Commit graph

809 commits

Author SHA1 Message Date
Daniel Meltzer 23ca2d9a0b Minor fixes (#4091)
* Fix old urls.

Still had some /admin/ urls floating around, which was causing bad
redirects in some instances.  Should fix #4085

* The modal seems to be confusing license upload. be more explicit in the route we redirect to.

* Fix #4039.  Use proper methods for location assets.

This also fixes a bunch of n+1 issues in the transformer.  Also: curious
to know what Location::assets() does, because it doesn't do what I want
it to :)
2017-10-01 12:57:04 -07:00
Daniel Meltzer 655ca78633 Adjust the import controller to return a url to the process path to enable processing an uploaded file without refresh. (#4080) 2017-09-29 17:49:35 -07:00
snipe 9301c56a77 Fixes #4069 - include request handler 2017-09-29 16:17:35 -07:00
snipe 43ff66e4d9 More UI tweaking for meta statuses 2017-09-29 15:24:33 -07:00
snipe fe1975067a Hopefully clearer status label meta info 2017-09-29 12:03:02 -07:00
snipe efd71f8bfe For #3998 - Disable CSP if debug=true
To avoid all the nonce hell from debugbar
2017-09-29 04:53:09 -07:00
snipe 05a8ba9a8e Fix weird url if license checkout fails 2017-09-29 04:37:33 -07:00
snipe 9ce2d1f560 Merge branch 'csp-middleware' into develop 2017-09-29 04:14:33 -07:00
snipe faf3802971 Fixes #4011 - do not send email to user on license checkout 2017-09-29 02:00:49 -07:00
snipe aab409dec2 Fixes #4061 - bulk checkout error 2017-09-28 22:22:21 -07:00
snipe 4d32f2b337 Fixes #4059 - accessories view 2017-09-28 21:18:00 -07:00
snipe 0e29744ec2 Don’t try to send an email if the user doesn’t have an email address 2017-09-28 20:57:33 -07:00
snipe 51236a2ad9 Fixes #4056 - check for assets before deleting user 2017-09-28 19:57:52 -07:00
snipe 46d87849f4 Added content security middleware 2017-09-28 19:45:15 -07:00
snipe b60febeea2 Removed space in XSS header because safari was getting angry 2017-09-28 18:45:54 -07:00
snipe 9b84a0d516 *eyeroll* 2017-09-28 17:34:47 -07:00
snipe 1775995f26 Is this space necessary? Getting weird results from netsparker 2017-09-28 17:25:04 -07:00
snipe 26a7701cda Added referrer-policy header 2017-09-28 17:12:58 -07:00
snipe a34085f1d9 Added mode=block to XSSProtect header 2017-09-28 16:28:27 -07:00
Daniel Meltzer af19e5d976 Fix old route (#4053)
Looks like we missed in the v4 port.  Fixes the unrelated issue in #4052
2017-09-28 16:02:50 -07:00
snipe 3d7277398c Fixes #4057 - sig file in lightbox 2017-09-28 15:13:05 -07:00
snipe ac83dba2bb Fixes #4034 - save login note 2017-09-27 16:35:54 -07:00
snipe fc96fa756e Fix redirect default on password reset 2017-09-27 16:23:21 -07:00
snipe ea9a502152 Added empty regsitration controller
When using the default Laravel auth routes, it expects a registration controller, even though we don’t have a concept of registration. This blank controller just prevents route caching from throwing errors.
2017-09-27 16:23:01 -07:00
snipe ec8a3d2e56 Fixes #4027 - proper redirect on fieldset delete 2017-09-27 16:02:29 -07:00
snipe ecf041fa10 Fixes #4043 - standardize groups API response 2017-09-27 15:18:29 -07:00
snipe 0ab9bc1db8 Added normalization midddleware, removed 2017-09-27 15:18:05 -07:00
snipe e91a537552 Use more modern Request handler 2017-09-27 14:50:48 -07:00
snipe bd0498aa69 Fixes #4016 - signature file missing from history tab 2017-09-27 12:58:08 -07:00
snipe e27e1a78c3 Fix for case where a fieldset is assigned to a model, but no fields are assigned 2017-09-26 16:01:23 -07:00
snipe f2ee7dcabb Fixes #4001 - license checkout not working 2017-09-25 21:40:43 -07:00
snipe 26203801f6 Fixes #4009 - zip not populating on locations listing page 2017-09-25 20:45:05 -07:00
snipe c3afbc0e53 Run backups before purging and importing 2017-09-25 15:00:23 -07:00
snipe 38326314ca Merge branch 'develop' 2017-09-25 11:53:33 -07:00
snipe 865950e766 Fixes #4000 - user_id blank 2017-09-25 11:53:10 -07:00
snipe 34dfcb5add Merge branch 'develop' 2017-09-22 17:23:38 -07:00
snipe 30019a144a Disable login note editing on demo 2017-09-22 17:23:22 -07:00
snipe b29d7beb3a Merge branch 'develop'
# Conflicts:
#	.gitignore
#	Dockerfile
#	README.md
#	app/Http/Controllers/AccessoriesController.php
#	app/Http/Controllers/AssetMaintenancesController.php
#	app/Http/Controllers/AssetsController.php
#	app/Http/Controllers/ConsumablesController.php
#	app/Http/Controllers/GroupsController.php
#	app/Http/Controllers/LicensesController.php
#	app/Http/Controllers/ReportsController.php
#	app/Http/Controllers/UsersController.php
#	app/Http/routes.php
#	app/Models/Depreciation.php
#	app/Models/Location.php
#	config/version.php
#	resources/views/account/view-assets.blade.php
#	resources/views/hardware/edit.blade.php
#	resources/views/hardware/view.blade.php
#	resources/views/partials/modals.blade.php
#	resources/views/reports/custom.blade.php
#	snipeit.sh
2017-09-22 16:12:18 -07:00
Daniel Meltzer 922d6937ae Custom field import repair (#3968)
* There is no notes field on accessories.  Fixes Importer Test.

