Commit graph

43 commits

Author SHA1 Message Date
snipe aa8f1378c9 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	README.md
#	app/Http/Controllers/Accessories/AccessoriesController.php
#	app/Http/Controllers/Api/AssetMaintenancesController.php
#	app/Http/Controllers/Api/AssetModelsController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Controllers/AssetMaintenancesController.php
#	app/Http/Controllers/Assets/AssetFilesController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Assets/BulkAssetsController.php
#	app/Http/Controllers/Components/ComponentsController.php
#	app/Http/Controllers/Consumables/ConsumablesController.php
#	app/Http/Controllers/Licenses/LicenseFilesController.php
#	app/Http/Controllers/Licenses/LicensesController.php
#	app/Http/Controllers/Users/UserFilesController.php
#	app/Http/Transformers/AssetsTransformer.php
#	app/Http/Transformers/LicensesTransformer.php
#	app/Importer/UserImporter.php
#	app/Models/Asset.php
#	config/app.php
#	config/version.php
#	package-lock.json
#	public/js/build/app.js
#	public/js/dist/all.js
#	public/js/dist/bootstrap-table.js
#	public/mix-manifest.json
#	resources/lang/en/admin/users/message.php
#	resources/lang/is/button.php
#	resources/lang/ja/admin/kits/general.php
#	resources/lang/ro/admin/users/general.php
#	resources/lang/zh-HK/admin/depreciations/general.php
#	resources/lang/zh-HK/admin/models/general.php
#	resources/views/hardware/qr-view.blade.php
#	resources/views/hardware/view.blade.php
#	resources/views/partials/bootstrap-table.blade.php
#	resources/views/users/view.blade.php
#	routes/web.php
#	routes/web/hardware.php
#	routes/web/models.php
#	routes/web/users.php
2021-10-20 17:26:41 -07:00
snipe ccd430ce07 Switched back down to debug level
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 12:38:21 -07:00
snipe f306401e7e Fixed SVG XSS vuln
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 12:26:45 -07:00
Laravel Shift 802dc9240d Shift bindings
PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser.
2021-06-10 20:16:56 +00:00
Laravel Shift 934afa036f Adopt Laravel coding style
Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions.

You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started.

[1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer
[2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 20:15:52 +00:00
Ivan Nieto Vivanco 9f944ad497 Added the 'required' attribute to the input file n the upload file form modal. Added a validation for the UserFilesController if the user doesn't select any file to upload [ch16471]. 2021-05-27 15:48:13 -05:00
snipe 9f2b4c721d Allow password reset from user profile
Signed-off-by: snipe <snipe@snipe.net>
2021-05-26 15:32:23 -07:00
Brady Wetherington c7626f8387
Add new StorageHelper and use it where it makes sense (#9276) 2021-03-15 12:26:39 -07:00
Ivan Nieto Vivanco d64b35c348
Added a condition to ensure that only assets checked out to an user that is being deleted are updating their status (#9233) 2021-03-01 13:07:23 -08:00
Brady Wetherington 70e6a6ced6
Fix issue where users with edit permission cannot invoke LDAP sync (#9058)
* Fix issue where users with edit permission cannot invoke LDAP sync

* Make User::class consistent with usage elsewhere in the same directory
2021-01-27 15:36:43 -08:00
Ivan Nieto 6e83679528
Instead of return a JSON response, redirect back to the previous screen (#9055) 2021-01-27 12:01:42 -08:00
snipe 10648de9af
Bulk Checkin and Delete also edit users [ch15107] 2020-09-04 16:02:25 -07:00
snipe 8ec99ff433
Merge pull request #8374 from snipe/fixes/moar_flysystem
WIP - More Flysystem fixes
2020-08-31 09:45:27 -07:00
snipe c23e28d0df
Merge pull request #8372 from snipe/fix_adldap_sync
Fix adldap sync
2020-08-26 13:34:07 -07:00
snipe d25a05d748
Misc Flysystem/image upload request fixes 2020-08-26 11:53:36 -07:00
snipe f385f3e928
Fixed user image upload
TODO: We should probably rename the avatar field on the user’s table, to make it more consistent with the other model images
2020-08-26 02:30:23 -07:00
snipe e5dd6035b9
Fixed the other upload handleUploads signatures 2020-08-24 18:32:40 -07:00
Brady Wetherington 262a964760 [WIP] fix ldap-sync for v5 with AdLdap2 2020-08-14 14:45:05 -07:00
snipe 8ccc1c6515
Fixed weird merge in Bulk Users Controller
Signed-off-by: snipe <snipe@snipe.net>
2020-05-27 22:46:42 -07:00
Daniel Meltzer b3fe47bfa7
Remove/Reorganize logic to make codacy happier. 2020-05-23 15:24:10 -04:00
Daniel Meltzer 136df9418f
Deadcode-- 2020-05-23 15:24:10 -04:00
snipe c7b300a50d
Updated LDAP sync controller to use new Adldap2 connections
Signed-off-by: snipe <snipe@snipe.net>
2020-04-23 22:45:44 -07:00
snipe 039f5da0e1
Add image upload to user edit [ch10508] (#7877)
* Use correct Request include

