snipe
4fb880384f
Changed comment
2020-06-22 22:37:14 -07:00
snipe
43042ad841
Consolidated ReferrerPolicy into new SecurityHeaders file
2020-06-22 22:35:59 -07:00
snipe
a716382ac4
Removed CSP middleware (it’s added in the general header)
2020-06-22 22:33:37 -07:00
snipe
36c8f7f4f1
Additional security headers
2020-06-22 22:31:01 -07:00
snipe
2ac1c1636c
Better handle the logic to determine if we should display the license checkout blade
2020-06-16 16:12:57 -07:00
snipe
f88683766b
Roll back previous change
...
Signed-off-by: snipe <snipe@snipe.net>
2020-05-14 00:55:47 -07:00
snipe
e4385c0f8c
Fixes #8051 regression
...
Signed-off-by: snipe <snipe@snipe.net>
2020-05-14 00:48:30 -07:00
snipe
0550fe0ffa
Fix for session fixation vulnerability
...
Signed-off-by: snipe <snipe@snipe.net>
2020-05-12 10:31:54 -07:00
snipe
95cc48e422
Added option to disable backup in import
...
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 20:41:10 -07:00
snipe
bb42109c0c
Added a clarifying comment
...
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 18:10:45 -07:00
snipe
b9e821c0e6
Small fix for Group Functional Tests
...
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 18:07:14 -07:00
snipe
5bb4f271aa
Fixed #7987 - allow toggle of required/optional in custom fields/fieldsets
...
Signed-off-by: snipe <snipe@snipe.net>
2020-04-24 00:47:19 -07:00
snipe
197a84be94
Commented out rtd_location_id override - why did we do that?
2020-04-09 14:17:39 -07:00
snipe
b4fa4c77d7
Check for rtd_location_id before trying to assign
2020-04-09 14:14:30 -07:00
snipe
cfec142c3b
Better handle models without a fieldset in the asset request [RB 9935]
2020-04-09 11:18:54 -07:00
snipe
f8a72db696
Changed LDAP 600 to 500, clearer error messages on LDAP test
2020-04-09 09:55:44 -07:00
snipe
206bd675f2
Pulled slack validation out of setting model validation so it doesn’t fail mysteriously on other pages
2020-04-08 15:07:02 -07:00
snipe
a0f7fdc57a
Merge branch 'fixes/accessibility_fixes'
...
# Conflicts:
# public/css/build/all.css
# public/css/dist/all.css
# public/js/build/all.js
# public/js/build/vue.js
# public/js/build/vue.js.map
# public/js/dist/all.js
# public/mix-manifest.json
# resources/assets/js/components/importer/importer-file.vue
2020-04-08 11:19:42 -07:00
snipe
79232fc434
Fixed #7947 - Added rtd_location_id to API search
2020-04-08 11:00:04 -07:00
snipe
0b3f511534
Fixed compact() errors
2020-04-07 17:26:56 -07:00
snipe
893944403e
Check for location_id being set before trying to set it on checkout via API
2020-04-06 15:54:40 -07:00
snipe
d7873f257d
Fixed CSP for importer
2020-04-06 14:18:45 -07:00
snipe
e7c1418314
Fixed possible typo in CSP
2020-04-01 19:47:42 -07:00
snipe
4dcc1ffdbc
More form labels
2020-04-01 02:22:24 -07:00
snipe
7d466f3584
Update user uploads for more data to work with recport
2020-04-01 02:22:16 -07:00
snipe
6174f9b93f
Check that there is actually a filed ID submitted
2020-04-01 01:25:31 -07:00
snipe
a467a6999e
Use upload modal
2020-03-31 22:50:07 -07:00
snipe
6066c249d5
Moved gate to the top of the method
2020-03-06 16:01:13 -08:00
Ivan Nieto
025ea93f05
Fix for when a user with the correct permissions couldn't update Manufacturers. ( #7882 )
...
* Changed the ability name from 'edit' to 'update'. Changed the order of execution: first checks if the manufacturer exists, then checks permissions
* Handles the update method, that also has the ability parameter as edit instead of update"
q
* Revert "Handles the update method, that also has the ability parameter as edit instead of update""
This reverts commit d7dc0e451e
.
