* Fixed#6821 - confusing UI for 2FA when 2FA is universally enforced
I also updated the language in the user’s listing table to clarify what “activated” means
* Added login enabled info to user view
* Clarified comments
* Added info about 2FA on user profile
Because why not
* Added nowrap to table, and added 2FA reset for superadmins
* Check for empty headers in import
* Added import permission
* Fixed model path in docblock
* Added import gate to default blade
* Check if the user is an admin OR idf they have import permissions
* Walked back that admin permission
Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
* Fixed#6703 - fixes password confirmation
* Removed debugging
* Fixed tests
* I guess we use 10 as the settings for password min in tests
* One more try to fix tests - confirmation won’t validate until password validates
This bug was a result of attempting to check if the groups field had a value, and only THEN trying to sync the groups. This meant that uf you were removing ALL groups, the sync wouldn’t be triggered.
This still needs to be updated in the API.
Need to confirm that re-enabling `\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,` won’t mangle anything. I know we ran into some issues when testing a long time ago, but not sure those issues apply anymore, and I can’t remember what they were.
* Update Ldap.php
* Update Ldap.php
* Update Ldap.php
* Update Ldap.php
* Update Ldap.php
Updating LDAP.php such that the admin bind will ONLY occur if the user attempting auth cannot bind. If that is the case, it will attempt to bind as admin and search for that user, prior to failing.
The previous commit made it such that remote user login could only
be enabled if two factor authentication was also enabled. Unnest
the configuration so that the setting can be applied without.
This would only come into play if an inactive user already received a password reset email and then the system was upgraded to prevent those emails from being sent to inactive users
* Adds a method to consumables to check if a notification should be sent
Adds the checkin_email method to Consumables, this gets checked in notifications when checking out the consumable.
Without the method, no notifications get sent for checking out consumables.
* Fixes the checkin_email method on the License model
This should allow the License to also send checkout/checkin notifications again.
* Fix Importer emailformat
Str::slug() strips periods from the string, which caused our existing
logic to misbehave when generating a user's email on an import. Adjust
logic to use generateEmail() helper on user instead. Also clean up some
of the logic in this method.
* Remove dead code.
* More refactor/cleanup of the user create method. I think it is almost readable now.
* Give advancedTextSearch all search terms at one
The additional conditions for assets had some problems, since they were joining tables for the additional attributes. The method was called once for every search term, so the join was added multiple times if the user entered multiple search terms.
* Allows search to handle multiple search terms better
The search now better handles multiple search terms, adding additional orWhere clauses, instead of duplicating all queries.
* Fixing typo
* Extract method/cleanup
* Remove apiStore method that is unusued since api controllers.
* Use proper model exception
* Remove old user importer. This is now supported by the general importer framework.
* Refactor AssetsController methods.
This is a giant diff without many functional changes, mostly cosmetic.
I've pulled a number of methods out of assetscontroller, preferring
instead to create some more targetted controllers for related actions.
I think this cleans up the file some, and suggests some places for
future targetted improvement.
Fix weird missing things.
* Fix Unit test failing after date changes.
* Pass valid string to be translated.
* Some method cleanup for codacy.
* Extract trait for common checkout uses and codacy fixes.
* Cleanup model bulk-edit
Use the general partials where appropriate, as well as display a list of
what models we are editing in the bulk edit.
* Use new api based fetch/display for modal select2.
This is just copy/pasting the code currently because I'm not entirely
sure how the two pieces of code interact.
* Remove old helper functions that are no longer necessary with our populating of select2 dropdowns via ajax.
* Adds the ability to search by dates
Adding extra „where“-conditions to the „TextSearch“ queries, allowing the users to search by dates
* Adds missing dates to $dates in models
* Removes duplicated „where“ conditions
* Adds the Searchable trait to models, defining the searchable attributes and relations
* Removes the old text search methods
* Adds back additional conditions to the search
These conditions could not be modeled in the „attributes“ or „relations“, so we include them here
* Removes unnecessary check for the deleted_at attribute
* Fixes typo in comments
* suppresses errors from Codacy
We can safely ignore the error codacy is throwing here, since this method is a standin/noop for models who need to implement more advanced searches
* adds select2 placeholders to select lists
To allow us to clear the selection on „select2“ selects, we need a placeholder attribute
See: https://select2.org/placeholders
* Removes empty option from multiple select
select2 requires an empty option value on singular selects, but not on multiple selects.
