Commit graph

277 commits

Author SHA1 Message Date
snipe 441ae69f5c
Integrations/develop into master (#7352)
* Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)

* Added upcoming audit report

TODO: Fid diff/threshold math

* Added route to list overdue / upcoming assets via API

* Controller/API methods for due/overdue audits

We could probably skip this and just handle it via view in the routes…

* Added query scopes for due and overdue audits

* Added audit due console command to kernel

* Added ability to pass audit specs to main API asset search method

* Added audit presenter

* Added bootstrap-tables presenter formatter to display an audit button

* Added gated sidenav items to left nav

* Added audit due/overdue blades

* Cleanup on audit due/overdue console command

* Added language strings for audit views

* Fixed :threshold placeholder

* Removed unused setting variable

* Fixed next audit date math

* Added scope for both overdue and upcoming

* Derp. Wrong version

* Bumped version

(I will release this version officially tomorrow)

* Leave the activated state for users alone in normal LDAP synchronisation. (#6988)

* Fixed #7003 - crash when warranty months or purchase date is null

* Fixed #6956 - viewKeys policy inconsistent  (#7009)

* Fixed #6956 - Added additional gates show showing/hiding license keys

* Modified gate to allow user to see licenses if they can create or edit the license as well

* Added API middleware to API routes to enable throttling

TODO: Figure out how to make this costumizable without touching the code

* Import locations from CSV via command line (#7021)

* Added import locations command

* Small fixes to location importer

* Added country, LDAP OU

* Cleaned up comments, added more clarification to what the script does

* Added ability to update groups via API

Fixes [ch9139]

* Bumped version

* Fixed #6883 - remove escaping of fields on LDAP import

* Fixed #6880 - correctly encrypt encrypted fields via the API

* Fixes #5054: LDAP users deactivated for none-ad (#7032)

When using none-AD ldap, users are automatically deactivated every LDAP
sync.  This commit changes the behaviour so that if the active flag isn't set,
the users are enabled.

Fixed #5054, at least for 4.X

* Updated packages

  - Updating erusev/parsedown (v1.7.2 => 1.7.3): Downloading (100%)
  - Updating squizlabs/php_codesniffer (3.4.1 => 3.4.2): Downloading (100%)
  - Updating symfony/polyfill-mbstring (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/var-dumper (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating league/flysystem (1.0.50 => 1.0.51): Downloading (100%)
  - Updating symfony/translation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating nesbot/carbon (1.36.2 => 1.37.1): Downloading (100%)
  - Updating symfony/debug (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/console (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/finder (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-ctype (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php70 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/http-foundation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/event-dispatcher (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/http-kernel (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/process (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/routing (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-util (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php56 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/psr-http-message-bridge (v1.1.1 => v1.1.2): Downloading (failed)
Downloading (100%)
  - Updating rollbar/rollbar (v1.7.5 => v1.8.1): Downloading (100%)
  - Updating symfony/yaml (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/browser-kit (v3.4.23 => v3.4.27): Downloading (100%)

* Fixed #7044 - API update deleted custom fields if they are not re-presented

* Fixed XSS vulnerability when creating a new categories, etc via modal on create

Same fix as before, because of the weird select2 post-parsing ajax behavior

* Updated email strings

* Fixed #7046 - added user website url back into UI

* Updated language strings

* Bumped version

* Updated packages

* New backups config for spatie

* Removed debugbar service provider (autodiscovery)

* Use laravel v5.5 withCount manual aliases

* Added spatie language files

* Removed old laravel backups config

This config file was renamed in a newer version of spatie laravel-backup

* Set the serialization

* Added the command loader to console kernel

* Renamed fire() to handle()

* Updated withCount to use manual naming

* Updated backup path in backup admin

* Updated travis with new php versions

* Bumped laravel version in readme

* Fixed custom field edit screen

* Fixed baseUrl is undefined error

I literally cannot figure out how this ever worked before.

* Fix for included files in backup

* Bumped version

* Switch has() to filled()

* Change ->has() to ->filled()

* Removed cosole log

* Bumped packages

* Use getReader instead of fetchAssoc for CSV parser

https://csv.thephpleague.com/9.0/upgrading/

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Trying to fix ajax asset validation

This I think gets us closer, but still not handling the validation on the asset properly.

When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:

```
Illuminate\Support\MessageBag Object
(
    [messages:protected] => Array
        (
            [name] => Array
                (
                    [0] => The name field is required.
                )

            [seats] => Array
                (
                    [0] => The seats field is required.
                )

            [category_id] => Array
                (
                    [0] => The category id field is required.
                )

        )

    [format:protected] => :message
)
```

Currently the Assets ajax returns:

```
[2019-05-24 06:52:06] develop.ERROR: array (
  'messages' =>
  array (
    'model_id' =>
    array (
      0 => 'The model id field is required.',
    ),
    'status_id' =>
    array (
      0 => 'The status id field is required.',
    ),
    'asset_tag' =>
    array (
      0 => 'The asset tag field is required.',
    ),
  ),
)
```

So not sure why it’s not working.

* Fixed missing asset validation

* Check that a model exists before trying to fiddle with fieldsets

* Tidied up license check

* Removed extra escaping on checkin

* Updated importer to work with newer CSV Reader::getRecords() method

* Fixed field mapping

* Small fix for reordering fields

Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151]

This needs revisiting for a more solid fix, especially for data that was already entered bad.

