Commit graph

110 commits

Author SHA1 Message Date
Daniel Meltzer 323c3807fa Cleanup controller escaping (#3084)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.

* Extend Supplier phone/fax length.

This catches issues found in testing with a phone number with a five digit extension.  fex (356) 654-3024 x36632

Also move away from escaping all values put into eloquent.  Eloquent
already uses PDO parameter binding, and this was leading to names like
Mr Ryan O'Malley turning into an html escaped version of that name when
stored.  All values should be escaped when using {{}}, we'll just have
to be more cautious when we use {!!, but I think we already are?

* Remove additional escaping here, like we did in suppliers controller.

* No need to eager load all of these relationships when we can call the count on the querybuilder directly

* Work on controller cleanup

* Always start from scrach, catches more issues this way.

* Update sql dump.  Remove old code from permissions test.

* Generate a deletable item on demand in the test, rather than relying on one existing.  I think we should probably move to mock all the database stuff at some point..

* More travis related fixes

* Break script into multiple functional lines

* Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
Daniel Meltzer cd8c585377 Discussion: Moving to policies for controller based authorization (#3080)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
Daniel Meltzer ae2cb5fe68 Make delete routes work. (#3077)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.
2016-12-19 10:42:33 -08:00
snipe 4751bcd002 Use redirect()->route instead of ->to 2016-12-15 20:02:47 -08:00
snipe e8945ad85e Fixed hardware.show for controller 2016-12-15 18:17:20 -08:00
snipe aab0933856 Use url() helper over URL::to 2016-12-15 16:41:36 -08:00
snipe cf2b57cb15 More for #3057 2016-12-15 15:15:11 -08:00
snipe e67b3e474f Use more RESTy method names, uses route names where possible (#3059, #3060) 2016-12-15 04:09:40 -08:00
snipe 7c774352e5 Fix depreciated lists() method 2016-12-14 09:55:35 -08:00
snipe 863e200430 Hopefully fixes tons of PEBKAC where users have the wrong app.url 2016-12-14 08:20:05 -08:00
Daniel Meltzer d722ed3823 Partialize forms (#2884)
* Consolidate edit form elements into reusable partials.

This is a large code change that doesn't do much immediately.  It
refactors all of the various edit.blade.php files to reference
standardized partials, so that they all reference the same base html
layout. This has the side effect of moving everything to the new fancy
"required" indicators, and making things look consistent.

In addition, I've gone ahead and renamed a few database fields.  We had
Assetmodel::modelno and Consumable::model_no, I've renamed both to
model_number.  We had items using ::note and ::notes, I've standardized
on ::notes.  Component used total_qty where consumables and accessories
used qty, so I've moved everything to qty (And fixed a few bugs in the
helper file in the process.

TODO includes looking at how/where to place the modal javascripts to
allow for on the fly creation from all places, rather than just the
asset page.

Rename assetmodel::modelno to model_number for clarity and consistency

Rename consumable::model_no to model_number for clarity and consistency

Rename assetmodel::note to notes for clarity and consistency

Port asset and assetmodel to new partials layout.  Adapt all code to the renamed model_number and notes database changes.  Fix some stying.

* Share a settings variable with all views.

* Allow editing the per_page setting.  We showed the value, but we never showed it on the edit page..

* use snipeSettings in all views instead of the long ugly path.

* War on partials. Centralize all bootstrap table javascript

* Use model_number instead of modelno in importer

* Codacy fix.

* More unification/deduplication.  Create an edit form template layout that we use as the base for all edit forms.  This gives the same interface for editing everything and makes the edit.blade.* files much easier to read.

* Use a ViewComposer instead of sharing the variable directly.  Fixes artisan optimize trying to hit the db--which ruins new installs

* Fix DB seeder.

* Base sql dump and csv's to import data from for tests.

* Start some functional tests for creating items.

* Add functional tests for all create methods.  Still need to do tests for edits, deletes, and lots of other things

* Improvements to functional tests.

Use the built in DB seeding mechanism instead of doing it ourselves.
Break the tests into multiple units, rather than testing everything in
each function.

* Some improvements to acceptance tests.

Make sure we're only looking at the "trs" within the bootstrap table.
Creation of assets is now tested at the functional level (and is faster)
so ignore it here.

I'm testing acceptance tests with the
IMPORT_{ASSETS,ACCESSORIES,CONSUMABLES}.csv in the tests/_data folder
imported.

* A few things to make acceptance tests work.  Add a name to the companies table, and make the locations table have the correct name

* Use a .env.tests file for testing functional and unit to allow a separate database.

* Add functional tests for compoents, groups, and licenses.

* Now that the config is in the functional.yml, this just confuses things.

* Start some functional tests for creating items.

* Add functional tests for all create methods.  Still need to do tests for edits, deletes, and lots of other things

* Improvements to functional tests.

Use the built in DB seeding mechanism instead of doing it ourselves.
Break the tests into multiple units, rather than testing everything in
each function.

