snipe-it/app/Http/Controllers/DepartmentsController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Models\Department;
use App\Helpers\Helper;
use Auth;
use Image;
use App\Http\Requests\ImageUploadRequest;

class DepartmentsController extends Controller
{
    public function __construct()
    {
        $this->middleware('auth');
        parent::__construct();
    }

    /**
     * Returns a view that invokes the ajax tables which actually contains
     * the content for the assets listing, which is generated in getDatatable.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @see AssetController::getDatatable() method that generates the JSON response
     * @since [v4.0]
     * @return View
     */
    public function index(Request $request)
    {
        $this->authorize('index', Department::class);
        $company = null;
        if ($request->filled('company_id')) {
            $company = Company::find($request->input('company_id'));
        }
        return view('departments/index')->with('company', $company);
    }


    /**
     * Store a newly created resource in storage.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(ImageUploadRequest $request)
    {
        $this->authorize('create', Department::class);
        $department = new Department;
        $department->fill($request->all());
        $department->user_id = Auth::user()->id;
        $department->manager_id = ($request->filled('manager_id' ) ? $request->input('manager_id') : null);

        $department = $request->handleImages($department,600, public_path().'/uploads/departments');

        if ($department->save()) {
            return redirect()->route("departments.index")->with('success', trans('admin/departments/message.create.success'));
        }
        return redirect()->back()->withInput()->withErrors($department->getErrors());
    }

    /**
     * Returns a view that invokes the ajax tables which actually contains
     * the content for the department detail page.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param int $id
     * @since [v4.0]
     * @return \Illuminate\Contracts\View\View
     */
    public function show($id)
    {
        $department = Department::find($id);

        $this->authorize('view', $department);

        if (isset($department->id)) {
            return view('departments/view', compact('department'));
        }
        return redirect()->route('departments.index')->with('error', trans('admin/departments/message.does_not_exist', compact('id')));
    }


    /**
     * Returns a form view used to create a new department.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @see DepartmentsController::postCreate() method that validates and stores the data
     * @since [v4.0]
     * @return \Illuminate\Contracts\View\View
     */
    public function create()
    {
        $this->authorize('create', Department::class);

        return view('departments/edit')->with('item', new Department);
    }


    /**
     * Validates and deletes selected department.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param int $locationId
     * @since [v4.0]
     * @return \Illuminate\Http\RedirectResponse
     */
    public function destroy($id)
    {
        if (is_null($department = Department::find($id))) {
            return redirect()->to(route('departments.index'))->with('error', trans('admin/departments/message.not_found'));
        }

        $this->authorize('delete', $department);

        if ($department->users->count() > 0) {
            return redirect()->to(route('departments.index'))->with('error', trans('admin/departments/message.assoc_users'));
        }

        $department->delete();
        return redirect()->back()->with('success', trans('admin/departments/message.delete.success'));

    }

    /**
     * Makes a form view to edit location information.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @see LocationsController::postCreate() method that validates and stores
     * @param int $locationId
     * @since [v1.0]
     * @return \Illuminate\Contracts\View\View
     */
    public function edit($id = null)
    {
        if (is_null($item = Department::find($id))) {
            return redirect()->back()->with('error', trans('admin/locations/message.does_not_exist'));
        }

        $this->authorize('update', $item);

        return view('departments/edit', compact('item'));
    }

    public function update(ImageUploadRequest $request, $id) {

        if (is_null($department = Department::find($id))) {
            return redirect()->route('departments.index')->with('error', trans('admin/departments/message.does_not_exist'));
        }

        $this->authorize('update', $department);

        $department->fill($request->all());
        $department->manager_id = ($request->filled('manager_id' ) ? $request->input('manager_id') : null);

        $department = $request->handleImages($department,600, public_path().'/uploads/departments');

        if ($department->save()) {
            return redirect()->route("departments.index")->with('success', trans('admin/departments/message.update.success'));
        }
        return redirect()->back()->withInput()->withErrors($department->getErrors());
    }
}
Department controllers and transformer 2017-05-22 21:32:33 -07:00			`<?php`

