Commit graph

2251 commits

Author SHA1 Message Date
Marián Skrip 53eae6fbfd Fix issues with update permission naming (#7493)
This solves an issue when admin would be able to create and delete
categories but not edit them.
2019-10-28 11:44:48 -07:00
Alexandr Hacicheant a90149940a Update UsersController.php (#7528)
Returned missed bracket after merge master to develop
2019-10-28 11:43:29 -07:00
snipe 4fe689dc5d Merge branch 'master' of https://github.com/snipe/snipe-it 2019-10-21 15:45:17 -07:00
snipe 0769f585ea Disallow locations from being their own parents 2019-10-21 15:45:05 -07:00
snipe 04562e6d4a Added 4260352 to ldapsync enabled account constraint 2019-10-18 17:48:50 -07:00
snipe 22d2ad9248
Fixes nested location selectlist (#7483)
* Rename child locations method

* Use Ajax dropdown for locations selectlist for edit/create

* Removed locations database call on edit/create blades for faster loading

* Updated locations controller to use the new iterator

* Increase pagination on locations controller to 500

We’re already loading all of that data up beforehand anyway, so no point in keeping the query smaller.

* Fixed the else to make codacy happy

* Improve the design and performance of the nested location selectlist (#7484)

* Improve the design and performance of the nested location selectlist

* Fixed parse errors

* Removed debugging code/comments
2019-10-02 03:56:56 -07:00
snipe 6deb26fafe Remove unused variable 2019-09-30 19:37:52 -07:00
snipe 6c1de7ff05 Apply fix for #6642 to master 2019-09-30 19:21:57 -07:00
snipe ab05a44e0b Merge branch 'develop' of https://github.com/snipe/snipe-it into develop 2019-09-30 19:18:54 -07:00
snipe 7f5f4a1297 Added softwarew support and hardware support to maintenance types 2019-09-24 01:34:23 -07:00
snipe c68c0e1208 Account for limit if none is passed in the request 2019-09-03 20:28:49 -07:00
snipe c256536d21 Math is hard 2019-09-03 14:29:58 -07:00
snipe b8f7cd81eb
Limit API request results per page (#7405) 2019-09-03 14:02:08 -07:00
Martin Berg 3dcef9aac9 Add support for custom remote user header (#7370) 2019-09-03 11:07:26 -07:00
snipe b381528668
Added console rekey tool (#7330)
* Removed console command specifications, since they’re pulled dynamically now

* Added rekey console command

* Removed unused code

* Comment clarifiction

* Handle LDAP password
2019-09-03 11:03:32 -07:00
Logan Swartzendruber 4c8b26f732 Implement #3088: Add "Generate Label" option to "Actions" dropdown menu in individual Asset Details view. (#7388)
* Implement #3088: Add "Generate Label" option to "Actions" dropdown menu in individual Asset Details view.

* Add conditional for including the asset number in the URL of the barcode image.

* Change case of variables to pass Codacy PR review standards.
2019-09-03 11:02:55 -07:00
Rick Heil 7b0b28aed0 Add #7393 - next_audit_date set on asset creation if an audit interval is configured in settings (#7394) 2019-09-03 10:58:51 -07:00
snipe 6d66d7e215 Removed withErrors on JSON response 2019-08-22 21:36:47 -07:00
snipe 0544164015 Fixed Eloquent Builder path in docblock 2019-08-20 18:10:36 -07:00
snipe b6a188a87b Removed erroneous linebreak 2019-08-20 18:10:21 -07:00
snipe b5bf8e9a37 Smaller chunking for custom report, add max_execution_time 2019-08-15 06:14:25 -07:00
snipe da52511bf9 Use asset tags 2019-08-14 23:13:23 -07:00
snipe c5e6f06e9b Revert import history to master version to fix errors 2019-08-14 22:27:17 -07:00
snipe 6db915b7f0 Removed serialize duplicate 2019-08-14 22:22:50 -07:00
snipe a6d486ea8a Fix invalidJSON exception 2019-08-14 22:18:48 -07:00
snipe 441ae69f5c
Integrations/develop into master (#7352)
* Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)

