Commit graph

1685 commits

Author SHA1 Message Date
snipe 7ccb41371e
Removed unoptimized images directive
securityheaders.com is claiming it’s onrecognized, even though I got that directive from their site, so… whatever. ¯\_(ツ)_/¯
2020-06-23 01:09:39 -07:00
snipe 2e60a457bf
Dumb fix for feature-policy being dumb. 2020-06-23 01:07:00 -07:00
snipe 00b051b8c7
Added a few more comments 2020-06-23 00:26:09 -07:00
snipe 05b3a9ad7e
Config variable for HSTS 2020-06-22 23:17:27 -07:00
snipe 4fb880384f
Changed comment 2020-06-22 22:37:14 -07:00
snipe 43042ad841
Consolidated ReferrerPolicy into new SecurityHeaders file 2020-06-22 22:35:59 -07:00
snipe a716382ac4
Removed CSP middleware (it’s added in the general header) 2020-06-22 22:33:37 -07:00
snipe 36c8f7f4f1
Additional security headers 2020-06-22 22:31:01 -07:00
snipe 2ac1c1636c
Better handle the logic to determine if we should display the license checkout blade 2020-06-16 16:12:57 -07:00
snipe a7eb89f6b6
Misc fixes for flysystem paths 2020-06-16 16:06:25 -07:00
snipe 262eb79471
WIP - this needs refactoring
We have to use Storage::get() if the filesystem is local, since the method does a file_get_contents() and the file isn’t accessible via a URL since it’s private and doesn’t live on the web root. (We do this slightly differently than Laravel out of the box)

Signed-off-by: snipe <snipe@snipe.net>
2020-05-28 01:59:01 -07:00
snipe 8ccc1c6515
Fixed weird merge in Bulk Users Controller
Signed-off-by: snipe <snipe@snipe.net>
2020-05-27 22:46:42 -07:00
snipe d54acd908c
Made logo file have a better name for multiple tries in the same day
Signed-off-by: snipe <snipe@snipe.net>
2020-05-27 02:31:04 -07:00
snipe dee1f5ec35
Merge pull request #8078 from dmeltzer/wrong-id
Fix incorrectly named parameter.
2020-05-26 19:51:38 -07:00
Daniel Meltzer b3fe47bfa7
Remove/Reorganize logic to make codacy happier. 2020-05-23 15:24:10 -04:00
Daniel Meltzer f0546bf689
Clean up Transformers and extract an isDeletable() method to models where it makes sense. 2020-05-23 15:24:10 -04:00
Daniel Meltzer 136df9418f
Deadcode-- 2020-05-23 15:24:10 -04:00
Daniel Meltzer 7ea862787c
Refactor controller to use one method that shows all modals based on name. 2020-05-23 15:24:00 -04:00
Daniel Meltzer 25d6ceee6e
Remove old code. 2020-05-23 12:18:27 -04:00
Daniel Meltzer fe74394ae6
Short circuit checkout logic to prevent iterating if we're not checking out to an asset 2020-05-23 11:48:02 -04:00
Daniel Meltzer c70bd62a0f
Missing includes. Fix by using the request object instead of facade. 2020-05-23 11:36:16 -04:00
Daniel Meltzer ad1db2c640
Fix incorrectly named parameter. 2020-05-23 10:26:56 -04:00
snipe f88683766b
Roll back previous change
Signed-off-by: snipe <snipe@snipe.net>
2020-05-14 00:55:47 -07:00
snipe e4385c0f8c
Fixes #8051 regression
Signed-off-by: snipe <snipe@snipe.net>
2020-05-14 00:48:30 -07:00
Daniel Meltzer a6f90cb3fc
Assorted licenses UI fixes while testing.
* Rename licenses route checkin parameter to clarify it's purpose and
fix incorrect route in users view page.
* Checkin note can be nullable for checking in a license.
* License Seat view was only showing 20 license seats due to faulty
transformer logic.
2020-05-12 14:38:21 -04:00
snipe 274f82893f
Regenerate session ID on logout
Signed-off-by: snipe <snipe@snipe.net>
2020-05-12 10:38:00 -07:00
snipe 0550fe0ffa
Fix for session fixation vulnerability
Signed-off-by: snipe <snipe@snipe.net>
2020-05-12 10:31:54 -07:00
snipe 730632e2eb
Apply PR #8043 to develop
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 22:57:55 -07:00
snipe 95cc48e422
Added option to disable backup in import
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 20:41:10 -07:00
snipe bb42109c0c
Added a clarifying comment
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 18:10:45 -07:00
snipe b9e821c0e6
Small fix for Group Functional Tests
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 18:07:14 -07:00
Johnson Yi c1c37d521c Allow downloading sp metadata without idp 2020-05-06 19:50:50 +10:00
Johnson Yi b2930d6069 Added #542: add saml authentication 2020-05-06 00:06:19 +10:00
snipe 85712a1960
Only override fieldset_id with custom_fieldset_id if it’s present
This is mostly to support prior versions. I have NFC why we did this in the first place. I’m sure I had a stellar reason, but couldn’t tell you what it is today.

