Refactor CustomerToken model for improved token management; streamline token generation and expiration handling, and enhance association with issues

Addressed the Bullet (the N+1 query detector) warning to include customers

app/controllers/customers_controller.rb

@@ -30,8 +30,6 @@ class CustomersController < ApplicationController
   before_action :view_customer, except: [:new, :view]
   skip_before_action :verify_authenticity_token, :check_if_login_required, only: [:view]
 
-  default_search_scope :names
-
   autocomplete :customer, :name, full: true, extra_data: [:id]
 
   def allowed_params
@@ -53,7 +51,7 @@ class CustomersController < ApplicationController
   # display a list of all customers
   def index
     if params[:search]
-      @customers = Customer.search(params[:search]).paginate(page: params[:page])
+      @customers = Customer.search(params[:search]).order(:name).paginate(page: params[:page])
       if only_one_non_zero?(@customers)
         redirect_to @customers.first
       end
@@ -136,60 +134,60 @@ class CustomersController < ApplicationController
 
   # creates new customer view tokens, removes expired tokens & redirects to newly created customer view with new token.
   def share
+    issue = Issue.find(params[:id])
 
-    Thread.new do
+    token = issue.share_token
-      logger.info "Removing expired customer tokens"
+    redirect_to view_path(token.token)
-      CustomerToken.remove_expired_tokens
-      ActiveRecord::Base.connection.close
-    end
 
-    begin
+  rescue ActiveRecord::RecordNotFound
-      issue = Issue.find_by_id(params[:id])
+    flash[:error] = t(:notice_issue_not_found)
-      redirect_to view_path issue.share_token.token
+    render_404
-    rescue
-      flash[:error] = t :notice_issue_not_found
-      render_404
-    end
   end
   
   # displays an issue for a customer with a provided security CustomerToken
   def view
+    User.current = User.anonymous
 
-    User.current = User.find_by lastname: 'Anonymous'
+    # Load only active, non-expired token
+    @token = CustomerToken.active.find_by(token: params[:token])
+    return render_403 unless @token
 
-    @token = CustomerToken.find_by token: params[:token]
+    # Load associated issue
-    begin
+    @issue = @token.issue
-      @token.destroy if @token.expired?
+    return render_403 unless @issue
-      raise "Token Expired" if @token.destroyed
-      
-      session[:token] = @token.token
-      @issue = Issue.find @token.issue_id
-      @journals = @issue.journals.
-        preload(:details).
-        preload(user: :email_address).
-        reorder(:created_on, :id).to_a
-      @journals.each_with_index {|j,i| j.indice = i+1}
-      @journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
-      Journal.preload_journals_details_custom_fields(@journals)
-      @journals.select! {|journal| journal.notes? || journal.visible_details.any?}
-      @journals.reverse! if User.current.wants_comments_in_reverse_order?
 
-      @changesets = @issue.changesets.visible.preload(:repository, :user).to_a
+    # Optional: enforce token belongs to the issue's customer
-      @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+    return render_403 unless @issue.customer_id == @token.issue.customer_id
 
-      @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
+    # Store token in session for subsequent requests if needed
-      @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    session[:token] = @token.token
-      @priorities = IssuePriority.active
+
-      @time_entry = TimeEntry.new(issue: @issue, project: @issue.project)
+    load_issue_data
-      @relation = IssueRelation.new
+  rescue ActiveRecord::RecordNotFound
-    rescue
+    render_403
-      flash[:error] = t :notice_forbidden
-      render_403
-    end
   end
 
   private
 
+  def load_issue_data
+    @journals = @issue.journals.preload(:details).preload(user: :email_address).reorder(:created_on, :id).to_a
+
+    @journals.each_with_index { |j, i| j.indice = i + 1 }
+    @journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
+    Journal.preload_journals_details_custom_fields(@journals)
+    @journals.select! { |journal| journal.notes? || journal.visible_details.any? }
+    @journals.reverse! if User.current.wants_comments_in_reverse_order?
+
+    @changesets = @issue.changesets.visible.preload(:repository, :user).to_a
+    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+
+    @relations = @issue.relations.select { |r| r.other_issue(@issue)&.visible? }
+    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    @priorities = IssuePriority.active
+    @time_entry = TimeEntry.new(issue: @issue, project: @issue.project)
+    @relation   = IssueRelation.new
+  end
+
   # redmine permission - add customers
   def add_customer
     global_check_permission(:add_customers)

app/controllers/qbo_controller.rb

@@ -62,80 +62,29 @@ class QboController < ApplicationController
   
   # Manual Billing
   def bill
-    i = Issue.find_by_id params[:id]
+    issue = Issue.find_by(id: params[:id])
-    if i.customer
+    return render_404 unless issue
-      billed = i.bill_time
 
