Commit graph

264 commits

Author SHA1 Message Date
Brady Wetherington 9a224a07ba
Modified how we do Select2 dynamic drop-down menus to be more secure (#9079)
* Modified how we do Select2 dynamic drop-down menus to be more secure

As noted by the author of select2, the more-secure way of creating
rich Select-dropdowns is to use jquery to create HTML snippets and
carefully modify text attributes within there. This prevents any
XSS from being brought to the page. As a side-effect, the extra
escaping that we had to do in all of the internal selectlist calls
is now no longer necessary, and has been removed. Rebased and
squashed from the original.

* Rebuilt all assets, but this still feels like it's too much stuff in here.

* Whoops, need to run that in dev, not prod
2021-02-02 15:55:21 -08:00
Godfrey Martinez 55a526a6b3
corrected background color for bulk checkout listable items in all da… (#8916)
* corrected background color for bulk checkout listable items in all dark schemas

* resubmitting
2020-12-15 12:37:22 -08:00
snipe 75b8c3455c Fixed #8609 - custom fieldsets not draggable anymore (regression) 2020-11-12 23:38:12 -08:00
snipe b2a8af2fa9 Fixed #8647 - Added additional help info on importer page 2020-11-12 22:46:51 -08:00
snipe f4080a7aa9 Fixed created_at and expired_at order in API token screen 2020-11-09 22:53:07 -08:00
snipe 33dca84ec7 Show expiry and created at date on API token page 2020-11-09 22:43:27 -08:00
snipe 1090b291c3 Updated node packages, reregnerated assets 2020-10-19 16:56:59 -07:00
snipe a39069bc45 Small UI improvements to API keys page 2020-10-09 16:02:30 -07:00
snipe 2855a9b2e8 Added debugging to file upload for easier diagnostics 2020-09-15 20:07:46 -07:00
snipe 7cab9f48e5
Use darker red for errors 2020-08-31 19:40:49 -07:00
snipe 453fc718d9
Merge branch 'develop' into integrations/2020-08-31-dev-into-master
# Conflicts:
#	.all-contributorsrc
#	.nvmrc
#	README.md
#	app/Console/Commands/LdapSync.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/ConsumablesController.php
#	app/Http/Controllers/Api/ImportController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/CustomFieldsetsController.php
#	app/Http/Controllers/LicensesController.php
#	app/Http/Controllers/UsersController.php
#	app/Models/Ldap.php
#	composer.json
#	composer.lock
#	config/version.php
#	public/css/build/all.css
#	public/css/dist/all.css
#	public/css/skins/skin-contrast.css
#	public/css/skins/skin-contrast.css.map
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/assets/less/overrides.less
#	resources/views/custom_fields/fieldsets/view.blade.php
#	resources/views/hardware/view.blade.php
#	resources/views/layouts/default.blade.php
#	resources/views/modals/model.blade.php
#	resources/views/modals/user.blade.php
#	resources/views/users/index.blade.php
#	routes/api.php
#	tests/unit/UserTest.php
2020-08-31 12:44:03 -07:00
snipe 53c46ac8de
Fixed stupid import layouts 2020-08-24 21:15:46 -07:00
snipe c17a06792a
Added address, city, state, country to user importer 2020-07-21 16:49:38 -07:00
Brady Wetherington 145dfe5847 Rebuild assets 2020-07-16 15:36:10 -07:00
Brady Wetherington 17f6fbabfa Switch to 'items' to maintain compatbility with other internal API's 2020-07-13 21:12:03 -07:00
Brady Wetherington 318da67230 Fix Select2 'infinite scroll' drop-downs for Snipe-IT v5 2020-07-13 17:43:15 -07:00
Brady Wetherington e7a820f7c9 Changes how we do AJAX calls via Select2 for dynamic drop-down menus 2020-07-13 17:14:31 -07:00
Daniel Meltzer 1321304720
Importer UI: Removed misleading checked out to field. Add full name and asset tag fields to licenses. 2020-05-12 14:38:21 -04:00
snipe 730632e2eb
Apply PR #8043 to develop
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 22:57:55 -07:00
snipe ecb1e87fe6
Updated assets
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 20:45:15 -07:00
snipe 95cc48e422
Added option to disable backup in import
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 20:41:10 -07:00
snipe b433b49469
Ficing webpack, CSS and JS (*whew* that sucked)
Signed-off-by: snipe <snipe@snipe.net>
2020-04-27 22:41:33 -07:00
snipe 72a1616b3c
Removed wonky assets
Signed-off-by: snipe <snipe@snipe.net>
2020-04-27 21:02:42 -07:00
snipe 94e8343f63
Generated skins in css/dist/skins
Signed-off-by: snipe <snipe@snipe.net>
2020-04-22 07:13:09 -07:00
snipe e1784394b3
Moved js, skins and primary CSS into dist directory
Signed-off-by: snipe <snipe@snipe.net>
2020-04-22 03:39:42 -07:00
snipe 63259418b2
Package updates 2020-04-21 10:43:25 -07:00
snipe 58f6b2da5a
Fixing assets 2020-04-21 03:42:35 -07:00
snipe f532e9b462
Fixing assets :(
Not sure what happened in tbis merge exactly
2020-04-21 03:07:11 -07:00
snipe 87464e6ec0
Merge branch 'develop' into integrations/2020-04-15-v5-merge
# Conflicts:
#	README.md
#	app/Http/Controllers/AccessoriesController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/LicensesController.php
#	app/Http/Controllers/Api/LocationsController.php
#	app/Http/Controllers/Api/SettingsController.php
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Auth/ForgotPasswordController.php
#	app/Http/Controllers/CategoriesController.php
#	app/Http/Controllers/CompaniesController.php
#	app/Http/Controllers/ComponentsController.php
#	app/Http/Controllers/ConsumablesController.php
#	app/Http/Controllers/CustomFieldsetsController.php
#	app/Http/Controllers/DepartmentsController.php
#	app/Http/Controllers/LicensesController.php
#	app/Http/Controllers/LocationsController.php
#	app/Http/Controllers/ManufacturersController.php
#	app/Http/Controllers/SettingsController.php
#	app/Http/Controllers/SuppliersController.php
#	app/Http/Controllers/UsersController.php
#	app/Http/Requests/AssetRequest.php
#	app/Http/Requests/ImageUploadRequest.php
#	app/Models/LicenseSeat.php
#	app/Models/Location.php
#	app/Models/Setting.php
#	composer.json
#	composer.lock
#	config/database.php
#	config/version.php
#	npm-shrinkwrap.json
#	package.json
#	public/css/AdminLTE.css
#	public/css/AdminLTE.css.map
#	public/css/overrides.css
#	public/css/overrides.css.map
#	public/css/skins/skin-blue-light.css
#	public/css/skins/skin-blue.css
#	public/css/skins/skin-green-dark.min.css
#	public/js/app.js
#	public/js/bootstrap-table.js
#	public/js/bootstrap/js/bootstrap.js
#	public/js/bootstrap/js/bootstrap.min.js
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/demo.js
