Commit graph

2941 commits

Author SHA1 Message Date
Brady Wetherington 70648dedd3 Add some guardrails around very-badly formatted APP_URL settings 2022-01-27 11:21:46 -08:00
snipe 9634dde0dd
Merge pull request #10567 from inietov/fixes/importing_and_checking_out_licenses_master
Fixes Importing licenses without product key duplicates the license
2022-01-27 10:58:06 -08:00
snipe c70ae19c28
Merge pull request #10529 from uberbrady/fix_insecure_host_headers
Force UrlGenerator's Root URL to be the base of APP_URL unless overriden (v5)
2022-01-26 16:59:55 -08:00
Ivan Nieto Vivanco 55fdc86e02 Tweak query in the License Importer to not require a Product Key 2022-01-26 17:51:04 -06:00
Ivan Nieto Vivanco 1fc71a4111 Add Zip field in the User Importer 2022-01-19 13:35:54 -06:00
Brady Wetherington 0c4768fd2a Force UrlGenerator's Root URL to be the base of APP_URL unless overriden
(For v5)
2022-01-18 15:52:59 -08:00
Ivan Nieto Vivanco a05795420a Respect the default value of 60 days in expiring licenses 2022-01-18 14:34:14 -06:00
Ivan Nieto Vivanco 42d86bf57b Adds default values if the expiring alerts threshold is null 2022-01-18 14:21:49 -06:00
Ivan Nieto Vivanco f510b9c2a9 Add query to filter non-deprecable assets when the Depreciation Report is called 2022-01-15 14:21:31 -06:00
Ivan Nieto Vivanco 153c30eda8 Add to Importer the capacity to search Models only with Model Name since Model Number is not required 2022-01-15 04:32:47 -06:00
snipe be7e6ed847
Merge pull request #10502 from uberbrady/ldap_useraccountcontrol_dont_req_preauth
Add new UserAccountControl to permitted UAC's for AD.
2022-01-13 17:01:47 -08:00
snipe 984db1ef44 Apply personal API token fix to master
Signed-off-by: snipe <snipe@snipe.net>
2022-01-13 01:39:56 -08:00
Brady Wetherington c8fe929e09 Add new UserAccountControl to permitted UAC's for AD. 2022-01-12 12:07:51 -08:00
Haxatron bb095641c2
Update BulkAssetModelsController.php
https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7
2022-01-06 09:50:11 +08:00
snipe 884b6b0270 Fixes format property on invalid custom field object
Signed-off-by: snipe <snipe@snipe.net>
2022-01-03 19:14:50 -08:00
snipe 2ee84c2675 Added a few more comments
Signed-off-by: snipe <snipe@snipe.net>
2021-12-30 18:33:28 -08:00
snipe c6ce928567 Added allow list to modal view options
Signed-off-by: snipe <snipe@snipe.net>
2021-12-30 18:16:49 -08:00
snipe b4fac3e4ae Fixed missing index for fieldsets
Signed-off-by: snipe <snipe@snipe.net>
2021-12-30 13:16:44 -08:00
snipe bad6b862ca assets_count doesnt exist as a column
Signed-off-by: snipe <snipe@snipe.net>
2021-12-30 12:59:16 -08:00
snipe 8588e9ebf1 Fixed #10469 - increased size of supplier address field
Signed-off-by: snipe <snipe@snipe.net>
2021-12-27 12:28:02 -08:00
Alex Janes d0bfd8dfd2 Fixed the collection of the groups total to GroupsTransformer.php. Groups page should now paginate correctly. 2021-12-23 20:54:34 -05:00
snipe 9b2dd6522f Switch GET to POST for asset request
Signed-off-by: snipe <snipe@snipe.net>
2021-12-16 20:36:08 -08:00
Bradley Coudriet dbdc1c7f3f
Update SettingsController.php to save Slack Settings
This goes with #10438 that I just submitted about Slack Settings not saving.

This adds the necessary code to actually save the Slack Settings,
As they are already validated by the SlackSettingsRequest, this seems like an easy and low-impact fix.
