mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-26 06:04:08 -08:00
Merge pull request #13727 from snipe/security/huntr_43206801-9862-48da-b379-e55e341d78bf
Set resend acceptance to POST
This commit is contained in:
commit
f6527e0b42
|
@ -1043,21 +1043,28 @@ class ReportsController extends Controller
|
|||
* @throws \Illuminate\Auth\Access\AuthorizationException
|
||||
* @version v1.0
|
||||
*/
|
||||
public function sentAssetAcceptanceReminder($acceptanceId = null)
|
||||
public function sentAssetAcceptanceReminder(Request $request)
|
||||
{
|
||||
$this->authorize('reports.view');
|
||||
|
||||
if (!$acceptance = CheckoutAcceptance::pending()->find($acceptanceId)) {
|
||||
if (!$acceptance = CheckoutAcceptance::pending()->find($request->input('acceptance_id'))) {
|
||||
\Log::debug('No pending acceptances');
|
||||
// Redirect to the unaccepted assets report page with error
|
||||
return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
|
||||
}
|
||||
|
||||
$assetItem = $acceptance->checkoutable;
|
||||
|
||||
\Log::debug(print_r($assetItem, true));
|
||||
|
||||
if (is_null($acceptance->created_at)){
|
||||
\Log::debug('No acceptance created_at');
|
||||
return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
|
||||
} else {
|
||||
$logItem_res = $assetItem->checkouts()->where('created_at', '=', $acceptance->created_at)->get();
|
||||
|
||||
if ($logItem_res->isEmpty()){
|
||||
\Log::debug('Acceptance date mismatch');
|
||||
return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
|
||||
}
|
||||
$logItem = $logItem_res[0];
|
||||
|
|
|
@ -77,11 +77,23 @@
|
|||
<td>{!! $item['assetItem']->present()->nameUrl() !!}</td>
|
||||
<td>{{ $item['assetItem']->asset_tag }}</td>
|
||||
<td @if($item['acceptance']->assignedTo === null || $item['acceptance']->assignedTo->trashed()) style="text-decoration: line-through" @endif>{!! ($item['acceptance']->assignedTo) ? $item['acceptance']->assignedTo->present()->nameUrl() : trans('admin/reports/general.deleted_user') !!}</td>
|
||||
<td>
|
||||
<td class="white-space: nowrap;">
|
||||
<nobr>
|
||||
@if(!$item['acceptance']->trashed())
|
||||
@if ($item['acceptance']->assignedTo)<a href="{{ route('reports/unaccepted_assets_sent_reminder', ['acceptanceId' => $item['acceptance']->id]) }}" class="btn btn-sm bg-purple" data-tooltip="true">{{ trans('admin/reports/general.send_reminder') }}</a>@endif
|
||||
<a href="{{ route('reports/unaccepted_assets_delete', ['acceptanceId' => $item['acceptance']->id]) }}" class="btn btn-sm btn-danger delete-asset" data-tooltip="true" data-toggle="modal" data-content="{{ trans('general.delete_confirm', ['item' =>trans('admin/reports/general.acceptance_request')]) }}" data-title="{{ trans('general.delete') }}" onClick="return false;"><i class="fa fa-trash"></i></a>
|
||||
<form method="post" class="white-space: nowrap;" action="{{ route('reports/unaccepted_assets_sent_reminder') }}">
|
||||
@if ($item['acceptance']->assignedTo)
|
||||
@csrf
|
||||
<input type="hidden" name="acceptance_id" value="{{ $item['acceptance']->id }}">
|
||||
<button class="btn btn-sm btn-warning" data-tooltip="true" data-title="{{ trans('admin/reports/general.send_reminder') }}">
|
||||
<i class="fa fa-repeat" aria-hidden="true"></i>
|
||||
</button>
|
||||
|
||||
@endif
|
||||
<a href="{{ route('reports/unaccepted_assets_delete', ['acceptanceId' => $item['acceptance']->id]) }}" class="btn btn-sm btn-danger delete-asset" data-tooltip="true" data-toggle="modal" data-content="{{ trans('general.delete_confirm', ['item' =>trans('admin/reports/general.acceptance_request')]) }}" data-title="{{ trans('general.delete') }}" onClick="return false;"><i class="fa fa-trash"></i></a>
|
||||
</form>
|
||||
@endif
|
||||
|
||||
</nobr>
|
||||
</td>
|
||||
</tr>
|
||||
@endif
|
||||
|
|
|
@ -368,8 +368,8 @@ Route::group(['middleware' => ['auth']], function () {
|
|||
'reports/unaccepted_assets/{deleted?}',
|
||||
[ReportsController::class, 'getAssetAcceptanceReport']
|
||||
)->name('reports/unaccepted_assets');
|
||||
Route::get(
|
||||
'reports/unaccepted_assets/{acceptanceId}/sent_reminder',
|
||||
Route::post(
|
||||
'reports/unaccepted_assets/sent_reminder',
|
||||
[ReportsController::class, 'sentAssetAcceptanceReminder']
|
||||
)->name('reports/unaccepted_assets_sent_reminder');
|
||||
Route::delete(
|
||||
|
|
Loading…
Reference in a new issue