Brady Wetherington
9bb191f29f
Fixes file upload XSS vulnerability [sc-24156]
2024-02-08 14:30:40 +00:00
snipe
81b2273c37
Refactored checkout screen to redirect if invalid category
...
Signed-off-by: snipe <snipe@snipe.net>
2023-11-23 16:18:28 +00:00
Marcus Moore
a08e0bd547
Ensure notes are saved to the action log when licenses are checked in and out
2023-11-06 12:20:13 -08:00
snipe
f685ba01b6
Reversed order of find
...
Signed-off-by: snipe <snipe@snipe.net>
2023-10-09 16:43:14 +01:00
snipe
e5f5802235
Added tighter controls for matching log ID and item_id
...
Signed-off-by: snipe <snipe@snipe.net>
2023-10-09 15:17:03 +01:00
snipe
6fa0d42bc2
Fixed bug where license checkout/checkin notes were not being saved
...
Signed-off-by: snipe <snipe@snipe.net>
2023-09-28 15:40:18 +01:00
snipe
b92327eb40
Merge pull request #13520 from inietov/fixes/licenses_reassignable_feature
...
Fixed Not reassignable Licenses shouldn't show 'Checkin All Seats' button [sc-23506]
2023-09-14 12:52:13 +01:00
snipe
f53db8ba75
Fixed #13562 - allow inline view for uploaded files
...
Signed-off-by: snipe <snipe@snipe.net>
2023-09-05 18:28:01 +01:00
Ivan Nieto Vivanco
6161a0d76d
Add condition in LicenseCheckinController:bulkCheckin method to evaluate if the license is reassignable
2023-08-23 16:22:40 -06:00
Tobias Franzius
90a344af0b
Fixes #13341 Clean up correct seats on license delete
...
Before this, we checked for the `id` collumn in the `license_seats` table, insteasd of
using `license_id` for this.
This way, we ensure that we only alter seats belonging to the correct license.
2023-07-20 13:48:57 +02:00
snipe
7937542dcb
Redirect if the license can’t be found
...
Signed-off-by: snipe <snipe@snipe.net>
2023-06-29 21:15:50 +01:00
snipe
22d73f503a
Merge pull request #12756 from dboth/develop
...
Fixed #8208 , #8896 , #8985 and #9789 : Currency issues when using non-english locales (resubmission)
2023-04-25 22:32:13 -07:00
Ivan Nieto Vivanco
747d6cfdb4
Change the flow of the condition using an early return
2023-04-20 10:37:26 -06:00
Ivan Nieto Vivanco
ae53609b1b
Declare variables only if license is found
2023-04-20 10:16:11 -06:00
snipe
3a808aa806
Updated method for available seat count
...
Signed-off-by: snipe <snipe@snipe.net>
2023-04-18 02:44:33 -07:00
snipe
dc6eb6f104
Throw a warning if there were no users affected
...
Signed-off-by: snipe <snipe@snipe.net>
2023-04-18 02:07:17 -07:00
snipe
a8a3ca3624
Use count on availSeats
...
Signed-off-by: snipe <snipe@snipe.net>
2023-04-18 02:06:42 -07:00
snipe
f21d9c27e6
Use new translations for logs
...
Signed-off-by: snipe <snipe@snipe.net>
2023-04-18 01:07:26 -07:00
snipe
bfcbd9628a
Refactored license controller with new counts
...
Signed-off-by: snipe <snipe@snipe.net>
2023-04-18 01:02:58 -07:00
snipe
a83991041a
Better placement for errors
...
Signed-off-by: snipe <snipe@snipe.net>
2023-04-16 16:08:06 -07:00
snipe
4b66ca6ac5
Added method to bulk checkin (much simpler than checking out)
...
Signed-off-by: snipe <snipe@snipe.net>
2023-04-16 15:27:15 -07:00
snipe
844ad83431
Added method to bulk checkout license seats
...
Signed-off-by: snipe <snipe@snipe.net>
2023-04-16 15:26:59 -07:00
snipe
8183b8deba
Added stub method
...
Signed-off-by: snipe <snipe@snipe.net>
2023-04-16 12:30:02 -07:00
Dominik Both
3271c9dc9f
Fix #8208 , #8896 , #8985 , #9789
2023-03-29 09:56:34 +02:00
snipe
e9601bcf13
Handle already-deleted license files more gracefully
...