2021-12-15 10:38:51 -05:00
Ivan Nieto Vivanco c80aa2a289 Add title column to custom reports 2021-12-14 12:05:33 -06:00
snipe 25e2e7ecc6
Merge pull request #10418 from inietov/fixes/bulk_edit_count_more_users_than_selected
Fixes bulk edit message counts more users than the actual selected users number
2021-12-13 14:13:14 -08:00
snipe 9d5d1a9f9a Added escape to assigned_to API response
Signed-off-by: snipe <snipe@snipe.net>
2021-12-13 12:03:03 -08:00
Ivan Nieto Vivanco a419a690d4 Add a variable to better control the selected user's ids 2021-12-11 18:01:38 -06:00
Brady Wetherington acfb41f129 Remove 'actionlog' from the ::with() clause in the asset query API 2021-12-10 18:42:56 -08:00
Haxatron 1699c09758
Update AssetModelsController.php 2021-12-09 21:42:18 +08:00
Haxatron 918e7c8dae
Fix access control - https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862/ 2021-12-09 12:57:04 +08:00
snipe 86afe6c4b1 Cleanup slack validation
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 18:03:56 -08:00
snipe ff97b359ad Removed form request on ajax, cleaned up some other things
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 17:58:46 -08:00
snipe 81b66d0039 Change validation failure to 422 to make it consistent with Laravel's default
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 17:54:35 -08:00
snipe 8fa690b635 Reverting form request because it doesn't seem to work (????!!)
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 17:54:15 -08:00
snipe 8c1cd87831 Added slacksettingsrequest as use statement
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 15:56:22 -08:00
snipe 80d36cd72b Added slack settings request
Signed-off-by: snipe <snipe@snipe.net>
2021-12-08 15:53:05 -08:00
snipe ff81e6d536
Merge pull request #10361 from snipe/fixes/xss_in_accessories_checkout_notes
Escape notes in transformCheckedOutAccessory
2021-11-24 19:56:36 -08:00
snipe 00fad35c2a Escape notes in transformCheckedOutAccessory
Signed-off-by: snipe <snipe@snipe.net>
2021-11-24 19:54:45 -08:00
snipe 3debe78574
Merge pull request #10350 from inietov/fixes/trim_custom_fields_names
Apply trim() function when storing Custom Fields names
2021-11-24 19:42:04 -08:00
snipe 830d07f84f Removed escaping on input save for asset checkout on creation
Signed-off-by: snipe <snipe@snipe.net>
2021-11-24 19:19:32 -08:00
Ivan Nieto Vivanco 1ca770895a Apply trim() function when storing Custom Fields names 2021-11-22 18:43:21 -06:00
snipe f7b483358f Escape custom field values in API response
Signed-off-by: snipe <snipe@snipe.net>
2021-11-15 20:32:59 -08:00
Brady Wetherington 3ea209a507 Escape asset_tag attribute at controller level for consumption in bulk checkout 2021-11-08 20:27:43 -08:00
snipe 76cc46c419
Merge pull request #9814 from 01ste02/importMinAmt
Improved Consumable Import: Import min_amt for consumables
2021-10-28 17:49:44 -07:00
snipe 2f9e5f79af
Merge pull request #10139 from FliegenKLATSCH/patch-1
API: Do not include deleted items per default on lookup by serial
2021-10-28 17:09:20 -07:00
snipe 17bf899a17 Set default_label to 0 instead of null in API
Signed-off-by: snipe <snipe@snipe.net>
2021-10-25 20:14:01 -07:00
snipe 8b1c60a17a Make gates a little more consistent
Signed-off-by: snipe <snipe@snipe.net>
2021-10-25 15:34:22 -07:00
snipe 033c3253bb Fixed permissions array to handle missing clone button
Signed-off-by: snipe <snipe@snipe.net>
2021-10-25 14:10:17 -07:00
FliegenKLATSCH 24c484303e Do not include deleted assets by default when doing lookup by serial
This commit introduces a new query parameter `deleted`, which can be set to `true` to include deleted assets in the response.
