DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-09 23:24:06 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Discussion: Moving to policies for controller based authorization (#3080)

Browse source 
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.
This commit is contained in:
Daniel Meltzer 2016-12-19 13:04:28 -06:00 committed by snipe
parent ae2cb5fe68
commit cd8c585377
83 changed files with 2439 additions and 1281 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.env.testing
View file

@ -3,7 +3,7 @@
# --------------------------------------------
APP_ENV=testing
APP_DEBUG=true
APP_KEY=ChangeMe
APP_KEY=base64:glJpcM7BYwWiBggp3SQ/+NlRkqsBQMaGEOjemXqJzOU=
APP_URL=http://localhost:8000
APP_TIMEZONE='US/Pacific'
APP_LOCALE=en

21
.travis.yml
View file

@ -14,18 +14,18 @@ php:
# execute any number of scripts before the test run, custom env's are available as variables
before_script:
- phantomjs --webdriver=4444 &
- sleep 10
- sleep 4
- mysql -e "create database IF NOT EXISTS snipeit_unit;" -utravis
- composer self-update
- composer install -n --prefer-source
- cp .env.testing-ci .env
- chmod -R 777 storage
- php artisan migrate --database=mysql --force
- php artisan migrate --env=testing-ci --database=mysql --force
- ./vendor/bin/codecept build
- php artisan key:generate
- php artisan db:seed --database=mysql --force
- php artisan snipeit:create-admin --first_name=Alison --last_name=Foobar --email=me@example.com --username=snipe --password=password
- php artisan serve --port=8000 --host=localhost &
- php artisan key:generate --env=testing-ci
- php artisan db:seed --env=testing-ci --database=mysql --force
- php artisan --env=testing-ci snipeit:create-admin --first_name=Alison --last_name=Foobar --email=me@example.com --username=snipe --password=password
- php artisan --env=testing-ci snipeit:travisci-install
- php artisan serve --env=testing-ci --port=8000 --host=localhost &
- sleep 5
- pip install --user codecov
- sleep 5
@ -34,16 +34,17 @@ before_script:
# omitting "script:" will default to phpunit
# use the $DB env variable to determine the phpunit.xml to use
# script: ./vendor/bin/codecept run --env testing-ci - broken :(
script: ./vendor/bin/codecept run unit --env testing-ci
# script: ./vendor/bin/codecept run --env testing-ci
script: ./vendor/bin/codecept run unit --env testing-ci && ./vendor/bin/codecept run functional --env=functional-travis
#script: ./vendor/bin/codecept run
after_success:
- codecov
after_failure:
- cat tests/_output/AccessoriesCept.fail.html
- cat tests/_output/*.fail.html
- curl http://localhost:8000/login
- cat storage/logs/laravel.log
# configure notifications (email, IRC, campfire etc)
notifications:

2
app/Console/Commands/SendExpirationAlerts.php
View file

@ -89,7 +89,7 @@ class SendExpirationAlerts extends Command
} else {
$license_data['email_content'] .= '<tr style="background-color:#d9534f;">';
}
$license_data['email_content'] .= '<td><a href="'.config('app.url').'/admin/licenses/'.$license->id.'/view">';
$license_data['email_content'] .= '<td><a href="'.route('licenses.show', $license->id).'">';
$license_data['email_content'] .= $license->name.'</a></td>';
$license_data['email_content'] .= '<td>'.$license->expiration_date.'</td>';
$license_data['email_content'] .= '<td>'.$difference.' days</td>';

5
app/Console/Kernel.php
View file

@ -40,4 +40,9 @@ class Kernel extends ConsoleKernel
$schedule->command('snipeit:backup')->weekly();
$schedule->command('backup:clean')->daily();
}
protected function commands()
{
require base_path('routes/console.php');
}
}

72
app/Http/Controllers/AccessoriesController.php
View file

@ -40,6 +40,7 @@ class AccessoriesController extends Controller
*/
public function index(Request $request)
{
$this->authorize('index', Accessory::class);
return View::make('accessories/index');
}
@ -52,6 +53,7 @@ class AccessoriesController extends Controller
*/
public function create(Request $request)
{
$this->authorize('create', Accessory::class);
// Show the page
return View::make('accessories/edit')
->with('item', new Accessory)
@ -70,7 +72,7 @@ class AccessoriesController extends Controller
*/
public function store(Request $request)
{
$this->authorize(Accessory::class);
// create a new model instance
$accessory = new Accessory();
@ -123,10 +125,10 @@ class AccessoriesController extends Controller
if (is_null($item = Accessory::find($accessoryId))) {
// Redirect to the blogs management page
return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($item)) {
return redirect()->route('accessories.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize($item);
return View::make('accessories/edit', compact('item'))
->with('category_list', Helper::categoryList('accessory'))
->with('company_list', Helper::companyList())
@ -148,10 +150,10 @@ class AccessoriesController extends Controller
if (is_null($accessory = Accessory::find($accessoryId))) {
// Redirect to the accessory index page
return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($accessory)) {
return redirect()->route('accessories.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize($accessory);
// Update the accessory data
$accessory->name = e(Input::get('name'));
@ -205,10 +207,10 @@ class AccessoriesController extends Controller
if (is_null($accessory = Accessory::find($accessoryId))) {
// Redirect to the blogs management page
return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.not_found'));
} elseif (!Company::isCurrentUserHasAccess($accessory)) {
return redirect()->route('accessories.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize($accessory);
if ($accessory->hasUsers() > 0) {
return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.assoc_users', array('count'=> $accessory->hasUsers())));
@ -236,14 +238,9 @@ class AccessoriesController extends Controller
public function show(Request $request, $accessoryID = null)
{
$accessory = Accessory::find($accessoryID);
$this->authorize('view', $accessory);
if (isset($accessory->id)) {
if (!Company::isCurrentUserHasAccess($accessory)) {
return redirect()->route('accessories.index')->with('error', trans('general.insufficient_permissions'));
} else {
return View::make('accessories/view', compact('accessory'));
}
return View::make('accessories/view', compact('accessory'));
} else {
// Prepare the error message
$error = trans('admin/accessories/message.does_not_exist', compact('id'));
@ -267,11 +264,11 @@ class AccessoriesController extends Controller
// Check if the accessory exists
if (is_null($accessory = Accessory::find($accessoryId))) {
// Redirect to the accessory management page with error
return redirect()->to('accessories.index')->with('error', trans('admin/accessories/message.not_found'));
} elseif (!Company::isCurrentUserHasAccess($accessory)) {
return redirect()->route('accessories.index')->with('error', trans('general.insufficient_permissions'));
return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.not_found'));
}
$this->authorize('checkout', $accessory);
// Get the dropdown of users and then pass it to the checkout view
$users_list = Helper::usersList();
@ -295,10 +292,10 @@ class AccessoriesController extends Controller
if (is_null($accessory = Accessory::find($accessoryId))) {
// Redirect to the accessory management page with error
return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.user_not_found'));
} elseif (!Company::isCurrentUserHasAccess($accessory)) {
return redirect()->route('accessories.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkout', $accessory);
if (!$user = User::find(Input::get('assigned_to'))) {
return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.not_found'));
}
@ -336,7 +333,7 @@ class AccessoriesController extends Controller
'fields' => [
[
'title' => 'Checked Out:',
'value' => 'Accessory <'.url('/').'/admin/accessories/'.$accessory->id.'/view'.'|'.$accessory->name.'> checked out to <'.url('/').'/admin/users/'.$user->id.'/view|'.$user->fullName().'> by <'.url('/').'/admin/users/'.$admin_user->id.'/view'.'|'.$admin_user->fullName().'>.'
'value' => 'Accessory <'.route('accessories.show', $accessory->id).'|'.$accessory->name.'> checked out to <'.route('users.show', $user->id).'|'.$user->fullName().'> by <'.route('users.show', $admin_user->id).'|'.$admin_user->fullName().'>.'
],
[
'title' => 'Note:',
@ -397,12 +394,8 @@ class AccessoriesController extends Controller
}
$accessory = Accessory::find($accessory_user->accessory_id);
if (!Company::isCurrentUserHasAccess($accessory)) {
return redirect()->route('accessories.index')->with('error', trans('general.insufficient_permissions'));
} else {
return View::make('accessories/checkin', compact('accessory'))->with('backto', $backto);
}
$this->authorize('checkin', $accessory);
return View::make('accessories/checkin', compact('accessory'))->with('backto', $backto);
}
@ -425,9 +418,7 @@ class AccessoriesController extends Controller
$accessory = Accessory::find($accessory_user->accessory_id);
if (!Company::isCurrentUserHasAccess($accessory)) {
return redirect()->route('accessories.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkin', $accessory);
$return_to = e($accessory_user->assigned_to);
$logaction = $accessory->logCheckin(User::find($return_to), e(Input::get('note')));
@ -456,7 +447,7 @@ class AccessoriesController extends Controller
'fields' => [
[
'title' => 'Checked In:',
'value' => class_basename(strtoupper($logaction->item_type)).' <'.url('/').'/admin/accessories/'.e($accessory->id).'/view'.'|'.e($accessory->name).'> checked in by <'.url('/').'/admin/users/'.e($admin_user->id).'/view'.'|'.e($admin_user->fullName()).'>.'
'value' => class_basename(strtoupper($logaction->item_type)).' <'.route('accessories.show', $accessory->id).'|'.e($accessory->name).'> checked in by <'.route('users.show', $admin_user->id).'|'.e($admin_user->fullName()).'>.'
],
[
'title' => 'Note:',
@ -493,9 +484,9 @@ class AccessoriesController extends Controller
}
if ($backto=='user') {
return redirect()->to("admin/users/".$return_to.'/view')->with('success', trans('admin/accessories/message.checkin.success'));
return redirect()->route("users.show", $return_to)->with('success', trans('admin/accessories/message.checkin.success'));
} else {
return redirect()->to("admin/accessories/".$accessory->id."/view")->with('success', trans('admin/accessories/message.checkin.success'));
return redirect()->route("accessories.show", $accessory->id)->with('success', trans('admin/accessories/message.checkin.success'));
}
}
@ -532,6 +523,7 @@ class AccessoriesController extends Controller
**/
public function getDatatable(Request $request)
{
$this->authorize('index', Accessory::class);
$accessories = Company::scopeCompanyables(
Accessory::select('accessories.*')
->whereNull('accessories.deleted_at')
@ -578,15 +570,15 @@ class AccessoriesController extends Controller
foreach ($accessories as $accessory) {
$actions = '<nobr>';
if (Gate::allows('accessories.checkout')) {
if (Gate::allows('checkout', $accessory)) {
$actions .= '<a href="' . route('checkout/accessory',
$accessory->id) . '" style="margin-right:5px;" class="btn btn-info btn-sm" ' . (($accessory->numRemaining() > 0) ? '' : ' disabled') . '>' . trans('general.checkout') . '</a>';
}
if (Gate::allows('accessories.edit')) {
if (Gate::allows('update', $accessory)) {
$actions .= '<a href="' . route('accessories.update',
$accessory->id) . '" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a>';
}
if (Gate::allows('accessories.delete')) {
if (Gate::allows('delete', $accessory)) {
$actions .= '<a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="' . route('accessories.destroy',
$accessory->id) . '" data-content="' . trans('admin/accessories/message.delete.confirm') . '" data-title="' . trans('general.delete') . ' ' . htmlspecialchars($accessory->name) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>';
}
@ -594,7 +586,7 @@ class AccessoriesController extends Controller
$company = $accessory->company;
$rows[] = array(
'name' => '<a href="'.url('admin/accessories/'.$accessory->id).'/view">'. $accessory->name.'</a>',
'name' => '<a href="'.route('accessories.show',$accessory->id).'">'. $accessory->name.'</a>',
'category' => ($accessory->category) ? (string)link_to('admin/settings/categories/'.$accessory->category->id.'/view', $accessory->category->name) : '',
'model_number' => e($accessory->model_number),
'qty' => e($accessory->qty),
@ -606,7 +598,7 @@ class AccessoriesController extends Controller
'numRemaining' => $accessory->numRemaining(),
'actions' => $actions,
'companyName' => is_null($company) ? '' : e($company->name),
'manufacturer' => $accessory->manufacturer ? (string) link_to('/admin/settings/manufacturers/'.$accessory->manufacturer_id.'/view', $accessory->manufacturer->name) : ''
'manufacturer' => $accessory->manufacturer ? (string) link_to(route('manufacturers.show', $accessory->manufacturer_id), $accessory->manufacturer->name) : ''
);
}
@ -657,13 +649,13 @@ class AccessoriesController extends Controller
foreach ($accessory_users as $user) {
$actions = '';
if (Gate::allows('accessories.checkin')) {
if (Gate::allows('checkin', $accessory)) {
$actions .= '<a href="' . route('checkin/accessory',
$user->pivot->id) . '" class="btn btn-info btn-sm">Checkin</a>';
}
if (Gate::allows('users.view')) {
$name = (string) link_to('/admin/users/'.$user->id.'/view', e($user->fullName()));
if (Gate::allows('view', $user)) {
$name = (string) link_to_route('users.show', e($user->fullName()), [$user->id]);
} else {
$name = e($user->fullName());
}

2
app/Http/Controllers/ActionlogController.php
View file

@ -9,7 +9,7 @@ class ActionlogController extends Controller
{
public function displaySig($filename)
{
$this->authorize('view', \App\Models\Asset::class);
$file = config('app.private_uploads') . '/signatures/' . $filename;
$filetype = Helper::checkUploadIsImage($file);
$contents = file_get_contents($file);

30
app/Http/Controllers/AssetMaintenancesController.php
View file

@ -117,7 +117,7 @@ class AssetMaintenancesController extends Controller
foreach ($maintenances as $maintenance) {
$actions = '';
if (Gate::allows('assets.edit')) {
if (Gate::allows('update', Asset::class)) {
$actions .= '<nobr><a href="' . route('maintenances.edit',
$maintenance->id) . '" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="' . route('maintenances.destroy',
$maintenance->id) . '" data-content="' . trans('admin/asset_maintenances/message.delete.confirm') . '" data-title="' . trans('general.delete') . ' ' . htmlspecialchars($maintenance->title) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a></nobr>';
@ -134,13 +134,13 @@ class AssetMaintenancesController extends Controller
'asset_name' => ($maintenance->asset) ? (string)link_to_route('maintenances.show', $maintenance->asset->showAssetName(), ['maintenance' => $maintenance->asset->id]) : 'Deleted Asset' ,
'title' => $maintenance->title,
'notes' => $maintenance->notes,
'supplier' => ($maintenance->supplier) ? (string)link_to('/admin/settings/suppliers/'.$maintenance->supplier->id.'/view', $maintenance->supplier->name) : 'Deleted Supplier',
'supplier' => ($maintenance->supplier) ? (string)link_to_route('suppliers.show', $maintenance->supplier->name, ['maintenance'=>$maintenance->supplier->id]) : 'Deleted Supplier',
'cost' => $maintenance_cost,
'asset_maintenance_type' => e($maintenance->asset_maintenance_type),
'start_date' => $maintenance->start_date,
'asset_maintenance_time' => $maintenance->asset_maintenance_time,
'completion_date' => $maintenance->completion_date,
'user_id' => ($maintenance->admin) ? (string)link_to('/admin/users/'.$maintenance->admin->id.'/view', $maintenance->admin->fullName()) : '',
'user_id' => ($maintenance->admin) ? (string)link_to_route('users.show', $maintenance->admin->fullName(), ['user'=>$maintenance->admin->id]) : '',
'actions' => $actions,
'companyName' => ($maintenance->asset->company) ? $maintenance->asset->company->name : ''
);
@ -152,22 +152,22 @@ class AssetMaintenancesController extends Controller
}
/**
* Returns a form view to create a new asset maintenance.
*
* @see AssetMaintenancesController::postCreate() method that stores the data
* @author Vincent Sposato <vincent.sposato@gmail.com>
* @version v1.0
* @since [v1.8]
* @return mixed
*/
public function create($assetId = null)
* Returns a form view to create a new asset maintenance.
*
* @see AssetMaintenancesController::postCreate() method that stores the data
* @author Vincent Sposato <vincent.sposato@gmail.com>
* @version v1.0
* @since [v1.8]
* @return mixed
*/
public function create()
{
// Prepare Asset Maintenance Type List
$assetMaintenanceType = [
'' => 'Select an asset maintenance type',
] + AssetMaintenance::getImprovementOptions();
// Mark the selected asset, if it came in
$selectedAsset = $assetId;
$selectedAsset = request('asset_id');
$assets = Helper::detailedAssetList();
@ -196,7 +196,7 @@ class AssetMaintenancesController extends Controller
// get the POST data
$new = $request->all();
// dd($new);
// create a new model instance
$assetMaintenance = new AssetMaintenance();
@ -308,7 +308,7 @@ class AssetMaintenancesController extends Controller
'' => 'Select an improvement type',
] + AssetMaintenance::getImprovementOptions();
$assets = Company::scopeCompanyables(Asset::with('model','assignedUser')->get(), 'assets.company_id')->lists('detailed_name', 'id');
$assets = Helper::detailedAssetList();
// Get Supplier List
$supplier_list = Helper::suppliersList();

56
app/Http/Controllers/AssetModelsController.php
View file

@ -176,7 +176,7 @@ class AssetModelsController extends Controller
// Check if the model exists
if (is_null($item = AssetModel::find($modelId))) {
// Redirect to the model management page
return redirect()->to('assets/models')->with('error', trans('admin/models/message.does_not_exist'));
return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist'));
}
$depreciation_list = Helper::depreciationList();
@ -205,7 +205,7 @@ class AssetModelsController extends Controller
// Check if the model exists
if (is_null($model = AssetModel::find($modelId))) {
// Redirect to the models management page
return redirect()->to('admin/models')->with('error', trans('admin/models/message.does_not_exist'));
return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist'));
}
@ -276,8 +276,7 @@ class AssetModelsController extends Controller
{
// Check if the model exists
if (is_null($model = AssetModel::find($modelId))) {
// Redirect to the blogs management page
return redirect()->to('hardware/models')->with('error', trans('admin/models/message.not_found'));
return redirect()->route('models.index')->with('error', trans('admin/models/message.not_found'));
}
if ($model->assets->count() > 0) {
@ -363,8 +362,7 @@ class AssetModelsController extends Controller
{
// Check if the model exists
if (is_null($model_to_clone = AssetModel::find($modelId))) {
// Redirect to the model management page
return redirect()->to('assets/models')->with('error', trans('admin/models/message.does_not_exist'));
return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist'));
}
$model = clone $model_to_clone;
@ -459,16 +457,16 @@ class AssetModelsController extends Controller
$rows[] = array(
'id' => $model->id,
'manufacturer' => (string)link_to('/admin/settings/manufacturers/'.$model->manufacturer->id.'/view', $model->manufacturer->name),
'manufacturer' => (string)link_to_route('manufacturers.show', $model->manufacturer->name, ['manufacturer' => $model->manufacturer->id]),
'name' => (string)link_to_route('models.show',$model->name, ['model' => $model->id]),
'image' => ($model->image!='') ? '<img src="'.url('/').'/uploads/models/'.$model->image.'" height=50 width=50>' : '',
'image' => ($model->image!='') ? '<img src="'.url('/').'/uploads/models/'.$model->image.'" height=50 width=50>' : '',
'modelnumber' => $model->model_number,
'numassets' => $model->assets->count(),
'depreciation' => (($model->depreciation) && ($model->depreciation->id > 0)) ? $model->depreciation->name.' ('.$model->depreciation->months.')' : trans('general.no_depreciation'),
'category' => ($model->category) ? (string)link_to('admin/settings/categories/'.$model->category->id.'/view', $model->category->name) : '',
'category' => ($model->category) ? (string)link_to_route('categories.show', $model->category->name, ['category' => $model->category->id]) : '',
'eol' => ($model->eol) ? $model->eol.' '.trans('general.months') : '',
'note' => $model->getNote(),
'fieldset' => ($model->fieldset) ? (string)link_to('admin/custom_fields/'.$model->fieldset->id, $model->fieldset->name) : '',
'fieldset' => ($model->fieldset) ? (string)link_to_route('custom_fields/model', $model->fieldset->name, ['model' => $model->fieldset->id]) : '',
'actions' => $actions
);
}
@ -480,32 +478,24 @@ class AssetModelsController extends Controller
/**
* Get the asset information to present to the model view detail page
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v2.0]
* @param int $modelId
* @return String JSON
*/
public function getDataView($modelID)
* Get the asset information to present to the model view detail page
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v2.0]
* @param Request $request
* @param $modelID
* @return String JSON
* @internal param int $modelId
*/
public function getDataView(Request $request, $modelID)
{
$assets = Asset::where('model_id', '=', $modelID)->with('company', 'assetstatus');
if (Input::has('search')) {
$assets = $assets->TextSearch(e($request->input('search')));
}
if (Input::has('offset')) {
$offset = e($request->input('offset'));
} else {
$offset = 0;
}
if (Input::has('limit')) {
$limit = e($request->input('limit'));
} else {
$limit = 50;
}
$offset = request('offset',0);
$limit = request('limit', 50);
$allowed_columns = ['name', 'serial','asset_tag'];
@ -535,10 +525,10 @@ class AssetModelsController extends Controller
$rows[] = array(
'id' => $asset->id,
'name' => (string)link_to('/hardware/'.$asset->id.'/view', $asset->showAssetName()),
'asset_tag' => (string)link_to('hardware/'.$asset->id.'/view', $asset->asset_tag),
'name' => (string)link_to_route('hardware.show', $asset->showAssetName(), ['asset' => $asset->id]),
'asset_tag' => (string)link_to_route('hardware.show', $asset->asset_tag, ['asset' => $asset->id]),
'serial' => $asset->serial,
'assigned_to' => ($asset->assigned_to) ? (string)link_to('/admin/users/'.$asset->assigned_to.'/view', $asset->assigneduser->fullName()) : '',
'assigned_to' => ($asset->assigned_to) ? (string)link_to_route('users.show', $asset->assigneduser->fullName(), ['asset' =>$asset->assigned_to]) : '',
'actions' => $actions,
'companyName' => Company::getName($asset)
);

