2017-01-12 19:40:20 -08:00
< ? php
namespace App\Http\Controllers\Api ;
2017-08-03 19:50:18 -07:00
use App\Helpers\Helper ;
2019-03-13 20:12:03 -07:00
use App\Http\Controllers\Controller ;
2017-08-22 20:32:39 -07:00
use App\Http\Requests\SaveUserRequest ;
2019-03-01 17:21:03 -08:00
use App\Http\Transformers\AccessoriesTransformer ;
2017-10-24 19:18:20 -07:00
use App\Http\Transformers\AssetsTransformer ;
2019-12-19 18:00:36 -08:00
use App\Http\Transformers\LicensesTransformer ;
2017-10-26 21:50:01 -07:00
use App\Http\Transformers\SelectlistTransformer ;
2019-03-13 20:12:03 -07:00
use App\Http\Transformers\UsersTransformer ;
use App\Models\Asset ;
use App\Models\Company ;
use App\Models\License ;
use App\Models\User ;
2020-03-06 15:28:46 -08:00
use Auth ;
2020-04-29 08:01:52 -07:00
use Illuminate\Http\Request ;
2021-06-29 02:29:17 -07:00
use App\Http\Requests\ImageUploadRequest ;
2020-04-29 08:01:52 -07:00
use Illuminate\Support\Facades\Storage ;
2017-01-12 19:40:20 -08:00
class UsersController extends Controller
{
/**
* Display a listing of the resource .
*
* @ author [ A . Gianotto ] [ < snipe @ snipe . net > ]
* @ since [ v4 . 0 ]
*
* @ return \Illuminate\Http\Response
*/
2017-01-13 04:50:20 -08:00
public function index ( Request $request )
2017-01-12 19:40:20 -08:00
{
2017-01-12 23:42:39 -08:00
$this -> authorize ( 'view' , User :: class );
2017-01-13 04:50:20 -08:00
$users = User :: select ([
2018-02-24 19:01:34 -08:00
'users.activated' ,
2017-10-30 18:57:00 -07:00
'users.address' ,
2018-02-24 19:01:34 -08:00
'users.avatar' ,
2017-10-30 18:57:00 -07:00
'users.city' ,
2018-02-24 19:01:34 -08:00
'users.company_id' ,
2017-10-30 18:57:00 -07:00
'users.country' ,
2017-01-13 04:50:20 -08:00
'users.created_at' ,
'users.deleted_at' ,
2017-05-23 02:46:55 -07:00
'users.department_id' ,
2018-02-24 19:01:34 -08:00
'users.email' ,
'users.employee_num' ,
'users.first_name' ,
'users.id' ,
'users.jobtitle' ,
'users.last_login' ,
'users.last_name' ,
2021-04-23 12:09:00 -07:00
'users.locale' ,
2018-02-24 19:01:34 -08:00
'users.location_id' ,
'users.manager_id' ,
'users.notes' ,
'users.permissions' ,
'users.phone' ,
'users.state' ,
'users.two_factor_enrolled' ,
2019-03-18 11:59:02 -07:00
'users.two_factor_optin' ,
2018-02-24 19:01:34 -08:00
'users.updated_at' ,
'users.username' ,
'users.zip' ,
2020-12-02 11:01:05 -08:00
'users.ldap_import' ,
2017-10-24 09:51:07 -07:00
2021-06-10 13:15:52 -07:00
]) -> with ( 'manager' , 'groups' , 'userloc' , 'company' , 'department' , 'assets' , 'licenses' , 'accessories' , 'consumables' )
-> withCount ( 'assets as assets_count' , 'licenses as licenses_count' , 'accessories as accessories_count' , 'consumables as consumables_count' );
2017-01-13 04:50:20 -08:00
$users = Company :: scopeCompanyables ( $users );
2021-06-10 13:15:52 -07:00
if (( $request -> filled ( 'deleted' )) && ( $request -> input ( 'deleted' ) == 'true' )) {
2020-10-26 14:55:18 -07:00
$users = $users -> onlyTrashed ();
2021-06-10 13:15:52 -07:00
} elseif (( $request -> filled ( 'all' )) && ( $request -> input ( 'all' ) == 'true' )) {
2020-10-26 14:58:45 -07:00
$users = $users -> withTrashed ();
2017-09-06 17:11:43 -07:00
}
2019-05-23 17:39:50 -07:00
if ( $request -> filled ( 'company_id' )) {
2017-12-11 22:50:55 -08:00
$users = $users -> where ( 'users.company_id' , '=' , $request -> input ( 'company_id' ));
2017-06-12 17:39:03 -07:00
}
2019-05-23 17:39:50 -07:00
if ( $request -> filled ( 'location_id' )) {
2017-12-11 22:50:55 -08:00
$users = $users -> where ( 'users.location_id' , '=' , $request -> input ( 'location_id' ));
2017-02-08 08:48:41 -08:00
}
2018-02-24 19:01:34 -08:00
Squashed commit of the following:
commit e321aeabaed580f8de6ee309b377654620f117be
Merge: 8ec99ff43 37568ae9e
Author: snipe <snipe@snipe.net>
Date: Mon Aug 31 12:14:44 2020 -0700
Merge branch 'master' into integrations/2020-08-31-v5-rc
# Conflicts:
# .all-contributorsrc
# .nvmrc
# README.md
# app/Console/Commands/LdapSync.php
# app/Http/Controllers/Api/ConsumablesController.php
# app/Http/Controllers/Api/ImportController.php
# app/Http/Controllers/Assets/AssetsController.php
# app/Http/Controllers/Auth/LoginController.php
# app/Http/Controllers/CustomFieldsetsController.php
# app/Http/Controllers/LicensesController.php
# app/Http/Controllers/UsersController.php
# app/Importer/import_mappings.md
# app/Models/Ldap.php
# app/Models/Loggable.php
# composer.json
# composer.lock
# config/version.php
# public/css/build/all.css
# public/css/dist/all.css
# public/css/skins/skin-contrast.css
# public/css/skins/skin-contrast.css.map
# public/js/build/all.js
# public/js/build/vue.js
# public/js/build/vue.js.map
# public/js/dist/all.js
# public/mix-manifest.json
# resources/assets/js/components/importer/importer-file.vue
# resources/assets/less/overrides.less
# resources/macros/macros.php
# resources/views/custom_fields/fieldsets/view.blade.php
# resources/views/hardware/edit.blade.php
# resources/views/hardware/labels.blade.php
# resources/views/hardware/view.blade.php
# resources/views/layouts/default.blade.php
# resources/views/modals/model.blade.php
# resources/views/modals/user.blade.php
# resources/views/users/index.blade.php
# routes/api.php
# routes/web/fields.php
# tests/unit/UserTest.php
commit 37568ae9ec021789d910de91bdef5f64e517451a
Merge: 01a832169 32ad9050c
Author: snipe <snipe@snipe.net>
Date: Tue Aug 25 20:49:37 2020 -0700
Merge pull request #8365 from snipe/fixes/8338_google_maps_CSP
Fixed #8338 - Added google maps to CSP
commit 32ad9050cff8a9bfc89e5a832a9bbf1ad03dadd3
Author: snipe <snipe@snipe.net>
Date: Tue Aug 25 20:48:53 2020 -0700
Added google maps to CSP
commit 01a832169c7572960340e743e569fe9ffdc3f996
Merge: bcad49ce7 3c6883489
Author: snipe <snipe@snipe.net>
Date: Tue Aug 25 20:38:31 2020 -0700
Merge pull request #8364 from snipe/fixes/8335_assigned_to_null_on_status_assetlist
Fixed #8335 - added assignedTo scope on status labels API call for assetlist
commit 3c6883489c030df8d90e2f18cab3ad96121205e5
Author: snipe <snipe@snipe.net>
Date: Tue Aug 25 20:37:30 2020 -0700
Added assignedTo scope
commit bcad49ce79ad7aab99bec8b273a78bb531c48ef0
Author: snipe <snipe@snipe.net>
Date: Fri Aug 14 16:10:22 2020 -0700
Try to better handle slack “too many requests” issue
commit b5acca89d72a43f42fb81a4bf06e8b7c3da0b93b
Author: snipe <snipe@snipe.net>
Date: Fri Aug 14 16:02:15 2020 -0700
Check for admin for slack notifications
commit e52919cf1b17871c6bf294cfb1a9be59f6033289
Merge: 714576be4 29f3a5c48
Author: snipe <snipe@snipe.net>
Date: Fri Aug 14 15:35:15 2020 -0700
Merge pull request #8327 from snipe/features/checkin_license_from_all_users
Checkin license from all users cli tool
commit 29f3a5c48f9b9fc4fcfb19cc6eebb1ce1e0e5a91
Author: snipe <snipe@snipe.net>
Date: Fri Aug 14 15:27:40 2020 -0700
Use more verbose annotation for Auth::user if/else
commit 134e8e6fb9958e71b8fa960de53c041324bd9e1c
Author: snipe <snipe@snipe.net>
Date: Fri Aug 14 15:25:07 2020 -0700
Moved user email nulling until after the save
commit 714576be45dabe9a2b23d3090ec0c72ab8ec28da
Merge: b999c50a2 512899294
Author: Brady Wetherington <bwetherington@grokability.com>
Date: Fri Aug 14 15:24:03 2020 -0700
Merge pull request #8328 from snipe/fix_deprecation_report
Fix deprecation report for customers with many active assets
commit 5128992940b8565e5e87a2a917d3bcde8e21b711
Author: Brady Wetherington <uberbrady@gmail.com>
Date: Fri Aug 14 15:03:03 2020 -0700
Fix deprecation report for customers with many active assets
commit 02913235020d242e959f274fec588d9ebf8e39fa
Author: snipe <snipe@snipe.net>
Date: Fri Aug 14 14:57:58 2020 -0700
Use the user as the target
commit e0f6f9b83972ef9fde79dbc342555580a0574591
Author: snipe <snipe@snipe.net>
Date: Fri Aug 14 14:43:37 2020 -0700
Artisan command to check in licenses from all users
commit f1a6308002caa865fe1a9b17b91d34fbfdd94a75
Author: snipe <snipe@snipe.net>
Date: Fri Aug 14 14:43:07 2020 -0700
Check for Auth::user before trying to log id (for cli)
commit b999c50a2eef14bdf44be8e4359f794194170d2d
Merge: 9ca20e496 e3906b245
Author: snipe <snipe@snipe.net>
Date: Wed Aug 12 12:37:47 2020 -0700
Merge pull request #8316 from Godmartinz/bug/ch15028/missing-or-incorrect-error-message-translation
Looks great, thank you!
