Commit graph

98 commits

Author SHA1 Message Date
snipe e98823f7fa Added 403 to sad panda page
Signed-off-by: snipe <snipe@snipe.net>
2024-07-05 11:54:49 +01:00
snipe ae9085b11f Modernize use statements, switch to auth()
Signed-off-by: snipe <snipe@snipe.net>
2024-07-04 20:49:22 +01:00
snipe 9a0db72eb4 More strings
Signed-off-by: snipe <snipe@snipe.net>
2024-06-20 15:40:38 +01:00
snipe 69cf697aa3 Added 2fa translation string
Signed-off-by: snipe <snipe@snipe.net>
2024-06-20 15:20:52 +01:00
snipe fb233c0aa4 Cleaned up facade names and references
Signed-off-by: snipe <snipe@snipe.net>
2024-05-29 12:38:15 +01:00
Brady Wetherington f633dbba64 Merge branch 'develop' into snipeit_v7_laravel10 2024-05-20 12:55:29 +01:00
snipe ca1555d962 Fixed #14664 - allow additional urls in env for CSP
Signed-off-by: snipe <snipe@snipe.net>
2024-05-16 22:19:18 +01:00
Jeremy Price 2adc4ffa96 Fix memory-hog query in AssetCountForSidebar middleware
https://github.com/snipe/snipe-it/pull/14702/files introduced a bug
where instead of doing a quick `select count(*)` of assets, it did a `select *` of
assets, moving the count from the database to the PHP process.

This caused OOM issues in memory-constrained environments with lots of
assets, and also presented a speed issue even when memory limited were
increased.

Additionally, given this populates the sidebar, this was likely an issue
on every page load that included the sidebar.

The fix is simply removing the `all()->`, ending up with Asset::count(),
which yields the desired `select count(*)` DB query.
2024-05-10 12:54:40 -07:00
Tobias Regnery b2a5d86e30 Fixes #14701 - wrong total asset count
The total asset count in the sidenav shows the ready to deploy count instead of the total count.
Fix this by adjusting the query to all assets. Also respect the setting for archived assets.
Add a default value for total assets, since we are now using the settings-variable, which is not available during the setup process.

While at it, move the block for total assets before the ready to deploy assets to match the ordering of the sidenav.

Signed-off-by: Tobias Regnery <tobias.regnery@gmail.com>
2024-05-08 09:34:35 +02:00
snipe 4f12c86e74 Fixes #14692 - set default variables for sidebar totals
Signed-off-by: snipe <snipe@snipe.net>
2024-05-07 08:34:22 +01:00
Brady Wetherington 5b02a43957 Merge branch 'develop' into snipeit_v7_laravel10 2024-05-06 18:44:03 +01:00
snipe 4224bc0c43 Removed extra settings param
Signed-off-by: snipe <snipe@snipe.net>
2024-05-02 12:36:57 +01:00
snipe 860764a436 Use totals for sidebar
Signed-off-by: snipe <snipe@snipe.net>
2024-04-26 19:12:21 +01:00
snipe 2117f61e8c More view sharing for sidebar
Signed-off-by: snipe <snipe@snipe.net>
2024-04-26 19:01:15 +01:00
snipe dfaf01e8aa Updated asset counters
Signed-off-by: snipe <snipe@snipe.net>
2024-04-26 14:02:47 +01:00
Brady Wetherington 65e21faa3e Merge branch 'develop' into snipeit_v7_laravel10
Hopefully, last merge?
2024-04-02 20:34:04 +01:00
Brady Wetherington a2e70dd6b2 Fix [sc-25008] - correct and improve legacy language warnings
The legacy language warning was misfiring when a user's language
didn't match the APP_LOCALE from .env.

