snipe-it/app/Http/Controllers/Api/UsersController.php

500 lines
18 KiB
PHP
Raw Normal View History

2017-01-12 19:40:20 -08:00
<?php
namespace App\Http\Controllers\Api;
use App\Helpers\Helper;
use App\Http\Controllers\Controller;
use App\Http\Requests\SaveUserRequest;
use App\Http\Transformers\AccessoriesTransformer;
2017-10-24 19:18:20 -07:00
use App\Http\Transformers\AssetsTransformer;
2019-12-19 18:00:36 -08:00
use App\Http\Transformers\LicensesTransformer;
use App\Http\Transformers\SelectlistTransformer;
use App\Http\Transformers\UsersTransformer;
use App\Models\Asset;
use App\Models\Company;
use App\Models\License;
use App\Models\User;
use Auth;
2020-04-29 08:01:52 -07:00
use Illuminate\Http\Request;
2021-06-29 02:29:17 -07:00
use App\Http\Requests\ImageUploadRequest;
2020-04-29 08:01:52 -07:00
use Illuminate\Support\Facades\Storage;
2017-01-12 19:40:20 -08:00
class UsersController extends Controller
{
/**
* Display a listing of the resource.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v4.0]
*
* @return \Illuminate\Http\Response
*/
public function index(Request $request)
2017-01-12 19:40:20 -08:00
{
$this->authorize('view', User::class);
$users = User::select([
'users.activated',
2017-10-30 18:57:00 -07:00
'users.address',
'users.avatar',
2017-10-30 18:57:00 -07:00
'users.city',
'users.company_id',
2017-10-30 18:57:00 -07:00
'users.country',
'users.created_at',
'users.deleted_at',
'users.department_id',
'users.email',
'users.employee_num',
'users.first_name',
'users.id',
'users.jobtitle',
'users.last_login',
'users.last_name',
'users.locale',
'users.location_id',
'users.manager_id',
'users.notes',
'users.permissions',
'users.phone',
'users.state',
'users.two_factor_enrolled',
'users.two_factor_optin',
'users.updated_at',
'users.username',
'users.zip',
2020-12-02 11:01:05 -08:00
'users.ldap_import',
2017-10-24 09:51:07 -07:00
])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables')
->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count');
$users = Company::scopeCompanyables($users);
if (($request->filled('deleted')) && ($request->input('deleted') == 'true')) {
$users = $users->onlyTrashed();
} elseif (($request->filled('all')) && ($request->input('all') == 'true')) {
$users = $users->withTrashed();
2017-09-06 17:11:43 -07:00
}
2019-05-23 17:39:50 -07:00
if ($request->filled('company_id')) {
$users = $users->where('users.company_id', '=', $request->input('company_id'));
}
2019-05-23 17:39:50 -07:00
if ($request->filled('location_id')) {
$users = $users->where('users.location_id', '=', $request->input('location_id'));
}
Squashed commit of the following: commit e321aeabaed580f8de6ee309b377654620f117be Merge: 8ec99ff43 37568ae9e Author: snipe <snipe@snipe.net> Date: Mon Aug 31 12:14:44 2020 -0700 Merge branch 'master' into integrations/2020-08-31-v5-rc # Conflicts: # .all-contributorsrc # .nvmrc # README.md # app/Console/Commands/LdapSync.php # app/Http/Controllers/Api/ConsumablesController.php # app/Http/Controllers/Api/ImportController.php # app/Http/Controllers/Assets/AssetsController.php # app/Http/Controllers/Auth/LoginController.php # app/Http/Controllers/CustomFieldsetsController.php # app/Http/Controllers/LicensesController.php # app/Http/Controllers/UsersController.php # app/Importer/import_mappings.md # app/Models/Ldap.php # app/Models/Loggable.php # composer.json # composer.lock # config/version.php # public/css/build/all.css # public/css/dist/all.css # public/css/skins/skin-contrast.css # public/css/skins/skin-contrast.css.map # public/js/build/all.js # public/js/build/vue.js # public/js/build/vue.js.map # public/js/dist/all.js # public/mix-manifest.json # resources/assets/js/components/importer/importer-file.vue # resources/assets/less/overrides.less # resources/macros/macros.php # resources/views/custom_fields/fieldsets/view.blade.php # resources/views/hardware/edit.blade.php # resources/views/hardware/labels.blade.php # resources/views/hardware/view.blade.php # resources/views/layouts/default.blade.php # resources/views/modals/model.blade.php # resources/views/modals/user.blade.php # resources/views/users/index.blade.php # routes/api.php # routes/web/fields.php # tests/unit/UserTest.php commit 37568ae9ec021789d910de91bdef5f64e517451a Merge: 01a832169 32ad9050c Author: snipe <snipe@snipe.net> Date: Tue Aug 25 20:49:37 2020 -0700 Merge pull request #8365 from snipe/fixes/8338_google_maps_CSP Fixed #8338 - Added google maps to CSP commit 32ad9050cff8a9bfc89e5a832a9bbf1ad03dadd3 Author: snipe <snipe@snipe.net> Date: Tue Aug 25 20:48:53 2020 -0700 Added google maps to CSP commit 01a832169c7572960340e743e569fe9ffdc3f996 Merge: bcad49ce7 3c6883489 Author: snipe <snipe@snipe.net> Date: Tue Aug 25 20:38:31 2020 -0700 Merge pull request #8364 from snipe/fixes/8335_assigned_to_null_on_status_assetlist Fixed #8335 - added assignedTo scope on status labels API call for assetlist commit 3c6883489c030df8d90e2f18cab3ad96121205e5 Author: snipe <snipe@snipe.net> Date: Tue Aug 25 20:37:30 2020 -0700 Added assignedTo scope commit bcad49ce79ad7aab99bec8b273a78bb531c48ef0 Author: snipe <snipe@snipe.net> Date: Fri Aug 14 16:10:22 2020 -0700 Try to better handle slack “too many requests” issue commit b5acca89d72a43f42fb81a4bf06e8b7c3da0b93b Author: snipe <snipe@snipe.net> Date: Fri Aug 14 16:02:15 2020 -0700 Check for admin for slack notifications commit e52919cf1b17871c6bf294cfb1a9be59f6033289 Merge: 714576be4 29f3a5c48 Author: snipe <snipe@snipe.net> Date: Fri Aug 14 15:35:15 2020 -0700 Merge pull request #8327 from snipe/features/checkin_license_from_all_users Checkin license from all users cli tool commit 29f3a5c48f9b9fc4fcfb19cc6eebb1ce1e0e5a91 Author: snipe <snipe@snipe.net> Date: Fri Aug 14 15:27:40 2020 -0700 Use more verbose annotation for Auth::user if/else commit 134e8e6fb9958e71b8fa960de53c041324bd9e1c Author: snipe <snipe@snipe.net> Date: Fri Aug 14 15:25:07 2020 -0700 Moved user email nulling until after the save commit 714576be45dabe9a2b23d3090ec0c72ab8ec28da Merge: b999c50a2 512899294 Author: Brady Wetherington <bwetherington@grokability.com> Date: Fri Aug 14 15:24:03 2020 -0700 Merge pull request #8328 from snipe/fix_deprecation_report Fix deprecation report for customers with many active assets commit 5128992940b8565e5e87a2a917d3bcde8e21b711 Author: Brady Wetherington <uberbrady@gmail.com> Date: Fri Aug 14 15:03:03 2020 -0700 Fix deprecation report for customers with many active assets commit 02913235020d242e959f274fec588d9ebf8e39fa Author: snipe <snipe@snipe.net> Date: Fri Aug 14 14:57:58 2020 -0700 Use the user as the target commit e0f6f9b83972ef9fde79dbc342555580a0574591 Author: snipe <snipe@snipe.net> Date: Fri Aug 14 14:43:37 2020 -0700 Artisan command to check in licenses from all users commit f1a6308002caa865fe1a9b17b91d34fbfdd94a75 Author: snipe <snipe@snipe.net> Date: Fri Aug 14 14:43:07 2020 -0700 Check for Auth::user before trying to log id (for cli) commit b999c50a2eef14bdf44be8e4359f794194170d2d Merge: 9ca20e496 e3906b245 Author: snipe <snipe@snipe.net> Date: Wed Aug 12 12:37:47 2020 -0700 Merge pull request #8316 