* Fixed bug where sorting by company name in Users API did not work

Fixes [ch9200]

* Removed custom fields from AssignedSearch to prevent confusing data in selectlist

Fixes [ch9193]

* Removed alert-danger from tests

* Fixed missed consumables_count withCount() statement

* Fixed Undefined variable user in $backto if checked out to a non-user

Fixes [ch9194]

* Check for valid model before attempting to access fieldsets

Fixes [ch1249]

* Only build the log upload destination path if there is a matching record

Fixes [ch1232]

* Fixed free_seats_count variable name

(I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables)

* Only gtry to delete the file if a record is found in the log

* Only try to get fieldset if model is valid

* Fixed more camel-casing -> snake-casing

* Only display the file if the log record can be found

* Fixed casing in sync command

* Updated README

* Derp - typo

* Added link to Atlassian plugin

* More Atlassian clarifications

* Show accessory image on view page

* Increased image size to 800px, added lightboxes

* Fixed #7083 - Removed user_exists constraint on department save

If the user has been deleted, this prevented the department from being successfully saved on edit

* Updated branch in version file

* Dockerfile update to bring us up to php v7.1 for Laravel 5.5 (#7084)

* bump up to php7.1

& change deprecated MAINTAINER to a LABEL so it is visible with `docker inspect`

* AND modapache ><

* 2 updates required to get software-properties+ppa

* Bumped version

* Bumped release again :(

* Missed one

* Fixed #7098 - updated backup config for deleteFile() method

* Fixed #7092 -  handle weird port forwarding/port numbers for baseUrl

* Bumped version

* Fixed #7099 - set email to null by default for backup notifications

* Removed old comments

* Fixed #7100 - Check if $user isset on checkin

* Increased throttle to 120 requests per minute

* Added Filipino, corrected order for Spanish variations

* Update language strings

* Bumped hash

* Changed has to filled to fix bulk asset editing

* Bumped point version

* Small fixes for phpleague CSB reader v9

* Improved error checking in locations importer

* Fixed #7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility

* Reduce minimum group name length to 2 (from 3)

eg: IT

* Back in time fix FOR #7145 for new installs on MySQL 8+

* Fixed permission insert

//TODO

Handle this via model

* Possible fix for reporting/admin migration back in time

* Fixed #7164 - change table name to permission_groups

* Fixed LDAP password blanking on save

* fixing previous commit's actual wiping of password (#7183)

replaced Input::fille('ldap_pword') with _filled_.   Should be good to go.  

https://github.com/snipe/snipe-it/issues/7179

https://github.com/snipe/snipe-it/issues/7169

* Bumped version

* Downgrading rollbar for Laravel 5.5

* Spelling Correction (#7206)

Fixed Spelling for the word reqrite, to be rewrite.

* Fix #6910: Add logic to manipulate the eloquent query. (#7006)

* Added company_id to consumables_users table

* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users

* Remove a migration that tries to fix this problem, but is not longer necessary

* Addresses #7238 - add PWA code to layout

Needs additional UX testing

* Better log message for bad LDAP connection

* Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed

* Comment clarification on #7186

* Check for valid seat on hardware view

* Added space between footer and custom message

* Cap warranty months to three characters

Filles rollbar 209

* Cap warranty months to 3 on the frontend blade

* Fixed countable() strings on user destroy

* Check that the user has assets and that the aset model is valid

* Bumped hash

* Caps asset warranty to 20 years

* Command to fix custom field unicode conversion differences between PHP versions (#7263)

* Fixes #7252 form request changes (#7272)

* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests

* Removed debug info

* More fixes for #7252

This is mostly working as intended, if not yet the way Laravel wants us to do it.

Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.

* Removed experimental method

* Check for digits_between:0,240 for warranty

* Removed debug code

* Apply fix from PR #7273 to master

* Bumped hash

* Fixed #7250 - permission issue for API fieldsets and fields endpoints

This applies the change from #7294 to master

* Add @mskrip as a contributor

* Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name

* CORS for api (#7292)

* Added CORS support to API

* Changed order so CORS will still work if throttle hit

* Added APP_CORS_ALLOWED_ORIGINS env option

* Fixed typo

* Clarified header comments

* More clarification

* DIsable CORS allowed origins by default to replicate existing behavior

* Change variable name to be clearer

* Bumped version

* Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317)

* Added comments to the ByFilter query scope for clarity

* Added accessories checkout/checkin API endpoint

* Fixed CVE-2019-10742

https://nvd.nist.gov/vuln/detail/CVE-2019-10742

* Update README.md (#7334)

Add reference to CSV importer.

