2026.3.12

Gemfile

@@ -4,11 +4,5 @@ gem 'quickbooks-ruby'
 gem 'oauth2'
 gem 'roxml'
 gem 'will_paginate'
-gem 'rails-jquery-autocomplete'
-gem 'jquery-ui-rails'
 gem 'rexml'
 gem 'combine_pdf'
-
-group :assets do
-  gem 'coffee-rails'
-end

app/controllers/customers_controller.rb

@@ -30,40 +30,49 @@ class CustomersController < ApplicationController
   before_action :view_customer, except: [:new, :view]
   skip_before_action :verify_authenticity_token, :check_if_login_required, only: [:view]
 
-  autocomplete :customer, :name, full: true, extra_data: [:id]
+  def address_to_s(address)
+    return if address.nil?
+
+    lines = [
+      address.line1,
+      address.line2,
+      address.line3,
+      address.line4,
+      address.line5
+    ].compact_blank
+
+    city_line = [
+      address.city,
+      address.country_sub_division_code,
+      address.postal_code
+    ].compact_blank.join(" ")
+
+    lines << city_line unless city_line.blank?
+
+    lines.join("\n")
+  end
+
+  def add_customer
+    global_check_permission(:add_customers)
+  end
 
   def allowed_params
     params.require(:customer).permit(:name, :email, :primary_phone, :mobile_phone, :phone_number, :notes)
   end
 
-  # getter method for a customer's invoices
-  # used for customer autocomplete field / issue form
-  def filter_invoices_by_customer
-    @filtered_invoices = Invoice.all.where(customer_id: params[:selected_customer])
+  # Used for autocomplete form
+  def autocomplete
+    term = ActiveRecord::Base.sanitize_sql_like(params[:q].to_s)
+
+    items = Customer.where("name LIKE :t OR phone_number LIKE :t OR mobile_phone_number LIKE :t", t: "%#{term}%")
+      .order(:name)
+      .limit(20)
+
+    render json: items.map { |i|
+      { id: i.id, name: i.name, phone_number: i.phone_number, mobile_phone_number: i.mobile_phone_number }
+    }
   end
 
-  # getter method for a customer's estimates
-  # used for customer autocomplete field / issue form
-  def filter_estimates_by_customer
-    @filtered_estimates = Estimate.all.where(customer_id: params[:selected_customer])
-  end
-
-  # display a list of all customers
-  def index
-    if params[:search]
-      @customers = Customer.search(params[:search]).order(:name).paginate(page: params[:page])
-      if only_one_non_zero?(@customers)
-        redirect_to @customers.first
-      end
-    end
-  end
-
-  # initialize a new customer
-  def new
-    @customer = Customer.new
-  end
-
-  # create a new customer
   def create
     @customer = Customer.new(allowed_params)
     @customer.save
@@ -76,7 +85,79 @@ class CustomersController < ApplicationController
     redirect_to new_customer_path
   end
 
-  # display a specific customer
+  def edit
+    @customer = Customer.find_by_id(params[:id])
+    return render_404 unless @customer
+  rescue => e
+    log "Failed to edit customer"
+    flash[:error] = e.message
+    render_404
+  end
+
+  def filter_estimates_by_customer
+    @filtered_estimates = Estimate.all.where(customer_id: params[:selected_customer])
+  end
+
+  def filter_invoices_by_customer
+    @filtered_invoices = Invoice.all.where(customer_id: params[:selected_customer])
+  end
+
+  def index
+    if params[:search]
+      @customers = Customer.search(params[:search]).order(:name).paginate(page: params[:page])
+      if only_one_non_zero?(@customers)
+        redirect_to @customers.first
+      end
+    end
+  end
+
+  def load_issue_data
+    @journals = @issue.journals.preload(:details).preload(user: :email_address).reorder(:created_on, :id).to_a
+
+    @journals.each_with_index { |j, i| j.indice = i + 1 }
+    @journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
+    Journal.preload_journals_details_custom_fields(@journals)
+    @journals.select! { |journal| journal.notes? || journal.visible_details.any? }
+    @journals.reverse! if User.current.wants_comments_in_reverse_order?
+
+    @changesets = @issue.changesets.visible.preload(:repository, :user).to_a
+    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+
+    @relations = @issue.relations.select { |r| r.other_issue(@issue)&.visible? }
+    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    @priorities = IssuePriority.active
+    @time_entry = TimeEntry.new(issue: @issue, project: @issue.project)
+    @relation   = IssueRelation.new
+  end
+
+  def log(msg)
+    Rails.logger.info "[CustomersController] #{msg}"
+  end
+
+  def new
+    @customer = Customer.new
+  end
+
+  def only_one_non_zero?(array)
+    found_non_zero = false
+    array.each do |val|
+      if val != 0
+        return false if found_non_zero
+        found_non_zero = true
+      end
+    end
+    found_non_zero
+  end
+
+  def share
+    issue = Issue.find(params[:id])
+    token = issue.share_token
+    redirect_to view_path(token.token)
+  rescue ActiveRecord::RecordNotFound
+    flash[:error] = t(:notice_issue_not_found)
+    render_404
+  end
+
   def show
     @customer = Customer.find_by_id(params[:id])
     return render_404 unless @customer
@@ -109,17 +190,11 @@ class CustomersController < ApplicationController
     render_404
   end
 
