diff --git a/app/Http/Controllers/Api/ConsumablesController.php b/app/Http/Controllers/Api/ConsumablesController.php index ebc27c608f..fc6620df48 100644 --- a/app/Http/Controllers/Api/ConsumablesController.php +++ b/app/Http/Controllers/Api/ConsumablesController.php @@ -228,6 +228,7 @@ class ConsumablesController extends Controller foreach ($consumable->consumableAssignments as $consumable_assignment) { $rows[] = [ + 'avatar' => ($consumable_assignment->user) ? e($consumable_assignment->user->present()->gravatar) : '', 'name' => ($consumable_assignment->user) ? $consumable_assignment->user->present()->nameUrl() : 'Deleted User', 'created_at' => Helper::getFormattedDateObject($consumable_assignment->created_at, 'datetime'), 'note' => ($consumable_assignment->note) ? e($consumable_assignment->note) : null, diff --git a/app/Http/Controllers/Consumables/ConsumablesFilesController.php b/app/Http/Controllers/Consumables/ConsumablesFilesController.php new file mode 100644 index 0000000000..4dbed60491 --- /dev/null +++ b/app/Http/Controllers/Consumables/ConsumablesFilesController.php @@ -0,0 +1,176 @@ +] + * @since [v1.0] + * @param AssetFileRequest $request + * @param int $consumableId + * @return \Illuminate\Http\RedirectResponse + * @throws \Illuminate\Auth\Access\AuthorizationException + */ + public function store(AssetFileRequest $request, $consumableId = null) + { + $consumable = Consumable::find($consumableId); + + if (isset($consumable->id)) { + $this->authorize('update', $consumable); + + if ($request->hasFile('file')) { + if (! Storage::exists('private_uploads/consumables')) { + Storage::makeDirectory('private_uploads/consumables', 775); + } + + foreach ($request->file('file') as $file) { + + $extension = $file->getClientOriginalExtension(); + $file_name = 'consumable-'.$consumable->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension; + + + // Check for SVG and sanitize it + if ($extension == 'svg') { + \Log::debug('This is an SVG'); + \Log::debug($file_name); + + $sanitizer = new Sanitizer(); + $dirtySVG = file_get_contents($file->getRealPath()); + $cleanSVG = $sanitizer->sanitize($dirtySVG); + + try { + Storage::put('private_uploads/consumables/'.$file_name, $cleanSVG); + } catch (\Exception $e) { + \Log::debug('Upload no workie :( '); + \Log::debug($e); + } + + } else { + Storage::put('private_uploads/consumables/'.$file_name, file_get_contents($file)); + } + + //Log the upload to the log + $consumable->logUpload($file_name, e($request->input('notes'))); + } + + + return redirect()->route('consumables.show', $consumable->id)->with('success', trans('admin/consumables/message.upload.success')); + + } + + return redirect()->route('consumables.show', $consumable->id)->with('error', trans('admin/consumables/message.upload.nofiles')); + } + // Prepare the error message + return redirect()->route('consumables.index') + ->with('error', trans('admin/consumables/message.does_not_exist')); + } + + /** + * Deletes the selected consumable file. + * + * @author [A. Gianotto] [] + * @since [v1.0] + * @param int $consumableId + * @param int $fileId + * @return \Illuminate\Http\RedirectResponse + * @throws \Illuminate\Auth\Access\AuthorizationException + */ + public function destroy($consumableId = null, $fileId = null) + { + $consumable = Consumable::find($consumableId); + + // the asset is valid + if (isset($consumable->id)) { + $this->authorize('update', $consumable); + $log = Actionlog::find($fileId); + + // Remove the file if one exists + if (Storage::exists('consumables/'.$log->filename)) { + try { + Storage::delete('consumables/'.$log->filename); + } catch (\Exception $e) { + \Log::debug($e); + } + } + + $log->delete(); + + return redirect()->back() + ->with('success', trans('admin/hardware/message.deletefile.success')); + } + + // Redirect to the licence management page + return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist')); + } + + /** + * Allows the selected file to be viewed. + * + * @author [A. Gianotto] [] + * @since [v1.4] + * @param int $consumableId + * @param int $fileId + * @return \Symfony\Consumable\HttpFoundation\Response + * @throws \Illuminate\Auth\Access\AuthorizationException + */ + public function show($consumableId = null, $fileId = null, $download = true) + { + $consumable = Consumable::find($consumableId); + + // the consumable is valid + if (isset($consumable->id)) { + $this->authorize('view', $consumable); + $this->authorize('consumables.files', $consumable); + + if (! $log = Actionlog::find($fileId)) { + return response('No matching record for that asset/file', 500) + ->header('Content-Type', 'text/plain'); + } + + $file = 'private_uploads/consumables/'.$log->filename; + + if (Storage::missing($file)) { + \Log::debug('FILE DOES NOT EXISTS for '.$file); + \Log::debug('URL should be '.Storage::url($file)); + + return response('File '.