DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-10 15:44:11 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity
snipe-it/app/Http/Controllers/UsersController.php

1272 lines
46 KiB
PHP
Raw Normal View History

Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
<?php
namespace App\Http\Controllers;
use App\Http\Requests\AssetFileRequest;
use App\Helpers\Helper;
use App\Models\Accessory;
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
use App\Models\LicenseSeat;
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
use App\Models\Actionlog;
use App\Models\Asset;
Fixes #1997 and #1996 - replace sentry functions
2016-04-28 21:59:43 -07:00
use App\Models\Group;
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
use App\Models\Company;
use App\Models\Location;
use App\Models\Setting;
use App\Models\Statuslabel;
Use form request for user add/edit to handle password and password confirmation
2016-06-06 14:15:50 -07:00
use App\Http\Requests\SaveUserRequest;
Janky-ass form request stuff
2016-06-06 21:02:06 -07:00
use App\Http\Requests\UpdateUserRequest;
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
use App\Models\User;
Reworked LDAP login. Fixes #2218 LDAP no longer fails completely when the connection settings are wrong, or when app key is messed up. Rather than auth as the admin user and search, we auth as the user themselves. Admin auth is only for LDAP sync now. This should mean much fewer problems with donked LDAP settings and login.
2016-07-13 05:50:24 -07:00
use App\Models\Ldap;
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
use Auth;
use Config;
use Crypt;
use DB;
use HTML;
use Illuminate\Support\Facades\Log;
use Input;
use Lang;
use League\Csv\Reader;
use Mail;
use Redirect;
use Response;
use Str;
use Symfony\Component\HttpFoundation\JsonResponse;
use URL;
use View;
Fixes groups for cloning users
2016-06-02 00:41:10 -07:00
use Illuminate\Http\Request;
Fixes #2346
2016-07-28 08:39:28 -07:00
use Gate;
Fixes groups for cloning users
2016-06-02 00:41:10 -07:00
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
/**
Updated docblocks
2016-04-07 13:21:09 -07:00
* This controller handles all actions related to Users for
* the Snipe-IT Asset Management application.
*
* @version v1.0
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
*/
Bump up memory for LDAP import of large number of users
2016-06-21 12:22:10 -07:00
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
class UsersController extends Controller
{
/**
* Returns a view that invokes the ajax tables which actually contains
* the content for the users listing, which is generated in getDatatable().
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @see UsersController::getDatatable() method that generates the JSON response
* @since [v1.0]
* @return View
*/
public function getIndex()
{
return View::make('users/index');
}
/**
* Returns a view that displays the user creation form.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @return View
*/
public function getCreate()
{
Fixes #1997 - save user groups without Sentry crap
2016-05-12 15:26:48 -07:00
$groups = Group::pluck('name', 'id');
if (Input::old('groups')) {
$userGroups = Group::whereIn('id', Input::old('groups'))->pluck('name', 'id');
Fixes #1997 and #1996 - replace sentry functions
2016-04-28 21:59:43 -07:00
} else {
$userGroups = collect();
}
Moved group sync
2016-06-15 11:51:10 -07:00
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$permissions = config('permissions');
Fixes #1996 - replace old Sentry methods with laravel native
2016-05-09 15:40:27 -07:00
$userPermissions = Helper::selectedPermissionsArray($permissions, Input::old('permissions', array()));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$location_list = Helper::locationsList();
$manager_list = Helper::managerList();
$company_list = Helper::companyList();
return View::make('users/edit', compact('groups', 'userGroups', 'permissions', 'userPermissions'))
->with('location_list', $location_list)
->with('manager_list', $manager_list)
->with('company_list', $company_list)
->with('user', new User);
}
/**
* Validate and store the new user data, or return an error.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @return Redirect
*/
Janky-ass form request stuff
2016-06-06 21:02:06 -07:00
public function postCreate(SaveUserRequest $request)
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
{
Cleanup namespaces a bit
2016-03-25 19:26:22 -07:00
$user = new User;
Extract common data from UserController postCreate and postEdit into a helper method. Use this method to store data about user. Fixes #2200
2016-06-27 19:47:21 -07:00
//Username, email, and password need to be handled specially because the need to respect config values on an edit.
Use form request for user add/edit to handle password and password confirmation
2016-06-06 14:15:50 -07:00
$user->email = $data['email'] = e($request->input('email'));
$user->username = $data['username'] = e($request->input('username'));
if ($request->has('password')) {
$user->password = bcrypt($request->input('password'));
$data['password'] = $request->input('password');
}
Move checks back into methods instead of having an extra helper method. Also remove unnecessary lock_passwords checks because there is a check at the top of the method that does this already.