* Updated to use additional form request

* Added SVG sanitizer

* Added response method to form request

* Allow ImageUploadRequest to accept fieldname params, added SVG sanitization, fixed delete

* Fixed upload path for avatars

* Added fieldname variable to blade partial for image upload

* Added enctype="multipart/form-data"  to form to allow uploads

* Added image field

* Updated Request::old() to use $request->old()

* Fixed derp in edit blade referring to $item when it should be $user

* Added svg+xml to image rule
2020-03-05 18:00:24 -08:00
snipe 94ce8cad64 Make sure $user->item exists before trying to count on it 2019-12-11 14:43:46 -08:00
snipe c31e150935 Use $request->input over Request::get() 2019-12-11 11:09:54 -08:00
snipe 296de34e8a
WIP: Upgrade develop to Laravel 6.6.1 (#7637)
I'm going ahead and merging this, since the upgrade doesn't break Flysystem any worse than the current develop is broken, so far as I can tell. 


* Upgraded framework to Laravel 6

### TO DO:

- Fix password restriction rules- the old library isn’t compatible with Laravel 6 :(
- Figure out why in-app API calls are returning “Unauthorized”

* More updates from Input:: to Request:: helper

* Switch to Request:: from Input

* Added passport config

* Fixed goofy password minimum in seeder

* Added laravel/helpers

* Changed ($item)  to ($item->id) in forms

I have no idea why this is necessary

* Changed ($item) to ($item->id) in forms

* Updated API middleware to auth:api

* Updated with added laravel auth.php values

* FIxed *&!^$%^&$^%!!!! ajax issue

* Switch to Request::get from Input::get

* Switched to Request facade

* Added password security minimums back in

The package we were using has not been updated to Laravel v6, so I created custom validators instead

* Added language strings for error messages for password rules

* Fixed `($item)` issue in formActions for partials
2019-12-10 19:32:50 -08:00
Valentyn Tulub 6ad1f51673 Added #6489: show asset assignments under user assignments (#7293)
* Add a setting to show assets assigned to other assets #6489

* Update user's views to show assets assigned to other assets #6489

* Add ukrainian and russian translation for the feature #6489 in settings
2019-12-06 10:57:48 -08:00
Marián Skrip 53eae6fbfd Fix issues with update permission naming (#7493)
This solves an issue when admin would be able to create and delete
categories but not edit them.
2019-10-28 11:44:48 -07:00
Martin Meredith e3e0d57f56 Minor code cleanup bits and bobs (#6805)
* Add IDE Helper files

* Cleanup imports

- Alphabetises imports
- Removes unused imports

* Add Platform requirements

* Move filling asset into block where asset exists

* Remove duplicate array keys
2019-03-13 20:12:03 -07:00
snipe 245b3ca09f Fixed #6061 - Assigned user group cannot be removed 2019-02-12 23:49:42 -08:00
snipe 4fd469e07b Prevent editing special users demo mode 2019-02-04 19:13:55 -08:00
Colin Campbell 8c632f63b0 Misc ldap fixes (#6631)
* misc_ldap_fixes: Map location from OU, not group

