I'm going ahead and merging this, since the upgrade doesn't break Flysystem any worse than the current develop is broken, so far as I can tell.
* Upgraded framework to Laravel 6
### TO DO:
- Fix password restriction rules- the old library isn’t compatible with Laravel 6 :(
- Figure out why in-app API calls are returning “Unauthorized”
* More updates from Input:: to Request:: helper
* Switch to Request:: from Input
* Added passport config
* Fixed goofy password minimum in seeder
* Added laravel/helpers
* Changed ($item) to ($item->id) in forms
I have no idea why this is necessary
* Changed ($item) to ($item->id) in forms
* Updated API middleware to auth:api
* Updated with added laravel auth.php values
* FIxed *&!^$%^&$^%!!!! ajax issue
* Switch to Request::get from Input::get
* Switched to Request facade
* Added password security minimums back in
The package we were using has not been updated to Laravel v6, so I created custom validators instead
* Added language strings for error messages for password rules
* Fixed `($item)` issue in formActions for partials
* Fixes#6204 - added email alerts and web/API access to assets due for audits (#6992)
* Added upcoming audit report
TODO: Fid diff/threshold math
* Added route to list overdue / upcoming assets via API
* Controller/API methods for due/overdue audits
We could probably skip this and just handle it via view in the routes…
* Added query scopes for due and overdue audits
* Added audit due console command to kernel
* Added ability to pass audit specs to main API asset search method
* Added audit presenter
* Added bootstrap-tables presenter formatter to display an audit button
* Added gated sidenav items to left nav
* Added audit due/overdue blades
* Cleanup on audit due/overdue console command
* Added language strings for audit views
* Fixed :threshold placeholder
* Removed unused setting variable
* Fixed next audit date math
* Added scope for both overdue and upcoming
* Derp. Wrong version
* Bumped version
(I will release this version officially tomorrow)
* Leave the activated state for users alone in normal LDAP synchronisation. (#6988)
* Fixed#7003 - crash when warranty months or purchase date is null
* Fixed#6956 - viewKeys policy inconsistent (#7009)
* Fixed#6956 - Added additional gates show showing/hiding license keys
* Modified gate to allow user to see licenses if they can create or edit the license as well
* Added API middleware to API routes to enable throttling
TODO: Figure out how to make this costumizable without touching the code
* Import locations from CSV via command line (#7021)
* Added import locations command
* Small fixes to location importer
* Added country, LDAP OU
* Cleaned up comments, added more clarification to what the script does
* Added ability to update groups via API
Fixes [ch9139]
* Bumped version
* Fixed#6883 - remove escaping of fields on LDAP import
* Fixed#6880 - correctly encrypt encrypted fields via the API
* Fixes#5054: LDAP users deactivated for none-ad (#7032)
When using none-AD ldap, users are automatically deactivated every LDAP
sync. This commit changes the behaviour so that if the active flag isn't set,
the users are enabled.
Fixed#5054, at least for 4.X
* Updated packages
- Updating erusev/parsedown (v1.7.2 => 1.7.3): Downloading (100%)
- Updating squizlabs/php_codesniffer (3.4.1 => 3.4.2): Downloading (100%)
- Updating symfony/polyfill-mbstring (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/var-dumper (v3.4.23 => v3.4.27): Downloading (100%)
- Updating league/flysystem (1.0.50 => 1.0.51): Downloading (100%)
- Updating symfony/translation (v3.4.23 => v3.4.27): Downloading (100%)
- Updating nesbot/carbon (1.36.2 => 1.37.1): Downloading (100%)
- Updating symfony/debug (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/console (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/finder (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/polyfill-ctype (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/polyfill-php70 (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/http-foundation (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/event-dispatcher (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/http-kernel (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/process (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/routing (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/polyfill-util (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/polyfill-php56 (v1.10.0 => v1.11.0): Downloading (100%)
- Updating symfony/psr-http-message-bridge (v1.1.1 => v1.1.2): Downloading (failed)
Downloading (100%)
- Updating rollbar/rollbar (v1.7.5 => v1.8.1): Downloading (100%)
- Updating symfony/yaml (v3.4.23 => v3.4.27): Downloading (100%)
- Updating symfony/browser-kit (v3.4.23 => v3.4.27): Downloading (100%)
* Fixed#7044 - API update deleted custom fields if they are not re-presented
* Fixed XSS vulnerability when creating a new categories, etc via modal on create
Same fix as before, because of the weird select2 post-parsing ajax behavior
* Updated email strings
* Fixed#7046 - added user website url back into UI
* Updated language strings
* Bumped version
* Updated packages
* New backups config for spatie
* Removed debugbar service provider (autodiscovery)
* Use laravel v5.5 withCount manual aliases
* Added spatie language files
* Removed old laravel backups config
This config file was renamed in a newer version of spatie laravel-backup
* Set the serialization
* Added the command loader to console kernel
* Renamed fire() to handle()
* Updated withCount to use manual naming
* Updated backup path in backup admin
* Updated travis with new php versions
* Bumped laravel version in readme
* Fixed custom field edit screen
* Fixed baseUrl is undefined error
I literally cannot figure out how this ever worked before.