2021-10-09 08:56:31 +02:00
snipe 5d94b99035 Switched to 5 in one minute
Signed-off-by: snipe <snipe@snipe.net>
2021-10-08 15:53:32 -07:00
snipe 0674ef5a3d Fixed number to 1 (for minutes)
Signed-off-by: snipe <snipe@snipe.net>
2021-10-08 15:43:32 -07:00
snipe 702791210e Throttle password reset requests to 5 every 60 seconds
Signed-off-by: snipe <snipe@snipe.net>
2021-10-08 14:26:30 -07:00
snipe 1c77fd0d09
Merge pull request #10178 from inietov/bug/sc-17520/symfony_component_debug_exception_fatalthrowableerror
Fixed typo when setting the headers
2021-10-08 12:04:45 -07:00
Ivan Nieto Vivanco d184da8611 Fixed typo (thanks @ssddanbrown) 2021-10-08 13:39:49 -05:00
snipe ccd430ce07 Switched back down to debug level
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 12:38:21 -07:00
snipe f306401e7e Fixed SVG XSS vuln
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 12:26:45 -07:00
snipe c06a93ef13 Removed extra brace in assets for components
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 10:38:13 -07:00
Ivan Nieto Vivanco ef6eea67d8 Set headers in a different manner in the middleware 2021-10-05 14:09:35 -05:00
snipe 34eab88b7e Removed debugging
Signed-off-by: snipe <snipe@snipe.net>
2021-10-04 20:25:31 -07:00
snipe b20c841a89 Fixed asset models restore
Signed-off-by: snipe <snipe@snipe.net>
2021-10-04 19:29:13 -07:00
snipe 52caee2a9f Handle checking and unchecking for bulk actions
Signed-off-by: snipe <snipe@snipe.net>
2021-10-04 17:18:26 -07:00
snipe 52ea172e5d Fix ID array
Signed-off-by: snipe <snipe@snipe.net>
2021-10-04 17:18:07 -07:00
snipe 9b48732cd2 Force revalidation headers when user logs out
Signed-off-by: snipe <snipe@snipe.net>
2021-10-04 12:52:48 -07:00
snipe daa88f06f7 Added pivot to components JSON
Signed-off-by: snipe <snipe@snipe.net>
2021-09-30 15:51:08 -07:00
snipe d0acb9fdb4 Applies PR #10150 to master
Signed-off-by: snipe <snipe@snipe.net>
2021-09-30 15:33:00 -07:00
Brady Wetherington ae466be153 Fix license output, tweak CleanFloat function to handle numbers over 1 million 2021-09-28 19:10:25 -07:00
Brady Wetherington f3338667c7 Create new ParseCurrency helper and use it in the appropriate controllers 2021-09-28 18:20:39 -07:00
Brady Wetherington f380da3f19 Try to ensure all currency output is formatted correctly. 2021-09-28 16:45:47 -07:00
snipe 2f9582ee5c Switched to loadMissing for performance
Signed-off-by: snipe <snipe@snipe.net>
2021-09-23 17:31:19 -07:00
snipe 3b7ce0091c Load components in the assets API if components=true in API request
Signed-off-by: snipe <snipe@snipe.net>
2021-09-23 17:23:53 -07:00
snipe 6e270c0ed2 Include created_at in pivot
Signed-off-by: snipe <snipe@snipe.net>
2021-09-23 17:23:17 -07:00
snipe 3862b6476b
Merge pull request #10122 from inietov/fixes/api_issue_when_component_checkout
Fixes API Issue when checking out a component
2021-09-23 13:21:48 -07:00
Ivan Nieto Vivanco 7dfab3a6e2 Change the condition to 'bigger or equal' instead of just 'bigger than' in ComponentsController checkout api 2021-09-23 15:02:39 -05:00
snipe a6b3aa5f04 Don't try to delete the file if there is no log entry
Signed-off-by: snipe <snipe@snipe.net>
2021-09-22 19:04:25 -07:00
snipe b4a90045e6 Added totals to depreciation report footer
Signed-off-by: snipe <snipe@snipe.net>
2021-09-21 21:52:18 -07:00
snipe 0763c76a4e Fixed scoping with leftjoin
Signed-off-by: snipe <snipe@snipe.net>
2021-09-21 20:54:24 -07:00
snipe 5d32c17a2e Removed comments
Signed-off-by: snipe <snipe@snipe.net>
2021-09-21 20:01:36 -07:00
snipe 10ca7cffc3 Fixes for query scoping, ordering, and nicer readability
Signed-off-by: snipe <snipe@snipe.net>
2021-09-21 19:59:23 -07:00
snipe 61176335d7 Improved category_type with strtolower() to make it case insensitive
