Commit graph

167 commits

Author SHA1 Message Date
snipe 9bb15aaf1b Added individual gates to keep response consistent with other company-ed things
Signed-off-by: snipe <snipe@snipe.net>
2024-04-17 10:57:49 +01:00
snipe ed0a441e4d Refactor destroy method
Signed-off-by: snipe <snipe@snipe.net>
2024-04-11 14:52:03 +01:00
snipe f54a94bd4c Refactorered methods
Signed-off-by: snipe <snipe@snipe.net>
2024-04-11 14:40:00 +01:00
snipe adacdc038d Apply company scoping for users
Signed-off-by: snipe <snipe@snipe.net>
2024-04-10 12:34:32 +01:00
akemidx 721902c2d4 committed for later 2024-03-28 16:44:44 -04:00
akemidx e6b366020a lots of attempts and syntax, but no go 2024-03-27 19:05:59 -04:00
Godfrey M 633249b08a user assets get updated when a user changes location 2024-03-21 15:15:40 -07:00
akemidx 5ffade663a unstash 2024-02-26 18:41:58 -05:00
akemidx 9397372f87 permissions, but they are now all in their own column because reasons??? 2024-02-20 18:48:17 -05:00
akemidx 8bbf6da052 user block, trying to pick out ONLY permissions we wanna see 2024-02-20 18:25:41 -05:00
akemidx f7d0cecdac permissions query starto 2024-02-12 19:01:06 -05:00
Brady Wetherington 9bb191f29f Fixes file upload XSS vulnerability [sc-24156] 2024-02-08 14:30:40 +00:00
akemidx 2a54797dce permission level proof of formatting 2023-11-28 17:58:37 -05:00
akemidx 9770016eec beginning of permission groups export 2023-11-28 17:47:36 -05:00
snipe d06cfe6502 Changed verb to “restore” from “restored”
Signed-off-by: snipe <snipe@snipe.net>
2023-11-22 20:08:41 +00:00
snipe f7ccef16e7 Refactorer controller restore methods
Signed-off-by: snipe <snipe@snipe.net>
2023-11-22 18:02:47 +00:00
Godfrey M 3b6a0d6525 allows multi location sync for ldap 2023-11-02 16:50:19 -07:00
snipe f822f8b186 More graceful failure if ldap_results JSON decode isn’t set
Signed-off-by: snipe <snipe@snipe.net>
2023-10-31 17:09:18 +00:00
snipe 3495652827 Added checkboxes to intentionally remove field values in bulk user edit
Signed-off-by: snipe <snipe@snipe.net>
2023-10-31 12:52:53 +00:00
snipe f685ba01b6 Reversed order of find
Signed-off-by: snipe <snipe@snipe.net>
2023-10-09 16:43:14 +01:00
snipe e5f5802235 Added tighter controls for matching log ID and item_id
Signed-off-by: snipe <snipe@snipe.net>
2023-10-09 15:17:03 +01:00
snipe 894c34ff4f Update to only use relative paths
Signed-off-by: snipe <snipe@snipe.net>
2023-09-07 20:22:14 +01:00
snipe f53db8ba75 Fixed #13562 - allow inline view for uploaded files
Signed-off-by: snipe <snipe@snipe.net>
2023-09-05 18:28:01 +01:00
Marcus Moore 2aba8252f3
Ensure users editing themselves do not deactivate their account 2023-04-20 21:59:55 -07:00
snipe 9833d861d4 Added autoassign_licenses tp bulk users conditional
Signed-off-by: snipe <snipe@snipe.net>
2023-04-16 15:26:33 -07:00
snipe 03cc55cb6a Set autoassign_licenses to false if unchecked
Signed-off-by: snipe <snipe@snipe.net>
2023-04-16 15:25:52 -07:00
snipe 70ce0d9ee6 Maintain activated state on editing a user
Signed-off-by: snipe <snipe@snipe.net>
2023-04-09 14:06:29 -07:00
snipe e08327be95 Ability to remove user location from users
Rework of #9677 - sorry @godmartinez - I suck :(

