Merge remote-tracking branch 'origin/develop'

2024-11-11 16:14:18 -08:00 · 2023-08-30 15:05:46 +01:00 · 2023-08-30 15:05:46 +01:00 · 319cb2305d
parent 0f43388a2b b109ee281a
commit 319cb2305d
5 changed files with 84 additions and 7 deletions
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@ -75,7 +75,6 @@ class UsersController extends Controller

        ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy',)
            ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count');
-        $users = Company::scopeCompanyables($users);


        if ($request->filled('activated')) {
@ -271,6 +270,8 @@ class UsersController extends Controller
        } elseif (($request->filled('all')) && ($request->input('all') == 'true')) {
            $users = $users->withTrashed();
        }
+
+        $users = Company::scopeCompanyables($users);
        
        $total = $users->count();
        $users = $users->skip($offset)->take($limit)->get();
--- a/app/Http/Controllers/AssetModelsController.php
+++ b/app/Http/Controllers/AssetModelsController.php
@ -286,6 +286,7 @@ class AssetModelsController extends Controller
        return view('models/edit')
            ->with('depreciation_list', Helper::depreciationList())
            ->with('item', $model)
+            ->with('model_id', $model_to_clone->id)
            ->with('clone_model', $model_to_clone);
    }

--- a/resources/views/models/edit.blade.php
+++ b/resources/views/models/edit.blade.php
@ -34,7 +34,8 @@
 </div>

 <!-- Custom Fieldset -->
-@livewire('custom-field-set-default-values-for-model',["model_id" => $item->id])
+<!-- If $item->id is null we are cloning the model and we need the $model_id variable -->
+@livewire('custom-field-set-default-values-for-model',["model_id" => ($item->id) ? $item->id : $model_id])

@include ('partials.forms.edit.notes')
@include ('partials.forms.edit.requestable', ['requestable_text' => trans('admin/models/general.requestable')])
--- a/resources/views/settings/ldap.blade.php
+++ b/resources/views/settings/ldap.blade.php
@ -18,6 +18,15 @@
        .checkbox label {
            padding-right: 40px;
        }
+
+        /*
+           Don't make the password field *look* readonly - this is for usability, so admins don't think they can't edit this field.
+         */
+        .form-control[readonly] {
+            background-color: white;
+            color: #555555;
+            cursor:text;
+        }
    </style>

    @if ((!function_exists('ldap_connect')) || (!function_exists('ldap_set_option')) || (!function_exists('ldap_bind')))
@ -34,10 +43,12 @@
    @endif


-    {{ Form::open(['method' => 'POST', 'files' => false, 'autocomplete' => 'false', 'class' => 'form-horizontal', 'role' => 'form']) }}
+    {{ Form::open(['method' => 'POST', 'files' => false, 'autocomplete' => 'off', 'class' => 'form-horizontal', 'role' => 'form']) }}
    <!-- CSRF Token -->
    {{csrf_field()}}

+    <input type="hidden" name="username" value="{{ Request::old('username', $user->username) }}">
+
    <!-- this is a hack to prevent Chrome from trying to autocomplete fields -->
    <input type="text" name="prevent_autofill" id="prevent_autofill" value="" style="display:none;" />
    <input type="password" name="password_fake" id="password_fake" value="" style="display:none;" />
@ -54,7 +65,6 @@
                </div>
                <div class="box-body">

