Commit graph

4367 commits

Author SHA1 Message Date
Ivan Nieto 025ea93f05
Fix for when a user with the correct permissions couldn't update Manufacturers. (#7882)
* Changed the ability name from 'edit' to 'update'. Changed the order of execution: first checks if the manufacturer exists, then checks permissions

* Handles the update method, that also has the ability parameter as edit instead of update"
q

* Revert "Handles the update method, that also has the ability parameter as edit instead of update""

This reverts commit d7dc0e451e.

* Handles the update method, that also has the ability parameter as 'edit' instead of 'update'
2020-03-06 15:59:51 -08:00
snipe 54fd8f81ff
Added permissions on user api (#7883)
* Add permissions to user edit API

* Add user permissions on user create/update API endpoint
2020-03-06 15:28:46 -08:00
snipe ca43554327
Fixes search by serial or tag even if they have slashes in them (#7879)
* Fixes search by serial or tag even if they have slashes in them

* Added support for url param byTag and bySerial

* Fixed typo comments

* Sojme additional comments to clarify use-cases

* Updated comments for clarity
2020-03-06 14:55:20 -08:00
snipe 61bdb88ba5 Add @ColinMcNeil as a contributor 2020-03-04 22:38:09 -08:00
snipe 36696ab56e Add @bigtreeEdo as a contributor 2020-03-04 22:37:57 -08:00
snipe f0f9b93652 Add @Godmartinz as a contributor 2020-03-04 22:37:45 -08:00
snipe a2fae76eaf Bumped version 2020-03-04 22:37:17 -08:00
snipe 8b2f8ef3cb Spelling is hard :( 2020-03-04 22:19:59 -08:00
snipe 5307e57bd9 Fix for CVE-2019-10772
Vuln in SVG sanitizer library
2020-03-04 22:15:31 -08:00
snipe 15518852aa Added validation to reject email addresses over 250 characters 2020-03-04 22:08:07 -08:00
snipe 60fc1d3f6d Added/matched forgotten password strings in lang files 2020-03-04 22:07:35 -08:00
snipe d1a8d76d85 Set maxlength in password reset form to 250 2020-03-04 22:06:43 -08:00
snipe 803f5ad0ab
Fixed #7870: fixed SSL connectivity for PaaS DBs (#7874) 2020-03-04 19:39:23 -08:00
Godfrey Martinez 0e0fe967e4
BadMethodCallException Method update does [ch10544] (#7804) 2020-02-10 19:27:23 -08:00
snipe 192917cc84 Slightly better fix for requestable import bug 2020-02-10 17:34:32 -08:00
snipe 81880645ed Possible requestable fix 2020-02-10 11:40:39 -08:00
snipe 9eb4b0dda7 Disallow 0 as a number for labels per page 2020-02-04 19:14:58 -08:00
snipe 2f0ed129f0 Use “invalid barcode” image and suppress errors when barcode format is wrong 2020-02-04 18:15:01 -08:00
snipe 3361b859c0
Changes offset to use the actual item count as override instead of 0 (#7788) 2020-02-04 12:32:24 -08:00
bigtreeEdo e27a9b137b
added 'requestable' to fillable attributes. (#7787) 2020-02-03 19:37:03 -08:00
snipe 89e2a3ae3c Fixed #7752 - reformat /api/v1/users/me to use transformer 2020-01-30 13:12:43 -08:00
snipe 5f85d8132b
Fix for weird JSON parsing in actionlogs (#7753)
* Fix for weird JSON parsing in actionlogs

* Removed debugging code

* Check for the meta array

(If no fields, no array)
2020-01-24 17:31:43 -08:00
snipe ca1285ec08 Updated favicon 2020-01-23 19:49:46 -08:00
Ivan Nieto 75bf8f3d58 Remove not existent variable 'id' in the redirect causing [ch10602] (#7732) 2020-01-17 16:12:24 -08:00
snipe 324da7c0c8 Include correct license, asset, etc count on user show API call 2019-12-19 18:09:53 -08:00
snipe 779fc6d195 Added license endpoint for users 2019-12-19 18:00:36 -08:00
Colin McNeil db59106c3e Move ldap import ini settings to config (#7679) 2019-12-19 11:51:55 -08:00
snipe 88fb1370f0 Added slightly friendlier error handling for assets without models
This scenario should never happen, barring someone manually editing their data, but better to handle that scenario in a more user-friendly way.
2019-12-06 18:17:03 -08:00
snipe 943cf40247 Merge branch 'master' of https://github.com/snipe/snipe-it 2019-12-06 13:14:31 -08:00
snipe ff57f10e9f
Fix for searching on child location names (#7646)
* Fix for child locations

