Commit graph

848 commits

Author SHA1 Message Date
snipe 0e29744ec2 Don’t try to send an email if the user doesn’t have an email address 2017-09-28 20:57:33 -07:00
snipe 51236a2ad9 Fixes #4056 - check for assets before deleting user 2017-09-28 19:57:52 -07:00
snipe 46d87849f4 Added content security middleware 2017-09-28 19:45:15 -07:00
snipe b60febeea2 Removed space in XSS header because safari was getting angry 2017-09-28 18:45:54 -07:00
snipe 9b84a0d516 *eyeroll* 2017-09-28 17:34:47 -07:00
snipe 1775995f26 Is this space necessary? Getting weird results from netsparker 2017-09-28 17:25:04 -07:00
snipe 26a7701cda Added referrer-policy header 2017-09-28 17:12:58 -07:00
snipe a34085f1d9 Added mode=block to XSSProtect header 2017-09-28 16:28:27 -07:00
Daniel Meltzer af19e5d976 Fix old route (#4053)
Looks like we missed in the v4 port.  Fixes the unrelated issue in #4052
2017-09-28 16:02:50 -07:00
snipe 3d7277398c Fixes #4057 - sig file in lightbox 2017-09-28 15:13:05 -07:00
snipe ac83dba2bb Fixes #4034 - save login note 2017-09-27 16:35:54 -07:00
snipe fc96fa756e Fix redirect default on password reset 2017-09-27 16:23:21 -07:00
snipe ea9a502152 Added empty regsitration controller
When using the default Laravel auth routes, it expects a registration controller, even though we don’t have a concept of registration. This blank controller just prevents route caching from throwing errors.
2017-09-27 16:23:01 -07:00
snipe ec8a3d2e56 Fixes #4027 - proper redirect on fieldset delete 2017-09-27 16:02:29 -07:00
snipe ecf041fa10 Fixes #4043 - standardize groups API response 2017-09-27 15:18:29 -07:00
snipe 0ab9bc1db8 Added normalization midddleware, removed 2017-09-27 15:18:05 -07:00
snipe e91a537552 Use more modern Request handler 2017-09-27 14:50:48 -07:00
snipe bd0498aa69 Fixes #4016 - signature file missing from history tab 2017-09-27 12:58:08 -07:00
snipe e27e1a78c3 Fix for case where a fieldset is assigned to a model, but no fields are assigned 2017-09-26 16:01:23 -07:00
snipe f2ee7dcabb Fixes #4001 - license checkout not working 2017-09-25 21:40:43 -07:00
snipe 26203801f6 Fixes #4009 - zip not populating on locations listing page 2017-09-25 20:45:05 -07:00
snipe c3afbc0e53 Run backups before purging and importing 2017-09-25 15:00:23 -07:00
snipe 38326314ca Merge branch 'develop' 2017-09-25 11:53:33 -07:00
snipe 865950e766 Fixes #4000 - user_id blank 2017-09-25 11:53:10 -07:00
snipe 34dfcb5add Merge branch 'develop' 2017-09-22 17:23:38 -07:00
snipe 30019a144a Disable login note editing on demo 2017-09-22 17:23:22 -07:00
snipe b29d7beb3a Merge branch 'develop'
# Conflicts:
#	.gitignore
#	Dockerfile
#	README.md
#	app/Http/Controllers/AccessoriesController.php
#	app/Http/Controllers/AssetMaintenancesController.php
#	app/Http/Controllers/AssetsController.php
#	app/Http/Controllers/ConsumablesController.php
#	app/Http/Controllers/GroupsController.php
#	app/Http/Controllers/LicensesController.php
#	app/Http/Controllers/ReportsController.php
#	app/Http/Controllers/UsersController.php
#	app/Http/routes.php
#	app/Models/Depreciation.php
#	app/Models/Location.php
#	config/version.php
#	resources/views/account/view-assets.blade.php
#	resources/views/hardware/edit.blade.php
#	resources/views/hardware/view.blade.php
#	resources/views/partials/modals.blade.php
#	resources/views/reports/custom.blade.php
#	snipeit.sh
2017-09-22 16:12:18 -07:00
Daniel Meltzer 922d6937ae Custom field import repair (#3968)
* There is no notes field on accessories.  Fixes Importer Test.