-      if i.bill_time
+    unless issue.customer
-        redirect_to i, flash: { notice: I18n.t( :label_billed_success ) + i.customer.name }
+      redirect_to issue, flash: { error: I18n.t(:label_billing_error_no_customer) }
-      else
+      return
-        redirect_to i, flash: { error: I18n.t(:label_billing_error) }
-      end
-    else
-      redirect_to i, flash: { error: I18n.t(:label_billing_error_no_customer) }
-    end
-  end
-  
-  # Quickbooks Webhook Callback
-  def webhook
-
-    logger.info "Quickbooks is calling webhook"
-    
-    # check the payload
-    signature = request.headers['intuit-signature']
-    key = Setting.plugin_redmine_qbo['settingsWebhookToken']
-    data = request.body.read
-    hash = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha256'), key, data)).strip()
-    
-    # proceed if the request is good
-    if hash.eql? signature
-      Thread.new do
-        if request.headers['content-type'] == 'application/json'
-          data = JSON.parse(data)
-        else
-          # application/x-www-form-urlencoded
-          data = params.as_json
-        end
-        # Process the information
-        entities = data['eventNotifications'][0]['dataChangeEvent']['entities']
-        entities.each do |entity|
-          id = entity['id'].to_i
-          name = entity['name']
-        
-          logger.info "Casting #{name.constantize} to obj"
-
-          # Magicly initialize the correct class
-          obj = name.constantize
-
-          # for merge events
-          obj.destroy(entity['deletedId']) if entity['deletedId']
-          
-          #Check to see if we are deleting a record
-          if entity['operation'].eql? "Delete"
-            obj.destroy(id)
-          #if not then update!
-          else
-            begin
-              obj.sync_by_id(id)
-            rescue => e
-              logger.error "Failed to call sync_by_id on obj"
-              logger.error e.message
-              logger.error e.backtrace.join("\n")
-            end
-          end
-        end
-        
-        # Record that last time we updated
-        Qbo.update_time_stamp
-        ActiveRecord::Base.connection.close
-      end
-      # The webhook doesn't require a response but let's make sure we don't send anything
-      render nothing: true, status: 200
-    else
-      render nothing: true, status: 400
     end
 
-    logger.info "Quickbooks webhook complete"
+    unless issue.assigned_to&.employee_id.present?
+      redirect_to issue, flash: { error: I18n.t(:label_billing_error_no_employee) }
+      return
+    end
+
+    unless Qbo.first
+      redirect_to issue, flash: { error: I18n.t(:label_billing_error_no_qbo) }
+      return
+    end
+
+    BillIssueTimeJob.perform_later(issue.id)
+
+    redirect_to issue, flash: {
+      notice: I18n.t(:label_billing_enqueued) + " #{issue.customer.name}"
+    }
   end
 
   #
@@ -159,4 +108,33 @@ class QboController < ApplicationController
 
     redirect_to :home, flash: { notice: I18n.t(:label_syncing) }
   end
+
+  # QuickBooks Webhook Callback
+  def webhook
+    logger.info "QBO: Webhook received"
+
+    signature = request.headers['intuit-signature']
+    key       = Setting.plugin_redmine_qbo['settingsWebhookToken']
+    body      = request.raw_post
+
+    digest = OpenSSL::Digest.new('sha256')
+    computed = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, key, body))
+
+    unless secure_compare(computed, signature)
+      logger.warn "QBO: Invalid webhook signature"
+      head :unauthorized
+      return
+    end
+
+    WebhookProcessJob.perform_later(body)
+
+    head :ok
+  end
+
+  private
+
+  def secure_compare(a, b)
+    return false if a.blank? || b.blank?
+    ActiveSupport::SecurityUtils.secure_compare(a, b)
+  end
 end

