From 950536f59fb9f093a6b48b5d1f9f0db6894c1463 Mon Sep 17 00:00:00 2001 From: Ivan Nieto Vivanco Date: Thu, 24 Aug 2023 15:18:51 -0600 Subject: [PATCH 1/6] Added a condition to send correct model id when cloning one --- resources/views/models/edit.blade.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/resources/views/models/edit.blade.php b/resources/views/models/edit.blade.php index 74d3c1b83c..73220ae6ba 100755 --- a/resources/views/models/edit.blade.php +++ b/resources/views/models/edit.blade.php @@ -33,6 +33,11 @@ +@php + if (is_null($item->id)){ + $item->id = $item->getOriginal('id'); + } +@endphp @livewire('custom-field-set-default-values-for-model',["model_id" => $item->id]) From a12a68e4e9a40c1753f822b823cf912a7aa06665 Mon Sep 17 00:00:00 2001 From: Ivan Nieto Vivanco Date: Thu, 24 Aug 2023 15:28:12 -0600 Subject: [PATCH 2/6] Add a variable so I dont ended rewriting the original model --- resources/views/models/edit.blade.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/resources/views/models/edit.blade.php b/resources/views/models/edit.blade.php index 73220ae6ba..8d33f94b15 100755 --- a/resources/views/models/edit.blade.php +++ b/resources/views/models/edit.blade.php @@ -34,12 +34,13 @@ @php - if (is_null($item->id)){ - $item->id = $item->getOriginal('id'); + $model_id = $item->id; + if (is_null($model_id)){ + $model_id = $item->getOriginal('id'); } @endphp -@livewire('custom-field-set-default-values-for-model',["model_id" => $item->id]) +@livewire('custom-field-set-default-values-for-model',["model_id" => $model_id]) @include ('partials.forms.edit.notes') @include ('partials.forms.edit.requestable', ['requestable_text' => trans('admin/models/general.requestable')]) From 7787ca328c0f147d0d77b13c5572e532045d0919 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 28 Aug 2023 18:36:06 +0100 Subject: [PATCH 3/6] Try to prevent the browser from pre-filling the LDAP password Signed-off-by: snipe --- resources/views/settings/ldap.blade.php | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/resources/views/settings/ldap.blade.php b/resources/views/settings/ldap.blade.php index b3070e13e1..016d54f48f 100644 --- a/resources/views/settings/ldap.blade.php +++ b/resources/views/settings/ldap.blade.php @@ -18,6 +18,15 @@ .checkbox label { padding-right: 40px; } + + /* + Don't make the password field *look* readonly - this is for usability, so admins don't think they can't edit this field. + */ + .form-control[readonly] { + background-color: white; + color: #555555; + cursor:text; + } @if ((!function_exists('ldap_connect')) || (!function_exists('ldap_set_option')) || (!function_exists('ldap_bind'))) @@ -34,10 +43,12 @@ @endif - {{ Form::open(['method' => 'POST', 'files' => false, 'autocomplete' => 'false', 'class' => 'form-horizontal', 'role' => 'form']) }} + {{ Form::open(['method' => 'POST', 'files' => false, 'autocomplete' => 'off', 'class' => 'form-horizontal', 'role' => 'form']) }} {{csrf_field()}} + + @@ -54,7 +65,6 @@
-
@@ -230,7 +240,7 @@ {{ Form::label('ldap_uname', trans('admin/settings/general.ldap_uname')) }}
- {{ Form::text('ldap_uname', Request::old('ldap_uname', $setting->ldap_uname), ['class' => 'form-control','placeholder' => trans('general.example') .'binduser@example.com', $setting->demoMode]) }} + {{ Form::text('ldap_uname', Request::old('ldap_uname', $setting->ldap_uname), ['class' => 'form-control','autocomplete' => 'off', 'placeholder' => trans('general.example') .'binduser@example.com', $setting->demoMode]) }} {!! $errors->first('ldap_uname', '') !!} @if (config('app.lock_passwords')===true)

{{ trans('general.feature_disabled') }}

@@ -244,7 +254,7 @@ {{ Form::label('ldap_pword', trans('admin/settings/general.ldap_pword')) }}
- {{ Form::password('ldap_pword', ['class' => 'form-control','placeholder' => trans('general.example') .' binduserpassword', $setting->demoMode]) }} + {{ Form::password('ldap_pword', ['class' => 'form-control', 'autocomplete' => 'off', 'onfocus' => "this.removeAttribute('readonly');", $setting->demoMode, ' readonly']) }} {!! $errors->first('ldap_pword', '') !!} @if (config('app.lock_passwords')===true)

