Commit graph

1712 commits

Author SHA1 Message Date
snipe c68c0e1208 Account for limit if none is passed in the request 2019-09-03 20:28:49 -07:00
snipe c256536d21 Math is hard 2019-09-03 14:29:58 -07:00
snipe b8f7cd81eb
Limit API request results per page (#7405) 2019-09-03 14:02:08 -07:00
Martin Berg 3dcef9aac9 Add support for custom remote user header (#7370) 2019-09-03 11:07:26 -07:00
Logan Swartzendruber 4c8b26f732 Implement #3088: Add "Generate Label" option to "Actions" dropdown menu in individual Asset Details view. (#7388)
* Implement #3088: Add "Generate Label" option to "Actions" dropdown menu in individual Asset Details view.

* Add conditional for including the asset number in the URL of the barcode image.

* Change case of variables to pass Codacy PR review standards.
2019-09-03 11:02:55 -07:00
Rick Heil 7b0b28aed0 Add #7393 - next_audit_date set on asset creation if an audit interval is configured in settings (#7394) 2019-09-03 10:58:51 -07:00
snipe 6d66d7e215 Removed withErrors on JSON response 2019-08-22 21:36:47 -07:00
snipe b5bf8e9a37 Smaller chunking for custom report, add max_execution_time 2019-08-15 06:14:25 -07:00
snipe da52511bf9 Use asset tags 2019-08-14 23:13:23 -07:00
snipe c5e6f06e9b Revert import history to master version to fix errors 2019-08-14 22:27:17 -07:00
snipe 6db915b7f0 Removed serialize duplicate 2019-08-14 22:22:50 -07:00
snipe 441ae69f5c
Integrations/develop into master (#7352)
* Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)

* Added upcoming audit report

TODO: Fid diff/threshold math

* Added route to list overdue / upcoming assets via API

* Controller/API methods for due/overdue audits

We could probably skip this and just handle it via view in the routes…

* Added query scopes for due and overdue audits

* Added audit due console command to kernel

* Added ability to pass audit specs to main API asset search method

* Added audit presenter

* Added bootstrap-tables presenter formatter to display an audit button

* Added gated sidenav items to left nav

* Added audit due/overdue blades

* Cleanup on audit due/overdue console command

* Added language strings for audit views

* Fixed :threshold placeholder

* Removed unused setting variable

* Fixed next audit date math

* Added scope for both overdue and upcoming

* Derp. Wrong version

* Bumped version

(I will release this version officially tomorrow)

* Leave the activated state for users alone in normal LDAP synchronisation. (#6988)

* Fixed #7003 - crash when warranty months or purchase date is null

* Fixed #6956 - viewKeys policy inconsistent  (#7009)

* Fixed #6956 - Added additional gates show showing/hiding license keys

* Modified gate to allow user to see licenses if they can create or edit the license as well

* Added API middleware to API routes to enable throttling

TODO: Figure out how to make this costumizable without touching the code

* Import locations from CSV via command line (#7021)

* Added import locations command

* Small fixes to location importer

* Added country, LDAP OU

* Cleaned up comments, added more clarification to what the script does

* Added ability to update groups via API

Fixes [ch9139]

* Bumped version

* Fixed #6883 - remove escaping of fields on LDAP import

* Fixed #6880 - correctly encrypt encrypted fields via the API

* Fixes #5054: LDAP users deactivated for none-ad (#7032)

When using none-AD ldap, users are automatically deactivated every LDAP
sync.  This commit changes the behaviour so that if the active flag isn't set,
the users are enabled.

Fixed #5054, at least for 4.X

* Updated packages

  - Updating erusev/parsedown (v1.7.2 => 1.7.3): Downloading (100%)
  - Updating squizlabs/php_codesniffer (3.4.1 => 3.4.2): Downloading (100%)
  - Updating symfony/polyfill-mbstring (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/var-dumper (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating league/flysystem (1.0.50 => 1.0.51): Downloading (100%)
  - Updating symfony/translation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating nesbot/carbon (1.36.2 => 1.37.1): Downloading (100%)
  - Updating symfony/debug (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/console (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/finder (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-ctype (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php70 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/http-foundation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/event-dispatcher (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/http-kernel (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/process (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/routing (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-util (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php56 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/psr-http-message-bridge (v1.1.1 => v1.1.2): Downloading (failed)
Downloading (100%)
  - Updating rollbar/rollbar (v1.7.5 => v1.8.1): Downloading (100%)
  - Updating symfony/yaml (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/browser-kit (v3.4.23 => v3.4.27): Downloading (100%)

* Fixed #7044 - API update deleted custom fields if they are not re-presented

* Fixed XSS vulnerability when creating a new categories, etc via modal on create

Same fix as before, because of the weird select2 post-parsing ajax behavior

* Updated email strings

* Fixed #7046 - added user website url back into UI

* Updated language strings

* Bumped version

* Updated packages

* New backups config for spatie

* Removed debugbar service provider (autodiscovery)

* Use laravel v5.5 withCount manual aliases

* Added spatie language files

* Removed old laravel backups config

This config file was renamed in a newer version of spatie laravel-backup

* Set the serialization

* Added the command loader to console kernel

* Renamed fire() to handle()

* Updated withCount to use manual naming

* Updated backup path in backup admin

* Updated travis with new php versions

* Bumped laravel version in readme

* Fixed custom field edit screen

* Fixed baseUrl is undefined error

I literally cannot figure out how this ever worked before.

* Fix for included files in backup

* Bumped version

* Switch has() to filled()

* Change ->has() to ->filled()

* Removed cosole log

* Bumped packages

* Use getReader instead of fetchAssoc for CSV parser

https://csv.thephpleague.com/9.0/upgrading/

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Trying to fix ajax asset validation

This I think gets us closer, but still not handling the validation on the asset properly.

When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:

```
Illuminate\Support\MessageBag Object
(
    [messages:protected] => Array
        (
            [name] => Array
                (
                    [0] => The name field is required.
                )

            [seats] => Array
                (
                    [0] => The seats field is required.
                )

            [category_id] => Array
                (
                    [0] => The category id field is required.
                )

        )

    [format:protected] => :message
)
```

Currently the Assets ajax returns:

```
[2019-05-24 06:52:06] develop.ERROR: array (
  'messages' =>
  array (
    'model_id' =>
    array (
      0 => 'The model id field is required.',
    ),
    'status_id' =>
    array (
      0 => 'The status id field is required.',
    ),
    'asset_tag' =>
    array (
      0 => 'The asset tag field is required.',
    ),
  ),
)
```

So not sure why it’s not working.

* Fixed missing asset validation

* Check that a model exists before trying to fiddle with fieldsets

* Tidied up license check

* Removed extra escaping on checkin

* Updated importer to work with newer CSV Reader::getRecords() method

* Fixed field mapping

* Small fix for reordering fields

Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151]

This needs revisiting for a more solid fix, especially for data that was already entered bad.

* Fixed bug where sorting by company name in Users API did not work

Fixes [ch9200]

* Removed custom fields from AssignedSearch to prevent confusing data in selectlist

Fixes [ch9193]

* Removed alert-danger from tests

* Fixed missed consumables_count withCount() statement

* Fixed Undefined variable user in $backto if checked out to a non-user

Fixes [ch9194]

* Check for valid model before attempting to access fieldsets

Fixes [ch1249]

* Only build the log upload destination path if there is a matching record

Fixes [ch1232]

* Fixed free_seats_count variable name

(I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables)

* Only gtry to delete the file if a record is found in the log

* Only try to get fieldset if model is valid

* Fixed more camel-casing -> snake-casing

* Only display the file if the log record can be found

* Fixed casing in sync command

* Updated README

* Derp - typo

* Added link to Atlassian plugin

* More Atlassian clarifications

* Show accessory image on view page

* Increased image size to 800px, added lightboxes

* Fixed #7083 - Removed user_exists constraint on department save

If the user has been deleted, this prevented the department from being successfully saved on edit

* Updated branch in version file

* Dockerfile update to bring us up to php v7.1 for Laravel 5.5 (#7084)

* bump up to php7.1

& change deprecated MAINTAINER to a LABEL so it is visible with `docker inspect`

* AND modapache ><

* 2 updates required to get software-properties+ppa

* Bumped version

* Bumped release again :(

* Missed one

* Fixed #7098 - updated backup config for deleteFile() method

* Fixed #7092 -  handle weird port forwarding/port numbers for baseUrl

* Bumped version

* Fixed #7099 - set email to null by default for backup notifications

* Removed old comments

* Fixed #7100 - Check if $user isset on checkin

* Increased throttle to 120 requests per minute

* Added Filipino, corrected order for Spanish variations

* Update language strings

* Bumped hash

* Changed has to filled to fix bulk asset editing

* Bumped point version

* Small fixes for phpleague CSB reader v9

* Improved error checking in locations importer

* Fixed #7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility

* Reduce minimum group name length to 2 (from 3)

eg: IT

* Back in time fix FOR #7145 for new installs on MySQL 8+

* Fixed permission insert

//TODO

Handle this via model

* Possible fix for reporting/admin migration back in time

* Fixed #7164 - change table name to permission_groups

* Fixed LDAP password blanking on save

* fixing previous commit's actual wiping of password (#7183)

replaced Input::fille('ldap_pword') with _filled_.   Should be good to go.  

https://github.com/snipe/snipe-it/issues/7179

https://github.com/snipe/snipe-it/issues/7169

* Bumped version

* Downgrading rollbar for Laravel 5.5

* Spelling Correction (#7206)

Fixed Spelling for the word reqrite, to be rewrite.

