snipe-it/app/Http/Controllers/Users/UsersController.php

649 lines
25 KiB
PHP
Raw Normal View History

2016-03-25 01:18:05 -07:00
<?php
namespace App\Http\Controllers\Users;
2016-03-25 01:18:05 -07:00
use App\Helpers\Helper;
use App\Http\Controllers\Controller;
use App\Http\Controllers\UserNotFoundException;
use App\Http\Requests\SaveUserRequest;
use App\Http\Requests\ImageUploadRequest;
2016-03-25 01:18:05 -07:00
use App\Models\Asset;
use App\Models\Company;
use App\Models\Group;
use App\Models\Ldap;
use App\Models\Setting;
2016-03-25 01:18:05 -07:00
use App\Models\User;
use App\Notifications\WelcomeNotification;
2016-03-25 01:18:05 -07:00
use Auth;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Support\Facades\Password;
2016-03-25 01:18:05 -07:00
use Input;
use Redirect;
use Str;
use Symfony\Component\HttpFoundation\StreamedResponse;
2016-03-25 01:18:05 -07:00
use View;
use Illuminate\Http\Request;
2016-06-02 00:41:10 -07:00
2016-03-25 01:18:05 -07:00
/**
2016-04-07 13:21:09 -07:00
* This controller handles all actions related to Users for
* the Snipe-IT Asset Management application.
*
* @version v1.0
2016-03-25 01:18:05 -07:00
*/
2016-03-25 01:18:05 -07:00
class UsersController extends Controller
{
/**
* Returns a view that invokes the ajax tables which actually contains
* the content for the users listing, which is generated in getDatatable().
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @see UsersController::getDatatable() method that generates the JSON response
* @since [v1.0]
* @return \Illuminate\Contracts\View\View
* @throws \Illuminate\Auth\Access\AuthorizationException
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
*/
2016-12-15 20:52:39 -08:00
public function index()
2016-03-25 01:18:05 -07:00
{
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
$this->authorize('index', User::class);
return view('users/index');
2016-03-25 01:18:05 -07:00
}
/**
* Returns a view that displays the user creation form.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @return \Illuminate\Contracts\View\View
* @throws \Illuminate\Auth\Access\AuthorizationException
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
*/
public function create(Request $request)
2016-03-25 01:18:05 -07:00
{
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
$this->authorize('create', User::class);
$groups = Group::pluck('name', 'id');
$userGroups = collect();
if ($request->old('groups')) {
$userGroups = Group::whereIn('id', $request->old('groups'))->pluck('name', 'id');
}
2016-06-15 11:51:10 -07:00
2016-03-25 01:18:05 -07:00
$permissions = config('permissions');
$userPermissions = Helper::selectedPermissionsArray($permissions, $request->old('permissions', array()));
$permissions = $this->filterDisplayable($permissions);
2016-03-25 01:18:05 -07:00
$user = new User;
$user->activated = 1;
return view('users/edit', compact('groups', 'userGroups', 'permissions', 'userPermissions'))
->with('user', $user);
2016-03-25 01:18:05 -07:00
}
/**
* Validate and store the new user data, or return an error.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param SaveUserRequest $request
* @return \Illuminate\Http\RedirectResponse
* @throws \Illuminate\Auth\Access\AuthorizationException
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
*/
2016-12-15 20:52:39 -08:00
public function store(SaveUserRequest $request)
2016-03-25 01:18:05 -07:00
{
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
$this->authorize('create', User::class);
2016-03-25 19:26:22 -07:00
$user = new User;
//Username, email, and password need to be handled specially because the need to respect config values on an edit.