* Added upcoming audit report

TODO: Fid diff/threshold math

* Added route to list overdue / upcoming assets via API

* Controller/API methods for due/overdue audits

We could probably skip this and just handle it via view in the routes…

* Added query scopes for due and overdue audits

* Added audit due console command to kernel

* Added ability to pass audit specs to main API asset search method

* Added audit presenter

* Added bootstrap-tables presenter formatter to display an audit button

* Added gated sidenav items to left nav

* Added audit due/overdue blades

* Cleanup on audit due/overdue console command

* Added language strings for audit views

* Fixed :threshold placeholder

* Removed unused setting variable

* Fixed next audit date math

* Added scope for both overdue and upcoming

* Derp. Wrong version

* Bumped version

(I will release this version officially tomorrow)

* Leave the activated state for users alone in normal LDAP synchronisation. (#6988)

* Fixed #7003 - crash when warranty months or purchase date is null

* Fixed #6956 - viewKeys policy inconsistent  (#7009)

* Fixed #6956 - Added additional gates show showing/hiding license keys

* Modified gate to allow user to see licenses if they can create or edit the license as well

* Added API middleware to API routes to enable throttling

TODO: Figure out how to make this costumizable without touching the code

* Import locations from CSV via command line (#7021)

* Added import locations command

* Small fixes to location importer

* Added country, LDAP OU

* Cleaned up comments, added more clarification to what the script does

* Added ability to update groups via API

Fixes [ch9139]

* Bumped version

* Fixed #6883 - remove escaping of fields on LDAP import

* Fixed #6880 - correctly encrypt encrypted fields via the API

* Fixes #5054: LDAP users deactivated for none-ad (#7032)

When using none-AD ldap, users are automatically deactivated every LDAP
sync.  This commit changes the behaviour so that if the active flag isn't set,
the users are enabled.

Fixed #5054, at least for 4.X

* Updated packages

  - Updating erusev/parsedown (v1.7.2 => 1.7.3): Downloading (100%)
  - Updating squizlabs/php_codesniffer (3.4.1 => 3.4.2): Downloading (100%)
  - Updating symfony/polyfill-mbstring (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/var-dumper (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating league/flysystem (1.0.50 => 1.0.51): Downloading (100%)
  - Updating symfony/translation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating nesbot/carbon (1.36.2 => 1.37.1): Downloading (100%)
  - Updating symfony/debug (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/console (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/finder (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-ctype (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php70 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/http-foundation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/event-dispatcher (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/http-kernel (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/process (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/routing (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-util (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php56 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/psr-http-message-bridge (v1.1.1 => v1.1.2): Downloading (failed)
Downloading (100%)
  - Updating rollbar/rollbar (v1.7.5 => v1.8.1): Downloading (100%)
  - Updating symfony/yaml (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/browser-kit (v3.4.23 => v3.4.27): Downloading (100%)

* Fixed #7044 - API update deleted custom fields if they are not re-presented

* Fixed XSS vulnerability when creating a new categories, etc via modal on create

Same fix as before, because of the weird select2 post-parsing ajax behavior

* Updated email strings

* Fixed #7046 - added user website url back into UI

* Updated language strings

* Bumped version

* Updated packages

* New backups config for spatie

* Removed debugbar service provider (autodiscovery)

* Use laravel v5.5 withCount manual aliases

* Added spatie language files

* Removed old laravel backups config

This config file was renamed in a newer version of spatie laravel-backup

* Set the serialization

* Added the command loader to console kernel

* Renamed fire() to handle()

* Updated withCount to use manual naming

* Updated backup path in backup admin

* Updated travis with new php versions

* Bumped laravel version in readme

* Fixed custom field edit screen

* Fixed baseUrl is undefined error

I literally cannot figure out how this ever worked before.

* Fix for included files in backup

* Bumped version

* Switch has() to filled()

* Change ->has() to ->filled()

* Removed cosole log

* Bumped packages

* Use getReader instead of fetchAssoc for CSV parser

https://csv.thephpleague.com/9.0/upgrading/

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Trying to fix ajax asset validation

This I think gets us closer, but still not handling the validation on the asset properly.

When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:

```
Illuminate\Support\MessageBag Object
(
    [messages:protected] => Array
        (
            [name] => Array
                (
                    [0] => The name field is required.
                )

            [seats] => Array
                (
                    [0] => The seats field is required.
                )

            [category_id] => Array
                (
                    [0] => The category id field is required.
                )

        )

    [format:protected] => :message
)
```

Currently the Assets ajax returns:

```
[2019-05-24 06:52:06] develop.ERROR: array (
  'messages' =>
  array (
    'model_id' =>
    array (
      0 => 'The model id field is required.',
    ),
    'status_id' =>
    array (
      0 => 'The status id field is required.',
    ),
    'asset_tag' =>
    array (
      0 => 'The asset tag field is required.',
    ),
  ),
)
```

So not sure why it’s not working.

