Commit graph

192 commits

Author SHA1 Message Date
Daniel Meltzer 3cea12565b Add missing policies (#4330)
* Add Authorizable trait and interface to our user model so we have access to User::can/User::cant.  We should take a look at where else our user model has diverged from Larvel since it was created...

* Policy cleanup/fixes.

This commit adds policies for the missing backend/"settings" areas.  The
permissions were implemented a while back but the policies did not, so
authorizing actions was failing.

In addition, this condenses a lot of code in the policies into base
classes.  Most of the files were identical except for table names, so we
move all of the checks into a base class and override the table name in
each policy.

* Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
snipe 82690e1fd7 Integrate ajax select2 menus in all asset checkouts 2017-10-26 02:28:17 -07:00
snipe d4bb4d2edd Added state-save for open/cloed sidenav 2017-10-25 20:10:41 -07:00
snipe 687cf44d3d Use inline style for logo 2017-10-25 16:15:50 -07:00
snipe 17d58d9cc5 Added snazzy rich user selection menu
TODO:
- Abstract this out so it can be used by other select2 menus
- Write a select2 transformer to standardize output
2017-10-24 19:24:35 -07:00
snipe 4628c15813 Fixed typo in comments 2017-10-24 16:57:04 -07:00
Nicolai Essig abcce78944 use translation for "All" in sidebar menu (#4268) 2017-10-20 00:20:33 -07:00
Robin Temme 068308ef56 Change changepassword menu icon to fixed width (#4262) 2017-10-19 06:04:02 -07:00
Nicolai Essig 1e65c7bf9a load custom css also on login page (#4260) 2017-10-19 06:01:41 -07:00
madd15 e2bac62e36 Fix #4205 (#4213)
* Fixing various UI items

* Revert css change

* Dashboard icon CSS up 4px
2017-10-14 00:14:22 -07:00
snipe 3f44987799 Small logo size tweaks 2017-10-03 14:15:03 -07:00
snipe b4fec068d0 Use asset url for favicon on login blade 2017-10-03 13:44:50 -07:00
snipe aab635154a Default to turning CSP off until we can fix vue/CSP issues 2017-10-02 13:29:14 -07:00
Daniel Meltzer c2616412c0 Add laravel routes to javascript (#4092)
* Add laravel routes to javascript

This will clean up a lot of passing of urls.  Adds a route() helper and
everything...

This commit also moves the customfield fetching to only be fetched once
and shared with each file, rather than once for each file.

* Try to fix travis unit test things.

* Downgrade doctrine/inflector for php5

* Attempt to occasional seeder issues on travis if the asset does not generate validatable data.

* Update sql dump for functional tests.

* Try to fix api tests.
2017-10-01 12:59:55 -07:00
snipe 2ea91266c0 Init lightbox 2017-09-29 14:26:00 -07:00
snipe 5223ec1dbb Clearer status listing in the sidenav 2017-09-29 12:13:15 -07:00
snipe b9e79c27a8 Added nonce to basic blade 2017-09-29 05:49:26 -07:00
snipe b8ed6a53b6 For #3998 - Added nonce to all.js 2017-09-29 04:53:24 -07:00
snipe 46d87849f4 Added content security middleware 2017-09-28 19:45:15 -07:00
snipe 507f1f196c Added integrity hashes 2017-09-28 18:46:16 -07:00
snipe 7fded367c4 Adds rel="noopener" to footer links 2017-09-28 16:03:36 -07:00
snipe 0a0661bf41 Additional fixes for #3995 in atypical blades 2017-09-25 15:41:02 -07:00
snipe 6ee939d29b Allegedly fixes #3995 - subdirectory issues with JS/CSS 2017-09-25 15:39:18 -07:00
snipe e7d72beb88 Also check for $snipeSettings in the first place
Since the preflight also uses this basic blade
2017-09-12 13:08:43 -07:00
snipe 01e3f4a4db Use site name if provided in the settings table for basic template 2017-09-12 13:01:51 -07:00
Daniel Meltzer 987536930c Assorted fixes (#3923)
* Fix some n+1 problems

* Use route in notification dropdown to make sure we link to correct page

* Work on better UI support for checkout to non-user.  Fix links on index bootstrap table, work towards eliminating assignedUser

* Remove Asset::assigneduser() relationship.  Instead add a checkedOutToUser() method and/or port to using assignedTo()

* Adjust string to fit new reality

* Fix #3780.  Move the consumables getDataView method to the ApiController.  Not entirely RESTful, but it's a weird method that probably doesn't need its own controller and the functionality would be strange to stack on the userscontroller...