2016-06-27 21:11:59 -07:00
// Update the user
$user->first_name = e($request->input('first_name'));
$user->last_name = e($request->input('last_name'));
$user->locale = e($request->input('locale'));
$user->employee_num = e($request->input('employee_num'));
$user->activated = e($request->input('activated', $user->activated));
$user->jobtitle = e($request->input('jobtitle'));
$user->phone = e($request->input('phone'));
$user->location_id = e($request->input('location_id'));
$user->company_id = e(Company::getIdForUser($request->input('company_id')));
$user->manager_id = e($request->input('manager_id'));
$user->notes = e($request->input('notes'));
$user->permissions = json_encode($request->input('permission'));
if ($user->manager_id == "") {
$user->manager_id = null;
}
if ($user->location_id == "") {
$user->location_id = null;
}
if ($user->company_id == "") {
$user->company_id = null;
}
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
Use form request for user add/edit to handle password and password confirmation
2016-06-06 14:15:50 -07:00
Moved group sync
2016-06-15 11:51:10 -07:00
if ($user->save()) {
Fixes #2048
2016-05-17 21:15:29 -07:00
Moved group sync
2016-06-15 11:51:10 -07:00
if ($request->has('groups')) {
$user->groups()->sync($request->input('groups'));
} else {
$user->groups()->sync(array());
}
Pass users path to get_src
2016-07-28 05:49:41 -07:00
Fixes groups for cloning users
2016-06-02 00:41:10 -07:00
if (($request->input('email_user') == 1) && ($request->has('email'))) {
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Send the credentials through email
$data = array();
Use form request for user add/edit to handle password and password confirmation
2016-06-06 14:15:50 -07:00
$data['email'] = e($request->input('email'));
$data['username'] = e($request->input('username'));
$data['first_name'] = e($request->input('first_name'));
$data['password'] = e($request->input('password'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
Mail::send('emails.send-login', $data, function ($m) use ($user) {
$m->to($user->email, $user->first_name . ' ' . $user->last_name);
Add reply-to config setting
2016-09-20 07:20:10 -07:00
$m->replyTo(config('mail.reply_to.address'), config('mail.reply_to.name'));
Translate emails (#2652) * commit temporal * final translation commit -- added email translations * final translation commit -- removed file for spanish translations * final translation commit -- removed file for spanish translations * added missing translations * method overrided and config files back to default * config files back to default * config files back to default
2016-09-26 14:13:07 -07:00
$m->subject(trans('mail.welcome', ['name' => $user->first_name]));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
});
}
return redirect::route('users')->with('success', trans('admin/users/message.success.create'));
}
Formatting fixes for coding standards
2016-06-22 12:27:41 -07:00
return redirect()->back()->withInput()->withErrors($user->getErrors());
Use form request for user add/edit to handle password and password confirmation
2016-06-06 14:15:50 -07:00
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
/**
Fixes #1997 and #1996 - replace sentry functions
2016-04-28 21:59:43 -07:00
* JSON handler for creating a user through a modal popup
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
*
Allow admin to add user on checkout screen
2016-06-09 00:36:52 -07:00
* @todo Handle validation more graciously
Fixes #1997 and #1996 - replace sentry functions
2016-04-28 21:59:43 -07:00
* @author [B. Wetherington] [<uberbrady@gmail.com>]
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
* @since [v1.8]
* @return string JSON
*/
public function store()
{
Allow admin to add user on checkout screen
2016-06-09 00:36:52 -07:00
$user = new User;
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$inputs = Input::except('csrf_token', 'password_confirm', 'groups', 'email_user');
$inputs['activated'] = true;
Allow admin to add user on checkout screen
2016-06-09 00:36:52 -07:00
$user->first_name = e(Input::get('first_name'));
$user->last_name = e(Input::get('last_name'));
$user->username = e(Input::get('username'));
$user->email = e(Input::get('email'));
if (Input::has('password')) {
$user->password = bcrypt(Input::get('password'));
}
$user->activated = true;
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Was the user created?
if ($user->save()) {
if (Input::get('email_user') == 1) {
// Send the credentials through email
$data = array();
$data['email'] = e(Input::get('email'));
$data['first_name'] = e(Input::get('first_name'));
Allow admin to add user on checkout screen
2016-06-09 00:36:52 -07:00
$data['last_name'] = e(Input::get('last_name'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$data['password'] = e(Input::get('password'));
Mail::send('emails.send-login', $data, function ($m) use ($user) {
$m->to($user->email, $user->first_name . ' ' . $user->last_name);
Add reply-to config setting
2016-09-20 07:20:10 -07:00
$m->replyTo(config('mail.reply_to.address'), config('mail.reply_to.name'));
Translate emails (#2652) * commit temporal * final translation commit -- added email translations * final translation commit -- removed file for spanish translations * final translation commit -- removed file for spanish translations * added missing translations * method overrided and config files back to default * config files back to default * config files back to default
2016-09-26 14:13:07 -07:00
$m->subject(trans('mail.welcome', ['name' => $user->first_name]));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
});
}
return JsonResponse::create($user);
} else {
return JsonResponse::create(["error" => "Failed validation: " . print_r($user->getErrors(), true)], 500);
}
}
/**
* Returns a view that displays the edit user form
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $id
* @return View
*/
public function getEdit($id = null)
{
try {
// Get the user information
$user = User::find($id);
Fixes #1997 and #1996 - replace sentry functions
2016-04-28 21:59:43 -07:00
$permissions = config('permissions');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
if (!Company::isCurrentUserHasAccess($user)) {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', trans('general.insufficient_permissions'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
Fixes #1997 and #1996 - replace sentry functions
2016-04-28 21:59:43 -07:00
$groups = Group::pluck('name', 'id');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
Fixes #1997 and #1996 - replace sentry functions
2016-04-28 21:59:43 -07:00
$userGroups = $user->groups()->pluck('name', 'id');
$user->permissions = $user->decodePermissions();
$userPermissions = Helper::selectedPermissionsArray($permissions, $user->permissions);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$location_list = Helper::locationsList();
$company_list = Helper::companyList();
Fixes #1996 - replace old Sentry methods with laravel native
2016-05-09 15:40:27 -07:00
$manager_list = Helper::managerList();
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
} catch (UserNotFoundException $e) {
// Prepare the error message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$error = trans('admin/users/message.user_not_found', compact('id'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', $error);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
// Show the page
return View::make('users/edit', compact('user', 'groups', 'userGroups', 'permissions', 'userPermissions'))
->with('location_list', $location_list)
->with('company_list', $company_list)
->with('manager_list', $manager_list);
}
/**
* Validate and save edited user data from edit form.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $id
* @return Redirect
*/
Janky-ass form request stuff
2016-06-06 21:02:06 -07:00
public function postEdit(UpdateUserRequest $request, $id = null)
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
{
// We need to reverse the UI specific logic for our
// permissions here before we update the user.
Use form request for user add/edit to handle password and password confirmation
2016-06-06 14:15:50 -07:00
$permissions = $request->input('permissions', array());
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
app('request')->request->set('permissions', $permissions);
// Only update the email address if locking is set to false
if (config('app.lock_passwords')) {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', 'Denied! You cannot update user information on the demo.');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
try {
// Get the user information
$user = User::find($id);
if (!Company::isCurrentUserHasAccess($user)) {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', trans('general.insufficient_permissions'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
} catch (UserNotFoundException $e) {
// Prepare the error message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$error = trans('admin/users/message.user_not_found', compact('id'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', $error);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
Extract common data from UserController postCreate and postEdit into a helper method. Use this method to store data about user. Fixes #2200
2016-06-27 19:47:21 -07:00
// First handle anything exclusive to editing.