commit e3906b245c9b85eca723bffa88b9af28f290e0fe
Author: Godfrey M <godmartinz@gmail.com>
Date: Wed Aug 12 12:27:18 2020 -0700
added translation for admin/licenses/message.not_found
commit 9ca20e4964e57621af8f6b2e790e0d68b69b1afb
Merge: e0644dbbf 456a74d88
Author: Brady Wetherington <bwetherington@grokability.com>
Date: Tue Aug 11 17:33:19 2020 -0700
Merge pull request #8313 from snipe/improve_ldap_search_error_reporting
Improve ldap search error reporting
commit 456a74d88c1b1f14828aaf63e5122eb8b6831755
Author: Brady Wetherington <uberbrady@gmail.com>
Date: Tue Aug 11 16:41:20 2020 -0700
De-merge out incorrectly merged files. Whoops!
commit 799c059070eff849c81550423d16344748522bc7
Author: Brady Wetherington <uberbrady@gmail.com>
Date: Tue Aug 11 16:21:18 2020 -0700
Add internationalized version of LDAP error message
commit c62d43a77831dd798054b95e7ad9e72210f6accf
Author: Brady Wetherington <uberbrady@gmail.com>
Date: Mon Aug 10 17:04:17 2020 -0700
Improve Exception management in Artisan LDAP Sync method. Still need to localize this better
commit b725bd0fae2b062d81a460283aa07b2186a99197
Author: Brady Wetherington <uberbrady@gmail.com>
Date: Mon Aug 10 17:23:04 2020 -0700
Add @PeterUpfold as a contributor
commit e0644dbbf6b5601b6712ca16877b481799e9652c
Merge: 5b6925b00 004ecad05
Author: Brady Wetherington <bwetherington@grokability.com>
Date: Mon Aug 10 17:22:31 2020 -0700
Merge pull request #8105 from PeterUpfold/PeterUpfold-7661workaround
Propose workaround for #7661 — suppress E_DEPRECATED on ldap_control_paged_result()
commit 5b6925b00c04b1abdea0235d04dda32c89215201
Author: snipe <snipe@snipe.net>
Date: Tue Aug 4 21:00:37 2020 -0700
Removed debugging :(
commit df17a859bfab8876d3e849c42692e01bdfdbd886
Author: snipe <snipe@snipe.net>
Date: Tue Aug 4 20:59:54 2020 -0700
Changed modal IDs so manager creation modal works on user creation main page
commit 24c43056ba9e738334eb2310db7c9920d9ab0613
Author: snipe <snipe@snipe.net>
Date: Tue Aug 4 20:58:28 2020 -0700
Moved pGenerator script to default layout footer
This fixes an issue where the password generator wouldn’t load in a modal in Chrome
commit 606b7e905df1918336cef64984e54207ca6a7644
Author: snipe <snipe@snipe.net>
Date: Fri Jul 31 17:02:33 2020 -0700
Small edits to PR template
Slight text changes to ask specifics about versions
commit d73ddad477cb9c675f15fbd54bdb1486bf8f14fc
Author: snipe <snipe@snipe.net>
Date: Fri Jul 31 16:59:26 2020 -0700
Created a PR template
First draft of the PR guidelines template
commit 9a39cf721e82aa25623e41eeb280d7bed3b3c178
Merge: 7410b1683 8994f3e15
Author: snipe <snipe@snipe.net>
Date: Fri Jul 31 12:18:49 2020 -0700
Merge pull request #8258 from ballertv/features/consumable-api
This looks great, thank you!
commit 7410b16835bab1563bf2b7baaddb55377083a3a0
Merge: e955c983a b09e7d19b
Author: Brady Wetherington <bwetherington@grokability.com>
Date: Fri Jul 24 16:22:44 2020 -0700
Merge pull request #8270 from snipe/improve_ad_useraccountcontrol_v4
Add new useraccountcontrol value for valid AD users
commit 8994f3e15e9fef5d1ec9c44764b424fa7edf9448
Author: andres <andresgutierrez535@gmail.com>
Date: Wed Jul 22 19:57:06 2020 -0400
cleanup
commit d23f1a77cac396a3a4962c5993cf1bdbfcf52a29
Author: andres <andresgutierrez535@gmail.com>
Date: Wed Jul 22 18:46:02 2020 -0400
implement checkout API
commit e955c983a3a9bd7793cf9a5f63b6e2c56d53d63f
Merge: 2fa17ac18 eed41e454
Author: snipe <snipe@snipe.net>
Date: Wed Jul 22 13:43:29 2020 -0700
Merge pull request #8250 from snipe/features/adds_addr_city_state_to_importer
Added address, city, state and country to importer and city to bulk editor
commit b09e7d19b3bc424d5960de9f5ffd272b2f19c272
Author: Brady Wetherington <uberbrady@gmail.com>
Date: Wed Jul 22 13:32:16 2020 -0700
Add new useraccountcontrol value for valid AD users; document algorithm and values
commit 2fa17ac18557969f5627953f6d041610207656a6
Merge: b90515437 3b1e46f72
Author: snipe <snipe@snipe.net>
Date: Wed Jul 22 12:06:31 2020 -0700
Merge pull request #8254 from Godmartinz/gmartinez_adds_email_formats
Added firstinitial.lastname, lastname_firstinitial, firstnamelastname…
commit 3b1e46f72b81bd27e5ba0783c88f9d0d0038d611
Author: Godfrey Martinez <47435081+Godmartinz@users.noreply.github.com>
Date: Wed Jul 22 11:25:57 2020 -0700
Update general.php
commit 0c1a1de2a21dfd3639e3d2d2df995c3452c15a11
Author: Godfrey Martinez <47435081+Godmartinz@users.noreply.github.com>
Date: Wed Jul 22 11:24:36 2020 -0700
Update general.php
fixed typo
commit 20c9ae5818ae22846bf2149f261e7f70cc8a7c71
Author: Godfrey M <godmartinz@gmail.com>
Date: Wed Jul 22 10:21:19 2020 -0700
Added firstinitial.lastname, lastname_firstinitial, firstnamelastname and firstnamelastinitial to username formats
commit eed41e454962bb6e9e6cbcf79cb4aed292ac2bbf
Author: snipe <snipe@snipe.net>
Date: Tue Jul 21 16:57:32 2020 -0700
Moved address down further, fixed broken HTML
commit b750f4754f5f4245c0f490f6b6832b4c10615f27
Author: snipe <snipe@snipe.net>
Date: Tue Jul 21 16:49:54 2020 -0700
Added city to bulk user importer
commit c17a06792a76ee11215bd576f2df9732416b3e9d
Author: snipe <snipe@snipe.net>
Date: Tue Jul 21 16:49:38 2020 -0700
Added address, city, state, country to user importer
commit 4f76cc6cfbad1eeded1981e8569e915ca37b87d9
Author: snipe <snipe@snipe.net>
Date: Tue Jul 21 16:46:13 2020 -0700
I don’t actually know what this file is for
commit b905154373bcf0b1ef64d57bb95f184557caba37
Author: snipe <snipe@snipe.net>
Date: Mon Jul 20 14:29:32 2020 -0700
Fixed #8247 - added notes field to user details display
commit daf748e531324215bfd746b406407fee7476d0ab
Author: snipe <snipe@snipe.net>
Date: Fri Jul 17 12:32:01 2020 -0700
Bumped hash
commit 799a93c46a198a8235bbce1527ea7bf4929129c2
Author: snipe <snipe@snipe.net>
Date: Fri Jul 17 12:11:32 2020 -0700
Allow for email/username search on users
commit 34aa12e229fef497b355a492b5ef2c003337786b
Merge: 81a633288 897757bd0
Author: snipe <snipe@snipe.net>
Date: Thu Jul 16 17:44:13 2020 -0700
Merge pull request #8239 from snipe/fixes/api_rtd_to_location_on_create
Set location_id to rtd_location_id on asset creation
commit 897757bd0461cefd2e82aba344d416ed6843c49c
Author: snipe <snipe@snipe.net>
Date: Thu Jul 16 17:43:44 2020 -0700
Removed added line for location
commit c7125c39375b101f852930536dabcc079f2d5e88
Author: snipe <snipe@snipe.net>
Date: Thu Jul 16 16:34:39 2020 -0700
Set location_id to rtd_location_id on asset creation
commit 81a6332889e9e4684ee65a669bc2b3bc1a3ced50
Author: snipe <snipe@snipe.net>
Date: Tue Jul 14 13:55:38 2020 -0700
Removed license ID from seats table cookie info
This typically wouldn’t be necessary, since most people would want to view the same *types* of data across licenses
commit 6e563f6e4bfd9f8b52c8c8d39a60b466e64ba654
Merge: 5320f5c67 7f69ae953
Author: snipe <snipe@snipe.net>
Date: Mon Jul 13 21:16:54 2020 -0700
Merge branch 'master' of https://github.com/snipe/snipe-it
commit 5320f5c67ce7dbf4605cc5b7fd7be8773c8ee157
Author: snipe <snipe@snipe.net>
Date: Mon Jul 13 21:16:45 2020 -0700
Disallow non-super users from editing their own permissions
commit 7f69ae953b7990107bd0db3de16621e5238136e9
Merge: c79f8c1ba 17f6fbabf
Author: snipe <snipe@snipe.net>
Date: Mon Jul 13 21:16:00 2020 -0700
Merge pull request #8227 from snipe/fix_select2_ajax_pulldowns
Changes how we do AJAX calls via Select2 for dynamic drop-down menus
commit 17f6fbabfaa15f203a6accecf6a7b83c35d56ef8
Author: Brady Wetherington <uberbrady@gmail.com>
Date: Mon Jul 13 21:12:03 2020 -0700
Switch to 'items' to maintain compatbility with other internal API's
commit c79f8c1baf920f41d43827094691275eec529448
Merge: 12c92e30b 536401fe0
Author: snipe <snipe@snipe.net>
Date: Mon Jul 13 17:42:16 2020 -0700
Merge pull request #8207 from EDVLeer/patch-1
Update snipeit.sh
commit e7a820f7c91c14280f96e0e58f9921f73cf88c43
Author: Brady Wetherington <uberbrady@gmail.com>
Date: Mon Jul 13 17:14:31 2020 -0700
Changes how we do AJAX calls via Select2 for dynamic drop-down menus