from Godmartinz/bug/ch15028/missing-or-incorrect-error-message-translation Looks great, thank you! commit e3906b245c9b85eca723bffa88b9af28f290e0fe Author: Godfrey M <godmartinz@gmail.com> Date: Wed Aug 12 12:27:18 2020 -0700 added translation for admin/licenses/message.not_found commit 9ca20e4964e57621af8f6b2e790e0d68b69b1afb Merge: e0644dbbf 456a74d88 Author: Brady Wetherington <bwetherington@grokability.com> Date: Tue Aug 11 17:33:19 2020 -0700 Merge pull request #8313 from snipe/improve_ldap_search_error_reporting Improve ldap search error reporting commit 456a74d88c1b1f14828aaf63e5122eb8b6831755 Author: Brady Wetherington <uberbrady@gmail.com> Date: Tue Aug 11 16:41:20 2020 -0700 De-merge out incorrectly merged files. Whoops! commit 799c059070eff849c81550423d16344748522bc7 Author: Brady Wetherington <uberbrady@gmail.com> Date: Tue Aug 11 16:21:18 2020 -0700 Add internationalized version of LDAP error message commit c62d43a77831dd798054b95e7ad9e72210f6accf Author: Brady Wetherington <uberbrady@gmail.com> Date: Mon Aug 10 17:04:17 2020 -0700 Improve Exception management in Artisan LDAP Sync method. Still need to localize this better commit b725bd0fae2b062d81a460283aa07b2186a99197 Author: Brady Wetherington <uberbrady@gmail.com> Date: Mon Aug 10 17:23:04 2020 -0700 Add @PeterUpfold as a contributor commit e0644dbbf6b5601b6712ca16877b481799e9652c Merge: 5b6925b00 004ecad05 Author: Brady Wetherington <bwetherington@grokability.com> Date: Mon Aug 10 17:22:31 2020 -0700 Merge pull request #8105 from PeterUpfold/PeterUpfold-7661workaround Propose workaround for #7661 — suppress E_DEPRECATED on ldap_control_paged_result() commit 5b6925b00c04b1abdea0235d04dda32c89215201 Author: snipe <snipe@snipe.net> Date: Tue Aug 4 21:00:37 2020 -0700 Removed debugging :( commit df17a859bfab8876d3e849c42692e01bdfdbd886 Author: snipe <snipe@snipe.net> Date: Tue Aug 4 20:59:54 2020 -0700 Changed modal IDs so manager creation modal works on user creation main page commit 24c43056ba9e738334eb2310db7c9920d9ab0613 Author: snipe <snipe@snipe.net> Date: Tue Aug 4 20:58:28 2020 -0700 Moved pGenerator script to default layout footer This fixes an issue where the password generator wouldn’t load in a modal in Chrome commit 606b7e905df1918336cef64984e54207ca6a7644 Author: snipe <snipe@snipe.net> Date: Fri Jul 31 17:02:33 2020 -0700 Small edits to PR template Slight text changes to ask specifics about versions commit d73ddad477cb9c675f15fbd54bdb1486bf8f14fc Author: snipe <snipe@snipe.net> Date: Fri Jul 31 16:59:26 2020 -0700 Created a PR template First draft of the PR guidelines template commit 9a39cf721e82aa25623e41eeb280d7bed3b3c178 Merge: 7410b1683 8994f3e15 Author: snipe <snipe@snipe.net> Date: Fri Jul 31 12:18:49 2020 -0700 Merge pull request #8258 from ballertv/features/consumable-api This looks great, thank you! commit 7410b16835bab1563bf2b7baaddb55377083a3a0 Merge: e955c983a b09e7d19b Author: Brady Wetherington <bwetherington@grokability.com> Date: Fri Jul 24 16:22:44 2020 -0700 Merge pull request #8270 from snipe/improve_ad_useraccountcontrol_v4 Add new useraccountcontrol value for valid AD users commit 8994f3e15e9fef5d1ec9c44764b424fa7edf9448 Author: andres <andresgutierrez535@gmail.com> Date: Wed Jul 22 19:57:06 2020 -0400 cleanup commit d23f1a77cac396a3a4962c5993cf1bdbfcf52a29 Author: andres <andresgutierrez535@gmail.com> Date: Wed Jul 22 18:46:02 2020 -0400 implement checkout API commit e955c983a3a9bd7793cf9a5f63b6e2c56d53d63f Merge: 2fa17ac18 eed41e454 Author: snipe <snipe@snipe.net> Date: Wed Jul 22 13:43:29 2020 -0700 Merge pull request #8250 from snipe/features/adds_addr_city_state_to_importer Added address, city, state and country to importer and city to bulk editor commit b09e7d19b3bc424d5960de9f5ffd272b2f19c272 Author: Brady Wetherington <uberbrady@gmail.com> Date: Wed Jul 22 13:32:16 2020 -0700 Add new useraccountcontrol value for valid AD users; document algorithm and values commit 2fa17ac18557969f5627953f6d041610207656a6 Merge: b90515437 3b1e46f72 Author: snipe <snipe@snipe.net> Date: Wed Jul 22 12:06:31 2020 -0700 Merge pull request #8254 from Godmartinz/gmartinez_adds_email_formats Added firstinitial.lastname, lastname_firstinitial, firstnamelastname… commit 3b1e46f72b81bd27e5ba0783c88f9d0d0038d611 Author: Godfrey Martinez <47435081+Godmartinz@users.noreply.github.com> Date: Wed Jul 22 11:25:57 2020 -0700 Update general.php commit 0c1a1de2a21dfd3639e3d2d2df995c3452c15a11 Author: Godfrey Martinez <47435081+Godmartinz@users.noreply.github.com> Date: Wed Jul 22 11:24:36 2020 -0700 Update general.php fixed typo commit 20c9ae5818ae22846bf2149f261e7f70cc8a7c71 Author: Godfrey M <godmartinz@gmail.com> Date: Wed Jul 22 10:21:19 2020 -0700 Added firstinitial.lastname, lastname_firstinitial, firstnamelastname and firstnamelastinitial to username formats commit eed41e454962bb6e9e6cbcf79cb4aed292ac2bbf Author: snipe <snipe@snipe.net> Date: Tue Jul 21 16:57:32 2020 -0700 Moved address down further, fixed broken HTML commit b750f4754f5f4245c0f490f6b6832b4c10615f27 Author: snipe <snipe@snipe.net> Date: Tue Jul 21 16:49:54 2020 -0700 Added city to bulk user importer commit c17a06792a76ee11215bd576f2df9732416b3e9d Author: snipe <snipe@snipe.net> Date: Tue Jul 21 16:49:38 2020 -0700 Added address, city, state, country to user importer commit 4f76cc6cfbad1eeded1981e8569e915ca37b87d9 Author: snipe <snipe@snipe.net> Date: Tue Jul 21 16:46:13 2020 -0700 I don’t actually know what this file is for commit b905154373bcf0b1ef64d57bb95f184557caba37 Author: snipe <snipe@snipe.net> Date: Mon Jul 20 14:29:32 2020 -0700 Fixed #8247 - added notes field to user details display commit daf748e531324215bfd746b406407fee7476d0ab Author: snipe <snipe@snipe.net> Date: Fri Jul 17 12:32:01 2020 -0700 Bumped hash commit 799a93c46a198a8235bbce1527ea7bf4929129c2 Author: snipe <snipe@snipe.net> Date: Fri Jul 17 12:11:32 2020 -0700 Allow for email/username search on users commit 34aa12e229fef497b355a492b5ef2c003337786b Merge: 81a633288 897757bd0 Author: snipe <snipe@snipe.net> Date: Thu Jul 16 17:44:13 2020 -0700 Merge pull request #8239 from snipe/fixes/api_rtd_to_location_on_create Set location_id to rtd_location_id on asset creation commit 897757bd0461cefd2e82aba344d416ed6843c49c Author: snipe <snipe@snipe.net> Date: Thu Jul 16 17:43:44 2020 -0700 Removed added line for location commit c7125c39375b101f852930536dabcc079f2d5e88 Author: snipe <snipe@snipe.net> Date: Thu Jul 16 16:34:39 2020 -0700 Set location_id to rtd_location_id on asset creation commit 81a6332889e9e4684ee65a669bc2b3bc1a3ced50 Author: snipe <snipe@snipe.net> Date: Tue Jul 14 13:55:38 2020 -0700 Removed license ID from seats table cookie info This typically wouldn’t be necessary, since most people would want to view the same *types* of data across licenses commit 6e563f6e4bfd9f8b52c8c8d39a60b466e64ba654 Merge: 5320f5c67 7f69ae953 Author: snipe <snipe@snipe.net> Date: Mon Jul 13 21:16:54 2020 -0700 Merge branch 'master' of https://github.com/snipe/snipe-it commit 5320f5c67ce7dbf4605cc5b7fd7be8773c8ee157 Author: snipe <snipe@snipe.net> Date: Mon