* misc_ldap_fixes: Ensure ldap is initialised for import

* misc_ldap_fixes: Import Job Title

* misc_ldap_fixes: Import telephone, fix field select from schema

* misc_ldap_fixes: Cleanup login error-handling, fix boolean tests
2019-01-24 16:15:44 -08:00
Steffen 1de9087427 LDAP fixes (#6533)
* Add iCheck png files to webpack config (inconsistency for css <> png) and blue.png to public folder

* php 7.3 collect() fix (undefined variable)

* Fix travis ci

* Add iCheck png files to webpack config (inconsistency for css <> png) and blue.png to public folder

* php 7.3 collect() fix (undefined variable)

* change LDAP implementation from model to (singleton) service

* Re-apply check for content in ldap_server variable before parsing

* Update LDAP implementation

* Switch iCheck to minimal as referenced in js

* Don't init on load but on first access via init (returns ldap enabled status)

* Re-Enable notifications

* Re-add missing test target php versions

* Only init() once (singleton class, so ldap variable is already set)
2019-01-10 13:20:43 -08:00
snipe 93947b09c5 Small fix for #6484 - corrected LDAP sync command name 2018-12-11 15:18:30 -08:00
Wes Hulette 34246ee4ef [WIP] v5 Develop: New LDAP implementation (#6352)
* Fixed missing oauth tables during setup.

* WIP New LDAP implementation

* WIP New LDAP implementation

* WIP New LDAP implementation


Merge remote-tracking branch 'origin/WIP_LDAP' into WIP_LDAP

* WIP New LDAP implementation

Added Adldap2 to handle ldap intergration.

* Updated per PR quality review

* Added specific LDAP settings method

* Corrected version number

* Added return documentation

* Added imports

* Changed class to be injected into controller

* Updated with PR suggestions
2018-12-06 14:05:43 -08:00
snipe 20b26effdb Fixed #6349 - add view permission for print all assigned 2018-10-19 16:46:46 -07:00
Wes Hulette 3831ee9f5a Fixed #5811 - Non US Characters in user export (#6132)
* Added Freebsd as vagrant machine for development

* Ran npm audit fix

Manually added peer depenencies

* Added charset=UTF-8 to content-type

Removed reference to throttle model as is is not longer included.
2018-08-28 12:37:58 -07:00
snipe 1543cdbc61 Set activated checkbox to 1 by default on new user 2018-08-14 18:17:37 -07:00
Daniel Meltzer e368a20427 Use filled instead of has. (#6033)
I think this merged in a weird order and was missed by the global
find/replace.  This fixes bulkassets/bulkusers editing.

At some point we should look at refactoring BulkAssetsController@edit to
only run one DB query, rather than one per item.
2018-08-02 09:54:19 -07:00
snipe 400913631c Use language strings for bulk password reset 2018-07-30 20:37:19 -07:00
snipe 006a3adea0 Added ability to trigger forgotten password emails for users 2018-07-30 20:31:02 -07:00
snipe 86c1f11bec Change $request->has to $request->filled unilaterally 2018-07-24 22:51:31 -07:00
Daniel Meltzer 64d649be7f Monster: Cleanup/Refactor http controllers. (#5916)
* Extract a handlesimages trait to centralize logic for parsing/storing images on upload in create/edit methods.

* Use same image upload/layout in accessories as consum+components.

* Monster: Cleanup/Refactor http controllers.

This cleans up docblocks, pulls most non-crudy actions into their own
controllers, and does general cleanup/logic refactoring.  There /should/
be no functional changes, but we all know how should works..

Extract checkin/checkout functions to a separate controller for accessories.

Move controllers to subdirectory.

Cleanup AssetModelsController

Extract component checkin/checkout

Assorted cleanups/doc/formatting in controllers.

Refactor LicenseController.

Refactor UsersController

Update viewassetscontroller.

* Codacy cleanups

* More codacy cleanups.  Extract a LicenseCheckout Form request as well.

* A bit more refactor/cleaning of the license checkout method.

* Review Related Cleanups

* Fix most of the item_not_found translations.  In many cases, the
string being generated did not even use the id parameter.  Where it
does, pass it as id instead of as a different value.

* Remove some old $data arrays from when we manually sent emails from
the controllers.  This has been superseeded by the notification system
(yay!)

* Bugfix: Only log the checkin of an accessory if the checkin completes sucessfully.
2018-07-24 19:35:26 -07:00