commit 12c92e30b7a20ecd0e45b5a052b43c81dd35cc97
Author: snipe <snipe@snipe.net>
Date: Fri Jul 10 16:21:27 2020 -0700
Show whether or not the user was imported via LDAP in the view page
commit fd10b755b0241e354a265454c13965228a265a85
Author: snipe <snipe@snipe.net>
Date: Fri Jul 10 11:30:01 2020 -0700
Removed the sr-only tag in table headers
It was breaking Bootstrap Tables column selector :(
commit dbbb7680d9d92ab42ffcca825fd93ff6cc3e5f89
Author: snipe <snipe@snipe.net>
Date: Thu Jul 9 21:12:50 2020 -0700
A few more fixes for the cli
Do not check out a piece of software if it’s already been checked out to the user
commit cf0dd5bbadef3689dd9110d96e7d060ddb5fc827
Author: snipe <snipe@snipe.net>
Date: Thu Jul 9 20:43:13 2020 -0700
Small fixes for cli tool
commit 25e53d8c7f4ba1d5977bb5fbc5265ac9c8c543d9
Merge: ec6ed256f 89d433b41
Author: snipe <snipe@snipe.net>
Date: Thu Jul 9 20:27:01 2020 -0700
Merge pull request #8216 from snipe/features/checkout_license_to_all_users
Added CLI tool to checkout license to all users
commit 89d433b41aa0de862cb60142c8d6ef80f339a958
Author: snipe <snipe@snipe.net>
Date: Thu Jul 9 20:26:02 2020 -0700
Removed duplicate seat call
commit e2570ada6f158dfc9acead583a0b2fa7fae17ca6
Author: snipe <snipe@snipe.net>
Date: Thu Jul 9 20:04:05 2020 -0700
CLI tool to checkout a license to ALL users
commit 45afe725a1f039dddd87537e16470963684f0711
Author: snipe <snipe@snipe.net>
Date: Thu Jul 9 20:03:47 2020 -0700
Only try to get the company if there is an auth’d user
(Needed for command line tools, where no Auth::user() is present)
commit 536401fe0ff97cd6a8077cef993bfe755ed46851
Author: EDVLeer <32170051+EDVLeer@users.noreply.github.com>
Date: Tue Jul 7 08:21:36 2020 +0200
Update snipeit.sh
Ubuntu 20.04
commit ec6ed256fbc7740f76ee22867b6fe2008ff7873e
Author: snipe <snipe@snipe.net>
Date: Mon Jul 6 18:45:43 2020 -0700
Bumped minor version
commit 2aaa7bed2d4fad6e8f7b101ecdae1f46ab8a00c2
Merge: 339bdddc3 cc9f1577a
Author: snipe <snipe@snipe.net>
Date: Thu Jun 25 18:37:41 2020 -0700
Merge pull request #8183 from snipe/features/merge_users
Added merge utility
commit cc9f1577a47708a6e11dffeab4797982be243cfa
Author: snipe <snipe@snipe.net>
Date: Thu Jun 25 17:43:53 2020 -0700
Removed unused use directives
commit ab1fe8be0c72522273c468dfd5551553d9f92665
Author: snipe <snipe@snipe.net>
Date: Thu Jun 25 17:42:39 2020 -0700
Added merge utility
commit 339bdddc384aa655fa186dc36e02cc587487d4af
Author: snipe <snipe@snipe.net>
Date: Thu Jun 25 11:00:33 2020 -0700
Fix for Vue js not loading due to CSP :(
commit 35b9cf4b703b9ced785daec1d35973ca266cdc49
Author: snipe <snipe@snipe.net>
Date: Tue Jun 23 02:41:59 2020 -0700
Fixed missing db prefix on scopeDueOrOverdueForAudit
commit 7ccb41371e0efc46d51abc790f49a9fb73e9b8bc
Author: snipe <snipe@snipe.net>
Date: Tue Jun 23 01:09:39 2020 -0700
Removed unoptimized images directive
securityheaders.com is claiming it’s onrecognized, even though I got that directive from their site, so… whatever. ¯\_(ツ)_/¯
commit 2e60a457bf45640a0563a2bc4b66e02b0d226271
Author: snipe <snipe@snipe.net>
Date: Tue Jun 23 01:07:00 2020 -0700
Dumb fix for feature-policy being dumb.
commit 2390d2160bff7b4b340696fa527b1bc871bddff1
Merge: b42801f6a 00b051b8c
Author: snipe <snipe@snipe.net>
Date: Tue Jun 23 00:27:47 2020 -0700
Merge pull request #8164 from snipe/features/additional_security_headers
Additional security headers
commit 00b051b8c7f1af5218a11f2b33fcab37934bd894
Author: snipe <snipe@snipe.net>
Date: Tue Jun 23 00:26:09 2020 -0700
Added a few more comments
commit 05b3a9ad7e72cc71b09ed8ef2e87db19fa3700ee
Author: snipe <snipe@snipe.net>
Date: Mon Jun 22 23:17:27 2020 -0700
Config variable for HSTS
commit 4fb880384fd455bd59a3b91c4244c392d7198c48
Author: snipe <snipe@snipe.net>
Date: Mon Jun 22 22:37:14 2020 -0700
Changed comment
commit 43042ad8412d8d89a9b09e47e5da8b276c9655f2
Author: snipe <snipe@snipe.net>
Date: Mon Jun 22 22:35:59 2020 -0700
Consolidated ReferrerPolicy into new SecurityHeaders file
commit a716382ac43d0a58b96604a3ec15e389b7ae97c2
Author: snipe <snipe@snipe.net>
Date: Mon Jun 22 22:33:37 2020 -0700
Removed CSP middleware (it’s added in the general header)
commit 36c8f7f4f116666c63ae7bc0d12e15f77a8fd6bc
Author: snipe <snipe@snipe.net>
Date: Mon Jun 22 22:31:01 2020 -0700
Additional security headers
commit b42801f6ae635e843d9e062b4119d86fb3d05fc6
Merge: de4934f21 946129f20
Author: snipe <snipe@snipe.net>
Date: Mon Jun 22 20:47:35 2020 -0700
Merge pull request #8163 from snipe/fixes/fix-for-css-on-column-selector
Fixed weird padlock display in asset listing with encrypted custom fields
commit 946129f20614e65bbbecbbda70cfba81b89d0937
Author: snipe <snipe@snipe.net>
Date: Mon Jun 22 20:45:20 2020 -0700
Made quote style consistent
commit b941ef1e08f84f40f503db6ebe67d0e8dca9c74a
Author: snipe <snipe@snipe.net>
Date: Mon Jun 22 20:41:40 2020 -0700
Pulled CSS font awesome styles out of the blade and into overrides.css
commit d1aa11ec89347fb2c139d751719c4459c2448321
Author: snipe <snipe@snipe.net>
Date: Mon Jun 22 20:29:19 2020 -0700
Fix for weird padlock display in asset listing with encrypted custom fields
commit de4934f21d34a628e57992fc6a59813f42c55d90
Merge: af06e4205 b10076b01
Author: snipe <snipe@snipe.net>
Date: Mon Jun 22 17:28:38 2020 -0700
Merge pull request #8162 from Godmartinz/godfreymartinez-ghi-font-size-of-qr_text
Fixed #8161 and #8114 - font-size for labels used static values in blade instead of using values from settings
commit b10076b015ac0034fded62548135aaff3f1b2a0a
Author: Godfrey M <godmartinz@gmail.com>
Date: Mon Jun 22 17:04:39 2020 -0700
corrected an error where font-size for labels were static in settings.
commit af06e4205627b29f583b2e2e770fd2913fce5e46
Author: snipe <snipe@snipe.net>
Date: Wed Jun 17 11:17:25 2020 -0700
Bumped version
commit 9a2440dc4b98a9c12b38a04504875c7c196a510c
Merge: beae8efb2 2ac1c1636
Author: snipe <snipe@snipe.net>
Date: Tue Jun 16 20:20:07 2020 -0700
Merge pull request #8141 from snipe/fixes/better_handling_when_license_is_invalid
Better handle the logic to determine if we should display the license checkout blade [ch13792]
commit 2ac1c1636c672db59d601bd5c73d4a8023533ec9
Author: snipe <snipe@snipe.net>
Date: Tue Jun 16 16:12:57 2020 -0700
Better handle the logic to determine if we should display the license checkout blade
commit 004ecad059d636cc5be62aa5f112e3c4f9762326
Author: Peter Upfold <pgithub@upfold.org.uk>
Date: Wed Jun 3 08:59:50 2020 +0100
Force suppress deprecation warning on ldap_control_paged_result()
commit beae8efb21c2675b3da4308a87d911c534e70361
Merge: d14ab7e3e 9839e5e56
Author: snipe <snipe@snipe.net>
Date: Wed May 27 23:01:33 2020 -0700
Merge pull request #8088 from Godmartinz/Label_Woes
Barcode resizing and text adjustment
commit 9839e5e566f51f85abe6860dfc8377042834c89b
Author: Godfrey M <godmartinz@gmail.com>
Date: Wed May 27 12:27:40 2020 -0700
adjusted for all label text, removed local variable
commit d14ab7e3e1bf09c931ad148fdb6b65ee5a3dc7b8
Author: snipe <snipe@snipe.net>
Date: Wed May 27 00:22:44 2020 -0700
Porting change from #8053 to master
Signed-off-by: snipe <snipe@snipe.net>
commit e7f74d94c179730f8b8502da5e2c1c90fa8ec594
Author: Godfrey M <godmartinz@gmail.com>
Date: Tue May 26 17:22:45 2020 -0700
Label_Woes
commit e97cf011b65df9e66826c26464fed7bf4001917a
Author: Godfrey M <godmartinz@gmail.com>
Date: Tue May 26 17:15:39 2020 -0700
Label_Woes
commit ed23505054cd1bdf2ef695b6b010e025382f38da
Author: Godfrey M <godmartinz@gmail.com>
Date: Tue May 26 17:10:45 2020 -0700
Label_Woes
commit 001e721530c41fd8ad8e925cecdef2eb8c96ab4c
Merge: f88683766 8210da6e8
Author: snipe <snipe@snipe.net>
Date: Wed May 20 10:21:52 2020 -0700
Merge pull request #8063 from dmeltzer/backport-8092
BACKPORT: Fix Missing Category selection in Asset Model Modal dialog - [ch14635]
commit 8210da6e82018afab07197abe591a7666a56af21
Author: Daniel Meltzer <dmeltzer.devel@gmail.com>
Date: Wed May 20 10:29:27 2020 -0400
Fix Missing Category selection in Asset Model Modal dialog.
