DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-09 23:24:06 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Accessory file upload

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2022-11-01 19:50:39 -07:00
parent 2f9e097854
commit eb81c290dc
6 changed files with 443 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

177
app/Http/Controllers/Accessories/AccessoriesFilesController.php Normal file
View file

@ -0,0 +1,177 @@
<?php
namespace App\Http\Controllers\Accessories;
use App\Helpers\StorageHelper;
use App\Http\Controllers\Controller;
use App\Http\Requests\AssetFileRequest;
use App\Models\Actionlog;
use App\Models\Accessory;
use Illuminate\Support\Facades\Response;
use Illuminate\Support\Facades\Storage;
use Symfony\Accessory\HttpFoundation\JsonResponse;
use enshrined\svgSanitize\Sanitizer;
class AccessoriesFilesController extends Controller
{
/**
* Validates and stores files associated with a accessory.
*
* @todo Switch to using the AssetFileRequest form request validator.
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param AssetFileRequest $request
* @param int $accessoryId
* @return \Illuminate\Http\RedirectResponse
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function store(AssetFileRequest $request, $accessoryId = null)
{
$accessory = Accessory::find($accessoryId);
if (isset($accessory->id)) {
$this->authorize('update', $accessory);
if ($request->hasFile('file')) {
if (! Storage::exists('private_uploads/accessories')) {
Storage::makeDirectory('private_uploads/accessories', 775);
}
foreach ($request->file('file') as $file) {
$extension = $file->getClientOriginalExtension();
$file_name = 'accessory-'.$accessory->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;
// Check for SVG and sanitize it
if ($extension == 'svg') {
\Log::debug('This is an SVG');
\Log::debug($file_name);
$sanitizer = new Sanitizer();
$dirtySVG = file_get_contents($file->getRealPath());
$cleanSVG = $sanitizer->sanitize($dirtySVG);
try {
Storage::put('private_uploads/accessories/'.$file_name, $cleanSVG);
} catch (\Exception $e) {
\Log::debug('Upload no workie :( ');
\Log::debug($e);
}
} else {
Storage::put('private_uploads/accessories/'.$file_name, file_get_contents($file));
}
//Log the upload to the log
$accessory->logUpload($file_name, e($request->input('notes')));
}
return redirect()->route('accessories.show', $accessory->id)->with('success', trans('general.file_upload_success'));
}
return redirect()->route('accessories.show', $accessory->id)->with('error', trans('general.no_files_uploaded'));
}
// Prepare the error message
return redirect()->route('accessories.index')
->with('error', trans('general.file_does_not_exist'));
}
/**
* Deletes the selected accessory file.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.0]
* @param int $accessoryId
* @param int $fileId
* @return \Illuminate\Http\RedirectResponse
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function destroy($accessoryId = null, $fileId = null)
{
$accessory = Accessory::find($accessoryId);
// the asset is valid
if (isset($accessory->id)) {
$this->authorize('update', $accessory);
$log = Actionlog::find($fileId);
// Remove the file if one exists
if (Storage::exists('accessories/'.$log->filename)) {
try {
Storage::delete('accessories/'.$log->filename);
} catch (\Exception $e) {
\Log::debug($e);
}
}
$log->delete();
return redirect()->back()
->with('success', trans('admin/hardware/message.deletefile.success'));
}
// Redirect to the licence management page
return redirect()->route('accessories.index')->with('error', trans('general.file_does_not_exist'));
}
/**
* Allows the selected file to be viewed.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v1.4]
* @param int $accessoryId
* @param int $fileId
* @return \Symfony\Accessory\HttpFoundation\Response
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function show($accessoryId = null, $fileId = null, $download = true)
{
\Log::debug('Private filesystem is: '.config('filesystems.default'));
$accessory = Accessory::find($accessoryId);
// the accessory is valid
if (isset($accessory->id)) {
$this->authorize('view', $accessory);
$this->authorize('accessories.files', $accessory);
if (! $log = Actionlog::find($fileId)) {
return response('No matching record for that asset/file', 500)
->header('Content-Type', 'text/plain');
}
$file = 'private_uploads/accessories/'.$log->filename;
if (Storage::missing($file)) {
\Log::debug('FILE DOES NOT EXISTS for '.$file);
\Log::debug('URL should be '.Storage::url($file));
return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
->header('Content-Type', 'text/plain');
} else {
// We have to override the URL stuff here, since local defaults in Laravel's Flysystem
// won't work, as they're not accessible via the web
if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
return StorageHelper::downloader($file);
} else {
if ($download != 'true') {
\Log::debug('display the file');
if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
}
return JsonResponse::create(['error' => 'Failed validation: '], 500);
}
return StorageHelper::downloader($file);
}
}
}
return redirect()->route('accessories.index')->with('error', trans('general.file_does_not_exist', ['id' => $fileId]));
}
}