Signed-off-by: snipe <snipe@snipe.net>
2020-04-30 20:59:42 -07:00
snipe e9cb17394c
Small validation fix on reset password
Signed-off-by: snipe <snipe@snipe.net>
2020-04-30 19:10:07 -07:00
snipe 8507bcd16b
Merge pull request #8008 from dmeltzer/component-checkinout-fixes
Component checkout/checkin fixes.
2020-04-30 17:49:22 -07:00
snipe b488cffc7e
Merge pull request #8006 from dmeltzer/api-test-fixes
Test fixes pt 2.
2020-04-30 17:46:25 -07:00
snipe 8bb3c01f78
Addressed merge issue for reset password for #7997
Signed-off-by: snipe <snipe@snipe.net>
2020-04-30 17:45:05 -07:00
snipe 82e02490fd
Removed duplicate update method (per #7997)
Signed-off-by: snipe <snipe@snipe.net>
2020-04-30 17:23:56 -07:00
Daniel Meltzer 68224757f4
Validate when editing the quantity of a component that the new quantity is > the amount checked out 2020-04-29 13:25:04 -04:00
Daniel Meltzer 358609720a
Component checkout/checkin fixes.
- Provide proper translated messages for checkin vs checkout
- Pass appropriate methods to the Checkout event, fixes an error on
checkin.
- Default to a value of 1 on checkin in UI to save a click sometimes.
2020-04-29 12:50:09 -04:00
Daniel Meltzer 1f8c3cc670
Test fixes. 2020-04-29 11:03:07 -04:00
Daniel Meltzer f8d18a8eb0
Revert asset-checkout-different validation.
This was causing issues when trying to check an item out to a user or a
location because of the way laravel handles validation.