195
app/Http/Controllers/AssetsController.php
View file

@ -2,10 +2,10 @@
namespace App\Http\Controllers;
use App\Helpers\Helper;
use App\Http\Requests\AssetRequest;
use App\Http\Requests\AssetFileRequest;
use App\Http\Requests\AssetCheckinRequest;
use App\Http\Requests\AssetCheckoutRequest;
use App\Http\Requests\AssetFileRequest;
use App\Http\Requests\AssetRequest;
use App\Models\Actionlog;
use App\Models\Asset;
use App\Models\AssetMaintenance;
@ -14,20 +14,23 @@ use App\Models\Company;
use App\Models\CustomField;
use App\Models\Depreciation;
use App\Models\Location;
use App\Models\Manufacturer; //for embedded-create
use App\Models\Manufacturer;
use App\Models\Setting;
use App\Models\Statuslabel;
use App\Models\Supplier;
use App\Models\User;
use Validator;
use Artisan;
use Auth;
use Carbon\Carbon;
use Config;
use League\Csv\Reader;
use DB;
use Gate;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Http\Request;
use Image;
use Input;
use Lang;
use League\Csv\Reader;
use Log;
use Mail;
use Paginator;
@ -35,13 +38,11 @@ use Redirect;
use Response;
use Slack;
use Str;
use Illuminate\Http\Request;
use Symfony\Component\Console\Output\BufferedOutput;
use Symfony\Component\HttpFoundation\JsonResponse;
use TCPDF;
use Validator;
use View;
use Carbon\Carbon;
use Gate;
/**
* This class controls all actions related to assets for
@ -73,6 +74,7 @@ class AssetsController extends Controller
*/
public function index()
{
$this->authorize('index', Asset::class);
return View::make('hardware/index');
}
@ -90,10 +92,11 @@ class AssetsController extends Controller
} else {
$topsearch = false;
}
if ($asset = Asset::where('asset_tag', '=', Input::get('assetTag'))->first()) {
return redirect()->route('hardware.show', $asset->id)->with('topsearch', $topsearch);
if (!$asset = Asset::where('asset_tag', '=', Input::get('assetTag'))->first()) {
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
}
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
$this->authorize('view', $asset);
return redirect()->route('hardware.show', $asset->id)->with('topsearch', $topsearch);
}
@ -106,28 +109,19 @@ class AssetsController extends Controller
*/
public function create($model_id = null)
{
$this->authorize('create', Asset::class);
// Grab the dropdown lists
$model_list = Helper::modelList();
$statuslabel_list = Helper::statusLabelList();
$location_list = Helper::locationsList();
$manufacturer_list = Helper::manufacturerList();
$category_list = Helper::categoryList('asset');
$supplier_list = Helper::suppliersList();
$company_list = Helper::companyList();
$assigned_to = Helper::usersList();
$statuslabel_types = Helper::statusTypeList();
$view = View::make('hardware/edit');
$view->with('supplier_list', $supplier_list);
$view->with('company_list', $company_list);
$view->with('model_list', $model_list);
$view->with('statuslabel_list', $statuslabel_list);
$view->with('assigned_to', $assigned_to);
$view->with('location_list', $location_list);
$view->with('supplier_list', Helper::suppliersList());
$view->with('company_list', Helper::companyList());
$view->with('model_list', Helper::modelList());
$view->with('statuslabel_list', Helper::statusLabelList());
$view->with('assigned_to', Helper::usersList());
$view->with('location_list', Helper::locationsList());
$view->with('item', new Asset);
$view->with('manufacturer', $manufacturer_list);
$view->with('category', $category_list);
$view->with('statuslabel_types', $statuslabel_types);
$view->with('manufacturer', Helper::manufacturerList());
$view->with('category', Helper::categoryList('asset'));
$view->with('statuslabel_types', Helper::statusTypeList());
if (!is_null($model_id)) {
$selected_model = AssetModel::find($model_id);
@ -146,6 +140,7 @@ class AssetsController extends Controller
*/
public function store(AssetRequest $request)
{
$this->authorize(Asset::class);
// create a new model instance
$asset = new Asset();
$asset->model()->associate(AssetModel::find(e(Input::get('model_id'))));
@ -288,14 +283,12 @@ class AssetsController extends Controller
*/
public function edit($assetId = null)
{
// Check if the asset exists
if (!$item = Asset::find($assetId)) {
// Redirect to the asset management page
// Redirect to the asset management page with error
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($item)) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
}
//Handles company checks and permissions.
$this->authorize($item);
// Grab the dropdown lists
$model_list = Helper::modelList();
@ -330,16 +323,15 @@ class AssetsController extends Controller
* @return Redirect
*/
public function postEdit(AssetRequest $request, $assetId = null)
public function update(AssetRequest $request, $assetId = null)
{
// Check if the asset exists
if (!$asset = Asset::find($assetId)) {
// Redirect to the asset management page with error
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($asset)) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize($asset);
if ($request->has('status_id')) {
$asset->status_id = e($request->input('status_id'));
@ -477,10 +469,10 @@ class AssetsController extends Controller
if (is_null($asset = Asset::find($assetId))) {
// Redirect to the asset management page with error
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($asset)) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('delete', $asset);
DB::table('assets')
->where('id', $asset->id)
->update(array('assigned_to' => null));
@ -511,10 +503,10 @@ class AssetsController extends Controller
if (is_null($asset = Asset::find(e($assetId)))) {
// Redirect to the asset management page with error
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($asset)) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkout', $asset);
// Get the dropdown of users and then pass it to the checkout view
$users_list = Helper::usersList();
@ -536,11 +528,10 @@ class AssetsController extends Controller
// Check if the asset exists
if (!$asset = Asset::find($assetId)) {
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($asset)) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
} elseif (!$asset->availableForCheckout()) {
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.checkout.not_available'));
}
$this->authorize('checkout', $asset);
$user = User::find(e(Input::get('assigned_to')));
$admin = Auth::user();
@ -583,9 +574,9 @@ class AssetsController extends Controller
if (is_null($asset = Asset::find($assetId))) {
// Redirect to the asset management page with error
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($asset)) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkin', $asset);
$statusLabel_list = Helper::statusLabelList();
return View::make('hardware/checkin', compact('asset'))->with('statusLabel_list', $statusLabel_list)->with('backto', $backto);
}
@ -605,10 +596,10 @@ class AssetsController extends Controller
if (is_null($asset = Asset::find($assetId))) {
// Redirect to the asset management page with error
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($asset)) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkin', $asset);
$admin = Auth::user();
if (!is_null($asset->assigned_to)) {
@ -659,7 +650,11 @@ class AssetsController extends Controller
'fields' => [
[
'title' => 'Checked In:',
'value' => class_basename(strtoupper($logaction->item_type)).' asset <'.url('/').'/hardware/'.$asset->id.'/view'.'|'.e($asset->showAssetName()).'> checked in by <'.url('/').'/admin/users/'.Auth::user()->id.'/view'.'|'.e(Auth::user()->fullName()).'>.'
'value' => class_basename(
strtoupper($logaction->item_type))
.' asset <'.route('hardware.show', $asset->id).'|'.e($asset->showAssetName())
.'> checked in by <'.route('users.show',Auth::user()->id)
.'|'.e(Auth::user()->fullName()).'>.'
],
[
'title' => 'Note:',
@ -716,10 +711,8 @@ class AssetsController extends Controller
{
$asset = Asset::withTrashed()->find($assetId);
$settings = Setting::getSettings();
if (!Company::isCurrentUserHasAccess($asset)) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
} elseif ($asset->userloc) {
$this->authorize('view', $asset);
if ($asset->userloc) {
$use_currency = $asset->userloc->currency;
} elseif ($asset->assetloc) {
$use_currency = $asset->assetloc->currency;
@ -830,7 +823,7 @@ class AssetsController extends Controller
*/
public function getImportUpload()
{
$this->authorize('create', Asset::class);
$path = config('app.private_uploads').'/imports/assets';
$files = array();
@ -930,10 +923,7 @@ class AssetsController extends Controller
public function getDeleteImportFile($filename)
{
if (!Company::isCurrentUserAuthorized()) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('create', Asset::class);
if (unlink(config('app.private_uploads').'/imports/assets/'.$filename)) {
return redirect()->back()->with('success', trans('admin/hardware/message.import.file_delete_success'));
}
@ -956,9 +946,7 @@ class AssetsController extends Controller
$itemType = Input::get('import-type');
$updateItems = Input::get('import-update');
if (!Company::isCurrentUserAuthorized()) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('create', Asset::class);
$importOptions = ['filename'=> config('app.private_uploads').'/imports/assets/'.$filename,
'--email_format'=>'firstname.lastname',
'--username_format'=>'firstname.lastname',
@ -1011,10 +999,10 @@ class AssetsController extends Controller
if (is_null($asset_to_clone = Asset::find($assetId))) {
// Redirect to the asset management page
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($asset_to_clone)) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('create',$asset_to_clone);
// Grab the dropdown lists
$model_list = Helper::modelList();
$statuslabel_list = Helper::statusLabelList();
@ -1056,7 +1044,7 @@ class AssetsController extends Controller
*/
public function getImportHistory()
{
$this->authorize('checkout', Asset::class);
return View::make('hardware/history');
}
@ -1230,12 +1218,10 @@ class AssetsController extends Controller
public function getRestore($assetId = null)
{
// Get user information
// Get asset information
$asset = Asset::withTrashed()->find($assetId);
if (!Company::isCurrentUserHasAccess($asset)) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
} elseif (isset($asset->id)) {
$this->authorize('delete', $asset);
if (isset($asset->id)) {
// Restore the asset
Asset::withTrashed()->where('id', $assetId)->restore();
@ -1262,6 +1248,7 @@ class AssetsController extends Controller
if (!$asset = Asset::find($assetId)) {
return redirect()->route('hardware')->with('error', trans('admin/hardware/message.does_not_exist'));
}
$this->authorize('update', $asset);
$destinationPath = config('app.private_uploads').'/assets';
@ -1309,6 +1296,7 @@ class AssetsController extends Controller
public function getDeleteFile($assetId = null, $fileId = null)
{
$asset = Asset::find($assetId);
$this->authorize('update', $asset);
$destinationPath = config('app.private_uploads').'/imports/assets';
// the asset is valid
@ -1351,9 +1339,9 @@ class AssetsController extends Controller
{
$asset = Asset::find($assetId);
// the asset is valid
if (isset($asset->id)) {
$this->authorize('view', $asset);
if (!Company::isCurrentUserHasAccess($asset)) {
@ -1394,7 +1382,7 @@ class AssetsController extends Controller
*/
public function postBulkEdit($assets = null)
{
$this->authorize('update', Asset::class);
if (!Company::isCurrentUserAuthorized()) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
@ -1430,6 +1418,9 @@ class AssetsController extends Controller
$assets = Asset::with('assigneduser', 'assetloc')->find($asset_ids);
$assets->each(function($asset) {
$this->authorize('delete',$asset);
});
return View::make('hardware/bulk-delete')->with('assets', $assets);
// Bulk edit
@ -1474,10 +1465,8 @@ class AssetsController extends Controller
public function postBulkSave($assets = null)
{
if (!Company::isCurrentUserAuthorized()) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
} elseif (Input::has('bulk_edit')) {
$this->authorize('update', Asset::class);
if (Input::has('bulk_edit')) {
$assets = Input::get('bulk_edit');
@ -1577,10 +1566,8 @@ class AssetsController extends Controller
*/
public function postBulkDelete($assets = null)
{
if (!Company::isCurrentUserAuthorized()) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
} elseif (Input::has('bulk_edit')) {
$this->authorize('delete', Asset::class);
if (Input::has('bulk_edit')) {
//$assets = Input::get('bulk_edit');
$assets = Asset::find(Input::get('bulk_edit'));
//print_r($assets);
@ -1631,7 +1618,7 @@ class AssetsController extends Controller
public function getDatatable(Request $request, $status = null)
{
$this->authorize('index', Asset::class);
$assets = Company::scopeCompanyables(Asset::select('assets.*'))->with('model', 'assigneduser', 'assigneduser.userloc', 'assetstatus', 'defaultLoc', 'assetlog', 'model', 'model.category', 'model.manufacturer', 'model.fieldset', 'assetstatus', 'assetloc', 'company')
->Hardware();
@ -1756,15 +1743,15 @@ class AssetsController extends Controller
$inout = '';
$actions = '<div style="white-space: nowrap;">';
if ($asset->deleted_at=='') {
if (Gate::allows('assets.create')) {
if (Gate::allows('create', $asset)) {
$actions .= '<a href="' . route('clone/hardware',
$asset->id) . '" class="btn btn-info btn-sm" title="Clone asset" data-toggle="tooltip"><i class="fa fa-clone"></i></a> ';
}
if (Gate::allows('assets.edit')) {
if (Gate::allows('update', $asset)) {
$actions .= '<a href="' . route('hardware.edit',
$asset->id) . '" class="btn btn-warning btn-sm" title="Edit asset" data-toggle="tooltip"><i class="fa fa-pencil icon-white"></i></a> ';
}
if (Gate::allows('assets.delete')) {
if (Gate::allows('delete', $asset)) {
$actions .= '<a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="' . route('hardware.destroy',
$asset->id) . '" data-content="' . trans('admin/hardware/message.delete.confirm') . '" data-title="' . trans('general.delete') . ' ' . htmlspecialchars($asset->asset_tag) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>';
}
@ -1776,13 +1763,13 @@ class AssetsController extends Controller
if (($asset->availableForCheckout()))
{
if (Gate::allows('assets.checkout')) {
if (Gate::allows('checkout', $asset)) {
$inout = '<a href="' . route('checkout/hardware',
$asset->id) . '" class="btn btn-info btn-sm" title="Checkout this asset to a user" data-toggle="tooltip">' . trans('general.checkout') . '</a>';
}
} else {
if (Gate::allows('assets.checkin')) {
if (Gate::allows('checkin', $asset)) {
$inout = '<a href="' . route('checkin/hardware',
$asset->id) . '" class="btn btn-primary btn-sm" title="Checkin this asset" data-toggle="tooltip">' . trans('general.checkin') . '</a>';
}
@ -1792,18 +1779,30 @@ class AssetsController extends Controller
$row = array(
'checkbox' =>'<div class="text-center"><input type="checkbox" name="edit_asset['.$asset->id.']" class="one_required"></div>',
'id' => $asset->id,
'image' => (($asset->image) && ($asset->image!='')) ? '<img src="'.url('/').'/uploads/assets/'.$asset->image.'" height=50 width=50>' : ((($asset->model) && ($asset->model->image!='')) ? '<img src="'.url('/').'/uploads/models/'.$asset->model->image.'" height=40 width=50>' : ''),
'name' => '<a title="'.e($asset->name).'" href="hardware/'.$asset->id.'/view">'.e($asset->name).'</a>',
'asset_tag' => '<a title="'.e($asset->asset_tag).'" href="hardware/'.$asset->id.'/view">'.e($asset->asset_tag).'</a>',
'id' => $asset->id,
'image' => (($asset->image) && ($asset->image!=''))
? '<img src="'.url('/').'/uploads/assets/'.$asset->image.'" height=50 width=50>'
: ((($asset->model) && ($asset->model->image!=''))
? '<img src="'.url('/').'/uploads/models/'.$asset->model->image.'" height=40 width=50>'
: ''
),
'name' => (string) link_to_route('hardware.show', e($asset->name), $asset->id),
'asset_tag' => (string) link_to_route('hardware.show', e($asset->asset_tag), $asset->id),
'serial' => e($asset->serial),
'model' => ($asset->model) ? (string)link_to('/hardware/models/'.$asset->model->id.'/view', e($asset->model->name)) : 'No model',
'model' => ($asset->model) ? (string)link_to_route('models.show', e($asset->model->name), ['model' => $asset->model->id]) : 'No model',
'model_number' => ($asset->model && $asset->model->model_number) ? (string)$asset->model->model_number : '',
'status_label' => ($asset->assigneduser) ? 'Deployed' : ((e($asset->assetstatus)) ? e($asset->assetstatus->name) : ''),
'assigned_to' => ($asset->assigneduser) ? (string)link_to(url('/').'/admin/users/'.$asset->assigned_to.'/view', e($asset->assigneduser->fullName())) : '',
'location' => (($asset->assigneduser) && ($asset->assigneduser->userloc!='')) ? (string)link_to('admin/settings/locations/'.$asset->assigneduser->userloc->id.'/view', e($asset->assigneduser->userloc->name)) : (($asset->defaultLoc!='') ? (string)link_to('admin/settings/locations/'.$asset->defaultLoc->id.'/view', e($asset->defaultLoc->name)) : ''),
'category' => (($asset->model) && ($asset->model->category)) ?(string)link_to('/admin/settings/categories/'.$asset->model->category->id.'/view', e($asset->model->category->name)) : '',
'manufacturer' => (($asset->model) && ($asset->model->manufacturer)) ? (string)link_to('/admin/settings/manufacturers/'.$asset->model->manufacturer->id.'/view', e($asset->model->manufacturer->name)) : '',
'status_label' => ($asset->assigneduser) ? 'Deployed' : ((e($asset->assetstatus)) ? e($asset->assetstatus->name) : ''),
'assigned_to' => ($asset->assigneduser) ? (string)link_to_route('users.show', e($asset->assigneduser->fullName()), ['user' => $asset->assigned_to]) : '',
'location' => (($asset->assigneduser) && ($asset->assigneduser->userloc!=''))
? (string)link_to_route('locations.show', e($asset->assigneduser->userloc->name), ['location' => $asset->assigneduser->userloc->id])
: (($asset->defaultLoc!='')
? (string)link_to_route('locations.show', e($asset->defaultLoc->name), ['location' => $asset->defaultLoc->id])
: ''
),
'category' => (($asset->model) && ($asset->model->category)) ?(string)link_to_route('categories.show', e($asset->model->category->name), ['category' => $asset->model->category->id]) : '',
'manufacturer' => (($asset->model) && ($asset->model->manufacturer))
? (string)link_to_route('manufacturers.show', e($asset->model->manufacturer->name), ['manufacturer' => $asset->model->manufacturer->id])
: '',
'eol' => ($asset->eol_date()) ? $asset->eol_date() : '',
'purchase_cost' => $purchase_cost,
'purchase_date' => ($asset->purchase_date) ? $asset->purchase_date : '',
@ -1811,7 +1810,7 @@ class AssetsController extends Controller
'order_number' => ($asset->order_number!='') ? '<a href="'.url('/').'/hardware?order_number='.e($asset->order_number).'">'.e($asset->order_number).'</a>' : '',
'last_checkout' => ($asset->last_checkout!='') ? e($asset->last_checkout) : '',
'expected_checkin' => ($asset->expected_checkin!='') ? e($asset->expected_checkin) : '',
'created_at' => ($asset->created_at!='') ? e($asset->created_at->format('F j, Y h:iA')) : '',
'created_at' => ($asset->created_at!='') ? e($asset->created_at->format('F j, Y h:iA')) : '',
'change' => ($inout) ? $inout : '',
'actions' => ($actions) ? $actions : '',
'companyName' => is_null($asset->company) ? '' : e($asset->company->name)
@ -1856,6 +1855,7 @@ class AssetsController extends Controller
public function getBulkCheckout()
{
$this->authorize('checkout', Asset::class);
// Get the dropdown of users and then pass it to the checkout view
$users_list = Helper::usersList();
// Filter out assets that are not deployable.
@ -1868,7 +1868,6 @@ class AssetsController extends Controller
public function postBulkCheckout(Request $request)
{
$this->validate($request, [
"assigned_to" => 'required'
]);
@ -1897,7 +1896,7 @@ class AssetsController extends Controller
foreach($asset_ids as $asset_id)
{
$asset = Asset::find($asset_id);
$this->authorize('checkout', $asset);
$error = $asset->checkOutToUser($user, $admin, $checkout_at, $expected_checkin, e(Input::get('note')), null);
if($error)

31
app/Http/Controllers/CategoriesController.php
View file

@ -338,11 +338,11 @@ class CategoriesController extends Controller
}
if ($asset->availableForCheckout()) {
if (Gate::allows('assets.checkout')) {
if (Gate::allows('checkout', $asset)) {
$inout = '<a href="'.route('checkout/hardware', $asset->id).'" class="btn btn-info btn-sm">'.trans('general.checkout').'</a>';
}
} else {
if (Gate::allows('assets.checkin')) {
if (Gate::allows('checkin', $asset)) {
$inout = '<a href="'.route('checkin/hardware', $asset->id).'" class="btn btn-primary btn-sm">'.trans('general.checkin').'</a>';
}
}
@ -350,10 +350,10 @@ class CategoriesController extends Controller
$rows[] = array(
'id' => $asset->id,
'name' => (string)link_to_route('hardware.show', $asset->showAssetName(), ['hardware' => $asset->id]),
'model' => ($asset->model) ? (string)link_to('hardware/models/'.$asset->model->id.'/view', $asset->model->name) : '',
'model' => ($asset->model) ? (string)link_to_route('models.show', $asset->model->name, ['model' => $asset->model->id]) : '',
'asset_tag' => $asset->asset_tag,
'serial' => $asset->serial,
'assigned_to' => ($asset->assigneduser) ? (string)link_to('/admin/users/'.$asset->assigneduser->id.'/view', $asset->assigneduser->fullName()): '',
'assigned_to' => ($asset->assigneduser) ? (string)link_to_route('users.show', $asset->assigneduser->fullName(), ['user' => $asset->assigneduser->id]): '',
'change' => $inout,
'actions' => $actions,
'companyName' => is_null($asset->company) ? '' : e($asset->company->name)
@ -420,7 +420,12 @@ class CategoriesController extends Controller
}
public function getDataViewConsumables($categoryID)
/**
* @param $categoryID
* @param Request $request
* @return array
*/
public function getDataViewConsumables($categoryID, Request $request)
{
$category = Category::with('accessories.company')->find($categoryID);
@ -429,18 +434,8 @@ class CategoriesController extends Controller
if (Input::has('search')) {
$category_assets = $category_assets->TextSearch(e($request->input('search')));
}
if (Input::has('offset')) {
$offset = e($request->input('offset'));
} else {
$offset = 0;
}
if (Input::has('limit')) {
$limit = e($request->input('limit'));
} else {
$limit = 50;
}
$offset = request('offset', 0);
$limit = request('limit', 50);
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
@ -463,7 +458,7 @@ class CategoriesController extends Controller
$rows[] = array(
'id' => $asset->id,
'name' => (string) link_to_route('view/consumable', $asset->name, [$asset->id]),
'name' => (string) link_to_route('consumables.show', $asset->name, [$asset->id]),
'actions' => $actions,
'companyName' => Company::getName($asset),
);

64
app/Http/Controllers/ComponentsController.php
View file

@ -41,6 +41,7 @@ class ComponentsController extends Controller
*/
public function index()
{
$this->authorize('view', Component::class);
return View::make('components/index');
}
@ -55,6 +56,7 @@ class ComponentsController extends Controller
*/
public function create()
{
$this->authorize('create', Component::class);
// Show the page
$category_list = Helper::categoryList('component');
$company_list = Helper::companyList();
@ -78,7 +80,7 @@ class ComponentsController extends Controller
*/
public function store()
{
$this->authorize('create', Component::class);
// create a new model instance
$component = new Component();
@ -133,10 +135,10 @@ class ComponentsController extends Controller
if (is_null($item = Component::find($componentId))) {
// Redirect to the blogs management page
return redirect()->route('components.index')->with('error', trans('admin/components/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($item)) {
return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('update', $item);
$category_list = Helper::categoryList('component');
$company_list = Helper::companyList();
$location_list = Helper::locationsList();
@ -163,10 +165,10 @@ class ComponentsController extends Controller
if (is_null($component = Component::find($componentId))) {
// Redirect to the blogs management page
return redirect()->route('components.index')->with('error', trans('admin/components/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($component)) {
return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('update', $component);
// Update the component data
$component->name = e(Input::get('name'));
@ -211,10 +213,10 @@ class ComponentsController extends Controller
{
if (is_null($component = Component::find($componentId))) {
return redirect()->route('components.index')->with('error', trans('admin/components/message.not_found'));
} elseif (!Company::isCurrentUserHasAccess($component)) {
return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('delete', $component);
$component->delete();
return redirect()->route('components.index')->with('success', trans('admin/components/message.delete.success'));
@ -222,11 +224,13 @@ class ComponentsController extends Controller
public function postBulk($componentId = null)
{
//$this->authorize('checkout', $component)
echo 'Stubbed - not yet complete';
}
public function postBulkSave($componentId = null)
{
//$this->authorize('edit', Component::class);
echo 'Stubbed - not yet complete';
}
@ -247,19 +251,15 @@ class ComponentsController extends Controller
if (isset($component->id)) {
if (!Company::isCurrentUserHasAccess($component)) {
return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
} else {
return View::make('components/view', compact('component'));
}
} else {
// Prepare the error message
$error = trans('admin/components/message.does_not_exist', compact('id'));
$this->authorize('view', $component);
// Redirect to the user management page
return redirect()->route('components')->with('error', $error);
return View::make('components/view', compact('component'));
}
// Prepare the error message
$error = trans('admin/components/message.does_not_exist', compact('id'));
// Redirect to the user management page
return redirect()->route('components')->with('error', $error);
}
@ -278,10 +278,10 @@ class ComponentsController extends Controller
if (is_null($component = Component::find($componentId))) {
// Redirect to the component management page with error
return redirect()->route('components.index')->with('error', trans('admin/components/message.not_found'));
} elseif (!Company::isCurrentUserHasAccess($component)) {
return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkout', $component);
// Get the dropdown of assets and then pass it to the checkout view
$assets_list = Helper::detailedAssetList();
@ -300,17 +300,13 @@ class ComponentsController extends Controller
*/
public function postCheckout(Request $request, $componentId)
{
// Check if the component exists
if (is_null($component = Component::find($componentId))) {
// Redirect to the component management page with error
return redirect()->route('components.index')->with('error', trans('admin/components/message.not_found'));
} elseif (!Company::isCurrentUserHasAccess($component)) {
return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkout', $component);
$max_to_checkout = $component->numRemaining();
$validator = Validator::make($request->all(),[
@ -363,7 +359,10 @@ class ComponentsController extends Controller
'fields' => [
[
'title' => 'Checked Out:',
'value' => class_basename(strtoupper($logaction->item_type)).' <'.route('components.show', ['component' => $component->id]).'|'.$component->name.'> checked out to <'.url('/').'/hardware/'.$asset->id.'|'.$asset->showAssetName().'> by <'.url('/').'/admin/users/'.$admin_user->id.'/view'.'|'.$admin_user->fullName().'>.'
'value' => class_basename(strtoupper($logaction->item_type))
.' <'.route('components.show', ['component' => $component->id]).'|'.$component->name
.'> checked out to <'.route('hardware.show', $asset->id).'|'.$asset->showAssetName()
.'> by <'.route('users.show', $admin_user->id).'|'.$admin_user->fullName().'>.'
],
[
'title' => 'Note:',
@ -395,6 +394,7 @@ class ComponentsController extends Controller
**/
public function getDatatable()
{
$this->authorize('view', Component::class);
$components = Company::scopeCompanyables(Component::select('components.*')->whereNull('components.deleted_at')
->with('company', 'location', 'category'));
@ -440,17 +440,17 @@ class ComponentsController extends Controller
foreach ($components as $component) {
$actions = '<nobr>';
if (Gate::allows('components.checkout')) {
if (Gate::allows('checkout', $component)) {
$actions .= '<a href="' . route('checkout/component',
$component->id) . '" style="margin-right:5px;" class="btn btn-info btn-sm ' . (($component->numRemaining() > 0) ? '' : ' disabled') . '" ' . (($component->numRemaining() > 0) ? '' : ' disabled') . '>' . trans('general.checkout') . '</a>';
}
if (Gate::allows('components.edit')) {
if (Gate::allows('edit', $component)) {
$actions .= '<a href="' . route('components.edit',
$component->id) . '" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a>';
}
if (Gate::allows('components.delete')) {
if (Gate::allows('delete', $component)) {
$actions .= '<a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="' . route('components.destroy',
$component->id) . '" data-content="' . trans('admin/components/message.delete.confirm') . '" data-title="' . trans('general.delete') . ' ' . htmlspecialchars($component->name) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>';
}
@ -493,13 +493,15 @@ class ComponentsController extends Controller
*/
public function getDataView($componentId)
{
//$component = Component::find($componentID);
$component = Component::with('assets')->find($componentId);
if (is_null($component = Component::with('assets')->find($componentId))) {
// Redirect to the component management page with error
return redirect()->route('components.index')->with('error', trans('admin/components/message.not_found'));
}
if (!Company::isCurrentUserHasAccess($component)) {
return ['total' => 0, 'rows' => []];
}
$this->authorize('view', $component);
$rows = array();