{{ trans('general.feature_disabled') }}

@@ -538,7 +548,7 @@
- +
{{ trans('admin/settings/general.ldap_test') }} From 4e4ba380385ed2abb6ee566b402ba58424fc4201 Mon Sep 17 00:00:00 2001 From: Ivan Nieto Vivanco Date: Mon, 28 Aug 2023 16:23:26 -0600 Subject: [PATCH 4/6] Pass the model_id variable in the controller and get it only if we are cloning the asset model --- app/Http/Controllers/AssetModelsController.php | 1 + resources/views/models/edit.blade.php | 9 ++------- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/app/Http/Controllers/AssetModelsController.php b/app/Http/Controllers/AssetModelsController.php index dbefb2e7b7..7b1f3c49ba 100755 --- a/app/Http/Controllers/AssetModelsController.php +++ b/app/Http/Controllers/AssetModelsController.php @@ -286,6 +286,7 @@ class AssetModelsController extends Controller return view('models/edit') ->with('depreciation_list', Helper::depreciationList()) ->with('item', $model) + ->with('model_id', $model_to_clone->id) ->with('clone_model', $model_to_clone); } diff --git a/resources/views/models/edit.blade.php b/resources/views/models/edit.blade.php index 8d33f94b15..4bb5cac6c0 100755 --- a/resources/views/models/edit.blade.php +++ b/resources/views/models/edit.blade.php @@ -33,14 +33,9 @@
-@php - $model_id = $item->id; - if (is_null($model_id)){ - $model_id = $item->getOriginal('id'); - } -@endphp -@livewire('custom-field-set-default-values-for-model',["model_id" => $model_id]) + +@livewire('custom-field-set-default-values-for-model',["model_id" => ($item->id) ? $item->id : $model_id]) @include ('partials.forms.edit.notes') @include ('partials.forms.edit.requestable', ['requestable_text' => trans('admin/models/general.requestable')]) From aafa1ab70e8829e9e8c080b4a7c05276ab14dadb Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Tue, 29 Aug 2023 16:15:13 -0700 Subject: [PATCH 5/6] Add failing test --- tests/Feature/Api/Users/UsersSearchTest.php | 64 +++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/tests/Feature/Api/Users/UsersSearchTest.php b/tests/Feature/Api/Users/UsersSearchTest.php index f14d704b0f..723a115db1 100644 --- a/tests/Feature/Api/Users/UsersSearchTest.php +++ b/tests/Feature/Api/Users/UsersSearchTest.php @@ -2,6 +2,7 @@ namespace Tests\Feature\Api\Users; +use App\Models\Company; use App\Models\User; use Laravel\Passport\Passport; use Tests\Support\InteractsWithSettings; @@ -83,4 +84,67 @@ class UsersSearchTest extends TestCase 'Expected deleted user does not appear in results' ); } + + public function testUsersScopedToCompanyWhenMultipleFullCompanySupportEnabled() + { + $this->settings->enableMultipleFullCompanySupport(); + + $companyA = Company::factory() + ->has(User::factory(['first_name' => 'Company A', 'last_name' => 'User'])) + ->create(); + + Company::factory() + ->has(User::factory(['first_name' => 'Company B', 'last_name' => 'User'])) + ->create(); + + $response = $this->actingAsForApi(User::factory()->for($companyA)->viewUsers()->create()) + ->getJson(route('api.users.index')) + ->assertOk(); + + $results = collect($response->json('rows')); + + $this->assertTrue( + $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company A')), + 'User index does not contain expected user' + ); + $this->assertFalse( + $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company B')), + 'User index contains unexpected user from another company' + ); + } + + public function testUsersScopedToCompanyDuringSearchWhenMultipleFullCompanySupportEnabled() + { + $this->settings->enableMultipleFullCompanySupport(); + + $companyA = Company::factory() + ->has(User::factory(['first_name' => 'Company A', 'last_name' => 'User'])) + ->create(); + + Company::factory() + ->has(User::factory(['first_name' => 'Company B', 'last_name' => 'User'])) + ->create(); + + $response = $this->actingAsForApi(User::factory()->for($companyA)->viewUsers()->create()) + ->getJson(route('api.users.index', [ + 'deleted' => 'false', + 'company_id' => null, + 'search' => 'user', + 'order' => 'asc', + 'offset' => '0', + 'limit' => '20', + ])) + ->assertOk(); + + $results = collect($response->json('rows')); + + $this->assertTrue( + $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company A')), + 'User index does not contain expected user' + ); + $this->assertFalse( + $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company B')), + 'User index contains unexpected user from another company' + ); + } } From 806ab2cb9d771d49a3c092d4406e4e29cc3724df Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Tue, 29 Aug 2023 16:17:29 -0700 Subject: [PATCH 6/6] Ensure users are scoped by company in index method --- app/Http/Controllers/Api/UsersController.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 7b22f3af4b..3b76317327 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -75,7 +75,6 @@ class UsersController extends Controller ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy',) ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count'); - $users = Company::scopeCompanyables($users); if ($request->filled('activated')) { @@ -271,6 +270,8 @@ class UsersController extends Controller } elseif (($request->filled('all')) && ($request->input('all') == 'true')) { $users = $users->withTrashed(); } + + $users = Company::scopeCompanyables($users); $total = $users->count(); $users = $users->skip($offset)->take($limit)->get();