* Fix #6910: Add logic to manipulate the eloquent query. (#7006)

* Added company_id to consumables_users table

* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users

* Remove a migration that tries to fix this problem, but is not longer necessary

* Addresses #7238 - add PWA code to layout

Needs additional UX testing

* Better log message for bad LDAP connection

* Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed

* Comment clarification on #7186

* Check for valid seat on hardware view

* Added space between footer and custom message

* Cap warranty months to three characters

Filles rollbar 209

* Cap warranty months to 3 on the frontend blade

* Fixed countable() strings on user destroy

* Check that the user has assets and that the aset model is valid

* Bumped hash

* Caps asset warranty to 20 years

* Command to fix custom field unicode conversion differences between PHP versions (#7263)

* Fixes #7252 form request changes (#7272)

* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests

* Removed debug info

* More fixes for #7252

This is mostly working as intended, if not yet the way Laravel wants us to do it.

Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.

* Removed experimental method

* Check for digits_between:0,240 for warranty

* Removed debug code

* Apply fix from PR #7273 to master

* Bumped hash

* Fixed #7250 - permission issue for API fieldsets and fields endpoints

This applies the change from #7294 to master

* Add @mskrip as a contributor

* Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name

* CORS for api (#7292)

* Added CORS support to API

* Changed order so CORS will still work if throttle hit

* Added APP_CORS_ALLOWED_ORIGINS env option

* Fixed typo

* Clarified header comments

* More clarification

* DIsable CORS allowed origins by default to replicate existing behavior

* Change variable name to be clearer

* Bumped version

* Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317)

* Added comments to the ByFilter query scope for clarity

* Added accessories checkout/checkin API endpoint

* Fixed CVE-2019-10742

https://nvd.nist.gov/vuln/detail/CVE-2019-10742

* Update README.md (#7334)

Add reference to CSV importer.

* Group related variables in .env

* History importer fixes

* Fixes to history importer
2019-08-14 21:48:14 -07:00
snipe 8b4a9aa382 Fixes to history importer 2019-08-13 18:15:42 -07:00
snipe 99cd552d5c History importer fixes 2019-08-13 18:00:21 -07:00
snipe e7b0ee2539 Added accessories checkout/checkin API endpoint 2019-08-02 15:08:26 -07:00
snipe 3dc2cc9f22
CORS for api (#7292)
* Added CORS support to API

* Changed order so CORS will still work if throttle hit

* Added APP_CORS_ALLOWED_ORIGINS env option

* Fixed typo

* Clarified header comments

* More clarification

* DIsable CORS allowed origins by default to replicate existing behavior

* Change variable name to be clearer
2019-07-26 12:38:31 -07:00
snipe ab86e42b2e Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name 2019-07-26 12:37:38 -07:00
snipe 250a797339 Fixed #7250 - permission issue for API fieldsets and fields endpoints
This applies the change from #7294 to master
2019-07-24 11:00:42 -07:00
Marián Skrip 8a1f6b74e8 Fix permission issue for API fieldsets and fields endpoints (#7294)
Close snipe/snipe-it#7250
2019-07-24 10:57:09 -07:00
snipe 55ee90b25d
Fixes #7252 form request changes (#7272)
* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests

* Removed debug info

* More fixes for #7252

This is mostly working as intended, if not yet the way Laravel wants us to do it.

Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.

* Removed experimental method

* Check for digits_between:0,240 for warranty

* Removed debug code
2019-07-18 14:32:23 -07:00
snipe 444e250609 Fixed countable() strings on user destroy 2019-07-17 17:51:13 -07:00
snipe b4b6d6b571 Comment clarification on #7186 2019-07-15 15:31:09 -07:00
snipe 8c73a47afb Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed 2019-07-15 15:27:02 -07:00
snipe f82ffe378c Merge branch 'master' of https://github.com/snipe/snipe-it 2019-07-15 14:11:18 -07:00
snipe 984c2a8fd4 Better log message for bad LDAP connection 2019-07-15 14:10:57 -07:00
Ivan Nieto d409be6d43 Fix #6910: Add logic to manipulate the eloquent query. (#7006)
* Added company_id to consumables_users table

* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users

* Remove a migration that tries to fix this problem, but is not longer necessary
2019-07-15 13:02:44 -07:00
Kasey 03a4512406 fixing previous commit's actual wiping of password (#7183)
replaced Input::fille('ldap_pword') with _filled_.   Should be good to go.  

https://github.com/snipe/snipe-it/issues/7179

https://github.com/snipe/snipe-it/issues/7169
2019-06-19 14:21:53 -07:00
snipe de992e4df3 Fixed LDAP password blanking on save 2019-06-14 17:20:37 -07:00
snipe 49a255c8fb Changed has to filled to fix bulk asset editing 2019-05-31 14:11:43 -07:00
snipe d2bbc09892 Increased throttle to 120 requests per minute 2019-05-31 11:57:57 -07:00
vicleos c6039cbc1d Vicleos fix storage namespace (#6901)
* Update CompaniesController.php

fixed companies destroy error

* fix Storage namespace loss
2019-05-30 19:10:04 -07:00
snipe 74a2c29bc2 Fixed #7100 - Check if $user isset on checkin 2019-05-30 19:06:30 -07:00
snipe 2c64739e8f Removed old comments 2019-05-30 19:02:20 -07:00
snipe 829d44bd27 Fixed #7098 - updated backup config for deleteFile() method 2019-05-29 14:47:55 -07:00
snipe 2dd31544fe Increased image size to 800px, added lightboxes 2019-05-24 19:11:08 -07:00
snipe 6dcdb5abae Only display the file if the log record can be found 2019-05-24 16:06:52 -07:00
snipe 56576d9e45 Fixed more camel-casing -> snake-casing 2019-05-24 16:01:12 -07:00
snipe d5c3ee5ed0 Only try to get fieldset if model is valid 2019-05-24 15:44:54 -07:00
snipe 18db0a50f1 Only gtry to delete the file if a record is found in the log 2019-05-24 15:44:40 -07:00
snipe d596ced0a0 Fixed free_seats_count variable name
(I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables)
2019-05-24 15:44:18 -07:00
snipe 78fb2b2239 Only build the log upload destination path if there is a matching record
Fixes [ch1232]
2019-05-24 15:28:53 -07:00
snipe 1472e9d5b5 Check for valid model before attempting to access fieldsets
Fixes [ch1249]
2019-05-24 15:03:15 -07:00
snipe fcbc7e4540 Fixed Undefined variable user in $backto if checked out to a non-user
Fixes [ch9194]
2019-05-24 14:51:27 -07:00
snipe 93bf541ce7 Fixed missed consumables_count withCount() statement 2019-05-24 14:21:53 -07:00
snipe c5a23e8f5e Fixed bug where sorting by company name in Users API did not work
Fixes [ch9200]
2019-05-24 13:37:20 -07:00
snipe b6d2392303 Small fix for reordering fields
Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151]

This needs revisiting for a more solid fix, especially for data that was already entered bad.
2019-05-24 12:05:52 -07:00
snipe 4be95eac4b Removed extra escaping on checkin 2019-05-24 11:44:39 -07:00
snipe 8914d14681 Tidied up license check 2019-05-24 05:26:52 -07:00
snipe d4725b61be Check that a model exists before trying to fiddle with fieldsets 2019-05-24 04:48:04 -07:00
snipe aa0b627fe7 Fixed missing asset validation 2019-05-24 04:47:35 -07:00
snipe 5be5e3271d Trying to fix ajax asset validation
This I think gets us closer, but still not handling the validation on the asset properly.