68
app/Http/Controllers/ConsumablesController.php
View file

@ -38,6 +38,7 @@ class ConsumablesController extends Controller
*/
public function index()
{
$this->authorize('index', Consumable::class);
return View::make('consumables/index');
}
@ -52,6 +53,7 @@ class ConsumablesController extends Controller
*/
public function create()
{
$this->authorize('create', Consumable::class);
// Show the page
$category_list = Helper::categoryList('consumable');
$company_list = Helper::companyList();
@ -77,6 +79,7 @@ class ConsumablesController extends Controller
*/
public function store()
{
$this->authorize('create', Consumable::class);
$consumable = new Consumable();
$consumable->name = e(Input::get('name'));
$consumable->category_id = e(Input::get('category_id'));
@ -130,10 +133,10 @@ class ConsumablesController extends Controller
if (is_null($item = Consumable::find($consumableId))) {
// Redirect to the blogs management page
return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($item)) {
return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize($item);
$category_list = Helper::categoryList('consumable');
$company_list = Helper::companyList();
$location_list = Helper::locationsList();
@ -160,10 +163,10 @@ class ConsumablesController extends Controller
{
if (is_null($consumable = Consumable::find($consumableId))) {
return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($consumable)) {
return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize($consumable);
$consumable->name = e(Input::get('name'));
$consumable->category_id = e(Input::get('category_id'));
$consumable->location_id = e(Input::get('location_id'));
@ -210,14 +213,14 @@ class ConsumablesController extends Controller
if (is_null($consumable = Consumable::find($consumableId))) {
// Redirect to the blogs management page
return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.not_found'));
} elseif (!Company::isCurrentUserHasAccess($consumable)) {
return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
}
$consumable->delete();
$this->authorize($consumable);
// Redirect to the locations management page
return redirect()->route('consumables.index')->with('success', trans('admin/consumables/message.delete.success'));
$consumable->delete();
// Redirect to the locations management page
return redirect()->route('consumables.index')->with('success', trans('admin/consumables/message.delete.success'));
}
@ -235,24 +238,15 @@ class ConsumablesController extends Controller
public function show($consumableId = null)
{
$consumable = Consumable::find($consumableId);
$this->authorize($consumable);
if (isset($consumable->id)) {
if (!Company::isCurrentUserHasAccess($consumable)) {
return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
} else {
return View::make('consumables/view', compact('consumable'));
}
} else {
// Prepare the error message
$error = trans('admin/consumables/message.does_not_exist', compact('id'));
// Redirect to the user management page
return redirect()->route('consumables')->with('error', $error);
return View::make('consumables/view', compact('consumable'));
}
// Prepare the error message
$error = trans('admin/consumables/message.does_not_exist', compact('id'));
// Redirect to the user management page
return redirect()->route('consumables')->with('error', $error);
}
/**
@ -270,9 +264,8 @@ class ConsumablesController extends Controller
if (is_null($consumable = Consumable::find($consumableId))) {
// Redirect to the consumable management page with error
return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.not_found'));
} elseif (!Company::isCurrentUserHasAccess($consumable)) {
return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkout', $consumable);
// Get the dropdown of users and then pass it to the checkout view
$users_list = Helper::usersList();
@ -296,10 +289,10 @@ class ConsumablesController extends Controller
if (is_null($consumable = Consumable::find($consumableId))) {
// Redirect to the consumable management page with error
return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.not_found'));
} elseif (!Company::isCurrentUserHasAccess($consumable)) {
return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkout', $consumable);
$admin_user = Auth::user();
$assigned_to = e(Input::get('assigned_to'));
@ -337,7 +330,9 @@ class ConsumablesController extends Controller
'fields' => [
[
'title' => 'Checked Out:',
'value' => 'Consumable <'.url('/').'/admin/consumables/'.$consumable->id.'/view'.'|'.$consumable->name.'> checked out to <'.url('/').'/admin/users/'.$user->id.'/view|'.$user->fullName().'> by <'.url('/').'/admin/users/'.$admin_user->id.'/view'.'|'.$admin_user->fullName().'>.'
'value' => 'Consumable <'.route('consumables.show', $consumable->id).'|'.$consumable->name
.'> checked out to <'.route('users.show', $user->id).'|'.$user->fullName()
.'> by <'.route('users.show', $admin_user->id).'|'.$admin_user->fullName().'>.'
],
[
'title' => 'Note:',
@ -390,6 +385,7 @@ class ConsumablesController extends Controller
*/
public function getDatatable()
{
$this->authorize('index', Consumable::class);
$consumables = Company::scopeCompanyables(
Consumable::select('consumables.*')
->whereNull('consumables.deleted_at')
@ -441,16 +437,16 @@ class ConsumablesController extends Controller
foreach ($consumables as $consumable) {
$actions = '<nobr>';
if (Gate::allows('consumables.checkout')) {
if (Gate::allows('checkout', $consumable)) {
$actions .= '<a href="' . route('checkout/consumable',
$consumable->id) . '" style="margin-right:5px;" class="btn btn-info btn-sm" ' . (($consumable->numRemaining() > 0) ? '' : ' disabled') . '>' . trans('general.checkout') . '</a>';
}
if (Gate::allows('consumables.edit')) {
if (Gate::allows('update', $consumable)) {
$actions .= '<a href="' . route('consumables.edit',
$consumable->id) . '" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a>';
}
if (Gate::allows('consumables.delete')) {
if (Gate::allows('delete', $consumable)) {
$actions .= '<a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="' . route('consumables.destroy',
$consumable->id) . '" data-content="' . trans('admin/consumables/message.delete.confirm') . '" data-title="' . trans('general.delete') . ' ' . htmlspecialchars($consumable->name) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>';
}
@ -461,14 +457,14 @@ class ConsumablesController extends Controller
$rows[] = array(
'id' => $consumable->id,
'name' => (string)link_to('admin/consumables/'.$consumable->id.'/view', e($consumable->name)),
'name' => (string)link_to_route('consumables.show', e($consumable->name), ['consumable' => $consumable->id]),
'location' => ($consumable->location) ? e($consumable->location->name) : '',
'min_amt' => e($consumable->min_amt),
'qty' => e($consumable->qty),
'manufacturer' => ($consumable->manufacturer) ? (string) link_to('/admin/settings/manufacturers/'.$consumable->manufacturer_id.'/view', $consumable->manufacturer->name): '',
'manufacturer' => ($consumable->manufacturer) ? (string) link_to_route('manufacturers.show', $consumable->manufacturer->name, ['manufacturer' => $consumable->manufacturer_id]): '',
'model_number' => e($consumable->model_number),
'item_no' => e($consumable->item_no),
'category' => ($consumable->category) ? (string) link_to('/admin/settings/categories/'.$consumable->category_id.'/view', $consumable->category->name) : 'Missing category',
'category' => ($consumable->category) ? (string) link_to_route('categories.show', $consumable->category->name, ['category' => $consumable->category_id]) : 'Missing category',
'order_number' => e($consumable->order_number),
'purchase_date' => e($consumable->purchase_date),
'purchase_cost' => Helper::formatCurrencyOutput($consumable->purchase_cost),
@ -516,7 +512,7 @@ class ConsumablesController extends Controller
foreach ($consumable->consumableAssigments as $consumable_assignment) {
$rows[] = array(
'name' => (string)link_to('/admin/users/'.$consumable_assignment->user->id.'/view', e($consumable_assignment->user->fullName())),
'name' => (string)link_to_route('users.show', e($consumable_assignment->user->fullName()), ['user' => $consumable_assignment->user->id]),
'created_at' => ($consumable_assignment->created_at->format('Y-m-d H:i:s')=='-0001-11-30 00:00:00') ? '' : $consumable_assignment->created_at->format('Y-m-d H:i:s'),
'admin' => ($consumable_assignment->admin) ? e($consumable_assignment->admin->fullName()) : '',
);

19
app/Http/Controllers/DepreciationsController.php
View file

@ -104,14 +104,15 @@ class DepreciationsController extends Controller
/**
* Validates and stores the updated depreciation data.
*
* @author [A. Gianotto] [<snipe@snipe.net]
* @see DepreciationsController::getEdit()
* @param int $depreciationId
* @since [v1.0]
* @return Redirect
*/
* Validates and stores the updated depreciation data.
*
* @author [A. Gianotto] [<snipe@snipe.net]
* @see DepreciationsController::getEdit()
* @param Request $request
* @param int $depreciationId
* @return Redirect
* @since [v1.0]
*/
public function update(Request $request, $depreciationId = null)
{
// Check if the depreciation exists
@ -127,7 +128,7 @@ class DepreciationsController extends Controller
// Was the asset created?
if ($depreciation->save()) {
// Redirect to the depreciation page
return redirect()->to("admin/settings/depreciations/")->with('success', trans('admin/depreciations/message.update.success'));
return redirect()->route("depreciations.index")->with('success', trans('admin/depreciations/message.update.success'));
}
return redirect()->back()->withInput()->withErrors($depreciation->getErrors());

147
app/Http/Controllers/LicensesController.php
View file

@ -46,6 +46,7 @@ class LicensesController extends Controller
*/
public function index()
{
$this->authorize('view', License::class);
return View::make('licenses/index');
}
@ -60,7 +61,7 @@ class LicensesController extends Controller
*/
public function create()
{
$this->authorize('create', License::class);
$maintained_list = array('' => 'Maintained', '1' => 'Yes', '0' => 'No');
return View::make('licenses/edit')
@ -86,7 +87,7 @@ class LicensesController extends Controller
*/
public function store(Request $request)
{
$this->authorize('create', License::class);
// create a new model instance
$license = new License();
@ -192,10 +193,10 @@ class LicensesController extends Controller
{
if (is_null($item = License::find($licenseId))) {
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($item)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('update', $item);
if ($item->purchase_date == "0000-00-00") {
$item->purchase_date = null;
}
@ -231,10 +232,10 @@ class LicensesController extends Controller
if (is_null($license = License::find($licenseId))) {
// Redirect to the blogs management page
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($license)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('update', $license);
// Update the license data
$license->name = e($request->input('name'));
$license->serial = e($request->input('serial'));
@ -386,10 +387,10 @@ class LicensesController extends Controller
if (is_null($license = License::find($licenseId))) {
// Redirect to the license management page
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
} elseif (!Company::isCurrentUserHasAccess($license)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('delete', $license);
if ($license->assigned_seats_count > 0) {
// Redirect to the license management page
@ -406,9 +407,6 @@ class LicensesController extends Controller
$licenseseats->delete();
$license->delete();
// Redirect to the licenses management page
return redirect()->route('licenses.index')->with('success', trans('admin/licenses/message.delete.success'));
}
@ -416,7 +414,6 @@ class LicensesController extends Controller
}
/**
* Provides the form view for checking out a license to a user.
* Here we pass the license seat ID instead of the license ID,
@ -434,10 +431,10 @@ class LicensesController extends Controller
if (is_null($licenseseat = LicenseSeat::find($seatId))) {
// Redirect to the asset management page with error
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
} elseif (!Company::isCurrentUserHasAccess($licenseseat->license)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkout', $licenseseat);
// Get the dropdown of users and then pass it to the checkout view
$users_list = Helper::usersList();
@ -467,9 +464,7 @@ class LicensesController extends Controller
$asset_id = e($request->input('asset_id'));
$user = Auth::user();
if (!Company::isCurrentUserHasAccess($licenseseat->license)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkout', $licenseseat);
// Declare the rules for the form validation
$rules = array(
@ -611,9 +606,8 @@ class LicensesController extends Controller
if (is_null($licenseseat = LicenseSeat::find($seatId))) {
// Redirect to the asset management page with error
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
} elseif (!Company::isCurrentUserHasAccess($licenseseat->license)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkin', $licenseseat);
return View::make('licenses/checkin', compact('licenseseat'))->with('backto', $backto);
}
@ -640,9 +634,7 @@ class LicensesController extends Controller
$license = License::find($licenseseat->license_id);
if (!Company::isCurrentUserHasAccess($license)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('checkin', $licenseseat);
if (!$license->reassignable) {
// Not allowed to checkin
@ -697,7 +689,8 @@ class LicensesController extends Controller
'fields' => [
[
'title' => 'Checked In:',
'value' => 'License: <'.url('/').'/admin/licenses/'.$license->id.'/view'.'|'.$license->name.'> checked in by <'.url('/').'/admin/users/'.$user->id.'/view'.'|'.$user->fullName().'>.'
'value' => 'License: <'.route('licenses.show', $license->id).'|'.$license->name
.'> checked in by <'.route('users.show', $user->id).'|'.$user->fullName().'>.'
],
[
'title' => 'Note:',
@ -739,29 +732,23 @@ class LicensesController extends Controller
{
$license = License::find($licenseId);
$license = $license->load('assignedusers', 'licenseSeats.user', 'licenseSeats.asset');
if (isset($license->id)) {
if (!Company::isCurrentUserHasAccess($license)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$license = $license->load('assignedusers', 'licenseSeats.user', 'licenseSeats.asset');
$this->authorize('view', $license);
return View::make('licenses/view', compact('license'));
} else {
$error = trans('admin/licenses/message.does_not_exist', compact('id'));
return redirect()->route('licenses.index')->with('error', $error);
}
$error = trans('admin/licenses/message.does_not_exist', compact('id'));
return redirect()->route('licenses.index')->with('error', $error);
}
public function getClone($licenseId = null)
{
if (is_null($license_to_clone = License::find($licenseId))) {
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
} elseif (!Company::isCurrentUserHasAccess($license_to_clone)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('create', License::class);
$maintained_list = array('' => 'Maintained', '1' => 'Yes', '0' => 'No');
$company_list = Helper::companyList();
//clone the orig
@ -795,16 +782,11 @@ class LicensesController extends Controller
public function postUpload($licenseId = null)
{
$license = License::find($licenseId);
// the license is valid
$destinationPath = config('app.private_uploads').'/licenses';
if (isset($license->id)) {
if (!Company::isCurrentUserHasAccess($license)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('update', $license);
if (Input::hasFile('licensefile')) {
@ -815,40 +797,31 @@ class LicensesController extends Controller
);
$validator = Validator::make(array('licensefile'=> $file), $rules);
if ($validator->passes()) {
$extension = $file->getClientOriginalExtension();
$filename = 'license-'.$license->id.'-'.str_random(8);
$filename .= '-'.str_slug($file->getClientOriginalName()).'.'.$extension;
$upload_success = $file->move($destinationPath, $filename);
//Log the upload to the log
$license->logUpload($filename, e($request->input('notes')));
} else {
if ($validator->fails()) {
return redirect()->back()->with('error', trans('admin/licenses/message.upload.invalidfiles'));
}
$extension = $file->getClientOriginalExtension();
$filename = 'license-'.$license->id.'-'.str_random(8);
$filename .= '-'.str_slug($file->getClientOriginalName()).'.'.$extension;
$upload_success = $file->move($destinationPath, $filename);
//Log the upload to the log
$license->logUpload($filename, e($request->input('notes')));
}
if ($upload_success) {
return redirect()->back()->with('success', trans('admin/licenses/message.upload.success'));
} else {
return redirect()->back()->with('success', trans('admin/licenses/message.upload.error'));
}
return redirect()->back()->with('error', trans('admin/licenses/message.upload.error'));
} else {
return redirect()->back()->with('error', trans('admin/licenses/message.upload.nofiles'));
}
} else {
// Prepare the error message
$error = trans('admin/licenses/message.does_not_exist', compact('id'));
// Redirect to the licence management page
return redirect()->route('licenses.index')->with('error', $error);
return redirect()->back()->with('error', trans('admin/licenses/message.upload.nofiles'));
}
// Prepare the error message
$error = trans('admin/licenses/message.does_not_exist', compact('id'));
// Redirect to the licence management page
return redirect()->route('licenses.index')->with('error', $error);
}
@ -869,10 +842,7 @@ class LicensesController extends Controller
// the license is valid
if (isset($license->id)) {
if (!Company::isCurrentUserHasAccess($license)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('edit', $license);
$log = Actionlog::find($fileId);
$full_filename = $destinationPath.'/'.$log->filename;
@ -882,13 +852,12 @@ class LicensesController extends Controller
$log->delete();
return redirect()->back()->with('success', trans('admin/licenses/message.deletefile.success'));
} else {
// Prepare the error message
$error = trans('admin/licenses/message.does_not_exist', compact('id'));
// Redirect to the licence management page
return redirect()->route('licenses.index')->with('error', $error);
}
// Prepare the error message
$error = trans('admin/licenses/message.does_not_exist', compact('id'));
// Redirect to the licence management page
return redirect()->route('licenses.index')->with('error', $error);
}
@ -910,20 +879,16 @@ class LicensesController extends Controller
// the license is valid
if (isset($license->id)) {
if (!Company::isCurrentUserHasAccess($license)) {
return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('view', $license);
$log = Actionlog::find($fileId);
$file = $log->get_src('licenses');
return Response::download($file);
} else {
// Prepare the error message
$error = trans('admin/licenses/message.does_not_exist', compact('id'));
// Redirect to the licence management page
return redirect()->route('licenses.index')->with('error', $error);
$log = Actionlog::find($fileId);
$file = $log->get_src('licenses');
return Response::download($file);
}
// Prepare the error message
$error = trans('admin/licenses/message.does_not_exist', compact('id'));
// Redirect to the licence management page
return redirect()->route('licenses.index')->with('error', $error);
}
@ -937,6 +902,7 @@ class LicensesController extends Controller
*/
public function getDatatable(Request $request)
{
$this->authorize('view', License::class);
$licenses = Company::scopeCompanyables(License::with('company', 'licenseSeatsRelation', 'manufacturer'));
if (Input::has('search')) {
@ -973,20 +939,20 @@ class LicensesController extends Controller
foreach ($licenses as $license) {
$actions = '<span style="white-space: nowrap;">';
if (Gate::allows('licenses.checkout')) {
if (Gate::allows('checkout', License::class)) {
$actions .= '<a href="' . route('licenses.freecheckout', $license->id)
. '" class="btn btn-primary btn-sm' . (($license->remaincount() > 0) ? '' : ' disabled') . '" style="margin-right:5px;">' . trans('general.checkout') . '</a> ';
}
if (Gate::allows('licenses.create')) {
if (Gate::allows('create', $license)) {
$actions .= '<a href="' . route('clone/license', $license->id)
. '" class="btn btn-info btn-sm" style="margin-right:5px;" title="Clone license"><i class="fa fa-files-o"></i></a>';
}
if (Gate::allows('licenses.edit')) {
if (Gate::allows('update', $license)) {
$actions .= '<a href="' . route('licenses.edit', $license->id)
. '" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a>';
}
if (Gate::allows('licenses.delete')) {
if (Gate::allows('delete', $license)) {
$actions .= '<a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'
. route('licenses.destroy', $license->id)
. '" data-content="' . trans('admin/licenses/message.delete.confirm') . '" data-title="' . trans('general.delete') . ' ' . htmlspecialchars($license->name) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>';
@ -1033,6 +999,7 @@ class LicensesController extends Controller
*/
public function getFreeLicense($licenseId)
{
$this->authorize('checkout', License::class);
if (is_null($license = License::find($licenseId))) {
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
}

22
app/Http/Controllers/LocationsController.php
View file

@ -4,6 +4,7 @@ namespace App\Http\Controllers;
use Input;
use Lang;
use App\Models\Location;
use phpDocumentor\Reflection\Types\Array_;
use Redirect;
use App\Models\Setting;
use App\Models\User;
@ -354,15 +355,16 @@ class LocationsController extends Controller
/**
* Returns a JSON response that contains the users association with the
* selected location, to be used by the location detail view.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @see LocationsController::getView() method that creates the display view
* @param int $locationId
* @since [v1.8]
* @return View
*/
* Returns a JSON response that contains the users association with the
* selected location, to be used by the location detail view.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @see LocationsController::getView() method that creates the display view
* @param $locationID
* @return array
* @internal param int $locationId
* @since [v1.8]
*/
public function getDataViewUsers($locationID)
{
$location = Location::find($locationID);
@ -377,7 +379,7 @@ class LocationsController extends Controller
foreach ($users as $user) {
$rows[] = array(
'name' => (string)link_to('/admin/users/'.$user->id.'/view', e($user->fullName()))
'name' => (string)link_to_route('users.show', e($user->fullName()), ['user'=>$user->id])
);
}

101
app/Http/Controllers/ManufacturersController.php
View file

@ -1,9 +1,7 @@
<?php
namespace App\Http\Controllers;
use App\Models\Company;
use App\Models\Manufacturer;
use App\Models\Setting;
use Auth;
use Gate;
use Input;
@ -197,7 +195,7 @@ class ManufacturersController extends Controller
*/
public function getDatatable(Request $request)
{
$manufacturers = Manufacturer::select(array('id','name'))->with('assets')
$manufacturers = Manufacturer::select(array('id','name'))->with('assets', 'licenses', 'accessories', 'consumables')
->whereNull('deleted_at');
if ($request->has('search')) {
@ -231,9 +229,12 @@ class ManufacturersController extends Controller
$actions = '<a href="'.route('manufacturers.edit', $manufacturer->id).'" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'.route('manufacturers.destroy', $manufacturer->id).'" data-content="'.trans('admin/manufacturers/message.delete.confirm').'" data-title="'.trans('general.delete').' '.htmlspecialchars($manufacturer->name).'?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>';
$rows[] = array(
'id' => $manufacturer->id,
'id' => $manufacturer->id,
'name' => (string)link_to_route('manufacturers.show', e($manufacturer->name),['manufacturer' => $manufacturer->id]),
'assets' => $manufacturer->assets->count(),
'assets' => $manufacturer->assets->count(),
'licenses' => $manufacturer->licenses->count(),
'accessories' => $manufacturer->accessories->count(),
'consumables' => $manufacturer->consumables->count(),
'actions' => $actions
);
}
@ -246,36 +247,37 @@ class ManufacturersController extends Controller
/**
* Generates the JSON used to display the manufacturer detail.
* This JSON returns data on all of the assets with the specified
* manufacturer ID number.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @see ManufacturersController::getView()
* @param int $manufacturerId
* @since [v1.0]
* @return String JSON
*/
public function getDataView($manufacturerId, $itemtype = null)
* Generates the JSON used to display the manufacturer detail.
* This JSON returns data on all of the assets with the specified
* manufacturer ID number.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @see ManufacturersController::getView()
* @param int $manufacturerId
* @param string $itemtype
* @param Request $request
* @return String JSON* @since [v1.0]
*/
public function getDataView($manufacturerId, $itemtype = null, Request $request)
{
$manufacturer = Manufacturer::find($manufacturerId);
switch ($itemtype) {
case "assets":
return $this->getDataAssetsView($manufacturer);
return $this->getDataAssetsView($manufacturer, $request);
case "licenses":
return $this->getDataLicensesView($manufacturer);
return $this->getDataLicensesView($manufacturer, $request);
case "accessories":
return $this->getDataAccessoriesView($manufacturer);
return $this->getDataAccessoriesView($manufacturer, $request);
case "consumables":
return $this->getDataConsumablesView($manufacturer);
return $this->getDataConsumablesView($manufacturer, $request);
}
throw new Exception("We shouldn't be here");
}
protected function getDataAssetsView(Manufacturer $manufacturer)
protected function getDataAssetsView(Manufacturer $manufacturer, Request $request)
{
$manufacturer = $manufacturer->load('assets.model', 'assets.assigneduser', 'assets.assetstatus', 'assets.company');
$manufacturer_assets = $manufacturer->assets;
@ -308,30 +310,29 @@ class ManufacturersController extends Controller
$actions = '';
if ($asset->deleted_at=='') {
$actions = '<div style=" white-space: nowrap;"><a href="'.route('clone/hardware', $asset->id).'" class="btn btn-info btn-sm" title="Clone asset"><i class="fa fa-files-o"></i></a> <a href="'.route('hardware.edit', $asset->id).'" class="btn btn-warning btn-sm"><i class="fa fa-pencil icon-white"></i></a> <a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'.route('delete/hardware', $asset->id).'" data-content="'.trans('admin/hardware/message.delete.confirm').'" data-title="'.trans('general.delete').' '.htmlspecialchars($asset->asset_tag).'?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a></div>';
$actions = '<div style=" white-space: nowrap;"><a href="'.route('clone/hardware', $asset->id).'" class="btn btn-info btn-sm" title="Clone asset"><i class="fa fa-files-o"></i></a> <a href="'.route('hardware.edit', $asset->id).'" class="btn btn-warning btn-sm"><i class="fa fa-pencil icon-white"></i></a> <a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'.route('hardware.destroy', $asset->id).'" data-content="'.trans('admin/hardware/message.delete.confirm').'" data-title="'.trans('general.delete').' '.htmlspecialchars($asset->asset_tag).'?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a></div>';
} elseif ($asset->deleted_at!='') {
$actions = '<a href="'.route('restore/hardware', $asset->id).'" class="btn btn-warning btn-sm"><i class="fa fa-recycle icon-white"></i></a>';
}
if ($asset->availableForCheckout()) {
if (Gate::allows('assets.checkout')) {
if (Gate::allows('checkout', $asset)) {
$inout = '<a href="'.route('checkout/hardware', $asset->id).'" class="btn btn-info btn-sm">'.trans('general.checkout').'</a>';
}
} else {
if (Gate::allows('assets.checkin')) {
if (Gate::allows('checkin', $asset)) {
$inout = '<a href="'.route('checkin/hardware', $asset->id).'" class="btn btn-primary btn-sm">'.trans('general.checkin').'</a>';
}
}
$rows[] = array(
'id' => $asset->id,
'name' => (string)link_to('/hardware/'.$asset->id.'/view', e($asset->showAssetName())),
'name' => (string)link_to_route('hardware.show', e($asset->showAssetName()), [$asset->id]),
'model' => e($asset->model->name),
'asset_tag' => e($asset->asset_tag),
'serial' => e($asset->serial),
'assigned_to' => ($asset->assigneduser) ? (string)link_to('/admin/users/'.$asset->assigneduser->id.'/view', e($asset->assigneduser->fullName())): '',
'assigned_to' => ($asset->assigneduser) ? (string)link_to_route('users.show', e($asset->assigneduser->fullName()), [$asset->assigneduser->id]): '',
'actions' => $actions,
// 'companyName' => e(Company::getName($asset)),
'companyName' => is_null($asset->company) ? '' : $asset->company->name
);
@ -344,7 +345,7 @@ class ManufacturersController extends Controller
return $data;
}
protected function getDataLicensesView(Manufacturer $manufacturer)
protected function getDataLicensesView(Manufacturer $manufacturer, Request $request)
{
$manufacturer = $manufacturer->load('licenses.company', 'licenses.manufacturer', 'licenses.licenseSeatsRelation');
$licenses = $manufacturer->licenses;
@ -360,30 +361,30 @@ class ManufacturersController extends Controller
foreach ($licenses as $license) {
$actions = '<span style="white-space: nowrap;">';
if (Gate::allows('licenses.checkout')) {
if (Gate::allows('checkout', \App\Models\License::class)) {
$actions .= '<a href="' . route('licenses.freecheckout', $license->id)
. '" class="btn btn-primary btn-sm' . (($license->remaincount() > 0) ? '' : ' disabled') . '" style="margin-right:5px;">' . trans('general.checkout') . '</a> ';
}
if (Gate::allows('licenses.create')) {
if (Gate::allows('create', $license)) {
$actions .= '<a href="' . route('clone/license', $license->id)
. '" class="btn btn-info btn-sm" style="margin-right:5px;" title="Clone asset"><i class="fa fa-files-o"></i></a>';
}
if (Gate::allows('licenses.edit')) {
if (Gate::allows('edit', $license)) {
$actions .= '<a href="' . route('licenses.edit', ['license' => $license->id])
. '" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a>';
}
if (Gate::allows('licenses.delete')) {
if (Gate::allows('delete', $license)) {
$actions .= '<a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'
. route('delete/license', $license->id)
. route('licenses.destroy', $license->id)
. '" data-content="' . trans('admin/licenses/message.delete.confirm') . '" data-title="' . trans('general.delete') . ' ' . htmlspecialchars($license->name) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>';
}
$actions .='</span>';
$rows[] = array(
'id' => $license->id,
'name' => (string) link_to('/admin/licenses/'.$license->id.'/view', $license->name),
'serial' => (string) link_to('/admin/licenses/'.$license->id.'/view', mb_strimwidth($license->serial, 0, 50, "...")),
'name' => (string) link_to_route('licenses.show', $license->name, [$license->id]),
'serial' => (string) link_to_route('licenses.show', mb_strimwidth($license->serial, 0, 50, "..."), [$license->id]),
'totalSeats' => $license->licenseSeatCount,
'remaining' => $license->remaincount(),
'license_name' => e($license->license_name),
@ -396,7 +397,7 @@ class ManufacturersController extends Controller
'notes' => ($license->notes) ? e($license->notes) : '',
'actions' => $actions,
'companyName' => is_null($license->company) ? '' : e($license->company->name),
'manufacturer' => $license->manufacturer ? (string) link_to('/admin/settings/manufacturers/'.$license->manufacturer_id.'/view', $license->manufacturer->name) : ''
'manufacturer' => $license->manufacturer ? (string) link_to_route('manufacturers.show', $license->manufacturer->name, [$license->manufacturer_id]) : ''
);
}
@ -405,7 +406,7 @@ class ManufacturersController extends Controller
return $data;
}
public function getDataAccessoriesView(Manufacturer $manufacturer)
public function getDataAccessoriesView(Manufacturer $manufacturer, Request $request)
{
$manufacturer = $manufacturer->load(
'accessories.location',
@ -433,15 +434,15 @@ class ManufacturersController extends Controller
foreach ($accessories as $accessory) {
$actions = '<nobr>';
if (Gate::allows('accessories.checkout')) {
if (Gate::allows('checkout', $accessory)) {
$actions .= '<a href="' . route('checkout/accessory',
$accessory->id) . '" style="margin-right:5px;" class="btn btn-info btn-sm" ' . (($accessory->numRemaining() > 0) ? '' : ' disabled') . '>' . trans('general.checkout') . '</a>';
}
if (Gate::allows('accessories.edit')) {
if (Gate::allows('update', $accessory)) {
$actions .= '<a href="' . route('accessories.update',
$accessory->id) . '" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a>';
}
if (Gate::allows('accessories.delete')) {
if (Gate::allows('delete', $accessory)) {
$actions .= '<a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="' . route('accessories.destroy',
$accessory->id) . '" data-content="' . trans('admin/accessories/message.delete.confirm') . '" data-title="' . trans('general.delete') . ' ' . htmlspecialchars($accessory->name) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>';
}
@ -449,8 +450,8 @@ class ManufacturersController extends Controller
$company = $accessory->company;
$rows[] = array(
'name' => '<a href="'.url('admin/accessories/'.$accessory->id).'/view">'. $accessory->name.'</a>',
'category' => ($accessory->category) ? (string)link_to('admin/settings/categories/'.$accessory->category->id.'/view', $accessory->category->name) : '',
'name' => (string)link_to_route('accessories.show', $accessory->name, [$accessory->id]),
'category' => ($accessory->category) ? (string)link_to_route('categories.show', $accessory->category->name, [$accessory->category->id]) : '',
'qty' => e($accessory->qty),
'order_number' => e($accessory->order_number),
'min_amt' => e($accessory->min_amt),
@ -460,7 +461,7 @@ class ManufacturersController extends Controller
'numRemaining' => $accessory->numRemaining(),
'actions' => $actions,
'companyName' => is_null($company) ? '' : e($company->name),
'manufacturer' => $accessory->manufacturer ? (string) link_to('/admin/settings/manufacturers/'.$accessory->manufacturer_id.'/view', $accessory->manufacturer->name) : ''
'manufacturer' => $accessory->manufacturer ? (string) link_to_route('manufacturers.show', $accessory->manufacturer->name, [$accessory->manufacturer_id]) : ''
);
}
@ -470,7 +471,7 @@ class ManufacturersController extends Controller
return $data;
}
public function getDataConsumablesView($manufacturer)
public function getDataConsumablesView($manufacturer, Request $request)
{
$manufacturer = $manufacturer->load(
'consumables.location',
@ -497,16 +498,16 @@ class ManufacturersController extends Controller
foreach ($consumables as $consumable) {
$actions = '<nobr>';
if (Gate::allows('consumables.checkout')) {
if (Gate::allows('checkout', $consumable)) {
$actions .= '<a href="' . route('checkout/consumable',
$consumable->id) . '" style="margin-right:5px;" class="btn btn-info btn-sm" ' . (($consumable->numRemaining() > 0) ? '' : ' disabled') . '>' . trans('general.checkout') . '</a>';
}
if (Gate::allows('consumables.edit')) {
if (Gate::allows('update', $consumable)) {
$actions .= '<a href="' . route('consumables.edit',
$consumable->id) . '" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a>';
}
if (Gate::allows('consumables.delete')) {
if (Gate::allows('delete', $consumable)) {
$actions .= '<a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="' . route('consumables.destroy',
$consumable->id) . '" data-content="' . trans('admin/consumables/message.delete.confirm') . '" data-title="' . trans('general.delete') . ' ' . htmlspecialchars($consumable->name) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a>';
}
@ -517,14 +518,14 @@ class ManufacturersController extends Controller
$rows[] = array(
'id' => $consumable->id,
'name' => (string)link_to('admin/consumables/'.$consumable->id.'/view', e($consumable->name)),
'name' => (string)link_to_route('consumables.show', e($consumable->name), [$consumable->id]),
'location' => ($consumable->location) ? e($consumable->location->name) : '',
'min_amt' => e($consumable->min_amt),
'qty' => e($consumable->qty),
'manufacturer' => ($consumable->manufacturer) ? (string) link_to('/admin/settings/manufacturers/'.$consumable->manufacturer_id.'/view', $consumable->manufacturer->name): '',
'manufacturer' => ($consumable->manufacturer) ? (string) link_to_route('manufacturers.show', $consumable->manufacturer->name, [$consumable->manufacturer_id]): '',
'model_number' => e($consumable->model_number),
'item_no' => e($consumable->item_no),
'category' => ($consumable->category) ? (string) link_to('/admin/settings/categories/'.$consumable->category_id.'/view', $consumable->category->name) : 'Missing category',
'category' => ($consumable->category) ? (string) link_to_route('categories.show', $consumable->category->name, [$consumable->category_id]) : 'Missing category',
'order_number' => e($consumable->order_number),
'purchase_date' => e($consumable->purchase_date),
'purchase_cost' => ($consumable->purchase_cost!='') ? number_format($consumable->purchase_cost, 2): '' ,