* Some improvements to acceptance tests.

Make sure we're only looking at the "trs" within the bootstrap table.
Creation of assets is now tested at the functional level (and is faster)
so ignore it here.

I'm testing acceptance tests with the
IMPORT_{ASSETS,ACCESSORIES,CONSUMABLES}.csv in the tests/_data folder
imported.

* update db dump

* Update tests to new reality

* env for the test setup

* only load the database at beginning of tests, not between each Functional test.

* Fix a miss from renaming note to notes.

* Set Termination date when creating an asset.  It was only set on edit.

* Rename serial_number to serial in components for consistency.

* Update validation rules to match limits in database.  Currently we just accepted the values and they were truncated when adding to DB.

* Much more detailed functional testing of creating items.  This checks to make sure all values on form have been successfully persisted to database.
2016-11-16 16:56:57 -08:00
Daniel Meltzer e85241af6a Log checkouts (#2772)
* Ensure the log has a target before trying to fetch the associated company

* Log creation of items, both in importer and manually
2016-10-12 18:45:32 -07:00
Daniel Meltzer 2a95a95e00 Company to logs (#2717)
* Fix the actionlog/companyables problem by adding a company_id to all actionlogs and scoping directly on that.  Works around bugs in laravel where trying to hunt down the polymorphic relationship would lead to an infinite loop

* Scope companyables in getactivityreport.  Also eager load.

* Improve reportscontroller, work on seeder to test this.

* Only show company users in checkout dialogs

* If no admin associated with log, it might be a request.  Leave blank instead of saying deleted admin

* When injecting company_id, use target instead of user if user is a superadmin

* Build up the seeder to generate users, companies, and logs.

* Eager load the log, don't scope the users log because the log should already include things only related to the user.
2016-09-29 22:20:49 -07:00
snipe 9091385182 Merge branch 'hotfixes/purchase_cost' into develop
# Conflicts:
#	app/Http/Controllers/ReportsController.php
#	config/version.php
2016-09-27 19:13:21 -07:00
snipe ee2522571c Fixes #2673 2016-09-27 19:07:30 -07:00
snipe f1c458185d Client-side pagination on asset report for faster loading 2016-09-27 14:56:05 -07:00
snipe b6cc7e7c14 Fixes bug where 12-hour fprmat for hours was used 2016-09-26 22:35:51 -07:00
snipe 819ca2921b Fixes bug where 12-hour format was used for hours 2016-09-26 22:34:09 -07:00
Andrés Núñez 40f00665b3 Translate emails (#2652)
* commit temporal

* final translation commit -- added email translations

* final translation commit -- removed file for spanish translations

* final translation commit -- removed file for spanish translations

* added missing translations

* method overrided and config files back to default

* config files back to default

* config files back to default
2016-09-26 14:13:07 -07:00
snipe c3cd329604 Merge branch 'develop' of github.com:snipe/snipe-it into develop 2016-09-23 13:14:18 -07:00
snipe 2ba4986396 Updated history importer message 2016-09-23 13:14:11 -07:00
Eammon Hanlon 580091269d mkdir not recursive (#2460)
* Fix path to snipeit-ssl.crt (#2428)

* Modified 'recursive' part of the tuple to true
2016-09-21 12:05:06 -07:00
snipe 7fdd4fbe98 Updates to the history importer to make it a little less brittle and provide better feedback 2016-09-20 09:22:49 -07:00
snipe aecef2618f Add reply-to for mail 2016-09-20 07:20:40 -07:00
Daniel Meltzer 2d8269ddcd Checkout Improvements, and initial support for requesting an asset model (#2573)
* Create a new action_log table to replace asset_log.  Use Polymorphism to generalize class and targets.  Port everything I can find to use it.  Add a migration to port the asset_logs table to action_logs.

* Initial work on requestable asset models

* Backend work for polymorphic requests table to store checkout requests.

* Add missing files

* Add a record to the db when requesting items.  Build up a testing route for interfacing with this.

* Users can now toggle requests of items on the request page.  Reformat page to use the same tab layout we use elsewhere

* Polymorphic request function.  Implement requesting of asset models.  Need to port mail/slack to notifications still.

* Implement requesting of asset models.  Build up emails and notifications to support it.  Allow specifying a quantity of model to request.

* Add view to show currently requested assets.  Needs some work and cleanup, but it isn't accessible from anywhere yet.
2016-09-15 19:58:27 -07:00
snipe 7bde0f4f92 Fixes #2586 2016-09-08 20:01:46 -07:00
Daniel Meltzer e86adccf19 Actionlog Class: Improvements and polymorphism (#2561)
* Save progress

* Create a new action_log table to replace asset_log.  Use Polymorphism to generalize class and targets.  Port everything I can find to use it.  Add a migration to port the asset_logs table to action_logs.

* Allow accepted_id to be nullable.