Additionally, we weren't properly warning when the legacy-language
came from Settings or from the user themselves. Both of which should
be impossible but still probably not a bad idea to warn on it, anyways
2024-03-08 14:04:21 +00:00
snipe 19e0fb7955 Reverting CSP change
Signed-off-by: snipe <snipe@snipe.net>
2024-03-01 12:25:14 +00:00
snipe 93e69ab0c6 Removed unsafe-inline and unsafe-eval
Signed-off-by: snipe <snipe@snipe.net>
2024-03-01 11:44:49 +00:00
Brady Wetherington f734e196e5 Merge branch 'develop' into snipeit_v7_laravel10 2024-01-08 18:57:55 +00:00
snipe a5947b8109 Added warning in middleware
Signed-off-by: snipe <snipe@snipe.net>
2023-12-19 20:34:45 +00:00
snipe db138479aa Updated locale middleware for mapping
Signed-off-by: snipe <snipe@snipe.net>
2023-12-19 17:43:22 +00:00
Brady Wetherington 9793130f6c Merge branch 'develop' into laravel_v9 2023-04-18 11:01:00 -07:00
snipe 161999fbca Fixed #12772 - use the APP_URL config more consistently
Signed-off-by: snipe <snipe@snipe.net>
2023-04-05 16:05:40 -07:00
snipe f9e190eb32 Updates the Gate “use” statement to be more specific
Signed-off-by: snipe <snipe@snipe.net>
2023-03-18 11:58:09 -07:00
Brady Wetherington 645bba96cd WIP: First stabs at getting Laravel Vite to work; no luck so far :(
Probably going to back out all the 'vite' stuff anyways :/
2023-02-21 19:35:37 -08:00
snipe d52d32fed9 Fixed visibility for constants and methods
Signed-off-by: snipe <snipe@snipe.net>
2023-02-06 12:44:02 -08:00
snipe 0c39c7a53d Updated blades to add byod as a “status”
Signed-off-by: snipe <snipe@snipe.net>
2023-01-18 13:25:46 -08:00
Brady Wetherington 0ddb0f2c81 Switch the barcode backend to SVG, and fix the two-factor middleware 2022-05-13 14:22:27 -07:00
snipe 9aac1cbba4 Merge branch 'master' into rcs/merge_master_into_develop_for_rc_8
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	README.md
#	app/Console/Commands/MoveUploadsToNewDisk.php
#	app/Http/Controllers/ActionlogController.php
#	app/Http/Controllers/Api/LicensesController.php
#	app/Http/Controllers/Api/StatuslabelsController.php
#	app/Http/Controllers/Assets/AssetCheckinController.php
#	app/Http/Controllers/Licenses/LicensesController.php
#	app/Http/Controllers/Users/BulkUsersController.php
#	app/Http/Requests/AssetCheckoutRequest.php
#	app/Importer/LicenseImporter.php
#	app/Models/Actionlog.php
#	app/Models/License.php
#	app/Models/User.php
#	app/Observers/AssetObserver.php
#	composer.lock
#	config/version.php
#	database/factories/LicenseFactory.php
#	database/migrations/2015_09_21_235926_create_custom_field_custom_fieldset.php
#	database/migrations/2018_10_18_191228_add_kits_licenses_table.php
#	database/migrations/2018_10_19_153910_add_kits_table.php
#	database/migrations/2018_10_19_154013_add_kits_models_table.php
#	database/migrations/2019_02_07_185953_add_kits_consumables_table.php
#	database/migrations/2019_02_07_190030_add_kits_accessories_table.php
#	package-lock.json
#	package.json
#	public/css/dist/all.css
#	public/css/dist/bootstrap-table.css
#	public/js/dist/bootstrap-table.js
#	public/mix-manifest.json
#	resources/lang/ar/general.php
#	resources/lang/ar/passwords.php
#	resources/lang/cs/general.php
#	resources/lang/cs/passwords.php
#	resources/lang/de/admin/custom_fields/general.php
#	resources/lang/de/admin/settings/general.php
#	resources/lang/de/admin/settings/message.php
#	resources/lang/fr/admin/custom_fields/general.php
#	resources/lang/fr/admin/hardware/general.php
#	resources/lang/fr/admin/locations/table.php
#	resources/lang/fr/admin/settings/message.php
#	resources/lang/hu/admin/custom_fields/general.php
#	resources/lang/hu/admin/settings/general.php
#	resources/lang/hu/general.php
#	resources/lang/it/admin/settings/general.php
#	resources/lang/nl/admin/custom_fields/general.php
#	resources/lang/nl/admin/settings/general.php
#	resources/lang/nl/general.php
#	resources/lang/pl/admin/custom_fields/general.php
#	resources/lang/sv-SE/passwords.php
#	resources/lang/tr/general.php
#	resources/views/hardware/view.blade.php
#	resources/views/partials/bootstrap-table.blade.php
#	resources/views/reports/activity.blade.php
#	resources/views/users/print.blade.php
2022-04-28 17:49:06 +01:00
snipe bdabbbd4e9 Logout user when their activated status is switched to off
Signed-off-by: snipe <snipe@snipe.net>
2022-03-29 13:44:53 +01:00
snipe e3d2f7cc96 Missed a few
Signed-off-by: snipe <snipe@snipe.net>
2022-03-08 20:05:17 -08:00
snipe d1358b6249 Removed experimental feature policies
Signed-off-by: snipe <snipe@snipe.net>
2022-03-08 16:58:24 -08:00
snipe dd5f812d88 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	.all-contributorsrc
#	README.md
#	app/Console/Commands/FixDoubleEscape.php
#	app/Console/Commands/LdapSync.php
#	app/Exceptions/Handler.php
#	app/Http/Controllers/Api/AssetMaintenancesController.php
#	app/Http/Controllers/Api/AssetModelsController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/CategoriesController.php
#	app/Http/Controllers/Api/CompaniesController.php
#	app/Http/Controllers/Api/DepartmentsController.php
#	app/Http/Controllers/Api/LicensesController.php
#	app/Http/Controllers/Api/LocationsController.php
#	app/Http/Controllers/Api/ManufacturersController.php
#	app/Http/Controllers/Api/SettingsController.php
#	app/Http/Controllers/Api/SuppliersController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/CustomFieldsController.php
#	app/Http/Controllers/SettingsController.php
#	app/Models/Loggable.php
#	app/Providers/AuthServiceProvider.php
#	config/version.php
#	database/migrations/2014_11_04_231416_update_group_field_for_reporting.php
#	database/migrations/2015_11_08_222305_add_ldap_fields_to_settings.php
#	package-lock.json
#	package.json
#	public/js/build/app.js
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/assets/js/components/forms/asset-models/fieldset-default-values.vue
#	resources/views/hardware/view.blade.php
2022-02-20 13:29:12 -08:00
snipe f878e0ad66 Fixes 2FA cookie -> user issue
Signed-off-by: snipe <snipe@snipe.net>
2022-02-15 18:29:23 -08:00
snipe 84a3a85823 Fixed parse error for merge conflict
Signed-off-by: snipe <snipe@snipe.net>
2021-10-28 18:04:03 -07:00
snipe bdf321ecc9
Merge branch 'develop' into change-var-aws-public-url 2021-10-28 17:46:16 -07:00
snipe aa8f1378c9 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	README.md
#	app/Http/Controllers/Accessories/AccessoriesController.php
#	app/Http/Controllers/Api/AssetMaintenancesController.php
#	app/Http/Controllers/Api/AssetModelsController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Controllers/AssetMaintenancesController.php
#	app/Http/Controllers/Assets/AssetFilesController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Assets/BulkAssetsController.php
#	app/Http/Controllers/Components/ComponentsController.php
#	app/Http/Controllers/Consumables/ConsumablesController.php
#	app/Http/Controllers/Licenses/LicenseFilesController.php
#	app/Http/Controllers/Licenses/LicensesController.php
#	app/Http/Controllers/Users/UserFilesController.php
#	app/Http/Transformers/AssetsTransformer.php
#	app/Http/Transformers/LicensesTransformer.php
#	app/Importer/UserImporter.php
#	app/Models/Asset.php
#	config/app.php
#	config/version.php
#	package-lock.json
#	public/js/build/app.js
#	public/js/dist/all.js
#	public/js/dist/bootstrap-table.js
#	public/mix-manifest.json
#	resources/lang/en/admin/users/message.php
#	resources/lang/is/button.php
#	resources/lang/ja/admin/kits/general.php
#	resources/lang/ro/admin/users/general.php
#	resources/lang/zh-HK/admin/depreciations/general.php
#	resources/lang/zh-HK/admin/models/general.php
#	resources/views/hardware/qr-view.blade.php
#	resources/views/hardware/view.blade.php
#	resources/views/partials/bootstrap-table.blade.php
#	resources/views/users/view.blade.php
#	routes/web.php
#	routes/web/hardware.php
#	routes/web/models.php
#	routes/web/users.php
2021-10-20 17:26:41 -07:00
Ivan Nieto Vivanco d184da8611 Fixed typo (thanks @ssddanbrown) 2021-10-08 13:39:49 -05:00
Ivan Nieto Vivanco ef6eea67d8 Set headers in a different manner in the middleware 2021-10-05 14:09:35 -05:00
snipe 9b48732cd2 Force revalidation headers when user logs out
Signed-off-by: snipe <snipe@snipe.net>
2021-10-04 12:52:48 -07:00
Laravel Shift 4ed3d6afb8 Shift HTTP kernel and middleware 2021-06-10 20:17:04 +00:00
Laravel Shift 934afa036f Adopt Laravel coding style
Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions.