			`namespace App\Http\Controllers;`

			`use Illuminate\Http\Request;`
			`use App\Models\Department;`
Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00			`use App\Helpers\Helper;`
			`use Auth;`
Features/image uploads (#4320) * Locations API support for image * Added manufacturers API support for image * Added manufacturers API support for image * Added image support for locations add/update * Added manufacturer image upload support to controller * General image string * Added blade support for image uploads/delete image * Added $request support (from Input::) * Added image support in API transformers * Added image to Manufacturers presenter for data table * Migration to create image fields * Ignore the contents of the new image directories * Create new image upload directories * Created components/consumables uploads directory * Fixed missing textSearch scope from companies * Added ignore for companies uploads directory * Added blade support for image upload * Fixed path to upload directory on edit * Added company image upport to transformers, controllers * Added image support for categories * Added support for images in Departments * Added support for image in Consumables * Added image support for components 2017-10-25 22:35:58 -07:00			`use Image;`
			`use App\Http\Requests\ImageUploadRequest;`
Department controllers and transformer 2017-05-22 21:32:33 -07:00
			`class DepartmentsController extends Controller`
			`{`
			`public function __construct()`
			`{`
			`$this->middleware('auth');`
			`parent::__construct();`
			`}`

			`/**`
			`* Returns a view that invokes the ajax tables which actually contains`
			`* the content for the assets listing, which is generated in getDatatable.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @see AssetController::getDatatable() method that generates the JSON response`
Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00			`* @since [v4.0]`
Department controllers and transformer 2017-05-22 21:32:33 -07:00			`* @return View`
			`*/`
			`public function index(Request $request)`
			`{`
			`$this->authorize('index', Department::class);`
Fix more old routes. Should fix #4216 (#4217) 2017-10-15 23:32:40 -07:00			`$company = null;`
Change ->has() to ->filled() 2019-05-23 17:39:50 -07:00			`if ($request->filled('company_id')) {`
Department controllers and transformer 2017-05-22 21:32:33 -07:00			`$company = Company::find($request->input('company_id'));`
			`}`
Fix more old routes. Should fix #4216 (#4217) 2017-10-15 23:32:40 -07:00			`return view('departments/index')->with('company', $company);`
Department controllers and transformer 2017-05-22 21:32:33 -07:00			`}`


			`/**`
			`* Store a newly created resource in storage.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @since [v4.0]`
			`* @param \Illuminate\Http\Request $request`
			`* @return \Illuminate\Http\Response`
			`*/`
Features/image uploads (#4320) * Locations API support for image * Added manufacturers API support for image * Added manufacturers API support for image * Added image support for locations add/update * Added manufacturer image upload support to controller * General image string * Added blade support for image uploads/delete image * Added $request support (from Input::) * Added image support in API transformers * Added image to Manufacturers presenter for data table * Migration to create image fields * Ignore the contents of the new image directories * Create new image upload directories * Created components/consumables uploads directory * Fixed missing textSearch scope from companies * Added ignore for companies uploads directory * Added blade support for image upload * Fixed path to upload directory on edit * Added company image upport to transformers, controllers * Added image support for categories * Added support for images in Departments * Added support for image in Consumables * Added image support for components 2017-10-25 22:35:58 -07:00			`public function store(ImageUploadRequest $request)`
Department controllers and transformer 2017-05-22 21:32:33 -07:00			`{`
			`$this->authorize('create', Department::class);`
			`$department = new Department;`
			`$department->fill($request->all());`
Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00			`$department->user_id = Auth::user()->id;`
Change ->has() to ->filled() 2019-05-23 17:39:50 -07:00			`$department->manager_id = ($request->filled('manager_id' ) ? $request->input('manager_id') : null);`
Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00
Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) * Added enshrined/svg-sanitize * Added modular image resizing/SVG cleaning method (This already exists in v5, so I mostly ported it forward and added the SVG sanitizer.) * Use improved handleImages method to upload/resize/clean images * Removed $old_image This is handled in the ImageUpload request now 2019-12-05 22:23:05 -08:00			`$department = $request->handleImages($department,600, public_path().'/uploads/departments');`
Features/image uploads (#4320) * Locations API support for image * Added manufacturers API support for image * Added manufacturers API support for image * Added image support for locations add/update * Added manufacturer image upload support to controller * General image string * Added blade support for image uploads/delete image * Added $request support (from Input::) * Added image support in API transformers * Added image to Manufacturers presenter for data table * Migration to create image fields * Ignore the contents of the new image directories * Create new image upload directories * Created components/consumables uploads directory * Fixed missing textSearch scope from companies * Added ignore for companies uploads directory * Added blade support for image upload * Fixed path to upload directory on edit * Added company image upport to transformers, controllers * Added image support for categories * Added support for images in Departments * Added support for image in Consumables * Added image support for components 2017-10-25 22:35:58 -07:00
Department controllers and transformer 2017-05-22 21:32:33 -07:00			`if ($department->save()) {`
Additional methods for Department web UI 2017-05-23 01:09:13 -07:00			`return redirect()->route("departments.index")->with('success', trans('admin/departments/message.create.success'));`
Department controllers and transformer 2017-05-22 21:32:33 -07:00			`}`
Additional methods for Department web UI 2017-05-23 01:09:13 -07:00			`return redirect()->back()->withInput()->withErrors($department->getErrors());`
Department controllers and transformer 2017-05-22 21:32:33 -07:00			`}`
Additional methods for Department web UI 2017-05-23 01:09:13 -07:00
			`/**`
			`* Returns a view that invokes the ajax tables which actually contains`
			`* the content for the department detail page.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @param int $id`
			`* @since [v4.0]`
			`* @return \Illuminate\Contracts\View\View`
			`*/`
			`public function show($id)`
			`{`
			`$department = Department::find($id);`