* Group related variables in .env

* History importer fixes

* Fixes to history importer
2019-08-14 21:48:14 -07:00
snipe ab86e42b2e Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name 2019-07-26 12:37:38 -07:00
snipe d5c3ee5ed0 Only try to get fieldset if model is valid 2019-05-24 15:44:54 -07:00
snipe 2d036c64e9 Change ->has() to ->filled() 2019-05-23 17:39:50 -07:00
snipe 4be8ba9f17 Updated withCount to use manual naming 2019-05-22 00:52:51 -07:00
snipe 0358d13ddb Fixed #7044 - API update deleted custom fields if they are not re-presented 2019-05-20 11:49:18 -07:00
snipe 9eb7b668d1 Fixed #6880 - correctly encrypt encrypted fields via the API 2019-05-15 19:33:30 -07:00
Ivan Nieto e40a5a70a5 RTF support added (#7024)
* Added the Gatte Facade to AssetsController

* Added the filetype RTF in the modal to upload files

* Added validation of RTF files
2019-05-15 15:47:40 -07:00
snipe 407445456a Merge branch 'features/6204_email_audit-alerts' into develop
# Conflicts:
#	app/Console/Commands/LdapSync.php
#	app/Console/Kernel.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/LicensesController.php
#	composer.json
#	composer.lock
#	config/version.php
#	resources/views/auth/two_factor_enroll.blade.php
2019-05-06 08:45:13 -04:00
snipe e5c2d77c7d
Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)
* Added upcoming audit report

TODO: Fid diff/threshold math

* Added route to list overdue / upcoming assets via API

* Controller/API methods for due/overdue audits

We could probably skip this and just handle it via view in the routes…

* Added query scopes for due and overdue audits

* Added audit due console command to kernel

* Added ability to pass audit specs to main API asset search method

* Added audit presenter

* Added bootstrap-tables presenter formatter to display an audit button

* Added gated sidenav items to left nav

* Added audit due/overdue blades

* Cleanup on audit due/overdue console command

* Added language strings for audit views

* Fixed :threshold placeholder

* Removed unused setting variable

* Fixed next audit date math

* Added scope for both overdue and upcoming

* Derp. Wrong version

* Bumped version

(I will release this version officially tomorrow)
2019-05-05 22:32:52 -04:00
snipe e4a298ca2a Added scope for both overdue and upcoming 2019-05-05 22:13:30 -04:00
snipe 0f0ffd39a8 Added ability to pass audit specs to main API asset search method 2019-05-05 19:19:56 -04:00
Marián Skrip 8d63533205 Add write-only image_source field for asset create/edit API endpoint (#6146)
`image_source` should contain base64 encoded image data with mime-type.
2019-03-13 21:00:40 -07:00
Ivan Nieto 8c65214b1f Ignore the soft deleted assets in the eloquent query (#6824) 2019-03-13 20:14:30 -07:00
Martin Meredith e3e0d57f56 Minor code cleanup bits and bobs (#6805)
* Add IDE Helper files