A select html tag needs a full closing tag. is not valid. This was causing the select2 js to barf and eat additional information.
commit f88683766b1c7e9636aebe2fc952e6f036d3882c
Author: snipe <snipe@snipe.net>
Date: Thu May 14 00:55:47 2020 -0700
Roll back previous change
Signed-off-by: snipe <snipe@snipe.net>
commit e4385c0f8c584061670a1f98b13bbe90a124ac05
Author: snipe <snipe@snipe.net>
Date: Thu May 14 00:48:30 2020 -0700
Fixes #8051 regression
Signed-off-by: snipe <snipe@snipe.net>
commit 0550fe0ffa4e5569bd7ca28354ca282ca2ef2825
Author: snipe <snipe@snipe.net>
Date: Tue May 12 10:31:54 2020 -0700
Fix for session fixation vulnerability
Signed-off-by: snipe <snipe@snipe.net>
commit 7fb3a9b82c09b3aab65bf2b00f76efc66356155e
Merge: 9a2ed804c ecb1e87fe
Author: snipe <snipe@snipe.net>
Date: Mon May 11 22:41:36 2020 -0700
Merge pull request #8043 from snipe/features/backup-optional-in-import-and-ldap
Added option to disable backup in import
commit ecb1e87fe6e7ab67900936a0f158670cc4c21c56
Author: snipe <snipe@snipe.net>
Date: Mon May 11 20:45:15 2020 -0700
Updated assets
Signed-off-by: snipe <snipe@snipe.net>
commit f43df5f04147ded31cc625ef92f87127993e94b3
Author: snipe <snipe@snipe.net>
Date: Mon May 11 20:44:46 2020 -0700
Fixed form label
Signed-off-by: snipe <snipe@snipe.net>
commit 95cc48e422e54b373d3a88d20d15d7536a323dce
Author: snipe <snipe@snipe.net>
Date: Mon May 11 20:41:10 2020 -0700
Added option to disable backup in import
Signed-off-by: snipe <snipe@snipe.net>
commit 9a2ed804ca9f71a9705da604a2c721ceeb9a5567
Author: snipe <snipe@snipe.net>
Date: Mon May 11 20:28:42 2020 -0700
Fixed mismatched HTML header tags
Signed-off-by: snipe <snipe@snipe.net>
commit d20fad28e5e807c7577d9bd0e5146e5607affa33
Author: snipe <snipe@snipe.net>
Date: Mon May 11 20:28:24 2020 -0700
Use more modern request helper
Signed-off-by: snipe <snipe@snipe.net>
commit ae813ddf75b21c45420016033c667ee35a9fc52b
Author: snipe <snipe@snipe.net>
Date: Mon May 11 18:11:16 2020 -0700
Add @alek13 as a contributor
commit bb42109c0c76b6709f39190ae4a1daa55865d306
Author: snipe <snipe@snipe.net>
Date: Mon May 11 18:10:45 2020 -0700
Added a clarifying comment
Signed-off-by: snipe <snipe@snipe.net>
commit f46ecf8ec0c1723e2e04036357c74644c30d4cb7
Author: snipe <snipe@snipe.net>
Date: Mon May 11 18:07:20 2020 -0700
Updated composer lock
Signed-off-by: snipe <snipe@snipe.net>
commit b9e821c0e65e0745064b42aa6cccf9627c5df3e6
Author: snipe <snipe@snipe.net>
Date: Mon May 11 18:07:14 2020 -0700
Small fix for Group Functional Tests
Signed-off-by: snipe <snipe@snipe.net>
commit 9ee28c7513616018f8ff0b8f5b167469e19070eb
Author: snipe <snipe@snipe.net>
Date: Mon May 11 18:07:02 2020 -0700
Switched to use info instead of danger on undeployable statuses
Signed-off-by: snipe <snipe@snipe.net>
commit 1a8ba06702727b1de870d05df53443270b35b8b7
Merge: 0fd232e70 ee4d69b1c
Author: snipe <snipe@snipe.net>
Date: Mon May 11 17:53:32 2020 -0700
Merge branch 'master' of https://github.com/snipe/snipe-it
commit 0fd232e70d2be9ce845a73745ac98800bcfef9e2
Author: snipe <snipe@snipe.net>
Date: Mon May 11 17:53:24 2020 -0700
Fixed group functional test
(We had changed the minimum to 2 instead of 3)
Signed-off-by: snipe <snipe@snipe.net>
commit ee4d69b1c59c6baf832574da9e9bbbe67248a4bc
Merge: 31c535094 d1ad11194
Author: snipe <snipe@snipe.net>
Date: Mon May 11 17:52:45 2020 -0700
Merge pull request #8041 from alek13/patch-1
use supported package for slack
commit d1ad11194936c51050d2e7a77d01c0daa1dde4fd
Author: Alexander Chibrikin <alek13.me@gmail.com>
Date: Mon May 11 20:31:13 2020 +0300
use supported package for slack
see https://github.com/maknz/slack/issues/94
commit 31c5350941c7330aed01652b0670b61f6660b15b
Author: snipe <snipe@snipe.net>
Date: Fri May 1 01:05:48 2020 -0700
Fixed incorrect route for groups edit
Signed-off-by: snipe <snipe@snipe.net>
commit 7eb70e17e0b4d0f1ed1fe3ed7fbff1728eb077fb
Merge: 5bb4f271a 3dfcb4699
Author: snipe <snipe@snipe.net>
Date: Fri Apr 24 04:50:37 2020 -0700
Merge pull request #7993 from snipe/fixes/7989_column_selector
Fixed #7989 - Converted table heading icons in People to CSS glyphs
commit 3dfcb469910456b3213e00c5cd2f839d25dbf2c7
Author: snipe <snipe@snipe.net>
Date: Fri Apr 24 04:41:08 2020 -0700
Minor formatting changes
Signed-off-by: snipe <snipe@snipe.net>
commit 96eb96f964c40b798d5ceed25eff2bbef4f0bc51
Author: snipe <snipe@snipe.net>
Date: Fri Apr 24 04:27:00 2020 -0700
Removed stray val (typo)
Signed-off-by: snipe <snipe@snipe.net>
commit a2f08bd3baa6fb23633ceb58e5408b125b0f0029
Author: snipe <snipe@snipe.net>
Date: Fri Apr 24 04:08:54 2020 -0700
Added comments
Signed-off-by: snipe <snipe@snipe.net>
commit e009fbe59f39a717a4ad7bea5027d39cb5323225
Author: snipe <snipe@snipe.net>
Date: Fri Apr 24 04:04:53 2020 -0700
Converted table heading icons in People to CSS glyphs
Signed-off-by: snipe <snipe@snipe.net>
commit 5bb4f271aaa42a0c211d25e06a500a76c5a224f4
Author: snipe <snipe@snipe.net>
Date: Fri Apr 24 00:47:19 2020 -0700
Fixed #7987 - allow toggle of required/optional in custom fields/fieldsets
Signed-off-by: snipe <snipe@snipe.net>
2020-08-31 12:17:19 -07:00
if ( $request -> filled ( 'email' )) {
$users = $users -> where ( 'users.email' , '=' , $request -> input ( 'email' ));
}
if ( $request -> filled ( 'username' )) {
$users = $users -> where ( 'users.username' , '=' , $request -> input ( 'username' ));
}
2019-05-23 17:39:50 -07:00
if ( $request -> filled ( 'group_id' )) {
2017-10-24 04:39:47 -07:00
$users = $users -> ByGroup ( $request -> get ( 'group_id' ));
2017-10-17 21:43:57 -07:00
}
2017-02-08 08:48:41 -08:00
2019-05-23 17:39:50 -07:00
if ( $request -> filled ( 'department_id' )) {
2021-06-10 13:15:52 -07:00
$users = $users -> where ( 'users.department_id' , '=' , $request -> input ( 'department_id' ));
2017-05-23 01:09:03 -07:00
}
2019-05-23 17:39:50 -07:00
if ( $request -> filled ( 'search' )) {
2018-01-11 15:17:34 -08:00
$users = $users -> TextSearch ( $request -> input ( 'search' ));
}
2017-01-13 04:50:20 -08:00
$order = $request -> input ( 'order' ) === 'asc' ? 'asc' : 'desc' ;
2019-02-14 14:49:08 -08:00
$offset = (( $users ) && ( request ( 'offset' ) > $users -> count ())) ? 0 : request ( 'offset' , 0 );
2020-02-04 12:32:24 -08:00
// Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
// case we override with the actual count, so we should return 0 items.
