Merge pull request #12848 from snipe/fixes/make_limit_into_singletons

Used a singleton to filter API limit value
2024-11-09 23:24:06 -08:00 · 2023-04-16 08:48:28 -07:00 · 2023-04-16 08:48:28 -07:00 · f50b958b63
parent 2c6d4d6b7f 64256351d8
commit f50b958b63
21 changed files with 37 additions and 35 deletions
--- a/app/Http/Controllers/Api/AccessoriesController.php
+++ b/app/Http/Controllers/Api/AccessoriesController.php
@ -82,7 +82,7 @@ class AccessoriesController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $accessories->count()) ? $accessories->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort_override =  $request->input('sort');
--- a/app/Http/Controllers/Api/AssetMaintenancesController.php
+++ b/app/Http/Controllers/Api/AssetMaintenancesController.php
@ -57,7 +57,7 @@ class AssetMaintenancesController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $maintenances->count()) ? $maintenances->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $allowed_columns = [
                                'id',
--- a/app/Http/Controllers/Api/AssetModelsController.php
+++ b/app/Http/Controllers/Api/AssetModelsController.php
@ -80,7 +80,7 @@ class AssetModelsController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $assetmodels->count()) ? $assetmodels->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'models.created_at';
--- a/app/Http/Controllers/Api/AssetsController.php
+++ b/app/Http/Controllers/Api/AssetsController.php
@ -201,7 +201,7 @@ class AssetsController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $assets->count()) ? $assets->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';

--- a/app/Http/Controllers/Api/CategoriesController.php
+++ b/app/Http/Controllers/Api/CategoriesController.php
@ -93,7 +93,7 @@ class CategoriesController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $categories->count()) ? $categories->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'assets_count';
--- a/app/Http/Controllers/Api/CompaniesController.php
+++ b/app/Http/Controllers/Api/CompaniesController.php
@ -50,7 +50,7 @@ class CompaniesController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $companies->count()) ? $companies->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');


        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
--- a/app/Http/Controllers/Api/ComponentsController.php
+++ b/app/Http/Controllers/Api/ComponentsController.php
@ -78,7 +78,7 @@ class ComponentsController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $components->count()) ? $components->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort_override =  $request->input('sort');
--- a/app/Http/Controllers/Api/ConsumablesController.php
+++ b/app/Http/Controllers/Api/ConsumablesController.php
@ -90,8 +90,7 @@ class ConsumablesController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $consumables->count()) ? $consumables->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
-
+        $limit = app('api_limit_value');

        $allowed_columns = ['id', 'name', 'order_number', 'min_amt', 'purchase_date', 'purchase_cost', 'company', 'category', 'model_number', 'item_no', 'manufacturer', 'location', 'qty', 'image'];
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
--- a/app/Http/Controllers/Api/DepartmentsController.php
+++ b/app/Http/Controllers/Api/DepartmentsController.php
@ -60,8 +60,7 @@ class DepartmentsController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $departments->count()) ? $departments->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
-
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
--- a/app/Http/Controllers/Api/DepreciationsController.php
+++ b/app/Http/Controllers/Api/DepreciationsController.php
@ -30,8 +30,7 @@ class DepreciationsController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $depreciations->count()) ? $depreciations->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
-
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
--- a/app/Http/Controllers/Api/GroupsController.php
+++ b/app/Http/Controllers/Api/GroupsController.php
@ -37,7 +37,7 @@ class GroupsController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $groups->count()) ? $groups->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
--- a/app/Http/Controllers/Api/LicenseSeatsController.php
+++ b/app/Http/Controllers/Api/LicenseSeatsController.php
@ -42,7 +42,7 @@ class LicenseSeatsController extends Controller

            // Make sure the offset and limit are actually integers and do not exceed system limits
            $offset = ($request->input('offset') > $seats->count()) ? $seats->count() : abs($request->input('offset'));
-            $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+            $limit = app('api_limit_value');