* Fix notification test.  We should see a checkout not allowed exception when trying to check out to a location if the asset requires acceptance.

* Fix Custom field import.

Add a test for custom field import, and fix a few issues related to
importing custom fields.  This will restore v3 functionality.

* Add UI support for mapping custom fields.

This still requires the field mappings to be created/assigned in
advance, but will fetch all custom field names and allow them to be
selected when setting up custom field mappings.

This commit also updates laravel-mix to v1.4.3 and other node
dependencies to fix some build issues.

* Fix some requestable asset page/assetloc issues.  I'd love to know why laravel expections relationships to be in lower case... but thats a question for another day.
2017-09-18 12:29:08 -07:00
Iman ed4ea7f1f4 No new feature,No bug fix, Only refactoring (#3949)
* No change in logic !

Just exchanging the if and else code blocks and negating condition.

* remove unneeded else{} block

* Re-indented the code
2017-09-12 12:28:42 -07:00
snipe 81e358a01d Small maintenance fixes 2017-09-08 17:49:01 -07:00
snipe 47909b93f7 Fixed deleted users/restore users view 2017-09-06 17:11:43 -07:00
Daniel Meltzer 987536930c Assorted fixes (#3923)
* Fix some n+1 problems

* Use route in notification dropdown to make sure we link to correct page

* Work on better UI support for checkout to non-user.  Fix links on index bootstrap table, work towards eliminating assignedUser

* Remove Asset::assigneduser() relationship.  Instead add a checkedOutToUser() method and/or port to using assignedTo()

* Adjust string to fit new reality

* Fix #3780.  Move the consumables getDataView method to the ApiController.  Not entirely RESTful, but it's a weird method that probably doesn't need its own controller and the functionality would be strange to stack on the userscontroller...

* Fix file uploads to assets and restore the delete route.