$offset = (( $users ) && ( $request -> get ( 'offset' ) > $users -> count ())) ? $users -> count () : $request -> get ( 'offset' , 0 );
2019-09-03 14:02:08 -07:00
// Check to make sure the limit is not higher than the max allowed
2019-09-03 20:28:49 -07:00
(( config ( 'app.max_results' ) >= $request -> input ( 'limit' )) && ( $request -> filled ( 'limit' ))) ? $limit = $request -> input ( 'limit' ) : $limit = config ( 'app.max_results' );
2019-09-03 14:02:08 -07:00
2017-01-13 04:50:20 -08:00
switch ( $request -> input ( 'sort' )) {
case 'manager' :
$users = $users -> OrderManager ( $order );
break ;
case 'location' :
$users = $users -> OrderLocation ( $order );
break ;
2017-05-23 02:46:55 -07:00
case 'department' :
$users = $users -> OrderDepartment ( $order );
break ;
2019-05-24 13:37:20 -07:00
case 'company' :
$users = $users -> OrderCompany ( $order );
break ;
2017-01-13 04:50:20 -08:00
default :
$allowed_columns =
[
2021-06-10 13:15:52 -07:00
'last_name' , 'first_name' , 'email' , 'jobtitle' , 'username' , 'employee_num' ,
'assets' , 'accessories' , 'consumables' , 'licenses' , 'groups' , 'activated' , 'created_at' ,
'two_factor_enrolled' , 'two_factor_optin' , 'last_login' , 'assets_count' , 'licenses_count' ,
2017-10-30 18:57:00 -07:00
'consumables_count' , 'accessories_count' , 'phone' , 'address' , 'city' , 'state' ,
2021-06-10 13:15:52 -07:00
'country' , 'zip' , 'id' , 'ldap_import' ,
2017-01-13 04:50:20 -08:00
];
$sort = in_array ( $request -> get ( 'sort' ), $allowed_columns ) ? $request -> get ( 'sort' ) : 'first_name' ;
$users = $users -> orderBy ( $sort , $order );
break ;
}
2018-01-11 15:17:34 -08:00
2017-05-23 14:30:07 -07:00
$total = $users -> count ();
2017-01-13 04:50:20 -08:00
$users = $users -> skip ( $offset ) -> take ( $limit ) -> get ();
2021-06-10 13:15:52 -07:00
2017-05-23 14:30:07 -07:00
return ( new UsersTransformer ) -> transformUsers ( $users , $total );
2017-01-12 19:40:20 -08:00
}
2017-10-24 19:24:35 -07:00
/**
2017-10-26 21:50:01 -07:00
* Gets a paginated collection for the select2 menus
2017-10-24 19:24:35 -07:00
*
* @ author [ A . Gianotto ] [ < snipe @ snipe . net > ]
2017-10-26 21:50:01 -07:00
* @ since [ v4 . 0.16 ]
* @ see \App\Http\Transformers\SelectlistTransformer
2017-10-24 19:24:35 -07:00
*/
public function selectlist ( Request $request )
{
$users = User :: select (
[
'users.id' ,
2018-01-19 23:47:37 -08:00
'users.username' ,
2017-10-24 19:24:35 -07:00
'users.employee_num' ,
'users.first_name' ,
'users.last_name' ,
'users.gravatar' ,
'users.avatar' ,
'users.email' ,
]
2018-07-18 03:59:02 -07:00
) -> where ( 'show_in_list' , '=' , '1' );
2017-10-24 19:24:35 -07:00
$users = Company :: scopeCompanyables ( $users );
2019-05-23 17:39:50 -07:00
if ( $request -> filled ( 'search' )) {
2019-03-05 21:13:39 -08:00
$users = $users -> SimpleNameSearch ( $request -> get ( 'search' ))
2017-10-24 19:24:35 -07:00
-> orWhere ( 'username' , 'LIKE' , '%' . $request -> get ( 'search' ) . '%' )
2017-10-28 11:17:52 -07:00
-> orWhere ( 'employee_num' , 'LIKE' , '%' . $request -> get ( 'search' ) . '%' );
2017-10-24 19:24:35 -07:00
}
2017-10-28 11:17:52 -07:00
$users = $users -> orderBy ( 'last_name' , 'asc' ) -> orderBy ( 'first_name' , 'asc' );
2017-10-24 19:24:35 -07:00
$users = $users -> paginate ( 50 );
2017-10-26 21:50:01 -07:00
2017-10-24 19:24:35 -07:00
foreach ( $users as $user ) {
$name_str = '' ;
2021-06-10 13:15:52 -07:00
if ( $user -> last_name != '' ) {
2021-02-02 15:55:21 -08:00
$name_str .= $user -> last_name . ', ' ;
2017-10-24 19:24:35 -07:00
}
2021-02-02 15:55:21 -08:00
$name_str .= $user -> first_name ;
2017-10-24 19:24:35 -07:00
2021-06-10 13:15:52 -07:00
if ( $user -> username != '' ) {
2021-02-02 15:55:21 -08:00
$name_str .= ' (' . $user -> username . ')' ;
2018-01-19 23:47:37 -08:00
}
2021-06-10 13:15:52 -07:00
if ( $user -> employee_num != '' ) {
2021-02-02 15:55:21 -08:00
$name_str .= ' - #' . $user -> employee_num ;
2017-10-24 19:24:35 -07:00
}
2017-10-26 21:50:01 -07:00
$user -> use_text = $name_str ;
$user -> use_image = ( $user -> present () -> gravatar ) ? $user -> present () -> gravatar : null ;
2017-10-24 19:24:35 -07:00
}
2017-10-26 03:43:28 -07:00
2017-10-26 21:50:01 -07:00
return ( new SelectlistTransformer ) -> transformSelectlist ( $users );
2017-10-24 19:24:35 -07:00
}
2017-01-12 19:40:20 -08:00
/**
* Store a newly created resource in storage .
*
* @ author [ A . Gianotto ] [ < snipe @ snipe . net > ]
* @ since [ v4 . 0 ]
* @ param \Illuminate\Http\Request $request
* @ return \Illuminate\Http\Response
*/
2017-08-22 20:32:39 -07:00
public function store ( SaveUserRequest $request )
2017-01-12 19:40:20 -08:00
{
2018-07-12 18:28:02 -07:00
$this -> authorize ( 'create' , User :: class );
2017-08-03 19:50:18 -07:00
$user = new User ;
$user -> fill ( $request -> all ());
2018-04-20 14:02:52 -07:00
2020-03-06 15:28:46 -08:00
if ( $request -> has ( 'permissions' )) {
$permissions_array = $request -> input ( 'permissions' );
// Strip out the superuser permission if the API user isn't a superadmin
2021-06-10 13:15:52 -07:00
if ( ! Auth :: user () -> isSuperUser ()) {
2020-03-06 15:28:46 -08:00
unset ( $permissions_array [ 'superuser' ]);
}
2021-06-10 13:15:52 -07:00
$user -> permissions = $permissions_array ;
2020-03-06 15:28:46 -08:00
}
2021-06-10 13:15:52 -07:00
$tmp_pass = substr ( str_shuffle ( '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' ), 0 , 20 );
2018-04-20 14:02:52 -07:00
$user -> password = bcrypt ( $request -> get ( 'password' , $tmp_pass ));
2017-08-03 19:50:18 -07:00
2021-06-29 02:29:17 -07:00
app ( 'App\Http\Requests\ImageUploadRequest' ) -> handleImages ( $user , 600 , 'image' , 'avatars' , 'avatar' );
2017-08-03 19:50:18 -07:00
if ( $user -> save ()) {
2019-05-23 17:39:50 -07:00
if ( $request -> filled ( 'groups' )) {
2018-09-07 18:25:58 -07:00
$user -> groups () -> sync ( $request -> input ( 'groups' ));
} else {
2021-06-10 13:15:52 -07:00
$user -> groups () -> sync ([]);
2018-09-07 18:25:58 -07:00
}
2021-06-10 13:15:52 -07:00
2017-10-24 19:17:30 -07:00
return response () -> json ( Helper :: formatStandardApiResponse ( 'success' , ( new UsersTransformer ) -> transformUser ( $user ), trans ( 'admin/users/message.success.create' )));
2017-08-03 19:50:18 -07:00
}
2021-06-10 13:15:52 -07:00
2017-08-03 19:50:18 -07:00
return response () -> json ( Helper :: formatStandardApiResponse ( 'error' , null , $user -> getErrors ()));
2017-01-12 19:40:20 -08:00
}
/**
* Display the specified resource .
*
* @ author [ A . Gianotto ] [ < snipe @ snipe . net > ]
* @ param int $id
* @ return \Illuminate\Http\Response
*/
public function show ( $id )
{
2017-01-12 23:42:39 -08:00
$this -> authorize ( 'view' , User :: class );
2021-06-10 13:15:52 -07:00
$user = User :: withCount ( 'assets as assets_count' , 'licenses as licenses_count' , 'accessories as accessories_count' , 'consumables as consumables_count' ) -> findOrFail ( $id );
2017-01-12 23:42:39 -08:00
return ( new UsersTransformer ) -> transformUser ( $user );
2017-01-12 19:40:20 -08:00
}
/**
* Update the specified resource in storage .
*
* @ author [ A . Gianotto ] [ < snipe @ snipe . net > ]
* @ since [ v4 . 0 ]
* @ param \Illuminate\Http\Request $request
* @ param int $id
* @ return \Illuminate\Http\Response
*/
2017-08-22 20:32:39 -07:00
public function update ( SaveUserRequest $request , $id )
2017-01-12 19:40:20 -08:00
{
2018-07-12 18:28:02 -07:00
$this -> authorize ( 'update' , User :: class );
2017-08-03 19:50:18 -07:00
$user = User :: findOrFail ( $id );
2019-02-04 19:13:55 -08:00
// This is a janky hack to prevent people from changing admin demo user data on the public demo.
