From 2e0c2bd190338157e8086c48de35061801a11c6b Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 7 Dec 2017 19:20:08 -0800 Subject: [PATCH 01/16] Add @Gelob as a contributor --- .all-contributorsrc | 9 +++++++++ README.md | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.all-contributorsrc b/.all-contributorsrc index 4b205114c0..37d93b9edb 100644 --- a/.all-contributorsrc +++ b/.all-contributorsrc @@ -829,6 +829,15 @@ "test", "code" ] + }, + { + "login": "Gelob", + "name": "Ryan", + "avatar_url": "https://avatars3.githubusercontent.com/u/422752?v=4", + "profile": "https://github.com/Gelob", + "contributions": [ + "doc" + ] } ] } diff --git a/README.md b/README.md index 0e6326a454..dff4a34818 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ [![Build Status](https://travis-ci.org/snipe/snipe-it.svg?branch=develop)](https://travis-ci.org/snipe/snipe-it) [![Stories in Ready](https://badge.waffle.io/snipe/snipe-it.png?label=ready+for+dev&title=Ready+for+development)](http://waffle.io/snipe/snipe-it) [![Maintenance](https://img.shields.io/maintenance/yes/2017.svg)]() [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/snipe/snipe-it?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeyhead.svg?style=social)](https://twitter.com/snipeyhead) [![Zenhub](https://img.shields.io/badge/Shipping_faster_with-ZenHub-5e60ba.svg)](https://zenhub.io) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&utm_medium=referral&utm_content=snipe/snipe-it&utm_campaign=Badge_Grade) -[![All Contributors](https://img.shields.io/badge/all_contributors-89-orange.svg?style=flat-square)](#contributors) +[![All Contributors](https://img.shields.io/badge/all_contributors-90-orange.svg?style=flat-square)](#contributors) ## Snipe-IT - Open Source Asset Management System @@ -68,7 +68,7 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken | [
Gil Rutkowski](http://FlashingCursor.com)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=flashingcursor "Code") | [
Desmond Morris](http://www.desmondmorris.com)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=desmondmorris "Code") | [
Nick Peelman](http://peelman.us)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=peelman "Code") | [
Abraham Vegh](https://abrahamvegh.com)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=abrahamvegh "Code") | [
Mohamed Rashid](https://github.com/rashivkp)
[πŸ“–](https://github.com/snipe/snipe-it/commits?author=rashivkp "Documentation") | [
Kasey](http://hinchk.github.io)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=HinchK "Code") | [
Brett](https://github.com/BrettFagerlund)
[⚠️](https://github.com/snipe/snipe-it/commits?author=BrettFagerlund "Tests") | | [
Jason Spriggs](http://jasonspriggs.com)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=jasonspriggs "Code") | [
Nate Felton](http://n8felton.wordpress.com)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=n8felton "Code") | [
Manasses Ferreira](http://homepages.dcc.ufmg.br/~manassesferreira)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=manassesferreira "Code") | [
Steve](https://github.com/steveelwood)
[⚠️](https://github.com/snipe/snipe-it/commits?author=steveelwood "Tests") | [
matc](http://twitter.com/matc)
[⚠️](https://github.com/snipe/snipe-it/commits?author=matc "Tests") | [
Cole R. Davis](http://www.davisracingteam.com)
[⚠️](https://github.com/snipe/snipe-it/commits?author=VanillaNinjaD "Tests") | [
gibsonjoshua55](https://github.com/gibsonjoshua55)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=gibsonjoshua55 "Code") | | [
Robin Temme](https://github.com/zwerch)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=zwerch "Code") | [
Iman](https://github.com/imanghafoori1)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=imanghafoori1 "Code") | [