Jul 13 21:16:45 2020 -0700 Disallow non-super users from editing their own permissions commit 7f69ae953b7990107bd0db3de16621e5238136e9 Merge: c79f8c1ba 17f6fbabf Author: snipe <snipe@snipe.net> Date: Mon Jul 13 21:16:00 2020 -0700 Merge pull request #8227 from snipe/fix_select2_ajax_pulldowns Changes how we do AJAX calls via Select2 for dynamic drop-down menus commit 17f6fbabfaa15f203a6accecf6a7b83c35d56ef8 Author: Brady Wetherington <uberbrady@gmail.com> Date: Mon Jul 13 21:12:03 2020 -0700 Switch to 'items' to maintain compatbility with other internal API's commit c79f8c1baf920f41d43827094691275eec529448 Merge: 12c92e30b 536401fe0 Author: snipe <snipe@snipe.net> Date: Mon Jul 13 17:42:16 2020 -0700 Merge pull request #8207 from EDVLeer/patch-1 Update snipeit.sh commit e7a820f7c91c14280f96e0e58f9921f73cf88c43 Author: Brady Wetherington <uberbrady@gmail.com> Date: Mon Jul 13 17:14:31 2020 -0700 Changes how we do AJAX calls via Select2 for dynamic drop-down menus commit 12c92e30b7a20ecd0e45b5a052b43c81dd35cc97 Author: snipe <snipe@snipe.net> Date: Fri Jul 10 16:21:27 2020 -0700 Show whether or not the user was imported via LDAP in the view page commit fd10b755b0241e354a265454c13965228a265a85 Author: snipe <snipe@snipe.net> Date: Fri Jul 10 11:30:01 2020 -0700 Removed the sr-only tag in table headers It was breaking Bootstrap Tables column selector :( commit dbbb7680d9d92ab42ffcca825fd93ff6cc3e5f89 Author: snipe <snipe@snipe.net> Date: Thu Jul 9 21:12:50 2020 -0700 A few more fixes for the cli Do not check out a piece of software if it’s already been checked out to the user commit cf0dd5bbadef3689dd9110d96e7d060ddb5fc827 Author: snipe <snipe@snipe.net> Date: Thu Jul 9 20:43:13 2020 -0700 Small fixes for cli tool commit 25e53d8c7f4ba1d5977bb5fbc5265ac9c8c543d9 Merge: ec6ed256f 89d433b41 Author: snipe <snipe@snipe.net> Date: Thu Jul 9 20:27:01 2020 -0700 Merge pull request #8216 from snipe/features/checkout_license_to_all_users Added CLI tool to checkout license to all users commit 89d433b41aa0de862cb60142c8d6ef80f339a958 Author: snipe <snipe@snipe.net> Date: Thu Jul 9 20:26:02 2020 -0700 Removed duplicate seat call commit e2570ada6f158dfc9acead583a0b2fa7fae17ca6 Author: snipe <snipe@snipe.net> Date: Thu Jul 9 20:04:05 2020 -0700 CLI tool to checkout a license to ALL users commit 45afe725a1f039dddd87537e16470963684f0711 Author: snipe <snipe@snipe.net> Date: Thu Jul 9 20:03:47 2020 -0700 Only try to get the company if there is an auth’d user (Needed for command line tools, where no Auth::user() is present) commit 536401fe0ff97cd6a8077cef993bfe755ed46851 Author: EDVLeer <32170051+EDVLeer@users.noreply.github.com> Date: Tue Jul 7 08:21:36 2020 +0200 Update snipeit.sh Ubuntu 20.04 commit ec6ed256fbc7740f76ee22867b6fe2008ff7873e Author: snipe <snipe@snipe.net> Date: Mon Jul 6 18:45:43 2020 -0700 Bumped minor version commit 2aaa7bed2d4fad6e8f7b101ecdae1f46ab8a00c2 Merge: 339bdddc3 cc9f1577a Author: snipe <snipe@snipe.net> Date: Thu Jun 25 18:37:41 2020 -0700 Merge pull request #8183 from snipe/features/merge_users Added merge utility commit cc9f1577a47708a6e11dffeab4797982be243cfa Author: snipe <snipe@snipe.net> Date: Thu Jun 25 17:43:53 2020 -0700 Removed unused use directives commit ab1fe8be0c72522273c468dfd5551553d9f92665 Author: snipe <snipe@snipe.net> Date: Thu Jun 25 17:42:39 2020 -0700 Added merge utility commit 339bdddc384aa655fa186dc36e02cc587487d4af Author: snipe <snipe@snipe.net> Date: Thu Jun 25 11:00:33 2020 -0700 Fix for Vue js not loading due to CSP :( commit 35b9cf4b703b9ced785daec1d35973ca266cdc49 Author: snipe <snipe@snipe.net> Date: Tue Jun 23 02:41:59 2020 -0700 Fixed missing db prefix on scopeDueOrOverdueForAudit commit 7ccb41371e0efc46d51abc790f49a9fb73e9b8bc Author: snipe <snipe@snipe.net> Date: Tue Jun 23 01:09:39 2020 -0700 Removed unoptimized images directive securityheaders.com is claiming it’s onrecognized, even though I got that directive from their site, so… whatever. ¯\_(ツ)_/¯ commit 2e60a457bf45640a0563a2bc4b66e02b0d226271 Author: snipe <snipe@snipe.net> Date: Tue Jun 23 01:07:00 2020 -0700 Dumb fix for feature-policy being dumb. commit 2390d2160bff7b4b340696fa527b1bc871bddff1 Merge: b42801f6a 00b051b8c Author: snipe <snipe@snipe.net> Date: Tue Jun 23 00:27:47 2020 -0700 Merge pull request #8164 from snipe/features/additional_security_headers Additional security headers commit 00b051b8c7f1af5218a11f2b33fcab37934bd894 Author: snipe <snipe@snipe.net> Date: Tue Jun 23 00:26:09 2020 -0700 Added a few more comments commit 05b3a9ad7e72cc71b09ed8ef2e87db19fa3700ee Author: snipe <snipe@snipe.net> Date: Mon Jun 22 23:17:27 2020 -0700 Config variable for HSTS commit 4fb880384fd455bd59a3b91c4244c392d7198c48 Author: snipe <snipe@snipe.net> Date: Mon Jun 22 22:37:14 2020 -0700 Changed comment commit 43042ad8412d8d89a9b09e47e5da8b276c9655f2 Author: snipe <snipe@snipe.net> Date: Mon Jun 22 22:35:59 2020 -0700 Consolidated ReferrerPolicy into new SecurityHeaders file commit a716382ac43d0a58b96604a3ec15e389b7ae97c2 Author: snipe <snipe@snipe.net> Date: Mon Jun 22 22:33:37 2020 -0700 Removed CSP middleware (it’s added in the general header) commit 36c8f7f4f116666c63ae7bc0d12e15f77a8fd6bc Author: snipe <snipe@snipe.net> Date: Mon Jun 22 22:31:01 2020 -0700 Additional security headers commit b42801f6ae635e843d9e062b4119d86fb3d05fc6 Merge: de4934f21 946129f20 Author: snipe <snipe@snipe.net> Date: Mon Jun 22 20:47:35 2020 -0700 Merge pull request #8163 from snipe/fixes/fix-for-css-on-column-selector Fixed weird padlock display in asset listing with encrypted custom fields commit 946129f20614e65bbbecbbda70cfba81b89d0937 Author: snipe <snipe@snipe.net> Date: Mon Jun 22 20:45:20 2020 -0700 Made quote style consistent commit b941ef1e08f84f40f503db6ebe67d0e8dca9c74a Author: snipe <snipe@snipe.net> Date: Mon Jun 22 20:41:40 2020 -0700 Pulled CSS font awesome styles out of the blade and into overrides.css commit d1aa11ec89347fb2c139d751719c4459c2448321 Author: snipe <snipe@snipe.net> Date: Mon Jun 22 20:29:19 2020 -0700 Fix for weird padlock display in asset listing with encrypted custom fields commit de4934f21d34a628e57992fc6a59813f42c55d90 Merge: af06e4205 b10076b01 Author: snipe <snipe@snipe.net> Date: Mon Jun 22 17:28:38 2020 -0700 Merge pull request #8162 from Godmartinz/godfreymartinez-ghi-font-size-of-qr_text Fixed #8161 and #8114 - font-size for labels used static values in blade instead of using values from settings commit b10076b015ac0034fded62548135aaff3f1b2a0a Author: Godfrey M <godmartinz@gmail.com> Date: Mon Jun 22 17:04:39 2020 -0700 corrected an error where font-size for labels were static in settings. commit af06e4205627b29f583b2e2e770fd2913fce5e46 Author: snipe <snipe@snipe.net> Date: Wed Jun 17 11:17:25 2020 -0700 Bumped version commit 9a2440dc4b98a9c12b38a04504875c7c196a510c Merge: beae8efb2 2ac1c1636 Author: snipe <snipe@snipe.net> Date: Tue Jun 16 20:20:07 2020 -0700 Merge pull request #8141 from snipe/fixes/better_handling_when_license_is_invalid Better handle the logic to determine if we should display the license checkout blade [ch13792] commit 