2
app/Http/Controllers/ReportsController.php
View file

@ -386,7 +386,7 @@ class ReportsController extends Controller
'icon' => '<i class="'.$activity->parseItemIcon().'"></i>',
'created_at' => date("M d, Y g:iA", strtotime($activity->created_at)),
'action_type' => strtolower(trans('general.'.str_replace(' ','_',$activity->action_type))),
'admin' => $activity->user ? (string) link_to('/admin/users/'.$activity->user_id.'/view', $activity->user->fullName()) : '',
'admin' => $activity->user ? (string) link_to_route('users.show', $activity->user->fullName(), [$activity->user_id]) : '',
'target' => $activity_target,
'item' => $activity_item,
'item_type' => $item_type,

172
app/Http/Controllers/UsersController.php
View file

@ -59,6 +59,7 @@ class UsersController extends Controller
*/
public function index()
{
$this->authorize('index', User::class);
return View::make('users/index');
}
@ -71,7 +72,7 @@ class UsersController extends Controller
*/
public function create()
{
$this->authorize('create', User::class);
$groups = Group::pluck('name', 'id');
if (Input::old('groups')) {
@ -104,7 +105,7 @@ class UsersController extends Controller
*/
public function store(SaveUserRequest $request)
{
$this->authorize('create', User::class);
$user = new User;
//Username, email, and password need to be handled specially because the need to respect config values on an edit.
$user->email = $data['email'] = e($request->input('email'));
@ -191,6 +192,7 @@ class UsersController extends Controller
*/
public function apiStore()
{
$this->authorize('create', User::class);
$user = new User;
$inputs = Input::except('csrf_token', 'password_confirm', 'groups', 'email_user');
@ -260,12 +262,9 @@ class UsersController extends Controller
try {
// Get the user information
$user = User::find($id);
$this->authorize('update', $user);
$permissions = config('permissions');
if (!Company::isCurrentUserHasAccess($user)) {
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
}
$groups = Group::pluck('name', 'id');
$userGroups = $user->groups()->pluck('name', 'id');
@ -312,7 +311,7 @@ class UsersController extends Controller
try {
$user = User::find($id);
$this->authorize('update', $user);
// Figure out of this user was an admin before this edit
$orig_permissions_array = $user->decodePermissions();
@ -326,11 +325,6 @@ class UsersController extends Controller
$orig_superuser = '0';
}
if (!Company::isCurrentUserHasAccess($user)) {
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
}
} catch (UserNotFoundException $e) {
$error = trans('admin/users/message.user_not_found', compact('id'));
return redirect()->route('users.index')->with('error', $error);
@ -422,22 +416,8 @@ class UsersController extends Controller
try {
// Get user information
$user = User::find($id);
// Check if we are not trying to delete ourselves
if ($user->id === Auth::user()->id) {
// Prepare the error message
$error = trans('admin/users/message.error.delete');
// Redirect to the user management page
return redirect()->route('users.index')->with('error', $error);
}
// Do we have permission to delete this user?
if ((!Auth::user()->isSuperUser()) || (config('app.lock_passwords'))) {
// Redirect to the user management page
return redirect()->route('users.index')->with('error', 'Insufficient permissions!');
}
// Authorize takes care of many of our logic checks now.
$this->authorize('delete', User::class);
if (count($user->assets) > 0) {
@ -483,7 +463,7 @@ class UsersController extends Controller
*/
public function postBulkEdit()
{
$this->authorize('update', User::class);
if ((!Input::has('edit_user')) || (count(Input::has('edit_user')) == 0)) {
return redirect()->back()->with('error', 'No users selected');
} else {
@ -509,6 +489,7 @@ class UsersController extends Controller
*/
public function postBulkSave()
{
$this->authorize('update', User::class);
if ((!Input::has('edit_user')) || (count(Input::has('edit_user')) == 0)) {
return redirect()->back()->with('error', 'No users selected');
@ -613,24 +594,18 @@ class UsersController extends Controller
*/
public function getRestore($id = null)
{
$this->authorize('edit', User::class);
// Get user information
if (!$user = User::onlyTrashed()->find($id)) {
return redirect()->route('users.index')->with('error', trans('admin/users/messages.user_not_found'));
}
if (!Company::isCurrentUserHasAccess($user)) {
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
} else {
// Restore the user
if (User::withTrashed()->where('id', $id)->restore()) {
return redirect()->route('users.index')->with('success', trans('admin/users/message.success.restored'));
} else {
return redirect()->route('users.index')->with('error', 'User could not be restored.');
}
// Restore the user
if (User::withTrashed()->where('id', $id)->restore()) {
return redirect()->route('users.index')->with('success', trans('admin/users/message.success.restored'));
}
return redirect()->route('users.index')->with('error', 'User could not be restored.');
}
@ -644,25 +619,20 @@ class UsersController extends Controller
*/
public function show($userId = null)
{
$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($userId);
$userlog = $user->userlog->load('item');
if (isset($user->id)) {
if (!Company::isCurrentUserHasAccess($user)) {
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
} else {
return View::make('users/view', compact('user', 'userlog'));
}
} else {
// Prepare the error message
if(!$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($userId)) {
$error = trans('admin/users/message.user_not_found', compact('id'));
// Redirect to the user management page
return redirect()->route('users.index')->with('error', $error);
}
$userlog = $user->userlog->load('item');
if (isset($user->id)) {
$this->authorize('view', $user);
return View::make('users/view', compact('user', 'userlog'));
}
}
/**
@ -677,7 +647,8 @@ class UsersController extends Controller
{
try {
// Get user information
//$user = User::find($id);
$user = User::find($id);
$this->authorize('edit', $user);
// Check if we are not trying to unsuspend ourselves
if ($user->id === Auth::user()->id) {
@ -720,6 +691,7 @@ class UsersController extends Controller
*/
public function getClone($id = null)
{
$this->authorize('create', User::class);
// We need to reverse the UI specific logic for our
// permissions here before we update the user.
$permissions = Input::get('permissions', array());
@ -781,6 +753,7 @@ class UsersController extends Controller
*/
public function getImport()
{
$this->authorize('update', User::class);
// Get all the available groups
//$groups = Sentry::getGroupProvider()->findAll();
// Selected groups
@ -804,7 +777,7 @@ class UsersController extends Controller
*/
public function postImport()
{
$this->authorize('update', User::class);
if (!ini_get("auto_detect_line_endings")) {
ini_set("auto_detect_line_endings", '1');
}
@ -906,7 +879,7 @@ class UsersController extends Controller
*/
public function getDatatable(Request $request, $status = null)
{
$this->authorize('view', User::class);
if (Input::has('offset')) {
$offset = e(Input::get('offset'));
} else {
@ -971,31 +944,31 @@ class UsersController extends Controller
$actions = '<nobr>';
foreach ($user->groups as $group) {
$group_names .= '<a href="' . \url('/') . '/admin/groups/' . $group->id . '/edit" class="label label-default">' . $group->name . '</a> ';
$group_names .= '<a href="' . route('update/group', $group->id) . '" class="label label-default">' . $group->name . '</a> ';
}
if (!is_null($user->deleted_at)) {
if (Gate::allows('users.delete')) {
if (Gate::allows('delete', $user)) {
$actions .= '<a href="' . route('restore/user',
$user->id) . '" class="btn btn-warning btn-sm"><i class="fa fa-share icon-white"></i></a> ';
}
} else {
if (Gate::allows('users.delete')) {
if (Gate::allows('delete', $user)) {
if ($user->accountStatus() == 'suspended') {
$actions .= '<a href="' . route('unsuspend/user',
$user->id) . '" class="btn btn-default btn-sm"><span class="fa fa-clock-o"></span></a> ';
}
}
if (Gate::allows('users.edit')) {
if (Gate::allows('update', $user)) {
$actions .= '<a href="' . route('users.edit',
$user->id) . '" class="btn btn-warning btn-sm"><i class="fa fa-pencil icon-white"></i></a> ';
$actions .= '<a href="' . route('clone/user',
$user->id) . '" class="btn btn-info btn-sm"><i class="fa fa-clone"></i></a>';
}
if (Gate::allows('users.delete')) {
if (Gate::allows('delete', $user)) {
if ((Auth::user()->id !== $user->id) && (!config('app.lock_passwords'))) {
$actions .= '<a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="' . route('users.destroy',
$user->id) . '" data-content="Are you sure you wish to delete this user?" data-title="Delete ' . htmlspecialchars($user->first_name) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a> ';
@ -1052,15 +1025,11 @@ class UsersController extends Controller
public function postUpload(AssetFileRequest $request, $userId = null)
{
$user = User::find($userId);
$destinationPath = config('app.private_uploads') . '/users';
if (isset($user->id)) {
if (!Company::isCurrentUserHasAccess($user)) {
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
}
$this->authorize('update', $user);
foreach (Input::file('file') as $file) {
@ -1069,7 +1038,7 @@ class UsersController extends Controller
$filename .= '-' . str_slug($file->getClientOriginalName()) . '.' . $extension;
$upload_success = $file->move($destinationPath, $filename);
//Log the deletion of seats to the log
//Log the uploaded file to the log
$logaction = new Actionlog();
$logaction->item_id = $user->id;
$logaction->item_type = User::class;
@ -1084,9 +1053,8 @@ class UsersController extends Controller
}
return JsonResponse::create($logaction);
} else {
return JsonResponse::create(["error" => "Failed validation: ".print_r($logaction->getErrors(), true)], 500);
}
return JsonResponse::create(["error" => "Failed validation: ".print_r($logaction->getErrors(), true)], 500);
}
@ -1106,25 +1074,21 @@ class UsersController extends Controller
// the license is valid
if (isset($user->id)) {
if (!Company::isCurrentUserHasAccess($user)) {
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
} else {
$log = Actionlog::find($fileId);
$full_filename = $destinationPath . '/' . $log->filename;
if (file_exists($full_filename)) {
unlink($destinationPath . '/' . $log->filename);
}
$log->delete();
return redirect()->back()->with('success', trans('admin/users/message.deletefile.success'));
$this->authorize('update', $user);
$log = Actionlog::find($fileId);
$full_filename = $destinationPath . '/' . $log->filename;
if (file_exists($full_filename)) {
unlink($destinationPath . '/' . $log->filename);
}
} else {
// Prepare the error message
$error = trans('admin/users/message.does_not_exist', compact('id'));
// Redirect to the licence management page
return redirect()->route('users.index')->with('error', $error);
$log->delete();
return redirect()->back()->with('success', trans('admin/users/message.deletefile.success'));
}
// Prepare the error message
$error = trans('admin/users/message.does_not_exist', compact('id'));
// Redirect to the licence management page
return redirect()->route('users.index')->with('error', $error);
}
/**
@ -1138,25 +1102,21 @@ class UsersController extends Controller
*/
public function displayFile($userId = null, $fileId = null)
{
$user = User::find($userId);
// the license is valid
if (isset($user->id)) {
if (!Company::isCurrentUserHasAccess($user)) {
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
} else {
$log = Actionlog::find($fileId);
$file = $log->get_src('users');
return Response::download($file);
}
} else {
// Prepare the error message
$error = trans('admin/users/message.does_not_exist', compact('id'));
$this->authorize('view', $user);
// Redirect to the licence management page
return redirect()->route('users.index')->with('error', $error);
$log = Actionlog::find($fileId);
$file = $log->get_src('users');
return Response::download($file);
}
// Prepare the error message
$error = trans('admin/users/message.does_not_exist', compact('id'));
// Redirect to the licence management page
return redirect()->route('users.index')->with('error', $error);
}
/**
@ -1168,20 +1128,20 @@ class UsersController extends Controller
*/
public function getLDAP()
{
$this->authorize('update', User::class);
$location_list = Helper::locationsList();
try {
$ldapconn = Ldap::connectToLdap();
} catch (\Exception $e) {
return redirect()->route('users.index')->with('error',$e->getMessage());
return redirect()->route('users.index')->with('error', $e->getMessage());
}
try {
Ldap::bindAdminToLdap($ldapconn);
} catch (\Exception $e) {
return redirect()->route('users.index')->with('error',$e->getMessage());
return redirect()->route('users.index')->with('error', $e->getMessage());
}
return View::make('users/ldap')
@ -1217,6 +1177,7 @@ class UsersController extends Controller
*/
public function postLDAP(Request $request)
{
$this->authorize('update', User::class);
ini_set('max_execution_time', 600); //600 seconds = 10 minutes
ini_set('memory_limit', '500M');
@ -1313,6 +1274,7 @@ class UsersController extends Controller
*/
public function getAssetList($userId)
{
$this->authorize('view', User::class);
$assets = Asset::where('assigned_to', '=', $userId)->with('model')->get();
return response()->json($assets);
}
@ -1326,7 +1288,7 @@ class UsersController extends Controller
*/
public function getExportUserCsv()
{
$this->authorize('view', User::class);
\Debugbar::disable();

2
app/Http/Kernel.php
View file

@ -56,6 +56,8 @@ class Kernel extends HttpKernel
'auth' => \App\Http\Middleware\Authenticate::class,
'authorize' => \App\Http\Middleware\CheckPermissions::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstitutionBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];

4
app/Models/Asset.php
View file

@ -178,7 +178,9 @@ class Asset extends Depreciable
'fields' => [
[
'title' => 'Checked Out:',
'value' => 'HARDWARE asset <'.config('app.url').'/hardware/'.$this->id.'/view'.'|'.$this->showAssetName().'> checked out to <'.config('app.url').'/admin/users/'.$this->assigned_to.'/view|'.$this->assigneduser->fullName().'> by <'.config('app.url').'/admin/users/'.Auth::user()->id.'/view'.'|'.$admin->fullName().'>.'
'value' => 'HARDWARE asset <'.route('hardware.show', $this->id).'|'.$this->showAssetName()
.'> checked out to <'.route('users.show', $this->assigned_to).'|'.$this->assigneduser->fullName()
.'> by <'.route('users.show', Auth::user()->id).'|'.$admin->fullName().'>.'
],
[
'title' => 'Note:',

6
app/Models/AssetMaintenance.php
View file

@ -28,9 +28,9 @@ class AssetMaintenance extends Model implements ICompanyableChild
'asset_maintenance_type' => 'required',
'title' => 'required|max:100',
'is_warranty' => 'boolean',
'start_date' => 'required|date_format:Y-m-d',
'completion_date' => 'date_format:Y-m-d',
'notes' => 'string',
'start_date' => 'required|date_format:"Y-m-d"',
'completion_date' => 'date_format:"Y-m-d',
'notes' => 'string|nullable',
'cost' => 'numeric|nullable'
];

16
app/Models/Setting.php
View file

@ -61,23 +61,15 @@ class Setting extends Model
public static function setupCompleted()
{
$users_table_exists = Schema::hasTable('users');
$settings_table_exists = Schema::hasTable('settings');
if ($users_table_exists && $settings_table_exists) {
$usercount = User::withTrashed()->count();
if ($usercount > 0) {
return true;
}
return false;
} else {
return false;
$settingsCount = Setting::count();
return ($usercount > 0 && $settingsCount > 0);
}
return false;
}

8
app/Models/User.php
View file

@ -29,6 +29,10 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
protected $injectUniqueIdentifier = true;
protected $fillable = ['first_name', 'last_name', 'email','password','username'];
protected $casts = [
'activated' => 'boolean',
'employee_num' => 'integer'
];
/**
* Model validation rules
@ -41,16 +45,15 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
'username' => 'required|string|min:2|unique_undeleted',
'email' => 'email',
'password' => 'required|min:6',
'locale' => 'max:10'
];
public function hasAccess($section)
{
if ($this->isSuperUser()) {
return true;
}
$user_groups = $this->groups;
@ -64,7 +67,6 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
if (($user_permissions!='') && ((array_key_exists($section, $user_permissions)) && ($user_permissions[$section]=='1'))) {
return true;
}
// If the user is explicitly denied, return false
if (($user_permissions=='') || array_key_exists($section, $user_permissions) && ($user_permissions[$section]=='-1')) {
return false;

119
app/Policies/AccessoryPolicy.php Normal file
View file

@ -0,0 +1,119 @@
<?php
namespace App\Policies;
use App\Models\Accessory;
use App\Models\Company;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class AccessoryPolicy
{
use HandlesAuthorization;
public function before(User $user, $ability, $accessory)
{
// Lets move all company related checks here.
if ($accessory instanceof \App\Models\Accessory && !Company::isCurrentUserHasAccess($accessory)) {
return false;
}
// If an admin, they can do all asset related tasks.
if ($user->hasAccess('admin')) {
return true;
}
}
public function index(User $user)
{
// dd('here');
return $user->hasAccess('accessories.view');
}
/**
* Determine whether the user can view the accessory.
*
* @param \App\User $user
* @param \App\Accessory $accessory
* @return mixed
*/
public function view(User $user, Accessory $accessory = null)
{
//
return $user->hasAccess('accessories.view');
}
/**
* Determine whether the user can create accessories.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
//
return $user->hasAccess('accessories.create');
}
/**
* Determine whether the user can update the accessory.
*
* @param \App\User $user
* @param \App\Accessory $accessory
* @return mixed
*/
public function update(User $user, Accessory $accessory = null)
{
//
return $user->hasAccess('accessories.edit');
}
/**
* Determine whether the user can delete the accessory.
*
* @param \App\User $user
* @param \App\Accessory $accessory
* @return mixed
*/
public function delete(User $user, Accessory $accessory = null)
{
//
return $user->hasAccess('accessories.delete');
}
/**
* Determine whether the user can checkout the accessory.
*
* @param \App\User $user
* @param \App\Accessory $accessory
* @return mixed
*/
public function checkout(User $user, Accessory $accessory = null)
{
return $user->hasAccess('accessories.checkout');
}
/**
* Determine whether the user can checkin the accessory.
*
* @param \App\User $user
* @param \App\Accessory $accessory
* @return mixed
*/
public function checkin(User $user, Accessory $accessory = null)
{
return $user->hasAccess('accessories.checkin');
}
/**
* Determine whether the user can manage the accessory.
*
* @param \App\User $user
* @param \App\Accessory $accessory
* @return mixed
*/
public function manage(User $user, Accessory $accessory = null)
{
return $user->hasAccess('accessories.checkin')
|| $user->hasAccess('accessories.edit')
|| $user->hasAccess('accessories.checkout');
}
}

81
app/Policies/AssetPolicy.php Normal file
View file

@ -0,0 +1,81 @@
<?php
namespace App\Policies;
use App\Models\Asset;
use App\Models\Company;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class AssetPolicy
{
use HandlesAuthorization;
/**
* Create a new policy instance.
*
* @return void
*/
public function __construct()
{
//
}
public function before(User $user, $ability, $asset)
{
// Lets move all company related checks here.
if ($asset instanceof \App\Models\Asset && !Company::isCurrentUserHasAccess($asset)) {
return false;
}
// If an admin, they can do all asset related tasks.
if ($user->hasAccess('admin')) {
return true;
}
}
public function index(User $user)
{
return $user->hasAccess('assets.view');
}
public function view(User $user, Asset $asset)
{
return $user->hasAccess('assets.view');
}
public function viewRequestable(User $user, Asset $asset=null)
{
return $user->hasAccess('assets.view.requestable');
}
public function create(User $user)
{
return $user->hasAccess('assets.create');
}
public function checkout(User $user, Asset $asset = null)
{
return $user->hasAccess('assets.checkout');
}
public function checkin(User $user, Asset $asset = null)
{
return $user->hasAccess('assets.checkin');
}
public function delete(User $user, Asset $asset = null)
{
return $user->hasAccess('assets.delete');
}
public function manage(User $user, Asset $asset = null)
{
return $user->hasAccess('assets.checkin')
|| $user->hasAccess('assets.edit')
|| $user->hasAccess('assets.delete')
|| $user->hasAccess('assets.checkout');
}
public function update(User $user, Asset $asset = null)
{
return $user->hasAccess('assets.edit');
}
}