You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started.

[1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer
[2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 20:15:52 +00:00
Thomas Misilo 18b1a155bf Change from ENV to config value for PUBLIC_AWS_URL
When running config:cache the env('PUBLIC_AWS'URL') value disappears and isn't available, so it doesn't get added to the CSP Policy.
2021-05-11 09:51:35 -05:00
Tom Misilo 4e408cbc42
Fix CSP Always being Enabled unless in debug mode. (#9543) 2021-05-05 10:51:47 -07:00
Vincent Lainé d6ead5ae17
Added #8931: add health controller without session (#8978)
* Added health controller

* Trying to move session middleware to web and api group to have health controller without session

* Fix health route store the session

Co-authored-by: Vincent Lainé <v.laine@dental-monitoring.com>
2021-01-26 12:10:54 -08:00
snipe 973eacf6c3 Small fixes for SAML
The SAML routes are in a service provide (sigh), so they did not have the `web` middleware group assigned to it.

I also added some additional checks so that the setup blade won’t fail (the migrations wouldn’t have been run yet, so outside of a try/catch, it would return an error since those tables don’t exist.)
2020-11-24 13:51:02 -08:00
snipe b2660002b9
Fixed #8781 - added asset count by status type (#8806) 2020-11-24 12:15:07 -08:00
snipe c7d752fb65 Added S3 url into CSP 2020-11-12 19:50:01 -08:00
snipe 4ccba5337a Added https://gravatar address to CSP 2020-10-23 12:09:03 -07:00