-  # return an HTML form for editing a customer
-  def edit
-    @customer = Customer.find_by_id(params[:id])
-    return render_404 unless @customer
-  rescue => e
-    log "Failed to edit customer"
-    flash[:error] = e.message
-    render_404
+  def sync
+    Customer.sync
+    redirect_to :home, flash: { notice: I18n.t(:label_syncing) }
   end
 
-  # update a specific customer
   def update
     @customer = Customer.find_by_id(params[:id])
     @customer.update(allowed_params)
@@ -131,108 +206,21 @@ class CustomersController < ApplicationController
     redirect_to edit_customer_path
   end
 
-  # creates new customer view tokens, removes expired tokens & redirects to newly created customer view with new token.
-  def share
-    issue = Issue.find(params[:id])
-    token = issue.share_token
-    redirect_to view_path(token.token)
-  rescue ActiveRecord::RecordNotFound
-    flash[:error] = t(:notice_issue_not_found)
-    render_404
-  end
-  
-  # displays an issue for a customer with a provided security CustomerToken
   def view
     User.current = User.anonymous
-
-    # Load only active, non-expired token
     @token = CustomerToken.active.find_by(token: params[:token])
     return render_403 unless @token
-
-    # Load associated issue
     @issue = @token.issue
     return render_403 unless @issue
-
-    # Optional: enforce token belongs to the issue's customer
     return render_403 unless @issue.customer_id == @token.issue.customer_id
-
-    # Store token in session for subsequent requests if needed
     session[:token] = @token.token
-
     load_issue_data
   rescue ActiveRecord::RecordNotFound
     render_403
   end
 
-  private
-
-  def load_issue_data
-    @journals = @issue.journals.preload(:details).preload(user: :email_address).reorder(:created_on, :id).to_a
-
-    @journals.each_with_index { |j, i| j.indice = i + 1 }
-    @journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
-    Journal.preload_journals_details_custom_fields(@journals)
-    @journals.select! { |journal| journal.notes? || journal.visible_details.any? }
-    @journals.reverse! if User.current.wants_comments_in_reverse_order?
-
-    @changesets = @issue.changesets.visible.preload(:repository, :user).to_a
-    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
-
-    @relations = @issue.relations.select { |r| r.other_issue(@issue)&.visible? }
-    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
-    @priorities = IssuePriority.active
-    @time_entry = TimeEntry.new(issue: @issue, project: @issue.project)
-    @relation   = IssueRelation.new
-  end
-
-  # redmine permission - add customers
-  def add_customer
-    global_check_permission(:add_customers)
-  end
-
-  # redmine permission - view customers
   def view_customer
     global_check_permission(:view_customers)
   end
 
-  # checks to see if there is only one item  in an array
-  # @return true if array only has one item
-  def only_one_non_zero?( array )
-    found_non_zero = false
-    array.each do |val|
-      if val!=0
-        return false if found_non_zero
-        found_non_zero = true
-      end
-    end
-    found_non_zero
-  end
-
-  # format a quickbooks address to a human readable string
-  def address_to_s(address)
-    return if address.nil?
-
-    lines = [
-      address.line1,
-      address.line2,
-      address.line3,
-      address.line4,
-      address.line5
-    ].compact_blank
-
-    city_line = [
-      address.city,
-      address.country_sub_division_code,
-      address.postal_code
-    ].compact_blank.join(" ")
-
-    lines << city_line unless city_line.blank?
-
-    lines.join("\n")
-  end
-
-  def log(msg)
-    Rails.logger.info "[CustomersController] #{msg}"
-  end
-
-end
+end

app/controllers/employees_controller.rb

@@ -0,0 +1,26 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+class EmployeesController < ApplicationController
+  include AuthHelper
+
+  before_action :require_user, unless: -> { session[:token].nil? }
+
+  def sync
+    Employee.sync
+    redirect_to :home, flash: { notice: I18n.t(:label_syncing) }
+  end
+
+  private
+
+  # Logs messages with a consistent prefix for easier debugging.
+  def log(msg)
+    Rails.logger.info "[EmployeeController] #{msg}"
+  end
+end

app/controllers/estimates_controller.rb

@@ -7,7 +7,7 @@
 #The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 #
 #THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-class EstimateController < ApplicationController
+class EstimatesController < ApplicationController
   include AuthHelper
 
   before_action :require_user, unless: -> { session[:token].nil? }
@@ -24,6 +24,11 @@ class EstimateController < ApplicationController
     render_pdf(@estimate)
   end
 