* Fix for included files in backup
* Bumped version
* Switch has() to filled()
* Change ->has() to ->filled()
* Removed cosole log
* Bumped packages
* Use getReader instead of fetchAssoc for CSV parser
https://csv.thephpleague.com/9.0/upgrading/
* Handle JSON validation errors like 5.4
* Handle JSON validation errors like 5.4
* Handle JSON validation errors like 5.4
* Trying to fix ajax asset validation
This I think gets us closer, but still not handling the validation on the asset properly.
When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:
```
Illuminate\Support\MessageBag Object
(
[messages:protected] => Array
(
[name] => Array
(
[0] => The name field is required.
)
[seats] => Array
(
[0] => The seats field is required.
)
[category_id] => Array
(
[0] => The category id field is required.
)
)
[format:protected] => :message
)
```
Currently the Assets ajax returns:
```
[2019-05-24 06:52:06] develop.ERROR: array (
'messages' =>
array (
'model_id' =>
array (
0 => 'The model id field is required.',
),
'status_id' =>
array (
0 => 'The status id field is required.',
),
'asset_tag' =>
array (
0 => 'The asset tag field is required.',
),
),
)
```
So not sure why it’s not working.
* Fixed missing asset validation
* Check that a model exists before trying to fiddle with fieldsets
* Tidied up license check
* Removed extra escaping on checkin
* Updated importer to work with newer CSV Reader::getRecords() method
* Fixed field mapping
* Small fix for reordering fields
Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151]
This needs revisiting for a more solid fix, especially for data that was already entered bad.
* Fixed bug where sorting by company name in Users API did not work
Fixes [ch9200]
* Removed custom fields from AssignedSearch to prevent confusing data in selectlist
Fixes [ch9193]
* Removed alert-danger from tests
* Fixed missed consumables_count withCount() statement
* Fixed Undefined variable user in $backto if checked out to a non-user
Fixes [ch9194]
* Check for valid model before attempting to access fieldsets
Fixes [ch1249]
* Only build the log upload destination path if there is a matching record
Fixes [ch1232]
* Fixed free_seats_count variable name
(I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables)
* Only gtry to delete the file if a record is found in the log
* Only try to get fieldset if model is valid
* Fixed more camel-casing -> snake-casing
* Only display the file if the log record can be found
* Fixed casing in sync command
* Updated README
* Derp - typo
* Added link to Atlassian plugin
* More Atlassian clarifications
* Show accessory image on view page
* Increased image size to 800px, added lightboxes
* Fixed#7083 - Removed user_exists constraint on department save
If the user has been deleted, this prevented the department from being successfully saved on edit
* Updated branch in version file
* Dockerfile update to bring us up to php v7.1 for Laravel 5.5 (#7084)
* bump up to php7.1
& change deprecated MAINTAINER to a LABEL so it is visible with `docker inspect`
* AND modapache ><
* 2 updates required to get software-properties+ppa
* Bumped version
* Bumped release again :(
* Missed one
* Fixed#7098 - updated backup config for deleteFile() method
* Fixed#7092 - handle weird port forwarding/port numbers for baseUrl
* Bumped version
* Fixed#7099 - set email to null by default for backup notifications
* Removed old comments
* Fixed#7100 - Check if $user isset on checkin
* Increased throttle to 120 requests per minute
* Added Filipino, corrected order for Spanish variations
* Update language strings
* Bumped hash
* Changed has to filled to fix bulk asset editing
* Bumped point version
* Small fixes for phpleague CSB reader v9
* Improved error checking in locations importer
* Fixed#7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility
* Reduce minimum group name length to 2 (from 3)
eg: IT
* Back in time fix FOR #7145 for new installs on MySQL 8+
* Fixed permission insert
//TODO
Handle this via model
* Possible fix for reporting/admin migration back in time
* Fixed#7164 - change table name to permission_groups
* Fixed LDAP password blanking on save
* fixing previous commit's actual wiping of password (#7183)
replaced Input::fille('ldap_pword') with _filled_. Should be good to go.
https://github.com/snipe/snipe-it/issues/7179https://github.com/snipe/snipe-it/issues/7169
* Bumped version
* Downgrading rollbar for Laravel 5.5
* Spelling Correction (#7206)
Fixed Spelling for the word reqrite, to be rewrite.