* Fix file uploads to assets and restore the delete route.

* Add asset maintence edit action to index.

* Suppliers asset list should link to the related asset, not to the supplier with same ID.

* Asset models page should use polymorphic formatter on assigned to to better handle assorted item types.

* Comment out more assigneduser fallacy until we figure out the query builder approach to searching for location text.
2017-09-05 17:54:58 -07:00
snipe 22233e3ba6 Bulk asset audit form (needs more testing) 2017-08-29 16:00:22 -07:00
snipe 42175782a5 Only pull logo if there is a value 2017-08-26 17:43:00 -07:00
snipe af6f208c43 Reordered settings nav 2017-08-25 10:03:05 -07:00
snipe 71c1c74164 Fixes #3085 - adds “change password” functionality back to user accounts 2017-08-22 12:09:04 -07:00
snipe 0fbf9236f4 Fixes #3742 - add employee number to asset listing
Also removes asset report, since it’s basically the exact same output as the asset listing
2017-07-25 01:17:23 -07:00
snipe ae0b639d0c Added link to AGPL 2017-07-25 00:24:22 -07:00
snipe 346156bae1 Added colored icons to indicate status types versus status labels 2017-07-17 16:19:52 -07:00
snipe e79260a0d4 Fixes #3732 - broken tooltips and weird select2 option text behavior
The solve here was a few things - first, load jquery-ui before bootstrap. They have conflicting tooltips. Second, initiate the tooltips in the wenzhixin/bootstrap-table formatter using `data-tooltip=“true”`, and thirdly, add some JS that tells BS table to inititalize tooltips within the table using that `data-tooltip=“true”` business
2017-07-08 13:21:13 -07:00
snipe 44569558e9 Remove admin label 2017-07-08 01:41:07 -07:00
snipe ab2b2f3043 Updated UI for Admin Settings 2017-07-07 23:44:48 -07:00
Daniel Meltzer 61c6160b98 Importer mapping - v1 (#3677)
* Move importer to an inline-template, allows for translations and easier passing of data from laravel to vue.

* Pull the modal out into a dedicated partial, move importer to views/importer.

* Add document of CSV->importer mappings.  Reorganize some code.

Progress.

* Add header_row and first_row to imports table, and process upon uploading a file

* Use an expandable table row instead of a modal for import processing.  This should allow for field mapping interaction easier.

* Fix import processing after moving method.

* Frontend importer mapping improvements.

Invert display so we show found columns and allow users to select an
importer field to map to.  Also implement sample data based on first row
of csv.

* Update select2.  Maintain selected items properly.

* Backend support for importing.  Only works on the web importer currently.  Definitely needs testing and polish.

* We no longer use vue-modal plugin.

* Add a column to track field mappings to the imports table.

* Cleanup/rename methods+refactor

* Save field mappings and import type when attempting an import, and repopulate these values when returning to the page.

* Update debugbar to fix a bug in the debugbar code.

* Fix asset tag detection.

Also rename findMatch to be a bit clearer as to what it does.
  Remove logging to file of imports for http imports because
it eats an incredible amouint of memory.

This commit also moves imports out of the hardware namespace and into
their own webcontroller and route prefix, remove dead code from
AssetController as a result.

* Dynamically limit options for select2 based on import type selected, and group them by item type.

* Add user importer.

Still need to implement emailing of passwords to new users, and probably
test a bit more.

This also bumps the memory limit for web imports up as well, I need to
profile memory usage here before too long.

* Query the db to find user matches rather than search the array.  Performance is much much better.

* Speed/memory improvements in importers.

Move to querying the db rather than maintaining an array for all
importers.  Also only store the id of items when we import, rather than
the full model.  It saves a decent amount of memory.