Signed-off-by: snipe <snipe@snipe.net>
2023-03-21 23:03:57 -07:00
snipe 82dc57aa18 Renamed some variables, invoked the event listener
Signed-off-by: snipe <snipe@snipe.net>
2023-03-17 16:24:58 -07:00
snipe 9ac4efb912 Better commenting
Signed-off-by: snipe <snipe@snipe.net>
2023-03-17 16:24:38 -07:00
snipe 30cf7eb750 Disallow action in demo mode
Signed-off-by: snipe <snipe@snipe.net>
2023-03-17 02:42:50 -07:00
snipe 0dd11575c5 Added merge controller
Signed-off-by: snipe <snipe@snipe.net>
2023-03-16 18:19:16 -07:00
snipe 8e72da42e8
Merge pull request #12406 from akemidx/vip_tag
Added a checkbox to notate VIP status
2023-02-23 12:23:29 -08:00
snipe 4bf1566d2a
Merge pull request #12124 from Godmartinz/feature/sc-16946/add-checkbox-to-allow-skipping-a-user-during
Adds Boolean to Users Table for Auto Assigning Licenses
2023-02-21 20:10:46 -08:00
akemidx b8951e2b54 fixing name from vipuser to vip 2023-02-02 15:58:05 -05:00
akemidx 53d8008a5f Merge branch 'vip_tag' of github.com:akemidx/snipe-it into vip_tag 2023-01-25 17:14:29 -05:00
akemidx b363524305 vipuser label updated to vip 2023-01-25 15:58:44 -05:00
snipe 4c3354b778
Merge branch 'develop' into vip_tag 2023-01-24 20:29:43 -08:00
akemidx 596846a94a Add VIP Checkbox 2023-01-24 15:29:27 -05:00
snipe 02dcb0fbd7 Shorten the additiona form request invocation to just ImageUploadRequest
We already have the `use App\Http\Requests\ImageUploadRequest` clause at the top of this file.

