snipe
9ce2d1f560
Merge branch 'csp-middleware' into develop
2017-09-29 04:14:33 -07:00
snipe
faf3802971
Fixes #4011 - do not send email to user on license checkout
2017-09-29 02:00:49 -07:00
snipe
aab409dec2
Fixes #4061 - bulk checkout error
2017-09-28 22:22:21 -07:00
snipe
4d32f2b337
Fixes #4059 - accessories view
2017-09-28 21:18:00 -07:00
snipe
0e29744ec2
Don’t try to send an email if the user doesn’t have an email address
2017-09-28 20:57:33 -07:00
snipe
51236a2ad9
Fixes #4056 - check for assets before deleting user
2017-09-28 19:57:52 -07:00
snipe
46d87849f4
Added content security middleware
2017-09-28 19:45:15 -07:00
snipe
b60febeea2
Removed space in XSS header because safari was getting angry
2017-09-28 18:45:54 -07:00
snipe
9b84a0d516
*eyeroll*
2017-09-28 17:34:47 -07:00
snipe
1775995f26
Is this space necessary? Getting weird results from netsparker
2017-09-28 17:25:04 -07:00
snipe
26a7701cda
Added referrer-policy header
2017-09-28 17:12:58 -07:00
snipe
a34085f1d9
Added mode=block to XSSProtect header
2017-09-28 16:28:27 -07:00
Daniel Meltzer
af19e5d976
Fix old route ( #4053 )
...
Looks like we missed in the v4 port. Fixes the unrelated issue in #4052
2017-09-28 16:02:50 -07:00
snipe
3d7277398c
Fixes #4057 - sig file in lightbox
2017-09-28 15:13:05 -07:00
snipe
ac83dba2bb
Fixes #4034 - save login note
2017-09-27 16:35:54 -07:00
snipe
fc96fa756e
Fix redirect default on password reset
2017-09-27 16:23:21 -07:00
snipe
ea9a502152
Added empty regsitration controller
...
When using the default Laravel auth routes, it expects a registration controller, even though we don’t have a concept of registration. This blank controller just prevents route caching from throwing errors.
2017-09-27 16:23:01 -07:00
snipe
ec8a3d2e56
Fixes #4027 - proper redirect on fieldset delete
2017-09-27 16:02:29 -07:00
snipe
ecf041fa10
Fixes #4043 - standardize groups API response
2017-09-27 15:18:29 -07:00
snipe
0ab9bc1db8
Added normalization midddleware, removed
2017-09-27 15:18:05 -07:00
snipe
e91a537552
Use more modern Request handler
2017-09-27 14:50:48 -07:00
snipe
bd0498aa69
Fixes #4016 - signature file missing from history tab
2017-09-27 12:58:08 -07:00
snipe
e27e1a78c3
Fix for case where a fieldset is assigned to a model, but no fields are assigned
2017-09-26 16:01:23 -07:00
snipe
f2ee7dcabb
Fixes #4001 - license checkout not working
2017-09-25 21:40:43 -07:00
snipe
26203801f6
Fixes #4009 - zip not populating on locations listing page
2017-09-25 20:45:05 -07:00
snipe
c3afbc0e53
Run backups before purging and importing
2017-09-25 15:00:23 -07:00
snipe
38326314ca
Merge branch 'develop'
2017-09-25 11:53:33 -07:00
snipe
865950e766
Fixes #4000 - user_id blank
2017-09-25 11:53:10 -07:00
snipe
34dfcb5add
Merge branch 'develop'
2017-09-22 17:23:38 -07:00
snipe
30019a144a
Disable login note editing on demo
2017-09-22 17:23:22 -07:00
snipe
b29d7beb3a
Merge branch 'develop'
...