Added inheritance back into users/groups
2016-06-15 20:45:45 -07:00
if ($request->has('groups')) {
$user->groups()->sync($request->input('groups'));
} else {
$user->groups()->sync(array());
}
Move checks back into methods instead of having an extra helper method. Also remove unnecessary lock_passwords checks because there is a check at the top of the method that does this already.
2016-06-27 21:11:59 -07:00
// Do we want to update the user password?
if ($request->has('password')) {
$user->password = bcrypt($request->input('password'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
Move checks back into methods instead of having an extra helper method. Also remove unnecessary lock_passwords checks because there is a check at the top of the method that does this already.
2016-06-27 21:11:59 -07:00
if ( $request->has('username')) {
$user->username = e($request->input('username'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
Move checks back into methods instead of having an extra helper method. Also remove unnecessary lock_passwords checks because there is a check at the top of the method that does this already.
2016-06-27 21:11:59 -07:00
$user->email = e($request->input('email'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
Extract common data from UserController postCreate and postEdit into a helper method. Use this method to store data about user. Fixes #2200
2016-06-27 19:47:21 -07:00
// Update the user
$user->first_name = e($request->input('first_name'));
$user->last_name = e($request->input('last_name'));
$user->locale = e($request->input('locale'));
$user->employee_num = e($request->input('employee_num'));
$user->activated = e($request->input('activated', $user->activated));
$user->jobtitle = e($request->input('jobtitle'));
$user->phone = e($request->input('phone'));
$user->location_id = e($request->input('location_id'));
$user->company_id = e(Company::getIdForUser($request->input('company_id')));
$user->manager_id = e($request->input('manager_id'));
$user->notes = e($request->input('notes'));
$user->permissions = json_encode($request->input('permission'));
if ($user->manager_id == "") {
$user->manager_id = null;
}
if ($user->location_id == "") {
$user->location_id = null;
}
if ($user->company_id == "") {
$user->company_id = null;
}
Move checks back into methods instead of having an extra helper method. Also remove unnecessary lock_passwords checks because there is a check at the top of the method that does this already.
2016-06-27 21:11:59 -07:00
// Was the user updated?
if ($user->save()) {
// Prepare the success message
$success = trans('admin/users/message.success.update');
// Redirect to the user page
return redirect()->route('users')->with('success', $success);
}
return redirect()->back()->withInput()->withErrors($user->getErrors());
Extract common data from UserController postCreate and postEdit into a helper method. Use this method to store data about user. Fixes #2200
2016-06-27 19:47:21 -07:00
}
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
/**
* Delete a user
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $id
* @return Redirect
*/
public function getDelete($id = null)
{
try {
// Get user information
$user = User::find($id);
// Check if we are not trying to delete ourselves
if ($user->id === Auth::user()->id) {
// Prepare the error message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$error = trans('admin/users/message.error.delete');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', $error);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
// Do we have permission to delete this user?
if ((!Auth::user()->isSuperUser()) || (config('app.lock_passwords'))) {
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', 'Insufficient permissions!');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
if (count($user->assets) > 0) {
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', 'This user still has ' . count($user->assets) . ' assets associated with them.');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
if (count($user->licenses) > 0) {
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', 'This user still has ' . count($user->licenses) . ' licenses associated with them.');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
Check for accessories
2016-04-21 21:01:45 -07:00
if (count($user->accessories) > 0) {
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', 'This user still has ' . count($user->accessories) . ' accessories associated with them.');
Check for accessories
2016-04-21 21:01:45 -07:00
}
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Delete the user
$user->delete();
// Prepare the success message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$success = trans('admin/users/message.success.delete');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('success', $success);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
} catch (UserNotFoundException $e) {
// Prepare the error message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$error = trans('admin/users/message.user_not_found', compact('id'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', $error);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
}
/**
* Returns a view that confirms the user's a bulk delete will be applied to.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.7]
* @return View
*/
public function postBulkEdit()
{
if ((!Input::has('edit_user')) || (count(Input::has('edit_user')) == 0)) {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->back()->with('error', 'No users selected');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
} else {
$statuslabel_list = Helper::statusLabelList();
$user_raw_array = array_keys(Input::get('edit_user'));
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
$licenses = DB::table('license_seats')->whereIn('assigned_to', $user_raw_array)->get();
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
//print_r($licenses);
Formatting fixes for coding standards
2016-06-22 12:27:41 -07:00
$users = User::whereIn('id', $user_raw_array)->with('groups', 'assets', 'licenses', 'accessories')->get();
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
// $users = Company::scopeCompanyables($users)->get();
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
return View::make('users/confirm-bulk-delete', compact('users', 'statuslabel_list'));
}
}
/**
* Soft-delete bulk users
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @return Redirect
*/
public function postBulkSave()
{
if ((!Input::has('edit_user')) || (count(Input::has('edit_user')) == 0)) {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->back()->with('error', 'No users selected');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
} elseif ((!Input::has('status_id')) || (count(Input::has('status_id')) == 0)) {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', 'No status selected');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
} else {
$user_raw_array = Input::get('edit_user');
$asset_array = array();
if (($key = array_search(Auth::user()->id, $user_raw_array)) !== false) {
unset($user_raw_array[$key]);
}
if (!Auth::user()->isSuperUser()) {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', trans('admin/users/message.insufficient_permissions'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
if (!config('app.lock_passwords')) {
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
$users = User::whereIn('id', $user_raw_array)->get();
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$assets = Asset::whereIn('assigned_to', $user_raw_array)->get();
$accessories = DB::table('accessories_users')->whereIn('assigned_to', $user_raw_array)->get();
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
$licenses = DB::table('license_seats')->whereIn('assigned_to', $user_raw_array)->get();
$license_array = array();
$accessory_array = array();
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
foreach ($assets as $asset) {
$asset_array[] = $asset->id;
// Update the asset log
$logaction = new Actionlog();
