatusItem[]>([]) + const [contextLoading, setContextLoading] = useState(true) + const [resourcesLoading, setResourcesLoading] = useState(true) + + const ticketIdNum = Number(ticket.id) + + function loadResources() { + ticketsApi.listResources(ticketIdNum) + .then(setResources) + .catch(() => {}) + .finally(() => setResourcesLoading(false)) + } + + useEffect(() => { + setContextLoading(true) + setResourcesLoading(true) + setContext(null) + setResources([]) + + // Parallel: context + resources + members + statuses + Promise.all([ + psaContextApi.getTicketContext(ticketIdNum) + .then(setContext) + .finally(() => setContextLoading(false)), + ticketsApi.listResources(ticketIdNum) + .then(setResources) + .finally(() => setResourcesLoading(false)), + integrationsApi.listMembers().then(setAllMembers).catch(() => {}), + ticket.board_id + ? integrationsApi.getTicketStatuses(String(ticket.board_id)).then(setStatuses).catch(() => {}) + : Promise.resolve(), + ]) + }, [ticket.id]) + + function Skeleton() { + return ( + <div className="px-4 py-3 space-y-2 animate-pulse"> + <div className="h-3 w-3/4 bg-elevated rounded" /> + <div className="h-3 w-1/2 bg-elevated rounded" /> + </div> + ) + } + + return ( + <div className="flex flex-col h-full"> + {/* Panel header */} + <div className="flex items-center justify-between px-4 py-3 border-b border-default shrink-0"> + <span className="text-xs text-muted-foreground uppercase tracking-wider font-semibold"> + Ticket Detail + </span> + <button onClick={onClose} className="text-muted-foreground hover:text-primary transition-colors"> + <X className="w-4 h-4" /> + </button> + </div> + + {/* Scrollable content */} + <div className="flex-1 overflow-y-auto divide-y divide-default"> + {/* Header — uses list row data immediately, no wait */} + <TicketDetailHeader + ticket={ticket} + statuses={statuses} + onStatusUpdated={(id, status) => { + onStatusUpdated?.(id, status) + }} + /> + + {/* Contact info */} + {contextLoading ? ( + <Skeleton /> + ) : context?.contact ? ( + <div className="px-4 py-3 space-y-0.5"> + <h4 className="text-xs uppercase tracking-wider text-muted-foreground font-semibold mb-1"> + Contact + </h4> + <p className="text-sm text-primary">{context.contact.name}</p> + {context.contact.email && ( + <p className="text-xs text-muted-foreground">{context.contact.email}</p> + )} + {context.contact.phone && ( + <p className="text-xs text-muted-foreground">{context.contact.phone}</p> + )} + </div> + ) : null} + + {/* Resources */} + {resourcesLoading ? ( + <Skeleton /> + ) : ( + <TicketResourceManager + ticketId={ticketIdNum} + resources={resources} + allMembers={allMembers} + onChanged={loadResources} + /> + )} + + {/* Notes */} + {contextLoading ? ( + <Skeleton /> + ) : ( + <div> + <div className="px-4 pt-3 pb-1"> + <h4 className="text-xs uppercase tracking-wider text-muted-foreground font-semibold"> + Notes + </h4> + </div> + <TicketNotesFeed notes={context?.notes ?? []} /> + <TicketAddNote ticketId={ticket.id} onPosted={() => { + psaContextApi.getTicketContext(ticketIdNum).then(setContext).catch(() => {}) + }} /> + </div> + )} + + {/* Configs */} + {!contextLoading && context?.configurations && context.configurations.length > 0 && ( + <TicketConfigs configs={context.configurations} /> + )} + + {/* Related */} + {!contextLoading && context?.related_tickets && context.related_tickets.length > 0 && ( + <TicketRelated + related={context.related_tickets} + onSelect={(id) => { + // Navigate to the related ticket by updating parent selection + // Parent handles this by looking it up in the list + window.dispatchEvent(new CustomEvent('select-ticket', { detail: id })) + }} + /> + )} + </div> + </div> + ) +} +``` + +- [ ] **Step 3: Commit** + +```bash +git add frontend/src/components/tickets/detail/TicketResourceManager.tsx \ + frontend/src/components/tickets/TicketDetailPanel.tsx +git commit -m "feat(tickets): add