// The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
// Thanks, jerks. You are why we can't have nice things. - snipe
if ((( $id == 1 ) || ( $id == 2 )) && ( config ( 'app.lock_passwords' ))) {
return response () -> json ( Helper :: formatStandardApiResponse ( 'error' , null , 'Permission denied. You cannot update user information via API on the demo.' ));
}
2017-08-03 19:50:18 -07:00
$user -> fill ( $request -> all ());
2021-06-29 02:29:17 -07:00
2017-11-03 12:48:00 -07:00
if ( $user -> id == $request -> input ( 'manager_id' )) {
return response () -> json ( Helper :: formatStandardApiResponse ( 'error' , null , 'You cannot be your own manager' ));
}
2019-05-23 17:39:50 -07:00
if ( $request -> filled ( 'password' )) {
2017-08-08 14:41:58 -07:00
$user -> password = bcrypt ( $request -> input ( 'password' ));
}
2020-03-06 15:28:46 -08:00
// We need to use has() instead of filled()
// here because we need to overwrite permissions
// if someone needs to null them out
if ( $request -> has ( 'permissions' )) {
$permissions_array = $request -> input ( 'permissions' );
// Strip out the superuser permission if the API user isn't a superadmin
2021-06-10 13:15:52 -07:00
if ( ! Auth :: user () -> isSuperUser ()) {
2020-03-06 15:28:46 -08:00
unset ( $permissions_array [ 'superuser' ]);
}
2021-06-10 13:15:52 -07:00
$user -> permissions = $permissions_array ;
2020-03-06 15:28:46 -08:00
}
2017-10-30 19:33:52 -07:00
// Update the location of any assets checked out to this user
Asset :: where ( 'assigned_type' , User :: class )
-> where ( 'assigned_to' , $user -> id ) -> update ([ 'location_id' => $request -> input ( 'location_id' , null )]);
2017-08-08 14:41:58 -07:00
2021-06-29 02:29:17 -07:00
app ( 'App\Http\Requests\ImageUploadRequest' ) -> handleImages ( $user , 600 , 'image' , 'avatars' , 'avatar' );
2017-08-03 19:50:18 -07:00
if ( $user -> save ()) {
2019-05-15 16:39:34 -07:00
2019-07-15 15:27:02 -07:00
// Sync group memberships:
// This was changed in Snipe-IT v4.6.x to 4.7, since we upgraded to Laravel 5.5
// which changes the behavior of has vs filled.
// The $request->has method will now return true even if the input value is an empty string or null.
// A new $request->filled method has was added that provides the previous behavior of the has method.
// Check if the request has groups passed and has a value
2019-05-23 17:39:50 -07:00
if ( $request -> filled ( 'groups' )) {
2019-05-15 16:39:34 -07:00
$user -> groups () -> sync ( $request -> input ( 'groups' ));
2019-07-15 15:31:09 -07:00
// The groups field has been passed but it is null, so we should blank it out
2021-06-10 13:15:52 -07:00
} elseif ( $request -> has ( 'groups' )) {
$user -> groups () -> sync ([]);
2019-05-15 16:39:34 -07:00
}
2017-08-03 19:50:18 -07:00
return response () -> json ( Helper :: formatStandardApiResponse ( 'success' , ( new UsersTransformer ) -> transformUser ( $user ), trans ( 'admin/users/message.success.update' )));
}
return response () -> json ( Helper :: formatStandardApiResponse ( 'error' , null , $user -> getErrors ()));
2017-01-12 19:40:20 -08:00
}
/**
* Remove the specified resource from storage .
*
* @ author [ A . Gianotto ] [ < snipe @ snipe . net > ]
* @ since [ v4 . 0 ]
* @ param int $id
* @ return \Illuminate\Http\Response
*/
public function destroy ( $id )
{
2017-08-03 19:50:18 -07:00
$this -> authorize ( 'delete' , User :: class );
$user = User :: findOrFail ( $id );
$this -> authorize ( 'delete' , $user );
2019-07-17 17:51:13 -07:00
if (( $user -> assets ) && ( $user -> assets -> count () > 0 )) {
2021-06-10 13:15:52 -07:00
return response () -> json ( Helper :: formatStandardApiResponse ( 'error' , null , trans ( 'admin/users/message.error.delete_has_assets' )));
2017-08-03 19:50:18 -07:00
}
2019-07-17 17:51:13 -07:00
if (( $user -> licenses ) && ( $user -> licenses -> count () > 0 )) {
2021-06-10 13:15:52 -07:00
return response () -> json ( Helper :: formatStandardApiResponse ( 'error' , null , 'This user still has ' . $user -> licenses -> count () . ' license(s) associated with them and cannot be deleted.' ));
2019-07-17 17:51:13 -07:00
}
if (( $user -> accessories ) && ( $user -> accessories -> count () > 0 )) {
2021-06-10 13:15:52 -07:00
return response () -> json ( Helper :: formatStandardApiResponse ( 'error' , null , 'This user still has ' . $user -> accessories -> count () . ' accessories associated with them.' ));
2019-07-17 17:51:13 -07:00
}
if (( $user -> managedLocations ()) && ( $user -> managedLocations () -> count () > 0 )) {
2021-06-10 13:15:52 -07:00
return response () -> json ( Helper :: formatStandardApiResponse ( 'error' , null , 'This user still has ' . $user -> managedLocations () -> count () . ' locations that they manage.' ));
2019-07-17 17:51:13 -07:00
}
2017-08-03 19:50:18 -07:00
if ( $user -> delete ()) {
Integrations/develop into master (#7352)
* Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)
* Added upcoming audit report
TODO: Fid diff/threshold math
* Added route to list overdue / upcoming assets via API
* Controller/API methods for due/overdue audits
We could probably skip this and just handle it via view in the routes…
* Added query scopes for due and overdue audits
* Added audit due console command to kernel
* Added ability to pass audit specs to main API asset search method
* Added audit presenter
* Added bootstrap-tables presenter formatter to display an audit button
* Added gated sidenav items to left nav
* Added audit due/overdue blades
* Cleanup on audit due/overdue console command
* Added language strings for audit views
* Fixed :threshold placeholder
* Removed unused setting variable
* Fixed next audit date math
* Added scope for both overdue and upcoming
* Derp. Wrong version
* Bumped version
(I will release this version officially tomorrow)
* Leave the activated state for users alone in normal LDAP synchronisation. (#6988)
* Fixed #7003 - crash when warranty months or purchase date is null
* Fixed #6956 - viewKeys policy inconsistent (#7009)
* Fixed #6956 - Added additional gates show showing/hiding license keys
* Modified gate to allow user to see licenses if they can create or edit the license as well
* Added API middleware to API routes to enable throttling
TODO: Figure out how to make this costumizable without touching the code
* Import locations from CSV via command line (#7021)
* Added import locations command
* Small fixes to location importer
* Added country, LDAP OU
* Cleaned up comments, added more clarification to what the script does
* Added ability to update groups via API
Fixes [ch9139]
* Bumped version
* Fixed #6883 - remove escaping of fields on LDAP import
* Fixed #6880 - correctly encrypt encrypted fields via the API
* Fixes #5054: LDAP users deactivated for none-ad (#7032)
When using none-AD ldap, users are automatically deactivated every LDAP
sync. This commit changes the behaviour so that if the active flag isn't set,
the users are enabled.
Fixed #5054, at least for 4.X
* Updated packages
- Updating erusev/parsedown (v1.7.2 => 1.7.3): Downloading (100%)
- Updating squizlabs/php_codesniffer (3.4.1 => 3.4.2): Downloading (100%)
- Updating symfony/polyfill-mbstring (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/var-dumper (v3.4.23 => v3.4.27): Downloading (100%)
- Updating league/flysystem (1.0.50 => 1.0.51): Downloading (100%)
- Updating symfony/translation (v3.4.23 => v3.4.27): Downloading (100%)
- Updating nesbot/carbon (1.36.2 => 1.37.1): Downloading (100%)
- Updating symfony/debug (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/console (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/finder (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/polyfill-ctype (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/polyfill-php70 (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/http-foundation (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/event-dispatcher (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/http-kernel (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/process (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/routing (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/polyfill-util (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/polyfill-php56 (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/psr-http-message-bridge (v1.1.1 => v1.1.2): Downloading (failed)
Downloading (100%)
- Updating rollbar/rollbar (v1.7.5 => v1.8.1): Downloading (100%)
- Updating symfony/yaml (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/browser-kit (v3.4.23 => v3.4.27): Downloading (100%)
* Fixed #7044 - API update deleted custom fields if they are not re-presented
* Fixed XSS vulnerability when creating a new categories, etc via modal on create
Same fix as before, because of the weird select2 post-parsing ajax behavior
* Updated email strings
* Fixed #7046 - added user website url back into UI
* Updated language strings
* Bumped version
* Updated packages
* New backups config for spatie
* Removed debugbar service provider (autodiscovery)
* Use laravel v5.5 withCount manual aliases
* Added spatie language files
* Removed old laravel backups config
This config file was renamed in a newer version of spatie laravel-backup
* Set the serialization
* Added the command loader to console kernel
* Renamed fire() to handle()
* Updated withCount to use manual naming
* Updated backup path in backup admin
* Updated travis with new php versions
* Bumped laravel version in readme
* Fixed custom field edit screen
* Fixed baseUrl is undefined error
I literally cannot figure out how this ever worked before.
* Fix for included files in backup
* Bumped version
* Switch has() to filled()
* Change ->has() to ->filled()
* Removed cosole log
* Bumped packages
* Use getReader instead of fetchAssoc for CSV parser
https://csv.thephpleague.com/9.0/upgrading/
* Handle JSON validation errors like 5.4
* Handle JSON validation errors like 5.4
* Handle JSON validation errors like 5.4
* Trying to fix ajax asset validation
This I think gets us closer, but still not handling the validation on the asset properly.
When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:
```
Illuminate\Support\MessageBag Object
(
[messages:protected] => Array
(
[name] => Array
(
[0] => The name field is required.
)
[seats] => Array
(
[0] => The seats field is required.
)
[category_id] => Array
(
[0] => The category id field is required.
)
)
[format:protected] => :message
)
```
Currently the Assets ajax returns:
```
[2019-05-24 06:52:06] develop.ERROR: array (
'messages' =>
array (
'model_id' =>
array (
0 => 'The model id field is required.',
),
'status_id' =>
array (
0 => 'The status id field is required.',
),
'asset_tag' =>
array (
0 => 'The asset tag field is required.',
),
),
)
```
So not sure why it’s not working.
* Fixed missing asset validation
* Check that a model exists before trying to fiddle with fieldsets
* Tidied up license check
* Removed extra escaping on checkin
* Updated importer to work with newer CSV Reader::getRecords() method
* Fixed field mapping
* Small fix for reordering fields
Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151]
This needs revisiting for a more solid fix, especially for data that was already entered bad.