114
app/Policies/ComponentPolicy.php Normal file
View file

@ -0,0 +1,114 @@
<?php
namespace App\Policies;
use App\Models\Company;
use App\Models\Component;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class ComponentPolicy
{
use HandlesAuthorization;
public function before(User $user, $ability, $component)
{
// Lets move all company related checks here.
if ($component instanceof \App\Models\Component && !Company::isCurrentUserHasAccess($component)) {
return false;
}
// If an admin, they can do all asset related tasks.
if ($user->hasAccess('admin')) {
return true;
}
}
/**
* Determine whether the user can view the component.
*
* @param \App\User $user
* @param \App\Component $component
* @return mixed
*/
public function view(User $user, Component $component = null)
{
//
return $user->hasAccess('components.view');
}
/**
* Determine whether the user can create components.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
//
return $user->hasAccess('components.create');
}
/**
* Determine whether the user can update the component.
*
* @param \App\User $user
* @param \App\Component $component
* @return mixed
*/
public function update(User $user, Component $component = null)
{
//
return $user->hasAccess('components.edit');
}
/**
* Determine whether the user can delete the component.
*
* @param \App\User $user
* @param \App\Component $component
* @return mixed
*/
public function delete(User $user, Component $component = null)
{
//
return $user->hasAccess('components.delete');
}
/**
* Determine whether the user can checkout the component.
*
* @param \App\User $user
* @param \App\Accessory $component
* @return mixed
*/
public function checkout(User $user, Component $component = null)
{
return $user->hasAccess('components.checkout');
}
/**
* Determine whether the user can checkin the component.
*
* @param \App\User $user
* @param \App\Component $component
* @return mixed
*/
public function checkin(User $user, Component $component = null)
{
return $user->hasAccess('components.checkin');
}
/**
* Determine whether the user can manage the component.
*
* @param \App\User $user
* @param \App\Component $component
* @return mixed
*/
public function manage(User $user, Component $component = null)
{
return $user->hasAccess('components.checkin')
|| $user->hasAccess('components.edit')
|| $user->hasAccess('components.checkout');
}
}

119
app/Policies/ConsumablePolicy.php Normal file
View file

@ -0,0 +1,119 @@
<?php
namespace App\Policies;
use App\Models\Company;
use App\Models\Consumable;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class ConsumablePolicy
{
use HandlesAuthorization;
public function before(User $user, $ability, $consumable)
{
// Lets move all company related checks here.
if ($consumable instanceof \App\Models\Consumable && !Company::isCurrentUserHasAccess($consumable)) {
return false;
}
// If an admin, they can do all asset related tasks.
if ($user->hasAccess('admin')) {
return true;
}
}
/**
* Determine whether the user can view the consumable.
*
* @param \App\User $user
* @param \App\Consumable $consumable
* @return mixed
*/
public function view(User $user, Consumable $consumable = null)
{
//
return $user->hasAccess('consumables.view');
}
/**
* Determine whether the user can create consumables.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
//
return $user->hasAccess('consumables.create');
}
/**
* Determine whether the user can update the consumable.
*
* @param \App\User $user
* @param \App\Consumable $consumable
* @return mixed
*/
public function update(User $user, Consumable $consumable = null)
{
//
return $user->hasAccess('consumables.edit');
}
/**
* Determine whether the user can delete the consumable.
*
* @param \App\User $user
* @param \App\Consumable $consumable
* @return mixed
*/
public function delete(User $user, Consumable $consumable = null)
{
//
return $user->hasAccess('consumables.delete');
}
/**
* Determine whether the user can checkout the consumable.
*
* @param \App\User $user
* @param \App\Accessory $consumable
* @return mixed
*/
public function checkout(User $user, Consumable $consumable = null)
{
return $user->hasAccess('consumables.checkout');
}
/**
* Determine whether the user can checkin the consumable.
*
* @param \App\User $user
* @param \App\Consumable $consumable
* @return mixed
*/
public function checkin(User $user, Consumable $consumable = null)
{
return $user->hasAccess('consumables.checkin');
}
public function index(User $user)
{
return $user->hasAccess('consumables.view');
}
/**
* Determine whether the user can manage the consumable.
*
* @param \App\User $user
* @param \App\Consumable $consumable
* @return mixed
*/
public function manage(User $user, Consumable $consumable = null)
{
return $user->hasAccess('consumables.checkin')
|| $user->hasAccess('consumables.edit')
|| $user->hasAccess('consumables.checkout');
}
}

127
app/Policies/LicensePolicy.php Normal file
View file

@ -0,0 +1,127 @@
<?php
namespace App\Policies;
use App\Models\Company;
use App\Models\License;
use App\Models\LicenseSeat;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class LicensePolicy
{
use HandlesAuthorization;
public function before(User $user, $ability, $license)
{
// Lets move all company related checks here.
if ($license instanceof \App\Models\License && !Company::isCurrentUserHasAccess($license)) {
return false;
}
// If an admin, they can do all asset related tasks.
if ($user->hasAccess('admin')) {
return true;
}
}
/**
* Determine whether the user can view the license.
*
* @param \App\User $user
* @param \App\License $license
* @return mixed
*/
public function view(User $user, License $license = null)
{
//
return $user->hasAccess('licenses.view');
}
/**
* Determine whether the user can create licenses.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
//
return $user->hasAccess('licenses.create');
}
/**
* Determine whether the user can update the license.
*
* @param \App\User $user
* @param \App\License $license
* @return mixed
*/
public function update(User $user, License $license = null)
{
//
return $user->hasAccess('licenses.edit');
}
/**
* Determine whether the user can delete the license.
*
* @param \App\User $user
* @param \App\License $license
* @return mixed
*/
public function delete(User $user, License $license = null)
{
//
return $user->hasAccess('licenses.delete');
}
/**
* Determine whether the user can checkout the license.
*
* @param \App\User $user
* @param \App\Accessory $license
* @return mixed
*/
public function checkout(User $user, LicenseSeat $license = null)
{
return $user->hasAccess('licenses.checkout');
}
/**
* Determine whether the user can checkin the license.
*
* @param \App\User $user
* @param \App\License $license
* @return mixed
*/
public function checkin(User $user, LicenseSeat $license = null)
{
return $user->hasAccess('licenses.checkin');
}
/**
* Determine whether the user can view license keys
*
* @param \App\User $user
* @param \App\License $license
* @return mixed
*/
public function viewKeys(User $user, License $license = null)
{
return $user->hasAccess('licenses.keys');
}
/**
* Determine whether the user can manage the license.
*
* @param \App\User $user
* @param \App\License $license
* @return mixed
*/
public function manage(User $user, License $license = null)
{
return $user->hasAccess('licenses.checkin')
|| $user->hasAccess('licenses.edit')
|| $user->hasAccess('licenses.delete')
|| $user->hasAccess('licenses.checkout');
}
}

90
app/Policies/UserPolicy.php Normal file
View file

@ -0,0 +1,90 @@
<?php
namespace App\Policies;
use App\Models\Company;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Support\Facades\Auth;
class UserPolicy
{
use HandlesAuthorization;
public function before(User $user, $ability, $targetUser)
{
// Lets move all company related checks here.
if ($targetUser instanceof \App\Models\User && !Company::isCurrentUserHasAccess($targetUser)) {
return false;
}
// If an admin, they can do all asset related tasks.
if ($user->hasAccess('admin')) {
return true;
}
}
/**
* Determine whether the user can view the targetUser.
*
* @param \App\User $user
* @param \App\Consumable $targetUser
* @return mixed
*/
public function view(User $user, User $targetUser = null)
{
//
return $user->hasAccess('users.view');
}
/**
* Determine whether the user can create users.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
//
return $user->hasAccess('users.create');
}
/**
* Determine whether the user can update the targetUser.
*
* @param \App\User $user
* @param \App\User $targetUser
* @return mixed
*/
public function update(User $user, User $targetUser = null)
{
//
return $user->hasAccess('users.edit');
}
/**
* Determine whether the user can delete the targetUser.
*
* @param \App\User $user
* @param \App\User $targetUser
* @return mixed
*/
public function delete(User $user, User $targetUser = null)
{
if($targetUser) {
//We can't delete ourselves.
if ($user->id == $targetUser->id) {
return false;
}
if ((!Auth::user()->isSuperUser()) || (config('app.lock_passwords'))) {
return false;
}
}
return $user->hasAccess('users.delete');
}
public function index(User $user)
{
return $user->hasAccess('users.view');
}
}

294
app/Providers/AuthServiceProvider.php
View file

@ -2,9 +2,21 @@
namespace App\Providers;
use Laravel\Passport\Passport;
use Illuminate\Support\Facades\Gate;
use App\Models\Accessory;
use App\Models\Asset;
use App\Models\Component;
use App\Models\Consumable;
use App\Models\License;
use App\Models\User;
use App\Policies\AccessoryPolicy;
use App\Policies\AssetPolicy;
use App\Policies\ComponentPolicy;
use App\Policies\ConsumablePolicy;
use App\Policies\LicensePolicy;
use App\Policies\UserPolicy;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
use Laravel\Passport\Passport;
class AuthServiceProvider extends ServiceProvider
{
@ -14,9 +26,12 @@ class AuthServiceProvider extends ServiceProvider
* @var array
*/
protected $policies = [
//'App\Model' => 'App\Policies\ModelPolicy',
// We should switch to the below
// App\Post::class => PostPolicy::class
Asset::class => AssetPolicy::class,
Accessory::class => AccessoryPolicy::class,
Component::class => ComponentPolicy::class,
Consumable::class => ConsumablePolicy::class,
License::class => LicensePolicy::class,
User::class => UserPolicy::class,
];
/**
@ -28,7 +43,6 @@ class AuthServiceProvider extends ServiceProvider
{
$this->registerPolicies();
Passport::routes();
// --------------------------------
// BEFORE ANYTHING ELSE
// --------------------------------
@ -60,271 +74,6 @@ class AuthServiceProvider extends ServiceProvider
}
});
# -----------------------------------------
# Assets
# -----------------------------------------
Gate::define('assets.view', function ($user) {
if (($user->hasAccess('assets.view')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('assets.view.requestable', function ($user) {
if (($user->hasAccess('assets.view.requestable')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('assets.create', function ($user) {
if (($user->hasAccess('assets.create')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('assets.checkout', function ($user) {
if (($user->hasAccess('assets.checkout')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('assets.checkin', function ($user) {
if (($user->hasAccess('assets.checkin')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('assets.edit', function ($user) {
if (($user->hasAccess('assets.edit')) || ($user->hasAccess('admin'))) {
return true;
}
});
// Checks for some level of management
Gate::define('assets.manage', function ($user) {
if (($user->hasAccess('assets.checkin')) || ($user->hasAccess('assets.edit')) || ($user->hasAccess('assets.delete')) || ($user->hasAccess('assets.checkout')) || ($user->hasAccess('admin'))) {
return true;
}
});
# -----------------------------------------
# Accessories
# -----------------------------------------
Gate::define('accessories.view', function ($user) {
if (($user->hasAccess('accessories.view')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('accessories.create', function ($user) {
if (($user->hasAccess('accessories.create')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('accessories.edit', function ($user) {
if (($user->hasAccess('accessories.edit')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('accessories.delete', function ($user) {
if (($user->hasAccess('accessories.delete')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('accessories.checkout', function ($user) {
if (($user->hasAccess('accessories.checkout')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('accessories.checkin', function ($user) {
if (($user->hasAccess('accessories.checkin')) || ($user->hasAccess('admin'))) {
return true;
}
});
// Checks for some level of management
Gate::define('accessories.manage', function ($user) {
if (($user->hasAccess('accessories.checkin')) || ($user->hasAccess('accessories.edit')) || ($user->hasAccess('accessories.checkout')) || ($user->hasAccess('admin'))) {
return true;
}
});
# -----------------------------------------
# Consumables
# -----------------------------------------
Gate::define('consumables.view', function ($user) {
if (($user->hasAccess('consumables.view')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('consumables.create', function ($user) {
if (($user->hasAccess('consumables.create')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('consumables.edit', function ($user) {
if (($user->hasAccess('consumables.edit')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('consumables.delete', function ($user) {
if (($user->hasAccess('consumables.delete')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('consumables.checkout', function ($user) {
if (($user->hasAccess('consumables.checkout')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('consumables.checkin', function ($user) {
if (($user->hasAccess('consumables.checkin')) || ($user->hasAccess('admin'))) {
return true;
}
});
// Checks for some level of management
Gate::define('consumables.manage', function ($user) {
if (($user->hasAccess('consumables.checkin')) || ($user->hasAccess('consumables.edit')) || ($user->hasAccess('consumables.delete')) || ($user->hasAccess('consumables.checkout')) || ($user->hasAccess('admin'))) {
return true;
}
});
# -----------------------------------------
# Users
# -----------------------------------------
Gate::define('users.view', function ($user) {
if (($user->hasAccess('users.view')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('users.create', function ($user) {
if (($user->hasAccess('users.create')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('users.edit', function ($user) {
if (($user->hasAccess('users.edit')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('users.delete', function ($user) {
if (($user->hasAccess('users.delete')) || ($user->hasAccess('admin'))) {
return true;
}
});
# -----------------------------------------
# Components
# -----------------------------------------
Gate::define('components.view', function ($user) {
if (($user->hasAccess('components.view')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('components.create', function ($user) {
if (($user->hasAccess('components.create')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('components.edit', function ($user) {
if (($user->hasAccess('components.edit')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('components.delete', function ($user) {
if (($user->hasAccess('components.delete')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('components.checkout', function ($user) {
if (($user->hasAccess('components.checkout')) || ($user->hasAccess('admin'))) {
return true;
}
});
// Checks for some level of management
Gate::define('components.manage', function ($user) {
if (($user->hasAccess('components.edit')) || ($user->hasAccess('components.delete')) || ($user->hasAccess('components.checkout')) || ($user->hasAccess('admin'))) {
return true;
}
});
# -----------------------------------------
# Licenses
# -----------------------------------------
Gate::define('licenses.view', function ($user) {
if (($user->hasAccess('licenses.view')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('licenses.create', function ($user) {
if (($user->hasAccess('licenses.create')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('licenses.edit', function ($user) {
if (($user->hasAccess('licenses.edit')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('licenses.delete', function ($user) {
if (($user->hasAccess('licenses.delete')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('licenses.checkout', function ($user) {
if (($user->hasAccess('licenses.checkout')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('licenses.checkin', function ($user) {
if (($user->hasAccess('licenses.checkin')) || ($user->hasAccess('admin'))) {
return true;
}
});
Gate::define('licenses.keys', function ($user) {
if (($user->hasAccess('licenses.keys')) || ($user->hasAccess('admin'))) {
return true;
}
});
// Checks for some level of management
Gate::define('licenses.manage', function ($user) {
if (($user->hasAccess('licenses.checkin')) || ($user->hasAccess('licenses.edit')) || ($user->hasAccess('licenses.delete')) || ($user->hasAccess('licenses.checkout')) || ($user->hasAccess('admin'))) {
return true;
}
});
# -----------------------------------------
# Self
# -----------------------------------------
@ -333,8 +82,5 @@ class AuthServiceProvider extends ServiceProvider
return true;
}
});
}
}

336
database/factories/ModelFactory.php
View file

@ -17,393 +17,379 @@ use App\Models\Manufacturer;
use App\Models\Supplier;
$factory->defineAs(App\Models\Asset::class, 'asset', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->catchPhrase,
'model_id' => $faker->numberBetween(1,5),
'rtd_location_id' => $faker->numberBetween(1,5),
'model_id' => $faker->numberBetween(1, 5),
'rtd_location_id' => $faker->numberBetween(1, 5),
'serial' => $faker->uuid,
'status_id' => 1,
'user_id' => 1,
'asset_tag' => $faker->unixTime('now'),
'notes' => $faker->sentence,
'purchase_date' => $faker->dateTime(),
'purchase_cost' => $faker->randomFloat(2),
'order_number' => $faker->numberBetween(1000000,50000000),
'supplier_id' => $faker->numberBetween(1,5),
'requestable' => $faker->numberBetween(0,1),
'purchase_date' => $faker->dateTime(),
'purchase_cost' => $faker->randomFloat(2),
'order_number' => $faker->numberBetween(1000000, 50000000),
'supplier_id' => $faker->numberBetween(1, 5),
'requestable' => $faker->numberBetween(0, 1),
'company_id' => Company::inRandomOrder()->first()->id,
'requestable' => $faker->boolean()
];
];
});
$factory->defineAs(App\Models\AssetModel::class, 'assetmodel', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->catchPhrase,
'manufacturer_id' => $faker->numberBetween(1,10),
'category_id' => $faker->numberBetween(1,9),
'model_number' => $faker->numberBetween(1000000,50000000),
'manufacturer_id' => $faker->numberBetween(1, 10),
'category_id' => $faker->numberBetween(1, 9),
'model_number' => $faker->numberBetween(1000000, 50000000),
'eol' => 1,
'notes' => $faker->paragraph(),
'requestable' => $faker->boolean(),
];
];
});
$factory->defineAs(App\Models\Location::class, 'location', function (Faker\Generator $faker) {
return [
'name' => $faker->catchPhrase,
'address' => $faker->streetAddress,
'address2' => $faker->secondaryAddress,
'city' => $faker->city,
'state' => $faker->stateAbbr,
'country' => $faker->countryCode,
'currency' => $faker->currencyCode,
'zip' => $faker->postcode
'name' => $faker->catchPhrase,
'address' => $faker->streetAddress,
'address2' => $faker->secondaryAddress,
'city' => $faker->city,
'state' => $faker->stateAbbr,
'country' => $faker->countryCode,
'currency' => $faker->currencyCode,
'zip' => $faker->postcode
];
});
$factory->defineAs(App\Models\Category::class, 'asset-category', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->text(20),
'category_type' => $faker->randomElement($array = array ('asset')),
'eula_text' => $faker->paragraph(),
'require_acceptance' => $faker->boolean(),
'checkin_email' => $faker->boolean()
];
];
});
$factory->defineAs(App\Models\Category::class, 'accessory-category', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->text(20),
'category_type' => $faker->randomElement($array = array ('accessory')),
];
];
});
$factory->defineAs(App\Models\Category::class, 'component-category', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->text(20),
'category_type' => $faker->randomElement($array = array ('component')),
];
];
});
$factory->defineAs(App\Models\Category::class, 'consumable-category', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->text(20),
'category_type' => $faker->randomElement($array = array ('consumable')),
];
];
});
$factory->defineAs(App\Models\Company::class, 'company', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->company,
];
];
});
$factory->defineAs(App\Models\Manufacturer::class, 'manufacturer', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->company,
];
];
});
$factory->defineAs(App\Models\Component::class, 'component', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->text(20),
'category_id' => $faker->numberBetween(21,25),
'category_id' => $faker->numberBetween(21, 25),
'location_id' => Location::inRandomOrder()->first()->id,
'serial' => $faker->uuid,
'qty' => $faker->numberBetween(3, 10),
'order_number' => $faker->numberBetween(1000000,50000000),
'purchase_date' => $faker->dateTime(),
'purchase_cost' => $faker->randomFloat(2),
'order_number' => $faker->numberBetween(1000000, 50000000),
'purchase_date' => $faker->dateTime(),
'purchase_cost' => $faker->randomFloat(2),
'min_amt' => $faker->numberBetween($min = 1, $max = 2),
'company_id' => Company::inRandomOrder()->first()->id
];
];
});
$factory->defineAs(App\Models\Depreciation::class, 'depreciation', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->text(20),
'months' => $faker->numberBetween(1, 10),
];
];
});
$factory->defineAs(App\Models\Accessory::class, 'accessory', function (Faker\Generator $faker) {
return [
return [
'company_id' => Company::inRandomOrder()->first()->id,
'name' => $faker->text(20),
'category_id' => $faker->numberBetween(11,15),
'category_id' => $faker->numberBetween(11, 15),
'manufacturer_id' => Manufacturer::inRandomOrder()->first()->id,
'location_id' => $faker->numberBetween(1,5),
'order_number' => $faker->numberBetween(1000000,50000000),
'purchase_date' => $faker->dateTime(),
'purchase_cost' => $faker->randomFloat(2),
'location_id' => $faker->numberBetween(1, 5),
'order_number' => $faker->numberBetween(1000000, 50000000),
'purchase_date' => $faker->dateTime(),
'purchase_cost' => $faker->randomFloat(2),
'qty' => $faker->numberBetween(5, 10),
'min_amt' => $faker->numberBetween($min = 1, $max = 2),
];
];
});
$factory->defineAs(App\Models\Supplier::class, 'supplier', function (Faker\Generator $faker) {
return [
'name' => $faker->company,
'address' => $faker->streetAddress,
'address2' => $faker->secondaryAddress,
'city' => $faker->city,
'state' => $faker->stateAbbr,
'zip' => $faker->postCode,
'country' => $faker->countryCode,
'contact' => $faker->name,
'phone' => $faker->phoneNumber,
'fax' => $faker->phoneNumber,
'email' => $faker->safeEmail,
'url' => $faker->url,
'notes' => $faker->paragraph
'name' => $faker->company,
'address' => $faker->streetAddress,
'address2' => $faker->secondaryAddress,
'city' => $faker->city,
'state' => $faker->stateAbbr,
'zip' => $faker->postCode,
'country' => $faker->countryCode,
'contact' => $faker->name,
'phone' => $faker->phoneNumber,
'fax' => $faker->phoneNumber,
'email' => $faker->safeEmail,
'url' => $faker->url,
'notes' => $faker->text(255) // Supplier notes can be a max of 255 characters.
];
});
$factory->defineAs(App\Models\Consumable::class, 'consumable', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->text(20),
'company_id' => Company::inRandomOrder()->first()->id,
'category_id' => $faker->numberBetween(16, 20),
'model_number' => $faker->numberBetween(1000000,50000000),
'item_no' => $faker->numberBetween(1000000,50000000),
'order_number' => $faker->numberBetween(1000000,50000000),
'purchase_date' => $faker->dateTime(),
'purchase_cost' => $faker->randomFloat(2),
'model_number' => $faker->numberBetween(1000000, 50000000),
'item_no' => $faker->numberBetween(1000000, 50000000),
'order_number' => $faker->numberBetween(1000000, 50000000),
'purchase_date' => $faker->dateTime(),
'purchase_cost' => $faker->randomFloat(2),
'qty' => $faker->numberBetween(5, 10),
'min_amt' => $faker->numberBetween($min = 1, $max = 2),
];
];
});
$factory->defineAs(App\Models\Statuslabel::class, 'rtd', function (Faker\Generator $faker) {
return [
return [
'name' => 'Ready to Deploy',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
'deleted_at' => NULL,
'deployable' => 1,
'pending' => 0,
'deleted_at' => null,
'deployable' => 1,
'pending' => 0,
'archived' => 0,
'notes' => ''
];
];
});
$factory->defineAs(App\Models\Statuslabel::class, 'pending', function (Faker\Generator $faker) {
return [
return [
'name' => 'Pending',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
'deleted_at' => NULL,
'deployable' => 0,
'pending' => 1,
'deleted_at' => null,
'deployable' => 0,
'pending' => 1,
'archived' => 0,
'notes' => $faker->sentence
];
];
});
$factory->defineAs(App\Models\Statuslabel::class, 'archived', function (Faker\Generator $faker) {
return [
return [
'name' => 'Archived',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
'deleted_at' => NULL,
'deployable' => 0,
'pending' => 0,
'deleted_at' => null,
'deployable' => 0,
'pending' => 0,
'archived' => 1,
'notes' => 'These assets are permanently undeployable'
];
];
});
$factory->defineAs(App\Models\Statuslabel::class, 'out_for_diagnostics', function (Faker\Generator $faker) {
return [
return [
'name' => 'Out for Diagnostics',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
'deleted_at' => NULL,
'deployable' => 0,
'pending' => 0,
'deleted_at' => null,
'deployable' => 0,
'pending' => 0,
'archived' => 0,
'notes' => ''
];
];
});
$factory->defineAs(App\Models\Statuslabel::class, 'out_for_repair', function (Faker\Generator $faker) {
return [
return [
'name' => 'Out for Repair',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
'deleted_at' => NULL,
'deployable' => 0,
'pending' => 0,
'deleted_at' => null,
'deployable' => 0,
'pending' => 0,
'archived' => 0,
'notes' => ''
];
];
});
$factory->defineAs(App\Models\Statuslabel::class, 'broken', function (Faker\Generator $faker) {
return [
return [
'name' => 'Broken - Not Fixable',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
'deleted_at' => NULL,
'deployable' => 0,
'pending' => 0,
'deleted_at' => null,
'deployable' => 0,
'pending' => 0,
'archived' => 1,
'notes' => ''
];
'notes' => ''
];
});
$factory->defineAs(App\Models\Statuslabel::class, 'lost', function (Faker\Generator $faker) {
return [
return [
'name' => 'Lost/Stolen',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
'deleted_at' => NULL,
'deployable' => 0,
'pending' => 0,
'deleted_at' => null,
'deployable' => 0,
'pending' => 0,
'archived' => 1,
'notes' => '',
];
];
});
$factory->defineAs(App\Models\License::class, 'license', function (Faker\Generator $faker) {
return [
'name' => $faker->catchPhrase,
'serial' => $faker->uuid,
'seats' => $faker->numberBetween(1, 10),
'license_email' => $faker->safeEmail,
'license_name' => $faker->name,
'order_number' => $faker->numberBetween(1500, 13250),
'purchase_order' => $faker->numberBetween(1500, 13250),
'purchase_date' => $faker->dateTime(),
'purchase_cost' => $faker->randomFloat(2),
'notes' => $faker->sentence,
'supplier_id' => Supplier::inRandomOrder()->first()->id,
'company_id' => Company::inRandomOrder()->first()->id
'name' => $faker->catchPhrase,
'serial' => $faker->uuid,
'seats' => $faker->numberBetween(1, 10),
'license_email' => $faker->safeEmail,
'license_name' => $faker->name,
'order_number' => $faker->numberBetween(1500, 13250),
'purchase_order' => $faker->numberBetween(1500, 13250),
'purchase_date' => $faker->dateTime(),
'purchase_cost' => $faker->randomFloat(2),
'notes' => $faker->sentence,
'supplier_id' => Supplier::inRandomOrder()->first()->id,
'company_id' => Company::inRandomOrder()->first()->id
];
});
$factory->defineAs(App\Models\LicenseSeat::class, 'license-seat', function (Faker\Generator $faker) {
return [
'license_id' => $faker->numberBetween(1, 10),
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'notes' => $faker->sentence,
'user_id' => '1',
];
return [
'license_id' => $faker->numberBetween(1, 10),
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'notes' => $faker->sentence,
'user_id' => '1',
];
});
$factory->defineAs(App\Models\Actionlog::class, 'asset-checkout', function (Faker\Generator $faker) {
$company = Company::has('users')->has('assets')->inRandomOrder()->first();
return [
'user_id' => $company->users()->inRandomOrder()->first()->id,
'action_type' => 'checkout',
'item_id' => $company->assets()->inRandomOrder()->first()->id,
$company = Company::has('users')->has('assets')->inRandomOrder()->first();
return [
'user_id' => $company->users()->inRandomOrder()->first()->id,
'action_type' => 'checkout',
'item_id' => $company->assets()->inRandomOrder()->first()->id,
'target_id' => $company->users()->inRandomOrder()->first()->id,
'target_type' => 'App\\Models\\User',
'created_at' => $faker->dateTime(),
'item_type' => 'App\\Models\\Asset',
'note' => $faker->sentence,
'note' => $faker->sentence,
'company_id' => $company->id
];
];
});
$factory->defineAs(App\Models\Actionlog::class, 'license-checkout-asset', function (Faker\Generator $faker) {
$company = Company::has('users')->has('licenses')->inRandomOrder()->first();
$company = Company::has('users')->has('licenses')->inRandomOrder()->first();
return [
'user_id' => $company->users()->inRandomOrder()->first()->id,
'action_type' => 'checkout',
'item_id' => $company->licenses()->whereNotNull('company_id')->inRandomOrder()->first()->id,
return [
'user_id' => $company->users()->inRandomOrder()->first()->id,
'action_type' => 'checkout',
'item_id' => $company->licenses()->whereNotNull('company_id')->inRandomOrder()->first()->id,
'target_id' => $company->assets()->inRandomOrder()->first()->id,
'target_type' => 'App\\Models\\Asset',
'created_at' => $faker->dateTime(),
'item_type' => 'App\\Models\\License',
'note' => $faker->sentence,
'note' => $faker->sentence,
'company_id' => $company->id
];
];
});
$factory->defineAs(App\Models\Actionlog::class, 'accessory-checkout', function (Faker\Generator $faker) {
$company = Company::has('users')->has('accessories')->inRandomOrder()->first();
return [
'user_id' => $company->users()->inRandomOrder()->first()->id,
'action_type' => 'checkout',
'item_id' => $company->accessories()->whereNotNull('company_id')->inRandomOrder()->first()->id,
return [
'user_id' => $company->users()->inRandomOrder()->first()->id,
'action_type' => 'checkout',
'item_id' => $company->accessories()->whereNotNull('company_id')->inRandomOrder()->first()->id,
'target_id' => $company->users()->inRandomOrder()->first()->id,
'target_type' => 'App\\Models\\User',
'created_at' => $faker->dateTime(),
'item_type' => 'App\\Models\\Accessory',
'note' => $faker->sentence,
'note' => $faker->sentence,
'company_id' => $company->id
];
];
});
$factory->defineAs(App\Models\Actionlog::class, 'consumable-checkout', function (Faker\Generator $faker) {
$company = Company::has('users')->has('consumables')->inRandomOrder()->first();
return [
'user_id' => $company->users()->inRandomOrder()->first()->id,
'action_type' => 'checkout',
'item_id' => $company->consumables()->whereNotNull('company_id')->inRandomOrder()->first()->id,
return [
'user_id' => $company->users()->inRandomOrder()->first()->id,
'action_type' => 'checkout',
'item_id' => $company->consumables()->whereNotNull('company_id')->inRandomOrder()->first()->id,
'target_id' => $company->users()->inRandomOrder()->first()->id,
'target_type' => 'App\\Models\\User',
'created_at' => $faker->dateTime(),
'item_type' => 'App\\Models\\Consumable',
'note' => $faker->sentence,
'note' => $faker->sentence,
'company_id' => $company->id
];
];
});
$factory->defineAs(App\Models\Actionlog::class, 'component-checkout', function (Faker\Generator $faker) {
$company = Company::has('users')->has('components')->inRandomOrder()->first();
$company = Company::has('users')->has('components')->inRandomOrder()->first();
return [
'user_id' => $company->users()->inRandomOrder()->first()->id,
'action_type' => 'checkout',
'item_id' => $company->components()->whereNotNull('company_id')->inRandomOrder()->first()->id,
return [
'user_id' => $company->users()->inRandomOrder()->first()->id,
'action_type' => 'checkout',
'item_id' => $company->components()->whereNotNull('company_id')->inRandomOrder()->first()->id,
'target_id' => $company->users()->inRandomOrder()->first()->id,
'target_type' => 'App\\Models\\User',
'created_at' => $faker->dateTime(),
'item_type' => 'App\\Models\\Component',
'note' => $faker->sentence,
'note' => $faker->sentence,
'company_id' => $company->id
];
];
});
$factory->defineAs(App\Models\CustomField::class, 'customfield-ip', function (Faker\Generator $faker) {
return [
return [
'name' => $faker->catchPhrase,
'format' => 'IP',
'element' => 'text',
];
});
$factory->defineAs(App\Models\User::class, 'valid-user', function (Faker\Generator $faker) {
return [
'first_name' => $faker->firstName,
'last_name' => $faker->lastName,
'username' => $faker->username,
'password' => $faker->password,
'email' => $faker->safeEmail,
'company_id' => Company::inRandomOrder()->first()->id,
'locale' => $faker->locale,
'employee_num' => $faker->numberBetween(3500, 35050),
'jobtitle' => $faker->word,
'phone' => $faker->phoneNumber,
'notes' => $faker->sentence
];
});