#	public/js/ekko-lightbox.js
#	public/js/ekko-lightbox.min.js
#	public/js/extensions/export/bootstrap-table-export.js
#	public/js/extensions/multiple-sort/bootstrap-table-multiple-sort.js
#	public/js/extensions/multiple-sort/bootstrap-table-multiple-sort.min.js
#	public/js/extensions/toolbar/bootstrap-table-toolbar.min.js
#	public/js/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.js
#	public/js/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.min.js
#	public/js/plugins/timepicker/bootstrap-timepicker.js
#	public/js/plugins/timepicker/bootstrap-timepicker.min.js
#	public/js/vue.js
#	public/mix-manifest.json
#	resources/assets/js/bootstrap-js.js
#	resources/assets/js/bootstrap.min.js
#	resources/assets/js/ekko-lightbox.js
#	resources/assets/js/ekko-lightbox.min.js
#	resources/assets/js/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.js
#	resources/assets/js/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.min.js
#	resources/assets/js/plugins/chartjs/Chart.js
#	resources/assets/js/plugins/timepicker/bootstrap-timepicker.js
#	resources/assets/js/plugins/timepicker/bootstrap-timepicker.min.js
#	resources/assets/less/AdminLTE.less
#	resources/assets/less/overrides.less
#	resources/assets/less/skins/_all-skins.less
#	resources/assets/less/skins/skin-black.less
#	resources/assets/less/skins/skin-blue.less
#	resources/assets/less/skins/skin-green.less
#	resources/assets/less/skins/skin-purple.less
#	resources/assets/less/skins/skin-red.less
#	resources/assets/less/skins/skin-yellow.less
#	resources/assets/less/variables.less
#	resources/js/components/importer/importer-file.vue
#	resources/lang/en/auth/message.php
#	resources/lang/en/passwords.php
#	resources/lang/es-CO/general.php
#	resources/lang/es-ES/general.php
#	resources/lang/es-VE/general.php
#	resources/less/skins/skin-black-dark.less
#	resources/less/skins/skin-blue-dark.less
#	resources/less/skins/skin-contrast.less
#	resources/less/skins/skin-green-dark.less
#	resources/less/skins/skin-orange-dark.less
#	resources/less/skins/skin-orange.less
#	resources/less/skins/skin-purple-dark.less
#	resources/less/skins/skin-red-dark.less
#	resources/less/skins/skin-yellow-dark.less
#	resources/views/accessories/checkin.blade.php
#	resources/views/accessories/checkout.blade.php
#	resources/views/accessories/edit.blade.php
#	resources/views/account/profile.blade.php
#	resources/views/account/view-assets.blade.php
#	resources/views/asset_maintenances/edit.blade.php
#	resources/views/auth/passwords/email.blade.php
#	resources/views/auth/passwords/reset.blade.php
#	resources/views/categories/edit.blade.php
#	resources/views/companies/edit.blade.php
#	resources/views/components/checkin.blade.php
#	resources/views/components/checkout.blade.php
#	resources/views/components/edit.blade.php
#	resources/views/consumables/checkout.blade.php
#	resources/views/consumables/edit.blade.php
#	resources/views/custom_fields/fields/edit.blade.php
#	resources/views/custom_fields/fieldsets/edit.blade.php
#	resources/views/dashboard.blade.php
#	resources/views/departments/edit.blade.php
#	resources/views/groups/edit.blade.php
#	resources/views/hardware/audit.blade.php
#	resources/views/hardware/bulk-checkout.blade.php
#	resources/views/hardware/bulk.blade.php
#	resources/views/hardware/checkin.blade.php
#	resources/views/hardware/checkout.blade.php
#	resources/views/hardware/edit.blade.php
#	resources/views/hardware/index.blade.php
#	resources/views/hardware/quickscan.blade.php
#	resources/views/hardware/view.blade.php
#	resources/views/importer/import.blade.php
#	resources/views/layouts/basic.blade.php
#	resources/views/layouts/default.blade.php
#	resources/views/layouts/edit-form.blade.php
#	resources/views/licenses/checkin.blade.php
#	resources/views/licenses/checkout.blade.php
#	resources/views/licenses/edit.blade.php
#	resources/views/locations/edit.blade.php
#	resources/views/manufacturers/edit.blade.php
#	resources/views/modals/upload-file.blade.php
#	resources/views/models/bulk-edit.blade.php
#	resources/views/models/custom_fields_form.blade.php
#	resources/views/models/edit.blade.php
#	resources/views/partials/bootstrap-table.blade.php
#	resources/views/partials/forms/edit/address.blade.php
#	resources/views/partials/forms/edit/asset-select.blade.php
#	resources/views/partials/forms/edit/category-select.blade.php
#	resources/views/partials/forms/edit/category.blade.php
#	resources/views/partials/forms/edit/company-select.blade.php
#	resources/views/partials/forms/edit/company.blade.php
#	resources/views/partials/forms/edit/department-select.blade.php
#	resources/views/partials/forms/edit/depreciation.blade.php
#	resources/views/partials/forms/edit/email.blade.php
#	resources/views/partials/forms/edit/image-upload.blade.php
#	resources/views/partials/forms/edit/item_number.blade.php
#	resources/views/partials/forms/edit/location-profile-select.blade.php
#	resources/views/partials/forms/edit/location-select.blade.php
#	resources/views/partials/forms/edit/location.blade.php
#	resources/views/partials/forms/edit/maintenance_type.blade.php
#	resources/views/partials/forms/edit/manufacturer-select.blade.php
#	resources/views/partials/forms/edit/manufacturer.blade.php
#	resources/views/partials/forms/edit/minimum_quantity.blade.php
#	resources/views/partials/forms/edit/model-select.blade.php
#	resources/views/partials/forms/edit/model_number.blade.php
#	resources/views/partials/forms/edit/name.blade.php
#	resources/views/partials/forms/edit/notes.blade.php
#	resources/views/partials/forms/edit/order_number.blade.php
#	resources/views/partials/forms/edit/phone.blade.php
#	resources/views/partials/forms/edit/purchase_cost.blade.php
#	resources/views/partials/forms/edit/purchase_date.blade.php
#	resources/views/partials/forms/edit/quantity.blade.php
#	resources/views/partials/forms/edit/serial.blade.php
#	resources/views/partials/forms/edit/status.blade.php
#	resources/views/partials/forms/edit/submit.blade.php
#	resources/views/partials/forms/edit/supplier-select.blade.php
#	resources/views/partials/forms/edit/supplier.blade.php
#	resources/views/partials/forms/edit/user-select.blade.php
#	resources/views/reports/custom.blade.php
#	resources/views/settings/alerts.blade.php
#	resources/views/settings/asset_tags.blade.php
#	resources/views/settings/barcodes.blade.php
#	resources/views/settings/branding.blade.php
#	resources/views/settings/general.blade.php
#	resources/views/settings/labels.blade.php
#	resources/views/settings/ldap.blade.php
#	resources/views/settings/localization.blade.php
#	resources/views/settings/security.blade.php
#	resources/views/setup/user.blade.php
#	resources/views/suppliers/edit.blade.php
#	resources/views/users/bulk-edit.blade.php
#	resources/views/users/edit.blade.php
#	resources/views/users/ldap.blade.php
#	resources/views/users/print.blade.php
#	resources/views/users/view.blade.php
#	routes/api.php
#	routes/web/hardware.php
#	webpack.mix.js
2020-04-20 23:20:34 -07:00
snipe 824ebc19c0
Updated assets 2020-04-08 11:24:17 -07:00
snipe 0d3c18d1df
Fixed importer vue code for niceer layout 2020-04-06 15:09:37 -07:00
snipe 756361584a Updated assets 2019-08-14 22:22:33 -07:00
snipe 441ae69f5c
Integrations/develop into master (#7352)
* Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)