17
app/Models/Accessory.php
View file

@ -101,6 +101,23 @@ class Accessory extends SnipeModel
/**
* Establishes the accessories -> action logs -> uploads relationship
*
* @author A. Gianotto <snipe@snipe.net>
* @since [v6.1.13]
* @return \Illuminate\Database\Eloquent\Relations\Relation
*/
public function uploads()
{
return $this->hasMany(\App\Models\Actionlog::class, 'item_id')
->where('item_type', '=', self::class)
->where('action_type', '=', 'uploaded')
->whereNotNull('filename')
->orderBy('created_at', 'desc');
}
/** /**
* Establishes the accessory -> supplier relationship * Establishes the accessory -> supplier relationship
* *

7
config/permissions.php
View file

@ -145,6 +145,13 @@ return [
'note' => '', 'note' => '',
'display' => true, 'display' => true,
], ],
[
'permission' => 'accessories.files',
'label' => 'View and Modify Accessory Files',
'note' => '',
'display' => true,
],
], ],
'Consumables' => [ 'Consumables' => [

281
resources/views/accessories/view.blade.php
View file

@ -46,65 +46,234 @@
{{-- Page content --}} {{-- Page content --}}
@section('content') @section('content')
{{-- Page content --}}
<div class="row">
<div class="col-md-9">
<!-- Custom Tabs --> <!-- Custom Tabs -->
<div class="nav-tabs-custom"> <div class="nav-tabs-custom">
<ul class="nav nav-tabs hidden-print">
<ul class="nav nav-tabs hidden-print"> <li class="active">
<a href="#checkedout" data-toggle="tab">
<span class="hidden-lg hidden-md">
<i class="fas fa-info-circle fa-2x" aria-hidden="true"></i>
</span>
<span class="hidden-xs hidden-sm">{{ trans('admin/users/general.info') }}</span>
</a>
</li>
<li class="active"> <li>
<a href="#details" data-toggle="tab"> <a href="#history" data-toggle="tab">
<span class="hidden-lg hidden-md"> <span class="hidden-lg hidden-md">
<i class="fas fa-info-circle fa-2x"x></i> <i class="fas fa-history fa-2x" aria-hidden="true"></i></span>
</span> <span class="hidden-xs hidden-sm">{{ trans('general.history') }}</span>
<span class="hidden-xs hidden-sm">{{ trans('admin/users/general.info') }}</span> </a>
</a> </li>
</li>
<li>
<a href="#history" data-toggle="tab"> @can('accessorys.files', $accessory)
<li>
<a href="#files" data-toggle="tab">
<span class="hidden-lg hidden-md"> <span class="hidden-lg hidden-md">
<i class="fas fa-history fa-2x" aria-hidden="true"></i></span> <i class="far fa-file fa-2x" aria-hidden="true"></i></span>
<span class="hidden-xs hidden-sm">{{ trans('general.history') }}</span> <span class="hidden-xs hidden-sm">{{ trans('general.file_uploads') }}
</a> {!! ($accessory->uploads->count() > 0 ) ? '<badge class="badge badge-secondary">'.number_format($accessory->uploads->count()).'</badge>' : '' !!}
</li> </span>
</ul> </a>
</li>
@endcan
@can('update', Component::class)
<li class="pull-right">
<a href="#" data-toggle="modal" data-target="#uploadFileModal">
<i class="fas fa-paperclip" aria-hidden="true"></i> {{ trans('button.upload') }}
</a>
</li>
@endcan
</ul>
<div class="tab-content">
<div class="tab-pane active" id="checkedout">
<div class="table table-responsive">
<div class="row">
<div class="col-md-9">
<table
data-cookie-id-table="usersTable"
data-pagination="true"
data-id-table="usersTable"
data-search="true"
data-side-pagination="server"
data-show-columns="true"
data-show-fullscreen="true"