Actionlog Class: Improvements and polymorphism (#2561) * Save progress * Create a new action_log table to replace asset_log. Use Polymorphism to generalize class and targets. Port everything I can find to use it. Add a migration to port the asset_logs table to action_logs. * Allow accepted_id to be nullable. * Comment out the thread_id migration, because it b0rks on a new database with the move. I'm unsure if the thread_id does anything...It doesn't seem to be used * Clean up all old methods from Actionlog model. Port everything to use new cleaner interface. * Port the actionlog factory to fix travis. * Adjust code to work on php5. Also fix lurking adminlog call. * Remove weird code * Port the pave command. Also fix dangling adminlog
2016-09-06 19:39:42 -07:00
$logaction->item_id = $asset->id;
$logaction->item_type = Asset::class;
$logaction->target_id = $asset->assigned_to;
$logaction->target_type = User::class;
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$logaction->user_id = Auth::user()->id;
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
$logaction->note = 'Bulk checkin asset and delete user';
$logaction->logaction('checkin from');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
Asset::whereIn('id', $asset_array)->update(
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
array(
'status_id' => e(Input::get('status_id')),
'assigned_to' => null,
)
);
}
foreach ($accessories as $accessory) {
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
$accessory_array[] = $accessory->accessory_id;
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Update the asset log
$logaction = new Actionlog();
Actionlog Class: Improvements and polymorphism (#2561) * Save progress * Create a new action_log table to replace asset_log. Use Polymorphism to generalize class and targets. Port everything I can find to use it. Add a migration to port the asset_logs table to action_logs. * Allow accepted_id to be nullable. * Comment out the thread_id migration, because it b0rks on a new database with the move. I'm unsure if the thread_id does anything...It doesn't seem to be used * Clean up all old methods from Actionlog model. Port everything to use new cleaner interface. * Port the actionlog factory to fix travis. * Adjust code to work on php5. Also fix lurking adminlog call. * Remove weird code * Port the pave command. Also fix dangling adminlog
2016-09-06 19:39:42 -07:00
$logaction->item_id = $accessory->id;
$logaction->item_type = Accessory::class;
$logaction->target_id = $accessory->assigned_to;
$logaction->target_type = User::class;
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$logaction->user_id = Auth::user()->id;
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
$logaction->note = 'Bulk checkin accessory and delete user';
$logaction->logaction('checkin from');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
}
foreach ($licenses as $license) {
$license_array[] = $license->id;
// Update the asset log
$logaction = new Actionlog();
Actionlog Class: Improvements and polymorphism (#2561) * Save progress * Create a new action_log table to replace asset_log. Use Polymorphism to generalize class and targets. Port everything I can find to use it. Add a migration to port the asset_logs table to action_logs. * Allow accepted_id to be nullable. * Comment out the thread_id migration, because it b0rks on a new database with the move. I'm unsure if the thread_id does anything...It doesn't seem to be used * Clean up all old methods from Actionlog model. Port everything to use new cleaner interface. * Port the actionlog factory to fix travis. * Adjust code to work on php5. Also fix lurking adminlog call. * Remove weird code * Port the pave command. Also fix dangling adminlog
2016-09-06 19:39:42 -07:00
$logaction->item_id = $license->id;
$logaction->item_type = License::class;
$logaction->target_id = $license->assigned_to;
Add reply-to config setting
2016-09-20 07:20:10 -07:00
$logaction->target_type = User::class;
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
$logaction->user_id = Auth::user()->id;
$logaction->note = 'Bulk checkin license and delete user';
$logaction->logaction('checkin from');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
Moved group sync
2016-06-15 11:51:10 -07:00
Formatting fixes for coding standards
2016-06-22 12:27:41 -07:00
LicenseSeat::whereIn('id', $license_array)->update(['assigned_to' => null]);
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
foreach ($users as $user) {
$user->accessories()->sync(array());
$user->delete();
}
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('success', 'Your selected users have been deleted and their assets have been updated.');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
} else {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', 'Bulk delete is not enabled in this installation');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
}
}
/**
* Restore a deleted user
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $id
* @return Redirect
*/
public function getRestore($id = null)
{
Fixed restore again. For some reason, $user->restore() isn't working? WTF.
2016-04-21 20:52:32 -07:00
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Get user information
Formatting fixes for coding standards
2016-06-22 12:27:41 -07:00
if (!$user = User::onlyTrashed()->find($id)) {
return redirect()->route('users')->with('error', trans('admin/users/messages.user_not_found'));
}
Check for accessories
2016-04-21 21:01:45 -07:00
Formatting fixes for coding standards
2016-06-22 12:27:41 -07:00
if (!Company::isCurrentUserHasAccess($user)) {
return redirect()->route('users')->with('error', trans('general.insufficient_permissions'));
} else {
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
Formatting fixes for coding standards
2016-06-22 12:27:41 -07:00
// Restore the user
if (User::withTrashed()->where('id', $id)->restore()) {
return redirect()->route('users')->with('success', trans('admin/users/message.success.restored'));
} else {
return redirect()->route('users')->with('error', 'User could not be restored.');
Fixed restore again. For some reason, $user->restore() isn't working? WTF.
2016-04-21 20:52:32 -07:00
}
Formatting fixes for coding standards
2016-06-22 12:27:41 -07:00
}
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
/**
* Return a view with user detail
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $userId
* @return View
*/
public function getView($userId = null)
{
$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($userId);
Actionlog Class: Improvements and polymorphism (#2561) * Save progress * Create a new action_log table to replace asset_log. Use Polymorphism to generalize class and targets. Port everything I can find to use it. Add a migration to port the asset_logs table to action_logs. * Allow accepted_id to be nullable. * Comment out the thread_id migration, because it b0rks on a new database with the move. I'm unsure if the thread_id does anything...It doesn't seem to be used * Clean up all old methods from Actionlog model. Port everything to use new cleaner interface. * Port the actionlog factory to fix travis. * Adjust code to work on php5. Also fix lurking adminlog call. * Remove weird code * Port the pave command. Also fix dangling adminlog
2016-09-06 19:39:42 -07:00
$userlog = $user->userlog->load('item');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
if (isset($user->id)) {
if (!Company::isCurrentUserHasAccess($user)) {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', trans('general.insufficient_permissions'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
} else {
return View::make('users/view', compact('user', 'userlog'));
}
} else {
// Prepare the error message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$error = trans('admin/users/message.user_not_found', compact('id'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', $error);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
}
/**
* Unsuspend a user.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $id
* @return Redirect
*/
public function getUnsuspend($id = null)
{
try {
// Get user information
//$user = User::find($id);
// Check if we are not trying to unsuspend ourselves
if ($user->id === Auth::user()->id) {
// Prepare the error message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$error = trans('admin/users/message.error.unsuspend');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', $error);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
// Do we have permission to unsuspend this user?