* Fixed missing asset validation

* Check that a model exists before trying to fiddle with fieldsets

* Tidied up license check

* Removed extra escaping on checkin

* Updated importer to work with newer CSV Reader::getRecords() method

* Fixed field mapping

* Small fix for reordering fields

Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151]

This needs revisiting for a more solid fix, especially for data that was already entered bad.

* Fixed bug where sorting by company name in Users API did not work

Fixes [ch9200]

* Removed custom fields from AssignedSearch to prevent confusing data in selectlist

Fixes [ch9193]

* Removed alert-danger from tests

* Fixed missed consumables_count withCount() statement

* Fixed Undefined variable user in $backto if checked out to a non-user

Fixes [ch9194]

* Check for valid model before attempting to access fieldsets

Fixes [ch1249]

* Only build the log upload destination path if there is a matching record

Fixes [ch1232]

* Fixed free_seats_count variable name

(I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables)

* Only gtry to delete the file if a record is found in the log

* Only try to get fieldset if model is valid

* Fixed more camel-casing -> snake-casing

* Only display the file if the log record can be found

* Fixed casing in sync command

* Updated README

* Derp - typo

* Added link to Atlassian plugin

* More Atlassian clarifications

* Show accessory image on view page

* Increased image size to 800px, added lightboxes

* Fixed #7083 - Removed user_exists constraint on department save

If the user has been deleted, this prevented the department from being successfully saved on edit

* Updated branch in version file

* Dockerfile update to bring us up to php v7.1 for Laravel 5.5 (#7084)

* bump up to php7.1

& change deprecated MAINTAINER to a LABEL so it is visible with `docker inspect`

* AND modapache ><

* 2 updates required to get software-properties+ppa

* Bumped version

* Bumped release again :(

* Missed one

* Fixed #7098 - updated backup config for deleteFile() method

* Fixed #7092 -  handle weird port forwarding/port numbers for baseUrl

* Bumped version

* Fixed #7099 - set email to null by default for backup notifications

* Removed old comments

* Fixed #7100 - Check if $user isset on checkin

* Increased throttle to 120 requests per minute

* Added Filipino, corrected order for Spanish variations

* Update language strings

* Bumped hash

* Changed has to filled to fix bulk asset editing

* Bumped point version

* Small fixes for phpleague CSB reader v9

* Improved error checking in locations importer

* Fixed #7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility

* Reduce minimum group name length to 2 (from 3)

eg: IT

* Back in time fix FOR #7145 for new installs on MySQL 8+

* Fixed permission insert

//TODO

Handle this via model

* Possible fix for reporting/admin migration back in time

* Fixed #7164 - change table name to permission_groups

* Fixed LDAP password blanking on save

* fixing previous commit's actual wiping of password (#7183)

replaced Input::fille('ldap_pword') with _filled_.   Should be good to go.  

https://github.com/snipe/snipe-it/issues/7179

https://github.com/snipe/snipe-it/issues/7169

* Bumped version

* Downgrading rollbar for Laravel 5.5

* Spelling Correction (#7206)

Fixed Spelling for the word reqrite, to be rewrite.

* Fix #6910: Add logic to manipulate the eloquent query. (#7006)

* Added company_id to consumables_users table

* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users

* Remove a migration that tries to fix this problem, but is not longer necessary

* Addresses #7238 - add PWA code to layout

Needs additional UX testing

* Better log message for bad LDAP connection

* Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed

* Comment clarification on #7186

* Check for valid seat on hardware view

* Added space between footer and custom message

* Cap warranty months to three characters

Filles rollbar 209

* Cap warranty months to 3 on the frontend blade

* Fixed countable() strings on user destroy

* Check that the user has assets and that the aset model is valid

* Bumped hash

* Caps asset warranty to 20 years

* Command to fix custom field unicode conversion differences between PHP versions (#7263)

* Fixes #7252 form request changes (#7272)

* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests

* Removed debug info

* More fixes for #7252

This is mostly working as intended, if not yet the way Laravel wants us to do it.

Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.