Instead, rely on the exception check we had in the controller.  I moved
this exception up to the model checkout method so that it would work
for anywhere that that method was called, even if it avoided the
controller.
2020-04-29 10:59:00 -04:00
Daniel Meltzer 05187eb27f
Fix Functional Tests. 2020-04-28 11:39:53 -04:00
Daniel Meltzer c74b904f14
Fix Location parent different validation on new location creation. 2020-04-28 11:39:52 -04:00
snipe 412caebf69
Fixed logo uploads
Signed-off-by: snipe <snipe@snipe.net>
2020-04-27 23:22:52 -07:00
snipe 5bb4f271aa
Fixed #7987 - allow toggle of required/optional in custom fields/fieldsets
Signed-off-by: snipe <snipe@snipe.net>
2020-04-24 00:47:19 -07:00
snipe bea3a7b982
Fixed #7987 - allow toggle of required/optional in custom fields/fieldsets
Signed-off-by: snipe <snipe@snipe.net>
2020-04-24 00:39:32 -07:00
snipe f66ce02756
Added debugging logs
Signed-off-by: snipe <snipe@snipe.net>
2020-04-23 22:46:02 -07:00
snipe c7b300a50d
Updated LDAP sync controller to use new Adldap2 connections
Signed-off-by: snipe <snipe@snipe.net>
2020-04-23 22:45:44 -07:00
snipe cdd0e405be
Fixed weird merge
Signed-off-by: snipe <snipe@snipe.net>
2020-04-22 07:12:29 -07:00
snipe b725e788ec
Applied new selectlist search to locations
Signed-off-by: snipe <snipe@snipe.net>
2020-04-22 06:39:41 -07:00
snipe 69a1732245
Removed duplicate form request in asset models controller
Signed-off-by: snipe <snipe@snipe.net>
2020-04-22 03:51:10 -07:00
snipe 7e9e5214ef
Fixed status label create error
Signed-off-by: snipe <snipe@snipe.net>
2020-04-22 03:50:43 -07:00
snipe 7a33e335d4
Fixes PSR autoloading issue 2020-04-21 20:15:24 -07:00
snipe 29b05d2020
Fixed syntax error in image upload request from mangled merge 2020-04-21 06:29:57 -07:00
snipe c17106d1b3
Fixes for settings controller 2020-04-21 04:08:25 -07:00
snipe cb71bcc4af
Switch to old() helper 2020-04-21 03:58:31 -07:00
snipe 87464e6ec0
Merge branch 'develop' into integrations/2020-04-15-v5-merge
# Conflicts:
#	README.md
#	app/Http/Controllers/AccessoriesController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/LicensesController.php
#	app/Http/Controllers/Api/LocationsController.php
#	app/Http/Controllers/Api/SettingsController.php
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Auth/ForgotPasswordController.php
#	app/Http/Controllers/CategoriesController.php
#	app/Http/Controllers/CompaniesController.php
#	app/Http/Controllers/ComponentsController.php
#	app/Http/Controllers/ConsumablesController.php
#	app/Http/Controllers/CustomFieldsetsController.php
#	app/Http/Controllers/DepartmentsController.php
#	app/Http/Controllers/LicensesController.php
#	app/Http/Controllers/LocationsController.php
#	app/Http/Controllers/ManufacturersController.php
#	app/Http/Controllers/SettingsController.php
#	app/Http/Controllers/SuppliersController.php
#	app/Http/Controllers/UsersController.php
#	app/Http/Requests/AssetRequest.php
#	app/Http/Requests/ImageUploadRequest.php
#	app/Models/LicenseSeat.php
#	app/Models/Location.php
#	app/Models/Setting.php
#	composer.json
#	composer.lock
#	config/database.php
#	config/version.php
#	npm-shrinkwrap.json
#	package.json
#	public/css/AdminLTE.css
#	public/css/AdminLTE.css.map
#	public/css/overrides.css
#	public/css/overrides.css.map
#	public/css/skins/skin-blue-light.css
#	public/css/skins/skin-blue.css
#	public/css/skins/skin-green-dark.min.css
#	public/js/app.js
#	public/js/bootstrap-table.js
#	public/js/bootstrap/js/bootstrap.js
#	public/js/bootstrap/js/bootstrap.min.js
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/demo.js
#	public/js/ekko-lightbox.js
#	public/js/ekko-lightbox.min.js
#	public/js/extensions/export/bootstrap-table-export.js
#	public/js/extensions/multiple-sort/bootstrap-table-multiple-sort.js
#	public/js/extensions/multiple-sort/bootstrap-table-multiple-sort.min.js
#	public/js/extensions/toolbar/bootstrap-table-toolbar.min.js
#	public/js/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.js
#	public/js/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.min.js
#	public/js/plugins/timepicker/bootstrap-timepicker.js
#	public/js/plugins/timepicker/bootstrap-timepicker.min.js
#	public/js/vue.js
#	public/mix-manifest.json
#	resources/assets/js/bootstrap-js.js
#	resources/assets/js/bootstrap.min.js
#	resources/assets/js/ekko-lightbox.js
#	resources/assets/js/ekko-lightbox.min.js
#	resources/assets/js/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.js
#	resources/assets/js/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.min.js
#	resources/assets/js/plugins/chartjs/Chart.js
#	resources/assets/js/plugins/timepicker/bootstrap-timepicker.js
#	resources/assets/js/plugins/timepicker/bootstrap-timepicker.min.js
#	resources/assets/less/AdminLTE.less
#	resources/assets/less/overrides.less
#	resources/assets/less/skins/_all-skins.less
#	resources/assets/less/skins/skin-black.less
#	resources/assets/less/skins/skin-blue.less
#	resources/assets/less/skins/skin-green.less
#	resources/assets/less/skins/skin-purple.less
#	resources/assets/less/skins/skin-red.less
#	resources/assets/less/skins/skin-yellow.less
#	resources/assets/less/variables.less
#	resources/js/components/importer/importer-file.vue
#	resources/lang/en/auth/message.php
#	resources/lang/en/passwords.php
#	resources/lang/es-CO/general.php
#	resources/lang/es-ES/general.php
#	resources/lang/es-VE/general.php
#	resources/less/skins/skin-black-dark.less
#	resources/less/skins/skin-blue-dark.less
#	resources/less/skins/skin-contrast.less
#	resources/less/skins/skin-green-dark.less
#	resources/less/skins/skin-orange-dark.less
#	resources/less/skins/skin-orange.less
#	resources/less/skins/skin-purple-dark.less
#	resources/less/skins/skin-red-dark.less
#	resources/less/skins/skin-yellow-dark.less
#	resources/views/accessories/checkin.blade.php
#	resources/views/accessories/checkout.blade.php
#	resources/views/accessories/edit.blade.php
#	resources/views/account/profile.blade.php
#	resources/views/account/view-assets.blade.php
#	resources/views/asset_maintenances/edit.blade.php
#	resources/views/auth/passwords/email.blade.php
#	resources/views/auth/passwords/reset.blade.php
#	resources/views/categories/edit.blade.php
#	resources/views/companies/edit.blade.php
#	resources/views/components/checkin.blade.php
#	resources/views/components/checkout.blade.php
#	resources/views/components/edit.blade.php
#	resources/views/consumables/checkout.blade.php
#	resources/views/consumables/edit.blade.php
#	resources/views/custom_fields/fields/edit.blade.php
#	resources/views/custom_fields/fieldsets/edit.blade.php
#	resources/views/dashboard.blade.php
#	resources/views/departments/edit.blade.php
#	resources/views/groups/edit.blade.php
#	resources/views/hardware/audit.blade.php
#	resources/views/hardware/bulk-checkout.blade.php
#	resources/views/hardware/bulk.blade.php
#	resources/views/hardware/checkin.blade.php
#	resources/views/hardware/checkout.blade.php
#	resources/views/hardware/edit.blade.php
#	resources/views/hardware/index.blade.php
#	resources/views/hardware/quickscan.blade.php
#	resources/views/hardware/view.blade.php
#	resources/views/importer/import.blade.php
#	resources/views/layouts/basic.blade.php
#	resources/views/layouts/default.blade.php
#	resources/views/layouts/edit-form.blade.php
#	resources/views/licenses/checkin.blade.php
#	resources/views/licenses/checkout.blade.php
#	resources/views/licenses/edit.blade.php
#	resources/views/locations/edit.blade.php
#	resources/views/manufacturers/edit.blade.php
#	resources/views/modals/upload-file.blade.php
#	resources/views/models/bulk-edit.blade.php
#	resources/views/models/custom_fields_form.blade.php
#	resources/views/models/edit.blade.php
#	resources/views/partials/bootstrap-table.blade.php
#	resources/views/partials/forms/edit/address.blade.php
#	resources/views/partials/forms/edit/asset-select.blade.php
#	resources/views/partials/forms/edit/category-select.blade.php
#	resources/views/partials/forms/edit/category.blade.php
#	resources/views/partials/forms/edit/company-select.blade.php
#	resources/views/partials/forms/edit/company.blade.php
#	resources/views/partials/forms/edit/department-select.blade.php
#	resources/views/partials/forms/edit/depreciation.blade.php
#	resources/views/partials/forms/edit/email.blade.php
#	resources/views/partials/forms/edit/image-upload.blade.php
#	resources/views/partials/forms/edit/item_number.blade.php
#	resources/views/partials/forms/edit/location-profile-select.blade.php
#	resources/views/partials/forms/edit/location-select.blade.php
#	resources/views/partials/forms/edit/location.blade.php
#	resources/views/partials/forms/edit/maintenance_type.blade.php
#	resources/views/partials/forms/edit/manufacturer-select.blade.php
#	resources/views/partials/forms/edit/manufacturer.blade.php
#	resources/views/partials/forms/edit/minimum_quantity.blade.php
#	resources/views/partials/forms/edit/model-select.blade.php
#	resources/views/partials/forms/edit/model_number.blade.php
#	resources/views/partials/forms/edit/name.blade.php
#	resources/views/partials/forms/edit/notes.blade.php
#	resources/views/partials/forms/edit/order_number.blade.php
#	resources/views/partials/forms/edit/phone.blade.php
#	resources/views/partials/forms/edit/purchase_cost.blade.php
#	resources/views/partials/forms/edit/purchase_date.blade.php
#	resources/views/partials/forms/edit/quantity.blade.php
#	resources/views/partials/forms/edit/serial.blade.php
#	resources/views/partials/forms/edit/status.blade.php
#	resources/views/partials/forms/edit/submit.blade.php
#	resources/views/partials/forms/edit/supplier-select.blade.php
#	resources/views/partials/forms/edit/supplier.blade.php
#	resources/views/partials/forms/edit/user-select.blade.php
#	resources/views/reports/custom.blade.php
#	resources/views/settings/alerts.blade.php
#	resources/views/settings/asset_tags.blade.php
#	resources/views/settings/barcodes.blade.php
#	resources/views/settings/branding.blade.php
#	resources/views/settings/general.blade.php
#	resources/views/settings/labels.blade.php
#	resources/views/settings/ldap.blade.php
#	resources/views/settings/localization.blade.php
#	resources/views/settings/security.blade.php
#	resources/views/setup/user.blade.php
#	resources/views/suppliers/edit.blade.php
#	resources/views/users/bulk-edit.blade.php
#	resources/views/users/edit.blade.php
#	resources/views/users/ldap.blade.php
#	resources/views/users/print.blade.php
#	resources/views/users/view.blade.php
#	routes/api.php
#	routes/web/hardware.php
#	webpack.mix.js
2020-04-20 23:20:34 -07:00
snipe 197a84be94
Commented out rtd_location_id override - why did we do that? 2020-04-09 14:17:39 -07:00
snipe b4fa4c77d7
Check for rtd_location_id before trying to assign 2020-04-09 14:14:30 -07:00
snipe cfec142c3b
Better handle models without a fieldset in the asset request [RB 9935] 2020-04-09 11:18:54 -07:00
snipe f8a72db696
Changed LDAP 600 to 500, clearer error messages on LDAP test 2020-04-09 09:55:44 -07:00
snipe 206bd675f2
Pulled slack validation out of setting model validation so it doesn’t fail mysteriously on other pages 2020-04-08 15:07:02 -07:00
snipe a0f7fdc57a
Merge branch 'fixes/accessibility_fixes'
# Conflicts:
#	public/css/build/all.css
#	public/css/dist/all.css
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/assets/js/components/importer/importer-file.vue
2020-04-08 11:19:42 -07:00
snipe 79232fc434
Fixed #7947 - Added rtd_location_id to API search 2020-04-08 11:00:04 -07:00
snipe 0b3f511534
Fixed compact() errors 2020-04-07 17:26:56 -07:00
snipe 893944403e
Check for location_id being set before trying to set it on checkout via API 2020-04-06 15:54:40 -07:00
snipe d7873f257d Fixed CSP for importer 2020-04-06 14:18:45 -07:00
snipe e7c1418314 Fixed possible typo in CSP 2020-04-01 19:47:42 -07:00
snipe 4dcc1ffdbc More form labels 2020-04-01 02:22:24 -07:00
snipe 7d466f3584 Update user uploads for more data to work with recport 2020-04-01 02:22:16 -07:00
snipe 6174f9b93f Check that there is actually a filed ID submitted 2020-04-01 01:25:31 -07:00
snipe a467a6999e Use upload modal 2020-03-31 22:50:07 -07:00
snipe 6066c249d5 Moved gate to the top of the method 2020-03-06 16:01:13 -08:00
Ivan Nieto 025ea93f05
Fix for when a user with the correct permissions couldn't update Manufacturers. (#7882)
* Changed the ability name from 'edit' to 'update'. Changed the order of execution: first checks if the manufacturer exists, then checks permissions