* Fix notification test.  We should see a checkout not allowed exception when trying to check out to a location if the asset requires acceptance.

* Fix Custom field import.

Add a test for custom field import, and fix a few issues related to
importing custom fields.  This will restore v3 functionality.

* Add UI support for mapping custom fields.

This still requires the field mappings to be created/assigned in
advance, but will fetch all custom field names and allow them to be
selected when setting up custom field mappings.

This commit also updates laravel-mix to v1.4.3 and other node
dependencies to fix some build issues.

* Fix some requestable asset page/assetloc issues.  I'd love to know why laravel expections relationships to be in lower case... but thats a question for another day.
2017-09-18 12:29:08 -07:00
Iman ed4ea7f1f4 No new feature,No bug fix, Only refactoring (#3949)
* No change in logic !

Just exchanging the if and else code blocks and negating condition.

* remove unneeded else{} block

* Re-indented the code
2017-09-12 12:28:42 -07:00
snipe 81e358a01d Small maintenance fixes 2017-09-08 17:49:01 -07:00
snipe 47909b93f7 Fixed deleted users/restore users view 2017-09-06 17:11:43 -07:00
Daniel Meltzer 987536930c Assorted fixes (#3923)
* Fix some n+1 problems

* Use route in notification dropdown to make sure we link to correct page

* Work on better UI support for checkout to non-user.  Fix links on index bootstrap table, work towards eliminating assignedUser

* Remove Asset::assigneduser() relationship.  Instead add a checkedOutToUser() method and/or port to using assignedTo()

* Adjust string to fit new reality

* Fix #3780.  Move the consumables getDataView method to the ApiController.  Not entirely RESTful, but it's a weird method that probably doesn't need its own controller and the functionality would be strange to stack on the userscontroller...

* Fix file uploads to assets and restore the delete route.

* Add asset maintence edit action to index.

* Suppliers asset list should link to the related asset, not to the supplier with same ID.

* Asset models page should use polymorphic formatter on assigned to to better handle assorted item types.

* Comment out more assigneduser fallacy until we figure out the query builder approach to searching for location text.
2017-09-05 17:54:58 -07:00
snipe 761371509d Use notifiables for slack audit notification 2017-08-31 21:30:38 -07:00
snipe 0054ce3071 Fixes #3907 2017-08-31 13:45:48 -07:00
Daniel Meltzer bb874012d9 Progress towards better email notifications (#3911)
Working mail from notification.  Still requires testing/cleaning

Add tests around checkout notification.