* Reverts temp changes to indenter
2019-12-06 13:14:10 -08:00
snipe 91bb76fd8a Bumped version 2019-12-06 13:05:20 -08:00
snipe 893454dca7 Updated translations 2019-12-06 12:03:04 -08:00
snipe de0b5a6149 Fixes #6440 - quote marks in the right place 2019-12-06 11:04:16 -08:00
Dustin B 8fd4e35244 Closes #6440 Print All Assigned - New Tab (#7135)
Should add the functionality to, by default open in a new tab and not reference back to the source page. Reduces overhead and should resolve #6440. 

Untested, need confirmation.
2019-12-06 11:00:01 -08:00
snipe e71e57f16a
Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639)
* Added enshrined/svg-sanitize

* Added modular image resizing/SVG cleaning method

(This already exists in v5, so I mostly ported it forward and added the SVG sanitizer.)

* Use improved handleImages method to upload/resize/clean images

* Removed $old_image

This is handled in the ImageUpload request now
2019-12-05 22:23:05 -08:00
snipe 3f5840d390 Bumped vendor files 2019-12-05 19:53:01 -08:00
dependabot[bot] d3f4205f09 Bump symfony/http-foundation from 3.4.30 to 3.4.36 (#7638)
Bumps [symfony/http-foundation](https://github.com/symfony/http-foundation) from 3.4.30 to 3.4.36.
- [Release notes](https://github.com/symfony/http-foundation/releases)
- [Changelog](https://github.com/symfony/http-foundation/blob/master/CHANGELOG.md)
- [Commits](https://github.com/symfony/http-foundation/compare/v3.4.30...v3.4.36)

Signed-off-by: dependabot[bot] <support@github.com>
2019-12-05 19:37:00 -08:00
Godfrey Martinez 5b946087c4 added a proper response for password errors (#7636) 2019-12-05 17:49:56 -08:00
snipe ff8d98c97c
Update child assets to reflect asset parent location (#7458) 2019-12-04 16:19:25 -08:00
snipe 2fbbe430b5
Removed escaping on custom fields in presenter (#7631) 2019-12-03 17:42:13 -08:00
Godfrey Martinez f0af750b0a Fixed comment (#7617)
* Set theme jekyll-theme-hacker

* fixed commenty about scopebyDeprecationID being identified as a method to location ID

* fixed commenty about scopebyDeprecationID being identified as a method to location ID
2019-11-22 16:13:42 -08:00
snipe 88cf456386
Adding Dept to license seats (#7609)
* Adding Dept to license seats

* Added query scope to order by department

* Make license seat department sortable

* Disable license seat internal search - this never actually worked
2019-11-21 22:03:56 -08:00
snipe d8049209ca Fixed bug where deleted consumable would throw an error on print page 2019-11-21 21:43:54 -08:00
snipe dd40ddf5a5 Fixed an error on audit due list when no audit_warning_days had been set [ch9764] 2019-11-21 21:34:41 -08:00
snipe a73fd24695 Fix maintenances permissions check to allow users who can edit assets to edit maintenances 2019-11-08 17:02:17 -08:00
snipe 70c8ad9797 Bumped minor version 2019-10-28 13:55:21 -07:00
snipe 0290257734 Limit license seats to 999 to prevent latency 2019-10-28 13:48:18 -07:00
snipe 4fe689dc5d Merge branch 'master' of https://github.com/snipe/snipe-it 2019-10-21 15:45:17 -07:00
snipe 0769f585ea Disallow locations from being their own parents 2019-10-21 15:45:05 -07:00
snipe 04562e6d4a Added 4260352 to ldapsync enabled account constraint 2019-10-18 17:48:50 -07:00