+  def sync
+    Estimate.sync
+    redirect_to :home, flash: { notice: I18n.t(:label_syncing) }
+  end
+
   private
 
   # Loads the estimate based on ID or doc number, with a fallback to sync if not found locally.

app/controllers/invoices_controller.rb

@@ -7,7 +7,7 @@
 #The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 #
 #THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-class InvoiceController < ApplicationController
+class InvoicesController < ApplicationController
   include AuthHelper
 
   before_action :require_user, unless: -> { session[:token].nil? }
@@ -27,6 +27,11 @@ class InvoiceController < ApplicationController
     redirect_back fallback_location: root_path, flash: { error: I18n.t(:notice_invoice_not_found) }
   end
 
+  def sync
+    Invoice.sync
+    redirect_to :home, flash: { notice: I18n.t(:label_syncing) }
+  end
+
   private
 
   # Logs messages with a consistent prefix for easier debugging.

app/controllers/qbo_controller.rb

@@ -46,9 +46,13 @@ class QboController < ApplicationController
     redirect_to issue || root_path, flash: { error: e.message }
   end
 
-  # Manual sync endpoint to trigger a full synchronization of QuickBooks entities with the local database. Enqueues all relevant sync jobs and redirects to the home page with a notice that syncing has started.
+  # Manual sync endpoint to trigger synchronization of QuickBooks entities
+  # with the local database. Supports full or partial sync depending on
+  # the `full_sync` boolean parameter.
   def sync
-    QboSyncDispatcher.full_sync!
+    full_sync = ActiveModel::Type::Boolean.new.cast(params[:full_sync])
+    QboSyncDispatcher.sync!(full_sync: full_sync)
+
     redirect_to :home, flash: { notice: I18n.t(:label_syncing) }
   end
 

app/jobs/qbo_sync_dispatcher.rb

@@ -17,23 +17,31 @@ class QboSyncDispatcher
     Employee
   ].freeze
 
-  # Dispatches all synchronization jobs to perform a full sync of QuickBooks entities with the local database. Each job is enqueued with the `full_sync` flag set to true.
-  def self.full_sync!
+  # Dispatches all synchronization jobs to perform a full sync of QuickBooks entities with the local database. 
+  # Each job is enqueued with the `full_sync` flag set to true.
+  def self.sync!(full_sync: false)
+    log "Manual Sync initated for #{full_sync ? "full sync" : "incremental sync"}"
+    enque_jobs full_sync: full_sync
+  end
 
+  private
+
+  # Dynamically enques all sync jobs
+  def self.enque_jobs(full_sync: full_sync)
     jobs = SYNC_JOBS.dup
 
     # Allow other plugins to add addtional sync jobs via Hooks
     Redmine::Hook.call_hook( :qbo_full_sync ).each do |context|
         next unless context
-        jobs.push context
-        log "Added additionals QBO Sync Job for #{context.to_s}"
+        Array(context).each do |entity|
+          jobs.push(entity)
+          log "Added additional QBO Sync Job for #{entity.to_s}"
+        end
     end
 
-    jobs.each { |job| QboSyncJob.perform_later(entity: job, full_sync: true) }
+    jobs.each { |job| QboSyncJob.perform_later(entity: job, full_sync: full_sync) }
   end
 
-  private
-
   def self.log(msg)
     Rails.logger.info "[QboSyncDispatcher] #{msg}"
   end

app/jobs/webhook_process_job.rb

@@ -47,8 +47,10 @@ class WebhookProcessJob < ActiveJob::Base
     # Allow other plugins to add addtional qbo entities via Hooks
     Redmine::Hook.call_hook( :qbo_additional_entities ).each do |context|
         next unless context
-        entities.push context
-        log "Added additional QBO entities: #{context}"
+        Array(context).each do |entity|
+          jobs.push(entity)
+          log "Added additional QBO entity #{entity}"
+        end
     end
     return unless entities.include?(name)
 

app/models/customer.rb

@@ -33,14 +33,12 @@ class Customer < QboBaseModel
 
   # Returns the customer's email address
   def email
-    details
-    return @details&.email_address&.address
+    return details&.email_address&.address
   end
   