-
                    <div class="col-md-11 col-md-offset-1">

                        <!-- Enable LDAP -->
@ -230,7 +240,7 @@
                                {{ Form::label('ldap_uname', trans('admin/settings/general.ldap_uname')) }}
                            </div>
                            <div class="col-md-8">
-                                {{ Form::text('ldap_uname', Request::old('ldap_uname', $setting->ldap_uname), ['class' => 'form-control','placeholder' => trans('general.example') .'binduser@example.com', $setting->demoMode]) }}
+                                {{ Form::text('ldap_uname', Request::old('ldap_uname', $setting->ldap_uname), ['class' => 'form-control','autocomplete' => 'off', 'placeholder' => trans('general.example') .'binduser@example.com', $setting->demoMode]) }}
                                {!! $errors->first('ldap_uname', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
                                @if (config('app.lock_passwords')===true)
                                    <p class="text-warning"><i class="fas fa-lock" aria-hidden="true"></i> {{ trans('general.feature_disabled') }}</p>
@ -244,7 +254,7 @@
                                {{ Form::label('ldap_pword', trans('admin/settings/general.ldap_pword')) }}
                            </div>
                            <div class="col-md-8">
-                                {{ Form::password('ldap_pword', ['class' => 'form-control','placeholder' => trans('general.example') .' binduserpassword', $setting->demoMode]) }}
+                                {{ Form::password('ldap_pword', ['class' => 'form-control', 'autocomplete' => 'off', 'onfocus' => "this.removeAttribute('readonly');", $setting->demoMode, ' readonly']) }}
                                {!! $errors->first('ldap_pword', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
                                @if (config('app.lock_passwords')===true)
                                    <p class="text-warning"><i class="fas fa-lock" aria-hidden="true"></i> {{ trans('general.feature_disabled') }}</p>
@ -538,7 +548,7 @@
                                        <input type="text" name="ldaptest_user" id="ldaptest_user"  class="form-control" placeholder="LDAP username">
                                    </div>
                                    <div class="col-md-4">
-                                    <input type="password" name="ldaptest_password" id="ldaptest_password" class="form-control" placeholder="LDAP password">
+                                    <input type="password" name="ldaptest_password" id="ldaptest_password" class="form-control" placeholder="LDAP password" autocomplete="off" readonly onfocus="this.removeAttribute('readonly');">
                                    </div>
                                    <div class="col-md-3">
                                        <a class="btn btn-default btn-sm" id="ldaptestlogin" style="margin-right: 10px;">{{ trans('admin/settings/general.ldap_test') }}</a>
--- a/tests/Feature/Api/Users/UsersSearchTest.php
+++ b/tests/Feature/Api/Users/UsersSearchTest.php
@ -2,6 +2,7 @@

 namespace Tests\Feature\Api\Users;

+use App\Models\Company;
 use App\Models\User;
 use Laravel\Passport\Passport;
 use Tests\Support\InteractsWithSettings;
@ -83,4 +84,67 @@ class UsersSearchTest extends TestCase
            'Expected deleted user does not appear in results'
        );
    }
+
+    public function testUsersScopedToCompanyWhenMultipleFullCompanySupportEnabled()
+    {
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $companyA = Company::factory()
+            ->has(User::factory(['first_name' => 'Company A', 'last_name' => 'User']))
+            ->create();
+
+        Company::factory()
+            ->has(User::factory(['first_name' => 'Company B', 'last_name' => 'User']))
+            ->create();
+
+        $response = $this->actingAsForApi(User::factory()->for($companyA)->viewUsers()->create())
+            ->getJson(route('api.users.index'))
+            ->assertOk();
+
+        $results = collect($response->json('rows'));
+
+        $this->assertTrue(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company A')),
+            'User index does not contain expected user'
+        );
+        $this->assertFalse(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company B')),
+            'User index contains unexpected user from another company'
+        );
+    }
+
+    public function testUsersScopedToCompanyDuringSearchWhenMultipleFullCompanySupportEnabled()
+    {
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $companyA = Company::factory()
+            ->has(User::factory(['first_name' => 'Company A', 'last_name' => 'User']))
+            ->create();
+
+        Company::factory()
+            ->has(User::factory(['first_name' => 'Company B', 'last_name' => 'User']))
+            ->create();
+
+        $response = $this->actingAsForApi(User::factory()->for($companyA)->viewUsers()->create())
+            ->getJson(route('api.users.index', [
+                'deleted' => 'false',
+                'company_id' => null,
+                'search' => 'user',
+                'order' => 'asc',
+                'offset' => '0',
+                'limit' => '20',
+            ]))
+            ->assertOk();
+
+        $results = collect($response->json('rows'));
+
+        $this->assertTrue(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company A')),
+            'User index does not contain expected user'
+        );
+        $this->assertFalse(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company B')),
+            'User index contains unexpected user from another company'
+        );
+    }
 }