data-show-export="true"
data-show-refresh="true"
data-sort-order="asc"
id="usersTable"
class="table table-striped snipe-table"
data-url="{{ route('api.accessories.checkedout', $accessory->id) }}"
data-export-options='{
"fileName": "export-accessories-{{ str_slug($accessory->name) }}-users-{{ date('Y-m-d') }}",
"ignoreColumn": ["actions","image","change","checkbox","checkincheckout","icon"]
}'>
<thead>
<tr>
<th data-searchable="false" data-formatter="usersLinkFormatter" data-sortable="false" data-field="name">{{ trans('general.user') }}</th>
<th data-searchable="false" data-sortable="false" data-field="checkout_notes">{{ trans('general.notes') }}</th>
<th data-searchable="false" data-formatter="dateDisplayFormatter" data-sortable="false" data-field="last_checkout">{{ trans('admin/hardware/table.checkout_date') }}</th>
<th data-searchable="false" data-sortable="false" data-field="actions" data-formatter="accessoriesInOutFormatter">{{ trans('table.actions') }}</th>
</tr>
</thead>
</table>
</div><!--col-md-9-->
</div> <!-- close tab-pane div -->
</div>
</div>
<!-- histor tab pane -->
<div class="tab-pane fade" id="history">
<div class="table table-responsive">
<div class="row">
<div class="col-md-9">
<table
class="table table-striped snipe-table"
data-cookie-id-table="AccessoryHistoryTable"
data-id-table="AccessoryHistoryTable"
id="AccessoryHistoryTable"
data-pagination="true"
data-show-columns="true"
data-side-pagination="server"
data-show-refresh="true"
data-show-export="true"
data-sort-order="desc"
data-export-options='{
"fileName": "export-{{ str_slug($accessory->name) }}-history-{{ date('Y-m-d') }}",
"ignoreColumn": ["actions","image","change","checkbox","checkincheckout","icon"]
}'
data-url="{{ route('api.activity.index', ['item_id' => $accessory->id, 'item_type' => 'accessory']) }}">
<thead>
<tr>
<th class="col-sm-2" data-visible="false" data-sortable="true" data-field="created_at" data-formatter="dateDisplayFormatter">{{ trans('general.record_created') }}</th>
<th class="col-sm-2"data-visible="true" data-sortable="true" data-field="admin" data-formatter="usersLinkObjFormatter">{{ trans('general.admin') }}</th>
<th class="col-sm-2" data-sortable="true" data-visible="true" data-field="action_type">{{ trans('general.action') }}</th>
<th class="col-sm-2" data-sortable="true" data-visible="true" data-field="item" data-formatter="polymorphicItemFormatter">{{ trans('general.item') }}</th>
<th class="col-sm-2" data-visible="true" data-field="target" data-formatter="polymorphicItemFormatter">{{ trans('general.target') }}</th>
<th class="col-sm-2" data-sortable="true" data-visible="true" data-field="note">{{ trans('general.notes') }}</th>
<th class="col-sm-2" data-visible="true" data-field="action_date" data-formatter="dateDisplayFormatter">{{ trans('general.date') }}</th>
@if ($snipeSettings->require_accept_signature=='1')
<th class="col-md-3" data-field="signature_file" data-visible="false" data-formatter="imageFormatter">{{ trans('general.signature') }}</th>
@endif
</tr>
</thead>
</table>
</div> <!-- /.col-md-12-->
</div> <!-- /.row-->
</div><!--tab history-->
</div>
<div class="tab-content">
<div class="tab-pane fade in active" id="details">
<div class="row">
<div class="col-md-9">
<table