* Remove grouping of items in select2

With the values being set dynamically, the grouping is redundant.  It
also caused a regression with automatically guessing/matching field
names.  This is starting to get close.

* Remove debug line on every create.

* Switch migration to be text field instead of json field for compatibility with older mysql/mariadb

* Fix asset import regression matching email address.

* Rearrange travis order in attempt to fix null settings.

* Use auth::id instead of fetching it off the user.  Fixes a null object reference during seeding.
2017-06-21 16:37:37 -07:00
snipe 3046d7d33c Fixes #3644 - broken datepicker 2017-06-09 18:53:19 -07:00
snipe 408bb6476f Removed some unneeded styles 2017-06-09 14:57:57 -07:00
snipe 041b794e1f Fixes #3634 - use new routes for groups 2017-06-08 20:24:26 -07:00
snipe 1c056d1a59 Updated asset urls 2017-06-06 02:35:26 -07:00
snipe 01cc00c832 Fixing webpack. Again 2017-06-06 01:39:53 -07:00
snipe 9338b37b74 Try to fix the datepicker :(
Webpack has fucked everything. I hate everything.
2017-06-06 00:51:41 -07:00
snipe cc5192c91e Updated asset url 2017-05-31 13:57:23 -07:00
snipe 66eaff739a More npm/css/js updates 2017-05-31 12:34:05 -07:00
snipe 1992906790 Use laravel mix asset call 2017-05-31 09:41:52 -07:00
snipe b0479923b1 Add link to departments 2017-05-22 21:31:58 -07:00
snipe dcfc434075 Added suppliers back to new side menu (oops) 2017-05-15 20:55:53 -07:00
snipe 542adfa926 Updated sidenav to use proper status labels 2017-03-11 12:12:10 -08:00
snipe 73f5457b1b Fixed subnav permissions in Asset Menu for expanded permissions 2017-03-10 20:48:58 -08:00
snipe b5424462c9 Moved non-superadmin settings into sidebar 2017-03-03 17:30:12 -08:00
snipe 7cf42ecf9e New side menu for “other stuff”?
Need to figure out what to call this
2017-02-22 22:21:17 -08:00
snipe a18e90c22a Fix delete modals 2017-02-15 23:04:49 -08:00
snipe a69090c91c Moved import to top level sidenav 2017-02-03 19:33:40 -08:00
snipe 18e2db24bd Updated groups index route name 2017-02-01 19:13:17 -08:00
snipe 5d3568136e Added some printer-friendly stuff 2017-01-26 06:20:53 -08:00
snipe 47cf734f72 Hide the app div
This will need to be fixed later, but the flash of unstyled content on the non-api pages was making me cray
2017-01-18 05:02:00 -08:00
snipe a35323131f Updated documentation link 2017-01-12 23:43:20 -08:00
snipe 55d0f8c0df I think this is necessary for the Vue.js version? 2017-01-11 15:21:33 -08:00
snipe dbf3a074f7 Fix CSRF issue on bootstrap tables 2017-01-11 14:52:05 -08:00
snipe 86926675ce Fixed passport token generation 2017-01-11 08:44:34 -08:00
snipe 41f58efb70 Font-awesome for bower 2017-01-11 06:53:49 -08:00
snipe e2d5401f3a Stop double-loading jquery 2017-01-11 05:51:13 -08:00
snipe 19fcda5c25 Basic API management
I’m getting a 500 on personal token creation, but there’s nothing in the logs, so I have no idea what’s wrong
2017-01-11 03:55:47 -08:00
snipe b5ddd9ab0a More vue/api work 2017-01-11 03:38:55 -08:00
snipe 33ffc58ffe Fixed vue issue with api 2017-01-11 01:27:02 -08:00
snipe 16bd78fb3f Removed stray poop 2016-12-29 17:26:21 -08:00
snipe 51ceaedfaf Small phpcbf cleanup 2016-12-29 14:02:18 -08:00
Daniel Meltzer fd450e2773 Two asset maintence related fixes (#3101)
* Fix maintenances create button, and post to the proper route in maintences edit

* Fix consumable tab when active.

