DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-09 23:24:06 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge branch 'develop' into snipeit_v7

Browse source 
Had to do a lot of conflict work here, so this could get ugly :(
This commit is contained in:
Brady Wetherington 2023-07-10 16:53:35 +01:00
parent 51424d01a9 5a9c2925c3
commit 8f2a17585e
53 changed files with 1200 additions and 344 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/Exceptions/Handler.php
View file

@ -75,7 +75,12 @@ class Handler extends ExceptionHandler
// Handle SCIM exceptions
if ($e instanceof SCIMException) {
return response()->json(Helper::formatStandardApiResponse('error', null, 'Invalid SCIM Request'), 400);
try {
$e->report(); // logs as 'debug', so shouldn't get too noisy
} catch(\Exception $reportException) {
//do nothing
}
return $e->render($request); // ALL SCIMExceptions have the 'render()' method
}
// Handle standard requests that fail because Carbon cannot parse the date on validation (when a submitted date value is definitely not a date)

40
app/Http/Controllers/Api/AssetsController.php
View file

@ -115,7 +115,7 @@ class AssetsController extends Controller
$allowed_columns[] = $field->db_column_name();
}
$assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
$assets = Asset::select('assets.*')
->with('location', 'assetstatus', 'company', 'defaultLoc','assignedTo',
'model.category', 'model.manufacturer', 'model.fieldset','supplier'); //it might be tempting to add 'assetlog' here, but don't. It blows up update-heavy users.
@ -125,6 +125,8 @@ class AssetsController extends Controller
$assets->InModelList($non_deprecable_models->toArray());
}
// These are used by the API to query against specific ID numbers.
// They are also used by the individual searches on detail pages like
// locations, etc.
@ -136,12 +138,11 @@ class AssetsController extends Controller
}
}
// Make sure the offset and limit are actually integers and do not exceed system limits
$offset = ($request->input('offset') > $assets->count()) ? $assets->count() : abs($request->input('offset'));
$limit = app('api_limit_value');
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
if ((! is_null($filter)) && (count($filter)) > 0) {
$assets->ByFilter($filter);
} elseif ($request->filled('search')) {
$assets->TextSearch($request->input('search'));
}
// This is used by the audit reporting routes
if (Gate::allows('audit', Asset::class)) {
@ -156,7 +157,6 @@ class AssetsController extends Controller
}
// This is used by the sidenav, mostly
// We switched from using query scopes here because of a Laravel bug
@ -206,7 +206,7 @@ class AssetsController extends Controller
break;
case 'Deployed':
// more sad, horrible workarounds for laravel bugs when doing full text searches
$assets->where('assets.assigned_to', '>', '0');
$assets->whereNotNull('assets.assigned_to');
break;
case 'byod':
// This is kind of redundant, since we already check for byod=1 above, but this keeps the
@ -232,12 +232,6 @@ class AssetsController extends Controller
}
if ((! is_null($filter)) && (count($filter)) > 0) {
$assets->ByFilter($filter);
} elseif ($request->filled('search')) {
$assets->TextSearch($request->input('search'));
}
// Leave these under the TextSearch scope, else the fuzziness will override the specific ID (status ID, etc) requested
if ($request->filled('status_id')) {
$assets->where('assets.status_id', '=', $request->input('status_id'));
@ -313,7 +307,8 @@ class AssetsController extends Controller
// in the allowed_columns array)
$column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'assets.created_at';
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
switch ($sort_override) {
case 'model':
$assets->OrderModels($order);
@ -350,6 +345,10 @@ class AssetsController extends Controller
}
// Make sure the offset and limit are actually integers and do not exceed system limits
$offset = ($request->input('offset') > $assets->count()) ? $assets->count() : abs($request->input('offset'));
$limit = app('api_limit_value');
$total = $assets->count();
$assets = $assets->skip($offset)->take($limit)->get();
@ -480,7 +479,7 @@ class AssetsController extends Controller
public function selectlist(Request $request)
{
$assets = Company::scopeCompanyables(Asset::select([
$assets = Asset::select([
'assets.id',
'assets.name',
'assets.asset_tag',
@ -488,7 +487,7 @@ class AssetsController extends Controller
'assets.assigned_to',
'assets.assigned_type',
'assets.status_id',
])->with('model', 'assetstatus', 'assignedTo')->NotArchived(), 'company_id', 'assets');
])->with('model', 'assetstatus', 'assignedTo')->NotArchived();
if ($request->filled('assetStatusType') && $request->input('assetStatusType') === 'RTD') {
$assets = $assets->RTD();
@ -1033,9 +1032,10 @@ class AssetsController extends Controller
{
$this->authorize('viewRequestable', Asset::class);
$assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
$assets = Asset::select('assets.*')
->with('location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')->requestableAssets();
'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')
->requestableAssets();
$offset = request('offset', 0);
$limit = $request->input('limit', 50);

5
app/Http/Controllers/Api/ComponentsController.php
View file

@ -44,9 +44,8 @@ class ComponentsController extends Controller
'notes',
];
$components = Company::scopeCompanyables(Component::select('components.*')
->with('company', 'location', 'category', 'assets', 'supplier'));
$components = Component::select('components.*')
->with('company', 'location', 'category', 'assets', 'supplier');
if ($request->filled('search')) {
$components = $components->TextSearch($request->input('search'));

7
app/Http/Controllers/Api/ConsumablesController.php
View file

@ -45,11 +45,8 @@ class ConsumablesController extends Controller
'notes',
];
$consumables = Company::scopeCompanyables(
Consumable::select('consumables.*')
->with('company', 'location', 'category', 'users', 'manufacturer')
);
$consumables = Consumable::select('consumables.*')
->with('company', 'location', 'category', 'users', 'manufacturer');
if ($request->filled('search')) {
$consumables = $consumables->TextSearch(e($request->input('search')));

2
app/Http/Controllers/Api/LicensesController.php
View file

@ -26,8 +26,8 @@ class LicensesController extends Controller
public function index(Request $request)
{
$this->authorize('view', License::class);
$licenses = Company::scopeCompanyables(License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count'));
$licenses = License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count');
if ($request->filled('company_id')) {
$licenses->where('company_id', '=', $request->input('company_id'));

6
app/Http/Controllers/Licenses/LicenseCheckoutController.php
View file

@ -30,15 +30,17 @@ class LicenseCheckoutController extends Controller
// Check that the license is valid
if ($license = License::find($licenseId)) {
$this->authorize('checkout', $license);
// If the license is valid, check that there is an available seat
if ($license->avail_seats_count < 1) {
return redirect()->route('licenses.index')->with('error', 'There are no available seats for this license');
}
return view('licenses/checkout', compact('license'));
}
$this->authorize('checkout', $license);
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
return view('licenses/checkout', compact('license'));
}
/**

2
app/Http/Controllers/SettingsController.php
View file

@ -1136,7 +1136,7 @@ class SettingsController extends Controller
public function postBackups()
{
if (! config('app.lock_passwords')) {
Artisan::call('snipeit:backup', ['--filename' => 'manual-backup-'.date('Y-m-d-H:i:s')]);
Artisan::call('snipeit:backup', ['--filename' => 'manual-backup-'.date('Y-m-d-H-i-s')]);
$output = Artisan::output();
// Backup completed

