Commit graph

1118 commits

Author SHA1 Message Date
snipe d4725b61be Check that a model exists before trying to fiddle with fieldsets 2019-05-24 04:48:04 -07:00
snipe bf93e8cc32 Use getReader instead of fetchAssoc for CSV parser
https://csv.thephpleague.com/9.0/upgrading/
2019-05-23 19:09:58 -07:00
snipe 2d036c64e9 Change ->has() to ->filled() 2019-05-23 17:39:50 -07:00
snipe 8db2470ac4 Switch has() to filled() 2019-05-23 17:17:46 -07:00
snipe 12ec2d1f7a Fixed custom field edit screen 2019-05-22 01:07:14 -07:00
snipe 6cd25fbdeb Updated backup path in backup admin 2019-05-22 00:56:14 -07:00
snipe 4be8ba9f17 Updated withCount to use manual naming 2019-05-22 00:52:51 -07:00
snipe b2eacb147b Fixed #7046 - added user website url back into UI 2019-05-21 18:55:12 -07:00
snipe 0358d13ddb Fixed #7044 - API update deleted custom fields if they are not re-presented 2019-05-20 11:49:18 -07:00
snipe 9eb7b668d1 Fixed #6880 - correctly encrypt encrypted fields via the API 2019-05-15 19:33:30 -07:00
snipe 888bdbdb68 Added ability to update groups via API
Fixes [ch9139]
2019-05-15 16:39:34 -07:00
snipe d016076806
Fixed #6956 - viewKeys policy inconsistent (#7009)
* Fixed #6956 - Added additional gates show showing/hiding license keys

* Modified gate to allow user to see licenses if they can create or edit the license as well
2019-05-08 08:14:49 -04:00
snipe e5c2d77c7d
Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)
* Added upcoming audit report

TODO: Fid diff/threshold math

* Added route to list overdue / upcoming assets via API

* Controller/API methods for due/overdue audits

We could probably skip this and just handle it via view in the routes…

* Added query scopes for due and overdue audits

* Added audit due console command to kernel

* Added ability to pass audit specs to main API asset search method

* Added audit presenter

* Added bootstrap-tables presenter formatter to display an audit button

* Added gated sidenav items to left nav

* Added audit due/overdue blades

* Cleanup on audit due/overdue console command

* Added language strings for audit views

* Fixed :threshold placeholder

* Removed unused setting variable

* Fixed next audit date math

* Added scope for both overdue and upcoming

* Derp. Wrong version

* Bumped version

(I will release this version officially tomorrow)
2019-05-05 22:32:52 -04:00
snipe ce16eae508 Merge branch 'master' of https://github.com/snipe/snipe-it 2019-05-02 15:20:52 -07:00
snipe dc73dbfbfd Fixed #6911 - note must be a string on license checkin 2019-05-02 15:20:47 -07:00
snipe 420e8bc85a Allow phone number to be changed in Profile 2019-04-18 14:13:50 -04:00
snipe da015ec4a8
Fixed #6834 and #6402 - use inline QR code generation for 2FA (#6840)
* Fixed  #6834 and #6402 - use inline QR code generation for

* Update auth controllers to use translations

* Updated composer lock

* Added comments

* Moar comments

* Typo
2019-03-20 01:24:31 -07:00
snipe 0e1289f12f
Fixes #6821 - fixed 2 fa active for users list (#6822)
* Fixed #6821 - confusing UI for 2FA when 2FA is universally enforced

I also updated the language in the user’s listing table to clarify what “activated” means

* Added login enabled info to user view

* Clarified comments

* Added info about 2FA on user profile

Because why not

* Added nowrap to table, and added 2FA reset for superadmins
2019-03-18 11:59:02 -07:00
snipe 7b33f95e83
Fixes/import permissions mask (#6826)
* Check for empty headers in import

* Added import permission

* Fixed model path in docblock

* Added import gate to default blade

* Check if the user is an admin OR idf they have import permissions

* Walked back that admin permission

Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
2019-03-18 11:58:08 -07:00
snipe 858d382e26 Changed logging to info level for LDAP 2019-03-13 15:14:03 -07:00
snipe de16fee00a Change image unlink error log to info from error 2019-03-13 12:22:12 -07:00
snipe 6d98bd6846
Fixed error if item requested or request was deleted (#6786)
ch628
2019-03-05 23:47:36 -08:00
snipe 28a450ea25
Added ability to do full name search in user dropdown selectlist (#6784) 2019-03-05 21:13:39 -08:00
snipe 9575cd2651
Add accessories endpoint to user API (#6775) 2019-03-01 17:21:03 -08:00
snipe b26fbf986f Fixed issue where offset could be greater than total items, resulting in “No results” confusion 2019-02-14 14:49:08 -08:00
snipe 5c9b1ed43a Fixed #6676 - consumables API not respecting category id 2019-02-14 14:48:43 -08:00
snipe 35ebe33e4e
Fixed #6703 - fixes password confirmation (#6711)
* Fixed #6703 - fixes password confirmation