* Handles the update method, that also has the ability parameter as edit instead of update"
q

* Revert "Handles the update method, that also has the ability parameter as edit instead of update""

This reverts commit d7dc0e451e.

* Handles the update method, that also has the ability parameter as 'edit' instead of 'update'
2020-03-06 15:59:51 -08:00
snipe 54fd8f81ff
Added permissions on user api (#7883)
* Add permissions to user edit API

* Add user permissions on user create/update API endpoint
2020-03-06 15:28:46 -08:00
snipe ca43554327
Fixes search by serial or tag even if they have slashes in them (#7879)
* Fixes search by serial or tag even if they have slashes in them

* Added support for url param byTag and bySerial

* Fixed typo comments

* Sojme additional comments to clarify use-cases

* Updated comments for clarity
2020-03-06 14:55:20 -08:00
snipe 039f5da0e1
Add image upload to user edit [ch10508] (#7877)
* Use correct Request include

* Updated to use additional form request

* Added SVG sanitizer

* Added response method to form request

* Allow ImageUploadRequest to accept fieldname params, added SVG sanitization, fixed delete

* Fixed upload path for avatars

* Added fieldname variable to blade partial for image upload

* Added enctype="multipart/form-data"  to form to allow uploads

* Added image field

* Updated Request::old() to use $request->old()

* Fixed derp in edit blade referring to $item when it should be $user

* Added svg+xml to image rule
2020-03-05 18:00:24 -08:00
snipe 8b2f8ef3cb Spelling is hard :( 2020-03-04 22:19:59 -08:00
snipe 15518852aa Added validation to reject email addresses over 250 characters 2020-03-04 22:08:07 -08:00
snipe dfb9e430fa Removed debug line 2020-02-11 22:09:37 -08:00
snipe c33970e3e3 Added timestamp to uploaded files so they are unique and don’t overwrite
Laravel 6 now does this automaically, so we should switch to their way
2020-02-11 20:19:59 -08:00
Godfrey Martinez 0e0fe967e4
BadMethodCallException Method update does [ch10544] (#7804) 2020-02-10 19:27:23 -08:00
snipe 2f0ed129f0 Use “invalid barcode” image and suppress errors when barcode format is wrong 2020-02-04 18:15:01 -08:00
Fabian Grutschus 5becb93e6c
Added: allow appending of domain name to username when user tries to login (#7790) 2020-02-04 12:47:49 -08:00
snipe 3361b859c0
Changes offset to use the actual item count as override instead of 0 (#7788) 2020-02-04 12:32:24 -08:00
snipe 89e2a3ae3c Fixed #7752 - reformat /api/v1/users/me to use transformer 2020-01-30 13:12:43 -08:00
snipe 5f85d8132b
Fix for weird JSON parsing in actionlogs (#7753)
* Fix for weird JSON parsing in actionlogs