Switched or and and to || and && for code quality
2016-07-10 20:55:44 -07:00
if ($user->isSuperUser() && !Auth::user()->isSuperUser()) {
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', 'Insufficient permissions!');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
// Prepare the success message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$success = trans('admin/users/message.success.unsuspend');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('success', $success);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
} catch (UserNotFoundException $e) {
// Prepare the error message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$error = trans('admin/users/message.user_not_found', compact('id'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', $error);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
}
/**
* Return a view containing a pre-populated new user form,
* populated with some fields from an existing user.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $id
* @return Redirect
*/
public function getClone($id = null)
{
// We need to reverse the UI specific logic for our
// permissions here before we update the user.
$permissions = Input::get('permissions', array());
//$this->decodePermissions($permissions);
app('request')->request->set('permissions', $permissions);
try {
// Get the user information
Fixed restore again. For some reason, $user->restore() isn't working? WTF.
2016-04-21 20:52:32 -07:00
$user_to_clone = User::withTrashed()->find($id);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$user = clone $user_to_clone;
$user->first_name = '';
$user->last_name = '';
$user->email = substr($user->email, ($pos = strpos($user->email, '@')) !== false ? $pos : 0);
;
$user->id = null;
// Get this user groups
Fixes groups for cloning users
2016-06-02 00:41:10 -07:00
$userGroups = $user_to_clone->groups()->lists('name', 'id');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Get a list of all the available groups
Fixes groups for cloning users
2016-06-02 00:41:10 -07:00
$groups = Group::pluck('name', 'id');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Get all the available permissions
$permissions = config('permissions');
Add a clone button the the user table. (#2241) Also preserve permissions when cloning a user, instead of nulling them by default.
2016-07-10 18:43:10 -07:00
$clonedPermissions = $user_to_clone->decodePermissions();
$userPermissions =Helper::selectedPermissionsArray($permissions, $clonedPermissions);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
//$this->encodeAllPermissions($permissions);
$location_list = Helper::locationsList();
$company_list = Helper::companyList();
Remove remaining DB::Raw(concat) calls to make things more sqlite friendly. This adds one new method to the Asset Model to return the formatted string that was used by the license and asset maintence controller. It also fixes a potential sqlite-only issue where '' and null are different.
2016-05-24 18:05:48 -07:00
$manager_list = Helper::managerList();
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Show the page
return View::make('users/edit', compact('groups', 'userGroups', 'permissions', 'userPermissions'))
->with('location_list', $location_list)
->with('company_list', $company_list)
->with('manager_list', $manager_list)
->with('user', $user)
Formatting fixes for coding standards
2016-06-22 12:27:41 -07:00
->with('groups', $groups)
->with('userGroups', $userGroups)
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
->with('clone_user', $user_to_clone);
} catch (UserNotFoundException $e) {
// Prepare the error message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$error = trans('admin/users/message.user_not_found', compact('id'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', $error);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
}
/**
* Return user import view
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @return View
*/
public function getImport()
{
// Get all the available groups
//$groups = Sentry::getGroupProvider()->findAll();
// Selected groups
$selectedGroups = Input::old('groups', array());
// Get all the available permissions
$permissions = config('permissions');
//$this->encodeAllPermissions($permissions);
// Selected permissions
$selectedPermissions = Input::old('permissions', array('superuser' => -1));
//$this->encodePermissions($selectedPermissions);
// Show the page
return View::make('users/import', compact('groups', 'selectedGroups', 'permissions', 'selectedPermissions'));
}
/**
* Handle user import file
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @return Redirect
*/
public function postImport()
{
if (!ini_get("auto_detect_line_endings")) {
ini_set("auto_detect_line_endings", '1');
}
$csv = Reader::createFromPath(Input::file('user_import_csv'));
$csv->setNewline("\r\n");
if (Input::get('has_headers') == 1) {
$csv->setOffset(1);
}
$duplicates = '';
$nbInsert = $csv->each(function ($row) use ($duplicates) {
if (array_key_exists(2, $row)) {
if (Input::get('activate') == 1) {
$activated = '1';
} else {
$activated = '0';
}
$pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 15);
// Location
if (array_key_exists('4', $row)) {
$user_location_id = trim($row[4]);
if ($user_location_id=='') {
$user_location_id = null;
}
}
try {
// Check if this email already exists in the system
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
$user = User::where('username', $row[2])->first();
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
if ($user) {
$duplicates .= $row[2] . ', ';
} else {
$newuser = array(
'first_name' => trim(e($row[0])),
'last_name' => trim(e($row[1])),
'username' => trim(e($row[2])),
'email' => trim(e($row[3])),
No need to update the user again
2016-06-13 11:30:47 -07:00
'password' => bcrypt($pass),
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
'activated' => $activated,
'location_id' => trim(e($user_location_id)),
'phone' => trim(e($row[5])),
'jobtitle' => trim(e($row[6])),
'employee_num' => trim(e($row[7])),
//'company_id' => Company::getIdForUser($row[8]),
'permissions' => '{"user":1}',
'notes' => 'Imported user'
);
No need to update the user again
2016-06-13 11:30:47 -07:00
//dd($newuser);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