app/jobs/bill_issue_time_job.rb

@@ -0,0 +1,108 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class BillIssueTimeJob < ActiveJob::Base
+  queue_as :default
+
+  def perform(issue_id)
+    issue = Issue.find(issue_id)
+
+    Rails.logger.debug "QBO: Starting billing for issue ##{issue.id}"
+
+    issue.with_lock do
+      unbilled_entries = issue.time_entries.where(billed: [false, nil]).lock
+
+      return if unbilled_entries.blank?
+
+      totals = aggregate_hours(unbilled_entries)
+      return if totals.blank?
+
+      qbo = Qbo.first
+      raise "No QBO configuration found" unless qbo
+
+      qbo.perform_authenticated_request do |access_token|
+        create_time_activities(issue, totals, access_token, qbo)
+      end
+
+      # Only mark billed AFTER successful QBO creation
+      unbilled_entries.update_all(billed: true)
+    end
+
+    Rails.logger.debug "QBO: Completed billing for issue ##{issue.id}"
+  rescue => e
+    Rails.logger.error "QBO: Billing failed for issue ##{issue_id} - #{e.message}"
+    raise e
+  end
+
+  private
+
+  def aggregate_hours(entries)
+    entries.includes(:activity)
+           .group_by { |e| e.activity&.name }
+           .transform_values { |rows| rows.sum(&:hours) }
+           .compact
+  end
+
+  def create_time_activities(issue, totals, access_token, qbo)
+    time_service = Quickbooks::Service::TimeActivity.new(
+      company_id: qbo.realm_id,
+      access_token: access_token
+    )
+
+    item_service = Quickbooks::Service::Item.new(
+      company_id: qbo.realm_id,
+      access_token: access_token
+    )
+
+    totals.each do |activity_name, hours_float|
+      next if activity_name.blank?
+      next if hours_float.to_f <= 0
+
+      item = find_item(item_service, activity_name)
+      next unless item
+
+      hours, minutes = convert_hours(hours_float)
+
+      time_entry = Quickbooks::Model::TimeActivity.new
+      time_entry.description     = build_description(issue)
+      time_entry.employee_id     = issue.assigned_to.employee_id
+      time_entry.customer_id     = issue.customer_id
+      time_entry.billable_status = "Billable"
+      time_entry.hours           = hours
+      time_entry.minutes         = minutes
+      time_entry.name_of         = "Employee"
+      time_entry.txn_date        = Date.today
+      time_entry.hourly_rate     = item.unit_price
+      time_entry.item_id         = item.id
+
+      Rails.logger.debug "QBO: Creating TimeActivity for #{activity_name} (#{hours}h #{minutes}m)"
+
+      time_service.create(time_entry)
+    end
+  end
+
+  def convert_hours(hours_float)
+    total_minutes = (hours_float.to_f * 60).round
+    hours = total_minutes / 60
+    minutes = total_minutes % 60
+    [hours, minutes]
+  end
+
+  def build_description(issue)
+    base = "#{issue.tracker} ##{issue.id}: #{issue.subject}"
+    return base if issue.closed?
+    "#{base} (Partial @ #{issue.done_ratio}%)"
+  end
+
+  def find_item(item_service, name)
+    safe = name.gsub("'", "\\\\'")
+    item_service.query("SELECT * FROM Item WHERE Name = '#{safe}'").first
+  end
+end

app/jobs/webhook_process_job.rb

@@ -0,0 +1,59 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class WebhookProcessJob < ActiveJob::Base
+  queue_as :default
+
+  ALLOWED_ENTITIES = %w[
+    Customer
+    Invoice
+    Estimate
+  ].freeze
+
+  def perform(raw_body)
+    data = JSON.parse(raw_body)
+
+    data.fetch('eventNotifications', []).each do |notification|
+      entities = notification.dig('dataChangeEvent', 'entities') || []
+
+      entities.each do |entity|
+        process_entity(entity)
+      end
+    end
+
+    Qbo.update_time_stamp
+  end
+
+  private
+
+  def process_entity(entity)
+    name = entity['name']
+    id   = entity['id']&.to_i
+
+    return unless ALLOWED_ENTITIES.include?(name)
+
+    model = name.safe_constantize
+    return unless model
+
+    if entity['deletedId']
+      model.destroy(entity['deletedId'])
+      return
+    end
+
+    if entity['operation'] == "Delete"
+      model.destroy(id)
+    else
+      model.sync_by_id(id)
+    end
+  rescue => e
+    Rails.logger.error "QBO Webhook entity processing failed"
+    Rails.logger.error e.message
+  end
+end