* Fixed bug where sorting by company name in Users API did not work
Fixes [ch9200]
* Removed custom fields from AssignedSearch to prevent confusing data in selectlist
Fixes [ch9193]
* Removed alert-danger from tests
* Fixed missed consumables_count withCount() statement
* Fixed Undefined variable user in $backto if checked out to a non-user
Fixes [ch9194]
* Check for valid model before attempting to access fieldsets
Fixes [ch1249]
* Only build the log upload destination path if there is a matching record
Fixes [ch1232]
* Fixed free_seats_count variable name
(I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables)
* Only gtry to delete the file if a record is found in the log
* Only try to get fieldset if model is valid
* Fixed more camel-casing -> snake-casing
* Only display the file if the log record can be found
* Fixed casing in sync command
* Updated README
* Derp - typo
* Added link to Atlassian plugin
* More Atlassian clarifications
* Show accessory image on view page
* Increased image size to 800px, added lightboxes
* Fixed #7083 - Removed user_exists constraint on department save
If the user has been deleted, this prevented the department from being successfully saved on edit
* Updated branch in version file
* Dockerfile update to bring us up to php v7.1 for Laravel 5.5 (#7084)
* bump up to php7.1
& change deprecated MAINTAINER to a LABEL so it is visible with `docker inspect`
* AND modapache ><
* 2 updates required to get software-properties+ppa
* Bumped version
* Bumped release again :(
* Missed one
* Fixed #7098 - updated backup config for deleteFile() method
* Fixed #7092 - handle weird port forwarding/port numbers for baseUrl
* Bumped version
* Fixed #7099 - set email to null by default for backup notifications
* Removed old comments
* Fixed #7100 - Check if $user isset on checkin
* Increased throttle to 120 requests per minute
* Added Filipino, corrected order for Spanish variations
* Update language strings
* Bumped hash
* Changed has to filled to fix bulk asset editing
* Bumped point version
* Small fixes for phpleague CSB reader v9
* Improved error checking in locations importer
* Fixed #7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility
* Reduce minimum group name length to 2 (from 3)
eg: IT
* Back in time fix FOR #7145 for new installs on MySQL 8+
* Fixed permission insert
//TODO
Handle this via model
* Possible fix for reporting/admin migration back in time
* Fixed #7164 - change table name to permission_groups
* Fixed LDAP password blanking on save
* fixing previous commit's actual wiping of password (#7183)
replaced Input::fille('ldap_pword') with _filled_. Should be good to go.
https://github.com/snipe/snipe-it/issues/7179
https://github.com/snipe/snipe-it/issues/7169
* Bumped version
* Downgrading rollbar for Laravel 5.5
* Spelling Correction (#7206)
Fixed Spelling for the word reqrite, to be rewrite.
* Fix #6910: Add logic to manipulate the eloquent query. (#7006)
* Added company_id to consumables_users table
* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users
* Remove a migration that tries to fix this problem, but is not longer necessary
* Addresses #7238 - add PWA code to layout
Needs additional UX testing
* Better log message for bad LDAP connection
* Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed
* Comment clarification on #7186
* Check for valid seat on hardware view
* Added space between footer and custom message
* Cap warranty months to three characters
Filles rollbar 209
* Cap warranty months to 3 on the frontend blade
* Fixed countable() strings on user destroy
* Check that the user has assets and that the aset model is valid
* Bumped hash
* Caps asset warranty to 20 years
* Command to fix custom field unicode conversion differences between PHP versions (#7263)
* Fixes #7252 form request changes (#7272)
* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests
* Removed debug info
* More fixes for #7252
This is mostly working as intended, if not yet the way Laravel wants us to do it.
Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.
* Removed experimental method
* Check for digits_between:0,240 for warranty
* Removed debug code
* Apply fix from PR #7273 to master
* Bumped hash
* Fixed #7250 - permission issue for API fieldsets and fields endpoints
This applies the change from #7294 to master
* Add @mskrip as a contributor
* Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name
* CORS for api (#7292)
* Added CORS support to API
* Changed order so CORS will still work if throttle hit
* Added APP_CORS_ALLOWED_ORIGINS env option
* Fixed typo
* Clarified header comments
* More clarification
* DIsable CORS allowed origins by default to replicate existing behavior
* Change variable name to be clearer
* Bumped version
* Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317)
* Added comments to the ByFilter query scope for clarity
* Added accessories checkout/checkin API endpoint
* Fixed CVE-2019-10742
https://nvd.nist.gov/vuln/detail/CVE-2019-10742
* Update README.md (#7334)
Add reference to CSV importer.
* Group related variables in .env
* History importer fixes
* Fixes to history importer
2019-08-14 21:48:14 -07:00
// Remove the user's avatar if they have one
if ( Storage :: disk ( 'public' ) -> exists ( 'avatars/' . $user -> avatar )) {
2021-06-10 13:15:52 -07:00
try {
Integrations/develop into master (#7352)
* Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)
* Added upcoming audit report
TODO: Fid diff/threshold math
* Added route to list overdue / upcoming assets via API
* Controller/API methods for due/overdue audits
We could probably skip this and just handle it via view in the routes…
* Added query scopes for due and overdue audits
* Added audit due console command to kernel
* Added ability to pass audit specs to main API asset search method
* Added audit presenter
* Added bootstrap-tables presenter formatter to display an audit button
* Added gated sidenav items to left nav
* Added audit due/overdue blades
* Cleanup on audit due/overdue console command
* Added language strings for audit views
* Fixed :threshold placeholder
* Removed unused setting variable
* Fixed next audit date math
* Added scope for both overdue and upcoming
* Derp. Wrong version
* Bumped version
(I will release this version officially tomorrow)
* Leave the activated state for users alone in normal LDAP synchronisation. (#6988)
* Fixed #7003 - crash when warranty months or purchase date is null
* Fixed #6956 - viewKeys policy inconsistent (#7009)
* Fixed #6956 - Added additional gates show showing/hiding license keys
* Modified gate to allow user to see licenses if they can create or edit the license as well
* Added API middleware to API routes to enable throttling
TODO: Figure out how to make this costumizable without touching the code
* Import locations from CSV via command line (#7021)
* Added import locations command
* Small fixes to location importer
* Added country, LDAP OU
* Cleaned up comments, added more clarification to what the script does
* Added ability to update groups via API
Fixes [ch9139]
* Bumped version
* Fixed #6883 - remove escaping of fields on LDAP import
* Fixed #6880 - correctly encrypt encrypted fields via the API
* Fixes #5054: LDAP users deactivated for none-ad (#7032)
When using none-AD ldap, users are automatically deactivated every LDAP
sync. This commit changes the behaviour so that if the active flag isn't set,
the users are enabled.
Fixed #5054, at least for 4.X
* Updated packages
- Updating erusev/parsedown (v1.7.2 => 1.7.3): Downloading (100%)
- Updating squizlabs/php_codesniffer (3.4.1 => 3.4.2): Downloading (100%)
- Updating symfony/polyfill-mbstring (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/var-dumper (v3.4.23 => v3.4.27): Downloading (100%)
- Updating league/flysystem (1.0.50 => 1.0.51): Downloading (100%)
- Updating symfony/translation (v3.4.23 => v3.4.27): Downloading (100%)
- Updating nesbot/carbon (1.36.2 => 1.37.1): Downloading (100%)
- Updating symfony/debug (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/console (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/finder (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/polyfill-ctype (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/polyfill-php70 (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/http-foundation (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/event-dispatcher (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/http-kernel (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/process (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/routing (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/polyfill-util (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/polyfill-php56 (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/psr-http-message-bridge (v1.1.1 => v1.1.2): Downloading (failed)
Downloading (100%)
- Updating rollbar/rollbar (v1.7.5 => v1.8.1): Downloading (100%)
- Updating symfony/yaml (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/browser-kit (v3.4.23 => v3.4.27): Downloading (100%)
* Fixed #7044 - API update deleted custom fields if they are not re-presented
* Fixed XSS vulnerability when creating a new categories, etc via modal on create
Same fix as before, because of the weird select2 post-parsing ajax behavior
* Updated email strings
* Fixed #7046 - added user website url back into UI
* Updated language strings
* Bumped version
* Updated packages
* New backups config for spatie
* Removed debugbar service provider (autodiscovery)
* Use laravel v5.5 withCount manual aliases
* Added spatie language files
* Removed old laravel backups config
This config file was renamed in a newer version of spatie laravel-backup
* Set the serialization
* Added the command loader to console kernel
* Renamed fire() to handle()
* Updated withCount to use manual naming
* Updated backup path in backup admin
* Updated travis with new php versions
* Bumped laravel version in readme
* Fixed custom field edit screen
* Fixed baseUrl is undefined error
I literally cannot figure out how this ever worked before.
* Fix for included files in backup
* Bumped version
* Switch has() to filled()
* Change ->has() to ->filled()
* Removed cosole log
* Bumped packages
* Use getReader instead of fetchAssoc for CSV parser
https://csv.thephpleague.com/9.0/upgrading/
* Handle JSON validation errors like 5.4
* Handle JSON validation errors like 5.4
* Handle JSON validation errors like 5.4
* Trying to fix ajax asset validation
This I think gets us closer, but still not handling the validation on the asset properly.
When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:
```
Illuminate\Support\MessageBag Object
(
[messages:protected] => Array
(
[name] => Array
(
[0] => The name field is required.
)
[seats] => Array
(
[0] => The seats field is required.
)
[category_id] => Array
(
[0] => The category id field is required.
)
)
[format:protected] => :message
)
```
Currently the Assets ajax returns:
```
[2019-05-24 06:52:06] develop.ERROR: array (
'messages' =>
array (
'model_id' =>
array (
0 => 'The model id field is required.',
),
'status_id' =>
array (
0 => 'The status id field is required.',
),
'asset_tag' =>
array (
0 => 'The asset tag field is required.',
),
),
)
```
So not sure why it’s not working.
* Fixed missing asset validation
* Check that a model exists before trying to fiddle with fieldsets
* Tidied up license check
* Removed extra escaping on checkin
* Updated importer to work with newer CSV Reader::getRecords() method
* Fixed field mapping
* Small fix for reordering fields
Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151]
This needs revisiting for a more solid fix, especially for data that was already entered bad.