TicketResourceManager and TicketDetailPanel with optimistic hydration" +``` + +--- + +## Phase 6 — New Ticket Modal + +### Task 17: Create AiTicketParseForm.tsx + NewTicketModal.tsx + +**Files:** +- Create: `frontend/src/components/tickets/AiTicketParseForm.tsx` +- Create: `frontend/src/components/tickets/NewTicketModal.tsx` + +- [ ] **Step 1: Create AiTicketParseForm.tsx** + +```tsx +// frontend/src/components/tickets/AiTicketParseForm.tsx +import { useState } from 'react' +import { Sparkles, Loader2 } from 'lucide-react' +import { ticketsApi } from '@/api/tickets' +import type { AiParseResponse, TicketCreationPayload } from '@/types/tickets' + +interface Props { + initialHint?: string + onParsed: (values: Partial<TicketCreationPayload>, parseResponse: AiParseResponse) => void +} + +export function AiTicketParseForm({ initialHint = '', onParsed }: Props) { + const [prompt, setPrompt] = useState(initialHint) + const [loading, setLoading] = useState(false) + const [error, setError] = useState<string | null>(null) + + async function handleParse() { + if (!prompt.trim()) return + setLoading(true) + setError(null) + try { + const result = await ticketsApi.aiParse(prompt) + const values: Partial<TicketCreationPayload> = { + summary: result.summary ?? undefined, + company_id: result.company_id, + board_id: result.board_id, + status_id: result.status_id, + priority_id: result.priority_id, + assigned_member_id: result.assigned_member_id, + description: result.description ?? undefined, + } + onParsed(values, result) + } catch { + setError('AI parsing failed. Please try again or use the full form.') + } finally { + setLoading(false) + } + } + + return ( + <div className="space-y-3"> + <p className="text-sm text-muted-foreground"> + Describe the ticket in plain language — who, what, which client, and priority. + </p> + <textarea + className="w-full bg-input border border-default rounded-[5px] px-3 py-2 text-sm text-primary placeholder:text-muted-foreground focus:border-accent focus:outline-none resize-none" + rows={4} + placeholder="e.g. Create a high priority ticket for Acme Corp — Outlook not syncing for jsmith, assign to me" + value={prompt} + onChange={e => setPrompt(e.target.value)} + /> + {error && <p className="text-xs text-danger">{error}</p>} + <button + onClick={handleParse} + disabled={!prompt.trim() || loading} + className="flex items-center gap-1.5 px-4 py-2 bg-accent text-white text-sm font-medium rounded-[5px] hover:bg-accent/90 disabled:opacity-40 disabled:cursor-not-allowed transition-colors" + > + {loading ? <Loader2 className="w-4 h-4 animate-spin" /> : <Sparkles className="w-4 h-4" />} + {loading ? 'Parsing…' : 'Parse with AI'} + </button> + </div> + ) +} +``` + +- [ ] **Step 2: Create NewTicketModal.tsx** + +```tsx +// frontend/src/components/tickets/NewTicketModal.tsx +import { useState, useEffect } from 'react' +import { X, AlertCircle } from 'lucide-react' +import { ticketsApi } from '@/api/tickets' +import { integrationsApi } from '@/api/integrations' +import { AiTicketParseForm } from './AiTicketParseForm' +import { toast } from '@/lib/toast' +import { cn } from '@/lib/utils' +import type { TicketCreationPayload, AiParseResponse, PSAPriority } from '@/types/tickets' +import type { PSABoard, PSATicketStatusItem } from '@/types/integrations' + +interface Props { + defaultTab?: 'quick' | 'manual' + initialValues?: Partial<TicketCreationPayload> + summaryHint?: string + onClose: () => void + onCreated: (ticketId: number, summary: string) => void +} + +const EMPTY_DRAFT: TicketCreationPayload = { + summary: '', + company_id: null, + board_id: null, + status_id: null, + priority_id: null, + description: '', + assigned_member_id: null, +} + +export function NewTicketModal({ defaultTab = 'quick', initialValues, summaryHint, onClose, onCreated }: Props) { + const [tab, setTab] = useState<'quick' | 'manual'>(defaultTab) + const [draft, setDraft] = useState<TicketCreationPayload>({ ...EMPTY_DRAFT, ...initialValues }) + const [missingFields, setMissingFields] = useState<string[]>([]) + const [warnings, setWarnings] = useState<string[]>([]) + const [boards, setBoards] = useState<PSABoard[]>([]) + const [statuses, setStatuses] = useState<PSATicketStatusItem[]>([]) + const [priorities, setPriorities] = useState<PSAPriority[]>([]) + const [submitting, setSubmitting] = useState(false) + const [parsed, setParsed] = useState(false) + + useEffect(() => { + integrationsApi.listBoards().then(setBoards).catch(() => {}) + ticketsApi.listPriorities().then(setPriorities).catch(() => {}) + }, []) + + useEffect(() => { + if (draft.board_id) { + integrationsApi.getTicketStatuses(String(draft.board_id)) + .then(setStatuses).catch(() => {}) + } else { + setStatuses([]) + } + }, [draft.board_id]) + + function handleParsed(values: Partial<TicketCreationPayload>, result: AiParseResponse) { + setDraft(prev => ({ ...prev, ...values })) + setMissingFields(result.missing_fields) + setWarnings(result.warnings) + setParsed(true) + } + + function updateDraft(field: keyof TicketCreationPayload, value: unknown) { + setDraft(prev => ({ ...prev, [field]: value })) + setMissingFields(prev => prev.filter(f => f !== field)) + } + + async function handleSubmit() { + if (!draft.summary.trim() || !draft.company_id || !draft.board_id || !draft.status_id || !draft.priority_id) { + toast.warning('Please fill in all required fields') + return + } + setSubmitting(true) + try { + const result = await ticketsApi.createTicket(draft) + toast.success(`Ticket #${result.id} created in ConnectWise`) + onCreated(result.id, result.summary) + } catch { + toast.error('Failed to create ticket') + } finally { + setSubmitting(false) + } + } + + const requiredMissing = (f: string) => missingFields.includes(f) + + return ( + <div className="fixed inset-0 z-50 flex items-end sm:items-center justify-center"> + <div className="fixed inset-0 bg-black/50" onClick={onClose} /> + <div className="relative z-10 bg-card border border-default rounded-lg w-full max-w-lg max-h-[90vh] flex flex-col shadow-xl"> + {/* Header */} + <div className="flex items-center justify-between px-5 py-4 border-b border-default shrink-0"> + <h2 className="font-heading font-semibold text-heading">New Ticket</h2> + <button onClick={onClose} className="text-muted-foreground hover:text-primary transition-colors"> + <X className="w-4 h-4" /> + </button> + </div> + + {/* Tabs */} + <div className="flex border-b border-default shrink-0"> + {(['quick', 'manual'] as const).map(t => ( + <button + key={t} + onClick={() => setTab(t)} + className={cn( + 'flex-1 py-2.5 text-sm font-medium transition-colors', + tab === t + ? 'text-accent border-b-2 border-accent' + : 'text-muted-foreground hover:text-primary' + )} + > + {t === 'quick' ? 'Quick Create (AI)' : 'Full Form'} + </button> + ))} + </div> + + {/* Content */} + <div className="flex-1 overflow-y-auto p-5 space-y-4"> + {/* Warnings */} + {warnings.length > 0 && ( + <div className="flex gap-2 bg-warning/10 border border-warning/30 rounded p-3"> + <AlertCircle className="w-4 h-4 text-warning shrink-0 mt-0.5" /> + <ul className="text-xs text-warning space-y-0.5"> + {warnings.map((w, i) => <li key={i}>{w}</li>)} + </ul> + </div> + )} + + {/* Quick Create tab */} + {tab === 'quick' && !parsed && ( + <AiTicketParseForm initialHint={summaryHint} onParsed={handleParsed} /> + )} + + {/* Form — shown after parse OR in manual tab */} + {(tab === 'manual' || parsed) && ( + <div className="space-y-3"> + {/* Summary */} + <div> + <label className="text-xs text-muted-foreground uppercase tracking-wider font-semibold block mb-1"> + Summary * + </label> + <input + className={cn( + 'w-full bg-input border rounded-[5px] px-3 py-2 text-sm text-primary placeholder:text-muted-foreground focus:outline-none focus:border-accent', + requiredMissing('summary') ? 