app/models/customer.rb

@@ -9,6 +9,9 @@
 #THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 class Customer < ActiveRecord::Base
+
+  include Redmine::Acts::Searchable
+  include Redmine::Acts::Event
   
   has_many :issues
   has_many :invoices
@@ -17,11 +20,16 @@ class Customer < ActiveRecord::Base
   validates_presence_of :id, :name
   
   self.primary_key = :id
-  
+
-  # returns a human readable string
+  acts_as_searchable columns: %w[name phone_number mobile_phone_number ],
-  def to_s
+                     scope: ->(_context) { left_joins(:project) },
-    return "#{self[:name]} - #{phone_number.split(//).last(4).join unless phone_number.nil?}"
+                     date_column: :updated_at
-  end
+
+  acts_as_event :title => Proc.new {|o| "#{o}"},
+                :url => Proc.new {|o| { :controller => 'customers', :action => 'show', :id => o.id} },
+                :type => :to_s,
+                :description => Proc.new {|o| "#{I18n.t :label_primary_phone}: #{o.phone_number} #{I18n.t:label_mobile_phone}: #{o.mobile_phone_number}"},
+                :datetime => Proc.new {|o| o.updated_at || o.created_at}
   
   # Convenience Method
   # returns the customer's email
@@ -40,7 +48,7 @@ class Customer < ActiveRecord::Base
     pull unless @details
     @details.email_address = s
   end
-  
+
   # Convenience Method
   # returns the customer's primary phone
   def primary_phone
@@ -62,7 +70,13 @@ class Customer < ActiveRecord::Base
     #update our locally stored number too
     update_phone_number
   end
-  
+
+  # Customers are not bound by a project
+  # but we need to implement this method for the Redmine::Acts::Searchable interface
+  def project
+    nil
+  end
+
   # Convenience Method
   # returns the customer's mobile phone
   def mobile_phone
@@ -166,11 +180,25 @@ class Customer < ActiveRecord::Base
       end
     end
   end
-  
+
-  # Searchs the database for a customer by name or phone number with out special chars
+  # Seach for customers by name or phone number
   def self.search(search)
-    customers = where("name LIKE ? OR phone_number LIKE ? OR mobile_phone_number LIKE ?", "%#{search}%", "%#{search}%", "%#{search}%")
+    search = sanitize_sql_like(search)
-    return customers.order(:name)
+    where("name LIKE ? OR phone_number LIKE ? OR mobile_phone_number LIKE ?", "%#{search}%", "%#{search}%", "%#{search}%")
+  end
+
+  # Override the defult redmine seach method to rank results by id
+  def self.search_result_ranks_and_ids(tokens, user, project = nil, options = {})
+    return {} if tokens.blank?
+
+    scope = self.all
+
+    tokens.each do |token|
+      scope = scope.search(token)
+    end
+
+    ids = scope.distinct.limit(options[:limit] || 100).pluck(:id)
+    ids.index_with { |id| id }
   end
   
   # proforms a bruteforce sync operation
@@ -200,22 +228,32 @@ class Customer < ActiveRecord::Base
     end
   end
   
+  # returns a human readable string
+  def to_s
+    return "#{self[:name]} - #{phone_number.split(//).last(4).join unless phone_number.nil?}"
+  end
+
   # Push the updates
   def save_with_push
     begin
       qbo = Qbo.first
       @details = qbo.perform_authenticated_request do |access_token|
-        service = Quickbooks::Service::Customer.new(company_id: qbo.realm_id, access_token: access_token)
+        service = Quickbooks::Service::Customer.new(
+          company_id: qbo.realm_id,
+          access_token: access_token
+        )
         service.update(@details)
       end
-      #raise "QBO Fault" if @details.fault?
+
       self.id = @details.id
-    rescue Exception => e
+    rescue => e
-      errors.add(e.message)
+      errors.add(:base, e.message)
+      return false
     end
+
     save_without_push
   end
-  
+
   alias_method :save_without_push, :save
   alias_method :save, :save_with_push
   