When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:

```
Illuminate\Support\MessageBag Object
(
    [messages:protected] => Array
        (
            [name] => Array
                (
                    [0] => The name field is required.
                )

            [seats] => Array
                (
                    [0] => The seats field is required.
                )

            [category_id] => Array
                (
                    [0] => The category id field is required.
                )

        )

    [format:protected] => :message
)
```

Currently the Assets ajax returns:

```
[2019-05-24 06:52:06] develop.ERROR: array (
  'messages' =>
  array (
    'model_id' =>
    array (
      0 => 'The model id field is required.',
    ),
    'status_id' =>
    array (
      0 => 'The status id field is required.',
    ),
    'asset_tag' =>
    array (
      0 => 'The asset tag field is required.',
    ),
  ),
)
```

So not sure why it’s not working.
2019-05-24 03:55:31 -07:00
snipe dd5d5cc07c Handle JSON validation errors like 5.4 2019-05-24 01:12:38 -07:00
snipe 84c3709161 Handle JSON validation errors like 5.4 2019-05-24 01:12:21 -07:00
sreyemnayr f85ac97d8c Feedback for Kits; Fix checkins for accessories (#7060)
* Kits feedback

* Fix accessory checkin
2019-05-23 19:39:30 -07:00
snipe bf93e8cc32 Use getReader instead of fetchAssoc for CSV parser
https://csv.thephpleague.com/9.0/upgrading/
2019-05-23 19:09:58 -07:00
snipe 2d036c64e9 Change ->has() to ->filled() 2019-05-23 17:39:50 -07:00
snipe 8db2470ac4 Switch has() to filled() 2019-05-23 17:17:46 -07:00
snipe 12ec2d1f7a Fixed custom field edit screen 2019-05-22 01:07:14 -07:00
snipe 6cd25fbdeb Updated backup path in backup admin 2019-05-22 00:56:14 -07:00
snipe 4be8ba9f17 Updated withCount to use manual naming 2019-05-22 00:52:51 -07:00
snipe bfb910f375 Set the serialization 2019-05-22 00:51:43 -07:00
snipe b2eacb147b Fixed #7046 - added user website url back into UI 2019-05-21 18:55:12 -07:00
snipe 0358d13ddb Fixed #7044 - API update deleted custom fields if they are not re-presented 2019-05-20 11:49:18 -07:00
snipe 9eb7b668d1 Fixed #6880 - correctly encrypt encrypted fields via the API 2019-05-15 19:33:30 -07:00
snipe 888bdbdb68 Added ability to update groups via API
Fixes [ch9139]
2019-05-15 16:39:34 -07:00
Ivan Nieto e40a5a70a5 RTF support added (#7024)
* Added the Gatte Facade to AssetsController

* Added the filetype RTF in the modal to upload files

* Added validation of RTF files
2019-05-15 15:47:40 -07:00
snipe d016076806
Fixed #6956 - viewKeys policy inconsistent (#7009)
* Fixed #6956 - Added additional gates show showing/hiding license keys

* Modified gate to allow user to see licenses if they can create or edit the license as well
2019-05-08 08:14:49 -04:00
snipe 407445456a Merge branch 'features/6204_email_audit-alerts' into develop
# Conflicts:
#	app/Console/Commands/LdapSync.php
#	app/Console/Kernel.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/LicensesController.php
#	composer.json
#	composer.lock
#	config/version.php
#	resources/views/auth/two_factor_enroll.blade.php
2019-05-06 08:45:13 -04:00
snipe e5c2d77c7d
Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)
* Added upcoming audit report

TODO: Fid diff/threshold math

* Added route to list overdue / upcoming assets via API

* Controller/API methods for due/overdue audits

We could probably skip this and just handle it via view in the routes…

* Added query scopes for due and overdue audits

* Added audit due console command to kernel

* Added ability to pass audit specs to main API asset search method

* Added audit presenter

* Added bootstrap-tables presenter formatter to display an audit button

* Added gated sidenav items to left nav

* Added audit due/overdue blades

* Cleanup on audit due/overdue console command

* Added language strings for audit views

* Fixed :threshold placeholder

* Removed unused setting variable

* Fixed next audit date math

* Added scope for both overdue and upcoming

* Derp. Wrong version

* Bumped version

(I will release this version officially tomorrow)
2019-05-05 22:32:52 -04:00
snipe e4a298ca2a Added scope for both overdue and upcoming 2019-05-05 22:13:30 -04:00
vicleos ab8792a13d Update CompaniesController.php (#6900)
fixed companies destroy error
2019-05-05 20:57:28 -04:00
snipe 0f0ffd39a8 Added ability to pass audit specs to main API asset search method 2019-05-05 19:19:56 -04:00
snipe ab060288fa Controller/API methods for due/overdue audits
We could probably skip this and just handle it via view in the routes…
2019-05-05 19:13:37 -04:00
snipe ce16eae508 Merge branch 'master' of https://github.com/snipe/snipe-it 2019-05-02 15:20:52 -07:00
snipe dc73dbfbfd Fixed #6911 - note must be a string on license checkin 2019-05-02 15:20:47 -07:00
snipe 420e8bc85a Allow phone number to be changed in Profile 2019-04-18 14:13:50 -04:00
Ivan Nieto b1f96448af Remove old redundant code in LicensesController, added an offset to AccessoriesController for pagination to work correctly (#6847) 2019-04-02 10:13:58 -07:00
Martin Meredith b779e274cc Fix usage of Google2FA Facade (#6864) 2019-03-27 22:01:38 -07:00
Martin Meredith 83257af267 Fix imports for 2FA Login (#6855) 2019-03-26 14:10:56 -07:00
snipe 109a29b5fc Fix error in tests 2019-03-20 04:39:50 -07:00
snipe acb90c7aee Horrible master -> dev merge that makes baby jesus cry :(
# Conflicts:
#	app/Http/Controllers/Auth/LoginController.php
#	composer.json
#	composer.lock
#	resources/views/auth/two_factor_enroll.blade.php
2019-03-20 02:24:23 -07:00
snipe bca82684a1 Merge branch 'hotfixes/2fa_qr' into develop
# Conflicts:
#	.all-contributorsrc
#	Dockerfile
#	README.md
#	app/Console/Commands/LdapSync.php
#	app/Http/Controllers/Api/ImportController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/CategoriesController.php
#	app/Http/Controllers/CompaniesController.php
#	app/Http/Controllers/DepartmentsController.php
#	app/Http/Controllers/ImportsController.php
#	app/Http/Controllers/LocationsController.php
#	app/Http/Controllers/ManufacturersController.php
#	app/Http/Controllers/SuppliersController.php
#	app/Http/Requests/ItemImportRequest.php
#	app/Http/Transformers/ActionlogsTransformer.php
#	composer.json
#	composer.lock
#	config/app.php
#	config/version.php
#	docker/startup.sh
#	public/css/build/all.css
#	public/css/dist/all.css
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/dist/all.js
#	public/mix-manifest.json
2019-03-20 02:17:02 -07:00
snipe da015ec4a8
Fixed #6834 and #6402 - use inline QR code generation for 2FA (#6840)
* Fixed  #6834 and #6402 - use inline QR code generation for

* Update auth controllers to use translations

* Updated composer lock

* Added comments

* Moar comments

* Typo
2019-03-20 01:24:31 -07:00
snipe 335e8ffaaa Typo 2019-03-20 01:22:20 -07:00
snipe 8d0ee9e531 Moar comments 2019-03-20 01:21:34 -07:00
snipe cc5c7d33e7 Added comments 2019-03-20 01:14:58 -07:00
snipe 5699e021de Update auth controllers to use translations 2019-03-20 00:50:09 -07:00
snipe cf92618c70 Fixed #6834 and #6402 - use inline QR code generation for 2019-03-20 00:49:44 -07:00
snipe a874dbb0d0 Working attempt, but will try with old library for mininal footprint 2019-03-19 23:18:16 -07:00
snipe 8ed268819e Fixed XSS 2019-03-18 21:09:57 -07:00
snipe dee92cfc6c
Fixes XSS vulnerabilities (#6831)
* Properly escape log_meta values

* Vue syntax fix to allow npm run dev to work again

* Janky fix for Select2 bug

* Compiled production assets

* Escape user’s last name in API

* Removed duplicate alertClass

* Compiled production assets
2019-03-18 20:49:32 -07:00
snipe 0e1289f12f
Fixes #6821 - fixed 2 fa active for users list (#6822)
* Fixed #6821 - confusing UI for 2FA when 2FA is universally enforced

I also updated the language in the user’s listing table to clarify what “activated” means

* Added login enabled info to user view

* Clarified comments

* Added info about 2FA on user profile

Because why not

* Added nowrap to table, and added 2FA reset for superadmins
2019-03-18 11:59:02 -07:00
snipe 7b33f95e83
Fixes/import permissions mask (#6826)
* Check for empty headers in import