249
database/factories/UserFactory.php Normal file
View file

@ -0,0 +1,249 @@
<?php
use App\Models\Company;
$factory->defineAs(App\Models\User::class, 'valid-user', function (Faker\Generator $faker) {
return [
'first_name' => $faker->firstName,
'last_name' => $faker->lastName,
'username' => $faker->username,
'password' => $faker->password,
'permissions' => '{"user":"0"}',
'email' => $faker->safeEmail,
'company_id' => function () {
return factory(App\Models\Company::class, 'company')->create()->id;
},
'locale' => $faker->locale,
'employee_num' => $faker->numberBetween(3500, 35050),
'jobtitle' => $faker->word,
'phone' => $faker->phoneNumber,
'notes' => $faker->sentence
];
});
// USER GLOBAL PERMISSION STATES
$factory->state(App\Models\User::class, 'superuser', function ($faker) {
return [
'permissions' => '{"superuser":"1"}',
];
});
$factory->state(App\Models\User::class, 'admin', function ($faker) {
return [
'permissions' => '{"admin":"1"}',
];
});
// USER ASSET PERMISSION STATES
$factory->state(App\Models\User::class, 'view-assets', function ($faker) {
return [
'permissions' => '{"assets.view":"1"}',
];
});
$factory->state(App\Models\User::class, 'create-assets', function ($faker) {
return [
'permissions' => '{"assets.create":"1"}',
];
});
$factory->state(App\Models\User::class, 'edit-assets', function ($faker) {
return [
'permissions' => '{"assets.edit":"1"}',
];
});
$factory->state(App\Models\User::class, 'delete-assets', function ($faker) {
return [
'permissions' => '{"assets.delete":"1",}',
];
});
$factory->state(App\Models\User::class, 'checkin-assets', function ($faker) {
return [
'permissions' => '{"assets.checkin":"1"}',
];
});
$factory->state(App\Models\User::class, 'checkout-assets', function ($faker) {
return [
'permissions' => '{"assets.checkout":"1"}',
];
});
$factory->state(App\Models\User::class, 'view-requestable-assets', function ($faker) {
return [
'permissions' => '{"assets.view.requestable":"1"}',
];
});
// USER ACCESSORY PERMISSION STATES
$factory->state(App\Models\User::class, 'view-accessories', function ($faker) {
return [
'permissions' => '{"accessories.view":"1"}',
];
});
$factory->state(App\Models\User::class, 'create-accessories', function ($faker) {
return [
'permissions' => '{"accessories.create":"1"}',
];
});
$factory->state(App\Models\User::class, 'edit-accessories', function ($faker) {
return [
'permissions' => '{"accessories.edit":"1"}',
];
});
$factory->state(App\Models\User::class, 'delete-accessories', function ($faker) {
return [
'permissions' => '{"accessories.delete":"1",}',
];
});
$factory->state(App\Models\User::class, 'checkin-accessories', function ($faker) {
return [
'permissions' => '{"accessories.checkin":"1"}',
];
});
$factory->state(App\Models\User::class, 'checkout-accessories', function ($faker) {
return [
'permissions' => '{"accessories.checkout":"1"}',
];
});
// USER CONSUMABLE PERMISSION STATES
$factory->state(App\Models\User::class, 'view-consumables', function ($faker) {
return [
'permissions' => '{"consumables.view":"1"}',
];
});
$factory->state(App\Models\User::class, 'create-consumables', function ($faker) {
return [
'permissions' => '{"consumables.create":"1"}',
];
});
$factory->state(App\Models\User::class, 'edit-consumables', function ($faker) {
return [
'permissions' => '{"consumables.edit":"1"}',
];
});
$factory->state(App\Models\User::class, 'delete-consumables', function ($faker) {
return [
'permissions' => '{"consumables.delete":"1",}',
];
});
$factory->state(App\Models\User::class, 'checkin-consumables', function ($faker) {
return [
'permissions' => '{"consumables.checkin":"1"}',
];
});
$factory->state(App\Models\User::class, 'checkout-consumables', function ($faker) {
return [
'permissions' => '{"consumables.checkout":"1"}',
];
});
// USER LICENSE PERMISSION STATES
$factory->state(App\Models\User::class, 'view-licenses', function ($faker) {
return [
'permissions' => '{"licenses.view":"1"}',
];
});
$factory->state(App\Models\User::class, 'create-licenses', function ($faker) {
return [
'permissions' => '{"licenses.create":"1"}',
];
});
$factory->state(App\Models\User::class, 'edit-licenses', function ($faker) {
return [
'permissions' => '{"licenses.edit":"1"}',
];
});
$factory->state(App\Models\User::class, 'delete-licenses', function ($faker) {
return [
'permissions' => '{"licenses.delete":"1",}',
];
});
$factory->state(App\Models\User::class, 'checkout-licenses', function ($faker) {
return [
'permissions' => '{"licenses.checkout":"1"}',
];
});
$factory->state(App\Models\User::class, 'view-keys-licenses', function ($faker) {
return [
'permissions' => '{"licenses.keys":"1"}',
];
});
// USER COMPONENTS PERMISSION STATES
$factory->state(App\Models\User::class, 'view-components', function ($faker) {
return [
'permissions' => '{"components.view":"1"}',
];
});
$factory->state(App\Models\User::class, 'create-components', function ($faker) {
return [
'permissions' => '{"components.create":"1"}',
];
});
$factory->state(App\Models\User::class, 'edit-components', function ($faker) {
return [
'permissions' => '{"components.edit":"1"}',
];
});
$factory->state(App\Models\User::class, 'delete-components', function ($faker) {
return [
'permissions' => '{"components.delete":"1",}',
];
});
$factory->state(App\Models\User::class, 'checkin-components', function ($faker) {
return [
'permissions' => '{"components.checkin":"1"}',
];
});
$factory->state(App\Models\User::class, 'checkout-components', function ($faker) {
return [
'permissions' => '{"components.checkout":"1"}',
];
});
// USER USER PERMISSION STATES
$factory->state(App\Models\User::class, 'view-users', function ($faker) {
return [
'permissions' => '{"users.view":"1"}',
];
});
$factory->state(App\Models\User::class, 'create-users', function ($faker) {
return [
'permissions' => '{"users.create":"1"}',
];
});
$factory->state(App\Models\User::class, 'edit-users', function ($faker) {
return [
'permissions' => '{"users.edit":"1"}',
];
});
$factory->state(App\Models\User::class, 'delete-users', function ($faker) {
return [
'permissions' => '{"users.delete":"1",}',
];
});

34
database/migrations/2016_12_19_004212_adjust_locale_length_to_10.php Normal file
View file

@ -0,0 +1,34 @@
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class AdjustLocaleLengthTo10 extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('users', function (Blueprint $table) {
//
$table->string('locale', 10)->nullable()->default(config('app.locale'))->change();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('users', function (Blueprint $table) {
//
$table->string('locale', 5)->nullable()->default(config('app.locale'))->change();
});
}
}

2
resources/views/accessories/index.blade.php
View file

@ -7,7 +7,7 @@
@stop
@section('header_right')
@can('accessories.create')
@can('create', \App\Models\Accessory::class)
<a href="{{ route('accessories.create') }}" class="btn btn-primary pull-right"> {{ trans('general.create') }}</a>
@endcan
@stop

10
resources/views/accessories/view.blade.php
View file

@ -14,22 +14,22 @@
{{-- Right header --}}
@section('header_right')
@can('accessories.manage')
@can('manage', \App\Models\Accessory::class)
<div class="dropdown pull-right">
<button class="btn btn-default dropdown-toggle" data-toggle="dropdown">{{ trans('button.actions') }}
<span class="caret"></span>
</button>
<ul class="dropdown-menu pull-right" role="menu" aria-labelledby="dropdownMenu1">
@if ($accessory->assigned_to != '')
@can('accessories.checkin')
@can('checkin', \App\Models\Accessory::class)
<li role="presentation"><a href="{{ route('checkin/accessory', $accessory->id) }}">{{ trans('admin/accessories/general.checkin') }}</a></li>
@endcan
@else
@can('accessories.checkout')
@can('checkout', \App\Models\Accessory::class)
<li role="presentation"><a href="{{ route('checkout/accessory', $accessory->id) }}">{{ trans('admin/accessories/general.checkout') }}</a></li>
@endcan
@endif
@can('accessories.edit')
@can('update', \App\Models\Accessory::class)
<li role="presentation"><a href="{{ route('accessories.edit', $accessory->id) }}">{{ trans('admin/accessories/general.edit') }}</a></li>
@endcan
@ -76,7 +76,7 @@
<h4>{{ trans('admin/accessories/general.about_accessories_title') }}</h4>
<p>{{ trans('admin/accessories/general.about_accessories_text') }} </p>
<div class="text-center">
@can('accessories.checkout')
@can('checkout', \App\Models\Accessory::class)
<a href="{{ route('checkout/accessory', $accessory->id) }}" style="margin-right:5px;" class="btn btn-info btn-sm" {{ (($accessory->numRemaining() > 0 ) ? '' : ' disabled') }}>{{ trans('general.checkout') }}</a>
@endcan
</div>

2
resources/views/account/view-assets.blade.php
View file

@ -102,7 +102,7 @@ View Assets for {{ $user->fullName() }}
<td>{{ $license->name }}</td>
<td>
@can('licenses.keys')
@can('viewKeys', $license)
{{ mb_strimwidth($license->serial, 0, 50, "...") }}
@else

6
resources/views/asset_maintenances/index.blade.php
View file

@ -8,8 +8,8 @@
@section('header_right')
@can('assets.edit')
<a href="{{ route('maintenances.create') }}" class="btn btn-primary pull-right"> {{ trans('general.create') }}</a>
@can('update', \App\Models\Asset::class)
<a href="{{ route('maintenances.create') }}" class="btn btn-primary pull-right"> {{ trans('general.create') }}</a>
@endcan
@stop
@ -47,7 +47,7 @@
<th data-searchable="true" data-sortable="true" data-field="cost" class="text-right">{{ trans('admin/asset_maintenances/form.cost') }}</th>
<th data-searchable="true" data-sortable="true" data-field="user_id">{{ trans('general.admin') }}</th>
<th data-searchable="true" data-sortable="true" data-field="notes" data-visible="false">{{ trans('admin/asset_maintenances/form.notes') }}</th>
@can('assets.edit')
@can('update', \App\Models\Asset::class)
<th data-switchable="false" data-searchable="false" data-sortable="false" data-field="actions">{{ trans('table.actions') }}</th>
@endcan
</tr>

2
resources/views/asset_maintenances/view.blade.php
View file

@ -25,7 +25,7 @@ use Carbon\Carbon;
<span class="caret"></span>
</button>
<ul class="dropdown-menu pull-right" role="menu" aria-labelledby="dropdownMenu1">
<li role="presentation"><a href="{{ route('update/asset_maintenance', $assetMaintenance->id) }}">{{ trans('admin/asset_maintenances/general.edit') }}</a></li>
<li role="presentation"><a href="{{ route('maintenances.update', $assetMaintenance->id) }}">{{ trans('admin/asset_maintenances/general.edit') }}</a></li>
</ul>
</div>
</div>

2
resources/views/components/index.blade.php
View file

@ -7,7 +7,7 @@
@stop
@section('header_right')
@can('components.create')
@can('create', \App\Models\Component::class)
<a href="{{ route('components.create') }}" class="btn btn-primary pull-right"> {{ trans('general.create') }}</a>
@endcan
@stop

40
resources/views/components/view.blade.php
View file

@ -10,27 +10,27 @@
{{-- Right header --}}
@section('header_right')
@can('components.manage')
<div class="dropdown pull-right">
<button class="btn btn-default dropdown-toggle" data-toggle="dropdown">{{ trans('button.actions') }}
<span class="caret"></span>
</button>
<ul class="dropdown-menu pull-right" role="menu" aria-labelledby="dropdownMenu1">
@if ($component->assigned_to != '')
@can('components.checkin')
<li role="presentation"><a href="{{ route('checkin/component', $component->id) }}">{{ trans('admin/components/general.checkin') }}</a></li>
@endcan
@else
@can('components.checkout')
<li role="presentation"><a href="{{ route('checkout/component', $component->id) }}">{{ trans('admin/components/general.checkout') }}</a></li>
@endcan
@endif
@can('components.edit')
<li role="presentation"><a href="{{ route('components.edit', $component->id) }}">{{ trans('admin/components/general.edit') }}</a></li>
@endcan
@can('manage', $component)
<div class="dropdown pull-right">
<button class="btn btn-default dropdown-toggle" data-toggle="dropdown">{{ trans('button.actions') }}
<span class="caret"></span>
</button>
<ul class="dropdown-menu pull-right" role="menu" aria-labelledby="dropdownMenu1">
@if ($component->assigned_to != '')
@can('checkin', $component)
<li role="presentation"><a href="{{ route('checkin/component', $component->id) }}">{{ trans('admin/components/general.checkin') }}</a></li>
@endcan
@else
@can('checkout', $component)
<li role="presentation"><a href="{{ route('checkout/component', $component->id) }}">{{ trans('admin/components/general.checkout') }}</a></li>
@endcan
@endif
@can('update', $component)
<li role="presentation"><a href="{{ route('components.edit', $component->id) }}">{{ trans('admin/components/general.edit') }}</a></li>
@endcan
</ul>
</div>
</ul>
</div>
@endcan
@stop

2
resources/views/consumables/index.blade.php
View file

@ -7,7 +7,7 @@
@stop
@section('header_right')
@can('consumables.create')
@can('create', \App\Models\Consumable::class)
<a href="{{ route('consumables.create') }}" class="btn btn-primary pull-right"> {{ trans('general.create') }}</a>
@endcan
@stop

8
resources/views/dashboard.blade.php
View file

@ -24,7 +24,7 @@
<div class="icon">
<i class="fa fa-barcode"></i>
</div>
@can('assets.view')
@can('index', \App\Models\Asset::class)
<a href="{{ route('hardware.index') }}" class="small-box-footer">{{ trans('general.moreinfo') }} <i class="fa fa-arrow-circle-right"></i></a>
@endcan
</div>
@ -40,7 +40,7 @@
<div class="icon">
<i class="fa fa-floppy-o"></i>
</div>
@can('licenses.view')
@can('view', \App\Models\License::class)
<a href="{{ route('licenses.index') }}" class="small-box-footer">{{ trans('general.moreinfo') }} <i class="fa fa-arrow-circle-right"></i></a>
@endcan
</div>
@ -56,7 +56,7 @@
<div class="icon">
<i class="fa fa-keyboard-o"></i>
</div>
@can('accessories.view')
@can('index', \App\Models\Accessory::class)
<a href="{{ route('accessories.index') }}" class="small-box-footer">{{ trans('general.moreinfo') }} <i class="fa fa-arrow-circle-right"></i></a>
@endcan
</div>
@ -72,7 +72,7 @@
<div class="icon">
<i class="fa fa-tint"></i>
</div>
@can('consumables.view')
@can('index', \App\Models\Consumable::class)
<a href="{{ route('consumables.index') }}" class="small-box-footer">{{ trans('general.moreinfo') }} <i class="fa fa-arrow-circle-right"></i></a>
@endcan
</div>

102
resources/views/hardware/view.blade.php
View file

@ -11,23 +11,23 @@
{{-- Right header --}}
@section('header_right')
@can('assets.manage')
<div class="dropdown pull-right">
<button class="btn btn-default dropdown-toggle" data-toggle="dropdown">{{ trans('button.actions') }}
<span class="caret"></span>
</button>
<ul class="dropdown-menu pull-right" role="menu" aria-labelledby="dropdownMenu1">
@if ($asset->assetstatus->deployable=='1')
@if ($asset->assigned_to != '')
<li role="presentation"><a href="{{ route('checkin/hardware', $asset->id) }}">{{ trans('admin/hardware/general.checkin') }}</a></li>
@else
<li role="presentation"><a href="{{ route('checkout/hardware', $asset->id) }}">{{ trans('admin/hardware/general.checkout') }}</a></li>
@endif
@endif
<li role="presentation"><a href="{{ route('hardware.edit', $asset->id) }}">{{ trans('admin/hardware/general.edit') }}</a></li>
<li role="presentation"><a href="{{ route('clone/hardware', $asset->id) }}">{{ trans('admin/hardware/general.clone') }}</a></li>
</ul>
</div>
@can('manage', \App\Models\Asset::class)
<div class="dropdown pull-right">
<button class="btn btn-default dropdown-toggle" data-toggle="dropdown">{{ trans('button.actions') }}
<span class="caret"></span>
</button>
<ul class="dropdown-menu pull-right" role="menu" aria-labelledby="dropdownMenu1">
@if ($asset->assetstatus->deployable=='1')
@if ($asset->assigned_to != '')
<li role="presentation"><a href="{{ route('checkin/hardware', $asset->id) }}">{{ trans('admin/hardware/general.checkin') }}</a></li>
@else
<li role="presentation"><a href="{{ route('checkout/hardware', $asset->id) }}">{{ trans('admin/hardware/general.checkout') }}</a></li>
@endif
@endif
<li role="presentation"><a href="{{ route('hardware.edit', $asset->id) }}">{{ trans('admin/hardware/general.edit') }}</a></li>
<li role="presentation"><a href="{{ route('clone/hardware', $asset->id) }}">{{ trans('admin/hardware/general.clone') }}</a></li>
</ul>
</div>
@endcan
@stop
@ -496,10 +496,10 @@
<div class="tab-pane fade" id="maintenances">
<div class="row">
<div class="col-md-12">
@can('assets.edit')
<h6>{{ trans('general.asset_maintenances') }}
[ <a href="{{ route('maintenances.create', $asset->id) }}">{{ trans('button.add') }}</a> ]
</h6>
@can('update', \App\Models\Asset::class)
<h6>{{ trans('general.asset_maintenances') }}
[ <a href="{{ route('maintenances.edit', ['asset_id'=>$asset->id]) }}">{{ trans('button.add') }}</a> ]
</h6>
@endcan
<!-- Asset Maintenance table -->
@ -516,7 +516,7 @@
<th>{{ trans('admin/asset_maintenances/table.is_warranty') }}</th>
<th>{{ trans('admin/asset_maintenances/form.cost') }}</th>
<th>{{ trans('general.admin') }}</th>
@can('assets.edit')
@can('update', \App\Models\Asset::class)
<th>{{ trans('table.actions') }}</th>
@endcan
</tr>
@ -537,14 +537,14 @@
<td class="text-right"><nobr>{{ $use_currency.$assetMaintenance->cost }}</nobr></td>
<td>
@if ($assetMaintenance->admin)
<a href="{{ url('/') }}/admin/users/{{ $assetMaintenance->admin->id }}/view">{{ $assetMaintenance->admin->fullName() }}</a>
<a href="{{ route('users.show', $assetMaintenance->admin->id) }}">{{ $assetMaintenance->admin->fullName() }}</a>
@endif
</td>
<?php $totalCost += $assetMaintenance->cost; ?>
@can('assets.edit')
<td>
<a href="{{ route('update/asset_maintenance', $assetMaintenance->id) }}" class="btn btn-warning btn-sm"><i class="fa fa-pencil icon-white"></i></a>
</td>
@can('update', \App\Models\Asset::class)
<td>
<a href="{{ route('maintenances.edit', $assetMaintenance->id) }}" class="btn btn-warning btn-sm"><i class="fa fa-pencil icon-white"></i></a>
</td>
@endcan
</tr>
@endif
@ -671,31 +671,31 @@
<div class="tab-pane fade" id="files">
<div class="row">
@can('assets.edit')
{{ Form::open([
'method' => 'POST',
'route' => ['upload/asset', $asset->id],
'files' => true, 'class' => 'form-horizontal' ]) }}
@can('update', \App\Models\Asset::class)
{{ Form::open([
'method' => 'POST',
'route' => ['upload/asset', $asset->id],
'files' => true, 'class' => 'form-horizontal' ]) }}
<div class="col-md-2">
<span class="btn btn-default btn-file">Browse for file...
{{ Form::file('assetfile[]', ['multiple' => 'multiple']) }}
</span>
</div>
<div class="col-md-7">
{{ Form::text('notes', Input::old('notes', Input::old('notes')), array('class' => 'form-control','placeholder' => 'Notes')) }}
</div>
<div class="col-md-3">
<button type="submit" class="btn btn-primary">{{ trans('button.upload') }}</button>
</div>
<div class="col-md-2">
<span class="btn btn-default btn-file">Browse for file...
{{ Form::file('assetfile[]', ['multiple' => 'multiple']) }}
</span>
</div>
<div class="col-md-7">
{{ Form::text('notes', Input::old('notes', Input::old('notes')), array('class' => 'form-control','placeholder' => 'Notes')) }}
</div>
<div class="col-md-3">
<button type="submit" class="btn btn-primary">{{ trans('button.upload') }}</button>
</div>
<div class="col-md-12">
<p>{{ trans('admin/hardware/general.filetype_info') }}</p>
<hr>
</div>
<div class="col-md-12">
<p>{{ trans('admin/hardware/general.filetype_info') }}</p>
<hr>
</div>
{{ Form::close() }}
@endcan
{{ Form::close() }}
@endcan
<div class="col-md-12">
@ -732,8 +732,8 @@
@endif
</td>
<td>
@can('assets.edit')
<a class="btn delete-asset btn-danger btn-sm" href="{{ route('delete/assetfile', [$asset->id, $file->id]) }}"><i class="fa fa-trash icon-white"></i></a>
@can('update', \App\Models\Asset::class)
<a class="btn delete-asset btn-danger btn-sm" href="{{ route('delete/assetfile', [$asset->id, $file->id]) }}"><i class="fa fa-trash icon-white"></i></a>
@endcan
</td>
</tr>