# Conflicts:
# .gitignore
# Dockerfile
# README.md
# app/Http/Controllers/AccessoriesController.php
# app/Http/Controllers/AssetMaintenancesController.php
# app/Http/Controllers/AssetsController.php
# app/Http/Controllers/ConsumablesController.php
# app/Http/Controllers/GroupsController.php
# app/Http/Controllers/LicensesController.php
# app/Http/Controllers/ReportsController.php
# app/Http/Controllers/UsersController.php
# app/Http/routes.php
# app/Models/Depreciation.php
# app/Models/Location.php
# config/version.php
# resources/views/account/view-assets.blade.php
# resources/views/hardware/edit.blade.php
# resources/views/hardware/view.blade.php
# resources/views/partials/modals.blade.php
# resources/views/reports/custom.blade.php
# snipeit.sh
2017-09-22 16:12:18 -07:00
Daniel Meltzer
922d6937ae
Custom field import repair ( #3968 )
...
* There is no notes field on accessories. Fixes Importer Test.
* Fix notification test. We should see a checkout not allowed exception when trying to check out to a location if the asset requires acceptance.
* Fix Custom field import.
Add a test for custom field import, and fix a few issues related to
importing custom fields. This will restore v3 functionality.
* Add UI support for mapping custom fields.
This still requires the field mappings to be created/assigned in
advance, but will fetch all custom field names and allow them to be
selected when setting up custom field mappings.
This commit also updates laravel-mix to v1.4.3 and other node
dependencies to fix some build issues.
* Fix some requestable asset page/assetloc issues. I'd love to know why laravel expections relationships to be in lower case... but thats a question for another day.
2017-09-18 12:29:08 -07:00
Iman
ed4ea7f1f4
No new feature,No bug fix, Only refactoring ( #3949 )
...
* No change in logic !
Just exchanging the if and else code blocks and negating condition.
* remove unneeded else{} block
* Re-indented the code
2017-09-12 12:28:42 -07:00
snipe
81e358a01d
Small maintenance fixes
2017-09-08 17:49:01 -07:00
snipe
47909b93f7
Fixed deleted users/restore users view
2017-09-06 17:11:43 -07:00
Daniel Meltzer
987536930c
Assorted fixes ( #3923 )
...
* Fix some n+1 problems
* Use route in notification dropdown to make sure we link to correct page
* Work on better UI support for checkout to non-user. Fix links on index bootstrap table, work towards eliminating assignedUser
* Remove Asset::assigneduser() relationship. Instead add a checkedOutToUser() method and/or port to using assignedTo()
* Adjust string to fit new reality
* Fix #3780 . Move the consumables getDataView method to the ApiController. Not entirely RESTful, but it's a weird method that probably doesn't need its own controller and the functionality would be strange to stack on the userscontroller...
* Fix file uploads to assets and restore the delete route.
* Add asset maintence edit action to index.
* Suppliers asset list should link to the related asset, not to the supplier with same ID.
* Asset models page should use polymorphic formatter on assigned to to better handle assorted item types.
* Comment out more assigneduser fallacy until we figure out the query builder approach to searching for location text.
2017-09-05 17:54:58 -07:00
snipe
761371509d
Use notifiables for slack audit notification
2017-08-31 21:30:38 -07:00
snipe
0054ce3071
Fixes #3907
2017-08-31 13:45:48 -07:00
Daniel Meltzer
bb874012d9
Progress towards better email notifications ( #3911 )
...
Working mail from notification. Still requires testing/cleaning
Add tests around checkout notification.
This also removes the ability to check out an asset to a location|asset
that requires acceptance/a Eula. For 4.1 we may think about how to
support such a thing, but at present it seems to make sense to only alow
such assets to be checked out to users, who can be responsible for the
items.
2017-08-31 11:14:21 -07:00
snipe
8d2c229bc3
Move LDAP validation into form request
2017-08-31 10:44:00 -07:00
snipe
48e6208214
Fixes #3907 - do not require username on user if LDAP import
2017-08-31 10:43:36 -07:00
snipe
22233e3ba6
Bulk asset audit form (needs more testing)
2017-08-29 16:00:22 -07:00
snipe
e439f15a64
Fixed some date math for auditing
2017-08-28 17:20:20 -07:00
snipe
e10cdd57a5
Removed old getassetloist method
2017-08-26 15:22:04 -07:00
snipe
bf157773c8
Also related to #3888
2017-08-26 15:21:38 -07:00
snipe
51d74ac06d
Auduting improvements
2017-08-25 18:40:20 -07:00
snipe
16f57e16cb
Fixes #1190 - added basic audit workflow
2017-08-25 10:04:19 -07:00
snipe
52270fa4db
Derp
2017-08-25 08:30:48 -07:00
snipe
bf3731d65c
Set default min password to 10
2017-08-25 08:23:23 -07:00
snipe
4721cab928
Grr.