            $seats = $seats->skip($offset)->take($limit)->get();

--- a/app/Http/Controllers/Api/LicensesController.php
+++ b/app/Http/Controllers/Api/LicensesController.php
@ -96,7 +96,7 @@ class LicensesController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $licenses->count()) ? $licenses->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';

--- a/app/Http/Controllers/Api/LocationsController.php
+++ b/app/Http/Controllers/Api/LocationsController.php
@ -80,20 +80,11 @@ class LocationsController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $locations->count()) ? $locations->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';

-        \Log::debug('Max in env: '.config('app.max_results'));
-        \Log::debug('Original requested offset: '.$request->input('offset'));
-        \Log::debug('Intval offset: '.intval($request->input('offset')));
-        \Log::debug('Modified offset: '.$offset);
-        \Log::debug('Original requested limit: '.$request->input('limit'));
-        \Log::debug('Intval limit: '.intval($request->input('limit')));
-        \Log::debug('Modified limit: '.$limit);
-        \Log::debug('Total results: '.$locations->count());
-        \Log::debug('------------------------------');


        switch ($request->input('sort')) {
--- a/app/Http/Controllers/Api/ManufacturersController.php
+++ b/app/Http/Controllers/Api/ManufacturersController.php
@ -59,7 +59,7 @@ class ManufacturersController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $manufacturers->count()) ? $manufacturers->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
--- a/app/Http/Controllers/Api/PredefinedKitsController.php
+++ b/app/Http/Controllers/Api/PredefinedKitsController.php
@ -31,7 +31,7 @@ class PredefinedKitsController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $kits->count()) ? $kits->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'desc' ? 'desc' : 'asc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'name';
--- a/app/Http/Controllers/Api/ReportsController.php
+++ b/app/Http/Controllers/Api/ReportsController.php
@ -57,8 +57,7 @@ class ReportsController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $actionlogs->count()) ? $actionlogs->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
-
+        $limit = app('api_limit_value');

        $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
        $order = ($request->input('order') == 'asc') ? 'asc' : 'desc';
--- a/app/Http/Controllers/Api/StatuslabelsController.php
+++ b/app/Http/Controllers/Api/StatuslabelsController.php
@ -52,7 +52,7 @@ class StatuslabelsController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $statuslabels->count()) ? $statuslabels->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
--- a/app/Http/Controllers/Api/SuppliersController.php
+++ b/app/Http/Controllers/Api/SuppliersController.php
@ -95,8 +95,7 @@ class SuppliersController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $suppliers->count()) ? $suppliers->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
-
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@ -195,8 +195,7 @@ class UsersController extends Controller

        // Make sure the offset and limit are actually integers and do not exceed system limits
        $offset = ($request->input('offset') > $users->count()) ? $users->count() : abs($request->input('offset'));
-        $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit'));
-
+        $limit = app('api_limit_value');


        switch ($request->input('sort')) {
--- a/app/Providers/SettingsServiceProvider.php
+++ b/app/Providers/SettingsServiceProvider.php
@ -29,6 +29,23 @@ class SettingsServiceProvider extends ServiceProvider
            $view->with('snipeSettings', Setting::getSettings());
        });

+
+        // Make sure the limit is actually set, is an integer and does not exceed system limits
+        \App::singleton('api_limit_value', function () {
+            $limit = config('app.max_results');
+
+            if ((abs(request('limit')) > 0) && (abs(request('limit')) <= config('app.max_results'))) {
+                $limit = abs(request('limit'));
+            }
+            \Log::debug('Max in env: '.config('app.max_results'));
+            \Log::debug('Original requested limit: '.request('limit'));
+            \Log::debug('Modified limit: '.$limit);
+            \Log::debug('------------------------------');
+
+            return $limit;
+        });
+
+
        /**
         * Set some common variables so that they're globally available.
         * The paths should always be public (versus private uploads)