Commit graph

82 commits

Author SHA1 Message Date
Daniel Meltzer 62dd474d44 Update dump with new migration. 2016-12-29 14:06:16 -05:00
Daniel Meltzer aa2d3cf026 The assets method was renamed to assignedAssets in User class. Adjust places to reflect that 2016-12-29 11:45:37 -05:00
Daniel Meltzer 06af9311fc Move sanitization of input to the model attribute setters. This cleans up a lot of checks in the various controller methods and ensures data will be set in the model accurately regardless of where it's set. Add unit tests for these methods (#3102) 2016-12-26 15:17:46 -08:00
Daniel Meltzer 61543f3a04 Add presenters for models. (#3098)
* Add presenters for models.  Move bootstrap table JSON generation to these presenters, which cleans up controllers a lot.  Move view specific modifications from the models to the presenters as well.

* Fix some issues found by travis and codacy

* Fix a few more issues found while testing.

* Attempt another acceptance test fix

* Try something else

* Maybe..
2016-12-23 17:52:00 -08:00
snipe 2fe984013b Fixes #3092 - user location not being exported correctly 2016-12-22 15:53:34 -08:00
Daniel Meltzer 323c3807fa Cleanup controller escaping (#3084)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.

* Extend Supplier phone/fax length.

This catches issues found in testing with a phone number with a five digit extension.  fex (356) 654-3024 x36632

Also move away from escaping all values put into eloquent.  Eloquent
already uses PDO parameter binding, and this was leading to names like
Mr Ryan O'Malley turning into an html escaped version of that name when
stored.  All values should be escaped when using {{}}, we'll just have
to be more cautious when we use {!!, but I think we already are?

* Remove additional escaping here, like we did in suppliers controller.

* No need to eager load all of these relationships when we can call the count on the querybuilder directly

* Work on controller cleanup

* Always start from scrach, catches more issues this way.

* Update sql dump.  Remove old code from permissions test.

* Generate a deletable item on demand in the test, rather than relying on one existing.  I think we should probably move to mock all the database stuff at some point..

* More travis related fixes

* Break script into multiple functional lines

* Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
2016-12-19 22:00:50 -08:00
Daniel Meltzer cd8c585377 Discussion: Moving to policies for controller based authorization (#3080)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
Daniel Meltzer ae2cb5fe68 Make delete routes work. (#3077)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.
2016-12-19 10:42:33 -08:00
snipe 9ea05bacf3 User resource routes 2016-12-15 20:52:39 -08:00
snipe aab0933856 Use url() helper over URL::to 2016-12-15 16:41:36 -08:00
snipe 863e200430 Hopefully fixes tons of PEBKAC where users have the wrong app.url 2016-12-14 08:20:05 -08:00
snipe 1543c03624 Removed stray foo 2016-11-11 20:09:07 -08:00
snipe 7667fca691 Fixes #2894 - set whether or not the user was originally a superuser 2016-11-11 19:48:39 -08:00
snipe 6400557901 Check if the edited users permissioms are superuser before edit 2016-10-31 19:37:24 -07:00
snipe 3dac20c20f Unset superadmin by non-superadmins on user create 2016-10-31 19:08:24 -07:00
snipe 429afc6b3f Only save user permissions if the user is a superadmin 2016-10-31 19:07:55 -07:00
snipe 8323ed27c2 Do not makes group editable if the user is not an admin
This fixes a bug where the field was (correctly) disabled if the editing user isn’t a superadmin, but because the field was disabled, it would clear the permission groups.
2016-10-31 18:57:35 -07:00
snipe a4ae3b0091 Show whether device is enabled and/or 2FA is active 2016-10-31 17:16:26 -07:00
snipe cbfcf959f9 Allow certain users to override 2FA with permission 2016-10-31 16:52:25 -07:00
snipe dce5afde78 Use config URL for links in user list 2016-10-29 07:33:33 -07:00
snipe fe041b66c6 Adds two-factor to users listing 2016-10-29 07:21:34 -07:00
snipe cea255995c Fixes #106 - adds Google Authenticator support (#2842)
* refactor to clean up LDAP login, and make the login method easier to handle.