* Added import permission

* Fixed model path in docblock

* Added import gate to default blade

* Check if the user is an admin OR idf they have import permissions

* Walked back that admin permission

Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
2019-03-18 11:58:08 -07:00
Ivan Nieto bebdbdfb87 Fix #6763. Import Stuck Processing - Error - Can only flip STRING and INTEGER values! (#6804)
* Added validation for errors when the Import Field to map isn't setted

* A slightly correction to the error message

* Added the translation strings for the Error Message
2019-03-14 12:32:40 -07:00
snipe 96f069c417 Change action_datwe to datetime in transformer 2019-03-13 21:57:06 -07:00
Ivan Nieto c7f48951a9 Valo/checkin date in history of asset (#6733)
* To see checkin/checkout Date in History of Asset

* Added some logic to get today's date if the checkin_at input is blank

* Updating the action_date taking the value from the action_log table

* Hide created_at field and rename 'Action Date' as only 'Date'
2019-03-13 21:36:32 -07:00
Marián Skrip 8d63533205 Add write-only image_source field for asset create/edit API endpoint (#6146)
`image_source` should contain base64 encoded image data with mime-type.
2019-03-13 21:00:40 -07:00
Ivan Nieto 8c65214b1f Ignore the soft deleted assets in the eloquent query (#6824) 2019-03-13 20:14:30 -07:00
Martin Meredith e3e0d57f56 Minor code cleanup bits and bobs (#6805)
* Add IDE Helper files

* Cleanup imports

- Alphabetises imports
- Removes unused imports

* Add Platform requirements

* Move filling asset into block where asset exists

* Remove duplicate array keys
2019-03-13 20:12:03 -07:00
snipe 858d382e26 Changed logging to info level for LDAP 2019-03-13 15:14:03 -07:00
snipe de16fee00a Change image unlink error log to info from error 2019-03-13 12:22:12 -07:00
snipe 1b0d855c00 Added translation, removed commented out code 2019-03-13 12:15:48 -07:00
snipe 61afdeac2e Merge branch 'develop' of https://github.com/VELIKII-DIVAN/snipe-it into VELIKII-DIVAN-develop 2019-03-08 16:18:48 -08:00
Martin Meredith 0840ab41d5 Hotfix: Fix ability to create assets (#6790) 2019-03-06 16:37:58 -08:00
snipe 5293cb30bd Merge branch 'fixes/only_present_image_url_if_image_present_in_profile_api' into develop 2019-03-05 23:54:08 -08:00
snipe 6d98bd6846
Fixed error if item requested or request was deleted (#6786)
ch628
2019-03-05 23:47:36 -08:00
snipe 0b0813b260 Fixed error if item requested or request was deleted
ch628
2019-03-05 23:46:40 -08:00
snipe 28a450ea25
Added ability to do full name search in user dropdown selectlist (#6784) 2019-03-05 21:13:39 -08:00
snipe 6696685d0b Merge branch 'fixes/full_name_search_user_selectlist' into develop
# Conflicts:
#	app/Http/Controllers/Api/UsersController.php
#	routes/api.php
2019-03-05 20:57:10 -08:00
snipe f065bd7784 Added ability to do full name search in user dropdown selectlist 2019-03-05 20:40:05 -08:00
Steffen de39906cae Put file contents instead of file object (creates subdirectory with a single file) (#6760) 2019-03-05 12:08:18 -08:00
snipe 288cc01c41 Merge branch 'features/accessories_users' into develop
# Conflicts:
#	app/Http/Controllers/Api/UsersController.php
#	config/version.php
#	routes/api.php
2019-03-01 17:30:03 -08:00
snipe 9575cd2651
Add accessories endpoint to user API (#6775) 2019-03-01 17:21:03 -08:00
snipe 348c13f318 Add accessories endpoint to user API 2019-03-01 16:31:22 -08:00
Steffen e1907e30b1 Allow multiple upload fields and add logo option to labels (#6736)
* Change upload js to work with multiple upload elements on a single page

* Change uploadFile in upload modal and form partial

* Change uploadFile to js-uploadFile to avoid potential issues in the future

* Remove duplicate style attribute causing webpack to fail

* Missed a css class in rename to js- prefix

* - Move logo uploads to partial for eaiser usage
- Add label logo
- Add css classes to label elements
- Change label prefix text (M: S: ...) to css::before content for easy removal in config

* Add more css classes to labels

* Allow unescaped " (quot) in css ouput

* Add max size param to partial, set defaults for allowedType and size
2019-03-01 15:25:42 -08:00
Dmitrii Minaev 16bb784e78 Codestyle & bug fixes 2019-02-28 01:37:58 +03:00
Dmitrii Minaev d3c320e56f Code comments and format 2019-02-23 22:44:03 +03:00
Dmitrii Minaev 5f3a0bdea5 app\Services\PredefinedKitService.php rename to app\Services\PredefinedKitCheckoutService.php
add accessories and consumables tables
add selectlist api to:
 app\Http\Controllers\Api\AccessoriesController.php
 app\Http\Controllers\Api\ConsumablesController.php
 app\Http\Controllers\Api\LicensesController.php
templates for selectlist
apply kit to user works
2019-02-19 22:19:00 +03:00
snipe 0242b3ec74 Handled JS cookie offset issue on the server side
We may want to handle this via the blades instead, as I’m not sure if API users will run into weirdness here.
2019-02-14 15:01:34 -08:00
snipe b26fbf986f Fixed issue where offset could be greater than total items, resulting in “No results” confusion 2019-02-14 14:49:08 -08:00
snipe 5c9b1ed43a Fixed #6676 - consumables API not respecting category id 2019-02-14 14:48:43 -08:00
snipe 0000f487ac Merge remote-tracking branch 'origin/fixes/password_confirmation_6703' into develop
# Conflicts:
#	config/version.php
2019-02-13 23:02:21 -08:00
snipe 35ebe33e4e
Fixed #6703 - fixes password confirmation (#6711)
* Fixed #6703 - fixes password confirmation

* Removed debugging

* Fixed tests

* I guess we use 10 as the settings for password min in tests

* One more try to fix tests - confirmation won’t validate until password validates
2019-02-13 23:01:19 -08:00
snipe d893837c86 Removed debugging 2019-02-13 21:32:26 -08:00
snipe 230c9da1df Fixed #6703 - fixes password confirmation 2019-02-13 21:30:15 -08:00
snipe cd333fa93b Fixed wonky merge :( 2019-02-13 06:52:36 -08:00
snipe 533649f24e Merge branch 'develop' into dev-master-integration
# Conflicts:
#	.gitignore
#	.travis.yml
#	app/Console/Commands/LdapSync.php
#	app/Console/Commands/SendExpectedCheckinAlerts.php
#	app/Console/Commands/SendExpirationAlerts.php
#	app/Console/Commands/SendInventoryAlerts.php
#	app/Console/Kernel.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/ManufacturersController.php
#	app/Http/Controllers/Api/StatuslabelsController.php
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Controllers/AssetMaintenancesController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Auth/ForgotPasswordController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/Auth/ResetPasswordController.php
#	app/Http/Controllers/ReportsController.php
#	app/Http/Controllers/SettingsController.php
#	app/Http/Controllers/UsersController.php
#	app/Http/Transformers/AssetMaintenancesTransformer.php
#	app/Importer/Importer.php
#	app/Importer/ItemImporter.php
#	app/Importer/UserImporter.php
#	app/Importer/import_mappings.md
#	app/Models/Ldap.php
#	app/Models/License.php
#	app/Models/Location.php
#	app/Models/Recipients/AlertRecipient.php
#	app/Models/User.php
#	app/Providers/AppServiceProvider.php
#	composer.json
#	composer.lock
#	config/trustedproxy.php
#	config/version.php
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/assets/js/components/importer/importer-file.vue
#	resources/lang/ar/admin/settings/general.php
#	resources/lang/bg/admin/settings/general.php
#	resources/lang/en-ID/admin/settings/general.php
#	resources/lang/en-ID/passwords.php
#	resources/lang/en/passwords.php
#	resources/lang/es-CO/passwords.php
#	resources/lang/es-ES/passwords.php
#	resources/lang/es-MX/passwords.php
#	resources/lang/es-VE/passwords.php
#	resources/lang/fi/admin/settings/general.php
#	resources/lang/id/admin/settings/general.php
#	resources/lang/id/passwords.php
#	resources/lang/ja/passwords.php
#	resources/lang/nl/passwords.php
#	resources/lang/pl/admin/settings/general.php
#	resources/lang/pl/passwords.php
#	resources/lang/pt-BR/admin/settings/general.php
#	resources/lang/pt-BR/passwords.php
#	resources/lang/ru/admin/settings/general.php
#	resources/lang/ru/admin/statuslabels/table.php
#	resources/lang/ru/passwords.php
#	resources/lang/sr-CS/general.php
#	resources/lang/sr-CS/mail.php
#	resources/lang/sv-SE/admin/settings/general.php
#	resources/lang/tr/admin/settings/general.php
#	resources/lang/tr/passwords.php
#	resources/lang/vi/admin/models/message.php
#	resources/lang/vi/admin/users/general.php
#	resources/lang/zh-CN/admin/settings/general.php
#	resources/views/importer/import.blade.php
#	resources/views/partials/bootstrap-table.blade.php
#	resources/views/partials/forms/edit/image-upload.blade.php
#	resources/views/users/edit.blade.php
#	resources/views/users/view.blade.php
#	tests/unit/ImporterTest.php
2019-02-13 06:42:52 -08:00
snipe f1fa5bdaa9 Fixed (develop) #6704 - don’t apply gate to $arrays collection, just check that they can view assets 2019-02-13 04:56:13 -08:00
snipe aa1e06f021 One more time…. Fixed #6704 - don’t apply gate to $arrays collection, just check that they can view assets 2019-02-13 04:46:19 -08:00
snipe 30b1cfabf5 Fixed dumb formatting 2019-02-13 04:45:21 -08:00
snipe e75d22ab73 Revert "Fixed #6704 - don’t apply gate to $arrays collection, just check that they can view assets"
This reverts commit b1e17743b8.
2019-02-13 04:44:19 -08:00
snipe b1e17743b8 Fixed #6704 - don’t apply gate to $arrays collection, just check that they can view assets 2019-02-13 04:35:55 -08:00
snipe b317fb8d83 Fixed #6367 - pass table name and column_id to scopeCompanyables 2019-02-13 01:29:53 -08:00
snipe e2c0f01a10 Fixed #6367 - pass table name and column_id to scopeCompanyables
Solves error: Integrity constraint violation: 1052 Column 'company_id' in where clause is ambiguous
2019-02-13 01:26:11 -08:00
snipe 245b3ca09f Fixed #6061 - Assigned user group cannot be removed 2019-02-12 23:49:42 -08:00
snipe f3c12f38b6 Fixed #6061 - Assigned user group cannot be removed
This bug was a result of attempting to check if the groups field had a value, and only THEN trying to sync the groups. This meant that uf you were removing ALL groups, the  sync wouldn’t be triggered.