2ac1c1636c672db59d601bd5c73d4a8023533ec9 Author: snipe <snipe@snipe.net> Date: Tue Jun 16 16:12:57 2020 -0700 Better handle the logic to determine if we should display the license checkout blade commit 004ecad059d636cc5be62aa5f112e3c4f9762326 Author: Peter Upfold <pgithub@upfold.org.uk> Date: Wed Jun 3 08:59:50 2020 +0100 Force suppress deprecation warning on ldap_control_paged_result() commit beae8efb21c2675b3da4308a87d911c534e70361 Merge: d14ab7e3e 9839e5e56 Author: snipe <snipe@snipe.net> Date: Wed May 27 23:01:33 2020 -0700 Merge pull request #8088 from Godmartinz/Label_Woes Barcode resizing and text adjustment commit 9839e5e566f51f85abe6860dfc8377042834c89b Author: Godfrey M <godmartinz@gmail.com> Date: Wed May 27 12:27:40 2020 -0700 adjusted for all label text, removed local variable commit d14ab7e3e1bf09c931ad148fdb6b65ee5a3dc7b8 Author: snipe <snipe@snipe.net> Date: Wed May 27 00:22:44 2020 -0700 Porting change from #8053 to master Signed-off-by: snipe <snipe@snipe.net> commit e7f74d94c179730f8b8502da5e2c1c90fa8ec594 Author: Godfrey M <godmartinz@gmail.com> Date: Tue May 26 17:22:45 2020 -0700 Label_Woes commit e97cf011b65df9e66826c26464fed7bf4001917a Author: Godfrey M <godmartinz@gmail.com> Date: Tue May 26 17:15:39 2020 -0700 Label_Woes commit ed23505054cd1bdf2ef695b6b010e025382f38da Author: Godfrey M <godmartinz@gmail.com> Date: Tue May 26 17:10:45 2020 -0700 Label_Woes commit 001e721530c41fd8ad8e925cecdef2eb8c96ab4c Merge: f88683766 8210da6e8 Author: snipe <snipe@snipe.net> Date: Wed May 20 10:21:52 2020 -0700 Merge pull request #8063 from dmeltzer/backport-8092 BACKPORT: Fix Missing Category selection in Asset Model Modal dialog - [ch14635] commit 8210da6e82018afab07197abe591a7666a56af21 Author: Daniel Meltzer <dmeltzer.devel@gmail.com> Date: Wed May 20 10:29:27 2020 -0400 Fix Missing Category selection in Asset Model Modal dialog. A select html tag needs a full closing tag. is not valid. This was causing the select2 js to barf and eat additional information. commit f88683766b1c7e9636aebe2fc952e6f036d3882c Author: snipe <snipe@snipe.net> Date: Thu May 14 00:55:47 2020 -0700 Roll back previous change Signed-off-by: snipe <snipe@snipe.net> commit e4385c0f8c584061670a1f98b13bbe90a124ac05 Author: snipe <snipe@snipe.net> Date: Thu May 14 00:48:30 2020 -0700 Fixes #8051 regression Signed-off-by: snipe <snipe@snipe.net> commit 0550fe0ffa4e5569bd7ca28354ca282ca2ef2825 Author: snipe <snipe@snipe.net> Date: Tue May 12 10:31:54 2020 -0700 Fix for session fixation vulnerability Signed-off-by: snipe <snipe@snipe.net> commit 7fb3a9b82c09b3aab65bf2b00f76efc66356155e Merge: 9a2ed804c ecb1e87fe Author: snipe <snipe@snipe.net> Date: Mon May 11 22:41:36 2020 -0700 Merge pull request #8043 from snipe/features/backup-optional-in-import-and-ldap Added option to disable backup in import commit ecb1e87fe6e7ab67900936a0f158670cc4c21c56 Author: snipe <snipe@snipe.net> Date: Mon May 11 20:45:15 2020 -0700 Updated assets Signed-off-by: snipe <snipe@snipe.net> commit f43df5f04147ded31cc625ef92f87127993e94b3 Author: snipe <snipe@snipe.net> Date: Mon May 11 20:44:46 2020 -0700 Fixed form label Signed-off-by: snipe <snipe@snipe.net> commit 95cc48e422e54b373d3a88d20d15d7536a323dce Author: snipe <snipe@snipe.net> Date: Mon May 11 20:41:10 2020 -0700 Added option to disable backup in import Signed-off-by: snipe <snipe@snipe.net> commit 9a2ed804ca9f71a9705da604a2c721ceeb9a5567 Author: snipe <snipe@snipe.net> Date: Mon May 11 20:28:42 2020 -0700 Fixed mismatched HTML header tags Signed-off-by: snipe <snipe@snipe.net> commit d20fad28e5e807c7577d9bd0e5146e5607affa33 Author: snipe <snipe@snipe.net> Date: Mon May 11 20:28:24 2020 -0700 Use more modern request helper Signed-off-by: snipe <snipe@snipe.net> commit ae813ddf75b21c45420016033c667ee35a9fc52b Author: snipe <snipe@snipe.net> Date: Mon May 11 18:11:16 2020 -0700 Add @alek13 as a contributor commit bb42109c0c76b6709f39190ae4a1daa55865d306 Author: snipe <snipe@snipe.net> Date: Mon May 11 18:10:45 2020 -0700 Added a clarifying comment Signed-off-by: snipe <snipe@snipe.net> commit f46ecf8ec0c1723e2e04036357c74644c30d4cb7 Author: snipe <snipe@snipe.net> Date: Mon May 11 18:07:20 2020 -0700 Updated composer lock Signed-off-by: snipe <snipe@snipe.net> commit b9e821c0e65e0745064b42aa6cccf9627c5df3e6 Author: snipe <snipe@snipe.net> Date: Mon May 11 18:07:14 2020 -0700 Small fix for Group Functional Tests Signed-off-by: snipe <snipe@snipe.net> commit 9ee28c7513616018f8ff0b8f5b167469e19070eb Author: snipe <snipe@snipe.net> Date: Mon May 11 18:07:02 2020 -0700 Switched to use info instead of danger on undeployable statuses Signed-off-by: snipe <snipe@snipe.net> commit 1a8ba06702727b1de870d05df53443270b35b8b7 Merge: 0fd232e70 ee4d69b1c Author: snipe <snipe@snipe.net> Date: Mon May 11 17:53:32 2020 -0700 Merge branch 'master' of https://github.com/snipe/snipe-it commit 0fd232e70d2be9ce845a73745ac98800bcfef9e2 Author: snipe <snipe@snipe.net> Date: Mon May 11 17:53:24 2020 -0700 Fixed group functional test (We had changed the minimum to 2 instead of 3) Signed-off-by: snipe <snipe@snipe.net> commit ee4d69b1c59c6baf832574da9e9bbbe67248a4bc Merge: 31c535094 d1ad11194 Author: snipe <snipe@snipe.net> Date: Mon May 11 17:52:45 2020 -0700 Merge pull request #8041 from alek13/patch-1 use supported package for slack commit d1ad11194936c51050d2e7a77d01c0daa1dde4fd Author: Alexander Chibrikin <alek13.me@gmail.com> Date: Mon May 11 20:31:13 2020 +0300 use supported package for slack see https://github.com/maknz/slack/issues/94 commit 31c5350941c7330aed01652b0670b61f6660b15b Author: snipe <snipe@snipe.net> Date: Fri May 1 01:05:48 2020 -0700 Fixed incorrect route for groups edit Signed-off-by: snipe <snipe@snipe.net> commit 7eb70e17e0b4d0f1ed1fe3ed7fbff1728eb077fb Merge: 5bb4f271a 3dfcb4699 Author: snipe <snipe@snipe.net> Date: Fri Apr 24 04:50:37 2020 -0700 Merge pull request #7993 from snipe/fixes/7989_column_selector Fixed #7989 - Converted table heading icons in People to CSS glyphs commit 3dfcb469910456b3213e00c5cd2f839d25dbf2c7 Author: snipe <snipe@snipe.net> Date: Fri Apr 24 04:41:08 2020 -0700 Minor formatting changes Signed-off-by: snipe <snipe@snipe.net> commit 96eb96f964c40b798d5ceed25eff2bbef4f0bc51 Author: snipe <snipe@snipe.net> Date: Fri Apr 24 04:27:00 2020 -0700 Removed stray val (typo) Signed-off-by: snipe <snipe@snipe.net> commit a2f08bd3baa6fb23633ceb58e5408b125b0f0029 Author: snipe <snipe@snipe.net> Date: Fri Apr 24 04:08:54 2020 -0700 Added comments Signed-off-by: snipe <snipe@snipe.net> commit e009fbe59f39a717a4ad7bea5027d39cb5323225 Author: snipe <snipe@snipe.net> Date: Fri Apr 24 04:04:53 2020 -0700 Converted table heading icons in People to CSS glyphs Signed-off-by: snipe <snipe@snipe.net> commit 5bb4f271aaa42a0c211d25e06a500a76c5a224f4 Author: snipe <snipe@snipe.net> Date: Fri Apr 24 00:47:19 2020 -0700 Fixed #7987 - allow toggle of required/optional in custom fields/fieldsets Signed-off-by: snipe <snipe@snipe.net>
2020-08-31 12:17:19 -07:00
if ($request->filled('email')) {
$users = $users->where('users.email', '=', $request->input('email'));