Signed-off-by: snipe <snipe@snipe.net>
2023-01-23 21:37:35 -08:00
snipe cd8cb445ba Corrected fieldname for user fieldname for avatar in Controller
Signed-off-by: snipe <snipe@snipe.net>
2023-01-21 18:20:53 -08:00
Godfrey M 7ce230fadc missed a few renames 2023-01-18 08:57:59 -08:00
Godfrey M 45636b8114 adds should_autoassign boolean to users table 2022-11-15 15:42:57 -08:00
snipe 28b0d8cf0f Null expected_checkin on user bulk checkin and delete
Signed-off-by: snipe <snipe@snipe.net>
2022-10-26 00:54:37 -07:00
snipe f7a9be92ca Store data for start and end
Signed-off-by: snipe <snipe@snipe.net>
2022-10-05 16:58:26 -07:00
snipe 891b5b2882 Added routes, language
Signed-off-by: snipe <snipe@snipe.net>
2022-10-04 15:45:25 -07:00
Ivan Nieto Vivanco 0d4e9c183b Save correct id in action log if the bulk-checkin is of type license 2022-08-25 19:16:48 -05:00
snipe 5feea17f8d
Revert "Prevent to delete a user if still has consumables associated to them" 2022-08-14 13:42:14 -07:00
Ivan Nieto Vivanco db53a00d3f Prevent to delete a user if still has consumables associated to them 2022-08-11 17:01:52 -05:00
snipe 7313bca403 Checkin without deleting
Signed-off-by: snipe <snipe@snipe.net>
2022-07-20 17:57:19 -07:00
mikeroq 5efe45226d Fixes Email List of All Assigned being "successful" when the user has no email
Added check in view to disable button if there is no email
Added translation for title on disabled button and for email check in controller
Fixed missing trans for user not found message
2022-07-11 20:02:10 -05:00
snipe 656efc5f92 Fixed missing trans()
Signed-off-by: snipe <snipe@snipe.net>
2022-06-30 14:20:15 -07:00
Godfrey M cd9d2d0cec adds docblock 2022-06-29 13:01:29 -07:00
Godfrey M e471aa8639 adds button to email user list of assets from profile 2022-06-29 11:15:15 -07:00
snipe c9b81d65f1 Save the user id who is creating the user
Signed-off-by: snipe <snipe@snipe.net>
2022-06-23 17:19:08 -07:00
mikeroq d60af478ad Added website field that was missing from update and store method. 2022-06-17 08:09:39 -05:00
snipe f609146c29 Corrected field name
Signed-off-by: snipe <snipe@snipe.net>
2022-05-18 15:37:10 -07:00
snipe 891009dc67 Nicer formatting for buttons in bulk user edit
Signed-off-by: snipe <snipe@snipe.net>
2022-05-18 15:35:57 -07:00
snipe d4f7b5f80c Fixed #11100 for individual users
Signed-off-by: snipe <snipe@snipe.net>
2022-05-16 12:07:18 -07:00
Brady Wetherington b05d85ab0a Fix bulk-user reset-password links 2022-05-16 10:38:12 -07:00
snipe 9aac1cbba4 Merge branch 'master' into rcs/merge_master_into_develop_for_rc_8
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	README.md
#	app/Console/Commands/MoveUploadsToNewDisk.php
#	app/Http/Controllers/ActionlogController.php
#	app/Http/Controllers/Api/LicensesController.php
#	app/Http/Controllers/Api/StatuslabelsController.php
#	app/Http/Controllers/Assets/AssetCheckinController.php
#	app/Http/Controllers/Licenses/LicensesController.php
#	app/Http/Controllers/Users/BulkUsersController.php
#	app/Http/Requests/AssetCheckoutRequest.php
#	app/Importer/LicenseImporter.php
#	app/Models/Actionlog.php
#	app/Models/License.php
#	app/Models/User.php
#	app/Observers/AssetObserver.php
#	composer.lock
#	config/version.php
#	database/factories/LicenseFactory.php
#	database/migrations/2015_09_21_235926_create_custom_field_custom_fieldset.php
#	database/migrations/2018_10_18_191228_add_kits_licenses_table.php
#	database/migrations/2018_10_19_153910_add_kits_table.php
#	database/migrations/2018_10_19_154013_add_kits_models_table.php
#	database/migrations/2019_02_07_185953_add_kits_consumables_table.php
#	database/migrations/2019_02_07_190030_add_kits_accessories_table.php
#	package-lock.json
#	package.json
#	public/css/dist/all.css
#	public/css/dist/bootstrap-table.css
#	public/js/dist/bootstrap-table.js
#	public/mix-manifest.json
#	resources/lang/ar/general.php
#	resources/lang/ar/passwords.php
#	resources/lang/cs/general.php
#	resources/lang/cs/passwords.php
#	resources/lang/de/admin/custom_fields/general.php
#	resources/lang/de/admin/settings/general.php
#	resources/lang/de/admin/settings/message.php
#	resources/lang/fr/admin/custom_fields/general.php
#	resources/lang/fr/admin/hardware/general.php
#	resources/lang/fr/admin/locations/table.php
#	resources/lang/fr/admin/settings/message.php
#	resources/lang/hu/admin/custom_fields/general.php
#	resources/lang/hu/admin/settings/general.php
#	resources/lang/hu/general.php
#	resources/lang/it/admin/settings/general.php
#	resources/lang/nl/admin/custom_fields/general.php
#	resources/lang/nl/admin/settings/general.php
#	resources/lang/nl/general.php
#	resources/lang/pl/admin/custom_fields/general.php
#	resources/lang/sv-SE/passwords.php
#	resources/lang/tr/general.php
#	resources/views/hardware/view.blade.php
#	resources/views/partials/bootstrap-table.blade.php
#	resources/views/reports/activity.blade.php
#	resources/views/users/print.blade.php
2022-04-28 17:49:06 +01:00