DB::table('users')->insert($newuser);
if (((Input::get('email_user') == 1) && !config('app.lock_passwords'))) {
// Send the credentials through email
if ($row[3] != '') {
$data = array();
$data['username'] = trim(e($row[2]));
$data['first_name'] = trim(e($row[0]));
$data['password'] = $pass;
if ($newuser['email']) {
Mail::send('emails.send-login', $data, function ($m) use ($newuser) {
$m->to($newuser['email'], $newuser['first_name'] . ' ' . $newuser['last_name']);
Add reply-to config setting
2016-09-20 07:20:10 -07:00
$m->replyTo(config('mail.reply_to.address'), config('mail.reply_to.name'));
Translate emails (#2652) * commit temporal * final translation commit -- added email translations * final translation commit -- removed file for spanish translations * final translation commit -- removed file for spanish translations * added missing translations * method overrided and config files back to default * config files back to default * config files back to default
2016-09-26 14:13:07 -07:00
$m->subject(trans('mail.welcome', ['name' => $newuser['first_name']]));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
});
}
}
}
}
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
}
return true;
}
});
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('duplicates', $duplicates)->with('success', 'Success');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
/**
* Return JSON response with a list of user details for the getIndex() view.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.6]
* @see UsersController::getIndex() method that consumed this JSON response
* @return string JSON
*/
Fixes #2346
2016-07-28 08:39:28 -07:00
public function getDatatable(Request $request, $status = null)
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
{
if (Input::has('offset')) {
$offset = e(Input::get('offset'));
} else {
$offset = 0;
}
if (Input::has('limit')) {
$limit = e(Input::get('limit'));
} else {
$limit = 50;
}
if (Input::get('sort')=='name') {
$sort = 'first_name';
} else {
$sort = e(Input::get('sort'));
}
$users = User::select(array('users.id','users.employee_num','users.email','users.username','users.location_id','users.manager_id','users.first_name','users.last_name','users.created_at','users.notes','users.company_id', 'users.deleted_at','users.activated'))
Eager load throttle query
2016-08-02 01:23:53 -07:00
->with('assets', 'accessories', 'consumables', 'licenses', 'manager', 'groups', 'userloc', 'company','throttle');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$users = Company::scopeCompanyables($users);
switch ($status) {
case 'deleted':
$users = $users->withTrashed()->Deleted();
break;
}
if (Input::has('search')) {
$users = $users->TextSearch(Input::get('search'));
}
$order = Input::get('order') === 'asc' ? 'asc' : 'desc';
switch (Input::get('sort')) {
case 'manager':
$users = $users->OrderManager($order);
break;
case 'location':
$users = $users->OrderLocation($order);
break;
default:
$allowed_columns =
[
'last_name','first_name','email','username','employee_num',
Added sortable created_at to assets and users
2016-06-15 21:06:17 -07:00
'assets','accessories', 'consumables','licenses','groups','activated','created_at'
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
];
$sort = in_array($sort, $allowed_columns) ? $sort : 'first_name';
$users = $users->orderBy($sort, $order);
break;
}
$userCount = $users->count();
$users = $users->skip($offset)->take($limit)->get();
$rows = array();
foreach ($users as $user) {
$group_names = '';
$inout = '';
$actions = '<nobr>';
foreach ($user->groups as $group) {
$group_names .= '<a href="' . config('app.url') . '/admin/groups/' . $group->id . '/edit" class="label label-default">' . $group->name . '</a> ';
}
Fixes #2363 and #1097
2016-08-02 00:54:38 -07:00
if (!is_null($user->deleted_at)) {
if (Gate::allows('users.delete')) {
$actions .= '<a href="' . route('restore/user',
$user->id) . '" class="btn btn-warning btn-sm"><i class="fa fa-share icon-white"></i></a> ';
}
Fixes #2346
2016-07-28 08:39:28 -07:00
} else {
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
Fixes #2363 and #1097
2016-08-02 00:54:38 -07:00
if (Gate::allows('users.delete')) {
if ($user->accountStatus() == 'suspended') {
$actions .= '<a href="' . route('unsuspend/user',
$user->id) . '" class="btn btn-default btn-sm"><span class="fa fa-clock-o"></span></a> ';
}
Fixes #2346
2016-07-28 08:39:28 -07:00
}
Fixes #2363 and #1097
2016-08-02 00:54:38 -07:00
if (Gate::allows('users.edit')) {
$actions .= '<a href="' . route('update/user',
$user->id) . '" class="btn btn-warning btn-sm"><i class="fa fa-pencil icon-white"></i></a> ';
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
Fixes #2363 and #1097
2016-08-02 00:54:38 -07:00
$actions .= '<a href="' . route('clone/user',
$user->id) . '" class="btn btn-info btn-sm"><i class="fa fa-clone"></i></a>';
}
if (Gate::allows('users.delete')) {
if ((Auth::user()->id !== $user->id) && (!config('app.lock_passwords'))) {
$actions .= '<a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="' . route('delete/user',
$user->id) . '" data-content="Are you sure you wish to delete this user?" data-title="Delete ' . htmlspecialchars($user->first_name) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a> ';
} else {
$actions .= ' <span class="btn delete-asset btn-danger btn-sm disabled"><i class="fa fa-trash icon-white"></i></span>';
}
Fixes #2346
2016-07-28 08:39:28 -07:00
} else {
Fixes #2363 and #1097
2016-08-02 00:54:38 -07:00
$actions.='foo';
Fixes #2346
2016-07-28 08:39:28 -07:00
}
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
Fixes #2363 and #1097
2016-08-02 00:54:38 -07:00
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$actions .= '</nobr>';
$rows[] = array(
'id' => $user->id,
Fixed bulk delete+checkin for users
2016-05-12 21:01:31 -07:00
'checkbox' => ($status!='deleted') ? '<div class="text-center hidden-xs hidden-sm"><input type="checkbox" name="edit_user['.e($user->id).']" class="one_required"></div>' : '',
Escape data in datatables
2016-03-25 06:50:24 -07:00
'name' => '<a title="'.e($user->fullName()).'" href="../admin/users/'.e($user->id).'/view">'.e($user->fullName()).'</a>',
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
'email' => ($user->email!='') ?