}
if ($request->filled('username')) {
$users = $users->where('users.username', '=', $request->input('username'));
}
2019-05-23 17:39:50 -07:00
if ($request->filled('group_id')) {
$users = $users->ByGroup($request->get('group_id'));
2017-10-17 21:43:57 -07:00
}
2019-05-23 17:39:50 -07:00
if ($request->filled('department_id')) {
$users = $users->where('users.department_id', '=', $request->input('department_id'));
2017-05-23 01:09:03 -07:00
}
2019-05-23 17:39:50 -07:00
if ($request->filled('search')) {
$users = $users->TextSearch($request->input('search'));
}
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
$offset = (($users) && (request('offset') > $users->count())) ? 0 : request('offset', 0);
// Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
// case we override with the actual count, so we should return 0 items.
$offset = (($users) && ($request->get('offset') > $users->count())) ? $users->count() : $request->get('offset', 0);
// Check to make sure the limit is not higher than the max allowed
((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
switch ($request->input('sort')) {
case 'manager':
$users = $users->OrderManager($order);
break;
case 'location':
$users = $users->OrderLocation($order);
break;
case 'department':
$users = $users->OrderDepartment($order);
break;
case 'company':
$users = $users->OrderCompany($order);
break;
default:
$allowed_columns =
[
'last_name', 'first_name', 'email', 'jobtitle', 'username', 'employee_num',
'assets', 'accessories', 'consumables', 'licenses', 'groups', 'activated', 'created_at',
'two_factor_enrolled', 'two_factor_optin', 'last_login', 'assets_count', 'licenses_count',
2017-10-30 18:57:00 -07:00
'consumables_count', 'accessories_count', 'phone', 'address', 'city', 'state',
'country', 'zip', 'id', 'ldap_import',
];
$sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'first_name';
$users = $users->orderBy($sort, $order);
break;
}
2017-05-23 14:30:07 -07:00
$total = $users->count();
$users = $users->skip($offset)->take($limit)->get();
2017-05-23 14:30:07 -07:00
return (new UsersTransformer)->transformUsers($users, $total);
2017-01-12 19:40:20 -08:00
}
/**
* Gets a paginated collection for the select2 menus
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v4.0.16]
* @see \App\Http\Transformers\SelectlistTransformer
*/
public function selectlist(Request $request)
{
$users = User::select(
[
'users.id',
'users.username',
'users.employee_num',
'users.first_name',
'users.last_name',
'users.gravatar',
'users.avatar',
'users.email',
]
2018-07-18 03:59:02 -07:00
)->where('show_in_list', '=', '1');
$users = Company::scopeCompanyables($users);
2019-05-23 17:39:50 -07:00
if ($request->filled('search')) {
$users = $users->SimpleNameSearch($request->get('search'))
->orWhere('username', 'LIKE', '%'.$request->get('search').'%')
2017-10-28 11:17:52 -07:00
->orWhere('employee_num', 'LIKE', '%'.$request->get('search').'%');
}
2017-10-28 11:17:52 -07:00
$users = $users->orderBy('last_name', 'asc')->orderBy('first_name', 'asc');
$users = $users->paginate(50);
foreach ($users as $user) {
$name_str = '';
if ($user->last_name != '') {
$name_str .= $user->last_name.', ';
}
$name_str .= $user->first_name;
if ($user->username != '') {
$name_str .= ' ('.$user->username.')';
}
if ($user->employee_num != '') {
$name_str .= ' - #'.$user->employee_num;
}
$user->use_text = $name_str;
$user->use_image = ($user->present()->gravatar) ? $user->present()->gravatar : null;
}
return (new SelectlistTransformer)->transformSelectlist($users);
}
2017-01-12 19:40:20 -08:00
/**
* Store a newly created resource in storage.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v4.0]
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function store(SaveUserRequest $request)
2017-01-12 19:40:20 -08:00
{
$this->authorize('create', User::class);
$user = new User;
$user->fill($request->all());
if ($request->has('permissions')) {
$permissions_array = $request->input('permissions');
// Strip out the superuser permission if the API user isn't a superadmin
if (! Auth::user()->isSuperUser()) {
unset($permissions_array['superuser']);
}
$user->permissions = $permissions_array;
}
$tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 20);
$user->password = bcrypt($request->get('password', $tmp_pass));
2021-06-29 02:29:17 -07:00
app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
if ($user->save()) {
2019-05-23 17:39:50 -07:00
if ($request->filled('groups')) {
2018-09-07 18:25:58 -07:00
$user->groups()->sync($request->input('groups'));
} else {
$user->groups()->sync([]);
2018-09-07 18:25:58 -07:00
}
return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.create')));
}
return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
2017-01-12 19:40:20 -08:00
}
/**
* Display the specified resource.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @param int $id
* @return \Illuminate\Http\Response
*/
public function show($id)
{
$this->authorize('view', User::class);
$user = User::withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count')->findOrFail($id);
return (new UsersTransformer)->transformUser($user);
2017-01-12 19:40:20 -08:00
}
/**
* Update the specified resource in storage.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v4.0]
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response
*/
public function update(SaveUserRequest $request, $id)
2017-01-12 19:40:20 -08:00
{
$this->authorize('update', User::class);
$user = User::findOrFail($id);
// This is a janky hack to prevent people from changing admin demo user data on the public demo.
// The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
// Thanks, jerks. You are why we can't have nice things. - snipe
if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
return response()->json(Helper::formatStandardApiResponse('error', null, 'Permission denied. You cannot update user information via API on the demo.'));
}
$user->fill($request->all());
2021-06-29 02:29:17 -07:00
if ($user->id == $request->input('manager_id')) {
return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
}
2019-05-23 17:39:50 -07:00
if ($request->filled('password')) {
$user->password = bcrypt($request->input('password'));
}
// We need to use has() instead of filled()
// here because we need to overwrite permissions
// if someone needs to null them out
if ($request->has('permissions')) {
$permissions_array = $request->input('permissions');
// Strip out the superuser permission if the API user isn't a superadmin
if (! Auth::user()->isSuperUser()) {
unset($permissions_array['superuser']);
}
$user->permissions = $permissions_array;
}
// Update the location of any assets checked out to this user
Asset::where('assigned_type', User::class)
->where('assigned_to', $user->id)->update(['location_id' => $request->input('location_id', null)]);
2021-06-29 02:29:17 -07:00
app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
if ($user->save()) {
// Sync group memberships:
// This was changed in Snipe-IT v4.6.x to 4.7, since we upgraded to Laravel 5.5
// which changes the behavior of has vs filled.