Ivan Nieto Vivanco e1927aa154 Update Assets locations when user's location changes whey they got bulk-edited 2022-04-06 19:23:49 -05:00
Ivan Nieto Vivanco 6529a75683 Update Assets locations when user's location changes whey they got bulk-edited 2022-04-06 19:12:02 -05:00
snipe 2d7a8b5e15
Merge pull request #10776 from snipe/added_trim_to_email_and_username
Added trim to email and username
2022-03-04 11:57:33 -08:00
snipe 9a358087ec Add remote user to bulk edit
Signed-off-by: snipe <snipe@snipe.net>
2022-03-04 06:47:23 -08:00
snipe 67134ca387 Do a trim() before inserting/updating
Signed-off-by: snipe <snipe@snipe.net>
2022-03-04 06:18:52 -08:00
snipe 43c1949092 Add remote option to user
Signed-off-by: snipe <snipe@snipe.net>
2022-03-04 05:35:26 -08:00
snipe dd5f812d88 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	.all-contributorsrc
#	README.md
#	app/Console/Commands/FixDoubleEscape.php
#	app/Console/Commands/LdapSync.php
#	app/Exceptions/Handler.php
#	app/Http/Controllers/Api/AssetMaintenancesController.php
#	app/Http/Controllers/Api/AssetModelsController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/CategoriesController.php
#	app/Http/Controllers/Api/CompaniesController.php
#	app/Http/Controllers/Api/DepartmentsController.php
#	app/Http/Controllers/Api/LicensesController.php
#	app/Http/Controllers/Api/LocationsController.php
#	app/Http/Controllers/Api/ManufacturersController.php
#	app/Http/Controllers/Api/SettingsController.php
#	app/Http/Controllers/Api/SuppliersController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/CustomFieldsController.php
#	app/Http/Controllers/SettingsController.php
#	app/Models/Loggable.php
#	app/Providers/AuthServiceProvider.php
#	config/version.php
#	database/migrations/2014_11_04_231416_update_group_field_for_reporting.php
#	database/migrations/2015_11_08_222305_add_ldap_fields_to_settings.php
#	package-lock.json
#	package.json
#	public/js/build/app.js
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/assets/js/components/forms/asset-models/fieldset-default-values.vue
#	resources/views/hardware/view.blade.php
2022-02-20 13:29:12 -08:00
Ivan Nieto Vivanco eac8e0bdba Add a casting to a truthy/falsy that needs to be integer 2022-02-02 13:54:57 -06:00
snipe d9624b59b4
Merge pull request #10264 from nuraeil/added-localized-strings
Added #10242: Improved localized strings
2022-01-10 14:48:52 -08:00
Wächtler, Yannick 04d649122b Fixed duplication for a couple of items, removed TODO markers, added lots of translation strings where there was a TODO 2022-01-06 12:35:37 +01:00
Ivan Nieto Vivanco a419a690d4 Add a variable to better control the selected user's ids 2021-12-11 18:01:38 -06:00
Brady Wetherington 4dda28de9e WIP: cleaning up LDAP 2021-10-28 18:19:50 -07:00
Ivan Nieto Vivanco 9eaf89aaa7 Add a variable to better control the selected user's ids 2021-10-21 13:28:58 -05:00
snipe aa8f1378c9 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	README.md
#	app/Http/Controllers/Accessories/AccessoriesController.php
#	app/Http/Controllers/Api/AssetMaintenancesController.php
#	app/Http/Controllers/Api/AssetModelsController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Controllers/AssetMaintenancesController.php
#	app/Http/Controllers/Assets/AssetFilesController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Assets/BulkAssetsController.php
#	app/Http/Controllers/Components/ComponentsController.php
#	app/Http/Controllers/Consumables/ConsumablesController.php
#	app/Http/Controllers/Licenses/LicenseFilesController.php
#	app/Http/Controllers/Licenses/LicensesController.php
#	app/Http/Controllers/Users/UserFilesController.php
#	app/Http/Transformers/AssetsTransformer.php
#	app/Http/Transformers/LicensesTransformer.php
#	app/Importer/UserImporter.php
#	app/Models/Asset.php
#	config/app.php
#	config/version.php
#	package-lock.json
#	public/js/build/app.js
#	public/js/dist/all.js
#	public/js/dist/bootstrap-table.js
#	public/mix-manifest.json
#	resources/lang/en/admin/users/message.php
#	resources/lang/is/button.php
#	resources/lang/ja/admin/kits/general.php
#	resources/lang/ro/admin/users/general.php
#	resources/lang/zh-HK/admin/depreciations/general.php
#	resources/lang/zh-HK/admin/models/general.php
#	resources/views/hardware/qr-view.blade.php
#	resources/views/hardware/view.blade.php
#	resources/views/partials/bootstrap-table.blade.php
#	resources/views/users/view.blade.php
#	routes/web.php
#	routes/web/hardware.php
#	routes/web/models.php
#	routes/web/users.php
2021-10-20 17:26:41 -07:00
snipe ccd430ce07 Switched back down to debug level
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 12:38:21 -07:00
snipe f306401e7e Fixed SVG XSS vuln
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 12:26:45 -07:00
Laravel Shift 802dc9240d Shift bindings
PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser.
2021-06-10 20:16:56 +00:00
Laravel Shift 934afa036f Adopt Laravel coding style
Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions.