$user->email = e($request->input('email'));
$user->username = e($request->input('username'));
if ($request->filled('password')) {
$user->password = bcrypt($request->input('password'));
}
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
$user->first_name = $request->input('first_name');
$user->last_name = $request->input('last_name');
$user->locale = $request->input('locale');
$user->employee_num = $request->input('employee_num');
2018-07-24 13:28:59 -07:00
$user->activated = $request->input('activated', 0);
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
$user->jobtitle = $request->input('jobtitle');
$user->phone = $request->input('phone');
$user->location_id = $request->input('location_id', null);
$user->department_id = $request->input('department_id', null);
$user->company_id = Company::getIdForUser($request->input('company_id', null));
$user->manager_id = $request->input('manager_id', null);
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
$user->notes = $request->input('notes');
2017-10-30 18:57:00 -07:00
$user->address = $request->input('address', null);
$user->city = $request->input('city', null);
$user->state = $request->input('state', null);
$user->country = $request->input('country', null);
$user->zip = $request->input('zip', null);
// Strip out the superuser permission if the user isn't a superadmin
$permissions_array = $request->input('permission');
if (!Auth::user()->isSuperUser()) {
unset($permissions_array['superuser']);
}
$user->permissions = json_encode($permissions_array);
// we have to invoke the
app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
2016-06-15 11:51:10 -07:00
if ($user->save()) {
if ($request->filled('groups')) {
2016-06-15 11:51:10 -07:00
$user->groups()->sync($request->input('groups'));
} else {
$user->groups()->sync(array());
}
2016-07-28 05:49:41 -07:00
if (($request->input('email_user') == 1) && ($request->filled('email'))) {
// Send the credentials through email
2016-03-25 01:18:05 -07:00
$data = array();
$data['email'] = e($request->input('email'));
$data['username'] = e($request->input('username'));
$data['first_name'] = e($request->input('first_name'));
$data['last_name'] = e($request->input('last_name'));
$data['password'] = e($request->input('password'));
2016-03-25 01:18:05 -07:00
$user->notify(new WelcomeNotification($data));
2016-03-25 01:18:05 -07:00
}
return redirect::route('users.index')->with('success', trans('admin/users/message.success.create'));
2016-03-25 01:18:05 -07:00
}
2016-06-22 12:27:41 -07:00
return redirect()->back()->withInput()->withErrors($user->getErrors());
2016-03-25 01:18:05 -07:00
}
private function filterDisplayable($permissions)
{
$output = null;
foreach ($permissions as $key => $permission) {
$output[$key] = array_filter($permission, function ($p) {
return $p['display'] === true;
});
2016-03-25 01:18:05 -07:00
}
return $output;
2016-03-25 01:18:05 -07:00
}
/**
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
* Returns a view that displays the edit user form
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param $permissions
* @return View
* @internal param int $id
* @throws \Illuminate\Auth\Access\AuthorizationException
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
*/
public function edit($id)
2016-03-25 01:18:05 -07:00
{
2017-10-28 11:17:52 -07:00
if ($user = User::find($id)) {
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
$this->authorize('update', $user);
$permissions = config('permissions');
2016-03-25 01:18:05 -07:00
$groups = Group::pluck('name', 'id');
2016-03-25 01:18:05 -07:00
$userGroups = $user->groups()->pluck('name', 'id');
$user->permissions = $user->decodePermissions();
$userPermissions = Helper::selectedPermissionsArray($permissions, $user->permissions);
$permissions = $this->filterDisplayable($permissions);
2016-03-25 01:18:05 -07:00
2017-10-28 11:17:52 -07:00
return view('users/edit', compact('user', 'groups', 'userGroups', 'permissions', 'userPermissions'))->with('item', $user);
2016-03-25 01:18:05 -07:00
}
2017-10-28 11:17:52 -07:00
$error = trans('admin/users/message.user_not_found', compact('id'));
return redirect()->route('users.index')->with('error', $error);
2016-03-25 01:18:05 -07:00
}
/**
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
* Validate and save edited user data from edit form.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param SaveUserRequest $request
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
* @param int $id
* @return \Illuminate\Http\RedirectResponse
* @throws \Illuminate\Auth\Access\AuthorizationException
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
*/
public function update(SaveUserRequest $request, $id = null)
2016-03-25 01:18:05 -07:00
{
2016-03-25 01:18:05 -07:00
// We need to reverse the UI specific logic for our
// permissions here before we update the user.
$permissions = $request->input('permissions', array());
2016-03-25 01:18:05 -07:00
app('request')->request->set('permissions', $permissions);
// This is a janky hack to prevent people from changing admin demo user data on the public demo.