* Cleanup imports

- Alphabetises imports
- Removes unused imports

* Add Platform requirements

* Move filling asset into block where asset exists

* Remove duplicate array keys
2019-03-13 20:12:03 -07:00
snipe 0242b3ec74 Handled JS cookie offset issue on the server side
We may want to handle this via the blades instead, as I’m not sure if API users will run into weirdness here.
2019-02-14 15:01:34 -08:00
snipe b26fbf986f Fixed issue where offset could be greater than total items, resulting in “No results” confusion 2019-02-14 14:49:08 -08:00
snipe cd333fa93b Fixed wonky merge :( 2019-02-13 06:52:36 -08:00
snipe 533649f24e Merge branch 'develop' into dev-master-integration
# Conflicts:
#	.gitignore
#	.travis.yml
#	app/Console/Commands/LdapSync.php
#	app/Console/Commands/SendExpectedCheckinAlerts.php
#	app/Console/Commands/SendExpirationAlerts.php
#	app/Console/Commands/SendInventoryAlerts.php
#	app/Console/Kernel.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/ManufacturersController.php
#	app/Http/Controllers/Api/StatuslabelsController.php
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Controllers/AssetMaintenancesController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Auth/ForgotPasswordController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/Auth/ResetPasswordController.php
#	app/Http/Controllers/ReportsController.php
#	app/Http/Controllers/SettingsController.php
#	app/Http/Controllers/UsersController.php
#	app/Http/Transformers/AssetMaintenancesTransformer.php
#	app/Importer/Importer.php
#	app/Importer/ItemImporter.php
#	app/Importer/UserImporter.php
#	app/Importer/import_mappings.md
#	app/Models/Ldap.php
#	app/Models/License.php
#	app/Models/Location.php
#	app/Models/Recipients/AlertRecipient.php
#	app/Models/User.php
#	app/Providers/AppServiceProvider.php
#	composer.json
#	composer.lock
#	config/trustedproxy.php
#	config/version.php
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/assets/js/components/importer/importer-file.vue
#	resources/lang/ar/admin/settings/general.php
#	resources/lang/bg/admin/settings/general.php
#	resources/lang/en-ID/admin/settings/general.php
#	resources/lang/en-ID/passwords.php
#	resources/lang/en/passwords.php
#	resources/lang/es-CO/passwords.php
#	resources/lang/es-ES/passwords.php
#	resources/lang/es-MX/passwords.php
#	resources/lang/es-VE/passwords.php
#	resources/lang/fi/admin/settings/general.php
#	resources/lang/id/admin/settings/general.php
#	resources/lang/id/passwords.php
#	resources/lang/ja/passwords.php
#	resources/lang/nl/passwords.php
#	resources/lang/pl/admin/settings/general.php
#	resources/lang/pl/passwords.php
#	resources/lang/pt-BR/admin/settings/general.php
#	resources/lang/pt-BR/passwords.php
#	resources/lang/ru/admin/settings/general.php
#	resources/lang/ru/admin/statuslabels/table.php
#	resources/lang/ru/passwords.php
#	resources/lang/sr-CS/general.php
#	resources/lang/sr-CS/mail.php
#	resources/lang/sv-SE/admin/settings/general.php
#	resources/lang/tr/admin/settings/general.php
#	resources/lang/tr/passwords.php
#	resources/lang/vi/admin/models/message.php
#	resources/lang/vi/admin/users/general.php
#	resources/lang/zh-CN/admin/settings/general.php
#	resources/views/importer/import.blade.php
#	resources/views/partials/bootstrap-table.blade.php
#	resources/views/partials/forms/edit/image-upload.blade.php
#	resources/views/users/edit.blade.php
#	resources/views/users/view.blade.php
#	tests/unit/ImporterTest.php
2019-02-13 06:42:52 -08:00
snipe f1fa5bdaa9 Fixed (develop) #6704 - don’t apply gate to $arrays collection, just check that they can view assets 2019-02-13 04:56:13 -08:00
snipe aa1e06f021 One more time…. Fixed #6704 - don’t apply gate to $arrays collection, just check that they can view assets 2019-02-13 04:46:19 -08:00
snipe 30b1cfabf5 Fixed dumb formatting 2019-02-13 04:45:21 -08:00
snipe e75d22ab73 Revert "Fixed #6704 - don’t apply gate to $arrays collection, just check that they can view assets"
This reverts commit b1e17743b8.
2019-02-13 04:44:19 -08:00
snipe b1e17743b8 Fixed #6704 - don’t apply gate to $arrays collection, just check that they can view assets 2019-02-13 04:35:55 -08:00
snipe b317fb8d83 Fixed #6367 - pass table name and column_id to scopeCompanyables 2019-02-13 01:29:53 -08:00
snipe e2c0f01a10 Fixed #6367 - pass table name and column_id to scopeCompanyables
Solves error: Integrity constraint violation: 1052 Column 'company_id' in where clause is ambiguous
2019-02-13 01:26:11 -08:00
snipe 8e358faebc Fixed #6113 - use $asset->fill vs filled() to allow blanking values via API 2019-02-12 22:15:32 -08:00
snipe 90cddb7aee
Fixed #6113 - use $asset->fill vs filled() to allow blanking values via API (#6693)
Need to confirm that re-enabling `\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,` won’t mangle anything. I know we ran into some issues when testing a long time ago, but not sure those issues apply anymore, and I can’t remember what they were.
2019-02-12 22:08:38 -08:00
snipe 4fe63d2966 Fixed #6633 - return 200 status code on asset API 2019-02-04 18:59:49 -08:00
snipe 971fcf5800 Fixed #6633 - return 200 status code 2019-02-04 18:58:28 -08:00
snipe d1fe7abb18 Replaced custom deleted query scopes with onlyTrashed() 2019-01-24 14:47:44 -08:00
bricelabelle 5281713fd9 Added #6617: View licenses checked out to an asset with the hardware API (#6621) 2019-01-22 14:47:40 -08:00
snipe 79367642b1
[WIP] Added #5957 - Flysystem support (#6262)
* Added AWS url to example env

* Upgrader - added check for new storage path and attempt to move

* Ignore symlink

* Updated paths for models

* Moved copy methods

* Added AWS_URL support

For some reasin, Flysystem was generating the wrong AWS url (with a region included)

* Switch to Flysystem for image uploads

* Nicer display of image preview

* Updated image preview on edit blades to use Flysystem

* Twiddled some more paths

* Working filesystems config

* Updated Asset Models and Departments to use Flysystem

* Janky workaround for differing S3/local urls/paths

* Try to smartly use S3 as public disk if S3 is configured

* Use public disk Storage options for public files

* Additional transformer edits for Flysystem

* Removed debugging

* Added missing use Storage directive

* Updated seeders to use Flysystem

* Default logo

* Set a default width

We can potentially override this in settings later

* Use Flysystem for logo upload

* Update downloadFile to use Flysystem

* Updated AssetFilesController to use Flysystem

* Updated acceptance signatures to use Flysystem

* Updated signature view to use Flysystem

This isn’t working 100% yet

* Use Flysystem facade for displaying asset image

* Set assets path

Should clean all these up when we’re done here

* Added Rackspace support for Flysystem

* Added Flysystem migrator console command

* Added use Storage directive for categories

* Added user avatars to Flysystem

* Added profile avatar to Flysystem

* Added the option to delete local files with the migrator

* Added a check to prevent people from trying to move from local to local

* Fixed the selectlists for Flysystem

* Fixed the getImageUrl method to reflect Flysystem

* Fixed AWS copy process

* Fixed models path

* More selectlist updates for Flysystem

* Updated example .envs with updated env variable names

* *sigh*

* Updated non-asset getImageUrl() methods to use Flysystem

* Removed S3 hardcoding

* Use Flysystem in email headers

* Fixed typo

* Removed camera support from asset file upload

We’ll find a way to add this in later (and add that support to all of the other image uploads as well)

* Fixed path for categories

* WIP - Switched to standard handleImages for asset upload.