Richard Hofman](https://github.com/richardhofman6)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=richardhofman6 "Code") | [
gizzmojr](https://github.com/gizzmojr)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=gizzmojr "Code") | [
Jenny Li](https://github.com/imjennyli)
[πŸ“–](https://github.com/snipe/snipe-it/commits?author=imjennyli "Documentation") | [
Geoff Young](https://github.com/GeoffYoung)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=GeoffYoung "Code") | [
Elliot Blackburn](http://www.elliotblackburn.com)
[πŸ“–](https://github.com/snipe/snipe-it/commits?author=BlueHatbRit "Documentation") | -| [
TΓ΅nis Ormisson](http://andmemasin.eu)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=TonisOrmisson "Code") | [
Nicolai Essig](http://www.nicolai-essig.de)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=thakilla "Code") | [
Danielle](https://github.com/techincolor)
[πŸ“–](https://github.com/snipe/snipe-it/commits?author=techincolor "Documentation") | [
Lawrence](https://github.com/TheVakman)
[⚠️](https://github.com/snipe/snipe-it/commits?author=TheVakman "Tests") [πŸ›](https://github.com/snipe/snipe-it/issues?q=author%3ATheVakman "Bug reports") | [
uknzaeinozpas](https://github.com/uknzaeinozpas)
[⚠️](https://github.com/snipe/snipe-it/commits?author=uknzaeinozpas "Tests") [πŸ’»](https://github.com/snipe/snipe-it/commits?author=uknzaeinozpas "Code") | +| [
TΓ΅nis Ormisson](http://andmemasin.eu)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=TonisOrmisson "Code") | [
Nicolai Essig](http://www.nicolai-essig.de)
[πŸ’»](https://github.com/snipe/snipe-it/commits?author=thakilla "Code") | [
Danielle](https://github.com/techincolor)
[πŸ“–](https://github.com/snipe/snipe-it/commits?author=techincolor "Documentation") | [
Lawrence](https://github.com/TheVakman)
[⚠️](https://github.com/snipe/snipe-it/commits?author=TheVakman "Tests") [πŸ›](https://github.com/snipe/snipe-it/issues?q=author%3ATheVakman "Bug reports") | [
uknzaeinozpas](https://github.com/uknzaeinozpas)
[⚠️](https://github.com/snipe/snipe-it/commits?author=uknzaeinozpas "Tests") [πŸ’»](https://github.com/snipe/snipe-it/commits?author=uknzaeinozpas "Code") | [
Ryan](https://github.com/Gelob)
[πŸ“–](https://github.com/snipe/snipe-it/commits?author=Gelob "Documentation") | This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome! From 0ea31008964a2aa4bbbe4d9feb64cc359e0b1e10 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 7 Dec 2017 19:23:34 -0800 Subject: [PATCH 02/16] Bumped hash --- config/version.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/version.php b/config/version.php index 397ef8baaf..d9e35dde39 100644 --- a/config/version.php +++ b/config/version.php @@ -1,10 +1,10 @@ 'v4.1.8-pre', - 'full_app_version' => 'v4.1.8-pre - build 3034-', - 'build_version' => '3034', + 'full_app_version' => 'v4.1.8-pre - build 3068-gceca76b', + 'build_version' => '3068', 'prerelease_version' => '', - 'hash_version' => '', - 'full_hash' => 'v4.1.7', + 'hash_version' => 'gceca76b', + 'full_hash' => 'v4.1.7-34-gceca76b', 'branch' => 'develop', ); From 035f7a529269288caabedf1e11e1c8e11750fd4d Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 7 Dec 2017 19:24:03 -0800 Subject: [PATCH 03/16] Formatted version --- config/version.