* Comment out the thread_id migration, because it b0rks on a new database with the move.  I'm unsure if the thread_id does anything...It doesn't seem to be used

* Clean up all old methods from Actionlog model.  Port everything to use new cleaner interface.

* Port the actionlog factory to fix travis.

* Adjust code to work on php5.  Also fix lurking adminlog call.

* Remove weird code

* Port the pave command.  Also fix dangling adminlog
2016-09-06 19:39:42 -07:00
snipe 67315d81d6 Fixes #2134 - hide archived assets from list all 2016-09-01 13:28:15 -07:00
Daniel Meltzer 276e0a7114 Importer: Implement item update and interface improvments (#2507)
* Add support for updating assets to the importer.

If an asset with a matching asset tag is found, and the --update flag is
passed to the importer, we edit the matching asset with any
asset-specific values, and persist to the database.  Any missing/blank
values are skipped.

TODO: Add to web interface, add support in consumables/accessories

* Allow deleting of files on the import page.

* Extend web interface to allow updating of imported items.

This adds a modal dialog to the import process.  Currently the dialog
allows the choice of update vs ignore, and choosing the item type to
import (Accessory, Asset, Consumable).

Also use Helper::ParseFloat() for purchase_cost processing.  It exists,
and fixes issues on my end at least.

* Implement editing of consumables and accessories.

* Rename getProcessImportFile to postProcessImportFile to reflect how it's now used

* Fix copy-pasta error.
2016-08-29 15:49:32 -07:00
snipe 96eb832fd3 Only decrypt if the user is an admin 2016-08-25 21:03:24 -07:00
snipe 130c798c90 Only accept a new value for encrypted fields if the user is an admin 2016-08-25 20:59:54 -07:00
snipe 11b9df4b48 Use updated L5 request method 2016-08-25 17:11:52 -07:00
snipe 0c2524954f Removed unusued status_id variable 2016-08-25 17:10:09 -07:00
snipe 85f3e7e3d4 Added filter by status type 2016-08-23 15:51:59 -07:00
snipe d9f2e7bf58 If custom field is type URL, display it as a link 2016-08-18 12:44:55 -07:00
snipe 4c8c58d453 Clean up divs for gates in list view 2016-08-18 12:31:45 -07:00
Daniel Meltzer 5959f83de3 Rename parseCurrencyString to formatCurrencyOutput to clarify what it does better. 2016-08-16 20:47:53 -05:00
Daniel Meltzer 0c912bcf49 Fix more number_format madness.
This does two main things:
1) The importer now imports as numbers, not parsed strings.  This allows
is to format values on output instead of input, which is what was
happening in most places.

2) Add a Helper::parseCurrencyString method and port everything to use
this.  This checks to see if the value is numeric or empty, and returns
the appropriate value in all cases.  Should fix all known occurances of
number_format expections.
2016-08-16 20:41:28 -05:00
Daniel Meltzer a852c624d3 Fix 2347 (#2394)
* Prevent multiple checkouts of the same asset.

This adds a new method to the Asset model, availableForCheckout.
Port getDataTable to use availableForCheckout instead of doing the
check manually.

Fixes Issue #2347

* Use availableForCheckout in categories controller.  Also gate the checkin/checkout actions here.

* Use gate and availableForCheckout in manufactuers as well.
2016-08-16 13:02:42 -07:00
snipe 7edf1db101 Small tweaks to history 2016-08-12 19:03:32 -07:00
snipe 41a20d8f66 Tidied up some debugging code, better explanation 2016-08-12 17:10:03 -07:00
snipe c73cbccffc Method to import CSV history 2016-08-12 16:01:59 -07:00
Daniel Meltzer dbd96a4c10 Don't try to format a formatted number string. (#2396)
The importer already formatted/parsed numbers on input into the db
(maybe it shouldn't have?) so running number_format on that string
throws an exception.  Check to make sure the value is numeric before
formatting it.
2016-08-11 19:13:49 -07:00
snipe 1612562f41 Create log record and send EULA when creating a new asset that’s checked out 2016-08-02 10:33:44 -07:00
snipe 17d5e40e02 Fixes #2383 2016-08-02 09:54:31 -07:00
snipe 8246a319a2 Fixes #2363 and #1097 2016-08-02 00:54:38 -07:00
snipe 27adeb427e Generate barcodes locally and try to serve them if they exist 2016-08-01 22:56:28 -07:00
zjean fcb1d6ac15 Fixed feedback on #2349 (#2359) 2016-07-29 13:59:50 -07:00
Daniel Meltzer eef8d1609e Small fixes (#2350)
* components.view should point to view, not create

* Fix comment

* Rename variable to accurately reflect its responsibility

* Fix line breaks in serial key, remove places where adding line breaks makes no sense.  Fixes #2344
2016-07-28 20:59:42 -07:00
snipe 68b7b8f932 Fixes Carbon date 2016-07-28 08:51:01 -07:00