$file.' ('.Storage::url($file).') not found on server', 404) + ->header('Content-Type', 'text/plain'); + } else { + + // We have to override the URL stuff here, since local defaults in Laravel's Flysystem + // won't work, as they're not accessible via the web + if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer? + return StorageHelper::downloader($file); + } else { + if ($download != 'true') { + \Log::debug('display the file'); + if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones + return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file))); + } + + return JsonResponse::create(['error' => 'Failed validation: '], 500); + } + + return StorageHelper::downloader($file); + + } + } + } + + return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist', ['id' => $fileId])); + } +} diff --git a/app/Models/Consumable.php b/app/Models/Consumable.php index ac4b8fd9d4..c04c9b53d5 100644 --- a/app/Models/Consumable.php +++ b/app/Models/Consumable.php @@ -96,6 +96,24 @@ class Consumable extends SnipeModel 'manufacturer' => ['name'], ]; + + /** + * Establishes the components -> action logs -> uploads relationship + * + * @author A. Gianotto + * @since [v6.1.13] + * @return \Illuminate\Database\Eloquent\Relations\Relation + */ + public function uploads() + { + return $this->hasMany(\App\Models\Actionlog::class, 'item_id') + ->where('item_type', '=', self::class) + ->where('action_type', '=', 'uploaded') + ->whereNotNull('filename') + ->orderBy('created_at', 'desc'); + } + + /** * Sets the attribute of whether or not the consumable is requestable * diff --git a/config/permissions.php b/config/permissions.php index 2af54d615a..64310ac050 100644 --- a/config/permissions.php +++ b/config/permissions.php @@ -178,6 +178,12 @@ return [ 'note' => '', 'display' => true, ], + [ + 'permission' => 'consumables.files', + 'label' => 'View and Modify Consumable Files', + 'note' => '', + 'display' => true, + ], ], diff --git a/resources/views/consumables/view.blade.php b/resources/views/consumables/view.blade.php index c406264a77..406d3b4bd1 100644 --- a/resources/views/consumables/view.blade.php +++ b/resources/views/consumables/view.blade.php @@ -18,57 +18,182 @@
-
- @if ($consumable->id) -
-
-

{{ $consumable->name }}

-
-
- @endif -
-
-
-
+ +
+
+
+ + + @can('consumables.files', $consumable) +
+ +
+ + + + + + + + + + + + + + @if ($consumable->uploads->count() > 0) + @foreach ($consumable->uploads as $file) + + + + + + + + + + + + @endforeach + @else + + + + @endif +
{{trans('general.file_type')}}{{ trans('general.image') }}{{ trans('general.file_name') }}{{ trans('general.filesize') }}{{ trans('general.notes') }}{{ trans('general.download') }}{{ trans('general.created_at') }}{{ trans('table.actions') }}
+ + {{ Helper::filetype_icon($file->filename) }} + + + @if ($file->filename) + @if ( Helper::checkUploadIsImage($file->get_src('consumables'))) + + @endif + @endif + + {{ $file->filename }} + + {{ @Helper::formatFilesizeUnits(Storage::exists('private_uploads/consumables/'.$file->filename) ? Storage::size('private_uploads/consumables/'.$file->filename) : '') }} + + @if ($file->note) + {{ $file->note }} + @endif + + @if ($file->filename) + + + {{ trans('general.download') }} + + @endif + {{ $file->created_at }} + + + {{ trans('general.delete') }} + +
{{ trans('general.no_results') }}
-
+
+ @endcan -
-
-
-
+
+
+ + +
@@ -161,6 +286,11 @@
+ + +@can('update', \App\Models\Consumable::class) + @include ('modals.upload-file', ['item_type' => 'consumable', 'item_id' => $consumable->id]) +@endcan @stop @section('moar_scripts') diff --git a/resources/views/partials/bootstrap-table.blade.php b/resources/views/partials/bootstrap-table.blade.php index 57ac6a4d7e..ef29f8370d 100644 --- a/resources/views/partials/bootstrap-table.blade.php +++ b/resources/views/partials/bootstrap-table.blade.php @@ -632,10 +632,14 @@ if (value) { - if (row.name) { + // This is a clunky override to handle unusual API responses where we're presenting a link instead of an array + if (row.avatar) { + var altName = ''; + } + else if (row.name) { var altName = row.name; } - else if ((row) && (row.model)) { + else if ((row) && (row.model)) { var altName = row.model.name; } return '' + altName + ''; diff --git a/routes/web/consumables.php b/routes/web/consumables.php index 9f930a968c..4e2472d30c 100644 --- a/routes/web/consumables.php +++ b/routes/web/consumables.php @@ -16,6 +16,21 @@ Route::group(['prefix' => 'consumables', 'middleware' => ['auth']], function () [Consumables\ConsumableCheckoutController::class, 'store'] )->name('consumables.checkout.store'); + Route::post( + '{consumableId}/upload', + [Consumables\ConsumablesFilesController::class, 'store'] + )->name('upload/consumable'); + + Route::delete( + '{consumableId}/deletefile/{fileId}', + [Consumables\ConsumablesFilesController::class, 'destroy'] + )->name('delete/consumablefile'); + + Route::get( + '{consumableId}/showfile/{fileId}/{download?}', + [Consumables\ConsumablesFilesController::class, 'show'] + )->name('show.consumablefile'); + }); diff --git a/storage/private_uploads/consumables/.gitignore b/storage/private_uploads/consumables/.gitignore new file mode 100755 index 0000000000..c96a04f008 --- /dev/null +++ b/storage/private_uploads/consumables/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore \ No newline at end of file