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/version.php b/config/version.php index d9e35dde39..0bb0d6d2da 100644 --- a/config/version.php +++ b/config/version.php @@ -1,7 +1,7 @@ 'v4.1.8-pre', - 'full_app_version' => 'v4.1.8-pre - build 3068-gceca76b', + 'full_app_version' => 'v4.1.8-pre - build 3068 (gceca76b)', 'build_version' => '3068', 'prerelease_version' => '', 'hash_version' => 'gceca76b', From defed52caa18978e85a24f493d5c8133415d1f1a Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 7 Dec 2017 20:59:55 -0800 Subject: [PATCH 04/16] Fixed #4596 - manufacturer gate --- app/Policies/ManufacturerPolicy.php | 13 +++++++++++++ app/Providers/AuthServiceProvider.php | 6 ++++++ 2 files changed, 19 insertions(+) create mode 100644 app/Policies/ManufacturerPolicy.php diff --git a/app/Policies/ManufacturerPolicy.php b/app/Policies/ManufacturerPolicy.php new file mode 100644 index 0000000000..8800b46c30 --- /dev/null +++ b/app/Policies/ManufacturerPolicy.php @@ -0,0 +1,13 @@ + StatuslabelPolicy::class, Supplier::class => SupplierPolicy::class, User::class => UserPolicy::class, + Manufacturer::class => ManufacturerPolicy::class, ]; /** @@ -126,6 +131,7 @@ class AuthServiceProvider extends ServiceProvider || $user->can('view', \App\Models\Department::class) || $user->can('view', \App\Models\Location::class) || $user->can('view', \App\Models\Company::class) + || $user->can('view', \App\Models\Manufacturer::class) || $user->can('view', \App\Models\Depreciation::class); }); } From a65ea639ed4b5989df23d2cd1fd4b25f20a3fe64 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 7 Dec 2017 21:00:09 -0800 Subject: [PATCH 05/16] Added comments to SnipePermissionsPolicy for clarity --- app/Policies/SnipePermissionsPolicy.php | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/app/Policies/SnipePermissionsPolicy.php b/app/Policies/SnipePermissionsPolicy.php index d0aac0eca6..b8d4501bdf 100644 --- a/app/Policies/SnipePermissionsPolicy.php +++ b/app/Policies/SnipePermissionsPolicy.php @@ -5,9 +5,31 @@ use App\Models\Company; use App\Models\User; use Illuminate\Auth\Access\HandlesAuthorization; +/** + * SnipePermissionsPolicy provides methods for handling the granular permissions used throughout Snipe-IT. + * Each "area" of a permission (which is usually a model, like Assets, Departments, etc), has a setting + * in config/permissions.php like view/create/edit/delete (and sometimes some extra stuff like + * checkout/checkin, etc.) + * + * A Policy should exist for each of these models, however if they only use the standard view/create/edit/delete, + * the policy can be pretty simple, for example with just one method setting the column name: + * + * protected function columnName() + * { + * return 'manufacturers'; + * } + * + */ + abstract class SnipePermissionsPolicy { - // This should return the key of the model in the users json permission string. + /** + * This should return the key of the model in the users json permission string. + * + * @return boolean + */ + + // abstract protected function columnName(); use HandlesAuthorization; From 3df62a200fc8f30fd48761781663ba08f37e022a Mon Sep 17 00:00:00 2001 From: snipe Date: Fri, 8 Dec 2017 13:16:37 -0800 Subject: [PATCH 06/16] Fixed manufacturer gates --- app/Http/Controllers/ManufacturersController.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/Http/Controllers/ManufacturersController.php b/app/Http/Controllers/ManufacturersController.php index c936b90e5d..39a8f7acf2 100755 --- a/app/Http/Controllers/ManufacturersController.php +++ b/app/Http/Controllers/ManufacturersController.php @@ -35,6 +35,7 @@ class ManufacturersController extends Controller */ public function index() { + $this->authorize('index', Manufacturer::class); return view('manufacturers/index', compact('manufacturers')); } @@ -49,6 +50,7 @@ class ManufacturersController extends Controller */ public function create() { + $this->authorize('create', Manufacturer::class); return view('manufacturers/edit')->with('item', new Manufacturer); } @@ -65,6 +67,7 @@ class ManufacturersController extends Controller public function store(ImageUploadRequest $request) { + $this->authorize('edit', Manufacturer::class); $manufacturer = new Manufacturer; $manufacturer->name = $request->input('name'); $manufacturer->user_id = Auth::user()->id; @@ -104,6 +107,7 @@ class ManufacturersController extends Controller */ public function edit($id = null) { + $this->authorize('edit', Manufacturer::class); // Check if the manufacturer exists if (is_null($item = Manufacturer::find($id))) { return redirect()->route('manufacturers.index')->with('error', trans('admin/manufacturers/message.does_not_exist')); @@ -125,6 +129,7 @@ class ManufacturersController extends Controller */ public function update(ImageUploadRequest $request, $manufacturerId = null) { + $this->authorize('edit', Manufacturer::class); // Check if the manufacturer exists if (is_null($manufacturer = Manufacturer::find($manufacturerId))) { // Redirect to the manufacturer page @@ -186,6 +191,7 @@ class ManufacturersController extends Controller */ public function destroy($manufacturerId) { + $this->authorize('delete', Manufacturer::class); // Check if the manufacturer exists if (is_null($manufacturer = Manufacturer::find($manufacturerId))) { // Redirect to the manufacturers page @@ -224,6 +230,7 @@ class ManufacturersController extends Controller */ public function show($manufacturerId = null) { + $this->authorize('view', Manufacturer::class); $manufacturer = Manufacturer::find($manufacturerId); if (isset($manufacturer->id)) { From 557714e7b74d441c3154e59fc185e24bc3e7b34c Mon Sep 17 00:00:00 2001 From: snipe Date: Fri, 8 Dec 2017 13:19:10 -0800 Subject: [PATCH 07/16] Fixed #2810 - checkin fix for licenses --- resources/views/licenses/view.blade.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/views/licenses/view.blade.php b/resources/views/licenses/view.blade.php index 2b8d3391a7..6ee5ffc7c9 100755 --- a/resources/views/licenses/view.blade.php +++ b/resources/views/licenses/view.blade.php @@ -87,7 +87,7 @@ @endif - @can('checkout', $licensedto) + @can('checkout', $license) @if (($licensedto->assigned_to) || ($licensedto->asset_id)) @if ($license->reassignable) From e1423bd9d912ed42b139cf91178ae419fd308c06 Mon Sep 17 00:00:00 2001 From: snipe Date: Fri, 8 Dec 2017 14:02:27 -0800 Subject: [PATCH 08/16] One more fix for #2810 --- app/Http/Controllers/LicensesController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Controllers/LicensesController.php b/app/Http/Controllers/LicensesController.php index 4447836772..9608fdb56c 100755 --- a/app/Http/Controllers/LicensesController.php +++ b/app/Http/Controllers/LicensesController.php @@ -387,7 +387,7 @@ class LicensesController extends Controller $license = License::find($licenseSeat->license_id); - $this->authorize('checkin', $licenseSeat); + $this->authorize('checkin', $license); if (!$license->reassignable) { // Not allowed to checkin From f90271dae52cfd09e23a35ca338b2afc9c1036d2 Mon Sep 17 00:00:00 2001 From: snipe Date: Fri, 8 Dec 2017 14:33:12 -0800 Subject: [PATCH 09/16] Aaaaand one more for #2810. Sigh. --- app/Http/Controllers/LicensesController.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/LicensesController.php b/app/Http/Controllers/LicensesController.php index 9608fdb56c..559f979fad 100755 --- a/app/Http/Controllers/LicensesController.php +++ b/app/Http/Controllers/LicensesController.php @@ -362,7 +362,14 @@ class LicensesController extends Controller // Redirect to the asset management page with error return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found')); } - $this->authorize('checkin', $licenseSeat); + + if (is_null($license = License::find($licenseSeat->license_id))) { + // Redirect to the asset management page with error + return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found')); + } + + + $this->authorize('checkout', $license); return view('licenses/checkin', compact('licenseSeat'))->with('backto', $backTo); } @@ -386,8 +393,7 @@ class LicensesController extends Controller } $license = License::find($licenseSeat->license_id); - - $this->authorize('checkin', $license); + $this->authorize('checkout', $license); if (!