10
app/Http/Controllers/ViewAssetsController.php
View file

@ -82,7 +82,7 @@ class ViewAssetsController extends Controller
return view('account/requestable-assets', compact('assets', 'models'));
}
public function getRequestItem(Request $request, $itemType, $itemId = null)
public function getRequestItem(Request $request, $itemType, $itemId = null, $cancel_by_admin = false, $requestingUser = null)
{
$item = null;
$fullItemType = 'App\\Models\\'.studly_case($itemType);
@ -119,16 +119,16 @@ class ViewAssetsController extends Controller
$settings = Setting::getSettings();
if ($item_request = $item->isRequestedBy($user)) {
$item->cancelRequest();
$data['item_quantity'] = $item_request->qty;
if (($item_request = $item->isRequestedBy($user)) || $cancel_by_admin) {
$item->cancelRequest($requestingUser);
$data['item_quantity'] = ($item_request) ? $item_request->qty : 1;
$logaction->logaction('request_canceled');
if (($settings->alert_email != '') && ($settings->alerts_enabled == '1') && (! config('app.lock_passwords'))) {
$settings->notify(new RequestAssetCancelation($data));
}
return redirect()->route('requestable-assets')->with('success')->with('success', trans('admin/hardware/message.requests.canceled'));
return redirect()->back()->with('success')->with('success', trans('admin/hardware/message.requests.canceled'));
} else {
$item->request();
if (($settings->alert_email != '') && ($settings->alerts_enabled == '1') && (! config('app.lock_passwords'))) {

1
app/Http/Livewire/Importer.php
View file

@ -214,7 +214,6 @@ class Importer extends Component
'model_notes' => trans('general.item_notes', ['item' => trans('admin/hardware/form.model')]),
'manufacturer' => trans('general.manufacturer'),
'order_number' => trans('general.order_number'),
'notes' => trans('general.notes'),
'image' => trans('general.importer.image_filename'),
/**
* Checkout fields:

2
app/Http/Transformers/AccessoriesTransformer.php
View file

@ -32,7 +32,7 @@ class AccessoriesTransformer
'model_number' => ($accessory->model_number) ? e($accessory->model_number) : null,
'category' => ($accessory->category) ? ['id' => $accessory->category->id, 'name'=> e($accessory->category->name)] : null,
'location' => ($accessory->location) ? ['id' => $accessory->location->id, 'name'=> e($accessory->location->name)] : null,
'notes' => ($accessory->notes) ? e($accessory->notes) : null,
'notes' => ($accessory->notes) ? Helper::parseEscapedMarkedown($accessory->notes) : null,
'qty' => ($accessory->qty) ? (int) $accessory->qty : null,
'purchase_date' => ($accessory->purchase_date) ? Helper::getFormattedDateObject($accessory->purchase_date, 'date') : null,
'purchase_cost' => Helper::formatCurrencyOutput($accessory->purchase_cost),

2
app/Http/Transformers/ActionlogsTransformer.php
View file

@ -110,7 +110,7 @@ class ActionlogsTransformer
'type' => e($actionlog->targetType()),
] : null,
'note' => ($actionlog->note) ? e($actionlog->note): null,
'note' => ($actionlog->note) ? Helper::parseEscapedMarkedown($actionlog->note): null,
'signature_file' => ($actionlog->accept_signature) ? route('log.signature.view', ['filename' => $actionlog->accept_signature ]) : null,
'log_meta' => ((isset($clean_meta)) && (is_array($clean_meta))) ? $clean_meta: null,
'action_date' => ($actionlog->action_date) ? Helper::getFormattedDateObject($actionlog->action_date, 'datetime'): Helper::getFormattedDateObject($actionlog->created_at, 'datetime'),

2
app/Http/Transformers/AssetMaintenancesTransformer.php
View file

@ -49,7 +49,7 @@ class AssetMaintenancesTransformer
'id' => (int) $assetmaintenance->asset->defaultLoc->id,
'name'=> e($assetmaintenance->asset->defaultLoc->name),
] : null,
'notes' => ($assetmaintenance->notes) ? e($assetmaintenance->notes) : null,
'notes' => ($assetmaintenance->notes) ? Helper::parseEscapedMarkedown($assetmaintenance->notes) : null,
'supplier' => ($assetmaintenance->supplier) ? ['id' => $assetmaintenance->supplier->id, 'name'=> e($assetmaintenance->supplier->name)] : null,
'cost' => Helper::formatCurrencyOutput($assetmaintenance->cost),
'asset_maintenance_type' => e($assetmaintenance->asset_maintenance_type),

2
app/Http/Transformers/AssetModelsTransformer.php
View file

@ -63,7 +63,7 @@ class AssetModelsTransformer
'default_fieldset_values' => $default_field_values,
'eol' => ($assetmodel->eol > 0) ? $assetmodel->eol.' months' : 'None',
'requestable' => ($assetmodel->requestable == '1') ? true : false,
'notes' => e($assetmodel->notes),
'notes' => Helper::parseEscapedMarkedown($assetmodel->notes),
'created_at' => Helper::getFormattedDateObject($assetmodel->created_at, 'datetime'),
'updated_at' => Helper::getFormattedDateObject($assetmodel->updated_at, 'datetime'),
'deleted_at' => Helper::getFormattedDateObject($assetmodel->deleted_at, 'datetime'),

2
app/Http/Transformers/AssetsTransformer.php
View file

@ -58,7 +58,7 @@ class AssetsTransformer
'id' => (int) $asset->supplier->id,
'name'=> e($asset->supplier->name),
] : null,
'notes' => ($asset->notes) ? e($asset->notes) : null,
'notes' => ($asset->notes) ? Helper::parseEscapedMarkedown($asset->notes) : null,
'order_number' => ($asset->order_number) ? e($asset->order_number) : null,
'company' => ($asset->company) ? [
'id' => (int) $asset->company->id,

2
app/Http/Transformers/ComponentsTransformer.php
View file

@ -46,7 +46,7 @@ class ComponentsTransformer
'id' => (int) $component->company->id,
'name' => e($component->company->name),
] : null,
'notes' => ($component->notes) ? e($component->notes) : null,
'notes' => ($component->notes) ? Helper::parseEscapedMarkedown($component->notes) : null,
'created_at' => Helper::getFormattedDateObject($component->created_at, 'datetime'),
'updated_at' => Helper::getFormattedDateObject($component->updated_at, 'datetime'),
'user_can_checkout' => ($component->numRemaining() > 0) ? 1 : 0,