* Removed experimental method

* Check for digits_between:0,240 for warranty

* Removed debug code

* Apply fix from PR #7273 to master

* Bumped hash

* Fixed #7250 - permission issue for API fieldsets and fields endpoints

This applies the change from #7294 to master

* Add @mskrip as a contributor

* Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name

* CORS for api (#7292)

* Added CORS support to API

* Changed order so CORS will still work if throttle hit

* Added APP_CORS_ALLOWED_ORIGINS env option

* Fixed typo

* Clarified header comments

* More clarification

* DIsable CORS allowed origins by default to replicate existing behavior

* Change variable name to be clearer

* Bumped version

* Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317)

* Added comments to the ByFilter query scope for clarity

* Added accessories checkout/checkin API endpoint

* Fixed CVE-2019-10742

https://nvd.nist.gov/vuln/detail/CVE-2019-10742

* Update README.md (#7334)

Add reference to CSV importer.

* Group related variables in .env

* History importer fixes

* Fixes to history importer
2019-08-14 21:48:14 -07:00
snipe 8b4a9aa382 Fixes to history importer 2019-08-13 18:15:42 -07:00
snipe 99cd552d5c History importer fixes 2019-08-13 18:00:21 -07:00
snipe e7b0ee2539 Added accessories checkout/checkin API endpoint 2019-08-02 15:08:26 -07:00
snipe 1608dba7dd Commenting again? 2019-07-31 14:29:19 -07:00
snipe c593b3645c Added comments to the ByFilter query scope for clarity 2019-07-31 14:24:01 -07:00
Ivan Nieto 28ae90fa8a Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317) 2019-07-31 13:55:21 -07:00
Ivan Nieto f407b86aa8 Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7318)
💥 Nice work, Ivan!
2019-07-31 13:54:55 -07:00
snipe 3dc2cc9f22
CORS for api (#7292)
* Added CORS support to API

* Changed order so CORS will still work if throttle hit

* Added APP_CORS_ALLOWED_ORIGINS env option

* Fixed typo

* Clarified header comments

* More clarification

* DIsable CORS allowed origins by default to replicate existing behavior

* Change variable name to be clearer
2019-07-26 12:38:31 -07:00
snipe ab86e42b2e Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name 2019-07-26 12:37:38 -07:00
snipe 250a797339 Fixed #7250 - permission issue for API fieldsets and fields endpoints
This applies the change from #7294 to master
2019-07-24 11:00:42 -07:00
Marián Skrip 8a1f6b74e8 Fix permission issue for API fieldsets and fields endpoints (#7294)
Close snipe/snipe-it#7250
2019-07-24 10:57:09 -07:00
snipe 74e647fea7 Apply fix from PR #7273 to master 2019-07-18 14:37:48 -07:00
snipe 55ee90b25d
Fixes #7252 form request changes (#7272)
* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests

* Removed debug info

* More fixes for #7252

This is mostly working as intended, if not yet the way Laravel wants us to do it.

Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.

* Removed experimental method

* Check for digits_between:0,240 for warranty

* Removed debug code
2019-07-18 14:32:23 -07:00
snipe eec445fcf5
Command to fix custom field unicode conversion differences between PHP versions (#7263) 2019-07-18 14:30:18 -07:00
Ivan Nieto af1857b6ee Fix for the issue when the user tries to query assets due for audit without appropiate configuration [ch9625] (#7273)
* Added propper routes to the controller

* Logic to handle the not setted ->audit_warning_days variable

* Change the variable name for more clarity

* Got rid of the unnecesary if sentence in sake of brevity

* Adding the null coalesce operator so it can properly handle when the setting is null
2019-07-18 14:08:55 -07:00
snipe cef22c3158 Caps asset warranty to 20 years 2019-07-18 09:49:58 -07:00
snipe 444e250609 Fixed countable() strings on user destroy 2019-07-17 17:51:13 -07:00
snipe 15bfd07f30 Cap warranty months to three characters
Filles rollbar 209
2019-07-17 12:13:15 -07:00
snipe b4b6d6b571 Comment clarification on #7186 2019-07-15 15:31:09 -07:00
snipe 8c73a47afb Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed 2019-07-15 15:27:02 -07:00
snipe f82ffe378c Merge branch 'master' of https://github.com/snipe/snipe-it 2019-07-15 14:11:18 -07:00
snipe 984c2a8fd4 Better log message for bad LDAP connection 2019-07-15 14:10:57 -07:00
Ivan Nieto d409be6d43 Fix #6910: Add logic to manipulate the eloquent query. (#7006)
* Added company_id to consumables_users table

* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users

* Remove a migration that tries to fix this problem, but is not longer necessary
2019-07-15 13:02:44 -07:00
Thomas Misilo e1b33f3087 Spelling Correction (#7206)
Fixed Spelling for the word reqrite, to be rewrite.
2019-06-27 18:33:13 -07:00
Kasey 03a4512406 fixing previous commit's actual wiping of password (#7183)
replaced Input::fille('ldap_pword') with _filled_.   Should be good to go.  

https://github.com/snipe/snipe-it/issues/7179

https://github.com/snipe/snipe-it/issues/7169
2019-06-19 14:21:53 -07:00
snipe de992e4df3 Fixed LDAP password blanking on save 2019-06-14 17:20:37 -07:00
snipe a85251aa83 Fixed #7164 - change table name to permission_groups 2019-06-14 10:37:20 -07:00
Diogenes S. Jesus 4c61d330e6 fix Paginator (#7157) 2019-06-14 09:54:09 -07:00
snipe 30904dd019 Reduce minimum group name length to 2 (from 3)
eg: IT
2019-06-12 15:56:19 -07:00
snipe 1d0d25db37 Fixed #7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility 2019-06-12 15:51:47 -07:00
snipe cbff66c9db Improved error checking in locations importer 2019-06-10 18:50:41 -07:00
snipe 27231d49ea Small fixes for phpleague CSB reader v9 2019-06-03 22:05:16 -07:00
snipe 49a255c8fb Changed has to filled to fix bulk asset editing 2019-05-31 14:11:43 -07:00
snipe d2bbc09892 Increased throttle to 120 requests per minute 2019-05-31 11:57:57 -07:00
vicleos c6039cbc1d Vicleos fix storage namespace (#6901)
* Update CompaniesController.php

fixed companies destroy error

* fix Storage namespace loss
2019-05-30 19:10:04 -07:00
snipe 74a2c29bc2 Fixed #7100 - Check if $user isset on checkin 2019-05-30 19:06:30 -07:00
snipe 2c64739e8f Removed old comments 2019-05-30 19:02:20 -07:00
snipe 829d44bd27 Fixed #7098 - updated backup config for deleteFile() method 2019-05-29 14:47:55 -07:00
snipe a014af4c47 Fixed #7083 - Removed user_exists constraint on department save
If the user has been deleted, this prevented the department from being successfully saved on edit
2019-05-28 13:18:31 -07:00
snipe 2dd31544fe Increased image size to 800px, added lightboxes 2019-05-24 19:11:08 -07:00
snipe 237acdcff0 Show accessory image on view page 2019-05-24 18:22:57 -07:00
snipe b2c9a38db8 Fixed casing in sync command 2019-05-24 16:12:43 -07:00
snipe 6dcdb5abae Only display the file if the log record can be found 2019-05-24 16:06:52 -07:00
snipe 56576d9e45 Fixed more camel-casing -> snake-casing 2019-05-24 16:01:12 -07:00
snipe d5c3ee5ed0 Only try to get fieldset if model is valid 2019-05-24 15:44:54 -07:00
snipe 18db0a50f1 Only gtry to delete the file if a record is found in the log 2019-05-24 15:44:40 -07:00
snipe d596ced0a0 Fixed free_seats_count variable name
(I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables)
2019-05-24 15:44:18 -07:00
snipe 78fb2b2239 Only build the log upload destination path if there is a matching record
Fixes [ch1232]
2019-05-24 15:28:53 -07:00
snipe 1472e9d5b5 Check for valid model before attempting to access fieldsets
Fixes [ch1249]
2019-05-24 15:03:15 -07:00
snipe fcbc7e4540 Fixed Undefined variable user in $backto if checked out to a non-user
Fixes [ch9194]
2019-05-24 14:51:27 -07:00
snipe 93bf541ce7 Fixed missed consumables_count withCount() statement 2019-05-24 14:21:53 -07:00
snipe 1e6c85da41 Removed custom fields from AssignedSearch to prevent confusing data in selectlist
Fixes [ch9193]
2019-05-24 13:50:11 -07:00
snipe c5a23e8f5e Fixed bug where sorting by company name in Users API did not work
Fixes [ch9200]
2019-05-24 13:37:20 -07:00
snipe b6d2392303 Small fix for reordering fields
Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151]