42
resources/views/layouts/default.blade.php
View file

@ -128,35 +128,35 @@
<!-- Navbar Right Menu -->
<div class="navbar-custom-menu">
<ul class="nav navbar-nav">
@can('assets.view')
@can('index', \App\Models\Asset::class)
<li {!! (Request::is('hardware*') ? ' class="active"' : '') !!}>
<a href="{{ url('hardware') }}">
<i class="fa fa-barcode"></i>
</a>
</li>
@endcan
@can('licenses.view')
@can('view', \App\Models\License::class)
<li {!! (Request::is('licenses*') ? ' class="active"' : '') !!}>
<a href="{{ route('licenses.index') }}">
<i class="fa fa-floppy-o"></i>
</a>
</li>
@endcan
@can('accessories.view')
@can('index', \App\Models\Accessory::class)
<li {!! (Request::is('accessories*') ? ' class="active"' : '') !!}>
<a href="{{ route('accessories.index') }}">
<i class="fa fa-keyboard-o"></i>
</a>
</li>
@endcan
@can('consumables.view')
@can('index', \App\Models\Consumable::class)
<li {!! (Request::is('consunmables*') ? ' class="active"' : '') !!}>
<a href="{{ url('consumables') }}">
<i class="fa fa-tint"></i>
</a>
</li>
@endcan
@can('components.view')
@can('view', \App\Models\Component::class)
<li {!! (Request::is('components*') ? ' class="active"' : '') !!}>
<a href="{{ route('components.index') }}">
<i class="fa fa-hdd-o"></i>
@ -164,7 +164,7 @@
</li>
@endcan
@can('assets.view')
@can('index', \App\Models\Asset::class)
<form class="navbar-form navbar-left form-horizontal" role="search" action="{{ route('findbytag/hardware') }}" method="get">
<div class="col-xs-12 col-md-12">
<div class="col-xs-12 form-group">
@ -186,42 +186,42 @@
<b class="caret"></b>
</a>
<ul class="dropdown-menu">
@can('assets.create')
@can('create', \App\Models\Asset::class)
<li {!! (Request::is('hardware/create') ? 'class="active>"' : '') !!}>
<a href="{{ route('hardware.create') }}">
<i class="fa fa-barcode fa-fw"></i>
@lang('general.asset')</a>
</li>
@endcan
@can('licenses.create')
@can('create', \App\Models\License::class)
<li {!! (Request::is('licenses/create') ? 'class="active"' : '') !!}>
<a href="{{ route('licenses.create') }}">
<i class="fa fa-floppy-o fa-fw"></i>
@lang('general.license')</a>
</li>
@endcan
@can('accessories.create')
@can('create', \App\Models\Accessory::class)
<li {!! (Request::is('accessories/create') ? 'class="active"' : '') !!}>
<a href="{{ route('accessories.create') }}">
<i class="fa fa-keyboard-o fa-fw"></i>
@lang('general.accessory')</a>
</li>
@endcan
@can('consumables.create')
@can('create', \App\Models\Consumable::class)
<li {!! (Request::is('consunmables/create') ? 'class="active"' : '') !!}>
<a href="{{ route('consumables.create') }}">
<i class="fa fa-tint fa-fw"></i>
@lang('general.consumable')</a>
</li>
@endcan
@can('users.create')
@can('create', \App\Models\User::class)
<li {!! (Request::is('users/create') ? 'class="active"' : '') !!}>
<a href="{{ route('users.create') }}">
<i class="fa fa-user fa-fw"></i>
@lang('general.user')</a>
</li>
@endcan
@can('components.create')
@can('create', \App\Models\Component::class)
<li {!! (Request::is('components/create') ? 'class="active"' : '') !!}>
<a href="{{ route('components.create') }}">
<i class="fa fa-hdd-o"></i>
@ -403,7 +403,7 @@
</a>
</li>
@endcan
@can('assets.view')
@can('index', \App\Models\Asset::class)
<li class="treeview{{ (Request::is('hardware*') ? ' active' : '') }}">
<a href="#"><i class="fa fa-barcode"></i>
<span>{{ trans('general.assets') }}</span>
@ -437,7 +437,7 @@
<li{!! (Request::query('status') == 'Requestable' ? ' class="active"' : '') !!}><a href="{{ url('hardware?status=Requestable') }}">@lang('admin/hardware/general.requestable')</a></li>
<li class="divider">&nbsp;</li>
@can('assets.checkout')
@can('checkout', \App\Models\Asset::class)
<li{!! (Request::is('hardware/bulkcheckout') ? ' class="active>"' : '') !!}>
<a href="{{ route('hardware/bulkcheckout') }}">
{{ trans('general.bulk_checkout') }}</a>
@ -448,7 +448,7 @@
<li{!! (Request::is('hardware/models*') ? ' class="active"' : '') !!}><a href="{{ route('models.index') }}">@lang('general.asset_models')</a></li>
<li><a href="{{ url('admin/settings/categories') }}" {!! (Request::is('settings/categories*') ? ' class="active"' : '') !!} >@lang('general.categories')</a></li>
@endcan
@can('assets.create')
@can('create', \App\Models\Asset::class)
<li{!! (Request::query('Deleted') ? ' class="active"' : '') !!}><a href="{{ url('hardware?status=Deleted') }}">@lang('general.deleted')</a></li>
<li><a href="{{ route('maintenances.index') }}">@lang('general.asset_maintenances') </a></li>
<li><a href="{{ url('hardware/import') }}">@lang('general.import') </a></li>
@ -457,7 +457,7 @@
</ul>
</li>
@endcan
@can('licenses.view')
@can('view', \App\Models\License::class)
<li{!! (Request::is('licenses*') ? ' class="active"' : '') !!}>
<a href="{{ route('licenses.index') }}">
<i class="fa fa-floppy-o"></i>
@ -465,7 +465,7 @@
</a>
</li>
@endcan
@can('accessories.view')
@can('index', \App\Models\Accessory::class)
<li{!! (Request::is('accessories*') ? ' class="active"' : '') !!}>
<a href="{{ route('accessories.index') }}">
<i class="fa fa-keyboard-o"></i>
@ -473,7 +473,7 @@
</a>
</li>
@endcan
@can('consumables.view')
@can('index', \App\Models\Consumable::class)
<li{!! (Request::is('consunmables*') ? ' class="active"' : '') !!}>
<a href="{{ url('consumables') }}">
<i class="fa fa-tint"></i>
@ -481,7 +481,7 @@
</a>
</li>
@endcan
@can('components.view')
@can('view', \App\Models\Components::class)
<li{!! (Request::is('components*') ? ' class="active"' : '') !!}>
<a href="{{ route('components.index') }}">
<i class="fa fa-hdd-o"></i>
@ -489,7 +489,7 @@
</a>
</li>
@endcan
@can('users.view')
@can('view', \App\Models\User::class)
<li{!! (Request::is('users*') ? ' class="active"' : '') !!}>
<a href="{{ route('users.index') }}">
<i class="fa fa-users"></i>
@ -518,7 +518,7 @@
</ul>
</li>
@endcan
@can('assets.view.requestable')
@can('viewRequestable', \App\Models\Asset::class)
<li{!! (Request::is('account/requestable-assets') ? ' class="active"' : '') !!}>
<a href="{{ route('requestable-assets') }}">
<i class="fa fa-laptop"></i>

2
resources/views/licenses/index.blade.php
View file

@ -8,7 +8,7 @@
@section('header_right')
@can('licenses.create')
@can('create', \App\Models\License::class)
<a href="{{ route('licenses.create') }}" class="btn btn-primary pull-right">
{{ trans('general.create') }}
</a>

8
resources/views/licenses/view.blade.php
View file

@ -10,7 +10,7 @@
{{-- Right header --}}
@section('header_right')
<div class="btn-group pull-right">
@can('licenses.edit')
@can('update', $license)
<button class="btn btn-default dropdown-toggle" data-toggle="dropdown">{{ trans('button.actions') }}
<span class="caret"></span>
</button>
@ -88,7 +88,7 @@
</td>
<td>
@if ($licensedto->asset_id)
@can('assets.view')
@can('view', $licensedto->asset)
<a href="{{ route('hardware.show', $licensedto->asset_id) }}">
{{ $licensedto->asset->name }} {{ $licensedto->asset->asset_tag }}
</a>
@ -99,7 +99,7 @@
@endif
</td>
<td>
@can('licenses.checkout')
@can('checkout', $licensedto)
@if (($licensedto->assigned_to) || ($licensedto->asset_id))
@if ($license->reassignable)
@ -144,7 +144,7 @@
</tr>
@endif
@can('licenses.keys')
@can('viewKeys', $license)
@if (!is_null($license->serial))
<tr>
<td>{{ trans('admin/licenses/form.license_key') }}</td>

3
resources/views/manufacturers/index.blade.php
View file

@ -34,6 +34,9 @@
<th data-sortable="true" data-field="id" data-visible="false">{{ trans('general.id') }}</th>
<th data-sortable="true" data-field="name">{{ trans('admin/manufacturers/table.name') }}</th>
<th data-switchable="true" data-searchable="false" data-sortable="false" data-field="assets">{{ trans('general.assets') }}</th>
<th data-switchable="true" data-searchable="false" data-sortable="false" data-field="licenses">{{ trans('general.licenses') }}</th>
<th data-switchable="true" data-searchable="false" data-sortable="false" data-field="accessories">{{ trans('general.accessories') }}</th>
<th data-switchable="true" data-searchable="false" data-sortable="false" data-field="consumables">{{ trans('general.consumables') }}</th>
<th data-switchable="false" data-searchable="false" data-sortable="false" data-field="actions">{{ trans('table.actions') }}</th>
</tr>
</thead>

6
resources/views/manufacturers/view.blade.php
View file

@ -110,7 +110,7 @@
data-url="{{ route('api.manufacturers.view', ['manufacturerId' => $manufacturer->id, 'itemtype' => 'accessories']) }}"
data-cookie="true"
data-click-to-select="true"
data-cookie-id-table="maufacturerLicensesTable-{{config('version.hash_version') }}"
data-cookie-id-table="manufacturerAccessoriesTable-{{config('version.hash_version') }}"
>
<thead>
<tr>
@ -121,7 +121,7 @@
<th data-searchable="true" data-sortable="true" data-field="location">{{ trans('general.location') }}</th>
<th data-searchable="false" data-sortable="false" data-field="qty">{{ trans('admin/accessories/general.total') }}</th>
<th data-searchable="true" data-sortable="true" data-field="purchase_date" data-visible="false">{{ trans('admin/accessories/general.date') }}</th>
<th data-searchable="true" data-sortable="true" data-field="purchase_cost">{{ trans('admin/accessories/general.cost') }}</th>
<th data-searchable="true" data-sortable="true" data-field="purchase_cost">{{ trans('general.purchase_cost') }}</th>
<th data-searchable="true" data-sortable="true" data-field="order_number" data-visible="false">{{ trans('admin/accessories/general.order') }}</th>
<th data-searchable="false" data-sortable="true" data-field="min_amt">{{ trans('general.min_amt') }}</th>
<th data-searchable="false" data-sortable="false" data-field="numRemaining">{{ trans('admin/accessories/general.remaining') }}</th>
@ -155,7 +155,7 @@
<th data-sortable="true" data-field="item_no" data-visible="false">{{ trans('admin/consumables/general.item_no') }}</th>
<th data-sortable="true" data-searchable="true" data-field="order_number" data-visible="false">{{ trans('admin/consumables/general.order') }}</th>
<th data-sortable="true" data-searchable="true" data-field="purchase_date" data-visible="false">{{ trans('admin/consumables/general.date') }}</th>
<th data-sortable="true" data-searchable="true" data-field="purchase_cost" data-visible="false">{{ trans('admin/consumables/general.cost') }}</th>
<th data-sortable="true" data-searchable="true" data-field="purchase_cost" data-visible="false">{{ trans('general.purchase_cost') }}</th>
<th data-switchable="false" data-searchable="false" data-sortable="false" data-field="actions"> {{ trans('table.actions') }}</th>
</tr>
</thead>

2
resources/views/models/view.blade.php
View file

@ -98,7 +98,7 @@
@if ($model->fieldset)
<li>{{ trans('admin/models/general.fieldset') }}:
<a href="{{ url('/') }}/admin/custom_fields/{{ $model->fieldset->id }}">{{ $model->fieldset->name }}</a>
<a href="{{ route('fieldsets.show', $model->fieldset->id) }}">{{ $model->fieldset->name }}</a>
</li>
@endif

4
resources/views/reports/unaccepted_assets.blade.php
View file

@ -41,9 +41,9 @@
<td>{{ is_null($assetItem->company) ? '' : $assetItem->company->name }}</td>
<td>{{ $assetItem->model->category->name }}</td>
<td>{{ $assetItem->model->name }}</td>
<td>{{ link_to(url('/').'/hardware/'.$assetItem->id.'/view',$assetItem->showAssetName()) }}</td>
<td>{{ link_to_route('hardware.show',$assetItem->showAssetName(), [$assetItem->id]) }}</td>
<td>{{ $assetItem->asset_tag }}</td>
<td>{{ link_to(url('/').'/admin/users/'.$assetItem->assigned_to.'/view', $assetItem->assigneduser->fullName())}}</td>
<td>{{ link_to_route('users.show', $assetItem->assigneduser->fullName(), [$assetItem->assigned_to])}}</td>
</tr>
@endforeach
@endif

2
resources/views/suppliers/view.blade.php
View file

@ -203,7 +203,7 @@
<td>{{ $improvement->is_warranty ? trans('admin/asset_maintenances/message.warranty') : trans('admin/asset_maintenances/message.not_warranty') }}</td>
<td>{{ sprintf( trans( 'general.currency' ) . '%01.2f', $improvement->cost) }}</td>
<?php $totalCost += $improvement->cost; ?>
<td><a href="{{ route('update/asset_maintenance', $improvement->id) }}" class="btn btn-warning"><i class="fa fa-pencil icon-white"></i></a>
<td><a href="{{ route('maintenances.edit', $improvement->id) }}" class="btn btn-warning"><i class="fa fa-pencil icon-white"></i></a>
</td>
</tr>
@endif

2
resources/views/users/confirm-bulk-delete.blade.php
View file

@ -82,7 +82,7 @@ Bulk Checkin &amp; Delete
</td>
<td>
@foreach ($user->groups as $group)
<a href=" {{ url('/') }}/admin/groups/{{ $group->id }}'/edit" class="label label-default">
<a href=" {{ route('update/group', $group->id) }}" class="label label-default">
{{ $group->name }}
</a>
@endforeach

4
resources/views/users/edit.blade.php
View file

@ -75,7 +75,9 @@
<form class="form-horizontal" method="post" autocomplete="off" action="{{ ($user) ? route('users.update', ['user' => $user->id]) : route('users.store') }}" id="userForm">
<!-- CSRF Token -->
<input type="hidden" name="_token" value="{{ csrf_token() }}">
@if($user->id)
{{ method_field('PUT') }}
@endif
<!-- Custom Tabs -->
<div class="nav-tabs-custom">
<ul class="nav nav-tabs">

6
resources/views/users/index.blade.php
View file

@ -15,7 +15,7 @@
@stop
@section('header_right')
@can('users.create')
@can('create', \App\Models\User::class)
@if ($snipeSettings->ldap_enabled == 1)
<a href="{{ route('ldap/user') }}" class="btn btn-default pull-right"><span class="fa fa-upload"></span> LDAP</a>
@endif
@ -28,7 +28,7 @@
@else
<a class="btn btn-default pull-right" href="{{ route('users.index', ['status' => 'deleted']) }}" style="margin-right: 5px;">{{ trans('admin/users/table.show_deleted') }}</a>
@endif
@can('users.view')
@can('view', \App\Models\User::class)
<a class="btn btn-default pull-right" href="{{ url('admin/users/export') }}" style="margin-right: 5px;">Export</a>
@endcan
@ -50,7 +50,7 @@
'class' => 'form-inline' ]) }}
@if (Input::get('status')!='deleted')
@can('users.delete')
@can('delete', \App\Models\User::class)
<div id="toolbar">
<select name="bulk_actions" class="form-control select2" style="width: 200px;">
<option value="delete">Bulk Checkin &amp; Delete</option>

44
resources/views/users/view.blade.php
View file

@ -23,21 +23,21 @@
<li><a href="#files_tab" data-toggle="tab"><span class="hidden-lg hidden-md"><i class="fa fa-paperclip"></i></span> <span class="hidden-xs hidden-sm">{{ trans('general.file_uploads') }}</span></a></li>
<li><a href="#history_tab" data-toggle="tab"><span class="hidden-lg hidden-md"><i class="fa fa-clock-o"></i></span> <span class="hidden-xs hidden-sm">{{ trans('general.history') }}</span></a></li>
@can('users.edit')
<li class="dropdown pull-right">
@can('update', $user)
<li class="dropdown pull-right">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-gear"></i> {{ trans('button.actions') }}
<span class="caret"></span>
</a>
<ul class="dropdown-menu">
<li><a href="{{ route('users.edit', $user->id) }}">{{ trans('admin/users/general.edit') }}</a></li>
<li><a href="{{ route('clone/user', $user->id) }}">{{ trans('admin/users/general.clone') }}</a></li>
@if ((Auth::user()->id !== $user->id) && (!config('app.lock_passwords')) && ($user->deleted_at==''))
<li><a href="{{ route('users.destroy', $user->id) }}">{{ trans('button.delete') }}</a></li>
@endif
</ul>
</li>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-gear"></i> {{ trans('button.actions') }}
<span class="caret"></span>
</a>
<ul class="dropdown-menu">
<li><a href="{{ route('users.edit', $user->id) }}">{{ trans('admin/users/general.edit') }}</a></li>
<li><a href="{{ route('clone/user', $user->id) }}">{{ trans('admin/users/general.clone') }}</a></li>
@if ((Auth::user()->id !== $user->id) && (!config('app.lock_passwords')) && ($user->deleted_at==''))
<li><a href="{{ route('users.destroy', $user->id) }}">{{ trans('button.delete') }}</a></li>
@endif
</ul>
</li>
@endcan
</ul>
<div class="tab-content">
@ -48,7 +48,7 @@
<div class="callout callout-warning">
<i class="icon fa fa-warning"></i>
This user has been marked as deleted.
@can('users.edit')
@can('update', $user)
<a href="{{ route('restore/user', $user->id) }}">Click here</a> to restore them.
@endcan
</div>
@ -132,7 +132,7 @@
<!-- Start button column -->
<div class="col-md-2">
@can('users.edit')
@can('update', $user)
<div class="col-md-12">
<a href="{{ route('users.edit', $user->id) }}" style="width: 100%;" class="btn btn-sm btn-default">{{ trans('admin/users/general.edit') }}</a>
@ -192,14 +192,14 @@
@endif
</td>
<td>
@can('assets.view')
@can('view', $asset)
<a href="{{ route('hardware.show', $asset->id) }}">{{ $asset->asset_tag }}</a>
@endcan
</td>
<td><a href="{{ route('hardware.show', $asset->id) }}">{{ $asset->name }}</a></td>
<td class="hidden-print">
@can('assets.edit')
@can('checkin', $asset)
<a href="{{ route('checkin/hardware', array('assetId'=> $asset->id, 'backto'=>'user')) }}" class="btn btn-primary btn-sm">Checkin</a>
@endcan
</td>
@ -228,7 +228,7 @@
</td>
<td><a href="{{ route('licenses.show', $license->id) }}">{{ mb_strimwidth($license->serial, 0, 50, "...") }}</a></td>
<td class="hidden-print">
@can('licenses.edit')
@can('update', $license)
<a href="{{ route('licenses.checkin', array('licenseseat_id'=> $license->pivot->id, 'backto'=>'user')) }}" class="btn btn-primary btn-sm">Checkin</a>
@endcan
</td>
@ -252,7 +252,7 @@
<tr>
<td><a href="{{ route('accessories.show', $accessory->id) }}">{{ $accessory->name }}</a></td>
<td class="hidden-print">
@can('accessories.edit')
@can('checkin', $accessory)
<a href="{{ route('checkin/accessory', array('accessory_id'=> $accessory->pivot->id, 'backto'=>'user')) }}" class="btn btn-primary btn-sm">Checkin</a>
@endcan
</td>
@ -290,7 +290,7 @@
</div>
<div class="col-md-2">
<!-- The fileinput-button span is used to style the file input field as button -->
@can('users.edit')
@can('update', $user)
<span class="btn btn-info fileinput-button">
<i class="fa fa-plus icon-white"></i>
<span>Select File...</span>
@ -353,7 +353,7 @@
@endif
</td>
<td>
@can('users.edit')
@can('update', $user)
<a class="btn delete-asset btn-danger btn-sm" href="{{ route('users.destroyfile', [$user->id, $file->id]) }}" data-content="Are you sure you wish to delete this file?" data-title="Delete {{ $file->filename }}?"><i class="fa fa-trash icon-white"></i></a>
@endcan
</td>

19
routes/console.php
View file

@ -1,5 +1,6 @@
<?php
use App\Models\Setting;
use Illuminate\Foundation\Inspiring;
/*
@ -16,3 +17,21 @@ use Illuminate\Foundation\Inspiring;
Artisan::command('inspire', function () {
$this->comment(Inspiring::quote());
})->describe('Display an inspiring quote');
Artisan::command('snipeit:travisci-install', function () {
if(!Setting::setupCompleted()) {
$settings = new Setting;
$settings->site_name = 'test-ci';
$settings->alert_email = 'test@example.com';
$settings->alerts_enabled = 1;
$settings->brand = 1;
$settings->locale = 'en';
$settings->default_currency = 'USD';
$settings->user_id = 1;
$settings->email_domain = 'example.com';
$settings->email_format = 'filastname';
$settings->save();
} else {
$this->comment('Setup already ran');
}
})->describe('Travis-cli install script for unit tests');

1
routes/web.php
View file

@ -69,7 +69,6 @@ Route::group(['middleware' => 'auth'], function () {
'display-sig/{filename}',
[
'as' => 'log.signature.view',
'middleware' => 'authorize:assets.view',
'uses' => 'ActionlogController@displaySig' ]
);

11
routes/web/accessories.php
View file

@ -3,25 +3,24 @@
/*
* Accessories
*/
Route::group([ 'prefix' => 'accessories', 'middleware'=>'authorize:accessories.view' ], function () {
Route::group([ 'prefix' => 'accessories', ], function () {
Route::get(
'{accessoryID}/checkout',
[ 'as' => 'checkout/accessory', 'middleware' => 'authorize:accessories.checkout','uses' => 'AccessoriesController@getCheckout' ]
[ 'as' => 'checkout/accessory', 'uses' => 'AccessoriesController@getCheckout' ]
);
Route::post(
'{accessoryID}/checkout',
[ 'as' => 'checkout/accessory', 'middleware' => 'authorize:accessories.checkout','uses' => 'AccessoriesController@postCheckout' ]
[ 'as' => 'checkout/accessory', 'uses' => 'AccessoriesController@postCheckout' ]
);
Route::get(
'{accessoryID}/checkin/{backto?}',
[ 'as' => 'checkin/accessory', 'middleware' => 'authorize:accessories.checkin','uses' => 'AccessoriesController@getCheckin' ]
[ 'as' => 'checkin/accessory', 'uses' => 'AccessoriesController@getCheckin' ]
);
Route::post(
'{accessoryID}/checkin/{backto?}',
[ 'as' => 'checkin/accessory', 'middleware' => 'authorize:accessories.checkin','uses' => 'AccessoriesController@postCheckin' ]
[ 'as' => 'checkin/accessory', 'uses' => 'AccessoriesController@postCheckin' ]
);
});

10
routes/web/components.php
View file

@ -1,18 +1,18 @@
<?php
# Components
Route::group([ 'prefix' => 'components', 'middleware'=>'authorize:components.view' ], function () {
Route::group([ 'prefix' => 'components' ], function () {
Route::get(
'{componentID}/checkout',
[ 'as' => 'checkout/component', 'middleware'=>'authorize:components.checkout','uses' => 'ComponentsController@getCheckout' ]
[ 'as' => 'checkout/component', 'uses' => 'ComponentsController@getCheckout' ]
);
Route::post(
'{componentID}/checkout',
[ 'as' => 'checkout/component', 'middleware'=>'authorize:components.checkout','uses' => 'ComponentsController@postCheckout' ]
[ 'as' => 'checkout/component', 'uses' => 'ComponentsController@postCheckout' ]
);
Route::post('bulk', [ 'as' => 'component/bulk-form', 'middleware'=>'authorize:components.checkout','uses' => 'ComponentsController@postBulk' ]);
Route::post('bulksave', [ 'as' => 'component/bulk-save', 'middleware'=>'authorize:components.edit','uses' => 'ComponentsController@postBulkSave' ]);
Route::post('bulk', [ 'as' => 'component/bulk-form', 'uses' => 'ComponentsController@postBulk' ]);
Route::post('bulksave', [ 'as' => 'component/bulk-save', 'uses' => 'ComponentsController@postBulkSave' ]);
});

10
routes/web/consumables.php
View file

@ -3,19 +3,13 @@
# Consumables
Route::group([ 'prefix' => 'consumables', 'middleware'=>'authorize:consumables.view' ], function () {
Route::get(
'{consumableID}/view',
[ 'as' => 'view/consumable', 'middleware'=>'authorize:consumables.view','uses' => 'ConsumablesController@getView' ]
);
Route::get(
'{consumableID}/checkout',
[ 'as' => 'checkout/consumable', 'middleware'=>'authorize:consumables.checkout','uses' => 'ConsumablesController@getCheckout' ]
[ 'as' => 'checkout/consumable','uses' => 'ConsumablesController@getCheckout' ]
);
Route::post(
'{consumableID}/checkout',
[ 'as' => 'checkout/consumable', 'middleware'=>'authorize:consumables.checkout','uses' => 'ConsumablesController@postCheckout' ]
[ 'as' => 'checkout/consumable', 'uses' => 'ConsumablesController@postCheckout' ]
);
});