* Fixed bug where sorting by company name in Users API did not work
Fixes [ch9200]
* Removed custom fields from AssignedSearch to prevent confusing data in selectlist
Fixes [ch9193]
* Removed alert-danger from tests
* Fixed missed consumables_count withCount() statement
* Fixed Undefined variable user in $backto if checked out to a non-user
Fixes [ch9194]
* Check for valid model before attempting to access fieldsets
Fixes [ch1249]
* Only build the log upload destination path if there is a matching record
Fixes [ch1232]
* Fixed free_seats_count variable name
(I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables)
* Only gtry to delete the file if a record is found in the log
* Only try to get fieldset if model is valid
* Fixed more camel-casing -> snake-casing
* Only display the file if the log record can be found
* Fixed casing in sync command
* Updated README
* Derp - typo
* Added link to Atlassian plugin
* More Atlassian clarifications
* Show accessory image on view page
* Increased image size to 800px, added lightboxes
* Fixed #7083 - Removed user_exists constraint on department save
If the user has been deleted, this prevented the department from being successfully saved on edit
* Updated branch in version file
* Dockerfile update to bring us up to php v7.1 for Laravel 5.5 (#7084)
* bump up to php7.1
& change deprecated MAINTAINER to a LABEL so it is visible with `docker inspect`
* AND modapache ><
* 2 updates required to get software-properties+ppa
* Bumped version
* Bumped release again :(
* Missed one
* Fixed #7098 - updated backup config for deleteFile() method
* Fixed #7092 - handle weird port forwarding/port numbers for baseUrl
* Bumped version
* Fixed #7099 - set email to null by default for backup notifications
* Removed old comments
* Fixed #7100 - Check if $user isset on checkin
* Increased throttle to 120 requests per minute
* Added Filipino, corrected order for Spanish variations
* Update language strings
* Bumped hash
* Changed has to filled to fix bulk asset editing
* Bumped point version
* Small fixes for phpleague CSB reader v9
* Improved error checking in locations importer
* Fixed #7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility
* Reduce minimum group name length to 2 (from 3)
eg: IT
* Back in time fix FOR #7145 for new installs on MySQL 8+
* Fixed permission insert
//TODO
Handle this via model
* Possible fix for reporting/admin migration back in time
* Fixed #7164 - change table name to permission_groups
* Fixed LDAP password blanking on save
* fixing previous commit's actual wiping of password (#7183)
replaced Input::fille('ldap_pword') with _filled_. Should be good to go.
https://github.com/snipe/snipe-it/issues/7179
https://github.com/snipe/snipe-it/issues/7169
* Bumped version
* Downgrading rollbar for Laravel 5.5
* Spelling Correction (#7206)
Fixed Spelling for the word reqrite, to be rewrite.
* Fix #6910: Add logic to manipulate the eloquent query. (#7006)
* Added company_id to consumables_users table
* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users
* Remove a migration that tries to fix this problem, but is not longer necessary
* Addresses #7238 - add PWA code to layout
Needs additional UX testing
* Better log message for bad LDAP connection
* Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed
* Comment clarification on #7186
* Check for valid seat on hardware view
* Added space between footer and custom message
* Cap warranty months to three characters
Filles rollbar 209
* Cap warranty months to 3 on the frontend blade
* Fixed countable() strings on user destroy
* Check that the user has assets and that the aset model is valid
* Bumped hash
* Caps asset warranty to 20 years
* Command to fix custom field unicode conversion differences between PHP versions (#7263)
* Fixes #7252 form request changes (#7272)
* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests
* Removed debug info
* More fixes for #7252
This is mostly working as intended, if not yet the way Laravel wants us to do it.
Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.
* Removed experimental method
* Check for digits_between:0,240 for warranty
* Removed debug code
* Apply fix from PR #7273 to master
* Bumped hash
* Fixed #7250 - permission issue for API fieldsets and fields endpoints
This applies the change from #7294 to master
* Add @mskrip as a contributor
* Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name
* CORS for api (#7292)
* Added CORS support to API
* Changed order so CORS will still work if throttle hit
* Added APP_CORS_ALLOWED_ORIGINS env option
* Fixed typo
* Clarified header comments
* More clarification
* DIsable CORS allowed origins by default to replicate existing behavior
* Change variable name to be clearer
* Bumped version
* Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317)
* Added comments to the ByFilter query scope for clarity
* Added accessories checkout/checkin API endpoint
* Fixed CVE-2019-10742
https://nvd.nist.gov/vuln/detail/CVE-2019-10742
* Update README.md (#7334)
Add reference to CSV importer.
* Group related variables in .env
* History importer fixes
* Fixes to history importer
2019-08-14 21:48:14 -07:00
Storage :: disk ( 'public' ) -> delete ( 'avatars/' . $user -> avatar );
} catch ( \Exception $e ) {
\Log :: debug ( $e );
2021-06-10 13:15:52 -07:00
}
2019-10-28 11:43:29 -07:00
}
2021-06-10 13:15:52 -07:00
return response () -> json ( Helper :: formatStandardApiResponse ( 'success' , null , trans ( 'admin/users/message.success.delete' )));
2017-08-03 19:50:18 -07:00
}
2021-06-10 13:15:52 -07:00
return response () -> json ( Helper :: formatStandardApiResponse ( 'error' , null , trans ( 'admin/users/message.error.delete' )));
2017-01-12 19:40:20 -08:00
}
2017-08-26 15:21:38 -07:00
/**
* Return JSON containing a list of assets assigned to a user .
*
* @ author [ A . Gianotto ] [ < snipe @ snipe . net > ]
* @ since [ v3 . 0 ]
* @ param $userId
* @ return string JSON
*/
public function assets ( $id )
{
$this -> authorize ( 'view' , User :: class );
2018-07-12 18:28:02 -07:00
$this -> authorize ( 'view' , Asset :: class );
2018-07-25 21:38:14 -07:00
$assets = Asset :: where ( 'assigned_to' , '=' , $id ) -> where ( 'assigned_type' , '=' , User :: class ) -> with ( 'model' ) -> get ();
2021-06-10 13:15:52 -07:00
2017-10-24 19:18:20 -07:00
return ( new AssetsTransformer ) -> transformAssets ( $assets , $assets -> count ());
2017-08-26 15:21:38 -07:00
}
2018-02-26 15:43:49 -08:00
2019-03-01 17:21:03 -08:00
/**
* Return JSON containing a list of accessories assigned to a user .
*
* @ author [ A . Gianotto ] [ < snipe @ snipe . net > ]
* @ since [ v4 . 6.14 ]
* @ param $userId
* @ return string JSON
*/
public function accessories ( $id )
{
$this -> authorize ( 'view' , User :: class );
$user = User :: findOrFail ( $id );
$this -> authorize ( 'view' , Accessory :: class );
$accessories = $user -> accessories ;
2021-06-10 13:15:52 -07:00
2019-03-01 17:21:03 -08:00
return ( new AccessoriesTransformer ) -> transformAccessories ( $accessories , $accessories -> count ());
}
2019-12-19 18:00:36 -08:00
/**
* Return JSON containing a list of licenses assigned to a user .
*
* @ author [ N . Mathar ] [ < snipe @ snipe . net > ]
* @ since [ v5 . 0 ]
* @ param $userId
* @ return string JSON
*/
public function licenses ( $id )
{
$this -> authorize ( 'view' , User :: class );
$this -> authorize ( 'view' , License :: class );
$user = User :: where ( 'id' , $id ) -> withTrashed () -> first ();
$licenses = $user -> licenses () -> get ();
2021-06-10 13:15:52 -07:00
2019-12-19 18:00:36 -08:00
return ( new LicensesTransformer ()) -> transformLicenses ( $licenses , $licenses -> count ());
}
2018-02-26 15:43:49 -08:00
/**
* Reset the user ' s two - factor status
*
* @ author [ A . Gianotto ] [ < snipe @ snipe . net > ]
* @ since [ v3 . 0 ]
* @ param $userId
* @ return string JSON
*/
public function postTwoFactorReset ( Request $request )
{
2018-07-12 18:28:02 -07:00
$this -> authorize ( 'update' , User :: class );
2018-02-26 15:43:49 -08:00
2019-05-23 17:39:50 -07:00
if ( $request -> filled ( 'id' )) {
2018-02-26 15:43:49 -08:00
try {
$user = User :: find ( $request -> get ( 'id' ));
$user -> two_factor_secret = null ;
$user -> two_factor_enrolled = 0 ;
$user -> save ();
2021-06-10 13:15:52 -07:00
2018-02-26 15:43:49 -08:00
return response () -> json ([ 'message' => trans ( 'admin/settings/general.two_factor_reset_success' )], 200 );
} catch ( \Exception $e ) {
return response () -> json ([ 'message' => trans ( 'admin/settings/general.two_factor_reset_error' )], 500 );
}
}
2021-06-10 13:15:52 -07:00
return response () -> json ([ 'message' => 'No ID provided' ], 500 );
2018-02-26 15:43:49 -08:00
}
2018-07-02 20:35:10 -07:00
/**
* Get info on the current user .
*
* @ author [ Juan Font ] [ < juanfontalonso @ gmail . com > ]
* @ since [ v4 . 4.2 ]
* @ param \Illuminate\Http\Request $request
* @ return \Illuminate\Http\Response
*/
public function getCurrentUserInfo ( Request $request )
{
2020-01-30 13:12:43 -08:00
return ( new UsersTransformer ) -> transformUser ( $request -> user ());
2018-07-02 20:35:10 -07:00
}
2021-09-21 10:36:11 -07:00
/**
* Restore a soft - deleted user .
*
* @ author [ E . Taylor ] [ < dev @ evantaylor . name > ]
* @ param int $userId
* @ since [ v6 . 0.0 ]
* @ return JsonResponse
*/
public function restore ( $userId = null )
{
// Get asset information
$user = User :: withTrashed () -> find ( $userId );
$this -> authorize ( 'delete' , $user );
if ( isset ( $user -> id )) {
// Restore the user
User :: withTrashed () -> where ( 'id' , $userId ) -> restore ();
return response () -> json ( Helper :: formatStandardApiResponse ( 'success' , null , trans ( 'admin/users/message.success.restored' )));
}
return response () -> json ( Helper :: formatStandardApiResponse ( 'error' , null , trans ( 'admin/users/message.user_exists' )), 200 );
}
2017-01-12 19:40:20 -08:00
}