* Login refactor cleanup

* Google 2FA package

* Adds Google Authenticator two-factor

* Removed unused blade

* Added optin setting in profile

* Removed dumb comments

* Made lock_passwords check more consistent

* Additional two factor strings

* Lock passwords check

* Display feature disabled text if in demo mode

* Two factor admin reset options

* Translation strings
2016-10-29 05:50:55 -07:00
snipe 3e701c6dd1 Fixes #2814 - adds job title to users listing display 2016-10-27 14:29:07 -07:00
snipe 85f3cc1762 Merge branch 'hotfixes/add_username_to_csv_export' into develop 2016-10-25 02:51:27 -07:00
snipe 1793461642 Added username, fixed duplicate company name 2016-10-25 02:50:23 -07:00
snipe d24c4b1152 Merge branch 'hotfixes/export_all_users' into develop 2016-10-25 02:42:20 -07:00
snipe 30f0f6f527 Export users to CSV
Bypasses the weird limit bug in the javascript
2016-10-25 02:41:34 -07:00
snipe b3329135df Merge branch 'develop' of github.com:snipe/snipe-it into develop 2016-10-12 12:50:35 -07:00
snipe 2350c1c15c Fixes #2352 2016-10-12 12:50:30 -07:00
Daniel Meltzer 2e0a7abbe9 Rework permissions view (#2756)
* Early layout work on a cleaner permissions interface

* Cleanup layout.  Make new permissions view work.  Still needs some css and javascript improvements.  Also need to do the same thing to the group view.

* Improve styling, add javascript to toggle an entire group of permissions if choosing the permission on the header row.  Would be nice to add collapsing of sections in the future.

* Toggle viewing sections.

* Special case places where we only have one item in a group to only display the item once.

* Filter getCreate the same way.
2016-10-12 12:06:28 -07:00
snipe b6cc7e7c14 Fixes bug where 12-hour fprmat for hours was used 2016-09-26 22:35:51 -07:00
Andrés Núñez 40f00665b3 Translate emails (#2652)
* commit temporal

* final translation commit -- added email translations

* final translation commit -- removed file for spanish translations

* final translation commit -- removed file for spanish translations

* added missing translations

* method overrided and config files back to default

* config files back to default

* config files back to default
2016-09-26 14:13:07 -07:00
snipe bd5e6d8551 Add reply-to config setting 2016-09-20 07:20:10 -07:00
Daniel Meltzer e86adccf19 Actionlog Class: Improvements and polymorphism (#2561)
* Save progress

* Create a new action_log table to replace asset_log.  Use Polymorphism to generalize class and targets.  Port everything I can find to use it.  Add a migration to port the asset_logs table to action_logs.

* Allow accepted_id to be nullable.

* Comment out the thread_id migration, because it b0rks on a new database with the move.  I'm unsure if the thread_id does anything...It doesn't seem to be used

* Clean up all old methods from Actionlog model.  Port everything to use new cleaner interface.

* Port the actionlog factory to fix travis.

* Adjust code to work on php5.  Also fix lurking adminlog call.

* Remove weird code

* Port the pave command.  Also fix dangling adminlog
2016-09-06 19:39:42 -07:00
snipe 39929c7d89 Better handling for deleted users 2016-08-02 04:23:13 -07:00
snipe 66ad0f1d4c Better fix for location LDAP sync 2016-08-02 03:50:08 -07:00
snipe 3b247ba31f Ignore location field if no value is passed 2016-08-02 03:45:03 -07:00
snipe 39450c1fe9 Eager load throttle query 2016-08-02 01:23:53 -07:00
snipe 8246a319a2 Fixes #2363 and #1097 2016-08-02 00:54:38 -07:00
snipe f31637adb4 Fixes #2346 2016-07-28 08:39:28 -07:00
snipe 14b0a6315f Pass users path to get_src 2016-07-28 05:49:41 -07:00
snipe 261d2f133b Only bcrypt temp passwords once for performance 2016-07-25 22:10:33 -07:00
snipe b2d958724b Removed commented code 2016-07-22 02:11:37 -07:00
snipe 92175eb700 Few more LDAP/AD tweaks 2016-07-14 23:49:32 -07:00
snipe 40b56cfad7 Removed unused variables 2016-07-13 07:24:54 -07:00
snipe 4233c781ac Reworked LDAP login. Fixes #2218
LDAP no longer fails completely when the connection settings are wrong, or when app key is messed up. Rather than auth as the admin user and search, we auth as the user themselves. Admin auth is only for LDAP sync now.

This should mean much fewer problems with donked LDAP settings and login.
2016-07-13 05:50:24 -07:00
snipe 4e38f96f97 Switched or and and to || and && for code quality 2016-07-10 20:55:44 -07:00
Daniel Meltzer ab3b9dcf5d Add a clone button the the user table. (#2241)
Also preserve permissions when cloning a user, instead of nulling them by default.
2016-07-10 18:43:10 -07:00
Daniel Meltzer b1c28d7965 Move checks back into methods instead of having an extra helper method. Also remove unnecessary lock_passwords checks because there is a check at the top of the method that does this already. 2016-06-28 00:11:59 -04:00
Daniel Meltzer cf29a4a319 Extract common data from UserController postCreate and postEdit into a helper method. Use this method to store data about user. Fixes #2200 2016-06-27 22:48:09 -04:00