'border-warning' : 'border-default' + )} + placeholder="Short ticket title" + value={draft.summary} + onChange={e => updateDraft('summary', e.target.value)} + /> + </div> + + {/* Board */} + <div> + <label className="text-xs text-muted-foreground uppercase tracking-wider font-semibold block mb-1"> + Board * + </label> + <select + className={cn( + 'w-full bg-input border rounded-[5px] px-3 py-2 text-sm text-primary focus:outline-none focus:border-accent', + requiredMissing('board_id') ? 'border-warning' : 'border-default' + )} + value={draft.board_id ?? ''} + onChange={e => updateDraft('board_id', e.target.value ? Number(e.target.value) : null)} + > + <option value="">Select board…</option> + {boards.map(b => <option key={b.id} value={b.id}>{b.name}</option>)} + </select> + </div> + + {/* Status */} + <div> + <label className="text-xs text-muted-foreground uppercase tracking-wider font-semibold block mb-1"> + Status * + </label> + <select + disabled={statuses.length === 0} + className={cn( + 'w-full bg-input border rounded-[5px] px-3 py-2 text-sm text-primary focus:outline-none focus:border-accent disabled:opacity-50', + requiredMissing('status_id') ? 'border-warning' : 'border-default' + )} + value={draft.status_id ?? ''} + onChange={e => updateDraft('status_id', e.target.value ? Number(e.target.value) : null)} + > + <option value="">{draft.board_id ? 'Select status…' : 'Select board first'}</option> + {statuses.map(s => <option key={s.id} value={s.id}>{s.name}</option>)} + </select> + </div> + + {/* Priority */} + <div> + <label className="text-xs text-muted-foreground uppercase tracking-wider font-semibold block mb-1"> + Priority * + </label> + <select + className={cn( + 'w-full bg-input border rounded-[5px] px-3 py-2 text-sm text-primary focus:outline-none focus:border-accent', + requiredMissing('priority_id') ? 'border-warning' : 'border-default' + )} + value={draft.priority_id ?? ''} + onChange={e => updateDraft('priority_id', e.target.value ? Number(e.target.value) : null)} + > + <option value="">Select priority…</option> + {priorities.map(p => <option key={p.id} value={p.id}>{p.name}</option>)} + </select> + </div> + + {/* Company ID (numeric — engineer enters manually for now) */} + <div> + <label className="text-xs text-muted-foreground uppercase tracking-wider font-semibold block mb-1"> + Company ID * + </label> + <input + type="number" + className={cn( + 'w-full bg-input border rounded-[5px] px-3 py-2 text-sm text-primary placeholder:text-muted-foreground focus:outline-none focus:border-accent', + requiredMissing('company_id') ? 'border-warning' : 'border-default' + )} + placeholder="ConnectWise company ID" + value={draft.company_id ?? ''} + onChange={e => updateDraft('company_id', e.target.value ? Number(e.target.value) : null)} + /> + </div> + + {/* Description */} + <div> + <label className="text-xs text-muted-foreground uppercase tracking-wider font-semibold block mb-1"> + Description + </label> + <textarea + className="w-full bg-input border border-default rounded-[5px] px-3 py-2 text-sm text-primary placeholder:text-muted-foreground focus:outline-none focus:border-accent resize-none" + rows={3} + placeholder="Detailed description…" + value={draft.description} + onChange={e => updateDraft('description', e.target.value)} + /> + </div> + </div> + )} + </div> + + {/* Footer */} + {(tab === 'manual' || parsed) && ( + <div className="flex items-center justify-end gap-2 px-5 py-4 border-t border-default shrink-0"> + <button + onClick={onClose} + className="px-4 py-2 text-sm text-muted-foreground hover:text-primary transition-colors" + > + Cancel + </button> + <button + onClick={handleSubmit} + disabled={submitting} + className="px-4 py-2 bg-accent text-white text-sm font-medium rounded-[5px] hover:bg-accent/90 disabled:opacity-40 transition-colors" + > + {submitting ? 