This still needs to be updated in the API.
2019-02-12 23:43:38 -08:00
snipe 8e358faebc Fixed #6113 - use $asset->fill vs filled() to allow blanking values via API 2019-02-12 22:15:32 -08:00
snipe 90cddb7aee
Fixed #6113 - use $asset->fill vs filled() to allow blanking values via API (#6693)
Need to confirm that re-enabling `\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,` won’t mangle anything. I know we ran into some issues when testing a long time ago, but not sure those issues apply anymore, and I can’t remember what they were.
2019-02-12 22:08:38 -08:00
herroworrd 3f7d2aebc7 Fixed #6634: Asset Import History fixes and optimizations (#6657)
* Starting work on asset history importer.

* Starting work on asset history importer.

* Added checkin target.

* Last change... importing history should also probably be an admin only task.

* Added caching for user and asset queries.

* Updated cache keepalive time to DateTimeInterface

* Updated cache keepalive time to DateTimeInterface
2019-02-08 16:05:56 -08:00
snipe 4fd469e07b Prevent editing special users demo mode 2019-02-04 19:13:55 -08:00
snipe 59cb1e561e Merge branch 'develop' of https://github.com/snipe/snipe-it into develop 2019-02-04 18:59:53 -08:00
snipe 4fe63d2966 Fixed #6633 - return 200 status code on asset API 2019-02-04 18:59:49 -08:00
snipe 971fcf5800 Fixed #6633 - return 200 status code 2019-02-04 18:58:28 -08:00
Colin Campbell ef8e20f66b Alpine linux docker image (#6645)
* docker-alpine: Alpine linux container + apache 2.4 support

* docker-alpine: Force passport migrations (production mode Exception)

* docker-alpine: Copy default env in Dockerfile
2019-01-30 14:45:36 -08:00
snipe c1a4fbee16 Merge branch 'develop' of https://github.com/snipe/snipe-it into develop 2019-01-25 13:34:57 -08:00
Colin Campbell 8c632f63b0 Misc ldap fixes (#6631)
* misc_ldap_fixes: Map location from OU, not group

* misc_ldap_fixes: Ensure ldap is initialised for import

* misc_ldap_fixes: Import Job Title

* misc_ldap_fixes: Import telephone, fix field select from schema

* misc_ldap_fixes: Cleanup login error-handling, fix boolean tests
2019-01-24 16:15:44 -08:00
snipe ec4161a959 Fixed typo 2019-01-24 15:21:38 -08:00
snipe 8f09cca043 Fixed incorrect group route 2019-01-24 15:17:11 -08:00
snipe b326d8593b Fixed bad groups route on error 2019-01-24 14:56:47 -08:00
snipe d1fe7abb18 Replaced custom deleted query scopes with onlyTrashed() 2019-01-24 14:47:44 -08:00
snipe 394e51029e Only try to upload the audit file if one is provided 2019-01-24 14:04:06 -08:00
snipe 4b8f9d810b Fixed #6625 - include fully depreciated date in custom asset report 2019-01-24 12:38:17 -08:00
bricelabelle 5281713fd9 Added #6617: View licenses checked out to an asset with the hardware API (#6621) 2019-01-22 14:47:40 -08:00
snipe 07eead2dbf Fixed bug where assets could be deleted without being checked back in [ch38] 2019-01-22 14:13:30 -08:00
NMathar 66f557d436 add user license api endpoint fix #6241 (#6616) 2019-01-22 13:48:15 -08:00
snipe fdd6ddf61b Fixed favicon upload
[ch309]
2019-01-18 14:05:52 -08:00
Ivan Nieto 310ed0f1d3 Fix an issue when trying to checkin a license seat. [ch46] (#6599)
* Fix an issue when trying to checkin a license seat.

* Minor changes in the checkin view, so it can returns to the expected place where the checkin is launched.
2019-01-17 20:36:40 -08:00
snipe b293d00699 Switch LDAP error to debug, to avoid crapping up the logs 2019-01-17 20:18:03 -08:00
snipe 1eace04ad9 Handle asset maintenances that do not have a valid asset associated 2019-01-16 02:26:42 -08:00
snipe 75a0cf97e2 Return an error if asset maintenance is associated with a non-existant asset 2019-01-16 02:19:57 -08:00
snipe a1f93e733c Fixed undefined error when maintenance is associated with a deleted asset 2019-01-16 01:45:51 -08:00
snipe 125938762b Patched #6565 to develop 2019-01-15 14:02:10 -08:00
Sxderp 187206cb88 Fix saving of REMOTE_USER setting broken by 1a64879b6 (#6565)
The previous commit made it such that remote user login could only
be enabled if two factor authentication was also enabled. Unnest
the configuration so that the setting can be applied without.
2019-01-15 13:59:36 -08:00
Steffen 61c619660d Initialize customFormat to prevent Blade error when creating new fields (#6596) 2019-01-15 13:56:56 -08:00
Steffen 1de9087427 LDAP fixes (#6533)
* Add iCheck png files to webpack config (inconsistency for css <> png) and blue.png to public folder

* php 7.3 collect() fix (undefined variable)

* Fix travis ci

* Add iCheck png files to webpack config (inconsistency for css <> png) and blue.png to public folder

* php 7.3 collect() fix (undefined variable)

* change LDAP implementation from model to (singleton) service

* Re-apply check for content in ldap_server variable before parsing

* Update LDAP implementation

* Switch iCheck to minimal as referenced in js

* Don't init on load but on first access via init (returns ldap enabled status)

* Re-Enable notifications

* Re-add missing test target php versions

* Only init() once (singleton class, so ldap variable is already set)
2019-01-10 13:20:43 -08:00
Ivan Nieto 876ff2ef72 Fixes #6341. Some style changes in this fix. (#6492) 2018-12-14 18:08:33 -08:00
snipe 67f6df2be3 Fixed (develop) #4568 - escaping values in custom report 2018-12-12 19:40:15 -08:00
snipe 8f6ea84fca Fixed #4568 - escaping values in custom report 2018-12-12 19:38:24 -08:00
snipe ea1b792a93 Fixed #6491 - cleaner return methods for PHP 7.3 compact() 2018-12-12 18:23:39 -08:00
snipe 426dae0310 Fixed methods for PHP 7.3 compact() 2018-12-12 18:16:39 -08:00
snipe 86cc1a228d Fixed typo 2018-12-12 16:45:49 -08:00
snipe 394d265b96 Added XML to uploadable file type - re: #6099 2018-12-12 16:45:09 -08:00
snipe 93947b09c5 Small fix for #6484 - corrected LDAP sync command name 2018-12-11 15:18:30 -08:00
Wes Hulette b38d07064b Fixed: #5896 Custom fields of type "CUSTOM REGEX" are always saved as "ANY" (#6381)
* Fixed missing oauth tables during setup.