* Added upcoming audit report

TODO: Fid diff/threshold math

* Added route to list overdue / upcoming assets via API

* Controller/API methods for due/overdue audits

We could probably skip this and just handle it via view in the routes…

* Added query scopes for due and overdue audits

* Added audit due console command to kernel

* Added ability to pass audit specs to main API asset search method

* Added audit presenter

* Added bootstrap-tables presenter formatter to display an audit button

* Added gated sidenav items to left nav

* Added audit due/overdue blades

* Cleanup on audit due/overdue console command

* Added language strings for audit views

* Fixed :threshold placeholder

* Removed unused setting variable

* Fixed next audit date math

* Added scope for both overdue and upcoming

* Derp. Wrong version

* Bumped version

(I will release this version officially tomorrow)

* Leave the activated state for users alone in normal LDAP synchronisation. (#6988)

* Fixed #7003 - crash when warranty months or purchase date is null

* Fixed #6956 - viewKeys policy inconsistent  (#7009)

* Fixed #6956 - Added additional gates show showing/hiding license keys

* Modified gate to allow user to see licenses if they can create or edit the license as well

* Added API middleware to API routes to enable throttling

TODO: Figure out how to make this costumizable without touching the code

* Import locations from CSV via command line (#7021)

* Added import locations command

* Small fixes to location importer

* Added country, LDAP OU

* Cleaned up comments, added more clarification to what the script does

* Added ability to update groups via API

Fixes [ch9139]

* Bumped version

* Fixed #6883 - remove escaping of fields on LDAP import

* Fixed #6880 - correctly encrypt encrypted fields via the API

* Fixes #5054: LDAP users deactivated for none-ad (#7032)

When using none-AD ldap, users are automatically deactivated every LDAP
sync.  This commit changes the behaviour so that if the active flag isn't set,
the users are enabled.