This is currently broken as I refact the handleImages method. Because the assets store/create methods use their own Form Request, the handleImages method doesn’t exist in that Form Request so it wil error now.

* Fixed css URL error

* Updated Debugbar to latest version (#6265)

v3.2 adds support for Laravel 5.7

* Fixed: Missing CSS file in basic.blade.php (#6264)

* Fixed missing CSS file in basic.blade.php

* Added

* Changed stylesheet import for authorize.blade.php

* Updated composer lock

* Added AWS_BUCKET_ROOT as env variable

* Use nicer image preview for logo upload

* Removed AssetRequest form request

* Removed asset form request, moved custom field validation into model

* Added additional help text for logo upload

* Increased the size of the image resize - should make this a setting tho

* Few more formatting tweaks to logo section of branding blade preview

* Use Flysystem for asset/license file uploads

* Use Flysystem for removing images from models that have been deleted

* Enable backups to use Flysystem

This only handles part of the problem. This just makes it so we can ship files to S3 if we want, but does not account for how we backup files that are hosted on S3

* Use Flysystem to download license files

* Updated audits to use Flysystem
2018-09-29 21:33:52 -07:00
snipe ff879e2018 Added the ability to update asset location when auditing - per #5854 2018-09-07 05:39:41 -07:00
snipe 911c2398ef Fixed #6004 - set a default next_audit_date if none provided 2018-08-01 03:04:29 -07:00
snipe 86c1f11bec Change $request->has to $request->filled unilaterally 2018-07-24 22:51:31 -07:00
snipe 0714ac4248 Update withCounts because Laravel 5.5 :( 2018-07-24 22:40:05 -07:00
Daniel Meltzer 64d649be7f Monster: Cleanup/Refactor http controllers. (#5916)
* Extract a handlesimages trait to centralize logic for parsing/storing images on upload in create/edit methods.

* Use same image upload/layout in accessories as consum+components.

* Monster: Cleanup/Refactor http controllers.

This cleans up docblocks, pulls most non-crudy actions into their own
controllers, and does general cleanup/logic refactoring.  There /should/
be no functional changes, but we all know how should works..

Extract checkin/checkout functions to a separate controller for accessories.

Move controllers to subdirectory.

Cleanup AssetModelsController

Extract component checkin/checkout

Assorted cleanups/doc/formatting in controllers.

Refactor LicenseController.

Refactor UsersController

Update viewassetscontroller.

* Codacy cleanups

* More codacy cleanups.  Extract a LicenseCheckout Form request as well.

* A bit more refactor/cleaning of the license checkout method.

* Review Related Cleanups

* Fix most of the item_not_found translations.  In many cases, the
string being generated did not even use the id parameter.  Where it
does, pass it as id instead of as a different value.

* Remove some old $data arrays from when we manually sent emails from
the controllers.  This has been superseeded by the notification system
(yay!)

* Bugfix: Only log the checkin of an accessory if the checkin completes sucessfully.
2018-07-24 19:35:26 -07:00
Till Deeke 48bbbe0f40 Fixing authorization issues (#5807)
* adds permission checks for companies

* adds permission checks for depreciations

* adds permission check for all reports

* fixes permissions for departments

* fixes permission naming (edit -> update)

* fixes authorization checking wrong permission in API

The authorization was checking for the non-existent „edit“ method where it should have checked for the „update“ method.

* adds authorization checks for select2 lists

* adds missing authorization checks for api

* fixes user authorization check for creating users

* adds additional check viewing assets on showing a users assets

* Removes authorization checks for select2 lists

Reference: https://github.com/snipe/snipe-it/pull/5807#pullrequestreview-136018755
2018-07-12 18:28:02 -07:00
snipe 4c656c0321
De-normalize new counters from 4.3.0 (#5547)
* Added de-norm counter migration for assets

* Renaming counter columns, since Eloquent has a magical *_count helper

* Added artisan command to sync counters (one-off)

* Update API to use de-normed fields

* Increment counters for checkin;/checkout

* Derp.

* Added request increment/decrementer

* Move increment for checkout to the Asset::checkout method

* Added “could take a while” message
2018-05-16 19:20:43 -07:00
snipe 5365182c86 Fixed advanced search on supplier, count for PHP7.2 2018-04-25 20:25:03 -07:00
Hannah Tinkler c4c520c1a3 Fixes #4445: prevents assigned assets from being checked out in bulk checkout (#5421)
* Fixes #4445: prevents assigned assets from being checked out in bulk checkout

* Updates data attribute to more versatile 'data-asset-status-type'

* Fixes broken unit test
2018-04-25 02:39:23 -07:00
snipe bbc0695a8f
Added count of checkins, checkouts, requests (#5314)
* Added count of checkins, checkouts, requests

* Removed old commented items

* Use actionlog instead of redefining the relationship
2018-04-06 16:23:39 -07:00
snipe 8a6713d5c0
WIP - Improved requested assets (#5289)
* WIP - beginning of improved requested assets

- Use Ajax tables for faster loading
- Use new notifications for requesting an asset

TODO:
- Use ajax tables for requestable asset models
- Use new notifications for canceling an asset request
- Expire requests once the asset has been checked out to the requesting user