* Removed debugging

* Fixed tests

* I guess we use 10 as the settings for password min in tests

* One more try to fix tests - confirmation won’t validate until password validates
2019-02-13 23:01:19 -08:00
snipe aa1e06f021 One more time…. Fixed #6704 - don’t apply gate to $arrays collection, just check that they can view assets 2019-02-13 04:46:19 -08:00
snipe 30b1cfabf5 Fixed dumb formatting 2019-02-13 04:45:21 -08:00
snipe e75d22ab73 Revert "Fixed #6704 - don’t apply gate to $arrays collection, just check that they can view assets"
This reverts commit b1e17743b8.
2019-02-13 04:44:19 -08:00
snipe b1e17743b8 Fixed #6704 - don’t apply gate to $arrays collection, just check that they can view assets 2019-02-13 04:35:55 -08:00
snipe e2c0f01a10 Fixed #6367 - pass table name and column_id to scopeCompanyables
Solves error: Integrity constraint violation: 1052 Column 'company_id' in where clause is ambiguous
2019-02-13 01:26:11 -08:00
snipe f3c12f38b6 Fixed #6061 - Assigned user group cannot be removed
This bug was a result of attempting to check if the groups field had a value, and only THEN trying to sync the groups. This meant that uf you were removing ALL groups, the  sync wouldn’t be triggered.

This still needs to be updated in the API.
2019-02-12 23:43:38 -08:00
snipe 90cddb7aee
Fixed #6113 - use $asset->fill vs filled() to allow blanking values via API (#6693)
Need to confirm that re-enabling `\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,` won’t mangle anything. I know we ran into some issues when testing a long time ago, but not sure those issues apply anymore, and I can’t remember what they were.
2019-02-12 22:08:38 -08:00
snipe 971fcf5800 Fixed #6633 - return 200 status code 2019-02-04 18:58:28 -08:00
snipe 8f09cca043 Fixed incorrect group route 2019-01-24 15:17:11 -08:00
snipe b293d00699 Switch LDAP error to debug, to avoid crapping up the logs 2019-01-17 20:18:03 -08:00
snipe 75a0cf97e2 Return an error if asset maintenance is associated with a non-existant asset 2019-01-16 02:19:57 -08:00
Sxderp 187206cb88 Fix saving of REMOTE_USER setting broken by 1a64879b6 (#6565)
The previous commit made it such that remote user login could only
be enabled if two factor authentication was also enabled. Unnest
the configuration so that the setting can be applied without.
2019-01-15 13:59:36 -08:00
snipe 8f6ea84fca Fixed #4568 - escaping values in custom report 2018-12-12 19:38:24 -08:00
snipe ea1b792a93 Fixed #6491 - cleaner return methods for PHP 7.3 compact() 2018-12-12 18:23:39 -08:00
snipe 1a10aa0dda Fixed #6349 - add view permission for print all assigned 2018-10-19 16:43:28 -07:00
snipe c7596e7741 Fixed image not uploading on asset create 2018-10-09 17:31:52 -07:00
snipe d4fa81301d Check if user can see assets in statuslabels gate 2018-10-09 16:34:12 -07:00
snipe eea65a3f26 Fixed manufacturers item count 2018-09-28 12:03:27 -07:00
snipe 55846cc717 Changed LOG:: to Log:: 2018-09-26 19:06:31 -07:00
snipe b69b5fdf84 Added counts to location show() API method 2018-09-21 15:50:14 -07:00
snipe adf6e7d1cd Added group support for user API 2018-09-07 18:25:58 -07:00
snipe db907815ff Removed check for active in password reset form 2018-08-21 18:40:27 -07:00
snipe ae6abdddad Check the user is active before displaying password reset
This would only come into play if an inactive user already received a password reset email and then the system was upgraded to prevent those emails from being sent to inactive users
2018-08-14 19:04:47 -07:00
snipe 5db5134ae0 Set activated to default on when new user is created 2018-08-14 18:14:41 -07:00
snipe 05b2b8fb59 Tweaked code/language for password reset 2018-08-14 18:09:33 -07:00
snipe 0100c56046 Only allow password reset if user is active 2018-08-14 17:46:29 -07:00
snipe 614e858e44 Restrict users asset listing to just assets checked out to users 2018-07-25 21:38:14 -07:00
snipe e320d2ba05
Fixed #5944 - added logo option for print-assets page (#5950) 2018-07-24 13:37:02 -07:00
snipe ed78a4b8a0 Fixed activated issue for strict mode 2018-07-24 13:28:59 -07:00
snipe 376eb52f00 Fixed #5938 - added “self location edit” as permission 2018-07-24 12:42:16 -07:00
snipe f4cfb31bf4 Use request object 2018-07-24 12:10:02 -07:00
snipe 227dc7e81d Save model display setting - fix for issue in #5301 2018-07-24 12:10:02 -07:00
Azerothian 66c3f5432d implemented specific seat checkout (#5887) 2018-07-23 20:28:45 -07:00
Daniel Meltzer 059126f642 Checkout update locationid (#5919)
* Fix missing punctuation.  Bad merge.