Fixed #5054, at least for 4.X

* Updated packages

  - Updating erusev/parsedown (v1.7.2 => 1.7.3): Downloading (100%)
  - Updating squizlabs/php_codesniffer (3.4.1 => 3.4.2): Downloading (100%)
  - Updating symfony/polyfill-mbstring (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/var-dumper (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating league/flysystem (1.0.50 => 1.0.51): Downloading (100%)
  - Updating symfony/translation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating nesbot/carbon (1.36.2 => 1.37.1): Downloading (100%)
  - Updating symfony/debug (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/console (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/finder (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-ctype (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php70 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/http-foundation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/event-dispatcher (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/http-kernel (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/process (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/routing (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-util (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php56 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/psr-http-message-bridge (v1.1.1 => v1.1.2): Downloading (failed)
Downloading (100%)
  - Updating rollbar/rollbar (v1.7.5 => v1.8.1): Downloading (100%)
  - Updating symfony/yaml (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/browser-kit (v3.4.23 => v3.4.27): Downloading (100%)

* Fixed #7044 - API update deleted custom fields if they are not re-presented

* Fixed XSS vulnerability when creating a new categories, etc via modal on create

Same fix as before, because of the weird select2 post-parsing ajax behavior

* Updated email strings

* Fixed #7046 - added user website url back into UI

* Updated language strings

* Bumped version

* Updated packages

* New backups config for spatie

* Removed debugbar service provider (autodiscovery)

* Use laravel v5.5 withCount manual aliases

* Added spatie language files

* Removed old laravel backups config

This config file was renamed in a newer version of spatie laravel-backup

* Set the serialization

* Added the command loader to console kernel

* Renamed fire() to handle()

* Updated withCount to use manual naming

* Updated backup path in backup admin

* Updated travis with new php versions

* Bumped laravel version in readme

* Fixed custom field edit screen

* Fixed baseUrl is undefined error

I literally cannot figure out how this ever worked before.

* Fix for included files in backup

* Bumped version

* Switch has() to filled()

* Change ->has() to ->filled()

* Removed cosole log

* Bumped packages

* Use getReader instead of fetchAssoc for CSV parser

https://csv.thephpleague.com/9.0/upgrading/

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Trying to fix ajax asset validation

This I think gets us closer, but still not handling the validation on the asset properly.

When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:

```
Illuminate\Support\MessageBag Object
(
    [messages:protected] => Array
        (
            [name] => Array
                (
                    [0] => The name field is required.
                )

            [seats] => Array
                (
                    [0] => The seats field is required.
                )

            [category_id] => Array
                (
                    [0] => The category id field is required.
                )

        )

    [format:protected] => :message
)
```

Currently the Assets ajax returns:

```
[2019-05-24 06:52:06] develop.ERROR: array (
  'messages' =>
  array (
    'model_id' =>
    array (
      0 => 'The model id field is required.',
    ),
    'status_id' =>
    array (
      0 => 'The status id field is required.',
    ),
    'asset_tag' =>
    array (
      0 => 'The asset tag field is required.',
    ),
  ),
)
```

So not sure why it’s not working.

* Fixed missing asset validation

* Check that a model exists before trying to fiddle with fieldsets

* Tidied up license check

* Removed extra escaping on checkin

* Updated importer to work with newer CSV Reader::getRecords() method

* Fixed field mapping

* Small fix for reordering fields

Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151]

This needs revisiting for a more solid fix, especially for data that was already entered bad.

* Fixed bug where sorting by company name in Users API did not work

Fixes [ch9200]

* Removed custom fields from AssignedSearch to prevent confusing data in selectlist

Fixes [ch9193]

* Removed alert-danger from tests

* Fixed missed consumables_count withCount() statement

* Fixed Undefined variable user in $backto if checked out to a non-user

Fixes [ch9194]

* Check for valid model before attempting to access fieldsets

Fixes [ch1249]

* Only build the log upload destination path if there is a matching record

Fixes [ch1232]

* Fixed free_seats_count variable name

(I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables)

* Only gtry to delete the file if a record is found in the log

* Only try to get fieldset if model is valid

* Fixed more camel-casing -> snake-casing

* Only display the file if the log record can be found

* Fixed casing in sync command

* Updated README

* Derp - typo

* Added link to Atlassian plugin

* More Atlassian clarifications

* Show accessory image on view page

* Increased image size to 800px, added lightboxes

* Fixed #7083 - Removed user_exists constraint on department save

If the user has been deleted, this prevented the department from being successfully saved on edit

* Updated branch in version file

* Dockerfile update to bring us up to php v7.1 for Laravel 5.5 (#7084)

* bump up to php7.1

& change deprecated MAINTAINER to a LABEL so it is visible with `docker inspect`

* AND modapache ><

* 2 updates required to get software-properties+ppa

* Bumped version

* Bumped release again :(

* Missed one

* Fixed #7098 - updated backup config for deleteFile() method

* Fixed #7092 -  handle weird port forwarding/port numbers for baseUrl

* Bumped version

* Fixed #7099 - set email to null by default for backup notifications

* Removed old comments

* Fixed #7100 - Check if $user isset on checkin

* Increased throttle to 120 requests per minute

* Added Filipino, corrected order for Spanish variations

* Update language strings

* Bumped hash

* Changed has to filled to fix bulk asset editing

* Bumped point version

* Small fixes for phpleague CSB reader v9

* Improved error checking in locations importer

* Fixed #7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility

* Reduce minimum group name length to 2 (from 3)

eg: IT

* Back in time fix FOR #7145 for new installs on MySQL 8+

* Fixed permission insert

//TODO

Handle this via model

* Possible fix for reporting/admin migration back in time

* Fixed #7164 - change table name to permission_groups

* Fixed LDAP password blanking on save

* fixing previous commit's actual wiping of password (#7183)

replaced Input::fille('ldap_pword') with _filled_.   Should be good to go.  

https://github.com/snipe/snipe-it/issues/7179

https://github.com/snipe/snipe-it/issues/7169

* Bumped version

* Downgrading rollbar for Laravel 5.5

* Spelling Correction (#7206)

Fixed Spelling for the word reqrite, to be rewrite.