2
app/Http/Transformers/ConsumablesTransformer.php
View file

@ -39,7 +39,7 @@ class ConsumablesTransformer
'purchase_cost' => Helper::formatCurrencyOutput($consumable->purchase_cost),
'purchase_date' => Helper::getFormattedDateObject($consumable->purchase_date, 'date'),
'qty' => (int) $consumable->qty,
'notes' => ($consumable->notes) ? e($consumable->notes) : null,
'notes' => ($consumable->notes) ? Helper::parseEscapedMarkedown($consumable->notes) : null,
'created_at' => Helper::getFormattedDateObject($consumable->created_at, 'datetime'),
'updated_at' => Helper::getFormattedDateObject($consumable->updated_at, 'datetime'),
];

2
app/Http/Transformers/LicensesTransformer.php
View file

@ -34,7 +34,7 @@ class LicensesTransformer
'depreciation' => ($license->depreciation) ? ['id' => (int) $license->depreciation->id,'name'=> e($license->depreciation->name)] : null,
'purchase_cost' => Helper::formatCurrencyOutput($license->purchase_cost),
'purchase_cost_numeric' => $license->purchase_cost,
'notes' => e($license->notes),
'notes' => Helper::parseEscapedMarkedown($license->notes),
'expiration_date' => Helper::getFormattedDateObject($license->expiration_date, 'date'),
'seats' => (int) $license->seats,
'free_seats_count' => (int) $license->free_seats_count,

2
app/Http/Transformers/SuppliersTransformer.php
View file

@ -43,7 +43,7 @@ class SuppliersTransformer
'licenses_count' => (int) $supplier->licenses_count,
'consumables_count' => (int) $supplier->consumables_count,
'components_count' => (int) $supplier->components_count,
'notes' => ($supplier->notes) ? e($supplier->notes) : null,
'notes' => ($supplier->notes) ? Helper::parseEscapedMarkedown($supplier->notes) : null,
'created_at' => Helper::getFormattedDateObject($supplier->created_at, 'datetime'),
'updated_at' => Helper::getFormattedDateObject($supplier->updated_at, 'datetime'),

2
app/Http/Transformers/UsersTransformer.php
View file

@ -53,7 +53,7 @@ class UsersTransformer
'id' => (int) $user->userloc->id,
'name'=> e($user->userloc->name),
] : null,
'notes'=> e($user->notes),
'notes'=> Helper::parseEscapedMarkedown($user->notes),
'permissions' => $user->decodePermissions(),
'activated' => ($user->activated == '1') ? true : false,
'autoassign_licenses' => ($user->autoassign_licenses == '1') ? true : false,

17
app/Importer/LicenseImporter.php
View file

@ -27,15 +27,24 @@ class LicenseImporter extends ItemImporter
* @since 4.0
* @param array $row
* @return License|mixed|null
* updated @author Jes Vinsmoke
* @since 6.1
*
*/
public function createLicenseIfNotExists(array $row)
{
$editingLicense = false;
$license = License::where('name', $this->item['name'])
$license = License::where('serial', $this->item['serial'])->where('name', $this->item['name'])
->first();
if ($license) {
if (! $this->updating) {
$this->log('A matching License '.$this->item['name'].' with serial '.$this->item['serial'].' already exists');
if($this->item['serial'] != "") {
$this->log('A matching License ' . $this->item['name'] . ' with serial ' . $this->item['serial'] . ' already exists');
}
else {
$this->log('A matching License ' . $this->item['name'] . ' with no serial number already exists');
}
return;
}
@ -57,6 +66,10 @@ class LicenseImporter extends ItemImporter
$this->item['maintained'] = $this->findCsvMatch($row, 'maintained');
$this->item['purchase_order'] = $this->findCsvMatch($row, 'purchase_order');
$this->item['reassignable'] = $this->findCsvMatch($row, 'reassignable');
if($this->item['reassignable'] == "")
{
$this->item['reassignable'] = 1;
}
$this->item['seats'] = $this->findCsvMatch($row, 'seats');
$this->item["termination_date"] = null;

2
app/Models/Asset.php
View file

@ -1566,7 +1566,7 @@ class Asset extends Depreciable
*/
public function scopeOrderModelNumber($query, $order)
{
return $query->leftJoin('models as model_number_sort', 'assets.model_id', '=', 'models.id')->orderBy('models.model_number', $order);
return $query->leftJoin('models as model_number_sort', 'assets.model_id', '=', 'model_number_sort.id')->orderBy('model_number_sort.model_number', $order);
}

2
app/Models/Depreciable.php
View file

@ -127,7 +127,7 @@ class Depreciable extends SnipeModel
$yearsPast = 0;
}
return round($yearsPast / $deprecationYears * $this->purchase_cost, 2);
return $this->purchase_cost - round($yearsPast / $deprecationYears * $this->purchase_cost, 2);
}
/**

8
app/Models/Requestable.php
View file

@ -38,8 +38,12 @@ trait Requestable
$this->requests()->where('user_id', Auth::id())->delete();
}
public function cancelRequest()
public function cancelRequest($user_id = null)
{
$this->requests()->where('user_id', Auth::id())->update(['canceled_at' => \Carbon\Carbon::now()]);
if (!$user_id){
$user_id = Auth::id();
}
$this->requests()->where('user_id', $user_id)->update(['canceled_at' => \Carbon\Carbon::now()]);
}
}

1
composer.json
View file

@ -68,6 +68,7 @@
"watson/validating": "^7.0"
},
"require-dev": {
"brianium/paratest": "^v6.4.4",
"fakerphp/faker": "^1.16",
"laravel/dusk": "^6.25",
"mockery/mockery": "^1.4",

597
composer.lock generated
View file

File diff suppressed because it is too large Load diff

10
config/version.php
View file

@ -1,10 +1,10 @@
<?php
return array (
'app_version' => 'v6.1.1',
'full_app_version' => 'v6.1.1 - build 10847-g2ac4449ea',
'build_version' => '10847',
'app_version' => 'v6.1.2',
'full_app_version' => 'v6.1.2 - build 10938-g32747cafd',
'build_version' => '10938',
'prerelease_version' => '',
'hash_version' => 'g2ac4449ea',
'full_hash' => 'v6.1.1-605-g2ac4449ea',
'hash_version' => 'g32747cafd',
'full_hash' => 'v6.1.2-89-g32747cafd',
'branch' => 'develop',
);

10
database/factories/AssetFactory.php
View file

@ -328,4 +328,14 @@ class AssetFactory extends Factory
];
});
}
public function requestable()
{
return $this->state(['requestable' => true]);
}
public function nonrequestable()
{
return $this->state(['requestable' => false]);
}
}

9
database/factories/UserFactory.php
View file

@ -271,6 +271,15 @@ class UserFactory extends Factory
});
}
public function viewDepartments()
{
return $this->state(function () {
return [
'permissions' => '{"departments.view":"1"}',
];
});
}
public function viewLicenses()
{
return $this->state(function () {

36
database/migrations/2023_07_05_092237_change_settings_table_increase_saml_idp_metadata_size.php Normal file
View file

@ -0,0 +1,36 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
class ChangeSettingsTableIncreaseSamlIdpMetadataSize extends Migration
{
/**
* Run the migrations.
*
* This migration changes the format of the saml_idp_metadata field to MEDIUMTEXT
* to avoid truncating
*
* @return void
*/
public function up()
{
Schema::table('settings', function (Blueprint $table) {
$table->mediumText('saml_idp_metadata')->nullable()->default(null)->change();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('settings', function (Blueprint $table) {
$table->text('saml_idp_metadata')->nullable()->default(null)->change();
});
}
}

BIN
public/css/dist/skins/skin-yellow-dark.css vendored
View file

Binary file not shown.

