DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-12-26 22:19:41 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Merge pull request #13727 from snipe/security/huntr_43206801-9862-48da-b379-e55e341d78bf

Browse source 
Set resend acceptance to POST
This commit is contained in:
snipe 2023-10-09 16:15:27 +01:00 committed by GitHub
parent 7a0d3f788f 866bbe5e11
commit f6527e0b42
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
app/Http/Controllers/ReportsController.php
View file

@ -1043,21 +1043,28 @@ class ReportsController extends Controller
* @throws \Illuminate\Auth\Access\AuthorizationException * @throws \Illuminate\Auth\Access\AuthorizationException
* @version v1.0 * @version v1.0
*/ */
public function sentAssetAcceptanceReminder($acceptanceId = null) public function sentAssetAcceptanceReminder(Request $request)
{ {
$this->authorize('reports.view'); $this->authorize('reports.view');
if (!$acceptance = CheckoutAcceptance::pending()->find($acceptanceId)) { if (!$acceptance = CheckoutAcceptance::pending()->find($request->input('acceptance_id'))) {
\Log::debug('No pending acceptances');
// Redirect to the unaccepted assets report page with error // Redirect to the unaccepted assets report page with error
return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data')); return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
} }
$assetItem = $acceptance->checkoutable; $assetItem = $acceptance->checkoutable;
\Log::debug(print_r($assetItem, true));
if (is_null($acceptance->created_at)){ if (is_null($acceptance->created_at)){
\Log::debug('No acceptance created_at');
return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data')); return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
} else { } else {
$logItem_res = $assetItem->checkouts()->where('created_at', '=', $acceptance->created_at)->get(); $logItem_res = $assetItem->checkouts()->where('created_at', '=', $acceptance->created_at)->get();
if ($logItem_res->isEmpty()){ if ($logItem_res->isEmpty()){
\Log::debug('Acceptance date mismatch');
return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data')); return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
} }
$logItem = $logItem_res[0]; $logItem = $logItem_res[0];

18
resources/views/reports/unaccepted_assets.blade.php
View file

@ -77,11 +77,23 @@
<td>{!! $item['assetItem']->present()->nameUrl() !!}</td> <td>{!! $item['assetItem']->present()->nameUrl() !!}</td>
<td>{{ $item['assetItem']->asset_tag }}</td> <td>{{ $item['assetItem']->asset_tag }}</td>
<td @if($item['acceptance']->assignedTo === null || $item['acceptance']->assignedTo->trashed()) style="text-decoration: line-through" @endif>{!! ($item['acceptance']->assignedTo) ? $item['acceptance']->assignedTo->present()->nameUrl() : trans('admin/reports/general.deleted_user') !!}</td> <td @if($item['acceptance']->assignedTo === null || $item['acceptance']->assignedTo->trashed()) style="text-decoration: line-through" @endif>{!! ($item['acceptance']->assignedTo) ? $item['acceptance']->assignedTo->present()->nameUrl() : trans('admin/reports/general.deleted_user') !!}</td>
<td> <td class="white-space: nowrap;">
<nobr>
@if(!$item['acceptance']->trashed()) @if(!$item['acceptance']->trashed())
@if ($item['acceptance']->assignedTo)<a href="{{ route('reports/unaccepted_assets_sent_reminder', ['acceptanceId' => $item['acceptance']->id]) }}" class="btn btn-sm bg-purple" data-tooltip="true">{{ trans('admin/reports/general.send_reminder') }}</a>@endif <form method="post" class="white-space: nowrap;" action="{{ route('reports/unaccepted_assets_sent_reminder') }}">
<a href="{{ route('reports/unaccepted_assets_delete', ['acceptanceId' => $item['acceptance']->id]) }}" class="btn btn-sm btn-danger delete-asset" data-tooltip="true" data-toggle="modal" data-content="{{ trans('general.delete_confirm', ['item' =>trans('admin/reports/general.acceptance_request')]) }}" data-title="{{ trans('general.delete') }}" onClick="return false;"><i class="fa fa-trash"></i></a> @if ($item['acceptance']->assignedTo)
@csrf
<input type="hidden" name="acceptance_id" value="{{ $item['acceptance']->id }}">
<button class="btn btn-sm btn-warning" data-tooltip="true" data-title="{{ trans('admin/reports/general.send_reminder') }}">
<i class="fa fa-repeat" aria-hidden="true"></i>
</button>
@endif @endif
<a href="{{ route('reports/unaccepted_assets_delete', ['acceptanceId' => $item['acceptance']->id]) }}" class="btn btn-sm btn-danger delete-asset" data-tooltip="true" data-toggle="modal" data-content="{{ trans('general.delete_confirm', ['item' =>trans('admin/reports/general.acceptance_request')]) }}" data-title="{{ trans('general.delete') }}" onClick="return false;"><i class="fa fa-trash"></i></a>
</form>
@endif
</nobr>
</td> </td>
</tr> </tr>
@endif @endif

4
routes/web.php
View file

@ -368,8 +368,8 @@ Route::group(['middleware' => ['auth']], function () {
'reports/unaccepted_assets/{deleted?}', 'reports/unaccepted_assets/{deleted?}',
[ReportsController::class, 'getAssetAcceptanceReport'] [ReportsController::class, 'getAssetAcceptanceReport']
)->name('reports/unaccepted_assets'); )->name('reports/unaccepted_assets');
Route::get( Route::post(
'reports/unaccepted_assets/{acceptanceId}/sent_reminder', 'reports/unaccepted_assets/sent_reminder',
[ReportsController::class, 'sentAssetAcceptanceReminder'] [ReportsController::class, 'sentAssetAcceptanceReminder']
)->name('reports/unaccepted_assets_sent_reminder'); )->name('reports/unaccepted_assets_sent_reminder');
Route::delete( Route::delete(