* Removed debugging code

* Check for the meta array

(If no fields, no array)
2020-01-24 17:31:43 -08:00
snipe 56582614b6 Merge branch 'develop' of https://github.com/snipe/snipe-it into develop 2020-01-22 16:07:46 -08:00
Ivan Nieto 313cacdb71 Select Import File fails in Develop [ch10598] (#7718)
* Delete an unused import, then replace a deprecated facade with the needed one for uploading files

* Added the needed use for the Request Facade
2020-01-17 16:12:51 -08:00
Ivan Nieto 75bf8f3d58 Remove not existent variable 'id' in the redirect causing [ch10602] (#7732) 2020-01-17 16:12:24 -08:00
snipe 324da7c0c8 Include correct license, asset, etc count on user show API call 2019-12-19 18:09:53 -08:00
snipe 779fc6d195 Added license endpoint for users 2019-12-19 18:00:36 -08:00
snipe 159acf6788 Removed extra space 2019-12-19 17:47:50 -08:00
snipe 94ce8cad64 Make sure $user->item exists before trying to count on it 2019-12-11 14:43:46 -08:00
snipe 4d38c44a93 Fixed groups request 2019-12-11 11:26:58 -08:00
snipe c31e150935 Use $request->input over Request::get() 2019-12-11 11:09:54 -08:00
snipe a5b180a9c6 Fixed Call to a member function count() on null for location delete 2019-12-11 10:46:07 -08:00
snipe a8bbb951bc Use Request instead of Input 2019-12-10 22:05:49 -08:00
snipe df778cdb80 Include storage in use statements 2019-12-10 22:03:15 -08:00
snipe d7c51f1a2c Added Request to use statements 2019-12-10 20:39:29 -08:00
snipe 296de34e8a
WIP: Upgrade develop to Laravel 6.6.1 (#7637)
I'm going ahead and merging this, since the upgrade doesn't break Flysystem any worse than the current develop is broken, so far as I can tell. 


* Upgraded framework to Laravel 6

### TO DO:

- Fix password restriction rules- the old library isn’t compatible with Laravel 6 :(
- Figure out why in-app API calls are returning “Unauthorized”

* More updates from Input:: to Request:: helper

* Switch to Request:: from Input

* Added passport config

* Fixed goofy password minimum in seeder

* Added laravel/helpers

* Changed ($item)  to ($item->id) in forms

I have no idea why this is necessary

* Changed ($item) to ($item->id) in forms

* Updated API middleware to auth:api

* Updated with added laravel auth.php values

* FIxed *&!^$%^&$^%!!!! ajax issue

* Switch to Request::get from Input::get

* Switched to Request facade

* Added password security minimums back in

The package we were using has not been updated to Laravel v6, so I created custom validators instead

* Added language strings for error messages for password rules

* Fixed `($item)` issue in formActions for partials
2019-12-10 19:32:50 -08:00
snipe ff57f10e9f
Fix for searching on child location names (#7646)
* Fix for child locations

* Reverts temp changes to indenter
2019-12-06 13:14:10 -08:00
Ivan Nieto 9291e3ada3 Added a validation to Transformers/LocationsTransformer.php:transformLocations() in case location doesn't have children location (#7640) 2019-12-06 11:42:36 -08:00
Yorick Terweijden 2a6a381bc7 Return real Asset error (#7054) 2019-12-06 11:07:12 -08:00
Valentyn Tulub 6ad1f51673 Added #6489: show asset assignments under user assignments (#7293)
* Add a setting to show assets assigned to other assets #6489

* Update user's views to show assets assigned to other assets #6489

* Add ukrainian and russian translation for the feature #6489 in settings
2019-12-06 10:57:48 -08:00
herroworrd 3fbfb0c658 Add requestable to asset model api results (#7577)
Nice, thanks!
2019-12-06 10:33:06 -08:00
Lorenzo P 7225b53986 fix syntax error in CustomFieldsetsController::show() (#7595)
That someone was probably me :D Thanks for this, good catch!
2019-12-06 10:31:00 -08:00
snipe e71e57f16a
Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639)
* Added enshrined/svg-sanitize

* Added modular image resizing/SVG cleaning method

(This already exists in v5, so I mostly ported it forward and added the SVG sanitizer.)

* Use improved handleImages method to upload/resize/clean images

* Removed $old_image

This is handled in the ImageUpload request now
2019-12-05 22:23:05 -08:00
snipe ff8d98c97c
Update child assets to reflect asset parent location (#7458) 2019-12-04 16:19:25 -08:00
snipe 04cf8d7fbf Removed Helper reference since it’s autoloaded 2019-12-04 15:56:55 -08:00
snipe c635db0a76 Fixed upload parh for asset models 2019-12-04 15:23:49 -08:00
snipe 704c696711 Fixed parse error in settings controller 2019-12-04 14:54:36 -08:00
snipe 88cf456386
Adding Dept to license seats (#7609)
* Adding Dept to license seats