// The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
// Thanks, jerks. You are why we can't have nice things. - snipe
if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
return redirect()->route('users.index')->with('error', 'Permission denied. You cannot update user information for superadmins on the demo.');
2016-03-25 01:18:05 -07:00
}
try {
$user = User::findOrFail($id);
} catch (ModelNotFoundException $e) {
return redirect()->route('users.index')
->with('error', trans('admin/users/message.user_not_found', compact('id')));
2016-03-25 01:18:05 -07:00
}
$this->authorize('update', $user);
// Figure out of this user was an admin before this edit
$orig_permissions_array = $user->decodePermissions();
$orig_superuser = '0';
if (is_array($orig_permissions_array)) {
if (array_key_exists('superuser', $orig_permissions_array)) {
$orig_superuser = $orig_permissions_array['superuser'];
}
}
// Only save groups if the user is a super user
if (Auth::user()->isSuperUser()) {
$user->groups()->sync($request->input('groups'));
}
// Update the user
if ($request->filled('username')) {
$user->username = $request->input('username');
2016-03-25 01:18:05 -07:00
}
$user->email = $request->input('email');
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
$user->first_name = $request->input('first_name');
$user->last_name = $request->input('last_name');
$user->two_factor_optin = $request->input('two_factor_optin') ?: 0;
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
$user->locale = $request->input('locale');
$user->employee_num = $request->input('employee_num');
$user->activated = $request->input('activated', 0);
2017-10-30 18:57:00 -07:00
$user->jobtitle = $request->input('jobtitle', null);
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
$user->phone = $request->input('phone');
$user->location_id = $request->input('location_id', null);
$user->company_id = Company::getIdForUser($request->input('company_id', null));
$user->manager_id = $request->input('manager_id', null);
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
$user->notes = $request->input('notes');
$user->department_id = $request->input('department_id', null);
2017-10-30 18:57:00 -07:00
$user->address = $request->input('address', null);
$user->city = $request->input('city', null);
$user->state = $request->input('state', null);
$user->country = $request->input('country', null);
2018-07-16 23:48:46 -07:00
$user->activated = $request->input('activated', 0);
2017-10-30 18:57:00 -07:00
$user->zip = $request->input('zip', null);
// Update the location of any assets checked out to this user
Asset::where('assigned_type', User::class)
->where('assigned_to', $user->id)
->update(['location_id' => $request->input('location_id', null)]);
// Do we want to update the user password?
if ($request->filled('password')) {
$user->password = bcrypt($request->input('password'));
}
$permissions_array = $request->input('permission');
// Strip out the superuser permission if the user isn't a superadmin
if (!Auth::user()->isSuperUser()) {
unset($permissions_array['superuser']);
$permissions_array['superuser'] = $orig_superuser;
}
$user->permissions = json_encode($permissions_array);
// Handle uploaded avatar
app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'avatar', 'avatars', 'avatar');
//\Log::debug(print_r($user, true));
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
// Was the user updated?
if ($user->save()) {
// Redirect to the user page
return redirect()->route('users.index')
->with('success', trans('admin/users/message.success.update'));
}
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
return redirect()->back()->withInput()->withErrors($user->getErrors());
}
2016-03-25 01:18:05 -07:00
/**
* Delete a user
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $id
* @return \Illuminate\Http\RedirectResponse
* @throws \Illuminate\Auth\Access\AuthorizationException
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
*/
2016-12-15 20:52:39 -08:00
public function destroy($id = null)
2016-03-25 01:18:05 -07:00
{
try {
// Get user information
$user = User::findOrFail($id);
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
// Authorize takes care of many of our logic checks now.
$this->authorize('delete', User::class);
2016-03-25 01:18:05 -07:00
// Check if we are not trying to delete ourselves
if ($user->id === Auth::id()) {
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
return redirect()->route('users.index')
->with('error', 'We would feel really bad if you deleted yourself, please reconsider.');
2016-03-25 01:18:05 -07:00
}
if (($user->assets()) && (($assetsCount = $user->assets()->count()) > 0)) {
// Redirect to the user management page
return redirect()->route('users.index')
->with('error', 'This user still has ' . $assetsCount . ' assets associated with them.');
}
if (($user->licenses()) && (($licensesCount = $user->licenses()->count())) > 0) {
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
return redirect()->route('users.index')
->with('error', 'This user still has ' . $licensesCount . ' licenses associated with them.');
2016-03-25 01:18:05 -07:00
}
if (($user->accessories()) && (($accessoriesCount = $user->accessories()->count()) > 0)) {