* Fix #6910: Add logic to manipulate the eloquent query. (#7006)

* Added company_id to consumables_users table

* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users

* Remove a migration that tries to fix this problem, but is not longer necessary

* Addresses #7238 - add PWA code to layout

Needs additional UX testing

* Better log message for bad LDAP connection

* Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed

* Comment clarification on #7186

* Check for valid seat on hardware view

* Added space between footer and custom message

* Cap warranty months to three characters

Filles rollbar 209

* Cap warranty months to 3 on the frontend blade

* Fixed countable() strings on user destroy

* Check that the user has assets and that the aset model is valid

* Bumped hash

* Caps asset warranty to 20 years

* Command to fix custom field unicode conversion differences between PHP versions (#7263)

* Fixes #7252 form request changes (#7272)

* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests

* Removed debug info

* More fixes for #7252

This is mostly working as intended, if not yet the way Laravel wants us to do it.

Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.

* Removed experimental method

* Check for digits_between:0,240 for warranty

* Removed debug code

* Apply fix from PR #7273 to master

* Bumped hash

* Fixed #7250 - permission issue for API fieldsets and fields endpoints

This applies the change from #7294 to master

* Add @mskrip as a contributor

* Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name

* CORS for api (#7292)

* Added CORS support to API

* Changed order so CORS will still work if throttle hit

* Added APP_CORS_ALLOWED_ORIGINS env option

* Fixed typo

* Clarified header comments

* More clarification

* DIsable CORS allowed origins by default to replicate existing behavior

* Change variable name to be clearer

* Bumped version

* Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317)

* Added comments to the ByFilter query scope for clarity

* Added accessories checkout/checkin API endpoint

* Fixed CVE-2019-10742

https://nvd.nist.gov/vuln/detail/CVE-2019-10742

* Update README.md (#7334)

Add reference to CSV importer.

* Group related variables in .env

* History importer fixes

* Fixes to history importer
2019-08-14 21:48:14 -07:00
snipe 149ac4bdf8 Removed cosole log 2019-05-23 17:52:53 -07:00
snipe f6ef139111 Fixed baseUrl is undefined error
I literally cannot figure out how this ever worked before.
2019-05-23 16:56:22 -07:00
snipe 978533b2f4 Fixed XSS vulnerability when creating a new categories, etc via modal on create
Same fix as before, because of the weird select2 post-parsing ajax behavior
2019-05-21 18:29:50 -07:00
snipe bca82684a1 Merge branch 'hotfixes/2fa_qr' into develop
# Conflicts:
#	.all-contributorsrc
#	Dockerfile
#	README.md
#	app/Console/Commands/LdapSync.php
#	app/Http/Controllers/Api/ImportController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/CategoriesController.php
#	app/Http/Controllers/CompaniesController.php
#	app/Http/Controllers/DepartmentsController.php
#	app/Http/Controllers/ImportsController.php
#	app/Http/Controllers/LocationsController.php
#	app/Http/Controllers/ManufacturersController.php
#	app/Http/Controllers/SuppliersController.php
#	app/Http/Requests/ItemImportRequest.php
#	app/Http/Transformers/ActionlogsTransformer.php
#	composer.json
#	composer.lock
#	config/app.php
#	config/version.php
#	docker/startup.sh
#	public/css/build/all.css
#	public/css/dist/all.css
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/dist/all.js
#	public/mix-manifest.json
2019-03-20 02:17:02 -07:00
snipe dee92cfc6c
Fixes XSS vulnerabilities (#6831)
* Properly escape log_meta values

* Vue syntax fix to allow npm run dev to work again

* Janky fix for Select2 bug

* Compiled production assets

* Escape user’s last name in API

* Removed duplicate alertClass

* Compiled production assets
2019-03-18 20:49:32 -07:00
snipe 3b525f0009 Fixed #6705 - undefined is not a function (near '...$.validate...')
Not sure what happened here, but re-running webpack seems to have resolved it.
2019-02-13 05:16:12 -08:00
Wes Hulette 3e19509a49 Fixed: #6395 - Adjusted graph size (#6518)
* Fixed missing oauth tables during setup.

* Merge remote-tracking branch 'snipe-it-upstream/develop' into develop

* Merge remote-tracking branch 'snipe-it-upstream/develop' into develop



Merge remote-tracking branch 'origin/develop' into develop

* Fixed Pie Graph sizing on dashboard

Updated chart.js to 2.7.3
Added height to canvas
2019-01-15 14:02:49 -08:00
snipe 3d4a5a8066 More importer tweaks for dept and manager 2018-11-07 18:05:53 -08:00
Wes Hulette 465b69516d Fixed: #6259 - Remove remote JS/CSS file loading (#6330)
* Fixed missing oauth tables during setup.

* Remove remote JS/CSS file loading


Updated gravatar to return to default image

* Updated default avatar path to user url

Removed local html5shim & response js files.
Removed copying html5shim & respond js file to public directory
2018-10-17 12:52:01 -07:00
snipe dff674b4ab Production assets 2018-10-09 16:12:43 -07:00
Wes Hulette d715ecf41d Fixed: Tooltips (#6309)
* Fixed missing oauth tables during setup.