* Added query scope to order by department

* Make license seat department sortable

* Disable license seat internal search - this never actually worked
2019-11-21 22:03:56 -08:00
snipe 5065164c40 Bumped Carbon version 2019-11-21 13:14:18 -08:00
snipe 5290c47e2a Merge branch 'develop' into v5-master-develop-integration
# Conflicts:
#	.env.example
#	.travis.yml
#	Dockerfile
#	README.md
#	app/Console/Commands/LdapSync.php
#	app/Console/Kernel.php
#	app/Http/Controllers/AccessoriesController.php
#	app/Http/Controllers/Api/AccessoriesController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/LocationsController.php
#	app/Http/Controllers/Api/SettingsController.php
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Assets/AssetFilesController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/CategoriesController.php
#	app/Http/Controllers/CompaniesController.php
#	app/Http/Controllers/ComponentsController.php
#	app/Http/Controllers/ConsumablesController.php
#	app/Http/Controllers/DepartmentsController.php
#	app/Http/Controllers/LicensesController.php
#	app/Http/Controllers/LocationsController.php
#	app/Http/Controllers/ManufacturersController.php
#	app/Http/Controllers/ReportsController.php
#	app/Http/Controllers/SettingsController.php
#	app/Http/Controllers/SuppliersController.php
#	app/Http/Controllers/UsersController.php
#	app/Http/Middleware/EncryptCookies.php
#	app/Http/Requests/AssetRequest.php
#	app/Http/Transformers/AssetMaintenancesTransformer.php
#	app/Importer/AssetImporter.php
#	app/Models/AssetMaintenance.php
#	app/Models/Location.php
#	app/Models/User.php
#	composer.json
#	composer.lock
#	config/backup.php
#	config/database.php
#	config/version.php
#	public/mix-manifest.json
#	resources/lang/en-ID/general.php
#	resources/lang/vi/admin/settings/general.php
#	resources/views/accessories/edit.blade.php
#	resources/views/hardware/view.blade.php
#	resources/views/layouts/default.blade.php
#	tests/api/ApiCategoriesCest.php
2019-11-18 19:49:39 -08:00
snipe a73fd24695 Fix maintenances permissions check to allow users who can edit assets to edit maintenances 2019-11-08 17:02:17 -08:00
Marián Skrip 53eae6fbfd Fix issues with update permission naming (#7493)
This solves an issue when admin would be able to create and delete
categories but not edit them.
2019-10-28 11:44:48 -07:00
Alexandr Hacicheant a90149940a Update UsersController.php (#7528)
Returned missed bracket after merge master to develop
2019-10-28 11:43:29 -07:00
snipe 0769f585ea Disallow locations from being their own parents 2019-10-21 15:45:05 -07:00
snipe 22d2ad9248
Fixes nested location selectlist (#7483)
* Rename child locations method

* Use Ajax dropdown for locations selectlist for edit/create

* Removed locations database call on edit/create blades for faster loading

* Updated locations controller to use the new iterator

* Increase pagination on locations controller to 500

We’re already loading all of that data up beforehand anyway, so no point in keeping the query smaller.

* Fixed the else to make codacy happy

* Improve the design and performance of the nested location selectlist (#7484)

* Improve the design and performance of the nested location selectlist

* Fixed parse errors

* Removed debugging code/comments
2019-10-02 03:56:56 -07:00
snipe 6deb26fafe Remove unused variable 2019-09-30 19:37:52 -07:00
snipe c68c0e1208 Account for limit if none is passed in the request 2019-09-03 20:28:49 -07:00
snipe c256536d21 Math is hard 2019-09-03 14:29:58 -07:00
snipe b8f7cd81eb
Limit API request results per page (#7405) 2019-09-03 14:02:08 -07:00
Martin Berg 3dcef9aac9 Add support for custom remote user header (#7370) 2019-09-03 11:07:26 -07:00
Logan Swartzendruber 4c8b26f732 Implement #3088: Add "Generate Label" option to "Actions" dropdown menu in individual Asset Details view. (#7388)
* Implement #3088: Add "Generate Label" option to "Actions" dropdown menu in individual Asset Details view.

* Add conditional for including the asset number in the URL of the barcode image.

* Change case of variables to pass Codacy PR review standards.
2019-09-03 11:02:55 -07:00
Rick Heil 7b0b28aed0 Add #7393 - next_audit_date set on asset creation if an audit interval is configured in settings (#7394) 2019-09-03 10:58:51 -07:00
snipe 6d66d7e215 Removed withErrors on JSON response 2019-08-22 21:36:47 -07:00
snipe b5bf8e9a37 Smaller chunking for custom report, add max_execution_time 2019-08-15 06:14:25 -07:00
snipe da52511bf9 Use asset tags 2019-08-14 23:13:23 -07:00
snipe c5e6f06e9b Revert import history to master version to fix errors 2019-08-14 22:27:17 -07:00
snipe 6db915b7f0 Removed serialize duplicate 2019-08-14 22:22:50 -07:00
snipe 441ae69f5c
Integrations/develop into master (#7352)
* Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)

* Added upcoming audit report

TODO: Fid diff/threshold math

* Added route to list overdue / upcoming assets via API

* Controller/API methods for due/overdue audits

We could probably skip this and just handle it via view in the routes…

* Added query scopes for due and overdue audits

* Added audit due console command to kernel

* Added ability to pass audit specs to main API asset search method

* Added audit presenter

* Added bootstrap-tables presenter formatter to display an audit button

* Added gated sidenav items to left nav

* Added audit due/overdue blades

* Cleanup on audit due/overdue console command

* Added language strings for audit views

* Fixed :threshold placeholder

* Removed unused setting variable

* Fixed next audit date math

* Added scope for both overdue and upcoming

* Derp. Wrong version

* Bumped version

(I will release this version officially tomorrow)

* Leave the activated state for users alone in normal LDAP synchronisation. (#6988)

* Fixed #7003 - crash when warranty months or purchase date is null

* Fixed #6956 - viewKeys policy inconsistent  (#7009)

* Fixed #6956 - Added additional gates show showing/hiding license keys

* Modified gate to allow user to see licenses if they can create or edit the license as well

* Added API middleware to API routes to enable throttling

TODO: Figure out how to make this costumizable without touching the code

* Import locations from CSV via command line (#7021)

* Added import locations command

* Small fixes to location importer

* Added country, LDAP OU

* Cleaned up comments, added more clarification to what the script does

* Added ability to update groups via API

Fixes [ch9139]

* Bumped version

* Fixed #6883 - remove escaping of fields on LDAP import

* Fixed #6880 - correctly encrypt encrypted fields via the API

* Fixes #5054: LDAP users deactivated for none-ad (#7032)

When using none-AD ldap, users are automatically deactivated every LDAP
sync.  This commit changes the behaviour so that if the active flag isn't set,
the users are enabled.