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
return redirect()->route('users.index')
->with('error', 'This user still has ' . $accessoriesCount . ' accessories associated with them.');
2016-03-25 01:18:05 -07:00
}
if (($user->managedLocations()) && (($managedLocationsCount = $user->managedLocations()->count())) > 0) {
2016-04-21 21:01:45 -07:00
// Redirect to the user management page
return redirect()->route('users.index')
->with('error', 'This user still has ' . $managedLocationsCount . ' locations that they manage.');
2016-04-21 21:01:45 -07:00
}
2016-03-25 01:18:05 -07:00
// Delete the user
$user->delete();
// Prepare the success message
// Redirect to the user management page
return redirect()->route('users.index')->with('success', trans('admin/users/message.success.delete'));
} catch (ModelNotFoundException $e) {
2016-03-25 01:18:05 -07:00
// Prepare the error message
// Redirect to the user management page
return redirect()->route('users.index')
->with('error', trans('admin/users/message.user_not_found', compact('id')));
2016-03-25 01:18:05 -07:00
}
}
/**
* Restore a deleted user
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $id
* @return \Illuminate\Http\RedirectResponse
* @throws \Illuminate\Auth\Access\AuthorizationException
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
*/
2016-03-25 01:18:05 -07:00
public function getRestore($id = null)
{
$this->authorize('update', User::class);
// Get user information
2020-05-23 09:19:44 -07:00
if (!User::onlyTrashed()->find($id)) {
2016-12-15 20:52:39 -08:00
return redirect()->route('users.index')->with('error', trans('admin/users/messages.user_not_found'));
2016-06-22 12:27:41 -07:00
}
2016-04-21 21:01:45 -07:00
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
// Restore the user
if (User::withTrashed()->where('id', $id)->restore()) {
return redirect()->route('users.index')->with('success', trans('admin/users/message.success.restored'));
2016-06-22 12:27:41 -07:00
}
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
return redirect()->route('users.index')->with('error', 'User could not be restored.');
2016-03-25 01:18:05 -07:00
}
/**
* Return a view with user detail
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $userId
* @return \Illuminate\Contracts\View\View
* @throws \Illuminate\Auth\Access\AuthorizationException
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
*/
2016-12-15 20:52:39 -08:00
public function show($userId = null)
2016-03-25 01:18:05 -07:00
{
if (!$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($userId)) {
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
// Redirect to the user management page
return redirect()->route('users.index')
->with('error', trans('admin/users/message.user_not_found', ['id' => $userId]));
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
}
2016-03-25 01:18:05 -07:00
$userlog = $user->userlog->load('item');
2016-03-25 01:18:05 -07:00
$this->authorize('view', $user);
return view('users/view', compact('user', 'userlog'))
->with('settings', Setting::getSettings());
2016-03-25 01:18:05 -07:00
}
/**
* Unsuspend a user.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $id
* @return Redirect
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
2016-03-25 01:18:05 -07:00
public function getUnsuspend($id = null)
{
try {
// Get user information
$user = User::findOrFail($id);
$this->authorize('update', $user);
2016-03-25 01:18:05 -07:00
// Check if we are not trying to unsuspend ourselves
if ($user->id === Auth::id()) {
2016-03-25 01:18:05 -07:00
// Prepare the error message
$error = trans('admin/users/message.error.unsuspend');
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
2016-12-15 20:52:39 -08:00
return redirect()->route('users.index')->with('error', $error);
2016-03-25 01:18:05 -07:00
}
// Do we have permission to unsuspend this user?
if ($user->isSuperUser() && !Auth::user()->isSuperUser()) {
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
2016-12-15 20:52:39 -08:00
return redirect()->route('users.index')->with('error', 'Insufficient permissions!');
2016-03-25 01:18:05 -07:00
}
// Redirect to the user management page
return redirect()->route('users.index')->with('success', trans('admin/users/message.success.unsuspend'));
} catch (ModelNotFoundException $e) {
2016-03-25 01:18:05 -07:00
// Redirect to the user management page
return redirect()->route('users.index')
->with('error', trans('admin/users/message.user_not_found', compact('id')));
2016-03-25 01:18:05 -07:00
}
}
/**
* Return a view containing a pre-populated new user form,
* populated with some fields from an existing user.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $id
* @return \Illuminate\Contracts\View\View
* @throws \Illuminate\Auth\Access\AuthorizationException
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
*/
public function getClone(Request $request, $id = null)
2016-03-25 01:18:05 -07:00
{
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
$this->authorize('create', User::class);
2016-03-25 01:18:05 -07:00
// We need to reverse the UI specific logic for our
// permissions here before we update the user.
