Commit graph

382 commits

Author SHA1 Message Date
Daniel Meltzer 323c3807fa Cleanup controller escaping (#3084)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.

* Extend Supplier phone/fax length.

This catches issues found in testing with a phone number with a five digit extension.  fex (356) 654-3024 x36632

Also move away from escaping all values put into eloquent.  Eloquent
already uses PDO parameter binding, and this was leading to names like
Mr Ryan O'Malley turning into an html escaped version of that name when
stored.  All values should be escaped when using {{}}, we'll just have
to be more cautious when we use {!!, but I think we already are?

* Remove additional escaping here, like we did in suppliers controller.

* No need to eager load all of these relationships when we can call the count on the querybuilder directly

* Work on controller cleanup

* Always start from scrach, catches more issues this way.

* Update sql dump.  Remove old code from permissions test.

* Generate a deletable item on demand in the test, rather than relying on one existing.  I think we should probably move to mock all the database stuff at some point..

* More travis related fixes

* Break script into multiple functional lines

* Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
Daniel Meltzer cd8c585377 Discussion: Moving to policies for controller based authorization (#3080)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
Daniel Meltzer ae2cb5fe68 Make delete routes work. (#3077)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.
2016-12-19 10:42:33 -08:00
snipe 9ea05bacf3 User resource routes 2016-12-15 20:52:39 -08:00
snipe 4751bcd002 Use redirect()->route instead of ->to 2016-12-15 20:02:47 -08:00
snipe f832b15cf3 Components routes 2016-12-15 19:59:42 -08:00
snipe e685e0f019 Cleaned up custom fields controllers, views, names, etc 2016-12-15 19:17:07 -08:00
snipe 37b4b29653 Fixed URL for statuslabels route 2016-12-15 18:23:26 -08:00
snipe 01f9deb5a6 Fixed forgotten to-> to ->route 2016-12-15 18:20:41 -08:00
snipe d6b41759f0 Updated manufacturers, suppliers, depreciations for new route resources 2016-12-15 18:18:13 -08:00
snipe e8945ad85e Fixed hardware.show for controller 2016-12-15 18:17:20 -08:00
snipe c308fbce0d Updated resources, named routes, tests for Locations 2016-12-15 17:12:22 -08:00
snipe 3e4be6671e Updated categories with resty routes 2016-12-15 16:42:47 -08:00
snipe f182a7db2a Removed leading slash for url helper 2016-12-15 16:42:14 -08:00
snipe aab0933856 Use url() helper over URL::to 2016-12-15 16:41:36 -08:00
snipe b7a2c4c26d Use Request instead of Input:: 2016-12-15 15:56:52 -08:00
snipe c6ab34faee Updated Companies for #3059 2016-12-15 15:48:30 -08:00
snipe 6c8e9327c1 Fixed Request path 2016-12-15 15:47:08 -08:00
snipe cf2b57cb15 More for #3057 2016-12-15 15:15:11 -08:00
snipe ad1bf86a08 And still more license route updates 2016-12-15 13:07:34 -08:00
snipe bea1a93e9b More license route updates 2016-12-15 12:48:15 -08:00
snipe 1ab414453f Use $request instead of Input:: 2016-12-15 12:47:12 -08:00
snipe eb9207d0fe Fixed license routes in getDataTable 2016-12-15 12:14:16 -08:00
snipe 0c5d3d1c74 Updated license routes 2016-12-15 11:57:19 -08:00
snipe a6b975b168 More updates for #3060, #3058 2016-12-15 06:11:03 -08:00
snipe e67b3e474f Use more RESTy method names, uses route names where possible (#3059, #3060) 2016-12-15 04:09:40 -08:00
snipe 37c847ea08 Clearer/updated/named custom fields routes
This is still broken
2016-12-14 09:56:23 -08:00
snipe 7c774352e5 Fix depreciated lists() method 2016-12-14 09:55:35 -08:00
snipe 863e200430 Hopefully fixes tons of PEBKAC where users have the wrong app.url 2016-12-14 08:20:05 -08:00
snipe 68ac4abe2c Updated throttling override for 5.3 2016-12-14 06:30:51 -08:00
snipe 433adb1dcb Updated traits and method names for 5.3 2016-12-14 05:06:51 -08:00
snipe 5cd7e84d98 Renamed Password controllers to new 5.3 versions 2016-12-14 05:06:15 -08:00
snipe 65db55908a Rename to AuthController to LoginController 2016-12-14 04:30:56 -08:00
Daniel Meltzer 927a12f78d Fix #2985. Missed in the field rename (#3014) 2016-12-05 15:09:14 -08:00
snipe 7ccef51a4f Removed some dumb comments 2016-12-01 02:25:53 -08:00
snipe 4c418bf622 Remove unused $request variable 2016-12-01 02:13:00 -08:00
snipe 16cfdbaa93 Redirect the lost password success back to login 2016-12-01 02:04:43 -08:00
snipe 3f8f6ad981 Fixes #2995 - adds max login attempts/duration as .env option 2016-12-01 02:04:15 -08:00
snipe d8d800bb7a Fixes #2997 - don’t include soft-deleted maintenances 2016-12-01 00:55:00 -08:00
snipe 68b9ffb908 Only allow login via LDAP if the user was already imported or created via LDAP 2016-12-01 00:29:45 -08:00
snipe 6c366eb112 Fixes potential login issue if password syncing is set to true 2016-11-30 20:39:43 -08:00
snipe f5e100a6a5 Only allow asset files to be deleted, maintenances to be added if user has assets.edit permission 2016-11-29 13:37:45 -08:00
snipe abcc01f5e0 More language string corrections 2016-11-29 12:48:00 -08:00
snipe 4dbe8fad30 More language string fixes 2016-11-29 08:46:33 -08:00
snipe 7bf1664b8f Allow XML mimetypes 2016-11-29 08:01:08 -08:00
snipe b0d8711002 Add .lic as possible license file type 2016-11-29 07:22:45 -08:00
snipe 53404f3d1c Fixes asset model clone 2016-11-29 06:16:52 -08:00
snipe f605821143 Remove unneeded use statements 2016-11-29 06:14:33 -08:00
snipe cab331f3f8 Link model name in category view 2016-11-29 06:14:20 -08:00
snipe eb340b0fa9 Add fieldset to asset model listing 2016-11-29 06:06:52 -08:00