2017-08-25 06:08:19 -07:00
snipe
08f3e78d26
Merge branch 'checkout-to-location-v2' of https://github.com/dmeltzer/snipe-it into dmeltzer-checkout-to-location-v2
...
# Conflicts:
# app/Http/Controllers/Api/UsersController.php
# app/Http/Transformers/LocationsTransformer.php
# resources/views/locations/view.blade.php
# routes/api.php
# tests/_data/dump.sql
2017-08-25 06:04:22 -07:00
snipe
10711245ba
Fixes #3792 - parent/child locations in API
2017-08-25 05:32:12 -07:00
snipe
d23ea70b08
Added auth check back to asset store
2017-08-25 03:26:50 -07:00
snipe
659d953f3f
Fixed custom error message for status labels
2017-08-24 22:40:07 -07:00
Brady Wetherington
c1dcc22217
Refactor and improve Modal support for Assets ( #3884 )
2017-08-24 22:24:02 -07:00
snipe
6e30fa6922
Fixes custom fields in asset listing where no custom fields were assigned
2017-08-23 03:28:13 -07:00
snipe
f119c69698
Possible fix for #3852
2017-08-22 22:46:02 -07:00
snipe
57f4c986af
Enforce password complexity rules on new account password change
2017-08-22 22:41:35 -07:00
snipe
a0cbca85bf
Fixes for API calls for password complexity stuff
2017-08-22 21:15:35 -07:00
snipe
9bda62d295
ADDED: Password rules for complexity, min length, rejecting common passwords
2017-08-22 20:32:39 -07:00
snipe
1d7e243d0a
Fixes #3790 - parent display on locations index
2017-08-22 15:02:31 -07:00
snipe
63bc2ec09f
Fixes #3802 - make id an (int) in API repsonse
2017-08-22 14:53:48 -07:00
snipe
31516abef9
Fixes #3858 - use transformer for single listing categories
2017-08-22 14:26:08 -07:00
snipe
d2535582f3
Fixes #3853 - added notes/zip to suppliers API response
2017-08-22 14:18:21 -07:00
snipe
eaaea303f4
Fixes #3860 - return JSON instead of redirect in API delete dept call
2017-08-22 14:15:13 -07:00
snipe
8c5312b931
Fixes #3866 - weird API behavior in status label types
2017-08-22 14:10:54 -07:00
snipe
6310670835
Fixes #3869 - asset maintenances API endpoints
2017-08-22 13:52:06 -07:00
snipe
148d41d8dc
Removes erroneous else
2017-08-22 12:22:32 -07:00
snipe
71c1c74164
Fixes #3085 - adds “change password” functionality back to user accounts
2017-08-22 12:09:04 -07:00
snipe
4576cb6f56
Merge branch 'develop' of github.com:snipe/snipe-it into develop
2017-08-10 14:38:08 -07:00
snipe
56f88d2c22
Fixes #3836 - Adds supplier to licenses column
2017-08-10 14:38:04 -07:00
gibsonjoshua55
c1d1cb8122
Address #3840 and fixes group transformation in UsersTransformer ( #3841 )
...
Removes the incorrect variable access in UsersTransformer of a users's
groups and adds an array of groups' ids and names to the return array.