* Fix#6910: Add logic to manipulate the eloquent query. (#7006)
* Added company_id to consumables_users table
* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users
* Remove a migration that tries to fix this problem, but is not longer necessary
* Addresses #7238 - add PWA code to layout
Needs additional UX testing
* Better log message for bad LDAP connection
* Fixed#7186 - has vs filled in User’s API blanking out groups if no group_ids are passed
* Comment clarification on #7186
* Check for valid seat on hardware view
* Added space between footer and custom message
* Cap warranty months to three characters
Filles rollbar 209
* Cap warranty months to 3 on the frontend blade
* Fixed countable() strings on user destroy
* Check that the user has assets and that the aset model is valid
* Bumped hash
* Caps asset warranty to 20 years
* Command to fix custom field unicode conversion differences between PHP versions (#7263)
* Fixes#7252 form request changes (#7272)
* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests
* Removed debug info
* More fixes for #7252
This is mostly working as intended, if not yet the way Laravel wants us to do it.
Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.
* Removed experimental method
* Check for digits_between:0,240 for warranty
* Removed debug code
* Apply fix from PR #7273 to master
* Bumped hash
* Fixed#7250 - permission issue for API fieldsets and fields endpoints
This applies the change from #7294 to master
* Add @mskrip as a contributor
* Fixed#7270 - Checking-in Assets via API Removes the Item's Asset Name
* CORS for api (#7292)
* Added CORS support to API
* Changed order so CORS will still work if throttle hit
* Added APP_CORS_ALLOWED_ORIGINS env option
* Fixed typo
* Clarified header comments
* More clarification
* DIsable CORS allowed origins by default to replicate existing behavior
* Change variable name to be clearer
* Bumped version
* Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317)
* Added comments to the ByFilter query scope for clarity
* Added accessories checkout/checkin API endpoint
* Fixed CVE-2019-10742
https://nvd.nist.gov/vuln/detail/CVE-2019-10742
* Update README.md (#7334)
Add reference to CSV importer.
* Group related variables in .env
* History importer fixes
* Fixes to history importer
* Fixed#6956 - Added additional gates show showing/hiding license keys
* Modified gate to allow user to see licenses if they can create or edit the license as well
* Added CSS for table toolbar
* Use maintenances API for table listings
* NIcer layout for allowed_columns in maintenances API
* Fixed#5014 - bootstrap cookie issues
* Fixed#5015 - bug when saving settings
* Refactored datatable code to use data attributes
* Updated dashboard with new table code
* Added - Order by group user count
* Updated groups to use new table attributes
* New license listing table code
* More bootstrap table implementations
* More BS table refactoring
* Improved bootstrap assigned assets
* New bootstrap for reports
* Misc BS fixes
* FIxed small issue with asset history display
* Removed multisort option
* JS refactor
This changes the depreciation report to only use the currency on a
location if it's actually set to something. Previously, if an asset had
a location it would use the currency even if it was blank rather than
falling back to the default.
* Fix some n+1 problems
* Use route in notification dropdown to make sure we link to correct page
* Work on better UI support for checkout to non-user. Fix links on index bootstrap table, work towards eliminating assignedUser
* Remove Asset::assigneduser() relationship. Instead add a checkedOutToUser() method and/or port to using assignedTo()
* Adjust string to fit new reality
* Fix#3780. Move the consumables getDataView method to the ApiController. Not entirely RESTful, but it's a weird method that probably doesn't need its own controller and the functionality would be strange to stack on the userscontroller...
* Fix file uploads to assets and restore the delete route.
* Add asset maintence edit action to index.
* Suppliers asset list should link to the related asset, not to the supplier with same ID.
* Asset models page should use polymorphic formatter on assigned to to better handle assorted item types.
* Comment out more assigneduser fallacy until we figure out the query builder approach to searching for location text.
* Reformat all view files. Check for matching tags and rearrange to make everything line up.
* Fix regression on asset create where the log was no longer saved.
* Add presenters for models. Move bootstrap table JSON generation to these presenters, which cleans up controllers a lot. Move view specific modifications from the models to the presenters as well.
* Fix some issues found by travis and codacy
* Fix a few more issues found while testing.
* Attempt another acceptance test fix
* Try something else
* Maybe..
* Make delete routes work. We put a little form in the modal that spoofs the delete field.
* Fix route on creating a user.
* Fix redundant id parameter.
* Port acceptance tests to new urls.
* Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future.
* This needs to stay for the dashboard checks.
* Add user states for permissions to build tests.
* Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider
* Migrate various locations to new syntax. Update test to be more specific
* Fix functional tests.
Add an artisan command for installing a settings setup on travis-ci
* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.
* Try to fix travis
* Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.:
* Add a environment for travis functional tests.
* Adjust config file to make travis use it.
* Use redirect()->route instead of redirect()-to
* Dump all failures in the output directory if travis fails.
* Cleanups and minor fixes.
* Adjust the supplier modelfactory to comply with new validation restrictions.
* Some test fixes.
* Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation
* Update test database dump to latest migrations.