app/models/customer_token.rb

@@ -8,54 +8,44 @@
 #
 #THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-class CustomerToken < ActiveRecord::Base
+class CustomerToken < ApplicationRecord
-  
+  belongs_to :issue
-  has_many :issues
-  validates_presence_of :issue_id
-  before_create :generate_token, :generate_expire_date
-  attr_accessor :destroyed
-  after_destroy :mark_as_destroyed
 
-  OAUTH_CONSUMER_SECRET = Setting.plugin_redmine_qbo['settingsOAuthConsumerSecret'] || 'CONFIGURE__' + SecureRandom.uuid
+  validates :issue_id, presence: true
-  
+  validates :token, presence: true, uniqueness: true
-  # generates a random token using the plugin setting settingsOAuthConsumerSecret for salt
-  def generate_token
-    self.token = SecureRandom.base64(15).tr('+/=lIO0', OAUTH_CONSUMER_SECRET)
-  end
 
-  # generates an expiring date
+  before_validation :generate_token, on: :create
-  def generate_expire_date
+  before_validation :generate_expire_date, on: :create
-    self.expires_at = Time.now + 1.month
-  end
 
-  # set destroyed flag
+  scope :active, -> { where("expires_at > ?", Time.current) }
-  def mark_as_destroyed
+
-    self.destroyed = true
+  TOKEN_EXPIRATION = 1.month
-  end
 
-  # purge expired tokens
-  def self.remove_expired_tokens
-    where("expires_at < ?", Time.now).destroy_all
-  end
-  
-  # has the token expired?
   def expired?
-    self.expires_at < Time.now
+    expires_at.present? && expires_at <= Time.current
+  end
+
+  def self.remove_expired_tokens
+    where("expires_at <= ?", Time.current).delete_all
   end
 
-  # Getter convenience method for tokens
   def self.get_token(issue)
-    
+    return unless issue
-    # check to see if token exists & if it is expired
+    return unless User.current.allowed_to?(:view_issues, issue.project)
-    token = find_by_issue_id issue.id
-    unless token.nil?
-      return token unless token.expired?
-      # remove expired tokens
-      token.destroy
-    end
 
-    # only create new token if we have an issue to attach it to
+    token = active.find_by(issue_id: issue.id)
-    return create(issue_id: issue.id) if User.current.logged?
+    return token if token
+
+    create!(issue: issue)
   end
 
-end
+  private
+
+  def generate_token
+    self.token ||= SecureRandom.urlsafe_base64(32)
+  end
+
+  def generate_expire_date
+    self.expires_at ||= Time.current + TOKEN_EXPIRATION
+  end
+end

app/views/customers/_search.html.erb

@@ -1,4 +1,4 @@
-<%= form_tag(customers_path, method: "get", id: "search-form") do %>
+<%= form_tag(customers_path, method: "get", id: "customer-search-form") do %>
     <%= text_field_tag :search, params[:search], placeholder: t(:label_search_customers), autocomplete: "off" %>
     <%= submit_tag t(:label_search) %>
 <% end %>

app/views/estimates/_search.html.erb

@@ -1,4 +1,4 @@
-<%= form_tag(estimate_doc_path, method: "get") do %>
+<%= form_tag(estimate_doc_path, method: "get", id: "estimate-search-form") do %>
     <%= text_field_tag :search, params[:search], placeholder: t(:label_search_estimates), autocomplete: "off" %>
     <%= submit_tag t(:label_search), formtarget: "_blank" %>
 <% end %>

config/locales/en.yml

@@ -29,6 +29,9 @@ en:
   label_billing_address: "Billing Address"
   label_billing_error: "Customer could not be billed. Check for Customer or Assignee and try again."
   label_billing_error_no_customer: "Cannot bill without an assigned customer."
+  label_billing_error_no_employee: "Cannot bill without an assigned employee."
+  label_billing_error_no_qbo: "Cannot bill without a QuickBooks connection. Please connect to QuickBooks and try again."
+  label_billing_enqueued: "Billing has been enqueued for issue"
   label_billed_success: "Successfully billed "
   label_client_id: "Intuit QBO OAuth2 Client ID"
   label_client_secret: "Intuit QBO OAuth2 Client Secret"