   # Updates the customer's email address
   def email=(s)
-    details
-    @details.email_address = s
+    details.email_address = s
   end
   
   # Customers are not bound by a project
@@ -51,22 +49,19 @@ class Customer < QboBaseModel
 
   # returns the customer's mobile phone
   def mobile_phone
-    details
-    return @details&.mobile_phone&.free_form_number
+    return details&.mobile_phone&.free_form_number
   end
   
   # Updates the custome's mobile phone number
   def mobile_phone=(n)
-    details
     pn = Quickbooks::Model::TelephoneNumber.new
     pn.free_form_number = n
-    @details.mobile_phone = pn
+    details.mobile_phone = pn
   end
 
   # Updates Both local DB name & QBO display_name
   def name=(s)
-    details
-    @details.display_name = s
+    details.display_name = s
     super
   end
 
@@ -78,22 +73,19 @@ class Customer < QboBaseModel
 
   # Sets the notes for the customer
   def notes=(s)
-    details
-    @details.notes = s
+    details.notes = s
   end
 
   # returns the customer's primary phone
   def primary_phone
-    details
-    return @details&.primary_phone&.free_form_number
+    return details&.primary_phone&.free_form_number
   end
   
   # Updates the customer's primary phone number
   def primary_phone=(n)
-    details
     pn = Quickbooks::Model::TelephoneNumber.new
     pn.free_form_number = n
-    @details.primary_phone = pn
+    details.primary_phone = pn
   end
 
   # Seach for customers by name or phone number

app/models/qbo.rb

@@ -14,6 +14,26 @@ class Qbo < ActiveRecord::Base
   include Redmine::I18n
 
   validate :single_record_only, on: :create
+
+  # Returns the last sync time formatted for display. If no sync has occurred, returns a default message.
+  def self.last_sync
+    qbo = QboConnectionService.current!
+    format_time(qbo.last_sync)
+  rescue
+    return I18n.t(:label_qbo_never_synced)
+  end
+
+  def self.oauth2_access_token_expires_at
+    QboConnectionService.current!.oauth2_access_token_expires_at
+  rescue
+    return I18n.t(:label_qbo_never_synced)
+  end
+
+  def self.oauth2_refresh_token_expires_at
+    QboConnectionService.current!.oauth2_refresh_token_expires_at
+  rescue
+    return I18n.t(:label_qbo_never_synced)
+  end
   
   # Updates last sync time stamp
   def self.update_time_stamp
@@ -24,13 +44,6 @@ class Qbo < ActiveRecord::Base
     qbo.save
   end
   
-  # Returns the last sync time formatted for display. If no sync has occurred, returns a default message.
-  def self.last_sync
-    qbo = QboConnectionService.current!
-    return I18n.t(:label_qbo_never_synced) unless qbo&.last_sync
-    format_time(qbo.last_sync)
-  end
-
   private
 
   # Logs a message with a QBO-specific prefix for easier identification in the logs.

app/services/qbo_oauth_service.rb

@@ -10,7 +10,8 @@
 
 class QboOauthService
 
-  # Generates the QuickBooks OAuth authorization URL with the specified callback URL. The URL includes necessary parameters such as response type, state, and scope.
+  # Generates the QuickBooks OAuth authorization URL with the specified callback URL.
+  # The URL includes necessary parameters such as response type, state, and scope.
   def self.authorization_url(callback_url:)
     client.auth_code.authorize_url(
       redirect_uri: callback_url,
@@ -20,7 +21,8 @@ class QboOauthService
     )
   end
 
-  # Exchanges the authorization code for access and refresh tokens. Creates or replaces the QBO connection record with the new credentials and refreshes the token immediately after creation.
+  # Exchanges the authorization code for access and refresh tokens. 
+  # Creates or replaces the QBO connection record with the new credentials and refreshes the token immediately after creation.
   def self.exchange!(code:, callback_url:, realm_id:)
     resp = client.auth_code.get_token(code, redirect_uri: callback_url)
     QboConnectionService.replace!( token: resp.token, refresh_token: resp.refresh_token, realm_id: realm_id )

app/views/customers/_search.html.erb

@@ -3,3 +3,4 @@
     <%= submit_tag t(:label_search) %>
 <% end %>
 <%= button_to t(:label_new_customer), new_customer_path, method: :get%>
+<%= button_to(t(:label_sync), qbo_sync_path, method: :get) if User.current.admin?%>

app/views/qbo/_settings.html.erb

@@ -1,111 +1,79 @@
-<!--
-The MIT License (MIT)
-
-Copyright (c) 2016 - 2026 rick barrette
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--->
-
-<!-- somewhere in your document include the Javascript -->
 <script type="text/javascript" src="https://appcenter.intuit.com/Content/IA/intuit.ipp.anywhere.js"></script>
-
-<!-- configure the Intuit object: 'grantUrl' is a URL in your application which kicks off the flow, see below -->
 <script>
   intuit.ipp.anywhere.setup({menuProxy: '/path/to/blue-dot', grantUrl: '<%= qbo_authenticate_path %>'});
 </script>
 