Escape data in datatables
2016-03-25 06:50:24 -07:00
'<a href="mailto:'.e($user->email).'" class="hidden-md hidden-lg">'.e($user->email).'</a>'
.'<a href="mailto:'.e($user->email).'" class="hidden-xs hidden-sm"><i class="fa fa-envelope"></i></a>'
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
.'</span>' : '',
Escape data in datatables
2016-03-25 06:50:24 -07:00
'username' => e($user->username),
'location' => ($user->userloc) ? e($user->userloc->name) : '',
'manager' => ($user->manager) ? '<a title="' . e($user->manager->fullName()) . '" href="users/' . e($user->manager->id) . '/view">' . e($user->manager->fullName()) . '</a>' : '',
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
'assets' => $user->assets->count(),
Escape data in datatables
2016-03-25 06:50:24 -07:00
'employee_num' => e($user->employee_num),
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
'licenses' => $user->licenses->count(),
'accessories' => $user->accessories->count(),
'consumables' => $user->consumables->count(),
'groups' => $group_names,
Escape data in datatables
2016-03-25 06:50:24 -07:00
'notes' => e($user->notes),
Added sortable created_at to assets and users
2016-06-15 21:06:17 -07:00
'created_at' => ($user->created_at!='') ? e($user->created_at->format('F j, Y h:iA')) : '',
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
'activated' => ($user->activated=='1') ? '<i class="fa fa-check"></i>' : '<i class="fa fa-times"></i>',
'actions' => ($actions) ? $actions : '',
'companyName' => is_null($user->company) ? '' : e($user->company->name)
);
}
$data = array('total'=>$userCount, 'rows'=>$rows);
return $data;
}
/**
* Return JSON response with a list of user details for the getIndex() view.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.6]
* @param int $userId
* @return string JSON
*/
public function postUpload(AssetFileRequest $request, $userId = null)
{
$user = User::find($userId);
Additional doc blocks, added private_uploads path
2016-03-25 15:50:08 -07:00
$destinationPath = config('app.private_uploads') . '/users';
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
if (isset($user->id)) {
if (!Company::isCurrentUserHasAccess($user)) {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', trans('general.insufficient_permissions'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
foreach (Input::file('file') as $file) {
$extension = $file->getClientOriginalExtension();
$filename = 'user-' . $user->id . '-' . str_random(8);
$filename .= '-' . str_slug($file->getClientOriginalName()) . '.' . $extension;
$upload_success = $file->move($destinationPath, $filename);
//Log the deletion of seats to the log
$logaction = new Actionlog();
Actionlog Class: Improvements and polymorphism (#2561) * Save progress * Create a new action_log table to replace asset_log. Use Polymorphism to generalize class and targets. Port everything I can find to use it. Add a migration to port the asset_logs table to action_logs. * Allow accepted_id to be nullable. * Comment out the thread_id migration, because it b0rks on a new database with the move. I'm unsure if the thread_id does anything...It doesn't seem to be used * Clean up all old methods from Actionlog model. Port everything to use new cleaner interface. * Port the actionlog factory to fix travis. * Adjust code to work on php5. Also fix lurking adminlog call. * Remove weird code * Port the pave command. Also fix dangling adminlog
2016-09-06 19:39:42 -07:00
$logaction->item_id = $user->id;
$logaction->item_type = User::class;
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$logaction->user_id = Auth::user()->id;
$logaction->note = e(Input::get('notes'));
Actionlog Class: Improvements and polymorphism (#2561) * Save progress * Create a new action_log table to replace asset_log. Use Polymorphism to generalize class and targets. Port everything I can find to use it. Add a migration to port the asset_logs table to action_logs. * Allow accepted_id to be nullable. * Comment out the thread_id migration, because it b0rks on a new database with the move. I'm unsure if the thread_id does anything...It doesn't seem to be used * Clean up all old methods from Actionlog model. Port everything to use new cleaner interface. * Port the actionlog factory to fix travis. * Adjust code to work on php5. Also fix lurking adminlog call. * Remove weird code * Port the pave command. Also fix dangling adminlog
2016-09-06 19:39:42 -07:00
$logaction->target_id = null;
Fixes bug where 12-hour fprmat for hours was used
2016-09-26 22:35:51 -07:00
$logaction->created_at = date("Y-m-d H:i:s");
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$logaction->filename = $filename;
$logaction->action_type = 'uploaded';
$logaction->save();
}
return JsonResponse::create($logaction);
} else {
return JsonResponse::create(["error" => "Failed validation: ".print_r($logaction->getErrors(), true)], 500);
}
}
/**
* Delete file
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.6]
* @param int $userId
* @param int $fileId
* @return Redirect
*/
public function getDeleteFile($userId = null, $fileId = null)
{
$user = User::find($userId);
Additional doc blocks, added private_uploads path
2016-03-25 15:50:08 -07:00
$destinationPath = config('app.private_uploads').'/users';
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// the license is valid
if (isset($user->id)) {
if (!Company::isCurrentUserHasAccess($user)) {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', trans('general.insufficient_permissions'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
} else {
$log = Actionlog::find($fileId);
$full_filename = $destinationPath . '/' . $log->filename;
if (file_exists($full_filename)) {
unlink($destinationPath . '/' . $log->filename);
}
$log->delete();
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->back()->with('success', trans('admin/users/message.deletefile.success'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
} else {
// Prepare the error message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$error = trans('admin/users/message.does_not_exist', compact('id'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the licence management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', $error);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
}
/**
* Display/download the uploaded file
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.6]
* @param int $userId
* @param int $fileId
* @return mixed
*/
public function displayFile($userId = null, $fileId = null)
{
$user = User::find($userId);
// the license is valid
if (isset($user->id)) {
if (!Company::isCurrentUserHasAccess($user)) {
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', trans('general.insufficient_permissions'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
} else {
$log = Actionlog::find($fileId);
Pass users path to get_src
2016-07-28 05:49:41 -07:00
$file = $log->get_src('users');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
return Response::download($file);
}
} else {
// Prepare the error message
Updated to use 5.2 trans() instead of Lang::get for localization
2016-04-07 13:39:35 -07:00
$error = trans('admin/users/message.does_not_exist', compact('id'));
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
// Redirect to the licence management page
Use updated redirect() reference
2016-04-28 21:06:41 -07:00
return redirect()->route('users')->with('error', $error);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
}
/**
* Return view for LDAP import
*
* @author Aladin Alaily
* @since [v1.8]
* @return View
*/
Removed unused variables
2016-07-13 07:24:54 -07:00
public function getLDAP()
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
{
$location_list = Helper::locationsList();
Reworked LDAP login. Fixes #2218 LDAP no longer fails completely when the connection settings are wrong, or when app key is messed up. Rather than auth as the admin user and search, we auth as the user themselves. Admin auth is only for LDAP sync now. This should mean much fewer problems with donked LDAP settings and login.
2016-07-13 05:50:24 -07:00
try {
$ldapconn = Ldap::connectToLdap();
} catch (\Exception $e) {
return redirect()->route('users')->with('error',$e->getMessage());
}
try {
Ldap::bindAdminToLdap($ldapconn);
} catch (\Exception $e) {
return redirect()->route('users')->with('error',$e->getMessage());
}
return View::make('users/ldap')
->with('location_list', $location_list);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
/**
* Declare the rules for the ldap fields validation.