* Add asset maintence edit action to index.

* Suppliers asset list should link to the related asset, not to the supplier with same ID.

* Asset models page should use polymorphic formatter on assigned to to better handle assorted item types.

* Comment out more assigneduser fallacy until we figure out the query builder approach to searching for location text.
2017-09-05 17:54:58 -07:00
snipe 761371509d Use notifiables for slack audit notification 2017-08-31 21:30:38 -07:00
snipe 0054ce3071 Fixes #3907 2017-08-31 13:45:48 -07:00
Daniel Meltzer bb874012d9 Progress towards better email notifications (#3911)
Working mail from notification.  Still requires testing/cleaning

Add tests around checkout notification.

This also removes the ability to check out an asset to a location|asset
that requires acceptance/a Eula.  For 4.1 we may think about how to
support such a thing, but at present it seems to make sense to only alow
such assets to be checked out to users, who can be responsible for the
items.
2017-08-31 11:14:21 -07:00
snipe 8d2c229bc3 Move LDAP validation into form request 2017-08-31 10:44:00 -07:00
snipe 48e6208214 Fixes #3907 - do not require username on user if LDAP import 2017-08-31 10:43:36 -07:00
snipe 22233e3ba6 Bulk asset audit form (needs more testing) 2017-08-29 16:00:22 -07:00
snipe e439f15a64 Fixed some date math for auditing 2017-08-28 17:20:20 -07:00
snipe e10cdd57a5 Removed old getassetloist method 2017-08-26 15:22:04 -07:00
snipe bf157773c8 Also related to #3888 2017-08-26 15:21:38 -07:00
snipe 51d74ac06d Auduting improvements 2017-08-25 18:40:20 -07:00
snipe 16f57e16cb Fixes #1190 - added basic audit workflow 2017-08-25 10:04:19 -07:00
snipe 52270fa4db Derp 2017-08-25 08:30:48 -07:00
snipe bf3731d65c Set default min password to 10 2017-08-25 08:23:23 -07:00
snipe 4721cab928 Grr. 2017-08-25 06:08:19 -07:00
snipe 08f3e78d26 Merge branch 'checkout-to-location-v2' of https://github.com/dmeltzer/snipe-it into dmeltzer-checkout-to-location-v2
# Conflicts:
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Transformers/LocationsTransformer.php
#	resources/views/locations/view.blade.php
#	routes/api.php
#	tests/_data/dump.sql
2017-08-25 06:04:22 -07:00
snipe 10711245ba Fixes #3792 - parent/child locations in API 2017-08-25 05:32:12 -07:00
snipe d23ea70b08 Added auth check back to asset store 2017-08-25 03:26:50 -07:00
snipe 659d953f3f Fixed custom error message for status labels 2017-08-24 22:40:07 -07:00
Brady Wetherington c1dcc22217 Refactor and improve Modal support for Assets (#3884) 2017-08-24 22:24:02 -07:00
snipe 6e30fa6922 Fixes custom fields in asset listing where no custom fields were assigned 2017-08-23 03:28:13 -07:00
snipe f119c69698 Possible fix for #3852 2017-08-22 22:46:02 -07:00
snipe 57f4c986af Enforce password complexity rules on new account password change 2017-08-22 22:41:35 -07:00
snipe a0cbca85bf Fixes for API calls for password complexity stuff 2017-08-22 21:15:35 -07:00
snipe 9bda62d295 ADDED: Password rules for complexity, min length, rejecting common passwords 2017-08-22 20:32:39 -07:00
snipe 1d7e243d0a Fixes #3790 - parent display on locations index 2017-08-22 15:02:31 -07:00
snipe 63bc2ec09f Fixes #3802 - make id an (int) in API repsonse 2017-08-22 14:53:48 -07:00
snipe 31516abef9 Fixes #3858 - use transformer for single listing categories 2017-08-22 14:26:08 -07:00