data-cookie-id-table="usersTable"
data-pagination="true"
data-id-table="usersTable"
data-search="true"
data-side-pagination="server"
data-show-columns="true"
data-show-fullscreen="true"
data-show-export="true"
data-show-refresh="true"
data-sort-order="asc"
id="usersTable"
class="table table-striped snipe-table"
data-url="{{ route('api.accessories.checkedout', $accessory->id) }}"
data-export-options='{
"fileName": "export-accessories-{{ str_slug($accessory->name) }}-users-{{ date('Y-m-d') }}",
"ignoreColumn": ["actions","image","change","checkbox","checkincheckout","icon"]
}'>
<thead>
<tr>
<th data-searchable="false" data-formatter="usersLinkFormatter" data-sortable="false" data-field="name">{{ trans('general.user') }}</th>
<th data-searchable="false" data-sortable="false" data-field="checkout_notes">{{ trans('general.notes') }}</th>
<th data-searchable="false" data-formatter="dateDisplayFormatter" data-sortable="false" data-field="last_checkout">{{ trans('admin/hardware/table.checkout_date') }}</th>
<th data-searchable="false" data-sortable="false" data-field="actions" data-formatter="accessoriesInOutFormatter">{{ trans('table.actions') }}</th>
</tr>
</thead>
</table> @can('accessorys.files', $accessory)
</div><!--col-md-9--> <div class="tab-pane" id="files">
<div class="table table-responsive">
<div class="row">
<div class="col-md-12">
<table
data-cookie-id-table="accessoryUploadsTable"
data-id-table="accessoryUploadsTable"
id="accessoryUploadsTable"
data-search="true"
data-pagination="true"
data-side-pagination="client"
data-show-columns="true"
data-show-export="true"
data-show-footer="true"
data-toolbar="#upload-toolbar"
data-show-refresh="true"
data-sort-order="asc"
data-sort-name="name"
class="table table-striped snipe-table"
data-export-options='{
"fileName": "export-accessorys-uploads-{{ str_slug($accessory->name) }}-{{ date('Y-m-d') }}",
"ignoreColumn": ["actions","image","change","checkbox","checkincheckout","delete","download","icon"]
}'>
<thead>
<tr>
<th data-visible="true" data-field="icon" data-sortable="true">{{trans('general.file_type')}}</th>
<th class="col-md-2" data-searchable="true" data-visible="true" data-field="image">{{ trans('general.image') }}</th>
<th class="col-md-2" data-searchable="true" data-visible="true" data-field="filename" data-sortable="true">{{ trans('general.file_name') }}</th>
<th class="col-md-1" data-searchable="true" data-visible="true" data-field="filesize">{{ trans('general.filesize') }}</th>
<th class="col-md-2" data-searchable="true" data-visible="true" data-field="notes" data-sortable="true">{{ trans('general.notes') }}</th>
<th class="col-md-1" data-searchable="true" data-visible="true" data-field="download">{{ trans('general.download') }}</th>
<th class="col-md-2" data-searchable="true" data-visible="true" data-field="created_at" data-sortable="true">{{ trans('general.created_at') }}</th>
<th class="col-md-1" data-searchable="true" data-visible="true" data-field="actions">{{ trans('table.actions') }}</th>
</tr>
</thead>
<tbody>
@if ($accessory->uploads->count() > 0)
@foreach ($accessory->uploads as $file)
<tr>
<td>
<i class="{{ Helper::filetype_icon($file->filename) }} icon-med" aria-hidden="true"></i>
<span class="sr-only">{{ Helper::filetype_icon($file->filename) }}</span>