BIN
public/css/dist/skins/skin-yellow-dark.min.css vendored
View file

Binary file not shown.

4
public/mix-manifest.json
View file

@ -7,7 +7,7 @@
"/css/dist/skins/skin-orange.css": "/css/dist/skins/skin-orange.css?id=268041e902b019730c23ee3875838005",
"/css/dist/skins/skin-orange-dark.css": "/css/dist/skins/skin-orange-dark.css?id=d409d9b1a3b69247df8b98941ba06e33",
"/css/dist/skins/skin-blue-dark.css": "/css/dist/skins/skin-blue-dark.css?id=4a9e8c5e7b09506fa3e3a3f42849e07f",
"/css/dist/skins/skin-yellow-dark.css": "/css/dist/skins/skin-yellow-dark.css?id=3cb840e047cd0c40484a08c7a8e7cdea",
"/css/dist/skins/skin-yellow-dark.css": "/css/dist/skins/skin-yellow-dark.css?id=21fef066e0bb1b02fd83fcb6694fad5f",
"/css/dist/skins/skin-yellow.css": "/css/dist/skins/skin-yellow.css?id=fc7adb943668ac69fe4b646625a7571f",
"/css/dist/skins/skin-purple-dark.css": "/css/dist/skins/skin-purple-dark.css?id=9f944e8021781af1ce45d27765d1c0c2",
"/css/dist/skins/skin-purple.css": "/css/dist/skins/skin-purple.css?id=cf6c8c340420724b02d6e787ef9bded5",
@ -40,7 +40,7 @@
"/css/dist/skins/skin-blue.min.css": "/css/dist/skins/skin-blue.min.css?id=392cc93cfc0be0349bab9697669dd091",
"/css/dist/skins/skin-blue-dark.min.css": "/css/dist/skins/skin-blue-dark.min.css?id=4a9e8c5e7b09506fa3e3a3f42849e07f",
"/css/dist/skins/skin-yellow.min.css": "/css/dist/skins/skin-yellow.min.css?id=fc7adb943668ac69fe4b646625a7571f",
"/css/dist/skins/skin-yellow-dark.min.css": "/css/dist/skins/skin-yellow-dark.min.css?id=3cb840e047cd0c40484a08c7a8e7cdea",
"/css/dist/skins/skin-yellow-dark.min.css": "/css/dist/skins/skin-yellow-dark.min.css?id=21fef066e0bb1b02fd83fcb6694fad5f",
"/css/dist/skins/skin-red.min.css": "/css/dist/skins/skin-red.min.css?id=b9a74ec0cd68f83e7480d5ae39919beb",
"/css/dist/skins/skin-red-dark.min.css": "/css/dist/skins/skin-red-dark.min.css?id=7f0eb9e355b36b41c61c3af3b4d41143",
"/css/dist/skins/skin-purple.min.css": "/css/dist/skins/skin-purple.min.css?id=cf6c8c340420724b02d6e787ef9bded5",

7
resources/assets/less/skins/skin-yellow-dark.less
View file

@ -78,7 +78,9 @@
a.actions {
color:#fff !important;
}
a:visited.label-default, a:link.label-default{
color:#444;
}
/**
The dropdown is white, so use a darker color
*/
@ -159,9 +161,6 @@ h2.task_menu{
background: linear-gradient(to bottom, var(--header) 0%,var(--header) 100%);
border-color: var(--header);
}
.label-default{
background-color:var(--back-sub);
}
a.btn.btn-default{
color:var(--nav-link);
}

2
resources/lang/en/admin/hardware/general.php
View file

@ -19,7 +19,7 @@ return [
'requestable' => 'Requestable',
'requested' => 'Requested',
'not_requestable' => 'Not Requestable',
'requestable_status_warning' => 'Do not change requestable status',
'requestable_status_warning' => 'Do not change requestable status',
'restore' => 'Restore Asset',
'pending' => 'Pending',
'undeployable' => 'Undeployable',

1
resources/lang/en/general.php
View file

@ -436,6 +436,7 @@ return [
'errors_importing' => 'Some Errors occurred while importing: ',
'warning' => 'WARNING: :warning',
'success_redirecting' => '"Success... Redirecting.',
'cancel_request' => 'Cancel this item request',
'setup_successful_migrations' => 'Your database tables have been created',
'setup_migration_output' => 'Migration output:',
'setup_migration_create_user' => 'Next: Create User',

2
resources/views/categories/edit.blade.php
View file

@ -43,7 +43,7 @@
@if ($snipeSettings->default_eula_text!='')
<label class="form-control">
{{ Form::checkbox('use_default_eula', '1', old('use_default_eula', $item->use_default_eula), ['aria-label'=>'use_default_eula']) }}
{!! trans('admin/categories/general.use_default_eula') !!}
<span>{!! trans('admin/categories/general.use_default_eula') !!}</span>
</label>
@else
<label class="form-control form-control--disabled">

2
resources/views/hardware/labels.blade.php
View file

@ -52,7 +52,7 @@ $qr_size = ($settings->alt_barcode_enabled=='1') && ($settings->alt_barcode!='')
}
img.barcode {
display:block;
margin-top:-7px;
margin-top:-14px;
width: 100%;
}
div.label-logo {

15
resources/views/hardware/requested.blade.php
View file

@ -17,11 +17,6 @@
<div class="col-md-12">
<div class="box">
<div class="box-body">
{{ Form::open([
'method' => 'POST',
'route' => ['hardware/bulkedit'],
'class' => 'form-inline',
'id' => 'bulkForm']) }}
<div class="row">
<div class="col-md-12">
@ -51,7 +46,7 @@
<th class="col-md-2" data-sortable="true">{{ trans('admin/hardware/form.expected_checkin') }}</th>
<th class="col-md-3" data-sortable="true">{{ trans('admin/hardware/table.requesting_user') }}</th>
<th class="col-md-2">{{ trans('admin/hardware/table.requested_date') }}</th>
<th class="col-md-1">{{ trans('general.checkin').'/'.trans('general.checkout') }}</th>
<th class="col-md-1">{{ trans('button.actions') }}</th> <th></th>
</tr>
</thead>
<tbody>
@ -103,6 +98,14 @@
@endif
</td>
<td>{{ App\Helpers\Helper::getFormattedDateObject($request->created_at, 'datetime', false) }}</td>
<td>
{{ Form::open([
'method' => 'POST',
'route' => ['account/request-item', $request->itemType(), $request->requestable->id, true, $request->requestingUser()->id],
]) }}
<button class="btn btn-warning btn-sm" data-tooltip="true" title="{{ trans('general.cancel_request') }}">{{ trans('button.cancel') }}</button>
{{ Form::close() }}
</td>
<td>
@if ($request->itemType() == "asset")
@if ($request->requestable->assigned_to=='')

