diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 4b3b00e7a2..bc111fb31f 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -14,6 +14,7 @@ use App\Http\Transformers\UsersTransformer; use App\Models\Actionlog; use App\Models\Asset; use App\Models\Company; +use App\Models\CustomField; use App\Models\License; use App\Models\User; use App\Notifications\CurrentInventory; @@ -37,7 +38,7 @@ class UsersController extends Controller { $this->authorize('view', User::class); - $users = User::select([ + $allowed_columns = [ 'users.activated', 'users.created_by', 'users.address', @@ -75,7 +76,12 @@ class UsersController extends Controller 'users.autoassign_licenses', 'users.website', - ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy') + ]; + + foreach (CustomField::where('type', User::class)->get() as $field) { + $allowed_columns[] = $field->db_column_name(); + } + $users = User::select($allowed_columns)->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy',) ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count', 'managesUsers as manages_users_count', 'managedLocations as manages_locations_count'); diff --git a/app/Http/Controllers/CustomFieldsetsController.php b/app/Http/Controllers/CustomFieldsetsController.php index cab5e86f36..ef17b48ebc 100644 --- a/app/Http/Controllers/CustomFieldsetsController.php +++ b/app/Http/Controllers/CustomFieldsetsController.php @@ -39,7 +39,7 @@ class CustomFieldsetsController extends Controller * @throws \Illuminate\Auth\Access\AuthorizationException * @since [v1.8] */ - public function show($id) + public function show( $id) { $cfset = CustomFieldset::with('fields') ->where('id', '=', $id)->orderBy('id', 'ASC')->first(); @@ -47,7 +47,7 @@ class CustomFieldsetsController extends Controller $this->authorize('view', $cfset); if ($cfset) { - $custom_fields_list = ['' => 'Add New Field to Fieldset'] + CustomField::pluck('name', 'id')->toArray(); + $custom_fields_list = ['' => 'Add New Field to Fieldset'] + CustomField::where('type', $cfset->type)->pluck('name', 'id')->toArray(); $maxid = 0; foreach ($cfset->fields as $field) { diff --git a/app/Http/Transformers/UsersTransformer.php b/app/Http/Transformers/UsersTransformer.php index 64752d0445..8009664c14 100644 --- a/app/Http/Transformers/UsersTransformer.php +++ b/app/Http/Transformers/UsersTransformer.php @@ -3,6 +3,7 @@ namespace App\Http\Transformers; use App\Helpers\Helper; +use App\Models\CustomField; use App\Models\User; use Illuminate\Support\Facades\Gate; use Illuminate\Database\Eloquent\Collection; @@ -80,6 +81,52 @@ class UsersTransformer 'deleted_at' => ($user->deleted_at) ? Helper::getFormattedDateObject($user->deleted_at, 'datetime') : null, ]; + // FIXME - this is all copypasta stolen from AssetsTransformer + if (CustomField::where('type',User::class)->count() > 0) { //FIXME - crappy hack + $fields_array = []; + + foreach (CustomField::where('type',User::class)->get() as $field) { + if ($field->isFieldDecryptable($user->{$field->db_column})) { + $decrypted = Helper::gracefulDecrypt($field, $user->{$field->db_column}); + $value = (Gate::allows('assets.view.encrypted_custom_fields')) ? $decrypted : strtoupper(trans('admin/custom_fields/general.encrypted')); + + if ($field->format == 'DATE'){ + if (Gate::allows('assets.view.encrypted_custom_fields')){ + $value = Helper::getFormattedDateObject($value, 'date', false); + } else { + $value = strtoupper(trans('admin/custom_fields/general.encrypted')); + } + } + + $fields_array[$field->name] = [ + 'field' => e($field->db_column), + 'value' => e($value), + 'field_format' => $field->format, + 'element' => $field->element, + ]; + + } else { + $value = $user->{$field->db_column}; + + if (($field->format == 'DATE') && (!is_null($value)) && ($value!='')){ + $value = Helper::getFormattedDateObject($value, 'date', false); + } + + $fields_array[$field->name] = [ + 'field' => e($field->db_column), + 'value' => e($value), + 'field_format' => $field->format, + 'element' => $field->element, + ]; + } + + $array['custom_fields'] = $fields_array; + } + } else { + $array['custom_fields'] = new \stdClass; // HACK to force generation of empty object instead of empty list + } + // FIXME - all stolen from AssetsTransformer + $permissions_array['available_actions'] = [ 'update' => (Gate::allows('update', User::class) && ($user->deleted_at == '')), 'delete' => $user->isDeletable(), diff --git a/app/Models/Asset.php b/app/Models/Asset.php index 6ed8568973..f1b6d27032 100644 --- a/app/Models/Asset.php +++ b/app/Models/Asset.php @@ -216,7 +216,7 @@ class Asset extends Depreciable } $this->attributes['expected_checkin'] = $value; } - + public function getDisplayNameAttribute() { return $this->present()->name(); diff --git a/app/Models/User.php b/app/Models/User.php index 26bf5bb27f..22f7c0639f 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -3,6 +3,7 @@ namespace App\Models; use App\Http\Traits\UniqueUndeletedTrait; +use App\Models\Traits\HasCustomFields; use App\Models\Traits\Searchable; use App\Presenters\Presentable; use Illuminate\Support\Facades\DB; @@ -32,6 +33,7 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo use Notifiable; use Presentable; use Searchable; + use HasCustomFields; protected $hidden = ['password', 'remember_token', 'permissions', 'reset_password_code', 'persist_code']; protected $table = 'users'; @@ -137,6 +139,20 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo 'manager' => ['first_name', 'last_name', 'username'], ]; + public function getFieldsetKey(): object|int|null + { + // TODO/FIXME - that's hardcoded text, but what language should you use?! I don't know. + // also TODO - is this going to beat on the DB too hard? + return CustomFieldset::where('type', User::class)->first()?