* Fix an html formatting error that resulted in us not closing a form.  This would cause the checkin page to try to submit a delete request (related to the modal form) rather than the desired checkin request.  Also fix formatting in this file.

* Use log mail driver for testing, should fix the functional issue.  Disable acceptance tests on travis for now.

* Fix Category edit page.

* EOL Can be null.
2016-12-26 15:17:12 -08:00
Daniel Meltzer 61543f3a04 Add presenters for models. (#3098)
* Add presenters for models.  Move bootstrap table JSON generation to these presenters, which cleans up controllers a lot.  Move view specific modifications from the models to the presenters as well.

* Fix some issues found by travis and codacy

* Fix a few more issues found while testing.

* Attempt another acceptance test fix

* Try something else

* Maybe..
2016-12-23 17:52:00 -08:00
snipe 94a6b555a8 Darker red for warning 2016-12-22 21:21:10 -08:00
Daniel Meltzer cd8c585377 Discussion: Moving to policies for controller based authorization (#3080)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
Daniel Meltzer ae2cb5fe68 Make delete routes work. (#3077)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.
2016-12-19 10:42:33 -08:00
snipe 9ea05bacf3 User resource routes 2016-12-15 20:52:39 -08:00
snipe f832b15cf3 Components routes 2016-12-15 19:59:42 -08:00
snipe e685e0f019 Cleaned up custom fields controllers, views, names, etc 2016-12-15 19:17:07 -08:00
snipe d6b41759f0 Updated manufacturers, suppliers, depreciations for new route resources 2016-12-15 18:18:13 -08:00
snipe c308fbce0d Updated resources, named routes, tests for Locations 2016-12-15 17:12:22 -08:00
snipe aab0933856 Use url() helper over URL::to 2016-12-15 16:41:36 -08:00
snipe c6ab34faee Updated Companies for #3059 2016-12-15 15:48:30 -08:00
snipe cf2b57cb15 More for #3057 2016-12-15 15:15:11 -08:00
snipe 0c5d3d1c74 Updated license routes 2016-12-15 11:57:19 -08:00
snipe 456e4a633e Corrected route for license view 2016-12-15 11:41:08 -08:00
snipe a6b975b168 More updates for #3060, #3058 2016-12-15 06:11:03 -08:00
snipe 9b167d87d2 Updated to use named routes (#3060), some FORM spoofing for PUT (#3061)
(Updating assets isn’t currently working - investigating that)
2016-12-15 04:27:17 -08:00
snipe 863e200430 Hopefully fixes tons of PEBKAC where users have the wrong app.url 2016-12-14 08:20:05 -08:00
snipe 8e5977ad84 Updated maintenance views 2016-12-14 07:56:01 -08:00
snipe dd28c5709e Add action=“” to form (possible IE11 fix) 2016-12-12 19:23:41 -08:00
snipe 1be22cf051 Improved versioning script 2016-12-01 02:53:41 -08:00
snipe 2ec7c0bf1d Hide edit actions from asset sidebar if user cannot edit assets 2016-12-01 00:00:48 -08:00
snipe 7393f0bbea Fixes snipeSettings error if the user was created but the settings table isn’t populated yet 2016-11-29 01:20:51 -08:00
snipe 0d6b160b61 Fix mail test script 2016-11-29 01:19:05 -08:00
snipe ba23952852 Add red banner if app is in production mode and debugging is turned on 2016-11-29 00:08:20 -08:00
Daniel Meltzer d722ed3823 Partialize forms (#2884)
* Consolidate edit form elements into reusable partials.

This is a large code change that doesn't do much immediately.  It
refactors all of the various edit.blade.php files to reference
standardized partials, so that they all reference the same base html
layout. This has the side effect of moving everything to the new fancy
"required" indicators, and making things look consistent.

In addition, I've gone ahead and renamed a few database fields.  We had
Assetmodel::modelno and Consumable::model_no, I've renamed both to
model_number.  We had items using ::note and ::notes, I've standardized
on ::notes.  Component used total_qty where consumables and accessories
used qty, so I've moved everything to qty (And fixed a few bugs in the
helper file in the process.

TODO includes looking at how/where to place the modal javascripts to
allow for on the fly creation from all places, rather than just the
asset page.