You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started.

[1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer
[2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 20:15:52 +00:00
Ivan Nieto Vivanco 9f944ad497 Added the 'required' attribute to the input file n the upload file form modal. Added a validation for the UserFilesController if the user doesn't select any file to upload [ch16471]. 2021-05-27 15:48:13 -05:00
snipe 9f2b4c721d Allow password reset from user profile
Signed-off-by: snipe <snipe@snipe.net>
2021-05-26 15:32:23 -07:00
Brady Wetherington c7626f8387
Add new StorageHelper and use it where it makes sense (#9276) 2021-03-15 12:26:39 -07:00
Ivan Nieto Vivanco d64b35c348
Added a condition to ensure that only assets checked out to an user that is being deleted are updating their status (#9233) 2021-03-01 13:07:23 -08:00
Brady Wetherington 70e6a6ced6
Fix issue where users with edit permission cannot invoke LDAP sync (#9058)
* Fix issue where users with edit permission cannot invoke LDAP sync

* Make User::class consistent with usage elsewhere in the same directory
2021-01-27 15:36:43 -08:00
Ivan Nieto 6e83679528
Instead of return a JSON response, redirect back to the previous screen (#9055) 2021-01-27 12:01:42 -08:00
snipe 10648de9af
Bulk Checkin and Delete also edit users [ch15107] 2020-09-04 16:02:25 -07:00
snipe 8ec99ff433
Merge pull request #8374 from snipe/fixes/moar_flysystem
WIP - More Flysystem fixes
2020-08-31 09:45:27 -07:00
snipe c23e28d0df
Merge pull request #8372 from snipe/fix_adldap_sync
Fix adldap sync
2020-08-26 13:34:07 -07:00
snipe d25a05d748
Misc Flysystem/image upload request fixes 2020-08-26 11:53:36 -07:00
snipe f385f3e928
Fixed user image upload
TODO: We should probably rename the avatar field on the user’s table, to make it more consistent with the other model images
2020-08-26 02:30:23 -07:00
snipe e5dd6035b9
Fixed the other upload handleUploads signatures 2020-08-24 18:32:40 -07:00
Brady Wetherington 262a964760 [WIP] fix ldap-sync for v5 with AdLdap2 2020-08-14 14:45:05 -07:00
snipe 8ccc1c6515
Fixed weird merge in Bulk Users Controller
Signed-off-by: snipe <snipe@snipe.net>
2020-05-27 22:46:42 -07:00
Daniel Meltzer b3fe47bfa7
Remove/Reorganize logic to make codacy happier. 2020-05-23 15:24:10 -04:00
Daniel Meltzer 136df9418f
Deadcode-- 2020-05-23 15:24:10 -04:00
snipe c7b300a50d
Updated LDAP sync controller to use new Adldap2 connections
Signed-off-by: snipe <snipe@snipe.net>
2020-04-23 22:45:44 -07:00
snipe 039f5da0e1
Add image upload to user edit [ch10508] (#7877)
* Use correct Request include

* Updated to use additional form request

* Added SVG sanitizer

* Added response method to form request

* Allow ImageUploadRequest to accept fieldname params, added SVG sanitization, fixed delete

* Fixed upload path for avatars

* Added fieldname variable to blade partial for image upload

* Added enctype="multipart/form-data"  to form to allow uploads

* Added image field

* Updated Request::old() to use $request->old()

* Fixed derp in edit blade referring to $item when it should be $user

* Added svg+xml to image rule
2020-03-05 18:00:24 -08:00
snipe 94ce8cad64 Make sure $user->item exists before trying to count on it 2019-12-11 14:43:46 -08:00
snipe c31e150935 Use $request->input over Request::get() 2019-12-11 11:09:54 -08:00
snipe 296de34e8a
WIP: Upgrade develop to Laravel 6.6.1 (#7637)
I'm going ahead and merging this, since the upgrade doesn't break Flysystem any worse than the current develop is broken, so far as I can tell. 


* Upgraded framework to Laravel 6

### TO DO:

- Fix password restriction rules- the old library isn’t compatible with Laravel 6 :(
- Figure out why in-app API calls are returning “Unauthorized”

* More updates from Input:: to Request:: helper

* Switch to Request:: from Input

* Added passport config

* Fixed goofy password minimum in seeder

* Added laravel/helpers

* Changed ($item)  to ($item->id) in forms

I have no idea why this is necessary

* Changed ($item) to ($item->id) in forms

* Updated API middleware to auth:api

* Updated with added laravel auth.php values

* FIxed *&!^$%^&$^%!!!! ajax issue

* Switch to Request::get from Input::get

* Switched to Request facade

* Added password security minimums back in

The package we were using has not been updated to Laravel v6, so I created custom validators instead

* Added language strings for error messages for password rules

* Fixed `($item)` issue in formActions for partials
2019-12-10 19:32:50 -08:00