Commit graph

139 commits

Author SHA1 Message Date
Ivan Nieto Vivanco b142f8e012 Add the permission to show purchase cost column to non-admin sessions 2022-12-14 23:00:35 -06:00
snipe dcab1381e7 Check for licenses.files permissions
Signed-off-by: snipe <snipe@snipe.net>
2022-09-16 14:00:27 -07:00
snipe ee4f355e49 Changed logging to debug
Signed-off-by: snipe <snipe@snipe.net>
2022-07-05 17:58:45 -07:00
snipe a7dc6162fa Simplify password attempts rate limiting
Signed-off-by: snipe <snipe@snipe.net>
2022-06-22 09:11:24 -07:00
snipe ebd3c11129 Added singleton
Signed-off-by: snipe <snipe@snipe.net>
2022-05-19 17:55:59 -07:00
Brady Wetherington 6756dd193e SCIM integration using the 're-do-the routes' approach, which seems like a dead-end
Cleaning up routes to match laravel-scim-server's recommended implementation

Some actually *working* changes for SCIM support?!

Whoops, forgot my route file

Fix public SCIM routes

Removed Ziggy, removed old generated file, yanked Ziggy references

Resolves the first set of comments for SCIM

Ensure all /api routes have baseUrl prepended

Fix the parent:: call to be, uh, actually correct :P

Clarify the route-ordering, as it is quite tricky

This gets it so that users can actually be saved..

Work around the lack of callbacks with some inheritance

Mapped a bunch more fields from SCIM into Snipe-IT's user table

More baseUrl shenanigans since we yanked Ziggy :/

Properly map job title and work with some other necessary attributes

Map more fields...

Finalized basic mapping for core and enterprise namespaces

Latest tuned settings for SCIM config to work with Azure (and others)
2022-04-05 20:26:37 +01:00
snipe b876d0abb0 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	.env.example
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Kernel.php
#	app/Http/Transformers/ActionlogsTransformer.php
#	app/Importer/AssetImporter.php
#	app/Models/Accessory.php
#	app/Models/Consumable.php
#	app/Presenters/AccessoryPresenter.php
#	app/Presenters/ComponentPresenter.php
#	app/Presenters/ConsumablePresenter.php
#	app/Providers/AuthServiceProvider.php
#	composer.json
#	composer.lock
#	config/app.php
#	config/cors.php
#	config/version.php
#	package-lock.json
#	public/js/build/app.js
#	public/js/build/app.js.LICENSE.txt
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/views/accessories/view.blade.php
#	resources/views/consumables/view.blade.php
#	resources/views/settings/saml.blade.php
#	routes/api.php
2022-03-03 21:59:38 -08:00
snipe 2eef43e8bf
Applies develop fix to master for location drop downs 2022-03-01 12:43:35 -08:00
Andrew Roth 2e60420aeb Fix for location and model drop down with granular permissions. 2022-02-28 17:38:38 -05:00
snipe dd5f812d88 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	.all-contributorsrc
#	README.md
#	app/Console/Commands/FixDoubleEscape.php
#	app/Console/Commands/LdapSync.php
#	app/Exceptions/Handler.php
#	app/Http/Controllers/Api/AssetMaintenancesController.php
#	app/Http/Controllers/Api/AssetModelsController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/CategoriesController.php
#	app/Http/Controllers/Api/CompaniesController.php
#	app/Http/Controllers/Api/DepartmentsController.php
#	app/Http/Controllers/Api/LicensesController.php
#	app/Http/Controllers/Api/LocationsController.php
#	app/Http/Controllers/Api/ManufacturersController.php
#	app/Http/Controllers/Api/SettingsController.php
#	app/Http/Controllers/Api/SuppliersController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/CustomFieldsController.php
#	app/Http/Controllers/SettingsController.php
#	app/Models/Loggable.php
#	app/Providers/AuthServiceProvider.php
#	config/version.php
#	database/migrations/2014_11_04_231416_update_group_field_for_reporting.php
#	database/migrations/2015_11_08_222305_add_ldap_fields_to_settings.php
#	package-lock.json
#	package.json
#	public/js/build/app.js
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/assets/js/components/forms/asset-models/fieldset-default-values.vue
#	resources/views/hardware/view.blade.php
2022-02-20 13:29:12 -08:00
snipe d6b8222371 Refactor to combine permissions
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 12:48:30 -08:00
snipe 2c5abaaea4 Fixed copypasta
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 12:32:09 -08:00
snipe c1a0653847 Restrict to update or create gate methods for select lists
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 12:31:11 -08:00
snipe 9226c8292d Fixed typos in comments
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 12:02:14 -08:00
snipe 5fafa81dc1 Forgot components
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 11:57:29 -08:00
snipe b30d1dce89 Removed selectlist
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 11:55:24 -08:00
snipe 2dad27eed6 Added additional gate for selectlists
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 11:46:14 -08:00
Brady Wetherington a15c0adc79 Fix "secure hostnames" feature for subdirectory-based Snipe-IT installs 2022-02-07 11:33:38 -08:00
Brady Wetherington f1d4087317 Fix "secure hostnames" feature for subdirectory-based Snipe-IT installs 2022-02-07 11:26:54 -08:00
Brady Wetherington 44719e3dcc Fix whitespace issues 2022-01-27 11:29:20 -08:00
Brady Wetherington 1cf1278b3b Fix whitespace issues 2022-01-27 11:28:51 -08:00
Brady Wetherington 476075235a Add some guardrails around very-badly formatted APP_URL settings 2022-01-27 11:24:21 -08:00
Brady Wetherington 70648dedd3 Add some guardrails around very-badly formatted APP_URL settings 2022-01-27 11:21:46 -08:00
Brady Wetherington 0c4768fd2a Force UrlGenerator's Root URL to be the base of APP_URL unless overriden
(For v5)
2022-01-18 15:52:59 -08:00
Brady Wetherington 455bc736be Force UrlGenerator's Root URL to be the base of APP_URL unless overriden 2022-01-18 15:31:30 -08:00
Brady Wetherington 3c7f2e89ec Merge branch 'develop' into remove_old_ldap
Had to re-do the composer install because the conflicts were too complicated.
2022-01-03 12:56:58 -08:00
snipe d08c1787a1 First steps at getting dusk working
Signed-off-by: snipe <snipe@snipe.net>
2021-11-30 20:09:29 -08:00
Brady Wetherington 4dda28de9e WIP: cleaning up LDAP 2021-10-28 18:19:50 -07:00
Ivan Nieto Vivanco 23b770fac6 Added a validation to use the same name in categories with different types 2021-10-08 15:19:16 -05:00
snipe a8123092af Misc fixes for shift
// TODO - re-fix the exception handler