* If we're checking out to an location, use it's id instead of location_id
2018-07-23 06:47:21 -07:00
Daniel Meltzer 3bc43210ab Add ID to the allowed sort fields in api/Users. (#5929) 2018-07-23 06:46:50 -07:00
Daniel Meltzer 82194cef8a bugfix: updating a user when an admin (not a superuser) would remove any groups from the user. (#5914) 2018-07-21 23:02:06 -07:00
snipe d45e90e358 One more fix for #5893 2018-07-19 14:45:28 -07:00
snipe 7ebb7876c4 Partial fix for #5896
Still need to fix the front end on edit, which seems to be defaulting to boolean
2018-07-19 10:40:07 -07:00
snipe a0c0b7b1eb Fixed #5893 - activated typo 2018-07-19 10:22:08 -07:00
snipe 9d00ae6e50 Fixed #5894 - lookup by asset tag in top search broken 2018-07-19 10:14:02 -07:00
snipe d309f67df0 Set activated to zero if no values passed for active user 2018-07-18 08:27:26 -07:00
snipe 5a1e1c73c9 Include show_in_list option in select 2018-07-18 03:59:02 -07:00
snipe 3be68ec721 Fix location edit permissions 2018-07-18 03:43:45 -07:00
snipe bcd988bb81 Merge branch 'develop' of https://github.com/DeusMaximus/snipe-it into develop
# Conflicts:
#	app/Http/Controllers/Auth/LoginController.php
2018-07-17 01:11:15 -07:00
snipe bf761946da Fix activated check for login 2018-07-16 23:48:46 -07:00
snipe d9fa2f0e91 Fixed #5842 - added components to location detail view 2018-07-16 21:50:14 -07:00
DeusMaximus 7c2da81700
Fix REMOTE_USER Header with IIS and AD
Remove DOMAIN\ portion of DOMAIN\user when using Windows Authentication and IIS with REMOTE_USER.
2018-07-17 14:03:19 +10:00
snipe a4799a495a
Fixes #5859 - add file name/size to file upload UI (#5861)
* Fixes #5859 - add file name/size to file upload UI

* Reverting assetcontroller

Not sure exactly what happened here…

* Production assets
2018-07-16 20:09:53 -07:00
Daniel Meltzer 638a7b2d91 Assetcontroller cleanup (#5858)
* Extract method/cleanup

* Remove apiStore method that is unusued since api controllers.

* Use proper model exception

* Remove old user importer.  This is now supported by the general importer framework.

* Refactor AssetsController methods.

This is a giant diff without many functional changes, mostly cosmetic.
I've pulled a number of methods out of assetscontroller, preferring
instead to create some more targetted controllers for related actions.
I think this cleans up the file some, and suggests some places for
future targetted improvement.

Fix weird missing things.

* Fix Unit test failing after date changes.

* Pass valid string to be translated.

* Some method cleanup for codacy.

* Extract trait for common checkout uses and codacy fixes.
2018-07-16 17:44:03 -07:00
Daniel Meltzer 8f6e0ad5be Only error if checking out to asset with same id (#5845)
A user with an id of 2 is perfectly fine as a checkout_target of an asset with an id of 2.
2018-07-16 14:25:36 -07:00
Daniel Meltzer 50e0b9b84e category_id not category_i (#5844) 2018-07-16 14:23:24 -07:00
Daniel Meltzer b6b93550fe Remove old helpers (#5843)
* Cleanup model bulk-edit

Use the general partials where appropriate, as well as display a list of
what models we are editing in the bulk edit.

* Use new api based fetch/display for modal select2.

This is just copy/pasting the code currently because I'm not entirely
sure how the two pieces of code interact.