8
resources/views/hardware/view.blade.php
View file

@ -934,6 +934,14 @@
{{ $asset->location->state }} {{ $asset->location->zip }}
</li>
@endif
<li>
<i class="fas fa-calendar"></i> {{ trans('admin/hardware/form.checkout_date') }}: {{ Helper::getFormattedDateObject($asset->last_checkout, 'date', false) }}
</li>
@if (isset($asset->expected_checkin))
<li>
<i class="fas fa-calendar"></i> {{ trans('admin/hardware/form.expected_checkin') }}: {{ Helper::getFormattedDateObject($asset->expected_checkin, 'date', false) }}
</li>
@endif
</ul>
@endif

2
routes/web.php
View file

@ -281,7 +281,7 @@ Route::group(['prefix' => 'account', 'middleware' => ['auth']], function () {
)->name('account/request-asset');
Route::post(
'request/{itemType}/{itemId}',
'request/{itemType}/{itemId}/{cancel_by_admin?}/{requestingUser?}',
[ViewAssetsController::class, 'getRequestItem']
)->name('account/request-item');

64
tests/Feature/Api/Assets/AssetIndexTest.php
View file

@ -3,9 +3,9 @@
namespace Tests\Feature\Api\Assets;
use App\Models\Asset;
use App\Models\Company;
use App\Models\User;
use Illuminate\Testing\Fluent\AssertableJson;
use Laravel\Passport\Passport;
use Tests\Support\InteractsWithSettings;
use Tests\TestCase;
@ -17,14 +17,14 @@ class AssetIndexTest extends TestCase
{
Asset::factory()->count(3)->create();
Passport::actingAs(User::factory()->superuser()->create());
$this->getJson(
route('api.assets.index', [
'sort' => 'name',
'order' => 'asc',
'offset' => '0',
'limit' => '20',
]))
$this->actingAsForApi(User::factory()->superuser()->create())
->getJson(
route('api.assets.index', [
'sort' => 'name',
'order' => 'asc',
'offset' => '0',
'limit' => '20',
]))
->assertOk()
->assertJsonStructure([
'total',
@ -32,4 +32,50 @@ class AssetIndexTest extends TestCase
])
->assertJson(fn(AssertableJson $json) => $json->has('rows', 3)->etc());
}
public function testAssetIndexAdheresToCompanyScoping()
{
[$companyA, $companyB] = Company::factory()->count(2)->create();
$assetA = Asset::factory()->for($companyA)->create();
$assetB = Asset::factory()->for($companyB)->create();
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
$userInCompanyA = $companyA->users()->save(User::factory()->viewAssets()->make());
$userInCompanyB = $companyB->users()->save(User::factory()->viewAssets()->make());
$this->settings->disableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('api.assets.index'))
->assertResponseContainsInRows($assetA, 'asset_tag')
->assertResponseContainsInRows($assetB, 'asset_tag');
$this->actingAsForApi($userInCompanyA)
->getJson(route('api.assets.index'))
->assertResponseContainsInRows($assetA, 'asset_tag')
->assertResponseContainsInRows($assetB, 'asset_tag');
$this->actingAsForApi($userInCompanyB)
->getJson(route('api.assets.index'))
->assertResponseContainsInRows($assetA, 'asset_tag')
->assertResponseContainsInRows($assetB, 'asset_tag');
$this->settings->enableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('api.assets.index'))
->assertResponseContainsInRows($assetA, 'asset_tag')
->assertResponseContainsInRows($assetB, 'asset_tag');
$this->actingAsForApi($userInCompanyA)
->getJson(route('api.assets.index'))
->assertResponseContainsInRows($assetA, 'asset_tag')
->assertResponseDoesNotContainInRows($assetB, 'asset_tag');
$this->actingAsForApi($userInCompanyB)
->getJson(route('api.assets.index'))
->assertResponseDoesNotContainInRows($assetA, 'asset_tag')
->assertResponseContainsInRows($assetB, 'asset_tag');
}
}

76
tests/Feature/Api/Assets/AssetsForSelectListTest.php Normal file
View file

@ -0,0 +1,76 @@
<?php
namespace Tests\Feature\Api\Assets;
use App\Models\Asset;
use App\Models\Company;
use App\Models\User;
use Tests\Support\InteractsWithSettings;
use Tests\TestCase;
class AssetsForSelectListTest extends TestCase
{
use InteractsWithSettings;
public function testAssetsCanBeSearchedForByAssetTag()
{
Asset::factory()->create(['asset_tag' => '0001']);
Asset::factory()->create(['asset_tag' => '0002']);
$response = $this->actingAsForApi(User::factory()->create())
->getJson(route('assets.selectlist', ['search' => '000']))
->assertOk();
$results = collect($response->json('results'));
$this->assertEquals(2, $results->count());
$this->assertTrue($results->pluck('text')->contains(fn($text) => str_contains($text, '0001')));
$this->assertTrue($results->pluck('text')->contains(fn($text) => str_contains($text, '0002')));
}
public function testAssetsAreScopedToCompanyWhenMultipleCompanySupportEnabled()
{
[$companyA, $companyB] = Company::factory()->count(2)->create();
$assetA = Asset::factory()->for($companyA)->create(['asset_tag' => '0001']);
$assetB = Asset::factory()->for($companyB)->create(['asset_tag' => '0002']);
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
$userInCompanyA = $companyA->users()->save(User::factory()->viewAssets()->make());
$userInCompanyB = $companyB->users()->save(User::factory()->viewAssets()->make());
$this->settings->disableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('assets.selectlist', ['search' => '000']))
->assertResponseContainsInResults($assetA)
->assertResponseContainsInResults($assetB);
$this->actingAsForApi($userInCompanyA)
->getJson(route('assets.selectlist', ['search' => '000']))
->assertResponseContainsInResults($assetA)
->assertResponseContainsInResults($assetB);
$this->actingAsForApi($userInCompanyB)
->getJson(route('assets.selectlist', ['search' => '000']))
->assertResponseContainsInResults($assetA)
->assertResponseContainsInResults($assetB);
$this->settings->enableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('assets.selectlist', ['search' => '000']))
->assertResponseContainsInResults($assetA)
->assertResponseContainsInResults($assetB);
$this->actingAsForApi($userInCompanyA)
->getJson(route('assets.selectlist', ['search' => '000']))
->assertResponseContainsInResults($assetA)
->assertResponseDoesNotContainInResults($assetB);
$this->actingAsForApi($userInCompanyB)
->getJson(route('assets.selectlist', ['search' => '000']))
->assertResponseDoesNotContainInResults($assetA)
->assertResponseContainsInResults($assetB);
}
}