* Consolidate edit form elements into reusable partials.
This is a large code change that doesn't do much immediately. It
refactors all of the various edit.blade.php files to reference
standardized partials, so that they all reference the same base html
layout. This has the side effect of moving everything to the new fancy
"required" indicators, and making things look consistent.
In addition, I've gone ahead and renamed a few database fields. We had
Assetmodel::modelno and Consumable::model_no, I've renamed both to
model_number. We had items using ::note and ::notes, I've standardized
on ::notes. Component used total_qty where consumables and accessories
used qty, so I've moved everything to qty (And fixed a few bugs in the
helper file in the process.
TODO includes looking at how/where to place the modal javascripts to
allow for on the fly creation from all places, rather than just the
asset page.
Rename assetmodel::modelno to model_number for clarity and consistency
Rename consumable::model_no to model_number for clarity and consistency
Rename assetmodel::note to notes for clarity and consistency
Port asset and assetmodel to new partials layout. Adapt all code to the renamed model_number and notes database changes. Fix some stying.
* Share a settings variable with all views.
* Allow editing the per_page setting. We showed the value, but we never showed it on the edit page..
* use snipeSettings in all views instead of the long ugly path.
* War on partials. Centralize all bootstrap table javascript
* Use model_number instead of modelno in importer
* Codacy fix.
* More unification/deduplication. Create an edit form template layout that we use as the base for all edit forms. This gives the same interface for editing everything and makes the edit.blade.* files much easier to read.
* Use a ViewComposer instead of sharing the variable directly. Fixes artisan optimize trying to hit the db--which ruins new installs
* Fix DB seeder.
* Base sql dump and csv's to import data from for tests.
* Start some functional tests for creating items.
* Add functional tests for all create methods. Still need to do tests for edits, deletes, and lots of other things
* Improvements to functional tests.
Use the built in DB seeding mechanism instead of doing it ourselves.
Break the tests into multiple units, rather than testing everything in
each function.
* Some improvements to acceptance tests.
Make sure we're only looking at the "trs" within the bootstrap table.
Creation of assets is now tested at the functional level (and is faster)
so ignore it here.
I'm testing acceptance tests with the
IMPORT_{ASSETS,ACCESSORIES,CONSUMABLES}.csv in the tests/_data folder
imported.
* A few things to make acceptance tests work. Add a name to the companies table, and make the locations table have the correct name
* Use a .env.tests file for testing functional and unit to allow a separate database.
* Add functional tests for compoents, groups, and licenses.
* Now that the config is in the functional.yml, this just confuses things.
* Start some functional tests for creating items.
* Add functional tests for all create methods. Still need to do tests for edits, deletes, and lots of other things
* Improvements to functional tests.
Use the built in DB seeding mechanism instead of doing it ourselves.
Break the tests into multiple units, rather than testing everything in
each function.
* Some improvements to acceptance tests.
Make sure we're only looking at the "trs" within the bootstrap table.
Creation of assets is now tested at the functional level (and is faster)
so ignore it here.
I'm testing acceptance tests with the
IMPORT_{ASSETS,ACCESSORIES,CONSUMABLES}.csv in the tests/_data folder
imported.
* update db dump
* Update tests to new reality
* env for the test setup
* only load the database at beginning of tests, not between each Functional test.
* Fix a miss from renaming note to notes.
* Set Termination date when creating an asset. It was only set on edit.
* Rename serial_number to serial in components for consistency.
* Update validation rules to match limits in database. Currently we just accepted the values and they were truncated when adding to DB.
* Much more detailed functional testing of creating items. This checks to make sure all values on form have been successfully persisted to database.
* BugFix: Asset name was not included in custom report
* BugFix: Custom Asset Report did not escape commas in custom fields. So the csv file is inconsistent, if a custom field containes a comma. Added an escape function which escapes the commas with a backslash.
A csvreader can be configured to handle the escape character.
* Save progress
* Create a new action_log table to replace asset_log. Use Polymorphism to generalize class and targets. Port everything I can find to use it. Add a migration to port the asset_logs table to action_logs.
* Allow accepted_id to be nullable.
* Comment out the thread_id migration, because it b0rks on a new database with the move. I'm unsure if the thread_id does anything...It doesn't seem to be used
* Clean up all old methods from Actionlog model. Port everything to use new cleaner interface.
* Port the actionlog factory to fix travis.
* Adjust code to work on php5. Also fix lurking adminlog call.
* Remove weird code
* Port the pave command. Also fix dangling adminlog
This does two main things:
1) The importer now imports as numbers, not parsed strings. This allows
is to format values on output instead of input, which is what was
happening in most places.
2) Add a Helper::parseCurrencyString method and port everything to use
this. This checks to see if the value is numeric or empty, and returns
the appropriate value in all cases. Should fix all known occurances of
number_format expections.