* Remove old helper functions that are no longer necessary with our populating of select2 dropdowns via ajax.
2018-07-16 14:22:25 -07:00
Till Deeke baa3be728d Refactoring: A nicer and easier syntax for searching models (#5841)
* Adds the ability to search by dates

Adding extra „where“-conditions to the „TextSearch“ queries, allowing the users to search by dates

* Adds missing dates to $dates in models

* Removes duplicated „where“ conditions

* Adds the Searchable trait to models, defining the searchable attributes and relations

* Removes the old text search methods

* Adds back additional conditions to the search

These conditions could not be modeled in the „attributes“ or „relations“, so we include them here

* Removes unnecessary check for the deleted_at attribute

* Fixes typo in comments

* suppresses errors from Codacy

We can safely ignore the error codacy is throwing here, since this method is a standin/noop for models who need to implement more advanced searches
2018-07-16 14:13:07 -07:00
Till Deeke 240e642fe9 Removes the unused bulk operations for components (#5840) 2018-07-16 14:11:38 -07:00
Till Deeke 0fb9f42ba4 Removes setting the encryption status on update (#5833)
When we are updating a custom field, we don’t want to change the „field_encrypted“-setting on it.
2018-07-13 04:04:30 -07:00
Till Deeke 27699aa99c Adds permission checks for custom fields and custom fieldsets (#5645) (#5795)
* adds permission checks to custom fields

* adds permission checks to custom fieldsets

* adds separate permissions for custom fieldsets

* check for permissions in views

* Removes custom fieldsets from permissions config

* Proxy the authorization for custom fieldsets down to custom fields.

This allows us to use the existing permissions in use and have more semantically correct authorization checks for custom fieldsets.

* simplifies the authorization check for the custom fields overview

* removes special handling of custom fieldsets in base policy

I just realised that this code duplicates the logic from the custom fieldset policy.
Since we are checking for the authorization of custom fields anyway, we can just use the columnName for the fields.

* cleanup of unused imports
2018-07-12 18:28:20 -07:00
Till Deeke 48bbbe0f40 Fixing authorization issues (#5807)
* adds permission checks for companies

* adds permission checks for depreciations

* adds permission check for all reports

* fixes permissions for departments

* fixes permission naming (edit -> update)

* fixes authorization checking wrong permission in API

The authorization was checking for the non-existent „edit“ method where it should have checked for the „update“ method.

* adds authorization checks for select2 lists

* adds missing authorization checks for api

* fixes user authorization check for creating users

* adds additional check viewing assets on showing a users assets

* Removes authorization checks for select2 lists

Reference: https://github.com/snipe/snipe-it/pull/5807#pullrequestreview-136018755
2018-07-12 18:28:02 -07:00
Jason 98b20fc1cd Added option to include model information on asset labels. (#5301)
* Added option to include model information on asset labels.

Cleaned up label page to fix skewed label alignment on last row per page.

* Changes made per Snipe's direction

changed type from tinyint to boolean in DB
changed labels back to initials
2018-07-12 18:23:12 -07:00
snipe 339263a295 Fixed #5751 - added option for unique constraint on serial 2018-07-05 19:30:36 -07:00
Juan Font 311f9fcefb Implemented method to get info on the current user of the API (#5722)
* Implemented method to get info on the current user of the API

* Move userinfo method to UsersController

* Added missing files
2018-07-02 20:35:10 -07:00
snipe d7dc4ae0c0 Added manager to custom report 2018-06-27 00:45:09 -07:00
snipe f8429ad357 Merge branch 'docker-fixes' of https://github.com/thelamer/snipe-it into thelamer-docker-fixes 2018-06-21 07:31:15 -07:00
Djamon Staal 32e3f748d8 Make version footer configurable. (#5730) 2018-06-21 07:12:16 -07:00
snipe 1a64879b65 Only allow remote user settings to be saved if the app is not in demo mode 2018-05-31 10:55:48 -07:00
snipe 8eb96efa13 Merge branch 'develop' 2018-05-16 19:38:23 -07:00
snipe e9973670ea Could should not be equal to 1 2018-05-16 19:38:02 -07:00
snipe ef8d2d06df Fixes #5519 - count() for php 7.2 2018-05-16 19:35:14 -07:00
snipe 0b5bb520a7 Merge branch 'develop'
# Conflicts:
#	config/version.php
2018-05-16 19:24:31 -07:00
lea-mink 233fb23cb8 Create asset maintenance - Added orange bar for required asset to edit view (#5520)
* Added orange bar for required asset to edit view

* disable redirection to asset maintenances view

* Update - disable redirection to asset maintenances view
2018-05-16 19:23:23 -07:00
snipe 4c656c0321
De-normalize new counters from 4.3.0 (#5547)
* Added de-norm counter migration for assets

* Renaming counter columns, since Eloquent has a magical *_count helper

* Added artisan command to sync counters (one-off)

* Update API to use de-normed fields

* Increment counters for checkin;/checkout

* Derp.

* Added request increment/decrementer

* Move increment for checkout to the Asset::checkout method

* Added “could take a while” message
2018-05-16 19:20:43 -07:00
snipe 4ba9792fbe Merge branch 'develop' 2018-05-09 15:29:59 -07:00
snipe 8ad5eb3e59 Fixed #5500 - present() on correct location value 2018-05-08 09:21:43 -07:00
snipe 3df8fa99f0 Merge branch 'develop' 2018-05-08 07:37:44 -07:00