* Fixed missing tooltips

Updated spelling in bootstrap-table.blade.php to use bootstrap data element. 
Using custom jquery-ui without tooltips to fix conflict issue.

* Removed custom jQuery ui file added fix in bootstrap.js file
2018-10-09 15:20:27 -07:00
snipe c8ad45b11e Port import manager code to develop 2018-10-03 00:52:29 -07:00
snipe c8bff3ef38
Features/add manager and dept to importer (#6277)
* Ignore the simlink for public storage

* Added manager and department to user import

* More UI importer tweaks

* Fisxed typos
2018-10-02 15:43:54 -07:00
Wes Hulette fc8096f8dc Fixed: Missing CSS file in basic.blade.php (#6264)
* Fixed missing CSS file in basic.blade.php

* Added

* Changed stylesheet import for authorize.blade.php
2018-09-29 14:15:25 -07:00
Wes Hulette ecf77e60df Added: #6246 - CSS Cleanup (#6247)
* Streamlined CSS by using NPM

Removed unnecessary CSS files
Merged CSS files into one file

* Streamlined CSS by using NPM

Removed unnecessary CSS files
Merged CSS files into one file

* Removed override.less

* Moved bootstrap-color-picker css to file

Removed inline calls

* Changed css import on setup.blade.php

* Updated signature-pad.css import

* NPM Prod compile

* Fixed font family loading issue.
2018-09-28 14:09:48 -07:00
Wes Hulette bfb5920677 Added #5956 - Moved bootstrap-tables to npm (#6139)
Created single bootstrap-tables js and css file.
2018-08-28 13:10:27 -07:00
Daniel Meltzer 2637ce56a1 Allow importcontroller to return 200 for failed delete. (#6034) 2018-08-02 09:53:54 -07:00
snipe f5a5d830a5 Better handling for deleting imports where the files may have been moved 2018-08-01 20:49:55 -07:00
snipe 462878a307 Production assets 2018-08-01 00:27:19 -07:00
Daniel Meltzer b58c77c8b8 Feature: Import users department. (#5987)
Maps to the "Department" header key by default.  Bug: #5382
2018-07-27 12:02:18 -07:00
snipe 3df19d267f Fixed Ziggy routes 2018-07-25 03:00:27 -07:00
snipe a4799a495a
Fixes #5859 - add file name/size to file upload UI (#5861)
* Fixes #5859 - add file name/size to file upload UI

* Reverting assetcontroller

Not sure exactly what happened here…

* Production assets
2018-07-16 20:09:53 -07:00
Till Deeke 07a92d20d7 Fixing #5773: Refactoring the "clearing" of select2 lists (#5839)
* adds select2 placeholders to select lists

To allow us to clear the selection on „select2“ selects, we need a placeholder attribute

See: https://select2.org/placeholders

* Removes empty option from multiple select

select2 requires an empty option value on singular selects, but not on multiple selects.

When selecting multiple options, this empty option would be shown as selectable otherwise, not clearing the selection.

* Adds the option to clear select2 instances

Sets the correct options to allow clearing of out select2 instances. The empty placeholder is required, since clearing only works when a placeholder ist set (event an empty one).

See: https://select2.org/placeholders

* Removes the „Clear selection“ option from select lists

Since we can clear the select2 lists with their native clearing method, we can remove this hack

* Updates generated assets (css/js)
2018-07-16 14:10:54 -07:00
snipe abb95e7872 Tweaked custom field default value layout
This still needs work. It’s ugly.
2018-07-05 15:31:27 -07:00
Daniel Meltzer 880faa83a6 Importer2 checkout (#5771)
* Importer: checkout to location, backend changes+tests.

* Import location checkout. Frontend changes.

* Allow importing of item number/model number for consumables.
2018-07-05 12:22:24 -07:00
snipe f5bf6a0beb Added larger icon size 2018-05-01 21:34:31 -07:00
Hannah Tinkler c4c520c1a3 Fixes #4445: prevents assigned assets from being checked out in bulk checkout (#5421)
* Fixes #4445: prevents assigned assets from being checked out in bulk checkout

* Updates data attribute to more versatile 'data-asset-status-type'

* Fixes broken unit test
2018-04-25 02:39:23 -07:00
Hannah Tinkler 8d501e1c24 Feature/custom fields default values (#5389)
* Fixes CustomFieldsetsController::fields() which I think is not used anywhere else and don't think ever worked as you can't call get() on a Collection.
Have tested extensively and doesn't seem to affect anywhere else?

* Adds default value functionality

* Adds built assets

* Fixes assignment to asset_model_id which should have been evaluation and alters route so it sits more in line with existing work

* Updates built assets

* Remove silly docker.env file; fix Dockerfile to preserve Oauth keys (#5377)

* Added department to custom asset export
Updates build assets

* Adds translation support for 'add default values' checkbox label
2018-04-23 21:16:55 -07:00
Daniel Meltzer 79f061be93 Move first_name and last_name to only be displayed for user importer. Also sort items alphabetically regardless of their source. (#5292) 2018-03-30 19:32:43 -07:00
Daniel Meltzer 5a84863873 Importer name/full name fixes. (#5072)
Fix a bug where "name" was used ambigously and mapping "item name" to
"name" would confuse the importer into thinking it should also be a user
name.  Now we default to "full name" for the users name, and "item name"
for the item name.  These are still both configurable through the custom
mapping.