$permissions = $request->input('permissions', array());
2016-03-25 01:18:05 -07:00
app('request')->request->set('permissions', $permissions);
try {
// Get the user information
$user_to_clone = User::withTrashed()->find($id);
2016-03-25 01:18:05 -07:00
$user = clone $user_to_clone;
$user->first_name = '';
$user->last_name = '';
$user->email = substr($user->email, ($pos = strpos($user->email, '@')) !== false ? $pos : 0);
2017-10-28 11:17:52 -07:00
2016-03-25 01:18:05 -07:00
$user->id = null;
// Get this user groups
$userGroups = $user_to_clone->groups()->pluck('name', 'id');
2016-03-25 01:18:05 -07:00
// Get all the available permissions
$permissions = config('permissions');
$clonedPermissions = $user_to_clone->decodePermissions();
$userPermissions = Helper::selectedPermissionsArray($permissions, $clonedPermissions);
2016-03-25 01:18:05 -07:00
// Show the page
return view('users/edit', compact('permissions', 'userPermissions'))
2016-03-25 01:18:05 -07:00
->with('user', $user)
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
->with('groups', Group::pluck('name', 'id'))
2016-06-22 12:27:41 -07:00
->with('userGroups', $userGroups)
2016-03-25 01:18:05 -07:00
->with('clone_user', $user_to_clone);
} catch (ModelNotFoundException $e) {
2016-03-25 01:18:05 -07:00
// Prepare the error message
// Redirect to the user management page
return redirect()->route('users.index')
->with('error', trans('admin/users/message.user_not_found', compact('id')));
}
2016-03-25 01:18:05 -07:00
}
/**
* Exports users to CSV
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v3.5]
Cleanup controller escaping (#3084) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
* @return StreamedResponse
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function getExportUserCsv()
{
Discussion: Moving to policies for controller based authorization (#3080) * Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
$this->authorize('view', User::class);
\Debugbar::disable();
2016-12-29 14:02:18 -08:00
$response = new StreamedResponse(function () {
// Open output stream
$handle = fopen('php://output', 'w');
User::with('assets', 'accessories', 'consumables', 'department', 'licenses', 'manager', 'groups', 'userloc', 'company')
->orderBy('created_at', 'DESC')
->chunk(500, function ($users) use ($handle) {
$headers=[
// strtolower to prevent Excel from trying to open it as a SYLK file
strtolower(trans('general.id')),
trans('admin/companies/table.title'),
trans('admin/users/table.title'),
trans('admin/users/table.employee_num'),
trans('admin/users/table.name'),
trans('admin/users/table.username'),
trans('admin/users/table.email'),
trans('admin/users/table.manager'),
trans('admin/users/table.location'),
trans('general.department'),
trans('general.assets'),
trans('general.licenses'),
trans('general.accessories'),
trans('general.consumables'),
trans('admin/users/table.groups'),
trans('general.notes'),
trans('admin/users/table.activated'),
trans('general.created_at')
];
fputcsv($handle, $headers);
foreach ($users as $user) {
$user_groups = '';
foreach ($user->groups as $user_group) {
$user_groups .= $user_group->name.', ';
}
// Add a new row with data
$values = [
$user->id,
($user->company) ? $user->company->name : '',
$user->jobtitle,
$user->employee_num,
$user->present()->fullName(),
$user->username,
$user->email,
($user->manager) ? $user->manager->present()->fullName() : '',
($user->userloc) ? $user->userloc->name : '',
($user->department) ? $user->department->name : '',
$user->assets->count(),
$user->licenses->count(),
$user->accessories->count(),
$user->consumables->count(),
$user_groups,
$user->notes,
($user->activated=='1') ? trans('general.yes') : trans('general.no'),
$user->created_at,
];
fputcsv($handle, $values);
}
});
// Close the output stream
fclose($handle);
}, 200, [
'Content-Type' => 'text/csv; charset=UTF-8',
'Content-Disposition' => 'attachment; filename="users-'.date('Y-m-d-his').'.csv"',
]);
return $response;
}
/**
* LDAP form processing.
*
* @author Aladin Alaily
* @since [v1.8]
* @return \Illuminate\Http\RedirectResponse
*/
2017-12-06 11:17:42 -08:00
public function printInventory($id)
{
$this->authorize('view', User::class);
$show_user = User::where('id', $id)->withTrashed()->first();
$assets = Asset::where('assigned_to', $id)->where('assigned_type', User::class)->with('model', 'model.category')->get();
2017-12-06 11:17:42 -08:00
$accessories = $show_user->accessories()->get();
$consumables = $show_user->consumables()->get();
return view('users/print')->with('assets', $assets)
->with('licenses', $show_user->licenses()->get())
->with('accessories', $accessories)
->with('consumables', $consumables)
->with('show_user', $show_user)
->with('settings', Setting::getSettings());
}
/**
* Send individual password reset email
*
* @author A. Gianotto
* @since [v5.0.15]
* @return \Illuminate\Http\RedirectResponse
*/
public function sendPasswordReset($id) {
if (($user = User::find($id)) && ($user->activated == '1') && ($user->email!='') && ($user->ldap_import == '0')) {
$credentials = ['email' => $user->email];
try {
\Password::sendResetLink($credentials, function (Message $message) use ($user) {
$message->subject($this->getEmailSubject());
});
return redirect()->back()->with('success', trans('admin/users/message.password_reset_sent', ['email' => $user->email]));
} catch (\Exception $e) {
return redirect()->back()->with('error', ' Error sending email. :( ');
}
}
return redirect()->back()->with('error', 'User is not activated, is LDAP synced, or does not have an email address ');
}
2016-03-25 01:18:05 -07:00
}