Fixing authorization issues (#5807) * adds permission checks for companies * adds permission checks for depreciations * adds permission check for all reports * fixes permissions for departments * fixes permission naming (edit -> update) * fixes authorization checking wrong permission in API The authorization was checking for the non-existent „edit“ method where it should have checked for the „update“ method. * adds authorization checks for select2 lists * adds missing authorization checks for api * fixes user authorization check for creating users * adds additional check viewing assets on showing a users assets * Removes authorization checks for select2 lists Reference: https://github.com/snipe/snipe-it/pull/5807#pullrequestreview-136018755 2018-07-12 18:28:02 -07:00			`$this->authorize('view', $department);`

Additional methods for Department web UI 2017-05-23 01:09:13 -07:00			`if (isset($department->id)) {`
			`return view('departments/view', compact('department'));`
			`}`
			`return redirect()->route('departments.index')->with('error', trans('admin/departments/message.does_not_exist', compact('id')));`
			`}`
Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00

			`/**`
			`* Returns a form view used to create a new department.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @see DepartmentsController::postCreate() method that validates and stores the data`
			`* @since [v4.0]`
			`* @return \Illuminate\Contracts\View\View`
			`*/`
			`public function create()`
			`{`
Fixing authorization issues (#5807) * adds permission checks for companies * adds permission checks for depreciations * adds permission check for all reports * fixes permissions for departments * fixes permission naming (edit -> update) * fixes authorization checking wrong permission in API The authorization was checking for the non-existent „edit“ method where it should have checked for the „update“ method. * adds authorization checks for select2 lists * adds missing authorization checks for api * fixes user authorization check for creating users * adds additional check viewing assets on showing a users assets * Removes authorization checks for select2 lists Reference: https://github.com/snipe/snipe-it/pull/5807#pullrequestreview-136018755 2018-07-12 18:28:02 -07:00			`$this->authorize('create', Department::class);`

More ajax menu fixes 2017-10-28 11:17:52 -07:00			`return view('departments/edit')->with('item', new Department);`
Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00			`}`


			`/**`
			`* Validates and deletes selected department.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @param int $locationId`
			`* @since [v4.0]`
			`* @return \Illuminate\Http\RedirectResponse`
			`*/`
			`public function destroy($id)`
			`{`
			`if (is_null($department = Department::find($id))) {`
			`return redirect()->to(route('departments.index'))->with('error', trans('admin/departments/message.not_found'));`
			`}`