Also update sample csvs and remove an outdated sample.
2018-02-21 16:42:36 -08:00
snipe d2403cdadb Added image preview for uploads 2018-02-17 00:51:22 -08:00
snipe d8fc50c351 Fixed #5033 - use PHP’s max filesize for image uploads 2018-02-16 21:17:41 -08:00
snipe 9f3116e4e3 Added - Deep linking in Bootstrap tabs 2018-02-13 17:04:50 -08:00
snipe 57e5af2f69 Removed console logging from JS 2018-01-20 07:42:48 -08:00
Brady Wetherington dfb2b9b569 Major overhaul for modals, and a fix for #4820 (#4866)
Changes how the various modals work, and allows for specifying
category_type when inline-creating categories.
2018-01-20 00:42:29 -08:00
snipe f5f7a63a23 Production assets 2018-01-09 20:19:04 -08:00
snipe b6a7fd1cec Run production assets - because modern web development. Sigh. 2018-01-09 20:18:49 -08:00
Daniel Meltzer f16ce09a7a Importer again (#4702)
* If a user id is provided in the name column of an import, we should assume that it is a user id and check out to it.

* Fix build of vue files.  The location is public/js/build, not public/build

* Ensure a status type is set before allowing submission of an import.

Also expand the status text label to change color based on success/failure.

Fixes #4658

* Use right key to lookup emails when importing users.  Fixes 4619.

* Import serial for components, and make unique matches based on the serial as well as the name.  Fixes #4569

* Set the location_id when importing an item properly.

This moves as well to using the Asset::checkout() method, which should consolidate the logic into a useful spot.
Fixes #4563 (I think)

* Production assets.

* Case insensitive field map guessing and repopulate when changingin import type.
2017-12-28 20:08:45 -08:00
snipe fdaa279930 Fixed #4548 - add cateory to model dropdown 2017-12-04 20:19:30 -08:00
snipe 4696e799ed
Fixes #4491 and #4483 - handle pre-selected asset on checkout, better checkout-to selection UI (#4501)
* Added form checkout selector partial

* Stupid stash

* Added radio button checkout selector javascript

* New compiled production assets

* Added $style override in form partials for select2 ajax lists

* Added checkout-to radio button selector

TODO: Fix for accessibility - currently cannot tab-select this radio button

* Added new checkout-to selector to hardware edit

* Added new checkout-to selector to asset checkout form

* Refactored postCheckout to use radio button submission

This defaults to user checkout if nothing is passed for some reason

* Better visual feedback on whether or not an asset is deployable in edit screen
2017-11-21 15:58:31 -08:00
snipe 6e2556eefd Production assets 2017-11-08 02:24:06 -08:00
snipe e5c1e41966 Nicer icheck for user menu 2017-11-08 01:52:35 -08:00
snipe d1022e8ff7 Fixed #4390 - results couldn’t be loaded error
The baseUrl in the javascript routes is already appending a trailing slash, so don’t prepend a slash in front of api call
2017-11-08 00:57:43 -08:00
snipe cceeb5c8a2 Disable Fastclick - conflicts with Select2, per #4392 2017-11-06 21:16:20 -08:00
snipe adf6afbb43 Moved delay back to 250 on ajax menus 2017-11-04 00:48:54 -07:00
snipe b6a14d2c9c Production assets 2017-11-04 00:20:06 -07:00
snipe f3f84f1a8c Production assets 2017-10-28 11:22:38 -07:00
snipe 82690e1fd7 Integrate ajax select2 menus in all asset checkouts 2017-10-26 02:28:17 -07:00
snipe 4f80eac467 Prod assets 2017-10-25 20:15:34 -07:00
snipe e1ad28aa20 Mix fuckery 2017-10-25 16:05:39 -07:00
snipe 87992b7f71 More mix() fuckery 2017-10-25 16:05:18 -07:00
snipe 17d58d9cc5 Added snazzy rich user selection menu
TODO:
- Abstract this out so it can be used by other select2 menus
- Write a select2 transformer to standardize output
2017-10-24 19:24:35 -07:00
snipe 113c55d905 Hopefully fixes #4150 2017-10-16 20:34:31 -07:00
snipe 9cc25bcfd0 Hopefully fixes #4150 2017-10-16 20:34:22 -07:00
snipe 81d3f78263 Production assets 2017-10-16 20:12:42 -07:00
snipe 66596b0b09 Production assets 2017-10-16 20:12:22 -07:00
snipe 7455b1019a Hacky possible fix for subdir issues 2017-10-16 20:12:11 -07:00
Daniel Meltzer a2453be573 Pass urls to passport vue components to make work in subdirectories. (#4090) 2017-10-01 13:59:07 -07:00
Daniel Meltzer c2616412c0 Add laravel routes to javascript (#4092)
* Add laravel routes to javascript

This will clean up a lot of passing of urls.  Adds a route() helper and
everything...

This commit also moves the customfield fetching to only be fetched once
and shared with each file, rather than once for each file.

* Try to fix travis unit test things.

* Downgrade doctrine/inflector for php5

* Attempt to occasional seeder issues on travis if the asset does not generate validatable data.

* Update sql dump for functional tests.

* Try to fix api tests.
2017-10-01 12:59:55 -07:00
snipe 0bb186ad3b Prod manifest 2017-09-29 19:43:33 -07:00
snipe b7abd8328a Prod asset build 2017-09-29 19:43:18 -07:00
Daniel Meltzer 655ca78633 Adjust the import controller to return a url to the process path to enable processing an uploaded file without refresh. (#4080) 2017-09-29 17:49:35 -07:00
Daniel Meltzer 0a4743210c Pass urls to vue. Should fix subdirectory issues. (#4054) 2017-09-28 16:03:04 -07:00
snipe 348becbbec Production assets generated 2017-09-18 13:01:54 -07:00
Daniel Meltzer 922d6937ae Custom field import repair (#3968)
* There is no notes field on accessories.  Fixes Importer Test.