When selecting multiple options, this empty option would be shown as selectable otherwise, not clearing the selection.
* Adds the option to clear select2 instances
Sets the correct options to allow clearing of out select2 instances. The empty placeholder is required, since clearing only works when a placeholder ist set (event an empty one).
See: https://select2.org/placeholders
* Removes the „Clear selection“ option from select lists
Since we can clear the select2 lists with their native clearing method, we can remove this hack
* Updates generated assets (css/js)
* Always send checkin notifications to users
This fixes the routing of the notifications, to only send „checkin“ emails if the „mail on checkin“ flag on the category was set. (and we checkout to a user with a non-empty email)
* Fixes checkout notification routing
Notifications to users should be send if the category of the resource (accessory/asset/consumable/license):
a) requires the user to confirm acceptance
b) should send notifications on checkin/checkout
* adds a check for EULAs
Adds back a check for the EULA, since the user should receive the EULA if it was set (regardless of other setings on the category, etc)
* adds permission checks to custom fields
* adds permission checks to custom fieldsets
* adds separate permissions for custom fieldsets
* check for permissions in views
* Removes custom fieldsets from permissions config
* Proxy the authorization for custom fieldsets down to custom fields.
This allows us to use the existing permissions in use and have more semantically correct authorization checks for custom fieldsets.
* simplifies the authorization check for the custom fields overview
* removes special handling of custom fieldsets in base policy
I just realised that this code duplicates the logic from the custom fieldset policy.
Since we are checking for the authorization of custom fields anyway, we can just use the columnName for the fields.
* cleanup of unused imports
* adds permission checks for companies
* adds permission checks for depreciations
* adds permission check for all reports
* fixes permissions for departments
* fixes permission naming (edit -> update)
* fixes authorization checking wrong permission in API
The authorization was checking for the non-existent „edit“ method where it should have checked for the „update“ method.
* adds authorization checks for select2 lists
* adds missing authorization checks for api
* fixes user authorization check for creating users
* adds additional check viewing assets on showing a users assets
* Removes authorization checks for select2 lists
Reference: https://github.com/snipe/snipe-it/pull/5807#pullrequestreview-136018755
* Added option to include model information on asset labels.
Cleaned up label page to fix skewed label alignment on last row per page.
* Changes made per Snipe's direction
changed type from tinyint to boolean in DB
changed labels back to initials
* Added de-norm counter migration for assets
* Renaming counter columns, since Eloquent has a magical *_count helper
* Added artisan command to sync counters (one-off)
* Update API to use de-normed fields
* Increment counters for checkin;/checkout
* Derp.
* Added request increment/decrementer
* Move increment for checkout to the Asset::checkout method
* Added “could take a while” message
* Fixes#4445: prevents assigned assets from being checked out in bulk checkout
* Updates data attribute to more versatile 'data-asset-status-type'
* Fixes broken unit test
* Fixes CustomFieldsetsController::fields() which I think is not used anywhere else and don't think ever worked as you can't call get() on a Collection.
Have tested extensively and doesn't seem to affect anywhere else?
* Adds default value functionality
* Adds built assets
* Fixes assignment to asset_model_id which should have been evaluation and alters route so it sits more in line with existing work
* Updates built assets
* Remove silly docker.env file; fix Dockerfile to preserve Oauth keys (#5377)
* Added department to custom asset export
Updates build assets
* Adds translation support for 'add default values' checkbox label
* Allow setting of "ldap_import" through the API, this will allow cusom scripts to be made to import data from Active directory using the API, this would allow any field to be filled such as the manager (based on the ID), department etc.
* Password fix for LDAP through API
* Fix condition where matching user fails when providing a username but no full name. Also shortcircuit username matching if a user exists.
* Simplify Logic
If the user provided is numeric, but doesn't exist in the database, assume that the user's name is a number and go through all relevant generation. of email/first+last names. Alternatively we may want to abort or remove the is_numeric bits.. it seems a little counterintuitive