Signed-off-by: snipe <snipe@snipe.net>
2021-09-21 15:51:41 -07:00
snipe 9b52c61d95 Updated banner with better warning
Signed-off-by: snipe <snipe@snipe.net>
2021-09-20 18:49:04 -07:00
snipe 36464bc17d Fix confirmation, because apparently you can't pass that along via cli vs interactively
Signed-off-by: snipe <snipe@snipe.net>
2021-09-20 18:22:06 -07:00
snipe f35208d58d Clean up, find custom fields and drop those columns
Signed-off-by: snipe <snipe@snipe.net>
2021-09-20 18:03:13 -07:00
snipe 4d30edd535 Let's make sure to keep some of the stuff we need on the demo as well
Signed-off-by: snipe <snipe@snipe.net>
2021-09-20 17:29:32 -07:00
snipe 957f33c8cf First stab at a better pave command
Signed-off-by: snipe <snipe@snipe.net>
2021-09-20 17:19:41 -07:00
snipe 8a93e1e796 Remove asset call on depreciation report controller method
We ajax this in now, so no need for it

Signed-off-by: snipe <snipe@snipe.net>
2021-09-15 13:49:53 -07:00
snipe d96f877aa4 Default show_in_nav to 0
Signed-off-by: snipe <snipe@snipe.net>
2021-09-15 11:33:13 -07:00
snipe 02705d0d1a Fixed S3 upload path
Signed-off-by: snipe <snipe@snipe.net>
2021-09-14 12:49:17 -07:00
snipe 80175cffdc Fixed #9969 - added color, show_in_nav, and default_label to status labels API
Signed-off-by: snipe <snipe@snipe.net>
2021-09-10 20:44:49 -07:00
snipe 514f9aa64a Fixed #9973 - add use_default_eula to categories API endpoint
Signed-off-by: snipe <snipe@snipe.net>
2021-09-10 20:23:49 -07:00
Ivan Nieto Vivanco f1b8b7d11d Convert whatever value we get in column 'checkout type' to all lowercase 2021-09-08 12:49:29 -05:00
snipe cfaa6679af
Merge pull request #10031 from inietov/fixes/checkout_date_not_saved_in_asset_history
Fixed #10026: Checkout date not saved in asset history
2021-09-07 17:37:30 -07:00
snipe bb5a04491d
Merge pull request #10053 from inietov/fixes/accepted_assets_still_showing_unaccepted_report
Fix Accepted Assets still showing on Unaccepted Asset Report
2021-09-07 12:15:17 -07:00
snipe f9c0eee7c9
Merge pull request #10048 from inietov/fixes/blank_results_for_non_superadmins
Fix to PR #10009.  The asset search now works as intended for normal users
2021-09-07 12:14:29 -07:00
Ivan Nieto Vivanco 27ff0be9a8 Delete checkout acceptances when an asset is checked in without response 2021-09-07 12:01:32 -05:00
Ivan Nieto Vivanco b5525e6a21 Deleted additional bindings present also in the User model 2021-09-07 00:57:12 -05:00
Ivan Nieto Vivanco c3eb7a3425 Remove aditional bindings that 'overflows' the generated queries 2021-09-07 00:15:21 -05:00
snipe 94310e18b1 Presenters and Transformers for Depreciation report
Signed-off-by: snipe <snipe@snipe.net>
2021-09-01 17:33:59 -07:00
snipe 2f25eb598b Allow the Assets API controller to handle depreciation reports
Signed-off-by: snipe <snipe@snipe.net>
2021-09-01 17:33:39 -07:00
Ivan Nieto Vivanco e621eaf456 Change date showed in the activity report view, the condition is now on action_date 2021-09-01 13:58:17 -05:00
Ivan Nieto Vivanco ea1d7a42e2 Add condition to check if action_date have value and if it have assign it to created_at parameter 2021-09-01 13:08:08 -05:00
snipe 4293674f4a Added a few more fields to the users API
Signed-off-by: snipe <snipe@snipe.net>
2021-08-31 12:36:06 -07:00
snipe aeae681326 Fixecd copypasta from state to zip
Signed-off-by: snipe <snipe@snipe.net>
2021-08-31 12:28:20 -07:00
snipe 4794f93224 Added additional fields for user search
Signed-off-by: snipe <snipe@snipe.net>
2021-08-31 12:24:53 -07:00
snipe f58ed6bd1f
Merge pull request #9982 from Shankschn/master
Fixes: When using API CheckIn assets, there will be two CheckIn records in the Activity Report log for each asset.