* Fix notification test.  We should see a checkout not allowed exception when trying to check out to a location if the asset requires acceptance.

* Fix Custom field import.

Add a test for custom field import, and fix a few issues related to
importing custom fields.  This will restore v3 functionality.

* Add UI support for mapping custom fields.

This still requires the field mappings to be created/assigned in
advance, but will fetch all custom field names and allow them to be
selected when setting up custom field mappings.

This commit also updates laravel-mix to v1.4.3 and other node
dependencies to fix some build issues.

* Fix some requestable asset page/assetloc issues.  I'd love to know why laravel expections relationships to be in lower case... but thats a question for another day.
2017-09-18 12:29:08 -07:00
snipe 42175782a5 Only pull logo if there is a value 2017-08-26 17:43:00 -07:00
snipe c7a21e0e4d Production asset build 2017-08-26 17:39:59 -07:00
Brady Wetherington 6ad5da44f3 Formalize modals (#3898)
* Refactor Modal JS into standalone file, remove duplicated JS and HTML

* Finish fixing Bulk-checkout and checkout
2017-08-26 16:06:52 -07:00
snipe e79260a0d4 Fixes #3732 - broken tooltips and weird select2 option text behavior
The solve here was a few things - first, load jquery-ui before bootstrap. They have conflicting tooltips. Second, initiate the tooltips in the wenzhixin/bootstrap-table formatter using `data-tooltip=“true”`, and thirdly, add some JS that tells BS table to inititalize tooltips within the table using that `data-tooltip=“true”` business
2017-07-08 13:21:13 -07:00
Daniel Meltzer 61c6160b98 Importer mapping - v1 (#3677)
* Move importer to an inline-template, allows for translations and easier passing of data from laravel to vue.

* Pull the modal out into a dedicated partial, move importer to views/importer.

* Add document of CSV->importer mappings.  Reorganize some code.

Progress.

* Add header_row and first_row to imports table, and process upon uploading a file

* Use an expandable table row instead of a modal for import processing.  This should allow for field mapping interaction easier.

* Fix import processing after moving method.

* Frontend importer mapping improvements.

Invert display so we show found columns and allow users to select an
importer field to map to.  Also implement sample data based on first row
of csv.

* Update select2.  Maintain selected items properly.

* Backend support for importing.  Only works on the web importer currently.  Definitely needs testing and polish.

* We no longer use vue-modal plugin.

* Add a column to track field mappings to the imports table.

* Cleanup/rename methods+refactor

* Save field mappings and import type when attempting an import, and repopulate these values when returning to the page.

* Update debugbar to fix a bug in the debugbar code.

* Fix asset tag detection.

Also rename findMatch to be a bit clearer as to what it does.
  Remove logging to file of imports for http imports because
it eats an incredible amouint of memory.

This commit also moves imports out of the hardware namespace and into
their own webcontroller and route prefix, remove dead code from
AssetController as a result.

* Dynamically limit options for select2 based on import type selected, and group them by item type.

* Add user importer.

Still need to implement emailing of passwords to new users, and probably
test a bit more.

This also bumps the memory limit for web imports up as well, I need to
profile memory usage here before too long.

* Query the db to find user matches rather than search the array.  Performance is much much better.

* Speed/memory improvements in importers.

Move to querying the db rather than maintaining an array for all
importers.  Also only store the id of items when we import, rather than
the full model.  It saves a decent amount of memory.

* Remove grouping of items in select2

With the values being set dynamically, the grouping is redundant.  It
also caused a regression with automatically guessing/matching field
names.  This is starting to get close.

* Remove debug line on every create.

* Switch migration to be text field instead of json field for compatibility with older mysql/mariadb

* Fix asset import regression matching email address.

* Rearrange travis order in attempt to fix null settings.

* Use auth::id instead of fetching it off the user.  Fixes a null object reference during seeding.
2017-06-21 16:37:37 -07:00
Daniel Meltzer 30487bfee7 Fix importer vue issues. (#3655)
We currently depend on a "vue-strap" module to provide the modal dialog.
The default npm vue-strap is not compatible with vue2, so we need to use
a fork.  Update package.json to reflect this.  Probably makes sense to
move away from vue-strap in all my copious amounts of free time.
2017-06-12 15:24:49 -07:00
snipe 3046d7d33c Fixes #3644 - broken datepicker 2017-06-09 18:53:19 -07:00
snipe 02edb74cdf Style updates 2017-06-09 14:58:43 -07:00
snipe 408bb6476f Removed some unneeded styles 2017-06-09 14:57:57 -07:00
snipe e9dd119b9c Fixes some vue styles 2017-06-09 02:06:10 -07:00
snipe 9caf045930 Production assets 2017-06-06 02:36:02 -07:00
snipe 01cc00c832 Fixing webpack. Again 2017-06-06 01:39:53 -07:00
snipe 9338b37b74 Try to fix the datepicker :(
Webpack has fucked everything. I hate everything.
2017-06-06 00:51:41 -07:00
snipe de5334e525 Updated with production assets 2017-05-31 13:27:17 -07:00
snipe 66eaff739a More npm/css/js updates 2017-05-31 12:34:05 -07:00
snipe 7b4b2d79cf Moved CSS/JS/etc assets up one level 2017-05-31 10:31:56 -07:00