* Custom fields of type "CUSTOM REGEX" are always saved as "ANY" 

Fixes #5896

* Updated per PR

Fixed spelling

* Fixed logic error

Moved conditional code from view to controller
Added getFromatType function for dropdown
2018-12-06 20:05:04 -08:00
Wes Hulette 34246ee4ef [WIP] v5 Develop: New LDAP implementation (#6352)
* Fixed missing oauth tables during setup.

* WIP New LDAP implementation

* WIP New LDAP implementation

* WIP New LDAP implementation


Merge remote-tracking branch 'origin/WIP_LDAP' into WIP_LDAP

* WIP New LDAP implementation

Added Adldap2 to handle ldap intergration.

* Updated per PR quality review

* Added specific LDAP settings method

* Corrected version number

* Added return documentation

* Added imports

* Changed class to be injected into controller

* Updated with PR suggestions
2018-12-06 14:05:43 -08:00
snipe 3ed2f55696 Merge branch 'develop' of https://github.com/snipe/snipe-it into develop 2018-12-05 19:56:18 -08:00
snipe 09c4dd4891 Added ability to upload favicon and email logo
todo: refactor the image upload/resize for less copypasta
2018-12-05 19:56:12 -08:00
Ivan Nieto f91e340178 Fixes #6341. Adding condition that checks offset of licenses seats when the user looks other page than the first. (#6392) 2018-12-05 18:09:54 -08:00
Minaev Dmitriy 0bbe499414 Kits checkout. But only with models. 2018-11-13 20:33:32 +03:00
Minaev Dmitriy 79d979f47f Full kits manipulation without users intagration 2018-11-06 19:27:28 +03:00
Wes Hulette 88b1da4260 Added: Caching of settings (#6378)
* Fixed missing oauth tables during setup.

* Cache settings

Cache the setting to reduce unnecessary database calls
2018-11-01 19:59:50 -07:00
Wes Hulette 0730685c29 v5 Develop Fixed: LDAP Settings Password being updated when field is empty (#6384)
* Fixed missing oauth tables during setup.

* Fixed password saving

Previous Input::has always returned true, even if password was an empty string.
2018-11-01 13:36:30 -07:00
snipe ea91d59ffc
Use username instead of email address in password reset (#6382)
* Switch to use username instead of email

* Fixed indenting

* Updated password language

* Updated blades to reflect username instead of email

* Changed password/reset controllers to use username instead of email

* Redirect to login page instead of repeating the password reset form
2018-10-31 18:03:24 -07:00
snipe 65aef11ae3 Fixed #5879 - added user department filter for custom report 2018-10-31 15:19:13 -07:00
snipe 8f22cf7c3c Added dept update API endpoint 2018-10-31 14:31:57 -07:00
Minaev Dmitriy 9d5cd27575 New save mechanic 2018-10-31 16:06:38 +03:00
snipe 29b0780c6c Added company info to asset maintenances transforrmer 2018-10-30 00:20:16 -07:00
snipe e443a576f7 Merge branch 'develop' of https://github.com/snipe/snipe-it into develop 2018-10-19 16:46:53 -07:00
snipe 20b26effdb Fixed #6349 - add view permission for print all assigned 2018-10-19 16:46:46 -07:00
snipe 1a10aa0dda Fixed #6349 - add view permission for print all assigned 2018-10-19 16:43:28 -07:00
Minaev Dmitriy f1f7694835 Merge remote-tracking branch 'remotes/upstream/develop' into develop 2018-10-19 19:00:53 +03:00
Minaev Dmitriy 0e66c3cb56 Predefined kits test 2018-10-19 17:30:25 +03:00
Wes Hulette 465b69516d Fixed: #6259 - Remove remote JS/CSS file loading (#6330)
* Fixed missing oauth tables during setup.

* Remove remote JS/CSS file loading


Updated gravatar to return to default image

* Updated default avatar path to user url

Removed local html5shim & response js files.
Removed copying html5shim & respond js file to public directory
2018-10-17 12:52:01 -07:00
Joe Ferguson 704209de9c Fixed #6301: Do not allow duplicate asset tags (#6324)
* Fixed #6301: Do not allow duplicate asset tags

* Display error message for single asset_tag failure
2018-10-11 17:15:09 -07:00
snipe c7596e7741 Fixed image not uploading on asset create 2018-10-09 17:31:52 -07:00
snipe d4fa81301d Check if user can see assets in statuslabels gate 2018-10-09 16:34:12 -07:00
snipe a516e4278e Remove company select option if the user is not an admin and FCS is enabled 2018-10-05 07:30:42 -07:00
snipe ecb8204c3c Associate serials with multiple asset creation 2018-10-05 05:30:13 -07:00
snipe 476b58632b Handle array of asset tags
TODO: figure out how to display validation errors more sanely
2018-10-05 04:34:47 -07:00
snipe 84848fabd7 Fixed #6284 - missing checkout information on Status Labels API assets endpoint 2018-10-03 10:30:24 -07:00
Wes Hulette 4a88e155c4 Fixed: #6263 V5 (develop) - Missing oauth tables when using the setup wizard (#6268)
* Fixed missing oauth tables during setup.

* Merged develop changes

Removed PHP_CS file
2018-10-03 10:06:24 -07:00
snipe c8ad45b11e Port import manager code to develop 2018-10-03 00:52:29 -07:00
snipe c8bff3ef38
Features/add manager and dept to importer (#6277)
* Ignore the simlink for public storage

* Added manager and department to user import

* More UI importer tweaks

* Fisxed typos
2018-10-02 15:43:54 -07:00
snipe 79367642b1
[WIP] Added #5957 - Flysystem support (#6262)
* Added AWS url to example env

* Upgrader - added check for new storage path and attempt to move

* Ignore symlink

* Updated paths for models

* Moved copy methods

* Added AWS_URL support

For some reasin, Flysystem was generating the wrong AWS url (with a region included)

* Switch to Flysystem for image uploads

* Nicer display of image preview

* Updated image preview on edit blades to use Flysystem

* Twiddled some more paths

* Working filesystems config

* Updated Asset Models and Departments to use Flysystem

* Janky workaround for differing S3/local urls/paths

* Try to smartly use S3 as public disk if S3 is configured

* Use public disk Storage options for public files

* Additional transformer edits for Flysystem

* Removed debugging

* Added missing use Storage directive

* Updated seeders to use Flysystem

* Default logo

* Set a default width

We can potentially override this in settings later

* Use Flysystem for logo upload

* Update downloadFile to use Flysystem

* Updated AssetFilesController to use Flysystem

* Updated acceptance signatures to use Flysystem

* Updated signature view to use Flysystem

This isn’t working 100% yet

* Use Flysystem facade for displaying asset image

* Set assets path

Should clean all these up when we’re done here

* Added Rackspace support for Flysystem

* Added Flysystem migrator console command

* Added use Storage directive for categories

* Added user avatars to Flysystem

* Added profile avatar to Flysystem

* Added the option to delete local files with the migrator

* Added a check to prevent people from trying to move from local to local

* Fixed the selectlists for Flysystem

* Fixed the getImageUrl method to reflect Flysystem

* Fixed AWS copy process

* Fixed models path

* More selectlist updates for Flysystem

* Updated example .envs with updated env variable names

* *sigh*

* Updated non-asset getImageUrl() methods to use Flysystem

* Removed S3 hardcoding

* Use Flysystem in email headers

* Fixed typo

* Removed camera support from asset file upload

We’ll find a way to add this in later (and add that support to all of the other image uploads as well)

* Fixed path for categories

* WIP - Switched to standard handleImages for asset upload.

This is currently broken as I refact the handleImages method. Because the assets store/create methods use their own Form Request, the handleImages method doesn’t exist in that Form Request so it wil error now.