Signed-off-by: snipe <snipe@snipe.net>
2021-06-11 14:07:50 -07:00
Laravel Shift b62d1f49e4 Shift cleanup 2021-06-10 20:19:27 +00:00
Laravel Shift bdf23e472e Shift to class based routes 2021-06-10 20:17:14 +00:00
Laravel Shift ddc8b8648b Shift service providers 2021-06-10 20:17:07 +00:00
Laravel Shift 802dc9240d Shift bindings
PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser.
2021-06-10 20:16:56 +00:00
Laravel Shift 934afa036f Adopt Laravel coding style
Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions.

You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started.

[1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer
[2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 20:15:52 +00:00
Brady Wetherington 2a28f5e66c
(Maybe?) Fixes the problem where we always need LDAP enabled (#9321)
* I *think* this fixes the problem where we need LDAP even if we aren't using it?

* Pull the LdapAd dependency out of the AuthController constructor
2021-04-20 14:53:47 -07:00
Brady Wetherington 792a31cc7f Merge branch 'develop' 2021-04-06 20:10:22 -07:00
Lars Kajes 49532e1cd6
Add option to force TLS connection (#9327)
Co-authored-by: Lars Kajes <lars.kajes@iusinnovation.se>
2021-04-05 21:56:25 -07:00
snipe c3871c98df Updated rollbar package 2021-03-09 16:16:57 -08:00
snipe e9ee9ea2e9 Fixed rollbar integration 2021-03-09 12:40:00 -08:00
snipe a48d09f37e
Fixed non-superadmin gate permissions for kits (#9029) 2021-01-26 11:56:42 -08:00
Brady Wetherington 0329028e2c
Fixed #8926, #8252 - introduce circular reference check for location parent_id - rebased from #8253 (#8927)
* Fixed #8252 - circular references in location parents

* Remove non-translated translation changes

* Fix typo

* Add loop limit to avoid unforseen infinite loops

* Remove check against parent_id in location controllers

* Remove the Location->id=null piece (no longer needed)

* Fix some formatting and whitespace

* Re-introduce accidentally merged-out language file

Co-authored-by: Travis Miller <milletr@tulsaschools.org>
2020-12-18 17:18:04 -08:00
snipe 973eacf6c3 Small fixes for SAML
The SAML routes are in a service provide (sigh), so they did not have the `web` middleware group assigned to it.

I also added some additional checks so that the setup blade won’t fail (the migrations wouldn’t have been run yet, so outside of a try/catch, it would return an error since those tables don’t exist.)
2020-11-24 13:51:02 -08:00
snipe 5abfbdd1d2 Allow API token expiration in years to be configured via env 2020-11-09 22:52:55 -08:00
snipe 460485d843 Make API tokens expire in 20 years
TODO: Make this configurable and report the expiration in the UI
2020-11-09 22:33:43 -08:00
snipe c4b2ef5660 Removed debugging code 2020-11-02 20:10:18 -08:00
snipe a55694da2f Added validation to disallow password to be the same as username, email, etc 2020-11-02 20:03:26 -08:00
Brady Wetherington 0eda53c484 Add a new custom validator for Users to prevent someone from managing themselves 2020-10-23 16:55:10 -07:00
Brady Wetherington 262a964760 [WIP] fix ldap-sync for v5 with AdLdap2 2020-08-14 14:45:05 -07:00
snipe 6a089f86f8
Fixed pathing for accessories 2020-08-03 11:17:56 -07:00