DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-12-26 06:04:08 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/develop'

Browse source
This commit is contained in:
snipe 2022-06-24 16:21:10 -07:00
parent 6c2d06efb9 be0f0fc421
commit e2c227f02b
7 changed files with 103 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.env.example
View file

@ -70,7 +70,8 @@ IMAGE_LIB=gd
MAIL_BACKUP_NOTIFICATION_DRIVER=null
MAIL_BACKUP_NOTIFICATION_ADDRESS=null
BACKUP_ENV=true
ALLOW_BACKUP_DELETE=false
ALLOW_DATA_PURGE=false
# --------------------------------------------
# OPTIONAL: SESSION SETTINGS

87
app/Http/Controllers/SettingsController.php
View file

@ -1147,23 +1147,31 @@ class SettingsController extends Controller
*/
public function deleteFile($filename = null)
{
if (! config('app.lock_passwords')) {
$path = 'app/backups';
if (config('app.allow_backup_delete')=='true') {
if (Storage::exists($path.'/'.$filename)) {
try {
Storage::delete($path.'/'.$filename);
if (!config('app.lock_passwords')) {
$path = 'app/backups';
return redirect()->route('settings.backups.index')->with('success', trans('admin/settings/message.backup.file_deleted'));
} catch (\Exception $e) {
\Log::debug($e);
if (Storage::exists($path . '/' . $filename)) {
try {
Storage::delete($path . '/' . $filename);
return redirect()->route('settings.backups.index')->with('success', trans('admin/settings/message.backup.file_deleted'));
} catch (\Exception $e) {
\Log::debug($e);
}
} else {
return redirect()->route('settings.backups.index')->with('error', trans('admin/settings/message.backup.file_not_found'));
}
} else {
return redirect()->route('settings.backups.index')->with('error', trans('admin/settings/message.backup.file_not_found'));
}
} else {
return redirect()->route('settings.backups.index')->with('error', trans('general.feature_disabled'));
}
// Hell to the no
\Log::warning('User ID '.Auth::user()->id.' is attempting to delete backup file '.$filename.' and is not authorized to.');
return redirect()->route('settings.backups.index')->with('error', trans('general.backup_delete_not_allowed'));
}
@ -1198,9 +1206,10 @@ class SettingsController extends Controller
Storage::putFileAs('app/backups', $request->file('file'), $upload_filename);
return redirect()->route('settings.backups.index')->with('success', 'File uploaded');
} else {
return redirect()->route('settings.backups.index')->withErrors($request->getErrors());
}
return redirect()->route('settings.backups.index')->withErrors($request->getErrors());
}
} else {
@ -1298,9 +1307,15 @@ class SettingsController extends Controller
*/
public function getPurge()
{
\Log::warning('User ID '.Auth::user()->id.' is attempting a PURGE');
return view('settings.purge-form');
\Log::warning('User '.Auth::user()->username.' (ID'.Auth::user()->id.') is attempting a PURGE');
if (config('app.allow_purge')=='true') {
return view('settings.purge-form');
}
return redirect()->route('settings.index')->with('error', trans('general.purge_not_allowed'));
}
/**
@ -1314,22 +1329,40 @@ class SettingsController extends Controller
*/
public function postPurge(Request $request)
{
if (! config('app.lock_passwords')) {
if ('DELETE' == $request->input('confirm_purge')) {
\Log::warning('User ID '.Auth::user()->id.' initiated a PURGE!');
// Run a backup immediately before processing
Artisan::call('backup:run');
Artisan::call('snipeit:purge', ['--force' => 'true', '--no-interaction' => true]);
$output = Artisan::output();
\Log::warning('User '.Auth::user()->username.' (ID'.Auth::user()->id.') is attempting a PURGE');
return view('settings/purge')
->with('output', $output)->with('success', trans('admin/settings/message.purge.success'));
if (config('app.allow_purge')=='true') {
\Log::debug('Purging is not allowed via the .env');
if (!config('app.lock_passwords')) {
if ($request->input('confirm_purge')=='DELETE') {
\Log::warning('User ID ' . Auth::user()->id . ' initiated a PURGE!');
// Run a backup immediately before processing
Artisan::call('backup:run');
Artisan::call('snipeit:purge', ['--force' => 'true', '--no-interaction' => true]);
$output = Artisan::output();
return redirect()->route('settings.index')
->with('output', $output)->with('success', trans('admin/settings/message.purge.success'));
} else {
return redirect()->route('settings.purge.index')
->with('error', trans('admin/settings/message.purge.validation_failed'));
}
} else {
return redirect()->back()->with('error', trans('admin/settings/message.purge.validation_failed'));
return redirect()->route('settings.index')
->with('error', trans('general.feature_disabled'));
}
} else {
return redirect()->back()->with('error', trans('general.feature_disabled'));
}
\Log::error('User '.Auth::user()->username.' (ID'.Auth::user()->id.') is attempting to purge deleted data and is not authorized to.');
// Nope.
return redirect()->route('settings.index')
->with('error', trans('general.purge_not_allowed'));
}
/**