snipe d2535582f3 Fixes #3853 - added notes/zip to suppliers API response 2017-08-22 14:18:21 -07:00
snipe eaaea303f4 Fixes #3860 - return JSON instead of redirect in API delete dept call 2017-08-22 14:15:13 -07:00
snipe 8c5312b931 Fixes #3866 - weird API behavior in status label types 2017-08-22 14:10:54 -07:00
snipe 6310670835 Fixes #3869 - asset maintenances API endpoints 2017-08-22 13:52:06 -07:00
snipe 148d41d8dc Removes erroneous else 2017-08-22 12:22:32 -07:00
snipe 71c1c74164 Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00
snipe 4576cb6f56 Merge branch 'develop' of github.com:snipe/snipe-it into develop 2017-08-10 14:38:08 -07:00
snipe 56f88d2c22 Fixes #3836 - Adds supplier to licenses column 2017-08-10 14:38:04 -07:00
gibsonjoshua55 c1d1cb8122 Address #3840 and fixes group transformation in UsersTransformer (#3841)
Removes the incorrect variable access in UsersTransformer of a users's
groups and adds an array of groups' ids and names to the return array.
2017-08-10 13:37:54 -07:00
snipe de18e2a887 Only bcrypt passwords on user save if the password value is passed 2017-08-08 14:41:58 -07:00
snipe 7da4fe4524 Fixes #3825 - allows fillables through location API 2017-08-08 12:36:28 -07:00
snipe 9bfd345774 Use Company transformer with payload 2017-08-03 19:55:08 -07:00
snipe df87c82ddc Fixes #3805 - add/update/delete methods for User API 2017-08-03 19:50:18 -07:00
snipe 3e8b7d9c94 Check for overall asset delete permissions before checking to see if the user can delete that specific asset 2017-08-03 19:49:41 -07:00
Jason Spriggs 7c4ee54f8b Fix #3803 - Return asset object instead of just id (#3811) 2017-08-01 20:01:11 -07:00
snipe 03f9d01aab Fixes #3775 - added missing created_at and updated_at fields 2017-07-29 17:01:03 -07:00
snipe a2d63dd3e4 Fixes #3776 - adds Company to Dept UI 2017-07-29 16:42:17 -07:00
snipe 0408509fdc Fixes #3777 - correct response for two_factor_actived for user API 2017-07-29 16:25:42 -07:00
snipe 5e47c18d68 Fixes #3786 - checkin/checkout to components UI 2017-07-29 16:13:17 -07:00
snipe 4e5cf531f7 Fixes #3799 - use transformers on show() method as well 2017-07-29 15:46:10 -07:00
snipe cb903ab9fd Fixes manager user->name to username in Users API 2017-07-26 08:51:16 -07:00
snipe 66d8308163 More compact payload for users API on location and manager 2017-07-26 08:47:54 -07:00
snipe 847262e989 Fixes #3774 - fixes for inconsistent API responses (‘’ vs null) and adds escaping 2017-07-25 23:40:30 -07:00
snipe 59006964d1 Fixes #3771 - adds username to API response on Asset API 2017-07-25 22:11:50 -07:00
snipe ac29b142dc Adds max thumbnail width to asset listings, settings 2017-07-25 19:36:38 -07:00
snipe 0fbf9236f4 Fixes #3742 - add employee number to asset listing
Also removes asset report, since it’s basically the exact same output as the asset listing
2017-07-25 01:17:23 -07:00
snipe 7510f9f128 Fixes #3753 - use route direction instead of URL 2017-07-17 16:42:39 -07:00
snipe 3eea1a23f8 Slug the filename
So upoloads with weird characters like parens don’t get hoarked when trying to delete
2017-07-14 02:38:13 -07:00
snipe 1fda4593c1 Update @gibsonjoshua55 as a contributor 2017-07-12 20:41:20 -07:00
snipe ad12a5ce11 Added store/update methods to custom fields API 2017-07-12 19:34:34 -07:00