*
* @author Aladin Alaily
* @since [v1.8]
* @var array
* @deprecated 3.0
* @todo remove this method in favor of other validation
* @var array
*/
protected $ldapValidationRules = array(
'firstname' => 'required|string|min:2',
'employee_number' => 'string',
'username' => 'required|min:2|unique:users,username',
'email' => 'email|unique:users,email',
);
/**
* LDAP form processing.
*
* @author Aladin Alaily
* @since [v1.8]
* @return Redirect
*/
Ignore location field if no value is passed
2016-08-02 03:45:03 -07:00
public function postLDAP(Request $request)
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
{
Bump up memory for LDAP import of large number of users
2016-06-21 12:22:10 -07:00
ini_set('max_execution_time', 600); //600 seconds = 10 minutes
ini_set('memory_limit', '500M');
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$ldap_result_username = Setting::getSettings()->ldap_username_field;
$ldap_result_last_name = Setting::getSettings()->ldap_lname_field;
$ldap_result_first_name = Setting::getSettings()->ldap_fname_field;
$ldap_result_active_flag = Setting::getSettings()->ldap_active_flag_field;
$ldap_result_emp_num = Setting::getSettings()->ldap_emp_num;
$ldap_result_email = Setting::getSettings()->ldap_email;
Reworked LDAP login. Fixes #2218 LDAP no longer fails completely when the connection settings are wrong, or when app key is messed up. Rather than auth as the admin user and search, we auth as the user themselves. Admin auth is only for LDAP sync now. This should mean much fewer problems with donked LDAP settings and login.
2016-07-13 05:50:24 -07:00
try {
$ldapconn = Ldap::connectToLdap();
} catch (\Exception $e) {
return redirect()->back()->withInput()->with('error',$e->getMessage());
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
Reworked LDAP login. Fixes #2218 LDAP no longer fails completely when the connection settings are wrong, or when app key is messed up. Rather than auth as the admin user and search, we auth as the user themselves. Admin auth is only for LDAP sync now. This should mean much fewer problems with donked LDAP settings and login.
2016-07-13 05:50:24 -07:00
try {
Removed unused variables
2016-07-13 07:24:54 -07:00
Ldap::bindAdminToLdap($ldapconn);
Reworked LDAP login. Fixes #2218 LDAP no longer fails completely when the connection settings are wrong, or when app key is messed up. Rather than auth as the admin user and search, we auth as the user themselves. Admin auth is only for LDAP sync now. This should mean much fewer problems with donked LDAP settings and login.
2016-07-13 05:50:24 -07:00
} catch (\Exception $e) {
return redirect()->back()->withInput()->with('error',$e->getMessage());
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
$summary = array();
Reworked LDAP login. Fixes #2218 LDAP no longer fails completely when the connection settings are wrong, or when app key is messed up. Rather than auth as the admin user and search, we auth as the user themselves. Admin auth is only for LDAP sync now. This should mean much fewer problems with donked LDAP settings and login.
2016-07-13 05:50:24 -07:00
$results = Ldap::findLdapUsers();
Only bcrypt temp passwords once for performance
2016-07-25 22:10:33 -07:00
$tmp_pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 20);
$pass = bcrypt($tmp_pass);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
for ($i = 0; $i < $results["count"]; $i++) {
if (empty($ldap_result_active_flag) || $results[$i][$ldap_result_active_flag][0] == "TRUE") {
$item = array();
$item["username"] = isset($results[$i][$ldap_result_username][0]) ? $results[$i][$ldap_result_username][0] : "";
$item["employee_number"] = isset($results[$i][$ldap_result_emp_num][0]) ? $results[$i][$ldap_result_emp_num][0] : "";
$item["lastname"] = isset($results[$i][$ldap_result_last_name][0]) ? $results[$i][$ldap_result_last_name][0] : "";
$item["firstname"] = isset($results[$i][$ldap_result_first_name][0]) ? $results[$i][$ldap_result_first_name][0] : "";
$item["email"] = isset($results[$i][$ldap_result_email][0]) ? $results[$i][$ldap_result_email][0] : "" ;
Applied updates from PR for LDAP pagination
2016-03-25 01:38:10 -07:00
// User exists
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$item["createorupdate"] = 'updated';
Cleanup namespaces a bit
2016-03-25 19:26:22 -07:00
if (!$user = User::where('username', $item["username"])->first()) {
$user = new User;
Only bcrypt temp passwords once for performance
2016-07-25 22:10:33 -07:00
$user->password = $pass;
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$item["createorupdate"] = 'created';
}
// Create the user if they don't exist.
Only bcrypt temp passwords once for performance
2016-07-25 22:10:33 -07:00
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$user->first_name = e($item["firstname"]);
$user->last_name = e($item["lastname"]);
$user->username = e($item["username"]);
$user->email = e($item["email"]);
$user->employee_num = e($item["employee_number"]);
$user->activated = 1;
Better fix for location LDAP sync
2016-08-02 03:50:08 -07:00
if ($request->input('location_id')!='') {
Ignore location field if no value is passed
2016-08-02 03:45:03 -07:00
$user->location_id = e($request->input('location_id'));
}
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
$user->notes = 'Imported from LDAP';
$user->ldap_import = 1;
$errors = '';
if ($user->save()) {
$item["note"] = $item["createorupdate"];
$item["status"]='success';
} else {
foreach ($user->getErrors()->getMessages() as $key => $err) {
$errors .='<li>'.$err[0];
}
$item["note"] = $errors;
$item["status"]='error';
}
array_push($summary, $item);
}
}
Only bcrypt temp passwords once for performance
2016-07-25 22:10:33 -07:00
return redirect()->route('ldap/user')->with('success', "LDAP Import successful.")->with('summary', $summary);
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
}
/**
* Return JSON containing a list of assets assigned to a user.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v3.0]
* @return string JSON
*/
public function getAssetList($userId)
{
Removed commented code
2016-07-22 02:11:37 -07:00
$assets = Asset::where('assigned_to', '=', $userId)->with('model')->get();
Version 3 - hold onto your butts
2016-03-25 01:18:05 -07:00
return response()->json($assets);
}
}
Reference in a new issue Copy permalink