This needs revisiting for a more solid fix, especially for data that was already entered bad.
2019-05-24 12:05:52 -07:00
snipe d6f251e992 Updated importer to work with newer CSV Reader::getRecords() method 2019-05-24 11:44:57 -07:00
snipe 4be95eac4b Removed extra escaping on checkin 2019-05-24 11:44:39 -07:00
snipe 8914d14681 Tidied up license check 2019-05-24 05:26:52 -07:00
snipe d4725b61be Check that a model exists before trying to fiddle with fieldsets 2019-05-24 04:48:04 -07:00
snipe aa0b627fe7 Fixed missing asset validation 2019-05-24 04:47:35 -07:00
snipe 5be5e3271d Trying to fix ajax asset validation
This I think gets us closer, but still not handling the validation on the asset properly.

When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:

```
Illuminate\Support\MessageBag Object
(
    [messages:protected] => Array
        (
            [name] => Array
                (
                    [0] => The name field is required.
                )

            [seats] => Array
                (
                    [0] => The seats field is required.
                )

            [category_id] => Array
                (
                    [0] => The category id field is required.
                )

        )

    [format:protected] => :message
)
```

Currently the Assets ajax returns:

```
[2019-05-24 06:52:06] develop.ERROR: array (
  'messages' =>
  array (
    'model_id' =>
    array (
      0 => 'The model id field is required.',
    ),
    'status_id' =>
    array (
      0 => 'The status id field is required.',
    ),
    'asset_tag' =>
    array (
      0 => 'The asset tag field is required.',
    ),
  ),
)
```

So not sure why it’s not working.
2019-05-24 03:55:31 -07:00
snipe dd5d5cc07c Handle JSON validation errors like 5.4 2019-05-24 01:12:38 -07:00
snipe 84c3709161 Handle JSON validation errors like 5.4 2019-05-24 01:12:21 -07:00
snipe 96e2d74ae3 Handle JSON validation errors like 5.4 2019-05-24 00:46:30 -07:00
Steffen 27dcb4d27b Allow empty filter (=== '' doesn't work) (#6999) 2019-05-23 19:59:27 -07:00
sreyemnayr f85ac97d8c Feedback for Kits; Fix checkins for accessories (#7060)
* Kits feedback

* Fix accessory checkin
2019-05-23 19:39:30 -07:00
snipe bf93e8cc32 Use getReader instead of fetchAssoc for CSV parser
https://csv.thephpleague.com/9.0/upgrading/
2019-05-23 19:09:58 -07:00
snipe 2d036c64e9 Change ->has() to ->filled() 2019-05-23 17:39:50 -07:00
snipe 8db2470ac4 Switch has() to filled() 2019-05-23 17:17:46 -07:00
snipe 12ec2d1f7a Fixed custom field edit screen 2019-05-22 01:07:14 -07:00
snipe 6cd25fbdeb Updated backup path in backup admin 2019-05-22 00:56:14 -07:00
snipe 4be8ba9f17 Updated withCount to use manual naming 2019-05-22 00:52:51 -07:00
snipe df8008f1ed Renamed fire() to handle() 2019-05-22 00:52:32 -07:00
snipe 77547c528b Added the command loader to console kernel 2019-05-22 00:52:14 -07:00
snipe bfb910f375 Set the serialization 2019-05-22 00:51:43 -07:00
snipe b2eacb147b Fixed #7046 - added user website url back into UI 2019-05-21 18:55:12 -07:00
snipe 0358d13ddb Fixed #7044 - API update deleted custom fields if they are not re-presented 2019-05-20 11:49:18 -07:00
Bob Clough 096393389c Fixes #5054: LDAP users deactivated for none-ad (#7032)
When using none-AD ldap, users are automatically deactivated every LDAP
sync.  This commit changes the behaviour so that if the active flag isn't set,
the users are enabled.