* Only show asset name in email if it has one

* Refactor requested method to only include non-canceled requests

* Refactored requestable assets to log request and cancelation

* Added softdeletes on checkout requests

* Differentiate between canceling and deleting requests

* Added asset request cancelation notification

* Added timestamps and corrected unique key on requests table

* Improved requests view

* Re-use blade for cancel/request email

* Refactored BS table formatter for requested assets

* Location name min reduced to 2

* Added PAT test as maintenance option

This needs to be refactored into database-driven options with a UI

* Better slack message

* Added getImageUrl method for assets

* Include qty in request notifications

TODO:
- Try to pull requested info from original request for cancelation, otherwise it will default to 1

* Removed old asset request/cancel emails

* Added user profile asset request routes

* Added profile controller requested assets method

* Added blade link to requested assets for profile view

* Sort user history desc

* Added requested assets blade

* Added canceled at to checkoutRequest method

* Include qty in request

* Fixed comment, removed allowed_columns

* Removed Queable methods, since we don’t use a queue

* Fixed return type in method doc

* Fixed version number

* Changed id to user_id for clarity
2018-04-04 17:33:02 -07:00
snipe 46f5f21368
Notification improvements (#5254)
* Added “show fields in email” to custom fields

* Added “show images in email” to settings

* Added nicer HTML emails

* Break notifications out into their own, instead of trying to mash them all together

* Remove old notification for accessory checkout

* Janky fix for #5076 - “The asset you have attempted to accept was not checked out to you”

* Add method for image url for accessories

* Added accessory checkout email blade

* Make accessory email notification on checkout screen consistent with assets

* Added native consumables notifications

* Fixes for asset notification

* Updated notification blades with correct-er fields

* Updated notifications

* License checkin notification - does not work yet

Need to figure out whether the license seat is assigned to a person or an asset before we can pass the target

* Added alternate “cc” email for admins

* Only try to trigger notifications if the target is a user

* Fix tests

* Fixed consumable URL

* Removed unused notification

* Pass target type in params

* Show slack status

* Pass additional parameters

There is a logic bug in this :( Will send to slack twice, since the admin CC and the user are both using the same notification. Fuckity fuck fuck fuck.

* Pass a variable to the notification to supress the duplicate slack message

* Slack is broken :( Trying to fix

Will try a git bisect

* Put preview back into checkout

* Pulled old archaic mail

* Removed debugging

* Fixed wrong email title

* Fixed slack endpoint not firing

* Poobot, we hardly knew ye.

* Removed old, manual mail from API

* Typo :-/

* Code cleanup

* Use defined formatted date in JSON

* Use static properties for checkin/checkout notifiers for cleaner code

* Removed debugging

* Use date formatter

* Fixed target_type

* Fixed language in consumable email
2018-03-25 13:46:57 -07:00
snipe 34919b0396 Added API calls to look up assets by tag and serial 2018-03-23 14:50:11 -07:00
snipe a5c6ddb8ac Change gate for updating assets via the API to edit 2018-03-05 21:27:17 -08:00
snipe b6a75093b7 Removed duplicate location_id assignment 2018-02-24 14:06:10 -08:00
snipe f144d671ff Fixed #4988 - incorrect variable name in asset checkout API method 2018-02-12 19:13:33 -08:00
snipe d2587337e4 Fixed #4952 - ignore show_archived setting when drilling down into specific ID 2018-02-01 16:31:32 -06:00
snipe 1d04897b32 Order by default location 2018-01-24 14:27:12 -08:00
snipe 2a959edeba Added - Setting to allow archived assets in List All 2018-01-17 19:18:48 -08:00
snipe d920d91786 Fixed #4593 - do not require model_id to update asset custom fields via API 2018-01-17 13:12:32 -08:00
snipe 9293f17707 Moved search scope lower to fix weird (possible Laravel) bug w/prepared statements 2018-01-11 15:17:34 -08:00
snipe e6259eb6e1 Fixed #4774 - show assets assigned to assets in asset view
Todo: Fix text search on the asset to asset tab. It’s currently broken so I’ve disabled it.
2018-01-10 05:44:11 -08:00
Brandon Daniel Bailey f786e07179 Allow auto increment through the API (#4690)
* Allow auto incrementing asset_id from the API when the setting is enabled

* Cleaned up the if else statement

* Added prefix to the orWhereRaw which causes a database error if the configuration uses a prefix

