Commit graph

33 commits

Author SHA1 Message Date
Brady Wetherington 9bb191f29f Fixes file upload XSS vulnerability [sc-24156] 2024-02-08 14:30:40 +00:00
Marcus Moore 13c37e708f
Implement tests around consumable checkout 2024-01-30 12:43:20 -08:00
snipe 81b2273c37 Refactored checkout screen to redirect if invalid category
Signed-off-by: snipe <snipe@snipe.net>
2023-11-23 16:18:28 +00:00
snipe 01fec1d6bb Redirect back to the specific consumable for correction
Signed-off-by: snipe <snipe@snipe.net>
2023-11-20 15:39:39 +00:00
snipe fe2cfa0d38 Redirect if category is missing or invalid
Signed-off-by: snipe <snipe@snipe.net>
2023-11-20 15:28:44 +00:00
snipe f685ba01b6 Reversed order of find
Signed-off-by: snipe <snipe@snipe.net>
2023-10-09 16:43:14 +01:00
snipe e5f5802235 Added tighter controls for matching log ID and item_id
Signed-off-by: snipe <snipe@snipe.net>
2023-10-09 15:17:03 +01:00
snipe f53db8ba75 Fixed #13562 - allow inline view for uploaded files
Signed-off-by: snipe <snipe@snipe.net>
2023-09-05 18:28:01 +01:00
snipe 22d73f503a
Merge pull request #12756 from dboth/develop
Fixed #8208, #8896, #8985 and #9789:  Currency issues when using non-english locales (resubmission)
2023-04-25 22:32:13 -07:00
snipe 07c0a1927b Added supplier id to controllers
Signed-off-by: snipe <snipe@snipe.net>
2023-04-13 11:12:01 -07:00
snipe 4840046f44 Check for available quantity on consumables before checkout
Signed-off-by: snipe <snipe@snipe.net>
2023-04-06 20:38:02 -07:00
Dominik Both 3271c9dc9f Fix #8208, #8896, #8985, #9789 2023-03-29 09:56:34 +02:00
snipe 3c7d63c060 Disallow uploads if app is locked
Signed-off-by: snipe <snipe@snipe.net>
2022-11-03 13:52:23 -07:00
snipe 97aeb1fcec Use the generic file uploads strings
Signed-off-by: snipe <snipe@snipe.net>
2022-11-01 19:31:23 -07:00
snipe 25f69a7bd2 Added consumable methods for uploads
Signed-off-by: snipe <snipe@snipe.net>
2022-11-01 17:52:28 -07:00
snipe 512348cc5a Added withInput()
Signed-off-by: snipe <snipe@snipe.net>
2022-08-10 15:15:09 -07:00
snipe e3293151a2 Added note on checkout
Signed-off-by: snipe <snipe@snipe.net>
2022-08-10 15:04:59 -07:00
snipe 53ff28d2b0 Handle consumables route names
Signed-off-by: snipe <snipe@snipe.net>
2022-08-01 16:07:56 -07:00
Ivan Nieto Vivanco b5378eff64 Fix several typos 2022-04-05 16:12:31 -05:00
Ivan Nieto Vivanco 570dd09dcd Add validation to Accessories and Consumables to not let the user update the number of items to less than they already have checked out 2022-03-15 17:52:19 -06:00
snipe b876d0abb0 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	.env.example
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Kernel.php
#	app/Http/Transformers/ActionlogsTransformer.php
#	app/Importer/AssetImporter.php
#	app/Models/Accessory.php
#	app/Models/Consumable.php
#	app/Presenters/AccessoryPresenter.php
#	app/Presenters/ComponentPresenter.php
#	app/Presenters/ConsumablePresenter.php
#	app/Providers/AuthServiceProvider.php
#	composer.json
#	composer.lock
#	config/app.php
#	config/cors.php
#	config/version.php
#	package-lock.json
#	public/js/build/app.js
#	public/js/build/app.js.LICENSE.txt
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/views/accessories/view.blade.php
#	resources/views/consumables/view.blade.php
#	resources/views/settings/saml.blade.php
#	routes/api.php
2022-03-03 21:59:38 -08:00
snipe 9acb5413f6 Added notes field to controllers
Signed-off-by: snipe <snipe@snipe.net>
2022-03-03 20:29:25 -08:00
snipe aa8f1378c9 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	README.md
#	app/Http/Controllers/Accessories/AccessoriesController.php
#	app/Http/Controllers/Api/AssetMaintenancesController.php
#	app/Http/Controllers/Api/AssetModelsController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Controllers/AssetMaintenancesController.php
#	app/Http/Controllers/Assets/AssetFilesController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Assets/BulkAssetsController.php
#	app/Http/Controllers/Components/ComponentsController.php
#	app/Http/Controllers/Consumables/ConsumablesController.php
#	app/Http/Controllers/Licenses/LicenseFilesController.php
#	app/Http/Controllers/Licenses/LicensesController.php
#	app/Http/Controllers/Users/UserFilesController.php
#	app/Http/Transformers/AssetsTransformer.php
#	app/Http/Transformers/LicensesTransformer.php
#	app/Importer/UserImporter.php
#	app/Models/Asset.php
#	config/app.php
#	config/version.php
#	package-lock.json
#	public/js/build/app.js
#	public/js/dist/all.js
#	public/js/dist/bootstrap-table.js
#	public/mix-manifest.json
#	resources/lang/en/admin/users/message.php
#	resources/lang/is/button.php
#	resources/lang/ja/admin/kits/general.php
#	resources/lang/ro/admin/users/general.php
#	resources/lang/zh-HK/admin/depreciations/general.php
#	resources/lang/zh-HK/admin/models/general.php
#	resources/views/hardware/qr-view.blade.php
#	resources/views/hardware/view.blade.php
#	resources/views/partials/bootstrap-table.blade.php
#	resources/views/users/view.blade.php
#	routes/web.php
#	routes/web/hardware.php
#	routes/web/models.php
#	routes/web/users.php
2021-10-20 17:26:41 -07:00
Brady Wetherington f3338667c7 Create new ParseCurrency helper and use it in the appropriate controllers 2021-09-28 18:20:39 -07:00
Laravel Shift 934afa036f Adopt Laravel coding style
Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions.