2021-08-31 11:08:52 -07:00
Ivan Nieto Vivanco d917ae51b7 Remove e() function from other input fields 2021-08-31 04:01:20 -05:00
Ivan Nieto Vivanco e7470b5545 Remove e() function from the saved notes when updating an asset maintenance 2021-08-31 03:50:57 -05:00
snipe a02534b6c8
Merge pull request #10009 from inietov/fixes/blank_results_for_non_superadmins
Fixes #9985. Error 500 when using the asset search - blank results for non super-admins
2021-08-30 13:29:18 -07:00
snipe 6d3a82aacf
Merge pull request #10008 from uberbrady/fix_unlink_error_ldap
Fixed rb445 and rb446 - the unlink calls for the client-side certs...
2021-08-30 12:47:38 -07:00
Brady Wetherington da0b375773 Fixed rb445 and rb446 - the unlink calls for the client-side certs
need to be wrapped around a file-existence check
2021-08-30 12:29:16 -07:00
Ivan Nieto Vivanco d1304cc975 Add sentence to infer the table's name according to the query passed 2021-08-30 13:44:26 -05:00
snipe 085be16966 Merge remote-tracking branch 'origin/develop' 2021-08-25 14:45:41 -07:00
Ivan Nieto Vivanco 4a79c77630 Add a condition to checkin licenses assigned to Assets 2021-08-25 16:38:34 -05:00
Ivan Nieto Vivanco 137f55e4ce Change condition to return the actual max upload size allowed to files 2021-08-25 15:27:25 -05:00
snipe 4abb9baa95 Merge remote-tracking branch 'origin/develop' 2021-08-24 15:29:41 -07:00
Shanks 961e80404a
Update AssetsController.php
Fix:When using API CheckIn assets, there will be two CheckIn records in the Activity Report log for each asset.
2021-08-24 16:39:58 +08:00
snipe 70f6753f50
Merge pull request #9979 from uberbrady/add_client_side_ldap_certs
Add client side ldap certs
2021-08-23 16:30:46 -07:00
snipe 9285697611 Merge remote-tracking branch 'origin/develop' 2021-08-20 17:30:52 -07:00
snipe 9687bcb41c Fixed issue where consumables model number was not searchable
Signed-off-by: snipe <snipe@snipe.net>
2021-08-20 17:30:35 -07:00
snipe 24af2ab67a Merge remote-tracking branch 'origin/develop' 2021-08-18 14:31:53 -07:00
snipe 7b447a2f16 Merge branch 'develop' of https://github.com/snipe/snipe-it into develop 2021-08-18 14:31:38 -07:00
Ivan Nieto Vivanco f04e23cacb Add a small refactor so we not repeat logic 2021-08-18 15:22:53 -05:00
Ivan Nieto Vivanco 4207858a14 Fix the count in StatuslabelsController@getAssetsCountByStatuslabel() function that allows it to pass the correct index
Also edit the default color for assets with the Pending label, so it match the color in the docs
2021-08-18 14:08:35 -05:00
snipe b88fde5dae Nicer comment formatting
Signed-off-by: snipe <snipe@snipe.net>
2021-08-18 12:07:09 -07:00
snipe b5bb74b8ca Merge remote-tracking branch 'origin/develop' 2021-08-17 22:01:23 -07:00
snipe cce808c784 Fixed #9909 and #9714 - applies v6 currency formatter to v5 [ch16628]
Duplicates d4e46ee41f but on v5

Signed-off-by: snipe <snipe@snipe.net>
2021-08-17 21:59:33 -07:00