* Auto incrementing through the API
2018-01-03 17:24:32 -08:00
snipe f1a911d305 Fixed ambiguous query on non-super admins with FCS 2017-12-12 21:14:12 -08:00
snipe c816870083 De-norm last audit date so we can display it in the asset listing 2017-12-12 03:03:43 -08:00
snipe 305b0d8edb Fixed #4522 - properly check for valid target, throw error otherwise 2017-11-27 21:17:58 -08:00
snipe 05996019e5 Use asset checkout request in API 2017-11-27 21:17:16 -08:00
snipe 6f3a90c48b Check that the assigned data is valid 2017-11-22 15:07:34 -08:00
snipe 7321c5937f Fixed #4440 - allow username search in asset dropdown 2017-11-16 16:49:16 -08:00
snipe d7f8615964 Fixed query for location ID 2017-11-03 20:10:36 -07:00
snipe cc7be5f947 Added location to checkout in API 2017-11-03 19:42:45 -07:00
snipe 85360a7c7f Removed gates on selectlists
They can’t access the API directly unless they have been granted API accesses anyway
2017-11-03 13:03:57 -07:00
snipe 3ecaa99990 Fixed only undeployed assets in checkout to list 2017-11-03 11:33:36 -07:00
snipe 37868cd70e Added warranty and expiration to list view 2017-10-31 07:05:15 -07:00
snipe 472a5b9f69 Removed extra log on API asset create 2017-10-31 05:38:52 -07:00
snipe f4e7bfc28d Null custom field if field exists but is empty 2017-10-31 05:22:21 -07:00
snipe 9687a78981 Fixed a few inconsistencies in the API results (null vs empty string) 2017-10-28 15:17:36 -07:00
snipe 108ac79442 Added update to asset location id on checkout/checkin 2017-10-28 07:38:36 -07:00
snipe 5278dac2b0 Eager loading assignedTo - I have no idea why this works 2017-10-28 03:50:02 -07:00
snipe df430a2263 Removed assignedTo eager load for now - it’s not working 2017-10-28 02:31:36 -07:00
snipe d76f858dcd Try eager loading assignedTo 2017-10-28 01:50:58 -07:00
snipe 7d11cb0748 Added selectlist transformer for select2 API calls 2017-10-26 21:50:01 -07:00
snipe ea07517ad5 Added more ajax select2 boxes to checkouts, remove helper ->with() methods 2017-10-26 03:43:28 -07:00
snipe 82690e1fd7 Integrate ajax select2 menus in all asset checkouts 2017-10-26 02:28:17 -07:00
Brady Wetherington 8ac57d0121 Need to prefix status_id with assets. for uniqueness (#4279) 2017-10-20 17:37:46 -07:00
snipe 1f247ff541 Don’t let the user checkout an asset to itself
(We should consolidate that AssetCheckoutRequest for the API)
2017-10-19 15:51:55 -07:00
snipe 3b012f2827 Some advanced search query tweaks 2017-10-18 10:07:35 -07:00
snipe 5519e2d4ae Fixes custom fields sorting on asset listings
I need a silkwood shower :(
2017-10-18 09:27:34 -07:00
snipe ea63ced2bd Fixes table alias bug in complex queries for Laravel 2017-10-18 01:21:08 -07:00
snipe b46cbac911 Fixes #4230 - adds model name and manufacturer to emails 2017-10-17 13:30:32 -07:00
snipe e9c3d6bfb7 Full text search fixes - addresses laravel bug :( 2017-10-17 12:48:18 -07:00
snipe e7fe91c9d4 Depreciation view 2017-10-17 11:20:05 -07:00
snipe f56eb16941 More specific order by clause for drilling down on order number 2017-10-11 12:29:08 -07:00
Daniel Meltzer 987536930c Assorted fixes (#3923)
* Fix some n+1 problems

* Use route in notification dropdown to make sure we link to correct page

* Work on better UI support for checkout to non-user.  Fix links on index bootstrap table, work towards eliminating assignedUser

* Remove Asset::assigneduser() relationship.  Instead add a checkedOutToUser() method and/or port to using assignedTo()

* Adjust string to fit new reality

* Fix #3780.  Move the consumables getDataView method to the ApiController.  Not entirely RESTful, but it's a weird method that probably doesn't need its own controller and the functionality would be strange to stack on the userscontroller...

* Fix file uploads to assets and restore the delete route.

* Add asset maintence edit action to index.

* Suppliers asset list should link to the related asset, not to the supplier with same ID.

* Asset models page should use polymorphic formatter on assigned to to better handle assorted item types.

* Comment out more assigneduser fallacy until we figure out the query builder approach to searching for location text.
2017-09-05 17:54:58 -07:00
snipe 761371509d Use notifiables for slack audit notification 2017-08-31 21:30:38 -07:00
snipe 22233e3ba6 Bulk asset audit form (needs more testing) 2017-08-29 16:00:22 -07:00
snipe 51d74ac06d Auduting improvements 2017-08-25 18:40:20 -07:00
snipe 16f57e16cb Fixes #1190 - added basic audit workflow 2017-08-25 10:04:19 -07:00
snipe d23ea70b08 Added auth check back to asset store 2017-08-25 03:26:50 -07:00
snipe 3e8b7d9c94 Check for overall asset delete permissions before checking to see if the user can delete that specific asset 2017-08-03 19:49:41 -07:00
Jason Spriggs 7c4ee54f8b Fix #3803 - Return asset object instead of just id (#3811) 2017-08-01 20:01:11 -07:00
snipe 770092f23f Added save/update/delete observers
This should make it easier to handle action logging between the GUI and the API
2017-06-15 20:54:14 -07:00
snipe 0c8308f5a4 Fixes for ordering on asset listing 2017-05-15 20:55:39 -07:00
Andrea Bergamasco 7ee172888d /api_tests: Completed tests for basic CRUD for Assets and Components (#3426)
* Refactored AssetsTransformer

Casted all ids to int, escaped all text values,

* Added warranty_expires attribute to Asset model

$asset->warranty_expires contains a Carbon object with the warranty
expiration date. Returns null when either purchase_date or
warranty_months are not set.