Rename assetmodel::modelno to model_number for clarity and consistency

Rename consumable::model_no to model_number for clarity and consistency

Rename assetmodel::note to notes for clarity and consistency

Port asset and assetmodel to new partials layout.  Adapt all code to the renamed model_number and notes database changes.  Fix some stying.

* Share a settings variable with all views.

* Allow editing the per_page setting.  We showed the value, but we never showed it on the edit page..

* use snipeSettings in all views instead of the long ugly path.

* War on partials. Centralize all bootstrap table javascript

* Use model_number instead of modelno in importer

* Codacy fix.

* More unification/deduplication.  Create an edit form template layout that we use as the base for all edit forms.  This gives the same interface for editing everything and makes the edit.blade.* files much easier to read.

* Use a ViewComposer instead of sharing the variable directly.  Fixes artisan optimize trying to hit the db--which ruins new installs

* Fix DB seeder.

* Base sql dump and csv's to import data from for tests.

* Start some functional tests for creating items.

* Add functional tests for all create methods.  Still need to do tests for edits, deletes, and lots of other things

* Improvements to functional tests.

Use the built in DB seeding mechanism instead of doing it ourselves.
Break the tests into multiple units, rather than testing everything in
each function.

* Some improvements to acceptance tests.

Make sure we're only looking at the "trs" within the bootstrap table.
Creation of assets is now tested at the functional level (and is faster)
so ignore it here.

I'm testing acceptance tests with the
IMPORT_{ASSETS,ACCESSORIES,CONSUMABLES}.csv in the tests/_data folder
imported.

* A few things to make acceptance tests work.  Add a name to the companies table, and make the locations table have the correct name

* Use a .env.tests file for testing functional and unit to allow a separate database.

* Add functional tests for compoents, groups, and licenses.

* Now that the config is in the functional.yml, this just confuses things.

* Start some functional tests for creating items.

* Add functional tests for all create methods.  Still need to do tests for edits, deletes, and lots of other things

* Improvements to functional tests.

Use the built in DB seeding mechanism instead of doing it ourselves.
Break the tests into multiple units, rather than testing everything in
each function.

* Some improvements to acceptance tests.

Make sure we're only looking at the "trs" within the bootstrap table.
Creation of assets is now tested at the functional level (and is faster)
so ignore it here.

I'm testing acceptance tests with the
IMPORT_{ASSETS,ACCESSORIES,CONSUMABLES}.csv in the tests/_data folder
imported.

* update db dump

* Update tests to new reality

* env for the test setup

* only load the database at beginning of tests, not between each Functional test.

* Fix a miss from renaming note to notes.

* Set Termination date when creating an asset.  It was only set on edit.

* Rename serial_number to serial in components for consistency.

* Update validation rules to match limits in database.  Currently we just accepted the values and they were truncated when adding to DB.

* Much more detailed functional testing of creating items.  This checks to make sure all values on form have been successfully persisted to database.
2016-11-16 16:56:57 -08:00
snipe b3329135df Merge branch 'develop' of github.com:snipe/snipe-it into develop 2016-10-12 12:50:35 -07:00
snipe 8f4e016c01 Fixes #2768 and #2753 2016-10-12 12:48:37 -07:00
Daniel Meltzer 2e0a7abbe9 Rework permissions view (#2756)
* Early layout work on a cleaner permissions interface

* Cleanup layout.  Make new permissions view work.  Still needs some css and javascript improvements.  Also need to do the same thing to the group view.

* Improve styling, add javascript to toggle an entire group of permissions if choosing the permission on the header row.  Would be nice to add collapsing of sections in the future.

* Toggle viewing sections.

* Special case places where we only have one item in a group to only display the item once.

* Filter getCreate the same way.
2016-10-12 12:06:28 -07:00
snipe 8ba19632cf Removed new badge 2016-09-23 13:13:42 -07:00
snipe 391c9a77ef Misc debug template for use with debugging CSV exports, etc 2016-09-12 14:05:31 -07:00
snipe d4dc1830ec Fixes #2527 - honor the setting for whether Snpie-IT can access the outside world 2016-08-30 12:58:08 -07:00