// The $request->has method will now return true even if the input value is an empty string or null.
// A new $request->filled method has was added that provides the previous behavior of the has method.
// Check if the request has groups passed and has a value
2019-05-23 17:39:50 -07:00
if ($request->filled('groups')) {
$user->groups()->sync($request->input('groups'));
2019-07-15 15:31:09 -07:00
// The groups field has been passed but it is null, so we should blank it out
} elseif ($request->has('groups')) {
$user->groups()->sync([]);
}
return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
}
return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
2017-01-12 19:40:20 -08:00
}
/**
* Remove the specified resource from storage.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v4.0]
* @param int $id
* @return \Illuminate\Http\Response
*/
public function destroy($id)
{
$this->authorize('delete', User::class);
$user = User::findOrFail($id);
$this->authorize('delete', $user);
if (($user->assets) && ($user->assets->count() > 0)) {
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete_has_assets')));
}
if (($user->licenses) && ($user->licenses->count() > 0)) {
return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->licenses->count().' license(s) associated with them and cannot be deleted.'));
}
if (($user->accessories) && ($user->accessories->count() > 0)) {
return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->accessories->count().' accessories associated with them.'));
}
if (($user->managedLocations()) && ($user->managedLocations()->count() > 0)) {
return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->managedLocations()->count().' locations that they manage.'));
}
if ($user->delete()) {
Integrations/develop into master (#7352) * Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992) * Added upcoming audit report TODO: Fid diff/threshold math * Added route to list overdue / upcoming assets via API * Controller/API methods for due/overdue audits We could probably skip this and just handle it via view in the routes… * Added query scopes for due and overdue audits * Added audit due console command to kernel * Added ability to pass audit specs to main API asset search method * Added audit presenter * Added bootstrap-tables presenter formatter to display an audit button * Added gated sidenav items to left nav * Added audit due/overdue blades * Cleanup on audit due/overdue console command * Added language strings for audit views * Fixed :threshold placeholder * Removed unused setting variable * Fixed next audit date math * Added scope for both overdue and upcoming * Derp. Wrong version * Bumped version (I will release this version officially tomorrow) * Leave the activated state for users alone in normal LDAP synchronisation. (#6988) * Fixed #7003 - crash when warranty months or purchase date is null * Fixed #6956 - viewKeys policy inconsistent (#7009) * Fixed #6956 - Added additional gates show showing/hiding license keys * Modified gate to allow user to see licenses if they can create or edit the license as well * Added API middleware to API routes to enable throttling TODO: Figure out how to make this costumizable without touching the code * Import locations from CSV via command line (#7021) * Added import locations command * Small fixes to location importer * Added country, LDAP OU * Cleaned up comments, added more clarification to what the script does * Added ability to update groups via API Fixes [ch9139] * Bumped version * Fixed #6883 - remove escaping of fields on LDAP import * Fixed #6880 - correctly encrypt encrypted fields via the API * Fixes #5054: LDAP users deactivated for none-ad (#7032) When using none-AD ldap, users are automatically deactivated every LDAP sync. This commit changes the behaviour so that if the active flag isn't set, the users are enabled. Fixed #5054, at least for 4.X * Updated packages - Updating erusev/parsedown (v1.7.2 => 1.7.3): Downloading (100%) - Updating squizlabs/php_codesniffer (3.4.1 => 3.4.2): Downloading (100%) - Updating symfony/polyfill-mbstring (v1.10.0 => v1.11.0): Downloading (100%) - Updating symfony/var-dumper (v3.4.23 => v3.4.27): Downloading (100%) - Updating league/flysystem (1.0.50 => 1.0.51): Downloading (100%) - Updating symfony/translation (v3.4.23 => v3.4.27): Downloading (100%) - Updating nesbot/carbon (1.36.2 => 1.37.1): Downloading (100%) - Updating symfony/debug (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/console (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/finder (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/polyfill-ctype (v1.10.0 => v1.11.0): Downloading (100%) - Updating symfony/polyfill-php70 (v1.10.0 => v1.11.0): Downloading (100%) - Updating symfony/http-foundation (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/event-dispatcher (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/http-kernel (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/process (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/routing (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/polyfill-util (v1.10.0 => v1.11.0): Downloading (100%) - Updating symfony/polyfill-php56 (v1.10.0 => v1.11.0): Downloading (100%) - Updating symfony/psr-http-message-bridge (v1.1.1 => v1.1.2): Downloading (failed) Downloading (100%) - Updating rollbar/rollbar (v1.7.5 => v1.8.1): Downloading (100%) - Updating symfony/yaml (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/browser-kit (v3.4.23 => v3.4.27): Downloading (100%) * Fixed #7044 - API update deleted custom fields if they are not re-presented * Fixed XSS vulnerability when creating a new categories, etc via modal on create Same fix as before, because of the weird select2 post-parsing ajax behavior * Updated email strings * Fixed #7046 - added user website url back into UI * Updated language strings * Bumped version * Updated packages * New backups config for spatie * Removed debugbar service provider (autodiscovery) * Use laravel v5.5 withCount manual aliases * Added spatie language files * Removed old laravel backups config This config file was renamed in a newer version of spatie laravel-backup * Set the serialization * Added the command loader to console kernel * Renamed fire() to handle() * Updated withCount to use manual naming * Updated backup path in backup admin * Updated travis with new php versions * Bumped laravel version in readme * Fixed custom field edit screen * Fixed baseUrl is undefined error I literally cannot figure out how this ever worked before. * Fix for included files in backup * Bumped version * Switch has() to filled() * Change ->has() to ->filled() * Removed cosole log * Bumped packages * Use getReader instead of fetchAssoc for CSV parser https://csv.thephpleague.com/9.0/upgrading/ * Handle JSON validation errors like 5.4 * Handle JSON validation errors like 5.4 * Handle JSON validation errors like 5.4 * Trying to fix ajax asset validation This I think gets us closer, but still not handling the validation on the asset properly. When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this: ``` Illuminate\Support\MessageBag Object ( [messages:protected] => Array ( [name] => Array ( [0] => The name field is required. ) [seats] => Array ( [0] => The seats field is required. ) [category_id] => Array ( [0] => The category id field is required. ) ) [format:protected] => :message ) ``` Currently the Assets ajax returns: ``` [2019-05-24 06:52:06] develop.ERROR: array ( 'messages' => array ( 'model_id' => array ( 0 => 'The model id field is required.', ), 'status_id' => array ( 0 => 'The status id field is required.', ), 'asset_tag' => array ( 0 => 'The asset tag field is required.', ), ), ) ``` So not sure why it’s not working. * Fixed missing asset validation * Check that a model exists before trying to fiddle with fieldsets * Tidied up license check * Removed extra escaping on checkin * Updated importer to work with newer CSV Reader::getRecords() method * Fixed field mapping * Small fix for reordering fields Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151] This needs revisiting for a more solid fix, especially for data that was already entered bad. * Fixed bug where sorting by company name in Users API did not work Fixes [ch9200] * Removed custom fields from AssignedSearch to prevent confusing data in selectlist Fixes [ch9193] * Removed alert-danger from tests * Fixed missed consumables_count withCount() statement * Fixed Undefined variable user in $backto if checked out to a non-user Fixes [ch9194] * Check for valid model before attempting to access fieldsets Fixes [ch1249] * Only build the log upload destination path if there is a matching record Fixes [ch1232] * Fixed free_seats_count variable name (I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables) * Only gtry to delete the file if a record is found in the log * Only try to get fieldset if model is valid * Fixed more camel-casing -> snake-casing * Only display the file if the log record can be found * Fixed casing in sync command * Updated README * Derp - typo * Added link to Atlassian plugin * More Atlassian clarifications * Show accessory image on view page * Increased image size to 800px, added lightboxes * Fixed #7083 - Removed user_exists constraint on department save If the user has been deleted, this prevented the department from being successfully saved on edit * Updated branch in version file * Dockerfile update to bring us up to php v7.1 for Laravel 5.5 (#7084) * bump up to php7.1 & change deprecated MAINTAINER to a LABEL so it is