* Ignoring php-cs cache files

* Restored asset tests expectations

Work in progress - tests still fail

* API controller refactoring, fixed HTTP status codes in responses

* Restored $request->get - debugging

* Added further checks in ApiAssetsCest::updateAssetWithPatch

* /api_tests: Fixed bugs in update() method + code formatting

* /api_tests: Minor code formatting

* /api_tests: Mirrored test code for PATCH and PUT methods

* Removed repeated code

* Test cleanup

* Fixed issues with update() through PATCH and PUT methods

* Added API test suite to .travis.yml
2017-03-31 13:48:11 -07:00
Andrea Bergamasco e03ebc3fd0 AssetTransformer refactoring, restored tests (#3407)
* Refactored AssetsTransformer

Casted all ids to int, escaped all text values,

* Added warranty_expires attribute to Asset model

$asset->warranty_expires contains a Carbon object with the warranty
expiration date. Returns null when either purchase_date or
warranty_months are not set.

* Ignoring php-cs cache files

* Restored asset tests expectations

Work in progress - tests still fail

* API controller refactoring, fixed HTTP status codes in responses

* Restored $request->get - debugging

* Added further checks in ApiAssetsCest::updateAssetWithPatch
2017-03-14 08:37:39 -07:00
snipe c8c5c05351 Added asset checkin/checkout API methods 2017-03-11 14:04:52 -08:00
snipe 5b450c5978 Disambiguated company_id in assets api controller 2017-03-11 04:39:28 -08:00
snipe 875d0dd343 Added advanced search to assets 2017-03-11 04:26:01 -08:00
snipe c6c3ddba3e Remove detail() presenter 2017-02-23 17:01:01 -08:00
snipe 9ccaad8b9c Added created_at and modified_at to asset listing/api 2017-02-23 16:23:02 -08:00
snipe 74c5c55838 Removed outdated comment 2017-02-08 18:25:06 -08:00
snipe 72ec362f72 Search on status label type 2017-02-08 03:37:44 -08:00
snipe 4cf01e4f48 Added ability to search by company_id and location_id 2017-02-08 03:31:42 -08:00
snipe 584e2ba618 Added a space 2017-02-06 18:47:54 -08:00
snipe d37b9fe169 Use hardrware listing for status labels detail link 2017-02-03 20:34:09 -08:00
snipe 9cae6066a0 Added asset by manufacturer listing 2017-02-03 19:52:00 -08:00
snipe 1e2a23e955 Use main assets API to pull view pages for assets listings 2017-02-03 19:34:24 -08:00
Daniel Meltzer 5ba2ec881c Vue importer (#3235)
* Begin work on vueifying the importer

* Beginning work on migrating the importer to use a vue/components for future interactivity

Update JS

More importer work.  Move to a vue based modal, begin handling of processing.  Still need to port error messages.

More importer work.  Move to a vue based modal, begin handling of processing.  Still need to port error messages.

Update importer.  Add error display.  Fix modal, update vue-strap to vue2

More progress.  Add select2 vue bits.

* Move to querying the db to find importer matches.  It scales better on large datasets.

Fix select2 related issues.  We were trying to initialize it twice, which led to the custom data being overwritten.

* Better error handling on uploads and deletion of files.  Restore progressbar on upload.

* Add support for generic exception reporting if app.debug is enabled.

* Handle Http 500 errors better.  Display errors if debug is enabled.  Assorted cleanups.

* Fix codacy issues, remove unused methods.

* Only bind vue to the importer for now.

* Load vue for passport as well.
2017-01-25 21:29:23 -08:00
snipe dc47a0fad6 Fixes #2551 - use UTF-8 safe slugging for MySQL columns 2017-01-25 18:38:20 -08:00
snipe 8f12486f6c More generic javascript formatters, updated api routes 2017-01-24 21:04:38 -08:00
snipe 39b4725114 Load assigneruser relationship 2017-01-13 22:17:20 -08:00
snipe 2879114fe9 Misc API cleanup for assets 2017-01-13 11:41:00 -08:00
snipe b968839a1d Pull out extraneous use statements 2017-01-13 11:38:25 -08:00
snipe 534e40feb8 Fixed bad fieldset call 2017-01-12 03:55:54 -08:00
snipe a283b13069 Handled bad model id 2017-01-12 03:53:52 -08:00
snipe 41b864cc49 Added update method for assets 2017-01-12 03:48:18 -08:00
snipe 7d2d6a3c1b Removed unused use statements 2017-01-12 02:53:43 -08:00
snipe 29b5678a8d Format destroy responses 2017-01-12 02:50:55 -08:00
snipe 15373d5f4a Fixed a few asset API issues 2017-01-12 02:19:55 -08:00
snipe 268308004c Fixed number of results returned 2017-01-11 23:45:03 -08:00
snipe 95f2d94e01 Added create/destroy methods for asset API 2017-01-11 23:40:56 -08:00
snipe 2c695cf7e5 404 JSON response if the asset is not found
(Brady and I will argue about this forever)
2017-01-11 19:12:25 -08:00
snipe 74696d5ded View asset API 2017-01-11 19:00:34 -08:00
snipe 900e6e2419 Starter asset API 2017-01-11 18:14:06 -08:00