-<table >
-  <tbody>
+<div class="box tabular">
+  <p>
+    <label><%= t(:label_client_id) %></label>
+    <%= text_field_tag 'settings[settingsOAuthConsumerKey]', settings['settingsOAuthConsumerKey'], size: 50 %>
+  </p>
+
+  <p>
+    <label><%= t(:label_client_secret) %></label>
+    <%= password_field_tag 'settings[settingsOAuthConsumerSecret]', settings['settingsOAuthConsumerSecret'], size: 50 %>
+  </p>
   
-    <tr>
-      <th><%=t(:label_client_id)%></th>
-      <td>
-        <input 
-          type="text" 
-          style="width:350px" 
-          id="settingsOAuthConsumerKey" 
-          value="<%= settings['settingsOAuthConsumerKey'] %>" 
-          name="settings[settingsOAuthConsumerKey]" >
-      </td>
-    </tr>
+  <p>
+    <label><%= t(:label_webhook_token) %></label>
+    <%= text_field_tag 'settings[settingsWebhookToken]', settings['settingsWebhookToken'], size: 50 %>
+  </p>
 
-    <tr>
-      <th><%=t(:label_client_secret)%></th>
-      <td>
-        <input 
-          type="text" 
-          style="width:350px" 
-          id="settingsOAuthConsumerSecret"
-          value="<%= settings['settingsOAuthConsumerSecret'] %>"
-          name="settings[settingsOAuthConsumerSecret]" >
-      </td>
-    </tr>
-    
-    <tr>
-      <th><%=t(:label_webhook_token)%></th>
-      <td>
-        <input 
-          type="text" 
-          style="width:350px" 
-          id="settingsWebhookToken"
-          value="<%= settings['settingsWebhookToken'] %>"
-          name="settings[settingsWebhookToken]" >
-      </td>
-    </tr>
+  <p>
+    <label><%= t(:label_sandbox) %></label>
+    <%= check_box_tag 'settings[sandbox]', 1, settings[:sandbox] %>
+  </p>
 
-    <tr>
-      <th><%=t(:label_sandbox)%></th>
-      <td>
-        <%= check_box_tag 'settings[sandbox]', @settings[:sandbox], @settings[:sandbox] %>
-      </td>
-    </tr>
+  <hr />
 
-     <tr>
-        <th><%=t(:label_oauth_expires)%></th>
-        <td><%= QboConnectionService.current!&.oauth2_access_token_expires_at %>
-      </tr>
-      
-      <tr>
-        <th><%=t(:label_oauth2_refresh_token_expires_at)%></th>
-        <td><%= QboConnectionService.current!&.oauth2_refresh_token_expires_at %>
-     </tr>
+  <p>
+    <label><%= t(:label_oauth_expires) %></label>
+    <span class="icon <%= Qbo.oauth2_access_token_expires_at&.future? ? 'icon-ok' : 'icon-warning' %>">
+      <%= Qbo.oauth2_access_token_expires_at || 'N/A' %>
+    </span>
+  </p>
 
-  </tbody>
-</table>
+  <p>
+    <label><%= t(:label_customer_count) %></label>
+    <%= Customer.count %> 
+    <em style="color: #777; font-size: 0.9em; margin-left: 8px;">(@ <%= Customer.last_sync %>)</em>
+  </p>
 
-<br/>
-<%=t(:label_oauth_note)%>
-<br/>
-<br/>
+  <p>
+    <label><%= t(:label_employee_count) %></label>
+    <%= Employee.count %> 
+    <em style="color: #777; font-size: 0.9em; margin-left: 8px;">(@ <%= Employee.last_sync %>)</em>
+  </p>
 
-<!-- this will display a button that the user clicks to start the flow -->
-<ipp:connectToIntuit></ipp:connectToIntuit>
+  <p>
+    <label><%= t(:label_invoice_count) %></label>
+    <%= Invoice.count %> 
+    <em style="color: #777; font-size: 0.9em; margin-left: 8px;">(@ <%= Item.last_sync %>)</em>
+  </p>
 