visible with `docker inspect` * AND modapache >< * 2 updates required to get software-properties+ppa * Bumped version * Bumped release again :( * Missed one * Fixed #7098 - updated backup config for deleteFile() method * Fixed #7092 - handle weird port forwarding/port numbers for baseUrl * Bumped version * Fixed #7099 - set email to null by default for backup notifications * Removed old comments * Fixed #7100 - Check if $user isset on checkin * Increased throttle to 120 requests per minute * Added Filipino, corrected order for Spanish variations * Update language strings * Bumped hash * Changed has to filled to fix bulk asset editing * Bumped point version * Small fixes for phpleague CSB reader v9 * Improved error checking in locations importer * Fixed #7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility * Reduce minimum group name length to 2 (from 3) eg: IT * Back in time fix FOR #7145 for new installs on MySQL 8+ * Fixed permission insert //TODO Handle this via model * Possible fix for reporting/admin migration back in time * Fixed #7164 - change table name to permission_groups * Fixed LDAP password blanking on save * fixing previous commit's actual wiping of password (#7183) replaced Input::fille('ldap_pword') with _filled_. Should be good to go. https://github.com/snipe/snipe-it/issues/7179 https://github.com/snipe/snipe-it/issues/7169 * Bumped version * Downgrading rollbar for Laravel 5.5 * Spelling Correction (#7206) Fixed Spelling for the word reqrite, to be rewrite. * Fix #6910: Add logic to manipulate the eloquent query. (#7006) * Added company_id to consumables_users table * Added logic to manage when a pivot table doesn't have the column company_id trough a join with users * Remove a migration that tries to fix this problem, but is not longer necessary * Addresses #7238 - add PWA code to layout Needs additional UX testing * Better log message for bad LDAP connection * Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed * Comment clarification on #7186 * Check for valid seat on hardware view * Added space between footer and custom message * Cap warranty months to three characters Filles rollbar 209 * Cap warranty months to 3 on the frontend blade * Fixed countable() strings on user destroy * Check that the user has assets and that the aset model is valid * Bumped hash * Caps asset warranty to 20 years * Command to fix custom field unicode conversion differences between PHP versions (#7263) * Fixes #7252 form request changes (#7272) * Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests * Removed debug info * More fixes for #7252 This is mostly working as intended, if not yet the way Laravel wants us to do it. Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress. * Removed experimental method * Check for digits_between:0,240 for warranty * Removed debug code * Apply fix from PR #7273 to master * Bumped hash * Fixed #7250 - permission issue for API fieldsets and fields endpoints This applies the change from #7294 to master * Add @mskrip as a contributor * Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name * CORS for api (#7292) * Added CORS support to API * Changed order so CORS will still work if throttle hit * Added APP_CORS_ALLOWED_ORIGINS env option * Fixed typo * Clarified header comments * More clarification * DIsable CORS allowed origins by default to replicate existing behavior * Change variable name to be clearer * Bumped version * Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317) * Added comments to the ByFilter query scope for clarity * Added accessories checkout/checkin API endpoint * Fixed CVE-2019-10742 https://nvd.nist.gov/vuln/detail/CVE-2019-10742 * Update README.md (#7334) Add reference to CSV importer. * Group related variables in .env * History importer fixes * Fixes to history importer
2019-08-14 21:48:14 -07:00
// Remove the user's avatar if they have one
if (Storage::disk('public')->exists('avatars/'.$user->avatar)) {
try {
Integrations/develop into master (#7352) * Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992) * Added upcoming audit report TODO: Fid diff/threshold math * Added route to list overdue / upcoming assets via API * Controller/API methods for due/overdue audits We could probably skip this and just handle it via view in the routes… * Added query scopes for due and overdue audits * Added audit due console command to kernel * Added ability to pass audit specs to main API asset search method * Added audit presenter * Added bootstrap-tables presenter formatter to display an audit button * Added gated sidenav items to left nav * Added audit due/overdue blades * Cleanup on audit due/overdue console command * Added language strings for audit views * Fixed :threshold placeholder * Removed unused setting variable * Fixed next audit date math * Added scope for both overdue and upcoming * Derp. Wrong version * Bumped version (I will release this version officially tomorrow) * Leave the activated state for users alone in normal LDAP synchronisation. (#6988) * Fixed #7003 - crash when warranty months or purchase date is null * Fixed #6956 - viewKeys policy inconsistent (#7009) * Fixed #6956 - Added additional gates show showing/hiding license keys * Modified gate to allow user to see licenses if they can create or edit the license as well * Added API middleware to API routes to enable throttling TODO: Figure out how to make this costumizable without touching the code * Import locations from CSV via command line (#7021) * Added import locations command * Small fixes to location importer * Added country, LDAP OU * Cleaned up comments, added more clarification to what the script does * Added ability to update groups via API Fixes [ch9139] * Bumped version * Fixed #6883 - remove escaping of fields on LDAP import * Fixed #6880 - correctly encrypt encrypted fields via the API * Fixes #5054: LDAP users deactivated for none-ad (#7032) When using none-AD ldap, users are automatically deactivated every LDAP sync. This commit changes the behaviour so that if the active flag isn't set, the users are enabled. Fixed #5054, at least for 4.X * Updated packages - Updating erusev/parsedown (v1.7.2 => 1.7.3): Downloading (100%) - Updating squizlabs/php_codesniffer (3.4.1 => 3.4.2): Downloading (100%) - Updating symfony/polyfill-mbstring (v1.10.0 => v1.11.0): Downloading (100%) - Updating symfony/var-dumper (v3.4.23 => v3.4.27): Downloading (100%) - Updating league/flysystem (1.0.50 => 1.0.51): Downloading (100%) - Updating symfony/translation (v3.4.23 => v3.4.27): Downloading (100%) - Updating nesbot/carbon (1.36.2 => 1.37.1): Downloading (100%) - Updating symfony/debug (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/console (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/finder (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/polyfill-ctype (v1.10.0 => v1.11.0): Downloading (100%) - Updating symfony/polyfill-php70 (v1.10.0 => v1.11.0): Downloading (100%) - Updating symfony/http-foundation (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/event-dispatcher (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/http-kernel (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/process (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/routing (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/polyfill-util (v1.10.0 => v1.11.0): Downloading (100%) - Updating symfony/polyfill-php56 (v1.10.0 => v1.11.0): Downloading (100%) - Updating symfony/psr-http-message-bridge (v1.1.1 => v1.1.2): Downloading (failed) Downloading (100%) - Updating rollbar/rollbar (v1.7.5 => v1.8.1): Downloading (100%) - Updating symfony/yaml (v3.4.23 => v3.4.27): Downloading (100%) - Updating symfony/browser-kit (v3.4.23 => v3.4.27): Downloading (100%) * Fixed #7044 - API update deleted custom fields if they are not re-presented * Fixed XSS vulnerability when creating a new categories, etc via modal on create Same fix as before, because of the weird select2 post-parsing ajax behavior * Updated email strings * Fixed #7046 - added user website url back into UI * Updated language strings * Bumped version * Updated packages * New backups config for spatie * Removed debugbar service provider (autodiscovery) * Use laravel v5.5 withCount manual aliases * Added spatie language files * Removed old laravel backups config This config file was renamed in a newer version of spatie laravel-backup * Set the serialization * Added the command loader to console kernel * Renamed fire() to handle() * Updated withCount to use manual naming * Updated backup path in backup admin * Updated travis with new php versions * Bumped laravel version in readme * Fixed custom field edit screen * Fixed baseUrl is undefined error I literally cannot figure out how this ever worked before. * Fix for included files in backup * Bumped version * Switch has() to filled() * Change ->has() to ->filled() * Removed cosole log * Bumped packages * Use getReader instead of fetchAssoc for CSV parser https://csv.thephpleague.com/9.0/upgrading/ * Handle JSON validation errors like 5.4 * Handle JSON validation errors like 5.4 * Handle JSON validation errors like 5.4 * Trying to fix ajax asset validation This I think gets us closer, but still not handling the validation on the asset properly. When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this: ``` Illuminate\Support\MessageBag Object ( [messages:protected] => Array ( [name] => Array ( [0] => The name field is required. ) [seats] => Array ( [0] => The seats field is required. ) [category_id] => Array ( [0] => The category id field is