You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started.

[1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer
[2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 20:15:52 +00:00
snipe c31e150935 Use $request->input over Request::get() 2019-12-11 11:09:54 -08:00
snipe 296de34e8a
WIP: Upgrade develop to Laravel 6.6.1 (#7637)
I'm going ahead and merging this, since the upgrade doesn't break Flysystem any worse than the current develop is broken, so far as I can tell. 


* Upgraded framework to Laravel 6

### TO DO:

- Fix password restriction rules- the old library isn’t compatible with Laravel 6 :(
- Figure out why in-app API calls are returning “Unauthorized”

* More updates from Input:: to Request:: helper

* Switch to Request:: from Input

* Added passport config

* Fixed goofy password minimum in seeder

* Added laravel/helpers

* Changed ($item)  to ($item->id) in forms

I have no idea why this is necessary

* Changed ($item) to ($item->id) in forms

* Updated API middleware to auth:api

* Updated with added laravel auth.php values

* FIxed *&!^$%^&$^%!!!! ajax issue

* Switch to Request::get from Input::get

* Switched to Request facade

* Added password security minimums back in

The package we were using has not been updated to Laravel v6, so I created custom validators instead

* Added language strings for error messages for password rules

* Fixed `($item)` issue in formActions for partials
2019-12-10 19:32:50 -08:00
Martin Meredith e3e0d57f56 Minor code cleanup bits and bobs (#6805)
* Add IDE Helper files

* Cleanup imports

- Alphabetises imports
- Removes unused imports

* Add Platform requirements

* Move filling asset into block where asset exists

* Remove duplicate array keys
2019-03-13 20:12:03 -07:00
Till Deeke 007e8fbdf9 simplified checkout event handling per @uberbrady’s suggestion
This generalizes the checkout events into the CheckoutableCheckedOut and CheckoutableCheckedIn events.
2018-09-10 16:40:26 +02:00
Till Deeke e0423418d2 Moves logging checkin/checkout to separate listener 2018-08-06 14:46:10 +02:00
Till Deeke e24f292a1a Updates checkout events to not depend on log 2018-08-06 14:46:10 +02:00
Till Deeke 17fc59f989 Adds back the checkin/checkout events after #5916 2018-08-06 14:46:10 +02:00
Daniel Meltzer 64d649be7f Monster: Cleanup/Refactor http controllers. (#5916)
* Extract a handlesimages trait to centralize logic for parsing/storing images on upload in create/edit methods.

* Use same image upload/layout in accessories as consum+components.

* Monster: Cleanup/Refactor http controllers.

This cleans up docblocks, pulls most non-crudy actions into their own
controllers, and does general cleanup/logic refactoring.  There /should/
be no functional changes, but we all know how should works..

Extract checkin/checkout functions to a separate controller for accessories.

Move controllers to subdirectory.

Cleanup AssetModelsController

Extract component checkin/checkout

Assorted cleanups/doc/formatting in controllers.

Refactor LicenseController.

Refactor UsersController

Update viewassetscontroller.

* Codacy cleanups

* More codacy cleanups.  Extract a LicenseCheckout Form request as well.

* A bit more refactor/cleaning of the license checkout method.

* Review Related Cleanups

* Fix most of the item_not_found translations.  In many cases, the
string being generated did not even use the id parameter.  Where it
does, pass it as id instead of as a different value.

* Remove some old $data arrays from when we manually sent emails from
the controllers.  This has been superseeded by the notification system
(yay!)

* Bugfix: Only log the checkin of an accessory if the checkin completes sucessfully.
2018-07-24 19:35:26 -07:00