This also removes the ability to check out an asset to a location|asset
that requires acceptance/a Eula.  For 4.1 we may think about how to
support such a thing, but at present it seems to make sense to only alow
such assets to be checked out to users, who can be responsible for the
items.
2017-08-31 11:14:21 -07:00
snipe 8d2c229bc3 Move LDAP validation into form request 2017-08-31 10:44:00 -07:00
snipe 48e6208214 Fixes #3907 - do not require username on user if LDAP import 2017-08-31 10:43:36 -07:00
snipe 22233e3ba6 Bulk asset audit form (needs more testing) 2017-08-29 16:00:22 -07:00
snipe e439f15a64 Fixed some date math for auditing 2017-08-28 17:20:20 -07:00
snipe e10cdd57a5 Removed old getassetloist method 2017-08-26 15:22:04 -07:00
snipe bf157773c8 Also related to #3888 2017-08-26 15:21:38 -07:00
snipe 51d74ac06d Auduting improvements 2017-08-25 18:40:20 -07:00
snipe 16f57e16cb Fixes #1190 - added basic audit workflow 2017-08-25 10:04:19 -07:00
snipe 52270fa4db Derp 2017-08-25 08:30:48 -07:00
snipe bf3731d65c Set default min password to 10 2017-08-25 08:23:23 -07:00
snipe 4721cab928 Grr. 2017-08-25 06:08:19 -07:00
snipe 08f3e78d26 Merge branch 'checkout-to-location-v2' of https://github.com/dmeltzer/snipe-it into dmeltzer-checkout-to-location-v2
# Conflicts:
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Transformers/LocationsTransformer.php
#	resources/views/locations/view.blade.php
#	routes/api.php
#	tests/_data/dump.sql
2017-08-25 06:04:22 -07:00
snipe 10711245ba Fixes #3792 - parent/child locations in API 2017-08-25 05:32:12 -07:00
snipe d23ea70b08 Added auth check back to asset store 2017-08-25 03:26:50 -07:00
snipe 659d953f3f Fixed custom error message for status labels 2017-08-24 22:40:07 -07:00
Brady Wetherington c1dcc22217 Refactor and improve Modal support for Assets (#3884) 2017-08-24 22:24:02 -07:00
snipe 6e30fa6922 Fixes custom fields in asset listing where no custom fields were assigned 2017-08-23 03:28:13 -07:00
snipe f119c69698 Possible fix for #3852 2017-08-22 22:46:02 -07:00
snipe 57f4c986af Enforce password complexity rules on new account password change 2017-08-22 22:41:35 -07:00
snipe a0cbca85bf Fixes for API calls for password complexity stuff 2017-08-22 21:15:35 -07:00
snipe 9bda62d295 ADDED: Password rules for complexity, min length, rejecting common passwords 2017-08-22 20:32:39 -07:00
snipe 1d7e243d0a Fixes #3790 - parent display on locations index 2017-08-22 15:02:31 -07:00
snipe 63bc2ec09f Fixes #3802 - make id an (int) in API repsonse 2017-08-22 14:53:48 -07:00
snipe 31516abef9 Fixes #3858 - use transformer for single listing categories 2017-08-22 14:26:08 -07:00
snipe d2535582f3 Fixes #3853 - added notes/zip to suppliers API response 2017-08-22 14:18:21 -07:00
snipe eaaea303f4 Fixes #3860 - return JSON instead of redirect in API delete dept call 2017-08-22 14:15:13 -07:00
snipe 8c5312b931 Fixes #3866 - weird API behavior in status label types 2017-08-22 14:10:54 -07:00
snipe 6310670835 Fixes #3869 - asset maintenances API endpoints 2017-08-22 13:52:06 -07:00
snipe 148d41d8dc Removes erroneous else 2017-08-22 12:22:32 -07:00
snipe 71c1c74164 Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00
snipe 4576cb6f56 Merge branch 'develop' of github.com:snipe/snipe-it into develop 2017-08-10 14:38:08 -07:00
snipe 56f88d2c22 Fixes #3836 - Adds supplier to licenses column 2017-08-10 14:38:04 -07:00
gibsonjoshua55 c1d1cb8122 Address #3840 and fixes group transformation in UsersTransformer (#3841)
Removes the incorrect variable access in UsersTransformer of a users's
groups and adds an array of groups' ids and names to the return array.
2017-08-10 13:37:54 -07:00
snipe de18e2a887 Only bcrypt passwords on user save if the password value is passed 2017-08-08 14:41:58 -07:00
snipe 7da4fe4524 Fixes #3825 - allows fillables through location API 2017-08-08 12:36:28 -07:00
snipe 9bfd345774 Use Company transformer with payload 2017-08-03 19:55:08 -07:00
snipe df87c82ddc Fixes #3805 - add/update/delete methods for User API 2017-08-03 19:50:18 -07:00
snipe 3e8b7d9c94 Check for overall asset delete permissions before checking to see if the user can delete that specific asset 2017-08-03 19:49:41 -07:00
Jason Spriggs 7c4ee54f8b Fix #3803 - Return asset object instead of just id (#3811) 2017-08-01 20:01:11 -07:00
snipe 03f9d01aab Fixes #3775 - added missing created_at and updated_at fields 2017-07-29 17:01:03 -07:00
snipe a2d63dd3e4 Fixes #3776 - adds Company to Dept UI 2017-07-29 16:42:17 -07:00
snipe 0408509fdc Fixes #3777 - correct response for two_factor_actived for user API 2017-07-29 16:25:42 -07:00
snipe 5e47c18d68 Fixes #3786 - checkin/checkout to components UI 2017-07-29 16:13:17 -07:00
snipe 4e5cf531f7 Fixes #3799 - use transformers on show() method as well 2017-07-29 15:46:10 -07:00
snipe cb903ab9fd Fixes manager user->name to username in Users API 2017-07-26 08:51:16 -07:00
snipe 66d8308163 More compact payload for users API on location and manager 2017-07-26 08:47:54 -07:00
snipe 847262e989 Fixes #3774 - fixes for inconsistent API responses (‘’ vs null) and adds escaping 2017-07-25 23:40:30 -07:00
snipe 59006964d1 Fixes #3771 - adds username to API response on Asset API 2017-07-25 22:11:50 -07:00
snipe ac29b142dc Adds max thumbnail width to asset listings, settings 2017-07-25 19:36:38 -07:00
snipe 0fbf9236f4 Fixes #3742 - add employee number to asset listing
Also removes asset report, since it’s basically the exact same output as the asset listing
2017-07-25 01:17:23 -07:00
snipe 7510f9f128 Fixes #3753 - use route direction instead of URL 2017-07-17 16:42:39 -07:00
snipe 3eea1a23f8 Slug the filename
So upoloads with weird characters like parens don’t get hoarked when trying to delete
2017-07-14 02:38:13 -07:00
snipe 1fda4593c1 Update @gibsonjoshua55 as a contributor 2017-07-12 20:41:20 -07:00
snipe ad12a5ce11 Added store/update methods to custom fields API 2017-07-12 19:34:34 -07:00
snipe 5abe72ce02 Added whether the field is required to the custom fieldsets transformer 2017-07-12 19:23:54 -07:00
snipe 3e3276334b Added escaping to API output 2017-07-12 19:23:15 -07:00
snipe b13e04095e Removed commented code 2017-07-12 19:22:58 -07:00
gibsonjoshua55 3cfcc43efa Adds basic GET api support for CustomFieldsets (#3697)
* Adds basic GET api support for CustomFieldsets