* Handles the update method, that also has the ability parameter as 'edit' instead of 'update'
2020-03-06 15:59:51 -08:00
snipe
54fd8f81ff
Added permissions on user api ( #7883 )
...
* Add permissions to user edit API
* Add user permissions on user create/update API endpoint
2020-03-06 15:28:46 -08:00
snipe
ca43554327
Fixes search by serial or tag even if they have slashes in them ( #7879 )
...
* Fixes search by serial or tag even if they have slashes in them
* Added support for url param byTag and bySerial
* Fixed typo comments
* Sojme additional comments to clarify use-cases
* Updated comments for clarity
2020-03-06 14:55:20 -08:00
snipe
8b2f8ef3cb
Spelling is hard :(
2020-03-04 22:19:59 -08:00
snipe
15518852aa
Added validation to reject email addresses over 250 characters
2020-03-04 22:08:07 -08:00
Godfrey Martinez
0e0fe967e4
BadMethodCallException Method update does [ch10544] ( #7804 )
2020-02-10 19:27:23 -08:00
snipe
2f0ed129f0
Use “invalid barcode” image and suppress errors when barcode format is wrong
2020-02-04 18:15:01 -08:00
snipe
3361b859c0
Changes offset to use the actual item count as override instead of 0 ( #7788 )
2020-02-04 12:32:24 -08:00
snipe
89e2a3ae3c
Fixed #7752 - reformat /api/v1/users/me to use transformer
2020-01-30 13:12:43 -08:00
snipe
5f85d8132b
Fix for weird JSON parsing in actionlogs ( #7753 )
...
* Fix for weird JSON parsing in actionlogs
* Removed debugging code
* Check for the meta array
(If no fields, no array)
2020-01-24 17:31:43 -08:00
Ivan Nieto
75bf8f3d58
Remove not existent variable 'id' in the redirect causing [ch10602] ( #7732 )
2020-01-17 16:12:24 -08:00
snipe
324da7c0c8
Include correct license, asset, etc count on user show API call
2019-12-19 18:09:53 -08:00
snipe
779fc6d195
Added license endpoint for users
2019-12-19 18:00:36 -08:00
snipe
ff57f10e9f
Fix for searching on child location names ( #7646 )
...
* Fix for child locations
* Reverts temp changes to indenter
2019-12-06 13:14:10 -08:00
snipe
e71e57f16a
Fixed XSS vulnerability in SVG image uploads [ch10476] ( #7639 )
...
* Added enshrined/svg-sanitize
* Added modular image resizing/SVG cleaning method
(This already exists in v5, so I mostly ported it forward and added the SVG sanitizer.)
* Use improved handleImages method to upload/resize/clean images
* Removed $old_image
This is handled in the ImageUpload request now
2019-12-05 22:23:05 -08:00
snipe
ff8d98c97c
Update child assets to reflect asset parent location ( #7458 )
2019-12-04 16:19:25 -08:00
snipe
88cf456386
Adding Dept to license seats ( #7609 )
...
* Adding Dept to license seats
* Added query scope to order by department
* Make license seat department sortable
* Disable license seat internal search - this never actually worked
2019-11-21 22:03:56 -08:00
snipe
a73fd24695
Fix maintenances permissions check to allow users who can edit assets to edit maintenances
2019-11-08 17:02:17 -08:00
snipe
0769f585ea
Disallow locations from being their own parents
2019-10-21 15:45:05 -07:00
snipe
22d2ad9248
Fixes nested location selectlist ( #7483 )
...
* Rename child locations method
* Use Ajax dropdown for locations selectlist for edit/create
* Removed locations database call on edit/create blades for faster loading
* Updated locations controller to use the new iterator
* Increase pagination on locations controller to 500
We’re already loading all of that data up beforehand anyway, so no point in keeping the query smaller.
* Fixed the else to make codacy happy
* Improve the design and performance of the nested location selectlist (#7484 )
* Improve the design and performance of the nested location selectlist
* Fixed parse errors
* Removed debugging code/comments
2019-10-02 03:56:56 -07:00
snipe
6deb26fafe
Remove unused variable
2019-09-30 19:37:52 -07:00
snipe
c68c0e1208
Account for limit if none is passed in the request
2019-09-03 20:28:49 -07:00