79
tests/Feature/Api/Assets/RequestableAssetsTest.php Normal file
View file

@ -0,0 +1,79 @@
<?php
namespace Tests\Feature\Api\Assets;
use App\Models\Asset;
use App\Models\Company;
use App\Models\User;
use Tests\Support\InteractsWithSettings;
use Tests\TestCase;
class RequestableAssetsTest extends TestCase
{
use InteractsWithSettings;
public function testViewingRequestableAssetsRequiresCorrectPermission()
{
$this->actingAsForApi(User::factory()->create())
->getJson(route('api.assets.requestable'))
->assertForbidden();
}
public function testReturnsRequestableAssets()
{
$requestableAsset = Asset::factory()->requestable()->create(['asset_tag' => 'requestable']);
$nonRequestableAsset = Asset::factory()->nonrequestable()->create(['asset_tag' => 'non-requestable']);
$this->actingAsForApi(User::factory()->viewRequestableAssets()->create())
->getJson(route('api.assets.requestable'))
->assertOk()
->assertResponseContainsInRows($requestableAsset, 'asset_tag')
->assertResponseDoesNotContainInRows($nonRequestableAsset, 'asset_tag');
}
public function testRequestableAssetsAreScopedToCompanyWhenMultipleCompanySupportEnabled()
{
[$companyA, $companyB] = Company::factory()->count(2)->create();
$assetA = Asset::factory()->requestable()->for($companyA)->create(['asset_tag' => '0001']);
$assetB = Asset::factory()->requestable()->for($companyB)->create(['asset_tag' => '0002']);
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
$userInCompanyA = $companyA->users()->save(User::factory()->viewRequestableAssets()->make());
$userInCompanyB = $companyB->users()->save(User::factory()->viewRequestableAssets()->make());
$this->settings->disableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('api.assets.requestable'))
->assertResponseContainsInRows($assetA, 'asset_tag')
->assertResponseContainsInRows($assetB, 'asset_tag');
$this->actingAsForApi($userInCompanyA)
->getJson(route('api.assets.requestable'))
->assertResponseContainsInRows($assetA, 'asset_tag')
->assertResponseContainsInRows($assetB, 'asset_tag');
$this->actingAsForApi($userInCompanyB)
->getJson(route('api.assets.requestable'))
->assertResponseContainsInRows($assetA, 'asset_tag')
->assertResponseContainsInRows($assetB, 'asset_tag');
$this->settings->enableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('api.assets.requestable'))
->assertResponseContainsInRows($assetA, 'asset_tag')
->assertResponseContainsInRows($assetB, 'asset_tag');
$this->actingAsForApi($userInCompanyA)
->getJson(route('api.assets.requestable'))
->assertResponseContainsInRows($assetA, 'asset_tag')
->assertResponseDoesNotContainInRows($assetB, 'asset_tag');
$this->actingAsForApi($userInCompanyB)
->getJson(route('api.assets.requestable'))
->assertResponseDoesNotContainInRows($assetA, 'asset_tag')
->assertResponseContainsInRows($assetB, 'asset_tag');
}
}

60
tests/Feature/Api/Components/ComponentIndexTest.php Normal file
View file

@ -0,0 +1,60 @@
<?php
namespace Tests\Feature\Api\Components;
use App\Models\Company;
use App\Models\Component;
use App\Models\User;
use Tests\Support\InteractsWithSettings;
use Tests\TestCase;
class ComponentIndexTest extends TestCase
{
use InteractsWithSettings;
public function testComponentIndexAdheresToCompanyScoping()
{
[$companyA, $companyB] = Company::factory()->count(2)->create();
$componentA = Component::factory()->for($companyA)->create();
$componentB = Component::factory()->for($companyB)->create();
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
$userInCompanyA = $companyA->users()->save(User::factory()->viewComponents()->make());
$userInCompanyB = $companyB->users()->save(User::factory()->viewComponents()->make());
$this->settings->disableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('api.components.index'))
->assertResponseContainsInRows($componentA)
->assertResponseContainsInRows($componentB);
$this->actingAsForApi($userInCompanyA)
->getJson(route('api.components.index'))
->assertResponseContainsInRows($componentA)
->assertResponseContainsInRows($componentB);
$this->actingAsForApi($userInCompanyB)
->getJson(route('api.components.index'))
->assertResponseContainsInRows($componentA)
->assertResponseContainsInRows($componentB);
$this->settings->enableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('api.components.index'))
->assertResponseContainsInRows($componentA)
->assertResponseContainsInRows($componentB);
$this->actingAsForApi($userInCompanyA)
->getJson(route('api.components.index'))
->assertResponseContainsInRows($componentA)
->assertResponseDoesNotContainInRows($componentB);
$this->actingAsForApi($userInCompanyB)
->getJson(route('api.components.index'))
->assertResponseDoesNotContainInRows($componentA)
->assertResponseContainsInRows($componentB);
}
}

60
tests/Feature/Api/Consumables/ConsumablesIndexTest.php Normal file
View file

@ -0,0 +1,60 @@
<?php
namespace Tests\Feature\Api\Consumables;
use App\Models\Company;
use App\Models\Consumable;
use App\Models\User;
use Tests\Support\InteractsWithSettings;
use Tests\TestCase;
class ConsumablesIndexTest extends TestCase
{
use InteractsWithSettings;
public function testConsumableIndexAdheresToCompanyScoping()
{
[$companyA, $companyB] = Company::factory()->count(2)->create();
$consumableA = Consumable::factory()->for($companyA)->create();
$consumableB = Consumable::factory()->for($companyB)->create();
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
$userInCompanyA = $companyA->users()->save(User::factory()->viewConsumables()->make());
$userInCompanyB = $companyB->users()->save(User::factory()->viewConsumables()->make());
$this->settings->disableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('api.consumables.index'))
->assertResponseContainsInRows($consumableA)
->assertResponseContainsInRows($consumableB);
$this->actingAsForApi($userInCompanyA)
->getJson(route('api.consumables.index'))
->assertResponseContainsInRows($consumableA)
->assertResponseContainsInRows($consumableB);
$this->actingAsForApi($userInCompanyB)
->getJson(route('api.consumables.index'))
->assertResponseContainsInRows($consumableA)
->assertResponseContainsInRows($consumableB);
$this->settings->enableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('api.consumables.index'))
->assertResponseContainsInRows($consumableA)
->assertResponseContainsInRows($consumableB);
$this->actingAsForApi($userInCompanyA)
->getJson(route('api.consumables.index'))
->assertResponseContainsInRows($consumableA)
->assertResponseDoesNotContainInRows($consumableB);
$this->actingAsForApi($userInCompanyB)
->getJson(route('api.consumables.index'))
->assertResponseDoesNotContainInRows($consumableA)
->assertResponseContainsInRows($consumableB);
}
}