db/migrate/038_add_customers_timestamp.rb

@@ -0,0 +1,15 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class AddCustomersTimestamp < ActiveRecord::Migration[5.1]
+  def change
+    add_timestamps(:customers, null: true)
+  end
+end

db/migrate/039_add_full_text_index_to_customers.rb

@@ -0,0 +1,16 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class AddFullTextIndexToCustomers < ActiveRecord::Migration[7.0]
+  def change
+    # This creates a combined index for name and phone fields
+    add_index :customers, [:name, :phone_number, :mobile_phone_number], type: :fulltext, name: 'ft_search_idx'
+  end
+end

init.rb

@@ -14,7 +14,7 @@ Redmine::Plugin.register :redmine_qbo do
   name 'Redmine QBO plugin'
   author 'Rick Barrette'
   description 'A pluging for Redmine to connect with QuickBooks Online to create Time Activity Entries for billable hours logged when an Issue is closed'
-  version '2026.2.8'
+  version '2026.2.15'
   url 'https://github.com/rickbarrette/redmine_qbo'
   author_url 'https://barrettefabrication.com'
   settings default: {empty: true}, partial: 'qbo/settings'
@@ -37,6 +37,10 @@ Redmine::Plugin.register :redmine_qbo do
   # Register top menu items
   menu :top_menu, :customers, { controller: :customers, action: :index }, caption: :label_customers, if: Proc.new {User.current.logged?}
     
+  Redmine::Search.map do |search|
+    search.register :customers
+  end
+
 end
 
 # Dynamically load all Hooks & Patches recursively

lib/redmine_qbo/patches/issue_patch.rb

@@ -12,123 +12,59 @@ require_dependency 'issue'
 
 module RedmineQbo
   module Patches
-
-    # Patches Redmine's Issues dynamically.
-    # Adds relationships for customers, estimates, invoices, customer_tokens
-    # Adds before and after save hooks
     module IssuePatch
 
-      def self.included(base) # :nodoc:
+      def self.included(base)
         base.extend(ClassMethods)
-
         base.send(:include, InstanceMethods)
 
-        # Same as typing in the class 
         base.class_eval do
-          belongs_to :customer, primary_key: :id
+          belongs_to :customer, class_name: 'Customer', foreign_key: :customer_id, optional: true
           belongs_to :customer_token, primary_key: :id
           belongs_to :estimate, primary_key: :id
           has_and_belongs_to_many :invoices
+
           before_save :titlize_subject
-          after_save :bill_time
+          after_commit :enqueue_billing, on: :update
         end
-        
       end
-        
+
       module ClassMethods
-        
+
       end
-      
+
       module InstanceMethods
-        
-        # Create billable time entries
-        def bill_time
-          logger.debug "QBO: Billing time for issue ##{id}"
-          return false if assigned_to.nil?
-          return false unless Qbo.first 
-          return false unless customer 
 
-          Thread.new do
+        def enqueue_billing
-            spent_time = time_entries.where(billed: [false, nil])
+          Rails.logger.debug "QBO: Checking if issue needs to be billed for issue ##{id}"
-            spent_hours ||= spent_time.sum(:hours) || 0
+          #return unless saved_change_to_status_id?
-            
+          return unless closed?
-            if spent_hours > 0 then
+          return unless customer.present?
-              
+          return unless assigned_to&.employee_id.present?
-              # Prepare to create a new Time Activity
+          return unless Qbo.first
-              qbo = Qbo.first
-              qbo.perform_authenticated_request do |access_token|
-                time_service = Quickbooks::Service::TimeActivity.new(company_id: qbo.realm_id, access_token: access_token)
-                item_service = Quickbooks::Service::Item.new(company_id: qbo.realm_id, access_token: access_token)
-                time_entry = Quickbooks::Model::TimeActivity.new
-        
-                # Lets total up each activity before billing.
-                # This will simpify the invoicing with a single billable time entry per time activity
-                h = Hash.new(0)
-                spent_time.each do |entry|
-                  h[entry.activity.name] += entry.hours
-                  # update time entries billed status
-                  entry.billed = true
-                  entry.save
-                end
-                
-                # Now letes upload our totals for each activity as their own billable time entry
-                h.each do |key, val|
-                  
-                  # Convert float spent time to hours and minutes
-                  hours = val.to_i
-                  minutesDecimal = (( val - hours) * 60)
-                  minutes = minutesDecimal.to_i
 
