Commit graph

142 commits

Author SHA1 Message Date
snipe a5daee811b Split out custom_css from custom_header color 2018-07-25 19:00:03 -07:00
Till Deeke 27699aa99c Adds permission checks for custom fields and custom fieldsets (#5645) (#5795)
* adds permission checks to custom fields

* adds permission checks to custom fieldsets

* adds separate permissions for custom fieldsets

* check for permissions in views

* Removes custom fieldsets from permissions config

* Proxy the authorization for custom fieldsets down to custom fields.

This allows us to use the existing permissions in use and have more semantically correct authorization checks for custom fieldsets.

* simplifies the authorization check for the custom fields overview

* removes special handling of custom fieldsets in base policy

I just realised that this code duplicates the logic from the custom fieldset policy.
Since we are checking for the authorization of custom fields anyway, we can just use the columnName for the fields.

* cleanup of unused imports
2018-07-12 18:28:20 -07:00
Arunas Skirius b30aac536a fixed the alignment of a couple navbar icons (#5764) 2018-07-02 18:10:25 -07:00
Djamon Staal 32e3f748d8 Make version footer configurable. (#5730) 2018-06-21 07:12:16 -07:00
snipe 04709dc1df Fixed #5477 - added GDPR privacy policy link in email and webpage 2018-05-08 00:50:13 -07:00
snipe 8a6713d5c0
WIP - Improved requested assets (#5289)
* WIP - beginning of improved requested assets

- Use Ajax tables for faster loading
- Use new notifications for requesting an asset

TODO:
- Use ajax tables for requestable asset models
- Use new notifications for canceling an asset request
- Expire requests once the asset has been checked out to the requesting user

* Only show asset name in email if it has one

* Refactor requested method to only include non-canceled requests

* Refactored requestable assets to log request and cancelation

* Added softdeletes on checkout requests

* Differentiate between canceling and deleting requests

* Added asset request cancelation notification

* Added timestamps and corrected unique key on requests table

* Improved requests view

* Re-use blade for cancel/request email

* Refactored BS table formatter for requested assets

* Location name min reduced to 2

* Added PAT test as maintenance option

This needs to be refactored into database-driven options with a UI

* Better slack message

* Added getImageUrl method for assets

* Include qty in request notifications

TODO:
- Try to pull requested info from original request for cancelation, otherwise it will default to 1

* Removed old asset request/cancel emails

* Added user profile asset request routes

* Added profile controller requested assets method

* Added blade link to requested assets for profile view

* Sort user history desc

* Added requested assets blade

* Added canceled at to checkoutRequest method

* Include qty in request

* Fixed comment, removed allowed_columns

* Removed Queable methods, since we don’t use a queue

* Fixed return type in method doc

* Fixed version number

* Changed id to user_id for clarity
2018-04-04 17:33:02 -07:00
snipe c4db8d37c2 Fixed #5168 - users without superadmin could not see custom fields UI even if granted 2018-03-07 13:37:37 -08:00
snipe 31790e0bb7 Tweaks to theme settings 2018-03-02 18:01:36 -08:00
snipe f171357e36 Removed unused skin files, added skin setting option 2018-03-02 17:50:40 -08:00
snipe 1c28f893e7 Fixed #5027 - remove link to non-existant reports page 2018-02-20 14:44:29 -08:00
snipe d8fc50c351 Fixed #5033 - use PHP’s max filesize for image uploads 2018-02-16 21:17:41 -08:00
snipe 765295136a Added - ability to add custom footer text, hide user’s manual/support links 2018-01-24 07:02:30 -08:00
snipe 24b356dba4 Fixed typos in default blade that cause components to not show up for non-superadmins 2018-01-17 06:27:23 -08:00
snipe 4ce91a4f5d Fixed namespace gate for components - related to #4282 2017-12-12 06:26:37 -08:00
snipe 71b9a15c9c Moved User menu down 2017-12-01 17:50:01 -08:00
snipe f4aa812d96 Changed twitter handle to @snipeitapp 2017-11-21 19:02:15 -08:00
snipe edcd3afc3e Fixes #4457 - use un-escaped CSS for custom CSS styles
We are already escaping the CSS in the show_custom_css() method
2017-11-15 14:27:21 -08:00
madd15 59c9c22a59 Small UI Changes (#4404)
* Small ui change to settings nav

* Remove min-height

Removed min-height from Assets by Status

* Add min-height to box-body
2017-11-08 13:12:03 -08:00
snipe 35ee52212f Added ability to disable the alert icon in the top menu 2017-11-08 03:08:17 -08:00
snipe 0589652edb Fixed #4392 - select2 + fastclick incompatibility
This is a workaround fix - should upgrade both to latest after testing extensively
2017-11-06 17:17:48 -08:00
snipe 15d4344efb Comments in the JS 2017-11-04 00:15:23 -07:00
snipe 27875c2dac Improved to use trans() facade instead of lang 2017-11-02 10:27:53 -07:00
snipe a9e5ad0df1 Added link to requested assets in sidenav 2017-11-02 03:12:12 -07:00
Daniel Meltzer 3cea12565b Add missing policies (#4330)
* Add Authorizable trait and interface to our user model so we have access to User::can/User::cant.  We should take a look at where else our user model has diverged from Larvel since it was created...