</td>
<td>
@if ($file->filename)
@if ( Helper::checkUploadIsImage($file->get_src('accessorys')))
<a href="{{ route('show.accessoryfile', ['accessoryId' => $accessory->id, 'fileId' => $file->id, 'download' => 'false']) }}" data-toggle="lightbox" data-type="image"><img src="{{ route('show.accessoryfile', ['accessoryId' => $accessory->id, 'fileId' => $file->id]) }}" class="img-thumbnail" style="max-width: 50px;"></a>
@endif
@endif
</td>
<td>
{{ $file->filename }}
</td>
<td data-value="{{ (Storage::exists('private_uploads/accessorys/'.$file->filename) ? Storage::size('private_uploads/accessorys/'.$file->filename) : '') }}">
{{ @Helper::formatFilesizeUnits(Storage::exists('private_uploads/accessorys/'.$file->filename) ? Storage::size('private_uploads/accessorys/'.$file->filename) : '') }}
</td>
<td>
@if ($file->note)
{{ $file->note }}
@endif
</td>
<td>
@if ($file->filename)
<a href="{{ route('show.accessoryfile', [$accessory->id, $file->id, 'download' => 'true']) }}" class="btn btn-default">
<i class="fas fa-download" aria-hidden="true"></i>
<span class="sr-only">{{ trans('general.download') }}</span>
</a>
@endif
</td>
<td>{{ $file->created_at }}</td>
<td>
<a class="btn delete-asset btn-danger btn-sm" href="{{ route('delete/accessoryfile', [$accessory->id, $file->id]) }}" data-content="{{ trans('general.delete_confirm', ['item' => $file->filename]) }}" data-title="{{ trans('general.delete') }}">
<i class="fas fa-trash icon-white" aria-hidden="true"></i>
<span class="sr-only">{{ trans('general.delete') }}</span>
</a>
</td>
</tr>
@endforeach
@else
<tr>
<td colspan="8">{{ trans('general.no_results') }}</td>
</tr>
@endif
</tbody>
</table>
</div>
</div> <!-- /.tab-pane -->
@endcan
</div>
</div>
</div>
</div>
</div>
<!-- side address column --> <!-- side address column -->
@ -220,17 +389,17 @@
</div><!--tab history--> </div><!--tab history-->
</div><!--tab-content--> </div><!--tab-content-->
</div><!--/.nav-tabs-custom--> </div><!--/.nav-tabs-custom-->
@can('update', Accessory::class)
@include ('modals.upload-file', ['item_type' => 'accessory', 'item_id' => $accessory->id])
@endcan
@stop @stop
@section('moar_scripts') @section('moar_scripts')
@include ('partials.bootstrap-table') @include ('partials.bootstrap-table')
@stop @stop

15
routes/web/accessories.php
View file

@ -27,6 +27,21 @@ Route::group(['prefix' => 'accessories', 'middleware' => ['auth']], function ()
[Accessories\AccessoryCheckinController::class, 'store'] [Accessories\AccessoryCheckinController::class, 'store']
)->name('accessories.checkin.store'); )->name('accessories.checkin.store');
Route::post(
'{accessoryId}/upload',
[Accessories\AccessoriesFilesController::class, 'store']
)->name('upload/accessory');
Route::delete(
'{accessoryId}/deletefile/{fileId}',
[Accessories\AccessoriesFilesController::class, 'destroy']
)->name('delete/accessoryfile');
Route::get(
'{accessoryId}/showfile/{fileId}/{download?}',
[Accessories\AccessoriesFilesController::class, 'show']
)->name('show.accessoryfile');
}); });
Route::resource('accessories', Accessories\AccessoriesController::class, [ Route::resource('accessories', Accessories\AccessoriesController::class, [

2
storage/private_uploads/accessories/.gitignore vendored Executable file
View file

@ -0,0 +1,2 @@
*
!.gitignore