* Fixed css URL error

* Updated Debugbar to latest version (#6265)

v3.2 adds support for Laravel 5.7

* Fixed: Missing CSS file in basic.blade.php (#6264)

* Fixed missing CSS file in basic.blade.php

* Added

* Changed stylesheet import for authorize.blade.php

* Updated composer lock

* Added AWS_BUCKET_ROOT as env variable

* Use nicer image preview for logo upload

* Removed AssetRequest form request

* Removed asset form request, moved custom field validation into model

* Added additional help text for logo upload

* Increased the size of the image resize - should make this a setting tho

* Few more formatting tweaks to logo section of branding blade preview

* Use Flysystem for asset/license file uploads

* Use Flysystem for removing images from models that have been deleted

* Enable backups to use Flysystem

This only handles part of the problem. This just makes it so we can ship files to S3 if we want, but does not account for how we backup files that are hosted on S3

* Use Flysystem to download license files

* Updated audits to use Flysystem
2018-09-29 21:33:52 -07:00
snipe eea65a3f26 Fixed manufacturers item count 2018-09-28 12:03:27 -07:00
snipe e5d0f74ba7 Fixed #6248 - add free seats to licenses API endpoint 2018-09-27 12:07:13 -07:00
snipe 55846cc717 Changed LOG:: to Log:: 2018-09-26 19:06:31 -07:00
snipe bcf9d2f75c Don’t require statuslabel view to check for deployable status 2018-09-25 13:39:54 -07:00
snipe 9108ff8caa fixed typo 2018-09-24 19:06:12 -07:00
snipe d5cf0f1fbd Prevent deleting manufactureres via API if they have items/models 2018-09-24 19:04:00 -07:00
Brady Wetherington c97db3259f
Merge pull request #5913 from tilldeeke/refactore-checkout-checkin-notification-sending
Refactor: Decouple checkin/checkout notifications from logging
2018-09-21 18:18:27 -07:00
snipe 4b2093b485 Added counts to location show() API method 2018-09-21 15:51:26 -07:00
snipe b69b5fdf84 Added counts to location show() API method 2018-09-21 15:50:14 -07:00
snipe d84366c6c5 Add empty array to groups if none filled in 2018-09-19 17:24:34 -07:00
Ivan Nieto b692f67779 Revision of #5471 (#6148)
* Search functionality in accessories/{accessory} issue #5471:
From the collection of users displayed just filtered the data with the method where() and concat()
for the user can search for first name or last name. The solution is case sensitive.

* A better fix to issue #5471. Now using the established relationship to querying for the users. Also Case-insensitive.

* Fixed previous commit that has magic number in the find method parameter of AccessoriesController.
2018-09-12 22:50:45 -07:00
Till Deeke 86f49d34c3 Redirects users from old acceptance screen to new overview 2018-09-10 17:13:16 +02:00
Till Deeke 007e8fbdf9 simplified checkout event handling per @uberbrady’s suggestion
This generalizes the checkout events into the CheckoutableCheckedOut and CheckoutableCheckedIn events.
2018-09-10 16:40:26 +02:00
snipe adf6e7d1cd Added group support for user API 2018-09-07 18:25:58 -07:00
snipe ff879e2018 Added the ability to update asset location when auditing - per #5854 2018-09-07 05:39:41 -07:00
snipe 26fd7f7e79 I have no idea why this was necessary suddenly 2018-09-06 14:28:04 -07:00
Ivan Nieto 0014ef054b Search functionality in accessories/{accessory} issue #5471: (#6070)
From the collection of users displayed just filtered the data with the method where() and concat()
for the user can search for first name or last name. The solution is case sensitive.
2018-08-28 13:25:16 -07:00
Wes Hulette 3831ee9f5a Fixed #5811 - Non US Characters in user export (#6132)
* Added Freebsd as vagrant machine for development

* Ran npm audit fix

Manually added peer depenencies

* Added charset=UTF-8 to content-type

Removed reference to throttle model as is is not longer included.
2018-08-28 12:37:58 -07:00
Dmitriy Minaev bc8fa31eb2 Add depreciation with half-year convention. Fixed #1237 (#6128)
* Add half-year convention in depreciation for Models/Depreciable.php

* Add a setting for the depreciation method

* Integrate half-year convention inside working output

* fix: add more checks at Depreciable.php

* depreciation value rounding

* Codestyle fix
2018-08-28 12:32:46 -07:00
snipe 771265113e Added cookie serialization for Laravel v5.6.30 2018-08-21 22:40:14 -07:00
snipe db907815ff Removed check for active in password reset form 2018-08-21 18:40:27 -07:00
snipe aed769c0be Honor active status for forgotten password request forms 2018-08-14 20:05:57 -07:00
snipe ae6abdddad Check the user is active before displaying password reset
This would only come into play if an inactive user already received a password reset email and then the system was upgraded to prevent those emails from being sent to inactive users
2018-08-14 19:04:47 -07:00
snipe 1543cdbc61 Set activated checkbox to 1 by default on new user 2018-08-14 18:17:37 -07:00
snipe 5db5134ae0 Set activated to default on when new user is created 2018-08-14 18:14:41 -07:00
snipe 05b2b8fb59 Tweaked code/language for password reset 2018-08-14 18:09:33 -07:00
snipe 25097bce31 Only allow activated users to reset their password 2018-08-14 18:04:27 -07:00
snipe 0100c56046 Only allow password reset if user is active 2018-08-14 17:46:29 -07:00
Till Deeke 62195a805a Adding some comments 2018-08-06 14:47:26 +02:00
Till Deeke 8c96e8fd4b Updates asset acceptance report to show unaccepted assets 2018-08-06 14:47:26 +02:00
Till Deeke 1bdf71b584 Handle side effects of accepting/declining
When declining an asset, it gets checked in.
2018-08-06 14:47:26 +02:00
Till Deeke 8648d53d25 Adds checkout acceptances
A checkout acceptance gets generated for every item that needs to be checked out. This resource tracks the user user who can accept the item and their signature
2018-08-06 14:47:26 +02:00
Till Deeke 6b05106dcb Moves license checkout stuff to the license seat
Since we are really checking out a license seat instead of the whole license, we operate the checkin/checkout on the license seat instance.
2018-08-06 14:47:26 +02:00
Till Deeke 830a6cf67e Adds accepting/declining to new controller 2018-08-06 14:46:10 +02:00
Till Deeke 39e6b59335 Fixes some typos 2018-08-06 14:46:10 +02:00
Till Deeke e0423418d2 Moves logging checkin/checkout to separate listener 2018-08-06 14:46:10 +02:00
Till Deeke e24f292a1a Updates checkout events to not depend on log 2018-08-06 14:46:10 +02:00
Till Deeke 17fc59f989 Adds back the checkin/checkout events after #5916 2018-08-06 14:46:10 +02:00
Till Deeke f0acf47101 Adds checkin events 2018-08-06 14:46:10 +02:00
snipe 1a660911e7 Check for minimum PHP version in setup 2018-08-02 21:36:18 -07:00
Daniel Meltzer e368a20427 Use filled instead of has. (#6033)
I think this merged in a weird order and was missed by the global
find/replace.  This fixes bulkassets/bulkusers editing.

At some point we should look at refactoring BulkAssetsController@edit to
only run one DB query, rather than one per item.
2018-08-02 09:54:19 -07:00
Daniel Meltzer 2637ce56a1 Allow importcontroller to return 200 for failed delete. (#6034) 2018-08-02 09:53:54 -07:00
snipe f5a5d830a5 Better handling for deleting imports where the files may have been moved 2018-08-01 20:49:55 -07:00
snipe 9168979d9e Fixed #6027 - added model to asset maintenances listing 2018-08-01 18:24:52 -07:00
snipe 3f394f42c7 Partial fix for better UI on deleting files
Still needs Vue stuff
2018-08-01 18:01:16 -07:00
snipe b2c99c88bb Fixed #6028 - added supplier url to list view 2018-08-01 17:37:58 -07:00
snipe 694166862e
Added attempted logins admin screen (#6018)
* Added attempted logins admin screen

* Smaller table spacing
2018-08-01 03:51:59 -07:00
snipe 911c2398ef Fixed #6004 - set a default next_audit_date if none provided 2018-08-01 03:04:29 -07:00
snipe 2c38036123
Improvement: Better documentation, small refactors (#6017)
* Better documentation, small refactors

* Small comment fixes
2018-08-01 00:06:41 -07:00
snipe b1b5eeecba Fixed #6013 - add accessory checkout notes to detail page 2018-07-31 16:00:38 -07:00
snipe 400913631c Use language strings for bulk password reset 2018-07-30 20:37:19 -07:00
snipe 006a3adea0 Added ability to trigger forgotten password emails for users 2018-07-30 20:31:02 -07:00
Daniel Meltzer 248fcfa869 Move findLicenseSeatToCheckout back to controller. (#5970)
* Move findLicenseSeatToCheckout back to controller.

After discussion, move findLicenseSeatToCheckout method back to
controller from form request.  Also cleanup one tiny bit more with null
coalesce operator (Yay php 7).

* Revert Earlier change.