60
tests/Feature/Api/Licenses/LicensesIndexTest.php Normal file
View file

@ -0,0 +1,60 @@
<?php
namespace Tests\Feature\Api\Licenses;
use App\Models\Company;
use App\Models\License;
use App\Models\User;
use Tests\Support\InteractsWithSettings;
use Tests\TestCase;
class LicensesIndexTest extends TestCase
{
use InteractsWithSettings;
public function testLicensesIndexAdheresToCompanyScoping()
{
[$companyA, $companyB] = Company::factory()->count(2)->create();
$licenseA = License::factory()->for($companyA)->create();
$licenseB = License::factory()->for($companyB)->create();
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
$userInCompanyA = $companyA->users()->save(User::factory()->viewLicenses()->make());
$userInCompanyB = $companyB->users()->save(User::factory()->viewLicenses()->make());
$this->settings->disableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('api.licenses.index'))
->assertResponseContainsInRows($licenseA)
->assertResponseContainsInRows($licenseB);
$this->actingAsForApi($userInCompanyA)
->getJson(route('api.licenses.index'))
->assertResponseContainsInRows($licenseA)
->assertResponseContainsInRows($licenseB);
$this->actingAsForApi($userInCompanyB)
->getJson(route('api.licenses.index'))
->assertResponseContainsInRows($licenseA)
->assertResponseContainsInRows($licenseB);
$this->settings->enableMultipleFullCompanySupport();
$this->actingAsForApi($superUser)
->getJson(route('api.licenses.index'))
->assertResponseContainsInRows($licenseA)
->assertResponseContainsInRows($licenseB);
$this->actingAsForApi($userInCompanyA)
->getJson(route('api.licenses.index'))
->assertResponseContainsInRows($licenseA)
->assertResponseDoesNotContainInRows($licenseB);
$this->actingAsForApi($userInCompanyB)
->getJson(route('api.licenses.index'))
->assertResponseDoesNotContainInRows($licenseA)
->assertResponseContainsInRows($licenseB);
}
}

19
tests/Feature/DashboardTest.php Normal file
View file

@ -0,0 +1,19 @@
<?php
namespace Tests\Feature;
use App\Models\User;
use Tests\Support\InteractsWithSettings;
use Tests\TestCase;
class DashboardTest extends TestCase
{
use InteractsWithSettings;
public function testUsersWithoutAdminAccessAreRedirected()
{
$this->actingAs(User::factory()->create())
->get(route('home'))
->assertRedirect(route('view-assets'));
}
}

66
tests/Support/CustomTestMacros.php Normal file
View file

@ -0,0 +1,66 @@
<?php
namespace Tests\Support;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Testing\TestResponse;
use PHPUnit\Framework\Assert;
use RuntimeException;
trait CustomTestMacros
{
protected function registerCustomMacros()
{
$guardAgainstNullProperty = function (Model $model, string $property) {
if (is_null($model->{$property})) {
throw new RuntimeException(
"The property ({$property}) either does not exist or is null on the model which isn't helpful for comparison."
);
}
};
TestResponse::macro(
'assertResponseContainsInRows',
function (Model $model, string $property = 'name') use ($guardAgainstNullProperty) {
$guardAgainstNullProperty($model, $property);
Assert::assertTrue(collect($this['rows'])->pluck($property)->contains($model->{$property}));
return $this;
}
);
TestResponse::macro(
'assertResponseDoesNotContainInRows',
function (Model $model, string $property = 'name') use ($guardAgainstNullProperty) {
$guardAgainstNullProperty($model, $property);
Assert::assertFalse(collect($this['rows'])->pluck($property)->contains($model->{$property}));
return $this;
}
);
TestResponse::macro(
'assertResponseContainsInResults',
function (Model $model, string $property = 'id') use ($guardAgainstNullProperty) {
$guardAgainstNullProperty($model, $property);
Assert::assertTrue(collect($this->json('results'))->pluck('id')->contains($model->{$property}));
return $this;
}
);
TestResponse::macro(
'assertResponseDoesNotContainInResults',
function (Model $model, string $property = 'id') use ($guardAgainstNullProperty) {
$guardAgainstNullProperty($model, $property);
Assert::assertFalse(collect($this->json('results'))->pluck('id')->contains($model->{$property}));
return $this;
}
);
}
}

16
tests/Support/InteractsWithAuthentication.php Normal file
View file

@ -0,0 +1,16 @@
<?php
namespace Tests\Support;
use Illuminate\Contracts\Auth\Authenticatable;
use Laravel\Passport\Passport;
trait InteractsWithAuthentication
{
protected function actingAsForApi(Authenticatable $user)
{
Passport::actingAs($user);
return $this;
}
}

5
tests/Support/Settings.php
View file

@ -33,6 +33,11 @@ class Settings
return $this->update(['full_multiple_companies_support' => 1]);
}
public function disableMultipleFullCompanySupport(): Settings
{
return $this->update(['full_multiple_companies_support' => 0]);
}
public function enableWebhook(): Settings
{
return $this->update([

6
tests/TestCase.php
View file

@ -5,11 +5,15 @@ namespace Tests;
use App\Http\Middleware\SecurityHeaders;
use Illuminate\Foundation\Testing\LazilyRefreshDatabase;
use Illuminate\Foundation\Testing\TestCase as BaseTestCase;
use Tests\Support\CustomTestMacros;
use Tests\Support\InteractsWithAuthentication;
use Tests\Support\InteractsWithSettings;
abstract class TestCase extends BaseTestCase
{
use CreatesApplication;
use CustomTestMacros;
use InteractsWithAuthentication;
use LazilyRefreshDatabase;
private array $globallyDisabledMiddleware = [
@ -25,5 +29,7 @@ abstract class TestCase extends BaseTestCase
if (collect(class_uses_recursive($this))->contains(InteractsWithSettings::class)) {
$this->initializeSettings();
}
$this->registerCustomMacros();
}
}