Currently there is not support for getting what fields a given fieldset contains
from the API.  This commit creates a new API Controller for CustomFieldsets as
well as Transformers for CustomFields CustomFieldsets.  Additionally, the api
route has been updated so that a show method can be access from
http://myapp/api/v1/fieldsets/{id}

* CustomFieldsetsTransformer only returns id and name of model

* Added index api method for CustomFieldsets

* Removes copy/paste error in CustomFieldsetController (including search)

* Added id to CustomFieldsetsTransformers

* Adds custom_fieldset_id as a field when storing and updating AssetModels

* Removed uncessesary parameter from CustomFieldsetsController.index

* Cleaned up CustomFieldset API
2017-07-12 17:51:22 -07:00
snipe 9bcfe0748b Make custom fields into their own JSON array 2017-07-08 18:44:28 -07:00
snipe 635299cd74 Decrypt encrypted fields 2017-07-08 17:04:40 -07:00
snipe 20376daec4 Fix encryption on first save 2017-07-08 17:04:24 -07:00
snipe a49fd16916 Fixed delete file settings route 2017-07-08 13:42:05 -07:00
snipe 932e25ca9b Only add an update log message if the asset isn’t being checked in or out 2017-07-08 03:38:39 -07:00
snipe 33557f3792 Nicer formatting for phpinfo output 2017-07-08 00:22:30 -07:00
snipe c2927c4a2e Added phpinfo page if debugging is enabled 2017-07-08 00:09:39 -07:00
snipe ab2b2f3043 Updated UI for Admin Settings 2017-07-07 23:44:48 -07:00
snipe 9894edb008 Added login note to settings 2017-07-07 19:54:10 -07:00
snipe c2e8803d1e Addec clone button back to models, assets, licenses, etc 2017-07-07 18:45:49 -07:00
snipe 7e1f7297b3 Settings tweaks 2017-07-07 18:06:31 -07:00
snipe 31cabaa4db Fixes #3724 - adds edit/delete button back to companies listing 2017-07-07 17:10:06 -07:00
Daniel Meltzer 61c6160b98 Importer mapping - v1 (#3677)
* Move importer to an inline-template, allows for translations and easier passing of data from laravel to vue.

* Pull the modal out into a dedicated partial, move importer to views/importer.

* Add document of CSV->importer mappings.  Reorganize some code.

Progress.