24
config/app.php
View file

@ -430,4 +430,28 @@ return [
'api_throttle_per_minute' => env('API_THROTTLE_PER_MINUTE', 120),
/*
|--------------------------------------------------------------------------
| Allow Web-Based Purge
|--------------------------------------------------------------------------
|
| This sets whether or not to allow superadmins to purge deleted data
|
*/
'allow_purge' => env('ALLOW_DATA_PURGE', false),
/*
|--------------------------------------------------------------------------
| Allow Backup Deletion
|--------------------------------------------------------------------------
|
| This sets whether or not to allow superadmins to delete backups
|
*/
'allow_backup_delete' => env('ALLOW_BACKUP_DELETE', false),
];

3
resources/lang/en/general.php
View file

@ -360,4 +360,7 @@ return [
'maintenance_mode' => 'The service is temporarily unavailable for system updates. Please check back later.',
'maintenance_mode_title' => 'System Temporarily Unavailable',
'ldap_import' => 'User password should not be managed by LDAP. (This allows you to send forgotten password requests.)',
'purge_not_allowed' => 'Purging deleted data has been disabled in the .env file. Contact support or your systems administrator.',
'backup_delete_not_allowed' => 'Deleting backups has been disabled in the .env file. Contact support or your systems administrator.',
];

8
resources/views/settings/backups.blade.php
View file

@ -66,6 +66,7 @@
<td>
@can('superadmin')
@if (config('app.allow_backup_delete')=='true')
<a data-html="false"
class="btn delete-asset btn-danger btn-sm {{ (config('app.lock_passwords')) ? ' disabled': '' }}"
data-toggle="modal" href="{{ route('settings.backups.destroy', $file['filename']) }}"
@ -75,6 +76,13 @@
<i class="fas fa-trash icon-white" aria-hidden="true"></i>
<span class="sr-only">{{ trans('general.delete') }}</span>
</a>
@else
<a href="#"
class="btn delete-asset btn-danger btn-sm disabled">
<i class="fas fa-trash icon-white" aria-hidden="true"></i>
<span class="sr-only">{{ trans('general.delete') }}</span>
</a>
@endif
<a data-html="true"
href="{{ route('settings.backups.restore', $file['filename']) }}"

4
resources/views/settings/index.blade.php
View file

@ -314,6 +314,7 @@
</div>
@endif
<div class="col-md-4 col-lg-3 col-sm-6 col-xl-1">
<div class="box box-danger">
<div class="box-body text-center">
@ -329,9 +330,6 @@
</div>
</div>
</div>
</div>
</div>

10
resources/views/setup/migrate.blade.php
View file

@ -1,7 +1,7 @@
@extends('layouts/setup')
{{-- Page title --}}
@section('title')
{{ trans('gerneral.setup_migrations') }}
{{ trans('general.setup_migrations') }}
@parent
@stop
@ -12,27 +12,27 @@
<div class="col-md-12">
<div class="alert alert-warning">
<i class="fas fa-exclamation-triangle"></i>
{{ trans('gerneral.setup_no_migrations') }}
{{ trans('general.setup_no_migrations') }}
</div>
</div>
@else
<div class="col-md-12">
<div class="alert alert-success">
<i class="fas fa-check"></i>
{{ trans('gerneral.setup_successful_migrations') }}
{{ trans('general.setup_successful_migrations') }}
</div>
</div>
@endif
<p>{{ trans('gerneral.setup_migration_output') }} </p>
<p>{{ trans('general.setup_migration_output') }} </p>
<pre>{{ $output }}</pre>
</div>
@stop
@section('button')
<form action="{{ route('setup.user') }}" method="GET">
<button class="btn btn-primary">{{ trans('gerneral.setup_migrations_create_user') }}</button>
<button class="btn btn-primary">{{ trans('general.setup_migrations_create_user') }}</button>
</form>
@parent
@stop