Fixed #5054, at least for 4.X
2019-05-16 09:31:55 -07:00
snipe 9eb7b668d1 Fixed #6880 - correctly encrypt encrypted fields via the API 2019-05-15 19:33:30 -07:00
snipe 6728089106 Fixed #6883 - remove escaping of fields on LDAP import 2019-05-15 19:15:41 -07:00
snipe 888bdbdb68 Added ability to update groups via API
Fixes [ch9139]
2019-05-15 16:39:34 -07:00
Ivan Nieto e40a5a70a5 RTF support added (#7024)
* Added the Gatte Facade to AssetsController

* Added the filetype RTF in the modal to upload files

* Added validation of RTF files
2019-05-15 15:47:40 -07:00
snipe d67c931f6a
Import locations from CSV via command line (#7021)
* Added import locations command

* Small fixes to location importer

* Added country, LDAP OU

* Cleaned up comments, added more clarification to what the script does
2019-05-13 02:27:19 -07:00
snipe d016076806
Fixed #6956 - viewKeys policy inconsistent (#7009)
* Fixed #6956 - Added additional gates show showing/hiding license keys

* Modified gate to allow user to see licenses if they can create or edit the license as well
2019-05-08 08:14:49 -04:00
snipe 23fa5d0bf4 Fixed #7003 - crash when warranty months or purchase date is null 2019-05-07 15:33:57 -04:00
Joris van Eijden 486c708911 Leave the activated state for users alone in normal LDAP synchronisation. (#6988) 2019-05-06 09:40:53 -04:00
snipe 407445456a Merge branch 'features/6204_email_audit-alerts' into develop
# Conflicts:
#	app/Console/Commands/LdapSync.php
#	app/Console/Kernel.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/LicensesController.php
#	composer.json
#	composer.lock
#	config/version.php
#	resources/views/auth/two_factor_enroll.blade.php
2019-05-06 08:45:13 -04:00
snipe e5c2d77c7d
Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)
* Added upcoming audit report

TODO: Fid diff/threshold math

* Added route to list overdue / upcoming assets via API

* Controller/API methods for due/overdue audits

We could probably skip this and just handle it via view in the routes…

* Added query scopes for due and overdue audits

* Added audit due console command to kernel

* Added ability to pass audit specs to main API asset search method

* Added audit presenter

* Added bootstrap-tables presenter formatter to display an audit button

* Added gated sidenav items to left nav

* Added audit due/overdue blades

* Cleanup on audit due/overdue console command

* Added language strings for audit views

* Fixed :threshold placeholder

* Removed unused setting variable

* Fixed next audit date math

* Added scope for both overdue and upcoming

* Derp. Wrong version

* Bumped version

(I will release this version officially tomorrow)
2019-05-05 22:32:52 -04:00
snipe a86409868e Derp. Wrong version 2019-05-05 22:31:43 -04:00
snipe e4a298ca2a Added scope for both overdue and upcoming 2019-05-05 22:13:30 -04:00
vicleos ab8792a13d Update CompaniesController.php (#6900)
fixed companies destroy error
2019-05-05 20:57:28 -04:00
snipe 7497eaf302 Removed unused setting variable 2019-05-05 19:58:08 -04:00
snipe 7d416d1175 Fixed :threshold placeholder 2019-05-05 19:57:23 -04:00
snipe 7b194c678c Cleanup on audit due/overdue console command 2019-05-05 19:22:08 -04:00
snipe 05a85c628f Added audit presenter 2019-05-05 19:20:17 -04:00
snipe 0f0ffd39a8 Added ability to pass audit specs to main API asset search method 2019-05-05 19:19:56 -04:00
snipe 996a4cc29b Added audit due console command to kernel 2019-05-05 19:15:24 -04:00
snipe 0e234bac70 Added query scopes for due and overdue audits 2019-05-05 19:14:02 -04:00
snipe ab060288fa Controller/API methods for due/overdue audits
We could probably skip this and just handle it via view in the routes…
2019-05-05 19:13:37 -04:00
snipe e46cccdf90 Added upcoming audit report
TODO: Fid diff/threshold math
2019-05-04 17:52:17 -04:00
snipe ce16eae508 Merge branch 'master' of https://github.com/snipe/snipe-it 2019-05-02 15:20:52 -07:00
snipe dc73dbfbfd Fixed #6911 - note must be a string on license checkin 2019-05-02 15:20:47 -07:00
snipe dae26e0378 Remove “Imported from LDAP” note override 2019-04-18 17:56:08 -04:00
snipe 1bb1f7342f Fixed #6922 - date_add crashing if EOL is null 2019-04-18 15:49:59 -04:00
snipe 420e8bc85a Allow phone number to be changed in Profile 2019-04-18 14:13:50 -04:00
snipe fe553aec02 Added first-initial dot lastname format for usernames/email
Fixed [ch1379]
2019-04-02 18:21:54 -07:00
Ivan Nieto b1f96448af Remove old redundant code in LicensesController, added an offset to AccessoriesController for pagination to work correctly (#6847) 2019-04-02 10:13:58 -07:00
Martin Meredith b779e274cc Fix usage of Google2FA Facade (#6864) 2019-03-27 22:01:38 -07:00
Martin Meredith 83257af267 Fix imports for 2FA Login (#6855) 2019-03-26 14:10:56 -07:00
snipe 109a29b5fc Fix error in tests 2019-03-20 04:39:50 -07:00
snipe acb90c7aee Horrible master -> dev merge that makes baby jesus cry :(
# Conflicts:
#	app/Http/Controllers/Auth/LoginController.php
#	composer.json
#	composer.lock
#	resources/views/auth/two_factor_enroll.blade.php
2019-03-20 02:24:23 -07:00
snipe bca82684a1 Merge branch 'hotfixes/2fa_qr' into develop
# Conflicts:
#	.all-contributorsrc
#	Dockerfile
#	README.md
#	app/Console/Commands/LdapSync.php
#	app/Http/Controllers/Api/ImportController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/CategoriesController.php
#	app/Http/Controllers/CompaniesController.php
#	app/Http/Controllers/DepartmentsController.php
#	app/Http/Controllers/ImportsController.php
#	app/Http/Controllers/LocationsController.php
#	app/Http/Controllers/ManufacturersController.php
#	app/Http/Controllers/SuppliersController.php
#	app/Http/Requests/ItemImportRequest.php
#	app/Http/Transformers/ActionlogsTransformer.php
#	composer.json
#	composer.lock
#	config/app.php
#	config/version.php
#	docker/startup.sh
#	public/css/build/all.css
#	public/css/dist/all.css
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/dist/all.js
#	public/mix-manifest.json
2019-03-20 02:17:02 -07:00
snipe da015ec4a8
Fixed #6834 and #6402 - use inline QR code generation for 2FA (#6840)
* Fixed  #6834 and #6402 - use inline QR code generation for