* Policy cleanup/fixes.

This commit adds policies for the missing backend/"settings" areas.  The
permissions were implemented a while back but the policies did not, so
authorizing actions was failing.

In addition, this condenses a lot of code in the policies into base
classes.  Most of the files were identical except for table names, so we
move all of the checks into a base class and override the table name in
each policy.

* Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
snipe 82690e1fd7 Integrate ajax select2 menus in all asset checkouts 2017-10-26 02:28:17 -07:00
snipe d4bb4d2edd Added state-save for open/cloed sidenav 2017-10-25 20:10:41 -07:00
snipe 687cf44d3d Use inline style for logo 2017-10-25 16:15:50 -07:00
snipe 17d58d9cc5 Added snazzy rich user selection menu
TODO:
- Abstract this out so it can be used by other select2 menus
- Write a select2 transformer to standardize output
2017-10-24 19:24:35 -07:00
snipe 4628c15813 Fixed typo in comments 2017-10-24 16:57:04 -07:00
Nicolai Essig abcce78944 use translation for "All" in sidebar menu (#4268) 2017-10-20 00:20:33 -07:00
Robin Temme 068308ef56 Change changepassword menu icon to fixed width (#4262) 2017-10-19 06:04:02 -07:00
madd15 e2bac62e36 Fix #4205 (#4213)
* Fixing various UI items

* Revert css change

* Dashboard icon CSS up 4px
2017-10-14 00:14:22 -07:00
snipe 3f44987799 Small logo size tweaks 2017-10-03 14:15:03 -07:00
snipe aab635154a Default to turning CSP off until we can fix vue/CSP issues 2017-10-02 13:29:14 -07:00
Daniel Meltzer c2616412c0 Add laravel routes to javascript (#4092)
* Add laravel routes to javascript

This will clean up a lot of passing of urls.  Adds a route() helper and
everything...

This commit also moves the customfield fetching to only be fetched once
and shared with each file, rather than once for each file.

* Try to fix travis unit test things.

* Downgrade doctrine/inflector for php5

* Attempt to occasional seeder issues on travis if the asset does not generate validatable data.

* Update sql dump for functional tests.

* Try to fix api tests.
2017-10-01 12:59:55 -07:00
snipe 2ea91266c0 Init lightbox 2017-09-29 14:26:00 -07:00
snipe 5223ec1dbb Clearer status listing in the sidenav 2017-09-29 12:13:15 -07:00
snipe b8ed6a53b6 For #3998 - Added nonce to all.js 2017-09-29 04:53:24 -07:00
snipe 46d87849f4 Added content security middleware 2017-09-28 19:45:15 -07:00
snipe 507f1f196c Added integrity hashes 2017-09-28 18:46:16 -07:00
snipe 7fded367c4 Adds rel="noopener" to footer links 2017-09-28 16:03:36 -07:00
snipe 6ee939d29b Allegedly fixes #3995 - subdirectory issues with JS/CSS 2017-09-25 15:39:18 -07:00
Daniel Meltzer 987536930c Assorted fixes (#3923)
* Fix some n+1 problems

* Use route in notification dropdown to make sure we link to correct page

* Work on better UI support for checkout to non-user.  Fix links on index bootstrap table, work towards eliminating assignedUser

* Remove Asset::assigneduser() relationship.  Instead add a checkedOutToUser() method and/or port to using assignedTo()

* Adjust string to fit new reality

* Fix #3780.  Move the consumables getDataView method to the ApiController.  Not entirely RESTful, but it's a weird method that probably doesn't need its own controller and the functionality would be strange to stack on the userscontroller...

* Fix file uploads to assets and restore the delete route.

* Add asset maintence edit action to index.

* Suppliers asset list should link to the related asset, not to the supplier with same ID.

* Asset models page should use polymorphic formatter on assigned to to better handle assorted item types.

* Comment out more assigneduser fallacy until we figure out the query builder approach to searching for location text.
2017-09-05 17:54:58 -07:00
snipe 22233e3ba6 Bulk asset audit form (needs more testing) 2017-08-29 16:00:22 -07:00
snipe 42175782a5 Only pull logo if there is a value 2017-08-26 17:43:00 -07:00
snipe af6f208c43 Reordered settings nav 2017-08-25 10:03:05 -07:00
snipe 71c1c74164 Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00
snipe 0fbf9236f4 Fixes #3742 - add employee number to asset listing
Also removes asset report, since it’s basically the exact same output as the asset listing
2017-07-25 01:17:23 -07:00
snipe ae0b639d0c Added link to AGPL 2017-07-25 00:24:22 -07:00
snipe 346156bae1 Added colored icons to indicate status types versus status labels 2017-07-17 16:19:52 -07:00