Brady Wetherington 4d4badf830 Got the client-side LDAP setup working well enough for sync! 2021-08-17 14:43:36 -07:00
James Emanuel 98285001ac
Fixing Typo on creating Depreciation 2021-08-16 15:33:17 +03:00
snipe 29c584289f Merge remote-tracking branch 'origin/develop' 2021-08-14 14:09:31 -07:00
snipe ef687fdc7b Fixed typo
Signed-off-by: snipe <snipe@snipe.net>
2021-08-14 14:07:04 -07:00
snipe 45caa8a90d Added restore functionalty to asset API
Signed-off-by: snipe <snipe@snipe.net>
2021-08-14 14:06:15 -07:00
Godfrey M 01037cf9cb initial commit: adds migration, input area and transformer modifications for depreciation minimum value [ch15358] 2021-08-10 18:26:43 -07:00
snipe cdc4940338
Merge pull request #9881 from inietov/fixes/integrity_constraint_violation__emailing_password_reset
Fixes Integrity constraint violation when emailing password reset.
2021-07-30 16:01:53 -07:00
Ivan Nieto Vivanco 27cdfbc579 Edit the log message 2021-07-29 16:14:52 -05:00
Ivan Nieto Vivanco 405545cd88 Add exception handling in the ForgotPasswordController 2021-07-29 16:02:45 -05:00
snipe 593e1234a5
Merge pull request #9797 from markbrule/fixes/search_parameter_checkedout_api
Fixed #9671: wrap OR queries in sub-condition in checkedout search
2021-07-27 14:39:10 -07:00
snipe 9a5d9eafeb
Merge pull request #9709 from morning-bird/master
add CompanyableTrait
2021-07-27 14:38:21 -07:00
Ivan Nieto Vivanco 38a2a0c1ee Add the pertinent filters in Accessories and Consumables controllers 2021-07-26 12:59:15 -05:00
snipe 75d4a46fff
Merge pull request #9856 from inietov/bug/ch15413/model_number_is_not_on_accessory_import_dropdown
Fixes: Model Number is not on the Accessory import dropdown of mappable fields [ch15413]
2021-07-24 01:05:26 -07:00
Ivan Nieto Vivanco 0f1c48cb6f Add the field model_number to Accessory importer 2021-07-24 02:38:44 -05:00
snipe 5f842d02ef Fixed namespace
Signed-off-by: snipe <snipe@snipe.net>
2021-07-15 13:24:40 -07:00
Petri Asikainen febf1ec20f Support legacy image_source property 2021-07-14 13:09:50 +03:00
Petri Asikainen 7b12668af4 Merge branch 'develop' of github.com:snipe/snipe-it into feature/api-image-uploads 2021-07-13 17:23:44 +03:00
Oskar Stenberg 5b5874499d Added import for min_amt for consumables 2021-07-12 11:46:19 +02:00
snipe f785c3e759 Default to 1 if no qty is passed
Signed-off-by: snipe <snipe@snipe.net>
2021-07-08 16:04:52 -07:00
Petri Asikainen 4379ea61fa Just mention source of idea as code rewriten 2021-07-08 19:50:33 +03:00
Petri Asikainen 41deabf998 hand legacy image_source field 2021-07-07 09:33:48 +03:00
Petri Asikainen 7a424649c8 convert image_source field
This reverts commit b2d3ba7410.
2021-07-07 09:24:24 +03:00
Petri Asikainen b2d3ba7410 Revert "Handle image_source with ConvertBase64ToFiles"
This reverts commit 168d7f7004.
2021-07-07 09:20:38 +03:00
Petri Asikainen 168d7f7004 Handle image_source with ConvertBase64ToFiles 2021-07-07 09:08:37 +03:00
Mark Brule f706c87cbc wrap OR queries in sub-condition 2021-07-06 20:43:17 +00:00