'Creating…' : 'Create Ticket'} + </button> + </div> + )} + </div> + </div> + ) +} +``` + +- [ ] **Step 3: Commit** + +```bash +git add frontend/src/components/tickets/AiTicketParseForm.tsx \ + frontend/src/components/tickets/NewTicketModal.tsx +git commit -m "feat(tickets): add AiTicketParseForm and NewTicketModal with two-tab creation flow" +``` + +--- + +## Phase 7 — ResolutionAssist Integration + +### Task 18: Update AssistantChatPage.tsx + +**Files:** +- Modify: `frontend/src/pages/AssistantChatPage.tsx` + +- [ ] **Step 1: Add linkedTicket state** + +Find `const [activePsaTicketId, setActivePsaTicketId] = useState<string | null>(null)` (line 76) and add below it: + +```typescript +const [linkedTicket, setLinkedTicket] = useState<PSATicketInfo | null>(null) +``` + +Add `PSATicketInfo` to the existing integrations type imports. + +- [ ] **Step 2: Populate linkedTicket when activePsaTicketId is set** + +Find where `setActivePsaTicketId(detail.psa_ticket_id)` is called (line 241) and add: + +```typescript +setActivePsaTicketId(detail.psa_ticket_id) +// Fetch full ticket info (includes company_id and board_id) when a ticket is linked +if (detail.psa_ticket_id) { + integrationsApi.getTicket(detail.psa_ticket_id) + .then(setLinkedTicket) + .catch(() => {}) +} else { + setLinkedTicket(null) +} +``` + +- [ ] **Step 3: Add showNewTicket state and New Ticket button** + +Add state: +```typescript +const [showNewTicket, setShowNewTicket] = useState(false) +const [spinOffHint, setSpinOffHint] = useState<string | undefined>(undefined) +``` + +Find the ResolutionAssist session header area (near the `activePsaTicketId` usage and `updateLabel` at line 687) and add a "New Ticket" button: + +```tsx +{/* New Ticket button — visible when PSA connected */} +{activePsaTicketId && ( + <button + onClick={() => { setSpinOffHint(undefined); setShowNewTicket(true) }} + className="flex items-center gap-1 px-2 py-1 text-xs text-muted-foreground border border-default rounded-[5px] hover:border-hover hover:text-primary transition-colors" + > + <Plus className="w-3 h-3" /> New Ticket + </button> +)} +``` + +Add `Plus` to the Lucide imports. + +- [ ] **Step 4: Handle create_spin_off_ticket action in TaskLane action renderer** + +Find where actions are rendered in `AssistantChatPage.tsx` — the TaskLane section. Actions currently render generically. Add a handler for `create_spin_off_ticket`: + +In the action button click handler (where `action.command` is used), add: + +```typescript +if (action.command === 'create_spin_off_ticket') { + setSpinOffHint(action.description || action.label) + setShowNewTicket(true) + return +} +``` + +- [ ] **Step 5: Render NewTicketModal at bottom of AssistantChatPage** + +At the bottom of the JSX return, before the closing `</div>`, add: + +```tsx +{showNewTicket && ( + <NewTicketModal + defaultTab={spinOffHint ? 'quick' : 'manual'} + summaryHint={spinOffHint} + initialValues={linkedTicket ? { + company_id: linkedTicket.company_id ?? undefined, + board_id: linkedTicket.board_id ?? undefined, + } : undefined} + onClose={() => setShowNewTicket(false)} + onCreated={(ticketId, summary) => { + setShowNewTicket(false) + toast.success(`Ticket #${ticketId} created: ${summary}`) + // Remove create_spin_off_ticket action from active actions + setActiveActions(prev => prev.filter(a => a.command !== 'create_spin_off_ticket')) + }} + /> +)} +``` + +Import `NewTicketModal` from `@/components/tickets/NewTicketModal`. + +- [ ] **Step 6: Verify tsc compiles cleanly** + +```bash +cd frontend && npx tsc -b 2>&1 | head -30 +``` + +Expected: no errors. + +- [ ] **Step 7: Commit** + +```bash +git add frontend/src/pages/AssistantChatPage.tsx +git commit -m "feat(tickets): add spin-off ticket creation in ResolutionAssist — state, action handler, modal" +``` + +--- + +## Phase 8 — Dashboard TicketQueue Update + +### Task 19: Update TicketQueue.tsx + +**Files:** +- Modify: `frontend/src/components/dashboard/TicketQueue.tsx` + +- [ ] **Step 1: Add member-mapping detection** + +At the top of the `TicketQueue` component body, add: + +```typescript +const [hasMemberMapping, setHasMemberMapping] = useState<boolean | null>(null) // null = loading + +useEffect(() => { + integrationsApi.getMemberMappings() + .then(mappings => { + // Check if current user has a mapping + setHasMemberMapping(mappings.length > 0) + }) + .catch(() => setHasMemberMapping(false)) +}, []) +``` + +Import `getMemberMappings` from `integrationsApi` (already available). + +- [ ] **Step 2: Replace existing "mine" tab fetch with 5-item capped queue** + +The current `TicketQueue` fetches via `searchTicketsQueue`. Update it to: +1. Only fetch when `hasMemberMapping === true` +2. Use `page_size: 5` +3. Read `.items` from the response (after the return type update from Task 10) +4. Show the "no mapping" prompt when `hasMemberMapping === false` + +Find the fetch effect for the "mine" tab and update: + +```typescript +useEffect(() => { + if (!connection || hasMemberMapping === null) return + if (hasMemberMapping === false) return // show prompt instead + + // ... existing fetch logic, but ensure page_size: 5 and read .items + integrationsApi.searchTicketsQueue({ + assigned_to_me: true, + include_closed: false, + page_size: 5, + board_ids: selectedBoardIds.join(','), + }).then(result => { + setTickets(result.items) // was: setTickets(result) + }).catch(() => setTickets([])) +}, [connection, hasMemberMapping, selectedBoardIds]) +``` + +- [ ] **Step 3: Add mapping prompt state render** + +Find where the component returns JSX for the "mine" tab and add a state for `hasMemberMapping === false`: + +```tsx +{activeTab === 'mine' && hasMemberMapping === false && ( + <div className="px-5 py-6 text-center"> + <p className="text-sm text-muted-foreground"> + <Link to="/account/integrations" className="text-accent hover:underline"> + Map your PSA member + </Link>{' '} + to see your ticket queue. + </p> + </div> +)} +``` + +- [ ] **Step 4: Add "View All Tickets" link** + +At the bottom of the ticket list (before pagination or after the last ticket row), add: + +```tsx +{tickets.length > 0 && ( + <div className="px-5 py-3 border-t border-default"> + <Link + to="/tickets?assigned=me" + className="text-xs text-accent hover:text-accent/80 transition-colors" + > + View all tickets → + </Link> + </div> +)} +``` + +Import `Link` from `react-router-dom` if not already imported. + +- [ ] **Step 5: Verify tsc** + +```bash +cd frontend && npx tsc -b 2>&1 | head -30 +``` + +Expected: no errors. + +- [ ] **Step 6: Commit** + +```bash +git add frontend/src/components/dashboard/TicketQueue.tsx +git commit -m "feat(tickets): update TicketQueue with mapping detection, 5-item cap, View All link" +``` + +--- + +## Phase 9 — Final validation + +### Task 20: Build check + smoke test + +- [ ] **Step 1: Run backend tests** + +```bash +cd backend && pytest tests/test_psa_tickets.py tests/test_psa_connections.py -v --override-ini="addopts=" +``` + +Expected: all pass. + +- [ ] **Step 2: Run frontend build** + +```bash +cd frontend && npx tsc -b && echo "TypeScript OK" +``` + +Expected: `TypeScript OK` with no errors. + +- [ ] **Step 3: Manual smoke test checklist** + +With backend + frontend running (`uvicorn app.main:app --reload` + `npm run dev`): + +1. Navigate to `/tickets` — page loads, filter bar visible, ticket list empty (no PSA connection is fine) +2. Click "New Ticket" — modal opens with two tabs +3. In Quick Create tab, type a description and click "Parse with AI" — form fills in +4. Switch to Full Form tab — fields all present +5. Go to dashboard — TicketQueue renders without errors +6. Open ResolutionAssist — "New Ticket" button visible in header when ticket linked + +- [ ] **Step 4: Final commit** + +```bash +git add -A +git commit -m "feat(psa): PSA ticket management complete — Tickets page, detail panel, creation modal, RA integration" +```