169
tests/Unit/CompanyScopingTest.php Normal file
View file

@ -0,0 +1,169 @@
<?php
namespace Tests\Unit;
use App\Models\Accessory;
use App\Models\Asset;
use App\Models\AssetMaintenance;
use App\Models\Company;
use App\Models\Component;
use App\Models\Consumable;
use App\Models\License;
use App\Models\LicenseSeat;
use App\Models\User;
use Illuminate\Database\Eloquent\Model;
use Tests\Support\InteractsWithSettings;
use Tests\TestCase;
class CompanyScopingTest extends TestCase
{
use InteractsWithSettings;
public function models(): array
{
return [
'Accessories' => [Accessory::class],
'Assets' => [Asset::class],
'Components' => [Component::class],
'Consumables' => [Consumable::class],
'Licenses' => [License::class],
];
}
/** @dataProvider models */
public function testCompanyScoping($model)
{
[$companyA, $companyB] = Company::factory()->count(2)->create();
$modelA = $model::factory()->for($companyA)->create();
$modelB = $model::factory()->for($companyB)->create();
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
$userInCompanyA = $companyA->users()->save(User::factory()->make());
$userInCompanyB = $companyB->users()->save(User::factory()->make());
$this->settings->disableMultipleFullCompanySupport();
$this->actingAs($superUser);
$this->assertCanSee($modelA);
$this->assertCanSee($modelB);
$this->actingAs($userInCompanyA);
$this->assertCanSee($modelA);
$this->assertCanSee($modelB);
$this->actingAs($userInCompanyB);
$this->assertCanSee($modelA);
$this->assertCanSee($modelB);
$this->settings->enableMultipleFullCompanySupport();
$this->actingAs($superUser);
$this->assertCanSee($modelA);
$this->assertCanSee($modelB);
$this->actingAs($userInCompanyA);
$this->assertCanSee($modelA);
$this->assertCannotSee($modelB);
$this->actingAs($userInCompanyB);
$this->assertCannotSee($modelA);
$this->assertCanSee($modelB);
}
public function testAssetMaintenanceCompanyScoping()
{
[$companyA, $companyB] = Company::factory()->count(2)->create();
$assetMaintenanceForCompanyA = AssetMaintenance::factory()->for(Asset::factory()->for($companyA))->create();
$assetMaintenanceForCompanyB = AssetMaintenance::factory()->for(Asset::factory()->for($companyB))->create();
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
$userInCompanyA = $companyA->users()->save(User::factory()->make());
$userInCompanyB = $companyB->users()->save(User::factory()->make());
$this->settings->disableMultipleFullCompanySupport();
$this->actingAs($superUser);
$this->assertCanSee($assetMaintenanceForCompanyA);
$this->assertCanSee($assetMaintenanceForCompanyB);
$this->actingAs($userInCompanyA);
$this->assertCanSee($assetMaintenanceForCompanyA);
$this->assertCanSee($assetMaintenanceForCompanyB);
$this->actingAs($userInCompanyB);
$this->assertCanSee($assetMaintenanceForCompanyA);
$this->assertCanSee($assetMaintenanceForCompanyB);
$this->settings->enableMultipleFullCompanySupport();
$this->actingAs($superUser);
$this->assertCanSee($assetMaintenanceForCompanyA);
$this->assertCanSee($assetMaintenanceForCompanyB);
$this->actingAs($userInCompanyA);
$this->assertCanSee($assetMaintenanceForCompanyA);
$this->assertCannotSee($assetMaintenanceForCompanyB);
$this->actingAs($userInCompanyB);
$this->assertCannotSee($assetMaintenanceForCompanyA);
$this->assertCanSee($assetMaintenanceForCompanyB);
}
public function testLicenseSeatCompanyScoping()
{
[$companyA, $companyB] = Company::factory()->count(2)->create();
$licenseSeatA = LicenseSeat::factory()->for(Asset::factory()->for($companyA))->create();
$licenseSeatB = LicenseSeat::factory()->for(Asset::factory()->for($companyB))->create();
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
$userInCompanyA = $companyA->users()->save(User::factory()->make());
$userInCompanyB = $companyB->users()->save(User::factory()->make());
$this->settings->disableMultipleFullCompanySupport();
$this->actingAs($superUser);
$this->assertCanSee($licenseSeatA);
$this->assertCanSee($licenseSeatB);
$this->actingAs($userInCompanyA);
$this->assertCanSee($licenseSeatA);
$this->assertCanSee($licenseSeatB);
$this->actingAs($userInCompanyB);
$this->assertCanSee($licenseSeatA);
$this->assertCanSee($licenseSeatB);
$this->settings->enableMultipleFullCompanySupport();
$this->actingAs($superUser);
$this->assertCanSee($licenseSeatA);
$this->assertCanSee($licenseSeatB);
$this->actingAs($userInCompanyA);
$this->assertCanSee($licenseSeatA);
$this->assertCannotSee($licenseSeatB);
$this->actingAs($userInCompanyB);
$this->assertCannotSee($licenseSeatA);
$this->assertCanSee($licenseSeatB);
}
private function assertCanSee(Model $model)
{
$this->assertTrue(
get_class($model)::all()->contains($model),
'User was not able to see expected model'
);
}
private function assertCannotSee(Model $model)
{
$this->assertFalse(
get_class($model)::all()->contains($model),
'User was able to see model from a different company'
);
}
}

29
upgrade.php
View file

@ -1,7 +1,9 @@
<?php
(PHP_SAPI !== 'cli' || isset($_SERVER['HTTP_USER_AGENT'])) && die('Access denied.');
$required_php_min = '7.4.0';
$php_min_works = '7.4.0';
$php_max_wontwork = '8.2.0';
if ((strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') || (!function_exists('posix_getpwuid'))) {
echo "Skipping user check as it is not supported on Windows or Posix is not installed on this server. \n";
@ -123,12 +125,12 @@ echo $env_good;
if ($env_bad !='') {
echo "\n--------------------- !! ERROR !! ----------------------\n";
echo "!!!!!!!!!!!!!!!!!!!!!!!!!! .ENV FILE ERROR !!!!!!!!!!!!!!!!!!!!!!!!!!\n";
echo "Your .env file is misconfigured. Upgrade cannot continue.\n";
echo "--------------------------------------------------------\n\n";
echo $env_bad;
echo "\n\n--------------------------------------------------------\n";
echo "ABORTING THE INSTALLER \n";
echo "!!!!!!!!!!!!!!!!!!!!!!!!! ABORTING THE UPGRADER !!!!!!!!!!!!!!!!!!!!!!\n";
echo "Please correct the issues above in ".getcwd()."/.env and try again.\n";
echo "--------------------------------------------------------\n";
exit;
@ -136,22 +138,23 @@ if ($env_bad !='') {
echo "\n--------------------------------------------------------\n";
echo "STEP 2: Checking PHP requirements: \n";
echo "STEP 2: Checking PHP requirements: (Required PHP >=". $php_min_works. " - <".$php_max_wontwork.") \n";
echo "--------------------------------------------------------\n\n";
if (version_compare(PHP_VERSION, $required_php_min, '<')) {
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ERROR !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n";
echo "This version of PHP (".PHP_VERSION.") is not compatible with Snipe-IT.\n";
echo "Snipe-IT requires PHP version ".$required_php_min." or greater. Please upgrade \n";
echo "your version of PHP (web/php-fcgi and cli) and try running this script again.\n\n\n";
exit;
if ((version_compare(phpversion(), $php_min_works, '>=')) && (version_compare(phpversion(), $php_max_wontwork, '<'))) {
echo "√ Current PHP version: (" . phpversion() . ") is at least " . $php_min_works . " and less than ".$php_max_wontwork."! Continuing... \n";
echo sprintf("FYI: The php.ini used by this PHP is: %s\n\n", get_cfg_var('cfg_file_path'));
} else {
echo "Current PHP version: (" . PHP_VERSION . ") is at least ".$required_php_min." - continuing... \n";
echo sprintf("FYI: The php.ini used by this PHP is: %s\n\n", get_cfg_var('cfg_file_path'));
echo "!!!!!!!!!!!!!!!!!!!!!!!!! PHP VERSION ERROR !!!!!!!!!!!!!!!!!!!!!!!!!\n";
echo "This version of PHP (".phpversion().") is NOT compatible with Snipe-IT.\n";
echo "Snipe-IT requires PHP versions between ".$php_min_works." and ".$php_max_wontwork.".\n";
echo "Please install a compatible version of PHP and re-run this script again. \n";
echo "!!!!!!!!!!!!!!!!!!!!!!!!! ABORTING THE UPGRADER !!!!!!!!!!!!!!!!!!!!!!\n";
exit;
}
echo "Checking Required PHP extensions... \n\n";
// Get the list of installed extensions