27
routes/web/hardware.php
View file

@ -20,7 +20,6 @@ Route::group(
Route::get('history', [
'as' => 'asset.import-history',
'middleware' => 'authorize:assets.checkout',
'uses' => 'AssetsController@getImportHistory'
]);
@ -31,13 +30,11 @@ Route::group(
Route::get('/bytag', [
'as' => 'findbytag/hardware',
'middleware' => 'authorize:assets.view',
'uses' => 'AssetsController@getAssetByTag'
]);
Route::get('{assetId}/clone', [
'as' => 'clone/hardware',
'middleware' => 'authorize:assets.create',
'uses' => 'AssetsController@getClone'
]);
@ -45,73 +42,56 @@ Route::group(
Route::get('{assetId}/checkout', [
'as' => 'checkout/hardware',
'middleware' => 'authorize:assets.checkout',
'uses' => 'AssetsController@getCheckout'
]);
Route::post('{assetId}/checkout', [
'as' => 'checkout/hardware',
'middleware' => 'authorize:assets.checkout',
'uses' => 'AssetsController@postCheckout'
]);
Route::get('{assetId}/checkin/{backto?}', [
'as' => 'checkin/hardware',
'middleware' => 'authorize:assets.checkin',
'uses' => 'AssetsController@getCheckin'
]);
Route::post('{assetId}/checkin/{backto?}', [
'as' => 'checkin/hardware',
'middleware' => 'authorize:assets.checkin',
'uses' => 'AssetsController@postCheckin'
]);
Route::get('{assetId}/view', [
'as' => 'hardware.view',
'middleware' => ['authorize:assets.view'],
'uses' => 'AssetsController@show'
]);
Route::get('{assetId}/qr_code', [ 'as' => 'qr_code/hardware', 'uses' => 'AssetsController@getQrCode' ]);
Route::get('{assetId}/barcode', [ 'as' => 'barcode/hardware', 'uses' => 'AssetsController@getBarCode' ]);
Route::get('{assetId}/restore', [
'as' => 'restore/hardware',
'middleware' => 'authorize:assets.delete',
'uses' => 'AssetsController@getRestore'
]);
Route::post('{assetId}/upload', [
'as' => 'upload/asset',
'middleware' => 'authorize:assets.edit',
'uses' => 'AssetsController@postUpload'
]);
Route::get('{assetId}/deletefile/{fileId}', [
'as' => 'delete/assetfile',
'middleware' => 'authorize:assets.edit',
'uses' => 'AssetsController@getDeleteFile'
]);
Route::get('{assetId}/showfile/{fileId}', [
'as' => 'show/assetfile',
'middleware' => 'authorize:assets.view',
'uses' => 'AssetsController@displayFile'
]);
Route::get('import/delete-import/{filename}', [
'as' => 'assets/import/delete-file',
'middleware' => 'authorize:assets.create',
'uses' => 'AssetsController@getDeleteImportFile'
]);
Route::post( 'import/process/', [ 'as' => 'assets/import/process-file',
'middleware' => 'authorize:assets.create',
'uses' => 'AssetsController@postProcessImportFile'
]);
Route::get( 'import/delete/{filename}', [ 'as' => 'assets/import/delete-file',
'middleware' => 'authorize:assets.create', // TODO What permissions should this require?
'uses' => 'AssetsController@getDeleteImportFile'
]);
Route::get('import',[
'as' => 'assets/import',
'middleware' => 'authorize:assets.create',
'uses' => 'AssetsController@getImportUpload'
]);
@ -119,7 +99,6 @@ Route::group(
'bulkedit',
[
'as' => 'hardware/bulkedit',
'middleware' => 'authorize:assets.edit',
'uses' => 'AssetsController@postBulkEdit'
]
);
@ -127,7 +106,6 @@ Route::group(
'bulkdelete',
[
'as' => 'hardware/bulkdelete',
'middleware' => 'authorize:assets.delete',
'uses' => 'AssetsController@postBulkDelete'
]
);
@ -135,7 +113,6 @@ Route::group(
'bulksave',
[
'as' => 'hardware/bulksave',
'middleware' => 'authorize:assets.edit',
'uses' => 'AssetsController@postBulkSave'
]
);
@ -143,12 +120,10 @@ Route::group(
# Bulk checkout / checkin
Route::get( 'bulkcheckout', [
'as' => 'hardware/bulkcheckout',
'middleware' => 'authorize:assets.checkout',
'uses' => 'AssetsController@getBulkCheckout'
]);
Route::post( 'bulkcheckout', [
'as' => 'hardware/bulkcheckout',
'middleware' => 'authorize:assets.checkout',
'uses' => 'AssetsController@postBulkCheckout'
]);
});

27
routes/web/licenses.php
View file

@ -2,47 +2,44 @@
# Licenses
Route::group([ 'prefix' => 'licenses', 'middleware'=>'authorize:licenses.view' ], function () {
Route::group([ 'prefix' => 'licenses' ], function () {
Route::get('{licenseId}/clone', [ 'as' => 'clone/license', 'middleware' => 'authorize:licenses.create', 'uses' => 'LicensesController@getClone' ]);
Route::post('{licenseId}/clone', [ 'as' => 'clone/license', 'middleware' => 'authorize:licenses.create', 'uses' => 'LicensesController@postCreate' ]);
Route::get('{licenseId}/clone', [ 'as' => 'clone/license', 'uses' => 'LicensesController@getClone' ]);
Route::post('{licenseId}/clone', [ 'as' => 'clone/license', 'uses' => 'LicensesController@postCreate' ]);
Route::get('{licenseId}/freecheckout', [
'as' => 'licenses.freecheckout',
'middleware' => 'authorize:licenses.checkout',
'uses' => 'LicensesController@getFreeLicense'
]);
Route::get(
'{licenseId}/checkout',
[ 'as' => 'licenses.checkout', 'middleware' => 'authorize:licenses.checkout','uses' => 'LicensesController@getCheckout' ]
);
Route::get('{licenseId}/checkout', [
'as' => 'licenses.checkout',
'uses' => 'LicensesController@getCheckout'
]);
Route::post(
'{licenseId}/checkout',
[ 'as' => 'licenses.checkout', 'middleware' => 'authorize:licenses.checkout','uses' => 'LicensesController@postCheckout' ]
'{licenseId}/checkout',
[ 'as' => 'licenses.checkout', 'uses' => 'LicensesController@postCheckout' ]
);
Route::get('{licenseId}/checkin/{backto?}', [
'as' => 'licenses.checkin',
'middleware' => 'authorize:licenses.checkin',
'uses' => 'LicensesController@getCheckin'
]);
Route::post('{licenseId}/checkin/{backto?}', [
'as' => 'licenses.checkin',
'middleware' => 'authorize:licenses.checkin',
'uses' => 'LicensesController@postCheckin'
]);
Route::post(
'{licenseId}/upload',
[ 'as' => 'upload/license', 'middleware' => 'authorize:licenses.edit','uses' => 'LicensesController@postUpload' ]
[ 'as' => 'upload/license', 'uses' => 'LicensesController@postUpload' ]
);
Route::get(
'{licenseId}/deletefile/{fileId}',
[ 'as' => 'delete/licensefile', 'middleware' => 'authorize:licenses.edit', 'uses' => 'LicensesController@getDeleteFile' ]
[ 'as' => 'delete/licensefile', 'uses' => 'LicensesController@getDeleteFile' ]
);
Route::get(
'{licenseId}/showfile/{fileId}',
[ 'as' => 'show/licensefile', 'middleware' => 'authorize:licenses.view','uses' => 'LicensesController@displayFile' ]
[ 'as' => 'show/licensefile', 'uses' => 'LicensesController@displayFile' ]
);
});

20
routes/web/users.php
View file

@ -1,17 +1,17 @@
<?php
# User Management
Route::group([ 'prefix' => 'users', 'middleware' => ['web','auth','authorize:users.view']], function () {
Route::group([ 'prefix' => 'users', 'middleware' => ['web','auth']], function () {
Route::get('ldap', ['as' => 'ldap/user', 'uses' => 'UsersController@getLDAP', 'middleware' => ['authorize:users.edit'] ]);
Route::get('ldap', ['as' => 'ldap/user', 'uses' => 'UsersController@getLDAP' ]);
Route::post('ldap', 'UsersController@postLDAP');
Route::get('import', [ 'as' => 'import/user', 'uses' => 'UsersController@getImport', 'middleware' => ['authorize:users.edit'] ]);
Route::post('import', [ 'uses' => 'UsersController@postImport', 'middleware' => ['authorize:users.edit'] ]);
Route::get('export', [ 'uses' => 'UsersController@getExportUserCsv', 'middleware' => ['authorize:users.view'] ]);
Route::get('{userId}/clone', [ 'as' => 'clone/user', 'uses' => 'UsersController@getClone', 'middleware' => ['authorize:users.edit'] ]);
Route::post('{userId}/clone', [ 'uses' => 'UsersController@postCreate', 'middleware' => ['authorize:users.edit'] ]);
Route::get('{userId}/restore', [ 'as' => 'restore/user', 'uses' => 'UsersController@getRestore', 'middleware' => ['authorize:users.edit'] ]);
Route::get('{userId}/unsuspend', [ 'as' => 'unsuspend/user', 'uses' => 'UsersController@getUnsuspend', 'middleware' => ['authorize:users.edit'] ]);
Route::get('import', [ 'as' => 'import/user', 'uses' => 'UsersController@getImport' ]);
Route::post('import', [ 'uses' => 'UsersController@postImport' ]);
Route::get('export', [ 'uses' => 'UsersController@getExportUserCsv' ]);
Route::get('{userId}/clone', [ 'as' => 'clone/user', 'uses' => 'UsersController@getClone' ]);
Route::post('{userId}/clone', [ 'uses' => 'UsersController@postCreate' ]);
Route::get('{userId}/restore', [ 'as' => 'restore/user', 'uses' => 'UsersController@getRestore' ]);
Route::get('{userId}/unsuspend', [ 'as' => 'unsuspend/user', 'uses' => 'UsersController@getUnsuspend' ]);
Route::get(
'{userId}/deletefile/{fileId}',
[ 'as' => 'delete/userfile', 'uses' => 'UsersController@getDeleteFile' ]
@ -26,7 +26,6 @@ Route::group([ 'prefix' => 'users', 'middleware' => ['web','auth','authorize:use
[
'as' => 'users/bulkedit',
'uses' => 'UsersController@postBulkEdit',
'middleware' => ['authorize:users.edit'],
]
);
Route::post(
@ -34,7 +33,6 @@ Route::group([ 'prefix' => 'users', 'middleware' => ['web','auth','authorize:use
[
'as' => 'users/bulksave',
'uses' => 'UsersController@postBulkSave',
'middleware' => ['authorize:users.edit'],
]
);

3
tests/TestCase.php
View file

@ -16,11 +16,12 @@ class TestCase extends Illuminate\Foundation\Testing\TestCase
*/
public function createApplication()
{
$app = require_once __DIR__.'/../bootstrap/app.php';
$app = require __DIR__.'/../bootstrap/app.php';
$app->make(Illuminate\Contracts\Console\Kernel::class)->bootstrap();
return $app;
}
public function setUp()
{
parent::setUp();

154
tests/_data/dump.sql
View file

File diff suppressed because one or more lines are too long

11
tests/_envs/functional-travis.yml Normal file
View file

@ -0,0 +1,11 @@
# `functional-travis` enviromodules:
class_name: FunctionalTester
modules:
config:
# add framework module here
Laravel5:
environment_file: .env.testing-ci
Db:
dsn: 'mysql:host=localhost;dbname=snipeit_unit'
user: 'travis'
password: ''

1
tests/_envs/testing-ci.yml
View file

@ -16,3 +16,4 @@ modules:
- \Helper\Acceptance
- Laravel5:
part: ORM
environment_file: .env

2
tests/functional.suite.yml
View file

@ -19,3 +19,5 @@ modules:
dump: tests/_data/dump.sql
populate: true
cleanup: false
- REST:
depends: Laravel5

4
tests/functional/AccessoriesCest.php
View file

@ -76,7 +76,7 @@ class AccessoriesCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete an accessory');
$I->amOnPage( route('accessories.destroy', $I->getAccessoryId() ) );
$I->seeElement('.alert-success');
$I->sendDelete( route('accessories.destroy', $I->getAccessoryId() ), ['_token' => csrf_token()] );
$I->seeResponseCodeIs(200);
}
}

5
tests/functional/AssetModelsCest.php
View file

@ -56,9 +56,8 @@ class AssetModelsCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete an asset model');
// 6 is the only one without an assigned asset. This is fragile.
$I->amOnPage(route('models.destroy', $I->getEmptyModelId()));
$I->seeElement('.alert-success');
$I->sendDelete(route('models.destroy', $I->getEmptyModelId()), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

4
tests/functional/AssetsCest.php
View file

@ -62,7 +62,7 @@ class AssetsCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete an asset');
$I->amOnPage(route('hardware.destroy', $I->getAssetId()));
$I->seeElement('.alert-success');
$I->sendDelete(route('hardware.destroy', $I->getAssetId()), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

4
tests/functional/CategoriesCest.php
View file

@ -55,7 +55,7 @@ class CategoryCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete a category');
$I->amOnPage(route('delete/category', $I->getEmptyCategoryId()));
$I->seeElement('.alert-success');
$I->sendDelete(route('categories.destroy', $I->getEmptyCategoryId()), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

4
tests/functional/ComponentsCest.php
View file

@ -71,7 +71,7 @@ class ComponentsCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete a component');
$I->amOnPage(route('components.destroy', $I->getComponentId()));
$I->seeElement('.alert-success');
$I->sendDelete(route('components.destroy', $I->getComponentId()), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

4
tests/functional/ConsumablesCest.php
View file

@ -71,7 +71,7 @@ class ConsumablesCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete a consumable');
$I->amOnPage(route('consumables.destroy', $I->getConsumableId()));
$I->seeElement('.alert-success');
$I->sendDelete(route('consumables.destroy', $I->getConsumableId()), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

4
tests/functional/DepreciationsCest.php
View file

@ -59,7 +59,7 @@ class DepreciationCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete a depreciation');
$I->amOnPage(route('depreciations.destroy', $I->getDepreciationId()));
$I->seeElement('.alert-success');
$I->sendDelete(route('depreciations.destroy', $I->getDepreciationId()), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

2
tests/functional/GroupsCest.php
View file

@ -57,6 +57,8 @@ class GroupsCest
$I->wantTo('Ensure I can delete a group');
$I->amOnPage(route('delete/group', Group::doesntHave('users')->first()->id));
$I->seeElement('.alert-success');
// $I->sendDelete(route('delete/group', Group::doesntHave('users')->first()->id), ['_token' => csrf_token()]);
// $I->seeResponseCodeIs(200);
}
}

4
tests/functional/LicensesCest.php
View file

@ -79,8 +79,8 @@ class licensesCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete a license');
$I->amOnPage(route('licenses.destroy', License::doesntHave('assignedUsers')->first()->id));
$I->seeElement('.alert-success');
$I->sendDelete(route('licenses.destroy', License::doesntHave('assignedUsers')->first()->id), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

5
tests/functional/LocationsCest.php
View file

@ -67,7 +67,8 @@ class LocationsCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete a location');
$I->amOnPage(route('locations.destroy', Location::doesntHave('assets')->doesntHave('assignedAssets')->first()->id));
$I->seeElement('.alert-success');
$location = factory(App\Models\Location::class, 'location')->create();
$I->sendDelete(route('locations.destroy', $location->id), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

12
tests/functional/ManufacturersCest.php
View file

@ -57,11 +57,11 @@ class ManufacturersCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete a manufacturer');
$I->amOnPage(route('manufacturers.destroy', Manufacturer::doesntHave('models')
->doesntHave('accessories')
->doesntHave('consumables')
->doesntHave('licenses')->first()->id
));
$I->seeElement('.alert-success');
$manufacturerId = Manufacturer::doesntHave('models')
->doesntHave('accessories')
->doesntHave('consumables')
->doesntHave('licenses')->first()->id;
$I->sendDelete(route('manufacturers.destroy', $manufacturerId), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

4
tests/functional/StatusLabelsCest.php
View file

@ -62,7 +62,7 @@ class StatusLabelsCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete a Status Label');
$I->amOnPage(route('statuslabels.destroy', Statuslabel::doesntHave('assets')->first()->id));
$I->seeElement('.alert-success');
$I->sendDelete(route('statuslabels.destroy', Statuslabel::doesntHave('assets')->first()->id), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

4
tests/functional/SuppliersCest.php
View file

@ -69,7 +69,7 @@ class SuppliersCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete a supplier');
$I->amOnPage(route('suppliers.destroy', Supplier::doesntHave('assets')->doesntHave('licenses')->first()->id));
$I->seeElement('.alert-success');
$I->sendDelete(route('suppliers.destroy', Supplier::doesntHave('assets')->doesntHave('licenses')->first()->id), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

16
tests/functional/UsersCest.php
View file

@ -92,13 +92,13 @@ class UsersCest
public function allowsDelete(FunctionalTester $I)
{
$I->wantTo('Ensure I can delete a user');
$I->amOnPage(route('users.destroy', User::doesntHave('assets')
->doesntHave('accessories')
->doesntHave('consumables')
->doesntHave('licenses')
->where('username', '!=', 'snipeit')
->first()->id
));
$I->seeElement('.alert-success');
$userId = User::doesntHave('assets')
->doesntHave('accessories')
->doesntHave('consumables')
->doesntHave('licenses')
->where('username', '!=', 'snipeit')
->first()->id;
$I->sendDelete(route('users.destroy', $userId), ['_token' => csrf_token()]);
$I->seeResponseCodeIs(200);
}
}

437
tests/unit/PermissionsTest.php Normal file
View file

@ -0,0 +1,437 @@
<?php
use App\Models\Accessory;
use App\Models\Asset;
use App\Models\Component;
use App\Models\Consumable;
use App\Models\License;
use App\Models\User;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Illuminate\Foundation\Testing\DatabaseTransactions;
use Illuminate\Foundation\Testing\WithoutMiddleware;
class PermissionsTest extends TestCase
{
// use DatabaseMigrations;
use DatabaseTransactions;
public function setUp()
{
parent::setUp();
$this->hardwareId = Asset::first()->id;
$this->noHardware = [
route('hardware.index') => 403,
route('hardware.create') => 403,
route('hardware.edit', $this->hardwareId) => 403,
route('hardware.show', $this->hardwareId) => 403,
];
$this->licenseId = License::first()->id;
$this->noLicenses = [
route('licenses.index') => 403,
route('licenses.create') => 403,
route('licenses.edit', $this->licenseId) => 403,
route('licenses.show', $this->licenseId) => 403,
];
$this->accessoryId = Accessory::first()->id;
$this->noAccessories = [
route('accessories.index') => 403,
route('accessories.create') => 403,
route('accessories.edit', $this->accessoryId) => 403,
route('accessories.show', $this->accessoryId) => 403,
];
$this->consumableId = Consumable::first()->id;
$this->noConsumables = [
route('consumables.index') => 403,
route('consumables.create') => 403,
route('consumables.edit', $this->consumableId) => 403,
route('consumables.show', $this->consumableId) => 403,
];
$this->componentId = Component::first()->id;
$this->noComponents = [
route('components.index') => 403,
route('components.create') => 403,
route('components.edit', $this->componentId) => 403,
route('components.show', $this->componentId) => 403,
];
$this->userId = User::first()->id;
$this->noUsers = [
route('users.index') => 403,
route('users.create') => 403,
route('users.edit', $this->userId) => 403,
route('users.show', $this->userId) => 403,
];
}
public function tearDown()
{
}
private $noHardware;
private $noLicenses;
private $noAccessories;
private $noConsumables;
private $noComponents;
private $noUsers;
// An existing id for each type;
private $hardwareId;
private $licenseId;
private $accessoryId;
private $consumableId;
private $componentId;
private $userId;
// tests
/**
* @test
*/
public function a_user_with_no_permissions_sees_nothing()
{
$u = factory(App\Models\User::class, 'valid-user')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
// $permissions = $this->noHardware;
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_view_asset_permissions_can_view_assets()
{
$u = factory(App\Models\User::class, 'valid-user')->states('view-assets')->create();
$permissions = $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('hardware.index') => 200,
route('hardware.create') => 403,
route('hardware.edit', $this->hardwareId) => 403,
route('hardware.show', $this->hardwareId) => 200,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_create_asset_permissions_can_create_assets()
{
$u = factory(App\Models\User::class, 'valid-user')->states('create-assets')->create();
$permissions = $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('hardware.index') => 403,
route('hardware.create') => 200,
route('hardware.edit', $this->hardwareId) => 403,
route('hardware.show', $this->hardwareId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_edit_assets_permissions_can_edit_assets()
{
$u = factory(App\Models\User::class, 'valid-user')->states('edit-assets')->create();
$permissions = $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('hardware.index') => 403,
route('hardware.create') => 403,
route('hardware.edit', $this->hardwareId) => 200,
route('hardware.show', $this->hardwareId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_view_licenses_permissions_can_view_licenses()
{
$u = factory(App\Models\User::class, 'valid-user')->states('view-licenses')->create();
$permissions = $this->noHardware + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('licenses.index') => 200,
route('licenses.create') => 403,
route('licenses.edit', $this->licenseId) => 403,
route('licenses.show', $this->licenseId) => 200,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_create_licenses_permissions_can_create_licenses()
{
$u = factory(App\Models\User::class, 'valid-user')->states('create-licenses')->create();
$permissions = $this->noHardware + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('licenses.index') => 403,
route('licenses.create') => 200,
route('licenses.edit', $this->licenseId) => 403,
route('licenses.show', $this->licenseId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_edit_licenses_permissions_can_edit_licenses()
{
$u = factory(App\Models\User::class, 'valid-user')->states('edit-licenses')->create();
$permissions = $this->noHardware + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('licenses.index') => 403,
route('licenses.create') => 403,
route('licenses.edit', $this->licenseId) => 200,
route('licenses.show', $this->licenseId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_view_accessories_permissions_can_view_accessories()
{
$u = factory(App\Models\User::class, 'valid-user')->states('view-accessories')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('accessories.index') => 200,
route('accessories.create') => 403,
route('accessories.edit', $this->accessoryId) => 403,
route('accessories.show', $this->accessoryId) => 200,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_create_accessories_permissions_can_create_accessories()
{
$u = factory(App\Models\User::class, 'valid-user')->states('create-accessories')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('accessories.index') => 403,
route('accessories.create') => 200,
route('accessories.edit', $this->accessoryId) => 403,
route('accessories.show', $this->accessoryId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_edit_accessories_permissions_can_edit_accessories()
{
$u = factory(App\Models\User::class, 'valid-user')->states('edit-accessories')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('accessories.index') => 403,
route('accessories.create') => 403,
route('accessories.edit', $this->accessoryId) => 200,
route('accessories.show', $this->accessoryId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_view_consumables_permissions_can_view_consumables()
{
$u = factory(App\Models\User::class, 'valid-user')->states('view-consumables')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('consumables.index') => 200,
route('consumables.create') => 403,
route('consumables.edit', $this->consumableId) => 403,
route('consumables.show', $this->consumableId) => 200,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_create_consumables_permissions_can_create_consumables()
{
$u = factory(App\Models\User::class, 'valid-user')->states('create-consumables')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('consumables.index') => 403,
route('consumables.create') => 200,
route('consumables.edit', $this->consumableId) => 403,
route('consumables.show', $this->consumableId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_edit_consumables_permissions_can_edit_consumables()
{
$u = factory(App\Models\User::class, 'valid-user')->states('edit-consumables')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories + $this->noComponents + $this->noUsers;
$permissions = array_merge($permissions, [
route('consumables.index') => 403,
route('consumables.create') => 403,
route('consumables.edit', $this->consumableId) => 200,
route('consumables.show', $this->consumableId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_view_users_permissions_can_view_users()
{
$u = factory(App\Models\User::class, 'valid-user')->states('view-users')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noComponents;
$permissions = array_merge($permissions, [
route('users.index') => 200,
route('users.create') => 403,
route('users.edit', $this->userId) => 403,
route('users.show', $this->userId) => 200,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_create_users_permissions_can_create_users()
{
$u = factory(App\Models\User::class, 'valid-user')->states('create-users')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noComponents;
$permissions = array_merge($permissions, [
route('users.index') => 403,
route('users.create') => 200,
route('users.edit', $this->userId) => 403,
route('users.show', $this->userId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_edit_users_permissions_can_edit_users()
{
$u = factory(App\Models\User::class, 'valid-user')->states('edit-users')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noComponents;
$permissions = array_merge($permissions, [
route('users.index') => 403,
route('users.create') => 403,
route('users.edit', $this->userId) => 200,
route('users.show', $this->userId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_view_components_permissions_can_view_components()
{
$u = factory(App\Models\User::class, 'valid-user')->states('view-components')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noUsers;
$permissions = array_merge($permissions, [
route('components.index') => 200,
route('components.create') => 403,
route('components.edit', $this->componentId) => 403,
route('components.show', $this->componentId) => 200,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_create_components_permissions_can_create_components()
{
$u = factory(App\Models\User::class, 'valid-user')->states('create-components')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noUsers;
$permissions = array_merge($permissions, [
route('components.index') => 403,
route('components.create') => 200,
route('components.edit', $this->componentId) => 403,
route('components.show', $this->componentId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
/**
* @test
*/
public function a_user_with_edit_components_permissions_can_edit_components()
{
$u = factory(App\Models\User::class, 'valid-user')->states('edit-components')->create();
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noUsers;
$permissions = array_merge($permissions, [
route('components.index') => 403,
route('components.create') => 403,
route('components.edit', $this->componentId) => 200,
route('components.show', $this->componentId) => 403,
]);
$this->hitRoutes($permissions, $u);
}
private function hitRoutes(array $routes, User $user)
{
$this->actingAs($user);
// dd($user);
foreach ($routes as $route => $response) {
// $this->log($route);
// if (strpos($route, 'edit') || strpos($route, 'show') || strpos($route, 'destroy')) {
// // ($this->get(route($route,2))->dump());
// $this->get(route($route, 1))
// ->assertResponseStatus($response);
// } else {
// dd($this->get(route($route)));
// echo($this->get(route($route))->dump());
$this->get($route)
->assertResponseStatus($response);
// }
}
}
}