* Add header_row and first_row to imports table, and process upon uploading a file

* Use an expandable table row instead of a modal for import processing.  This should allow for field mapping interaction easier.

* Fix import processing after moving method.

* Frontend importer mapping improvements.

Invert display so we show found columns and allow users to select an
importer field to map to.  Also implement sample data based on first row
of csv.

* Update select2.  Maintain selected items properly.

* Backend support for importing.  Only works on the web importer currently.  Definitely needs testing and polish.

* We no longer use vue-modal plugin.

* Add a column to track field mappings to the imports table.

* Cleanup/rename methods+refactor

* Save field mappings and import type when attempting an import, and repopulate these values when returning to the page.

* Update debugbar to fix a bug in the debugbar code.

* Fix asset tag detection.

Also rename findMatch to be a bit clearer as to what it does.
  Remove logging to file of imports for http imports because
it eats an incredible amouint of memory.

This commit also moves imports out of the hardware namespace and into
their own webcontroller and route prefix, remove dead code from
AssetController as a result.

* Dynamically limit options for select2 based on import type selected, and group them by item type.

* Add user importer.

Still need to implement emailing of passwords to new users, and probably
test a bit more.

This also bumps the memory limit for web imports up as well, I need to
profile memory usage here before too long.

* Query the db to find user matches rather than search the array.  Performance is much much better.

* Speed/memory improvements in importers.

Move to querying the db rather than maintaining an array for all
importers.  Also only store the id of items when we import, rather than
the full model.  It saves a decent amount of memory.

* Remove grouping of items in select2

With the values being set dynamically, the grouping is redundant.  It
also caused a regression with automatically guessing/matching field
names.  This is starting to get close.

* Remove debug line on every create.

* Switch migration to be text field instead of json field for compatibility with older mysql/mariadb

* Fix asset import regression matching email address.

* Rearrange travis order in attempt to fix null settings.

* Use auth::id instead of fetching it off the user.  Fixes a null object reference during seeding.
2017-06-21 16:37:37 -07:00
snipe 25e99194ce Fixes #3681 - corrected fieldname for bulk asset delete 2017-06-20 14:41:30 -07:00
snipe 5b9bcd8fa2 Add next auto-increment to settings form 2017-06-20 12:23:16 -07:00
snipe 4bde058192 Save next_auto_tag_base in settings on edit 2017-06-20 12:19:05 -07:00
snipe 770092f23f Added save/update/delete observers
This should make it easier to handle action logging between the GUI and the API
2017-06-15 20:54:14 -07:00
Daniel Meltzer 5d4920c741 [WIP] Improvements to unit tests. (#3574)
* Improvemenets to unit tests.

* Break up modelfactory into multiple files, populate many states.
* Begin testing validation at the unit test level, test relationships.
* Add tests for Asset::availableForCheckout.
* Model factories now generate all needed relationships on demand,
  which allows us to unit test with a empty database.
* To faciliate the empty database, we move to using sqlite in memory as
  the unit testing database.

* Fix bug with logs of checkouts to non users.

* Fix location finding for assets.  Also Fix location show page to show users associated with location.  Still need some work to show assets.

* More test and generator improvements

* More unit test fixes. PermissionsTest is borked still.

* More Updates

* Rewrite permissionstest.  Check that we have access on the model level rather than via web requests.  Also test delete permissions.

* Fix seeders.

* Make the default asset model factory generate assets that are rtd for testing.

* Save progress.

* Rebase tests, fix department unit test, update database for functional tests.

* Update functional and api tests to use new modelfactory signatures.
2017-06-12 17:39:03 -07:00
Daniel Meltzer dfea47a272 Fix location view display. Migrate to api controller methods and fix missing bits to make this happen. Show manager on the location view page. 2017-06-12 18:24:20 -05:00
Daniel Meltzer f0d78091d2 Add a manager field to locations.
This is round one of the rethink of checkout-to-everything.  A location
now has a manager field, and the manager (by default) be responsible for
assets checked out to the location.
2017-06-12 18:23:50 -05:00
snipe 966a736602 Patches #3640 to develop 2017-06-12 15:31:11 -07:00
Daniel Nemanic 30a9704625 Update UsersController.php (#3640)
If a user is disabled in your Active Directory, it should be deactivated in the licensing too.