$license->reassignable) { // Not allowed to checkin From 5ee6e7f94bd5056c74e3ffbcea9b5076c0d582db Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 11 Dec 2017 22:31:07 -0800 Subject: [PATCH 10/16] Fixed #4613 - Added table prefix to user search DB raw --- app/Models/User.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/Models/User.php b/app/Models/User.php index 4cb790e287..b1de55443b 100755 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -13,6 +13,7 @@ use Illuminate\Database\Eloquent\SoftDeletes; use App\Http\Traits\UniqueUndeletedTrait; use Illuminate\Notifications\Notifiable; use Laravel\Passport\HasApiTokens; +use DB; class User extends SnipeModel implements AuthenticatableContract, CanResetPasswordContract { @@ -441,7 +442,7 @@ class User extends SnipeModel implements AuthenticatableContract, CanResetPasswo //Ugly, ugly code because Laravel sucks at self-joins ->orWhere(function ($query) use ($search) { - $query->whereRaw("users.manager_id IN (select id from users where first_name LIKE ? OR last_name LIKE ?)", ["%$search%", "%$search%"]); + $query->whereRaw(DB::getTablePrefix()."users.manager_id IN (select id from ".DB::getTablePrefix()."users where first_name LIKE ? OR last_name LIKE ?)", ["%$search%", "%$search%"]); }); From 5b00a8ae336202371183be20b6fc14a02a5e05c5 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 11 Dec 2017 22:50:55 -0800 Subject: [PATCH 11/16] Use specific company_id column name in user search --- app/Http/Controllers/Api/UsersController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 84f38fe158..27bb31fbf5 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -68,11 +68,11 @@ class UsersController extends Controller } if ($request->has('company_id')) { - $users = $users->where('company_id', '=', $request->input('company_id')); + $users = $users->where('users.company_id', '=', $request->input('company_id')); } if ($request->has('location_id')) { - $users = $users->where('location_id', '=', $request->input('location_id')); + $users = $users->where('users.location_id', '=', $request->input('location_id')); } if ($request->has('group_id')) { From 2b3e5c880023e5931edb858075558cbfca0791b8 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 12 Dec 2017 02:31:26 -0800 Subject: [PATCH 12/16] =?UTF-8?q?Moved=20=E2=80=9Cdeleted=E2=80=9D=20alert?= =?UTF-8?q?=20banner=20higher=20on=20page?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- resources/views/hardware/view.blade.php | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/resources/views/hardware/view.blade.php b/resources/views/hardware/view.blade.php index a55de38396..6ee49939d6 100755 --- a/resources/views/hardware/view.blade.php +++ b/resources/views/hardware/view.blade.php @@ -32,19 +32,22 @@ {{-- Page content --}} @section('content')
+ + @if ($asset->deleted_at!='') +
+
+ + WARNING: + This asset has been deleted. + You must restore it before you can assign it to someone. +
+
+ @endif +
- @if ($asset->deleted_at!='') -
-
- - WARNING: - This asset has been deleted. - You must restore it before you can assign it to someone. -
-
- @endif +
From d91e8bfee5a371281fc7562f8c0ca21229dcb080 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 12 Dec 2017 02:31:36 -0800 Subject: [PATCH 13/16] Fixed select2 on setup --- resources/views/layouts/setup.blade.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/resources/views/layouts/setup.blade.php b/resources/views/layouts/setup.blade.php index 258ba34a72..349854c01f 100644 --- a/resources/views/layouts/setup.blade.php +++ b/resources/views/layouts/setup.blade.php @@ -6,13 +6,14 @@ Snipe-IT Setup @show - + +