-                  # Lets match the activity to an qbo item
+          Rails.logger.debug "QBO: Enqueuing billing for issue ##{id}"
-                  item = item_service.query("SELECT * FROM Item WHERE Name = '#{key}' ").first
+          BillIssueTimeJob.perform_later(id)
-                  next if item.nil?
+        end
-                  
+
-                  # Create the new billable time entry and upload it
+        def titlize_subject
-                  time_entry.description = "#{tracker} ##{id}: #{subject} #{"(Partial @ #{done_ratio}%)" if not closed?}"
+          Rails.logger.debug "QBO: Titlizing subject for issue ##{id}"
-                  time_entry.employee_id = assigned_to.employee_id 
+
-                  time_entry.customer_id = customer_id
+          self.subject = subject.split(/\s+/).map do |word|
-                  time_entry.billable_status = "Billable"
+            if word =~ /[A-Z]/ && word =~ /[0-9]/
-                  time_entry.hours = hours
+              word
-                  time_entry.minutes = minutes
+            else
-                  time_entry.name_of = "Employee"
+              word.capitalize
-                  time_entry.txn_date = Date.today
-                  time_entry.hourly_rate = item.unit_price
-                  time_entry.item_id = item.id 
-                  time_entry.start_time = start_date
-                  time_entry.end_time = Time.now
-                  time_service.create(time_entry)
-                end
-              end
             end
-          end
+          end.join(' ')
-          return true
         end
       end
-      
+
-      # Create a shareable link for a customer
       def share_token
-        CustomerToken.get_token self
+        CustomerToken.get_token(self)
       end
-      
+    end
-      # Titleize the subject before save , but keep words containing numbers mixed with letters capitalized
-      def titlize_subject
-        logger.debug "QBO: Titlizing subject for issue ##{self.id}"
-        self.subject = self.subject.split(/\s+/).map do |word|
-          # If word is NOT purely alphanumeric (contains special chars),
-          # or is all upper/lower, we can handle it.
-          # excluding alphanumeric strings with mixed case and numbers (e.g., "ID555ABC") from being altered.
-          if word =~ /[A-Z]/ && word =~ /[0-9]/
-            word
-          else
-            word.downcase
-            word.capitalize
-          end
-        end.join(' ')
-      end
-    end  
 
-    # Add module to Issue
     Issue.send(:include, IssuePatch)
-
   end
 end

lib/redmine_qbo/patches/query_patch.rb

@@ -13,6 +13,20 @@ require_dependency 'issue_query'
 module RedmineQbo
   module Patches
     module QueryPatch
+
+      def base_scope
+        scope = super
+
+        if filters['customer_name'].present?
+          scope = scope.left_outer_joins(:customer)
+        end
+
+        if has_column?(:customer) || filters['customer_name'].present?
+          scope = scope.includes(:customer)
+        end
+
+        scope
+      end
       
       # Add qbo options to the aviable columns
       def available_columns
@@ -26,10 +40,27 @@ module RedmineQbo
       
       # Add customers to filters
       def initialize_available_filters
-        #add_available_filter "customer", type: :text
+        #add_available_filter "customer_id", type: :list, name: l(:field_customer), :values => lambda {Customer.pluck(:name, :id).map {|name, id| [name, id.to_s]}}
+        add_available_filter( 'customer_name', type: :text, name: l(:field_customer))
         super
       end
 
+      def sql_for_customer_name_field(field, operator, value)
+        pattern = "%#{value.first}%"
+
+        sql = case operator
+              when '~'
+                "#{Customer.table_name}.name LIKE ?"
+              when '!~'
+                "#{Customer.table_name}.name NOT LIKE ?"
+              else
+                return nil
+              end
+
+        Issue.joins(:customer).sanitize_sql_for_conditions([sql, pattern])
+      end
+
+
     end
 
     # Add module to Issue