-<br/>
-<br/>
+  <p>
+    <label><%= t(:label_estimate_count) %></label>
+    <%= Estimate.count %> 
+    <em style="color: #777; font-size: 0.9em; margin-left: 8px;">(@ <%= Account.last_sync %>)</em>
+  </p>
 
-<div>
-    <b><%=t(:label_customer_count)%>:</b> <%= Customer.count%> @ <%= Customer.last_sync %>
-    </div>
-      
-    <div>
-        <b><%=t(:label_employee_count)%>:</b> <%= Employee.count %> @ <%= Employee.last_sync %>
-    </div>
-    
-    <div>
-        <b><%=t(:label_invoice_count)%>:</b> <%= Invoice.count %> @ <%= Invoice.last_sync%>
-    </div>
-    
-    <div>
-        <b><%=t(:label_estimate_count)%>:</b> <%= Estimate.count %> @ <%= Estimate.last_sync %>
-    </div>
-      
-    <br/>
-    
-    <div>
-        <b><%=t(:label_last_sync)%> </b> <%= Qbo.last_sync if Qbo.exists? %> <%= link_to t(:label_sync_now), qbo_sync_path %>
+  <p>
+    <label><%= t(:label_last_sync) %> (QBO)</label>
+    <%= Qbo.exists? ? Qbo.last_sync : 'Never synced' %>
+  </p>
 </div>
+
+<fieldset class="box">
+  <legend>Management & Synchronization</legend>
+  
+  <div style="margin-bottom: 20px;">
+    <ipp:connectToIntuit></ipp:connectToIntuit>
+  </div>
+
+  <div style="margin-bottom: 15px;">
+    <%= link_to t(:label_sync_now_customers), sync_customers_path, class: 'button icon icon-reload' %>
+    <%= link_to t(:label_sync_now_employees), employees_sync_path, class: 'button icon icon-reload' %>
+    <%= link_to t(:label_sync_now_invoices), invoices_sync_path, class: 'button icon icon-reload' %>
+    <%= link_to t(:label_sync_now_estimate), estimates_sync_path, class: 'button icon icon-reload' %>
+  </div>
+</fieldset>

assets/javascripts/autocomplete-rails.js

@@ -1 +0,0 @@
-!function(t){t.fn.railsAutocomplete=function(e){var a=function(){this.railsAutoCompleter||(this.railsAutoCompleter=new t.railsAutocomplete(this))};if(void 0!==t.fn.on){if(!e)return;return t(document).on("focus",e,a)}return this.live("focus",a)},t.railsAutocomplete=function(t){var e=t;this.init(e)},t.railsAutocomplete.options={showNoMatches:!0,noMatchesLabel:"no existing match"},t.railsAutocomplete.fn=t.railsAutocomplete.prototype={railsAutocomplete:"0.0.1"},t.railsAutocomplete.fn.extend=t.railsAutocomplete.extend=t.extend,t.railsAutocomplete.fn.extend({init:function(e){function a(t){return t.split(e.delimiter)}function i(t){return a(t).pop().replace(/^\s+/,"")}e.delimiter=t(e).attr("data-delimiter")||null,e.min_length=t(e).attr("data-min-length")||t(e).attr("min-length")||2,e.append_to=t(e).attr("data-append-to")||null,e.autoFocus=t(e).attr("data-auto-focus")||!1,t(e).autocomplete({appendTo:e.append_to,autoFocus:e.autoFocus,delay:t(e).attr("delay")||0,source:function(a,r){var n=this.element[0],o={term:i(a.term)};t(e).attr("data-autocomplete-fields")&&t.each(t.parseJSON(t(e).attr("data-autocomplete-fields")),function(e,a){o[e]=t(a).val()}),t.getJSON(t(e).attr("data-autocomplete"),o,function(){var a={};t.extend(a,t.railsAutocomplete.options),t.each(a,function(i,r){if(a.hasOwnProperty(i)){var n=t(e).attr("data-"+i);a[i]=n?n:r}}),0==arguments[0].length&&t.inArray(a.showNoMatches,[!0,"true"])>=0&&(arguments[0]=[],arguments[0][0]={id:"",label:a.noMatchesLabel}),t(arguments[0]).each(function(a,i){var r={};r[i.id]=i,t(e).data(r)}),r.apply(null,arguments),t(n).trigger("railsAutocomplete.source",arguments)})},change:function(e,a){if(t(this).is("[data-id-element]")&&""!==t(t(this).attr("data-id-element")).val()&&(t(t(this).attr("data-id-element")).val(a.item?a.item.id:"").trigger("change"),t(this).attr("data-update-elements"))){var i=t.parseJSON(t(this).attr("data-update-elements")),r=a.item?t(this).data(a.item.id.toString()):{};if(i&&""===t(i.id).val())return;for(var n in i){var o=t(i[n]);o.is(":checkbox")?null!=r[n]&&o.prop("checked",r[n]):o.val(a.item?r[n]:"").trigger("change")}}},search:function(){var t=i(this.value);return t.length<e.min_length?!1:void 0},focus:function(){return!1},select:function(i,r){if(r.item.value=r.item.value.toString(),-1!=r.item.value.toLowerCase().indexOf("no match")||-1!=r.item.value.toLowerCase().indexOf("too many results"))return t(this).trigger("railsAutocomplete.noMatch",r),!1;var n=a(this.value);if(n.pop(),n.push(r.item.value),null!=e.delimiter)n.push(""),this.value=n.join(e.delimiter);else if(this.value=n.join(""),t(this).attr("data-id-element")&&t(t(this).attr("data-id-element")).val(r.item.id).trigger("change"),t(this).attr("data-update-elements")){var o=r.item,l=-1!=r.item.value.indexOf("Create New")?!0:!1,u=t.parseJSON(t(this).attr("data-update-elements"));for(var s in u)"checkbox"===t(u[s]).attr("type")?o[s]===!0||1===o[s]?t(u[s]).attr("checked","checked"):t(u[s]).removeAttr("checked"):l&&o[s]&&-1==o[s].indexOf("Create New")||!l?t(u[s]).val(o[s]).trigger("change"):t(u[s]).val("").trigger("change")}var c=this.value;return t(this).bind("keyup.clearId",function(){t.trim(t(this).val())!=t.trim(c)&&(t(t(this).attr("data-id-element")).val("").trigger("change"),t(this).unbind("keyup.clearId"))}),t(e).trigger("railsAutocomplete.select",r),!1}}),t(e).trigger("railsAutocomplete.init")}}),t(document).ready(function(){t("input[data-autocomplete]").railsAutocomplete("input[data-autocomplete]")})}(jQuery);