The standard state is now deactivated for synced accounts.
Maybe we can change this throw a Setting for a standard state.

The codes comes from this site:
http://www.netvision.com/ad_useraccountcontrol.php
2017-06-12 15:29:55 -07:00
snipe 14f3868b46 Update all controllers to use laravel 5 return view method 2017-06-09 16:44:03 -07:00
snipe a5cd4a0a22 Use updated view method for laravel 5 2017-06-09 16:31:25 -07:00
snipe ad816264e9 WIP import mapper #3639
@dmeltzer, I’m not sure how much extra work this will be to integrate.
2017-06-09 16:29:42 -07:00
snipe 041b794e1f Fixes #3634 - use new routes for groups 2017-06-08 20:24:26 -07:00
snipe da2d9b2374 Fixes presenter issue on user history 2017-06-08 19:09:42 -07:00
snipe 58b2834c54 Fixed case for userloc 2017-06-08 18:46:07 -07:00
snipe 2aaa635345 Fixes crash on asset detail view 2017-06-08 18:26:55 -07:00
snipe d62896f945 Fixes #3414 - bulk update for asset models 2017-06-08 17:48:48 -07:00
snipe 74aaadcdc5 Fixes #3583 - incorrect 404 status code, use curl for checking .env 2017-06-01 20:41:23 -07:00
snipe 25dca80644 Fixes #3602 - actions missing from suppliers in v4 2017-05-31 06:52:37 -07:00
snipe 7b1265cb89 Cache totals for later dashboard use 2017-05-31 02:02:55 -07:00
snipe 5499735f3a Actionlogs API transformer 2017-05-23 14:31:04 -07:00
snipe 40e11b6661 Removed old getActivityReportDataTable() method, since we’re using the API now 2017-05-23 14:30:55 -07:00
snipe b1fa25b73e Added filter to report by user_id for activity 2017-05-23 14:30:29 -07:00
snipe 452c52a3ab Changed variable name for consistency 2017-05-23 14:30:07 -07:00
snipe 52f24f7587 Reports API controller 2017-05-23 09:24:36 -07:00
snipe b223630f72 Added dept to User API transformer 2017-05-23 02:48:03 -07:00
snipe e9c39add4f Added dept helper reference in create/edit/bulk edit users 2017-05-23 02:47:49 -07:00
snipe 7ec1724308 Create, edit and destroy for depts 2017-05-23 02:47:25 -07:00
snipe 811ddd2f67 Include depts in returned list, sort by dept 2017-05-23 02:46:55 -07:00
snipe cefb20d46f Set dept manager ID for dept 2017-05-23 02:46:25 -07:00
snipe bb323db685 Load relationships in query 2017-05-23 02:46:03 -07:00
snipe eb3aa99e4f Added destroy method to dept 2017-05-23 02:45:51 -07:00
snipe 64f17cecbf Updated department transformer 2017-05-23 02:37:30 -07:00
snipe e2f2f9e154 Additional methods for Department web UI 2017-05-23 01:09:13 -07:00
snipe 8caf6623f1 Filter by dept for user display 2017-05-23 01:09:03 -07:00
snipe 6c623866c0 Additional API methods for departments 2017-05-23 01:08:55 -07:00
snipe 659e60fd12 Department controllers and transformer 2017-05-22 21:32:33 -07:00
snipe 71fd430f8e Fixes issue with older, deleted asset tags caching QR codes 2017-05-19 02:51:35 -07:00
snipe 0c43e64160 Licenses detail view 2017-05-18 22:10:45 -07:00
Jason Spriggs 0ab37af7ab Add in location parent and child information into API requests (#3582)
* Add location hierarchy to LocationsTransformer

* Add in parent_id
2017-05-16 12:30:11 -07:00
snipe 0c8308f5a4 Fixes for ordering on asset listing 2017-05-15 20:55:39 -07:00
snipe fdd88af44a Fixes #3556 2017-05-15 19:14:55 -07:00
snipe c8796cf045 Only prompt for checkin if there is an assigned user 2017-05-10 03:37:30 -07:00
snipe ee2c67a65f Added missing logging back in 2017-05-09 15:30:45 -07:00