Fixed #5054, at least for 4.X

* Updated packages

  - Updating erusev/parsedown (v1.7.2 => 1.7.3): Downloading (100%)
  - Updating squizlabs/php_codesniffer (3.4.1 => 3.4.2): Downloading (100%)
  - Updating symfony/polyfill-mbstring (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/var-dumper (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating league/flysystem (1.0.50 => 1.0.51): Downloading (100%)
  - Updating symfony/translation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating nesbot/carbon (1.36.2 => 1.37.1): Downloading (100%)
  - Updating symfony/debug (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/console (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/finder (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-ctype (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php70 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/http-foundation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/event-dispatcher (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/http-kernel (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/process (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/routing (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-util (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php56 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/psr-http-message-bridge (v1.1.1 => v1.1.2): Downloading (failed)
Downloading (100%)
  - Updating rollbar/rollbar (v1.7.5 => v1.8.1): Downloading (100%)
  - Updating symfony/yaml (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/browser-kit (v3.4.23 => v3.4.27): Downloading (100%)

* Fixed #7044 - API update deleted custom fields if they are not re-presented

* Fixed XSS vulnerability when creating a new categories, etc via modal on create

Same fix as before, because of the weird select2 post-parsing ajax behavior

* Updated email strings

* Fixed #7046 - added user website url back into UI

* Updated language strings

* Bumped version

* Updated packages

* New backups config for spatie

* Removed debugbar service provider (autodiscovery)

* Use laravel v5.5 withCount manual aliases

* Added spatie language files

* Removed old laravel backups config

This config file was renamed in a newer version of spatie laravel-backup

* Set the serialization

* Added the command loader to console kernel

* Renamed fire() to handle()

* Updated withCount to use manual naming

* Updated backup path in backup admin

* Updated travis with new php versions

* Bumped laravel version in readme

* Fixed custom field edit screen

* Fixed baseUrl is undefined error

I literally cannot figure out how this ever worked before.

* Fix for included files in backup

* Bumped version

* Switch has() to filled()

* Change ->has() to ->filled()

* Removed cosole log

* Bumped packages

* Use getReader instead of fetchAssoc for CSV parser

https://csv.thephpleague.com/9.0/upgrading/

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Trying to fix ajax asset validation

This I think gets us closer, but still not handling the validation on the asset properly.

When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:

```
Illuminate\Support\MessageBag Object
(
    [messages:protected] => Array
        (
            [name] => Array
                (
                    [0] => The name field is required.
                )

            [seats] => Array
                (
                    [0] => The seats field is required.
                )

            [category_id] => Array
                (
                    [0] => The category id field is required.
                )

        )

    [format:protected] => :message
)
```

Currently the Assets ajax returns:

```
[2019-05-24 06:52:06] develop.ERROR: array (
  'messages' =>
  array (
    'model_id' =>
    array (
      0 => 'The model id field is required.',
    ),
    'status_id' =>
    array (
      0 => 'The status id field is required.',
    ),
    'asset_tag' =>
    array (
      0 => 'The asset tag field is required.',
    ),
  ),
)
```

So not sure why it’s not working.

* Fixed missing asset validation

* Check that a model exists before trying to fiddle with fieldsets

* Tidied up license check

* Removed extra escaping on checkin

* Updated importer to work with newer CSV Reader::getRecords() method

* Fixed field mapping

* Small fix for reordering fields

Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151]

This needs revisiting for a more solid fix, especially for data that was already entered bad.

* Fixed bug where sorting by company name in Users API did not work

Fixes [ch9200]

* Removed custom fields from AssignedSearch to prevent confusing data in selectlist

Fixes [ch9193]

* Removed alert-danger from tests

* Fixed missed consumables_count withCount() statement

* Fixed Undefined variable user in $backto if checked out to a non-user

Fixes [ch9194]

* Check for valid model before attempting to access fieldsets

Fixes [ch1249]

* Only build the log upload destination path if there is a matching record

Fixes [ch1232]

* Fixed free_seats_count variable name

(I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables)

* Only gtry to delete the file if a record is found in the log

* Only try to get fieldset if model is valid

* Fixed more camel-casing -> snake-casing

* Only display the file if the log record can be found

* Fixed casing in sync command

* Updated README

* Derp - typo

* Added link to Atlassian plugin

* More Atlassian clarifications

* Show accessory image on view page

* Increased image size to 800px, added lightboxes

* Fixed #7083 - Removed user_exists constraint on department save

If the user has been deleted, this prevented the department from being successfully saved on edit

* Updated branch in version file

* Dockerfile update to bring us up to php v7.1 for Laravel 5.5 (#7084)