assets/javascripts/autocomplete.js

@@ -0,0 +1,102 @@
+(function () {
+
+  // Helper: escape HTML for safety
+  function escapeHtml(str) {
+    return $("<div>").text(str).html();
+  }
+
+  // Helper: highlight all occurrences of term (case-insensitive)
+  function highlightTerm(text, term) {
+    if (!term) return text;
+    const escapedTerm = term.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    const regex = new RegExp("(" + escapedTerm + ")", "ig");
+    return text.replace(regex, "<strong>$1</strong>");
+  }
+
+  window.initCustomerAutocomplete = function(context) {
+    let scope = context || document;
+
+    $(scope).find(".customer-name").each(function() {
+      if ($(this).data("autocomplete-initialized")) return;
+      $(this).data("autocomplete-initialized", true);
+
+      let $input = $(this);
+
+      let ac = $input.autocomplete({
+        appendTo: "body",   // crucial for Redmine positioning
+        minLength: 2,
+
+        source: function(request, response) {
+          $.getJSON("/customers/autocomplete", { q: request.term })
+            .done(function(data) {
+              response(data.map(function(item) {
+                // combine secondary info
+                let secondary = [];
+                if (item.phone_number) secondary.push(item.phone_number);
+                if (item.mobile_phone_number) secondary.push(item.mobile_phone_number);
+
+                let meta = secondary.length ? " (" + secondary.join(" • ") + ")" : "";
+
+                // escape HTML to avoid XSS
+                let safeText = escapeHtml(item.name + meta);
+
+                return {
+                  label: item.name + meta,      // plain fallback
+                  value: item.name,             // goes into input
+                  id: item.id,
+                  html: highlightTerm(safeText, request.term)
+                };
+              }));
+            })
+            .fail(function() {
+              response([]);
+            });
+        },
+
+        select: function(event, ui) {
+          $input.val(ui.item.value);  // visible text
+          $("#issue_customer_id").val(ui.item.id); // hidden ID
+
+          // trigger Redmine form update safely
+          setTimeout(function() {
+            $("#issue_customer_id").trigger("change");
+          }, 0);
+
+          return false;
+        },
+
+        change: function(event, ui) {
+          // clear hidden field if no valid selection
+          if (!ui.item && !$input.val()) {
+            $("#issue_customer_id").val("");
+          }
+        }
+      });
+
+      // Render item HTML for highlight
+      ac.autocomplete("instance")._renderItem = function(ul, item) {
+        return $("<li>")
+          .append($("<div>").html(item.html))
+          .appendTo(ul);
+      };
+    });
+  };
+
+  // Re-init after Redmine AJAX form updates
+  $(document).on("ajaxComplete", function() {
+    if (window.initCustomerAutocomplete) {
+      window.initCustomerAutocomplete(document);
+    }
+  });
+
+  // Init on page load
+  $(document).ready(function() {
+    window.initCustomerAutocomplete(document);
+  });
+
+  // Also init on Turbo/Redmine load events
+  document.addEventListener("turbo:load", function() {
+    window.initCustomerAutocomplete(document);
+  });
+
+})();