->id; + } + + public static function getFieldsetUsers(int $fieldset_id): array + { + return [ + 'no_idea_what_id_to_put' => 'No idea what string to put?' // FIXME obvs. + ]; + } + /** * Internally check the user permission for the given section * diff --git a/app/Presenters/AssetPresenter.php b/app/Presenters/AssetPresenter.php index 2b40395405..36acc9b20e 100644 --- a/app/Presenters/AssetPresenter.php +++ b/app/Presenters/AssetPresenter.php @@ -310,7 +310,7 @@ class AssetPresenter extends Presenter } } - $fields = CustomField::whereIn('id',$ids)->get(); + $fields = CustomField::whereIn('id',$ids)->get(); // FIXME: d'oh! this is wrong. We just got fieldsets, above. Now we're getting fields? // Note: We do not need to e() escape the field names here, as they are already escaped when // they are presented in the blade view. If we escape them here, custom fields with quotes in their // name can break the listings page. - snipe diff --git a/app/Presenters/UserPresenter.php b/app/Presenters/UserPresenter.php index a5b99adb14..9d7a655f4f 100644 --- a/app/Presenters/UserPresenter.php +++ b/app/Presenters/UserPresenter.php @@ -3,7 +3,12 @@ namespace App\Presenters; use App\Helpers\Helper; +use App\Models\Asset; +use App\Models\CustomField; +use App\Models\CustomFieldset; use App\Models\Setting; +use App\Models\User; +use Illuminate\Database\Eloquent\Builder; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Gate; use Illuminate\Support\Facades\Storage; @@ -386,6 +391,41 @@ class UserPresenter extends Presenter ], ]; + // TODO - FIXME - this is all copy-pasta'ed from the AssetPresenter! + //only get fieldsets that have fields + $fieldsets = CustomFieldset::where("type", User::class)->whereHas('fields')->get(); + $ids = []; + foreach($fieldsets as $fieldset) { + if (count($fieldset->customizables()) > 0) { //only get fieldsets that are 'in use' + \Log::debug("Found a fieldset! It's: ".$fieldset->id); + $ids[] = $fieldset->id; + } else { + \Log::debug("Didn't find fieldset: ".$fieldset->id); + } + } + + $fields = CustomField::whereHas('fieldset', function (Builder $query) use($ids) { + $query->whereIn('custom_fieldsets.id', $ids); + })->get(); + // Note: We do not need to e() escape the field names here, as they are already escaped when + // they are presented in the blade view. If we escape them here, custom fields with quotes in their + // name can break the listings page. - snipe + foreach ($fields as $field) { + \Log::debug("iterating through fields!"); + $layout[] = [ + 'field' => 'custom_fields.'.$field->db_column, + 'searchable' => true, + 'sortable' => true, + 'switchable' => true, + 'title' => $field->name, + 'formatter'=> 'customFieldsFormatter', + 'escape' => true, + 'class' => ($field->field_encrypted == '1') ? 'css-padlock' : '', + 'visible' => ($field->show_in_listview == '1') ? true : false, + ]; + } + // FIXME - end copy-pasta from AssetPresenter! + return json_encode($layout); } diff --git a/resources/views/users/view.blade.php b/resources/views/users/view.blade.php index 00bfc84df8..f8752dfe04 100755 --- a/resources/views/users/view.blade.php +++ b/resources/views/users/view.blade.php @@ -677,7 +677,59 @@ @endif - + {{-- FIXME - copypasta from hardware/view.blade.php! --}} + @if (($user->getFieldsetKey()) && (App\Models\CustomFieldset::find($user->getFieldsetKey()))) + @foreach(App\Models\CustomFieldset::find($user->getFieldsetKey())->fields as $field) +
+
+ + {{ $field->name }} + +
+
+ @if ($field->field_encrypted=='1') + + @endif + + @if ($field->isFieldDecryptable($user->{$field->db_column_name()} )) + @can('assets.view.encrypted_custom_fields') + @if (($field->format=='URL') && ($user->{$field->db_column_name()}!='')) + {{ Helper::gracefulDecrypt($field, $user->{$field->db_column_name()}) }} + @elseif (($field->format=='DATE') && ($user->{$field->db_column_name()}!='')) + {{ \App\Helpers\Helper::gracefulDecrypt($field, \App\Helpers\Helper::getFormattedDateObject($user->{$field->db_column_name()}, 'date', false)) }} + @else + {{ Helper::gracefulDecrypt($field, $user->{$field->db_column_name()}) }} + @endif + @else + {{ strtoupper(trans('admin/custom_fields/general.encrypted')) }} + @endcan + + @else + @if (($field->format=='BOOLEAN') && ($user->{$field->db_column_name()}!='')) + {!! ($user->{$field->db_column_name()} == 1) ? "" : "" !!} + @elseif (($field->format=='URL') && ($user->{$field->db_column_name()}!='')) + {{ $user->{$field->db_column_name()} }} + @elseif (($field->format=='DATE') && ($user->{$field->db_column_name()}!='')) + {{ \App\Helpers\Helper::getFormattedDateObject($user->{$field->db_column_name()}, 'date', false) }} + @else + {!! nl2br(e($user->{$field->db_column_name()})) !!} + @endif + + @endif + + @if ($user->{$field->db_column_name()}=='') +   + @endif +
+
+ @endforeach + @endif + {{-- FIXME copypasta from hardware/view.blade.php --}} + +