* bump up to php7.1

& change deprecated MAINTAINER to a LABEL so it is visible with `docker inspect`

* AND modapache ><

* 2 updates required to get software-properties+ppa

* Bumped version

* Bumped release again :(

* Missed one

* Fixed #7098 - updated backup config for deleteFile() method

* Fixed #7092 -  handle weird port forwarding/port numbers for baseUrl

* Bumped version

* Fixed #7099 - set email to null by default for backup notifications

* Removed old comments

* Fixed #7100 - Check if $user isset on checkin

* Increased throttle to 120 requests per minute

* Added Filipino, corrected order for Spanish variations

* Update language strings

* Bumped hash

* Changed has to filled to fix bulk asset editing

* Bumped point version

* Small fixes for phpleague CSB reader v9

* Improved error checking in locations importer

* Fixed #7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility

* Reduce minimum group name length to 2 (from 3)

eg: IT

* Back in time fix FOR #7145 for new installs on MySQL 8+

* Fixed permission insert

//TODO

Handle this via model

* Possible fix for reporting/admin migration back in time

* Fixed #7164 - change table name to permission_groups

* Fixed LDAP password blanking on save

* fixing previous commit's actual wiping of password (#7183)

replaced Input::fille('ldap_pword') with _filled_.   Should be good to go.  

https://github.com/snipe/snipe-it/issues/7179

https://github.com/snipe/snipe-it/issues/7169

* Bumped version

* Downgrading rollbar for Laravel 5.5

* Spelling Correction (#7206)

Fixed Spelling for the word reqrite, to be rewrite.

* Fix #6910: Add logic to manipulate the eloquent query. (#7006)

* Added company_id to consumables_users table

* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users

* Remove a migration that tries to fix this problem, but is not longer necessary

* Addresses #7238 - add PWA code to layout

Needs additional UX testing

* Better log message for bad LDAP connection

* Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed

* Comment clarification on #7186

* Check for valid seat on hardware view

* Added space between footer and custom message

* Cap warranty months to three characters

Filles rollbar 209

* Cap warranty months to 3 on the frontend blade

* Fixed countable() strings on user destroy

* Check that the user has assets and that the aset model is valid

* Bumped hash

* Caps asset warranty to 20 years

* Command to fix custom field unicode conversion differences between PHP versions (#7263)

* Fixes #7252 form request changes (#7272)

* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests

* Removed debug info

* More fixes for #7252

This is mostly working as intended, if not yet the way Laravel wants us to do it.

Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.

* Removed experimental method

* Check for digits_between:0,240 for warranty

* Removed debug code

* Apply fix from PR #7273 to master

* Bumped hash

* Fixed #7250 - permission issue for API fieldsets and fields endpoints

This applies the change from #7294 to master

* Add @mskrip as a contributor

* Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name

* CORS for api (#7292)

* Added CORS support to API

* Changed order so CORS will still work if throttle hit

* Added APP_CORS_ALLOWED_ORIGINS env option

* Fixed typo

* Clarified header comments

* More clarification

* DIsable CORS allowed origins by default to replicate existing behavior

* Change variable name to be clearer

* Bumped version

* Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317)

* Added comments to the ByFilter query scope for clarity

* Added accessories checkout/checkin API endpoint

* Fixed CVE-2019-10742

https://nvd.nist.gov/vuln/detail/CVE-2019-10742

* Update README.md (#7334)

Add reference to CSV importer.

* Group related variables in .env

* History importer fixes

* Fixes to history importer
2019-08-14 21:48:14 -07:00
snipe 8b4a9aa382 Fixes to history importer 2019-08-13 18:15:42 -07:00
snipe 99cd552d5c History importer fixes 2019-08-13 18:00:21 -07:00
snipe e7b0ee2539 Added accessories checkout/checkin API endpoint 2019-08-02 15:08:26 -07:00
snipe 3dc2cc9f22
CORS for api (#7292)
* Added CORS support to API

* Changed order so CORS will still work if throttle hit

* Added APP_CORS_ALLOWED_ORIGINS env option

* Fixed typo

* Clarified header comments

* More clarification

* DIsable CORS allowed origins by default to replicate existing behavior

* Change variable name to be clearer
2019-07-26 12:38:31 -07:00
snipe ab86e42b2e Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name 2019-07-26 12:37:38 -07:00
snipe 250a797339 Fixed #7250 - permission issue for API fieldsets and fields endpoints
This applies the change from #7294 to master
2019-07-24 11:00:42 -07:00
Marián Skrip 8a1f6b74e8 Fix permission issue for API fieldsets and fields endpoints (#7294)
Close snipe/snipe-it#7250
2019-07-24 10:57:09 -07:00
snipe 55ee90b25d
Fixes #7252 form request changes (#7272)
* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests

* Removed debug info

* More fixes for #7252

This is mostly working as intended, if not yet the way Laravel wants us to do it.

Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.

* Removed experimental method

* Check for digits_between:0,240 for warranty

* Removed debug code
2019-07-18 14:32:23 -07:00
snipe 444e250609 Fixed countable() strings on user destroy 2019-07-17 17:51:13 -07:00
snipe b4b6d6b571 Comment clarification on #7186 2019-07-15 15:31:09 -07:00
snipe 8c73a47afb Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed 2019-07-15 15:27:02 -07:00
snipe f82ffe378c Merge branch 'master' of https://github.com/snipe/snipe-it 2019-07-15 14:11:18 -07:00
snipe 984c2a8fd4 Better log message for bad LDAP connection 2019-07-15 14:10:57 -07:00
Ivan Nieto d409be6d43 Fix #6910: Add logic to manipulate the eloquent query. (#7006)
* Added company_id to consumables_users table

* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users

* Remove a migration that tries to fix this problem, but is not longer necessary
2019-07-15 13:02:44 -07:00
Kasey 03a4512406 fixing previous commit's actual wiping of password (#7183)
replaced Input::fille('ldap_pword') with _filled_.   Should be good to go.  

https://github.com/snipe/snipe-it/issues/7179

https://github.com/snipe/snipe-it/issues/7169
2019-06-19 14:21:53 -07:00