assets/stylesheets/autocomplete.css

@@ -0,0 +1,5 @@
+/* Keep Redmine default look, just enhance metadata */
+.ui-autocomplete .autocomplete-meta {
+  color: #888;
+  font-size: 0.9em;
+}

config/locales/en.yml

@@ -82,6 +82,10 @@ en:
   label_shipping_address: "Shipping Address"
   label_sync: "Sync"
   label_sync_now: "Sync Now"
+  label_sync_now_customers: "Sync Customers"
+  label_sync_now_employees: "Sync Employees"
+  label_sync_now_invoices: "Sync Invoices"
+  label_sync_now_estimate: "Sync Estimates"
   label_syncing: "Syncing QuickBooks"
   label_trim: "Trim"
   label_webhook_token: "Intuit QBO Webhook Token"

config/routes.rb

@@ -14,14 +14,17 @@ get 'qbo/oauth_callback', to: 'qbo#oauth_callback'
 
 #manual sync
 get 'qbo/sync', to: 'qbo#sync'
+get 'invoices/sync', to: 'invoices#sync'
+get 'estimates/sync', to: 'estimates#sync'
+get 'employees/sync', to: 'employees#sync'
 
 #webhook
 post 'qbo/webhook', to: 'qbo#webhook'
 
 # Estimate & Invoice PDF
-get 'estimates/:id', to: 'estimate#show', as: :estimate
-get 'estimates/doc/', to: 'estimate#doc', as: :estimate_doc
-get 'invoices/:id', to: 'invoice#show', as: :invoice
+get 'estimates/:id', to: 'estimates#show', as: :estimate
+get 'estimates/doc/', to: 'estimates#doc', as: :estimate_doc
+get 'invoices/:id', to: 'invoices#show', as: :invoice
 
 #manual billing
 get 'bill/:id', to: 'qbo#bill', as: :bill
@@ -35,5 +38,8 @@ get 'filter_estimates_by_customer' => 'customers#filter_estimates_by_customer'
 get 'filter_invoices_by_customer' => 'customers#filter_invoices_by_customer'
 
 resources :customers do
-  get :autocomplete_customer_name, on: :collection
-end
+  collection do
+    get :autocomplete
+    get :sync
+  end
+end

init.rb

@@ -14,7 +14,7 @@ Redmine::Plugin.register :redmine_qbo do
   name 'Redmine QBO plugin'
   author 'Rick Barrette'
   description 'A pluging for Redmine to connect with QuickBooks Online to create Time Activity Entries for billable hours logged when an Issue is closed'
-  version '2026.3.7'
+  version '2026.3.12'
   url 'https://github.com/rickbarrette/redmine_qbo'
   author_url 'https://barrettefabrication.com'
   settings default: {empty: true}, partial: 'qbo/settings'

lib/redmine_qbo/hooks/issues_hook_listener.rb

@@ -23,13 +23,12 @@ module RedmineQbo
         project = context[:project]
 
         # Customer Name Text Box with database backed autocomplete
-        # onchange event will update the hidden customer_id field
-        search_customer = f.autocomplete_field :customer,
-          autocomplete_customer_name_customers_path,
-          selected: issue.customer,
-          update_elements: { 
-            id: '#issue_customer_id', 
-            value: '#issue_customer' 
+        # onchange event will update the hidden customer_id field        
+        search_customer = f.text_field :customer,
+          class: "customer-name",
+          autocomplete: "off",
+          data: {
+            autocomplete_url: "/customers/autocomplete"
           }
 
         # We need to handle 3 cases for the onchange event of the customer name field:

lib/redmine_qbo/hooks/view_hook_listener.rb

@@ -17,8 +17,9 @@ module RedmineQbo
       def view_layouts_base_html_head(context = {})
         safe_join([
           javascript_include_tag( 'application.js', plugin: :redmine_qbo),
-          javascript_include_tag( 'autocomplete-rails.js', plugin: :redmine_qbo),
-          javascript_include_tag( 'checkbox_controller.js', plugin: :redmine_qbo)
+          javascript_include_tag( 'autocomplete.js', plugin: :redmine_qbo),
+          javascript_include_tag( 'checkbox_controller.js', plugin: :redmine_qbo),
+          stylesheet_link_tag( 'autocomplete', plugin: :redmine_qbo)
         ])
       end