$target only exists in the checkoutTo* methods.  Need to log the
checkout individually in each of those.
2018-07-27 12:03:04 -07:00
Daniel Meltzer 94c79fa69a Fixed #5964 - Feature: Group IDs can be passed to User Create. (#5990)
Also added to update, and adjusted api tests to confirm.  Long term it
might be nice to look at support for passing group names instead.

Bug: 5964
2018-07-27 12:01:59 -07:00
Daniel Meltzer a3811f632d Licence != License (#5993) 2018-07-27 12:01:25 -07:00
Daniel Meltzer 49d95892e3 Port asset history importer to league/csv9 (#5972) 2018-07-26 12:04:21 -07:00
snipe 9618878023 Restrict users asset listing to just assets checked out to users 2018-07-25 21:40:33 -07:00
snipe 614e858e44 Restrict users asset listing to just assets checked out to users 2018-07-25 21:38:14 -07:00
snipe 373885ebd1 Use Storage for file uploads (not model images) 2018-07-25 11:57:49 -07:00
snipe a9fd9c9e59 Moved gates to individual controller methods to fix “This action is unauthorized” in route:list 2018-07-25 10:45:32 -07:00
snipe 63bf71b071 Use Storage methods for asset/license files 2018-07-25 09:48:50 -07:00
snipe 7a9a78ec53 Make Codacy happy by reversing the signature params 2018-07-25 07:14:16 -07:00
snipe 501f096a2c Updated spatie backup config file for their latest version 2018-07-25 01:36:30 -07:00
snipe 7af633177a Fixed filledFile back to hasFile 2018-07-24 22:52:49 -07:00
snipe 86c1f11bec Change $request->has to $request->filled unilaterally 2018-07-24 22:51:31 -07:00
snipe 0714ac4248 Update withCounts because Laravel 5.5 :( 2018-07-24 22:40:05 -07:00
snipe 7bb50a61a7 Applying @dmeltzer’s changes from afc8ac5e72 2018-07-24 21:13:02 -07:00
Daniel Meltzer 64d649be7f Monster: Cleanup/Refactor http controllers. (#5916)
* Extract a handlesimages trait to centralize logic for parsing/storing images on upload in create/edit methods.

* Use same image upload/layout in accessories as consum+components.

* Monster: Cleanup/Refactor http controllers.

This cleans up docblocks, pulls most non-crudy actions into their own
controllers, and does general cleanup/logic refactoring.  There /should/
be no functional changes, but we all know how should works..

Extract checkin/checkout functions to a separate controller for accessories.

Move controllers to subdirectory.

Cleanup AssetModelsController

Extract component checkin/checkout

Assorted cleanups/doc/formatting in controllers.

Refactor LicenseController.

Refactor UsersController

Update viewassetscontroller.

* Codacy cleanups

* More codacy cleanups.  Extract a LicenseCheckout Form request as well.

* A bit more refactor/cleaning of the license checkout method.

* Review Related Cleanups

* Fix most of the item_not_found translations.  In many cases, the
string being generated did not even use the id parameter.  Where it
does, pass it as id instead of as a different value.

* Remove some old $data arrays from when we manually sent emails from
the controllers.  This has been superseeded by the notification system
(yay!)

* Bugfix: Only log the checkin of an accessory if the checkin completes sucessfully.
2018-07-24 19:35:26 -07:00
snipe e320d2ba05
Fixed #5944 - added logo option for print-assets page (#5950) 2018-07-24 13:37:02 -07:00
snipe ed78a4b8a0 Fixed activated issue for strict mode 2018-07-24 13:28:59 -07:00
snipe 376eb52f00 Fixed #5938 - added “self location edit” as permission 2018-07-24 12:42:16 -07:00
snipe f4cfb31bf4 Use request object 2018-07-24 12:10:02 -07:00
snipe 227dc7e81d Save model display setting - fix for issue in #5301 2018-07-24 12:10:02 -07:00
Azerothian 66c3f5432d implemented specific seat checkout (#5887) 2018-07-23 20:28:45 -07:00
Daniel Meltzer 059126f642 Checkout update locationid (#5919)
* Fix missing punctuation.  Bad merge.

* If we're checking out to an location, use it's id instead of location_id
2018-07-23 06:47:21 -07:00
Daniel Meltzer 3bc43210ab Add ID to the allowed sort fields in api/Users. (#5929) 2018-07-23 06:46:50 -07:00
Daniel Meltzer 82194cef8a bugfix: updating a user when an admin (not a superuser) would remove any groups from the user. (#5914) 2018-07-21 23:02:06 -07:00
snipe d45e90e358 One more fix for #5893 2018-07-19 14:45:28 -07:00
snipe 7ebb7876c4 Partial fix for #5896
Still need to fix the front end on edit, which seems to be defaulting to boolean
2018-07-19 10:40:07 -07:00
snipe a0c0b7b1eb Fixed #5893 - activated typo 2018-07-19 10:22:08 -07:00
snipe 9d00ae6e50 Fixed #5894 - lookup by asset tag in top search broken 2018-07-19 10:14:02 -07:00
snipe d309f67df0 Set activated to zero if no values passed for active user 2018-07-18 08:27:26 -07:00
snipe 1c0ee7c4c5 Fixed license checkout gate 2018-07-18 05:33:14 -07:00
snipe 5a1e1c73c9 Include show_in_list option in select 2018-07-18 03:59:02 -07:00
snipe 3be68ec721 Fix location edit permissions 2018-07-18 03:43:45 -07:00
snipe 027edbdb21 Fixed #5872 - asset maintenances listing showing created_at instead of start_date 2018-07-18 02:24:53 -07:00
snipe bcd988bb81 Merge branch 'develop' of https://github.com/DeusMaximus/snipe-it into develop
# Conflicts:
#	app/Http/Controllers/Auth/LoginController.php
2018-07-17 01:11:15 -07:00
snipe bf761946da Fix activated check for login 2018-07-16 23:48:46 -07:00
snipe d9fa2f0e91 Fixed #5842 - added components to location detail view 2018-07-16 21:50:14 -07:00
DeusMaximus 7c2da81700
Fix REMOTE_USER Header with IIS and AD
Remove DOMAIN\ portion of DOMAIN\user when using Windows Authentication and IIS with REMOTE_USER.
2018-07-17 14:03:19 +10:00
snipe a4799a495a
Fixes #5859 - add file name/size to file upload UI (#5861)
* Fixes #5859 - add file name/size to file upload UI

* Reverting assetcontroller

Not sure exactly what happened here…

* Production assets
2018-07-16 20:09:53 -07:00
Daniel Meltzer 638a7b2d91 Assetcontroller cleanup (#5858)
* Extract method/cleanup

* Remove apiStore method that is unusued since api controllers.

* Use proper model exception

* Remove old user importer.  This is now supported by the general importer framework.

* Refactor AssetsController methods.

This is a giant diff without many functional changes, mostly cosmetic.
I've pulled a number of methods out of assetscontroller, preferring
instead to create some more targetted controllers for related actions.
I think this cleans up the file some, and suggests some places for
future targetted improvement.

Fix weird missing things.

* Fix Unit test failing after date changes.

* Pass valid string to be translated.

* Some method cleanup for codacy.

* Extract trait for common checkout uses and codacy fixes.
2018-07-16 17:44:03 -07:00
Daniel Meltzer 8f6e0ad5be Only error if checking out to asset with same id (#5845)
A user with an id of 2 is perfectly fine as a checkout_target of an asset with an id of 2.
2018-07-16 14:25:36 -07:00
Daniel Meltzer 50e0b9b84e category_id not category_i (#5844) 2018-07-16 14:23:24 -07:00
Daniel Meltzer b6b93550fe Remove old helpers (#5843)
* Cleanup model bulk-edit

Use the general partials where appropriate, as well as display a list of
what models we are editing in the bulk edit.

* Use new api based fetch/display for modal select2.

This is just copy/pasting the code currently because I'm not entirely
sure how the two pieces of code interact.

* Remove old helper functions that are no longer necessary with our populating of select2 dropdowns via ajax.
2018-07-16 14:22:25 -07:00
Till Deeke baa3be728d Refactoring: A nicer and easier syntax for searching models (#5841)
* Adds the ability to search by dates

Adding extra „where“-conditions to the „TextSearch“ queries, allowing the users to search by dates

* Adds missing dates to $dates in models

* Removes duplicated „where“ conditions

* Adds the Searchable trait to models, defining the searchable attributes and relations

* Removes the old text search methods

* Adds back additional conditions to the search

These conditions could not be modeled in the „attributes“ or „relations“, so we include them here

* Removes unnecessary check for the deleted_at attribute

* Fixes typo in comments

* suppresses errors from Codacy

We can safely ignore the error codacy is throwing here, since this method is a standin/noop for models who need to implement more advanced searches
2018-07-16 14:13:07 -07:00