required. ) ) [format:protected] => :message ) ``` Currently the Assets ajax returns: ``` [2019-05-24 06:52:06] develop.ERROR: array ( 'messages' => array ( 'model_id' => array ( 0 => 'The model id field is required.', ), 'status_id' => array ( 0 => 'The status id field is required.', ), 'asset_tag' => array ( 0 => 'The asset tag field is required.', ), ), ) ``` So not sure why it’s not working. * Fixed missing asset validation * Check that a model exists before trying to fiddle with fieldsets * Tidied up license check * Removed extra escaping on checkin * Updated importer to work with newer CSV Reader::getRecords() method * Fixed field mapping * Small fix for reordering fields Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151] This needs revisiting for a more solid fix, especially for data that was already entered bad. * Fixed bug where sorting by company name in Users API did not work Fixes [ch9200] * Removed custom fields from AssignedSearch to prevent confusing data in selectlist Fixes [ch9193] * Removed alert-danger from tests * Fixed missed consumables_count withCount() statement * Fixed Undefined variable user in $backto if checked out to a non-user Fixes [ch9194] * Check for valid model before attempting to access fieldsets Fixes [ch1249] * Only build the log upload destination path if there is a matching record Fixes [ch1232] * Fixed free_seats_count variable name (I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables) * Only gtry to delete the file if a record is found in the log * Only try to get fieldset if model is valid * Fixed more camel-casing -> snake-casing * Only display the file if the log record can be found * Fixed casing in sync command * Updated README * Derp - typo * Added link to Atlassian plugin * More Atlassian clarifications * Show accessory image on view page * Increased image size to 800px, added lightboxes * Fixed #7083 - Removed user_exists constraint on department save If the user has been deleted, this prevented the department from being successfully saved on edit * Updated branch in version file * Dockerfile update to bring us up to php v7.1 for Laravel 5.5 (#7084) * bump up to php7.1 & change deprecated MAINTAINER to a LABEL so it is visible with `docker inspect` * AND modapache >< * 2 updates required to get software-properties+ppa * Bumped version * Bumped release again :( * Missed one * Fixed #7098 - updated backup config for deleteFile() method * Fixed #7092 - handle weird port forwarding/port numbers for baseUrl * Bumped version * Fixed #7099 - set email to null by default for backup notifications * Removed old comments * Fixed #7100 - Check if $user isset on checkin * Increased throttle to 120 requests per minute * Added Filipino, corrected order for Spanish variations * Update language strings * Bumped hash * Changed has to filled to fix bulk asset editing * Bumped point version * Small fixes for phpleague CSB reader v9 * Improved error checking in locations importer * Fixed #7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility * Reduce minimum group name length to 2 (from 3) eg: IT * Back in time fix FOR #7145 for new installs on MySQL 8+ * Fixed permission insert //TODO Handle this via model * Possible fix for reporting/admin migration back in time * Fixed #7164 - change table name to permission_groups * Fixed LDAP password blanking on save * fixing previous commit's actual wiping of password (#7183) replaced Input::fille('ldap_pword') with _filled_. Should be good to go. https://github.com/snipe/snipe-it/issues/7179 https://github.com/snipe/snipe-it/issues/7169 * Bumped version * Downgrading rollbar for Laravel 5.5 * Spelling Correction (#7206) Fixed Spelling for the word reqrite, to be rewrite. * Fix #6910: Add logic to manipulate the eloquent query. (#7006) * Added company_id to consumables_users table * Added logic to manage when a pivot table doesn't have the column company_id trough a join with users * Remove a migration that tries to fix this problem, but is not longer necessary * Addresses #7238 - add PWA code to layout Needs additional UX testing * Better log message for bad LDAP connection * Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed * Comment clarification on #7186 * Check for valid seat on hardware view * Added space between footer and custom message * Cap warranty months to three characters Filles rollbar 209 * Cap warranty months to 3 on the frontend blade * Fixed countable() strings on user destroy * Check that the user has assets and that the aset model is valid * Bumped hash * Caps asset warranty to 20 years * Command to fix custom field unicode conversion differences between PHP versions (#7263) * Fixes #7252 form request changes (#7272) * Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests * Removed debug info * More fixes for #7252 This is mostly working as intended, if not yet the way Laravel wants us to do it. Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress. * Removed experimental method * Check for digits_between:0,240 for warranty * Removed debug code * Apply fix from PR #7273 to master * Bumped hash * Fixed #7250 - permission issue for API fieldsets and fields endpoints This applies the change from #7294 to master * Add @mskrip as a contributor * Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name * CORS for api (#7292) * Added CORS support to API * Changed order so CORS will still work if throttle hit * Added APP_CORS_ALLOWED_ORIGINS env option * Fixed typo * Clarified header comments * More clarification * DIsable CORS allowed origins by default to replicate existing behavior * Change variable name to be clearer * Bumped version * Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317) * Added comments to the ByFilter query scope for clarity * Added accessories checkout/checkin API endpoint * Fixed CVE-2019-10742 https://nvd.nist.gov/vuln/detail/CVE-2019-10742 * Update README.md (#7334) Add reference to CSV importer. * Group related variables in .env * History importer fixes * Fixes to history importer
2019-08-14 21:48:14 -07:00
Storage::disk('public')->delete('avatars/'.$user->avatar);
} catch (\Exception $e) {
\Log::debug($e);
}
}
return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.delete')));
}
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete')));
2017-01-12 19:40:20 -08:00
}
2017-08-26 15:21:38 -07:00
/**
* Return JSON containing a list of assets assigned to a user.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v3.0]
* @param $userId
* @return string JSON
*/
public function assets($id)
{
$this->authorize('view', User::class);
$this->authorize('view', Asset::class);
$assets = Asset::where('assigned_to', '=', $id)->where('assigned_type', '=', User::class)->with('model')->get();
2017-10-24 19:18:20 -07:00
return (new AssetsTransformer)->transformAssets($assets, $assets->count());
2017-08-26 15:21:38 -07:00
}
2018-02-26 15:43:49 -08:00
/**
* Return JSON containing a list of accessories assigned to a user.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v4.6.14]
* @param $userId
* @return string JSON
*/
public function accessories($id)
{
$this->authorize('view', User::class);
$user = User::findOrFail($id);
$this->authorize('view', Accessory::class);
$accessories = $user->accessories;
return (new AccessoriesTransformer)->transformAccessories($accessories, $accessories->count());
}
2019-12-19 18:00:36 -08:00
/**
* Return JSON containing a list of licenses assigned to a user.
*
* @author [N. Mathar] [<snipe@snipe.net>]
* @since [v5.0]
* @param $userId
* @return string JSON
*/
public function licenses($id)
{
$this->authorize('view', User::class);
$this->authorize('view', License::class);
$user = User::where('id', $id)->withTrashed()->first();
$licenses = $user->licenses()->get();
2019-12-19 18:00:36 -08:00
return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
}
2018-02-26 15:43:49 -08:00
/**
* Reset the user's two-factor status
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v3.0]
* @param $userId
* @return string JSON
*/
public function postTwoFactorReset(Request $request)
{
$this->authorize('update', User::class);
2018-02-26 15:43:49 -08:00
2019-05-23 17:39:50 -07:00
if ($request->filled('id')) {
2018-02-26 15:43:49 -08:00
try {
$user = User::find($request->get('id'));
$user->two_factor_secret = null;
$user->two_factor_enrolled = 0;
$user->save();
2018-02-26 15:43:49 -08:00
return response()->json(['message' => trans('admin/settings/general.two_factor_reset_success')], 200);
} catch (\Exception $e) {
return response()->json(['message' => trans('admin/settings/general.two_factor_reset_error')], 500);
}
}
return response()->json(['message' => 'No ID provided'], 500);
2018-02-26 15:43:49 -08:00
}
/**
* Get info on the current user.
*
* @author [Juan Font] [<juanfontalonso@gmail.com>]
* @since [v4.4.2]
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function getCurrentUserInfo(Request $request)
{
return (new UsersTransformer)->transformUser($request->user());
}
2021-09-21 10:36:11 -07:00
/**
* Restore a soft-deleted user.
*
* @author [E. Taylor] [<dev@evantaylor.name>]
* @param int $userId
* @since [v6.0.0]
* @return JsonResponse
*/
public function restore($userId = null)
{
// Get asset information
$user = User::withTrashed()->find($userId);
$this->authorize('delete', $user);
if (isset($user->id)) {
// Restore the user
User::withTrashed()->where('id', $userId)->restore();
return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.restored')));
}
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_exists')), 200);
}
2017-01-12 19:40:20 -08:00
}