* Update auth controllers to use translations

* Updated composer lock

* Added comments

* Moar comments

* Typo
2019-03-20 01:24:31 -07:00
snipe 335e8ffaaa Typo 2019-03-20 01:22:20 -07:00
snipe 8d0ee9e531 Moar comments 2019-03-20 01:21:34 -07:00
snipe cc5c7d33e7 Added comments 2019-03-20 01:14:58 -07:00
snipe 5699e021de Update auth controllers to use translations 2019-03-20 00:50:09 -07:00
snipe cf92618c70 Fixed #6834 and #6402 - use inline QR code generation for 2019-03-20 00:49:44 -07:00
snipe a874dbb0d0 Working attempt, but will try with old library for mininal footprint 2019-03-19 23:18:16 -07:00
snipe 8ed268819e Fixed XSS 2019-03-18 21:09:57 -07:00
snipe dee92cfc6c
Fixes XSS vulnerabilities (#6831)
* Properly escape log_meta values

* Vue syntax fix to allow npm run dev to work again

* Janky fix for Select2 bug

* Compiled production assets

* Escape user’s last name in API

* Removed duplicate alertClass

* Compiled production assets
2019-03-18 20:49:32 -07:00
snipe 0e1289f12f
Fixes #6821 - fixed 2 fa active for users list (#6822)
* Fixed #6821 - confusing UI for 2FA when 2FA is universally enforced

I also updated the language in the user’s listing table to clarify what “activated” means

* Added login enabled info to user view

* Clarified comments

* Added info about 2FA on user profile

Because why not

* Added nowrap to table, and added 2FA reset for superadmins
2019-03-18 11:59:02 -07:00
snipe 7b33f95e83
Fixes/import permissions mask (#6826)
* Check for empty headers in import

* Added import permission

* Fixed model path in docblock

* Added import gate to default blade

* Check if the user is an admin OR idf they have import permissions

* Walked back that admin permission

Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
2019-03-18 11:58:08 -07:00
Ivan Nieto bebdbdfb87 Fix #6763. Import Stuck Processing - Error - Can only flip STRING and INTEGER values! (#6804)
* Added validation for errors when the Import Field to map isn't setted

* A slightly correction to the error message

* Added the translation strings for the Error Message
2019-03-14 12:32:40 -07:00
snipe 26c0cf5d33 Allow null for logCheckin $action_date 2019-03-14 01:22:29 -07:00