2017-08-10 13:37:54 -07:00
snipe
de18e2a887
Only bcrypt passwords on user save if the password value is passed
2017-08-08 14:41:58 -07:00
snipe
7da4fe4524
Fixes #3825 - allows fillables through location API
2017-08-08 12:36:28 -07:00
snipe
9bfd345774
Use Company transformer with payload
2017-08-03 19:55:08 -07:00
snipe
df87c82ddc
Fixes #3805 - add/update/delete methods for User API
2017-08-03 19:50:18 -07:00
snipe
3e8b7d9c94
Check for overall asset delete permissions before checking to see if the user can delete that specific asset
2017-08-03 19:49:41 -07:00
Jason Spriggs
7c4ee54f8b
Fix #3803 - Return asset object instead of just id ( #3811 )
2017-08-01 20:01:11 -07:00
snipe
03f9d01aab
Fixes #3775 - added missing created_at and updated_at fields
2017-07-29 17:01:03 -07:00
snipe
a2d63dd3e4
Fixes #3776 - adds Company to Dept UI
2017-07-29 16:42:17 -07:00
snipe
0408509fdc
Fixes #3777 - correct response for two_factor_actived for user API
2017-07-29 16:25:42 -07:00
snipe
5e47c18d68
Fixes #3786 - checkin/checkout to components UI
2017-07-29 16:13:17 -07:00
snipe
4e5cf531f7
Fixes #3799 - use transformers on show() method as well
2017-07-29 15:46:10 -07:00
snipe
cb903ab9fd
Fixes manager user->name to username in Users API
2017-07-26 08:51:16 -07:00
snipe
66d8308163
More compact payload for users API on location and manager
2017-07-26 08:47:54 -07:00
snipe
847262e989
Fixes #3774 - fixes for inconsistent API responses (‘’ vs null) and adds escaping
2017-07-25 23:40:30 -07:00
snipe
59006964d1
Fixes #3771 - adds username to API response on Asset API
2017-07-25 22:11:50 -07:00
snipe
ac29b142dc
Adds max thumbnail width to asset listings, settings
2017-07-25 19:36:38 -07:00
snipe
0fbf9236f4
Fixes #3742 - add employee number to asset listing
...
Also removes asset report, since it’s basically the exact same output as the asset listing
2017-07-25 01:17:23 -07:00
snipe
7510f9f128
Fixes #3753 - use route direction instead of URL
2017-07-17 16:42:39 -07:00
snipe
3eea1a23f8
Slug the filename
...
So upoloads with weird characters like parens don’t get hoarked when trying to delete
2017-07-14 02:38:13 -07:00
snipe
1fda4593c1
Update @gibsonjoshua55 as a contributor
2017-07-12 20:41:20 -07:00
snipe
ad12a5ce11
Added store/update methods to custom fields API
2017-07-12 19:34:34 -07:00
snipe
5abe72ce02
Added whether the field is required to the custom fieldsets transformer
2017-07-12 19:23:54 -07:00
snipe
3e3276334b
Added escaping to API output
2017-07-12 19:23:15 -07:00
snipe
b13e04095e
Removed commented code
2017-07-12 19:22:58 -07:00
gibsonjoshua55
3cfcc43efa
Adds basic GET api support for CustomFieldsets ( #3697 )
...
* Adds basic GET api support for CustomFieldsets
Currently there is not support for getting what fields a given fieldset contains
from the API. This commit creates a new API Controller for CustomFieldsets as
well as Transformers for CustomFields CustomFieldsets. Additionally, the api
route has been updated so that a show method can be access from
http://myapp/api/v1/fieldsets/{id}
* CustomFieldsetsTransformer only returns id and name of model
* Added index api method for CustomFieldsets
* Removes copy/paste error in CustomFieldsetController (including search)
* Added id to CustomFieldsetsTransformers
* Adds custom_fieldset_id as a field when storing and updating AssetModels
* Removed uncessesary parameter from CustomFieldsetsController.index
* Cleaned up CustomFieldset API
2017-07-12 17:51:22 -07:00
snipe
9bcfe0748b
Make custom fields into their own JSON array
2017-07-08 18:44:28 -07:00
snipe
635299cd74
Decrypt encrypted fields
2017-07-08 17:04:40 -07:00
snipe
20376daec4
Fix encryption on first save
2017-07-08 17:04:24 -07:00