Fixing authorization issues (#5807) * adds permission checks for companies * adds permission checks for depreciations * adds permission check for all reports * fixes permissions for departments * fixes permission naming (edit -> update) * fixes authorization checking wrong permission in API The authorization was checking for the non-existent „edit“ method where it should have checked for the „update“ method. * adds authorization checks for select2 lists * adds missing authorization checks for api * fixes user authorization check for creating users * adds additional check viewing assets on showing a users assets * Removes authorization checks for select2 lists Reference: https://github.com/snipe/snipe-it/pull/5807#pullrequestreview-136018755 2018-07-12 18:28:02 -07:00			`$this->authorize('delete', $department);`

Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00			`if ($department->users->count() > 0) {`
			`return redirect()->to(route('departments.index'))->with('error', trans('admin/departments/message.assoc_users'));`
			`}`

			`$department->delete();`
			`return redirect()->back()->with('success', trans('admin/departments/message.delete.success'));`

			`}`

			`/**`
			`* Makes a form view to edit location information.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @see LocationsController::postCreate() method that validates and stores`
			`* @param int $locationId`
			`* @since [v1.0]`
			`* @return \Illuminate\Contracts\View\View`
			`*/`
			`public function edit($id = null)`
			`{`
			`if (is_null($item = Department::find($id))) {`
			`return redirect()->back()->with('error', trans('admin/locations/message.does_not_exist'));`
			`}`
Fixing authorization issues (#5807) * adds permission checks for companies * adds permission checks for depreciations * adds permission check for all reports * fixes permissions for departments * fixes permission naming (edit -> update) * fixes authorization checking wrong permission in API The authorization was checking for the non-existent „edit“ method where it should have checked for the „update“ method. * adds authorization checks for select2 lists * adds missing authorization checks for api * fixes user authorization check for creating users * adds additional check viewing assets on showing a users assets * Removes authorization checks for select2 lists Reference: https://github.com/snipe/snipe-it/pull/5807#pullrequestreview-136018755 2018-07-12 18:28:02 -07:00
			`$this->authorize('update', $item);`

More ajax menu fixes 2017-10-28 11:17:52 -07:00			`return view('departments/edit', compact('item'));`
Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00			`}`
Fix more old routes. Should fix #4216 (#4217) 2017-10-15 23:32:40 -07:00
Use ImageUploadRequest 2017-12-06 14:38:01 -08:00			`public function update(ImageUploadRequest $request, $id) {`
Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00
			`if (is_null($department = Department::find($id))) {`
Fix more old routes. Should fix #4216 (#4217) 2017-10-15 23:32:40 -07:00			`return redirect()->route('departments.index')->with('error', trans('admin/departments/message.does_not_exist'));`
Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00			`}`

Fixing authorization issues (#5807) * adds permission checks for companies * adds permission checks for depreciations * adds permission check for all reports * fixes permissions for departments * fixes permission naming (edit -> update) * fixes authorization checking wrong permission in API The authorization was checking for the non-existent „edit“ method where it should have checked for the „update“ method. * adds authorization checks for select2 lists * adds missing authorization checks for api * fixes user authorization check for creating users * adds additional check viewing assets on showing a users assets * Removes authorization checks for select2 lists Reference: https://github.com/snipe/snipe-it/pull/5807#pullrequestreview-136018755 2018-07-12 18:28:02 -07:00			`$this->authorize('update', $department);`

Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00			`$department->fill($request->all());`
Change ->has() to ->filled() 2019-05-23 17:39:50 -07:00			`$department->manager_id = ($request->filled('manager_id' ) ? $request->input('manager_id') : null);`
Fixed handling deleting old images better 2017-11-07 11:28:13 -08:00
Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) * Added enshrined/svg-sanitize * Added modular image resizing/SVG cleaning method (This already exists in v5, so I mostly ported it forward and added the SVG sanitizer.) * Use improved handleImages method to upload/resize/clean images * Removed $old_image This is handled in the ImageUpload request now 2019-12-05 22:23:05 -08:00			`$department = $request->handleImages($department,600, public_path().'/uploads/departments');`
Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00
			`if ($department->save()) {`
			`return redirect()->route("departments.index")->with('success', trans('admin/departments/message.update.success'));`
			`}`
			`return redirect()->back()->withInput()->withErrors($department->getErrors());`
			`}`
Department controllers and transformer 2017-05-22 21:32:33 -07:00			`}`