Signed-off-by: snipe <snipe@snipe.net>
2023-03-15 13:05:51 -07:00
Ivan Nieto Vivanco
8a5d426ccd
Use correct LicenseSeat property
2023-03-02 19:33:32 -06:00
Ivan Nieto Vivanco
9d94bd6567
Validate if the license seat is not checked out, it can't be checked in
2023-02-27 18:57:38 -06:00
Ivan Nieto Vivanco
c0f83a7927
Delete not necessary conditional
2022-09-20 19:02:01 -05:00
Ivan Nieto Vivanco
5a1062f0f4
Delete debugging symbols (just kidding, it's just a dd() function)
2022-09-20 18:58:31 -05:00
Ivan Nieto Vivanco
c32676596c
Redirect correctly if not enough license seats exists to be checkout
2022-09-20 18:55:53 -05:00
snipe
dcab1381e7
Check for licenses.files permissions
...
Signed-off-by: snipe <snipe@snipe.net>
2022-09-16 14:00:27 -07:00
snipe
9aac1cbba4
Merge branch 'master' into rcs/merge_master_into_develop_for_rc_8
...
Signed-off-by: snipe <snipe@snipe.net>
# Conflicts:
# README.md
# app/Console/Commands/MoveUploadsToNewDisk.php
# app/Http/Controllers/ActionlogController.php
# app/Http/Controllers/Api/LicensesController.php
# app/Http/Controllers/Api/StatuslabelsController.php
# app/Http/Controllers/Assets/AssetCheckinController.php
# app/Http/Controllers/Licenses/LicensesController.php
# app/Http/Controllers/Users/BulkUsersController.php
# app/Http/Requests/AssetCheckoutRequest.php
# app/Importer/LicenseImporter.php
# app/Models/Actionlog.php
# app/Models/License.php
# app/Models/User.php
# app/Observers/AssetObserver.php
# composer.lock
# config/version.php
# database/factories/LicenseFactory.php
# database/migrations/2015_09_21_235926_create_custom_field_custom_fieldset.php
# database/migrations/2018_10_18_191228_add_kits_licenses_table.php
# database/migrations/2018_10_19_153910_add_kits_table.php
# database/migrations/2018_10_19_154013_add_kits_models_table.php
# database/migrations/2019_02_07_185953_add_kits_consumables_table.php
# database/migrations/2019_02_07_190030_add_kits_accessories_table.php
# package-lock.json
# package.json
# public/css/dist/all.css
# public/css/dist/bootstrap-table.css
# public/js/dist/bootstrap-table.js
# public/mix-manifest.json
# resources/lang/ar/general.php
# resources/lang/ar/passwords.php
# resources/lang/cs/general.php
# resources/lang/cs/passwords.php
# resources/lang/de/admin/custom_fields/general.php
# resources/lang/de/admin/settings/general.php
# resources/lang/de/admin/settings/message.php
# resources/lang/fr/admin/custom_fields/general.php
# resources/lang/fr/admin/hardware/general.php
# resources/lang/fr/admin/locations/table.php
# resources/lang/fr/admin/settings/message.php
# resources/lang/hu/admin/custom_fields/general.php
# resources/lang/hu/admin/settings/general.php
# resources/lang/hu/general.php
# resources/lang/it/admin/settings/general.php
# resources/lang/nl/admin/custom_fields/general.php
# resources/lang/nl/admin/settings/general.php
# resources/lang/nl/general.php
# resources/lang/pl/admin/custom_fields/general.php
# resources/lang/sv-SE/passwords.php
# resources/lang/tr/general.php
# resources/views/hardware/view.blade.php
# resources/views/partials/bootstrap-table.blade.php
# resources/views/reports/activity.blade.php
# resources/views/users/print.blade.php
2022-04-28 17:49:06 +01:00
snipe
1441cf9f4f
Ports #10494 to master
...
Signed-off-by: snipe <snipe@snipe.net>
2022-04-12 21:04:57 +01:00
Brad
81084fa717
Fixed #7824
...
Previously there was a 999 max seats on Licenses as anything above that seemed to cause slowdowns and failure.
This commit allievates those pain points
- removed freeSeats as a hydrated Eloquent model on JSON requests for the licenses index
- removed 'licenseSeats.user', 'licenseSeats.asset' from the 'with' clause as it's not needed in the view (Datatabales takes care of that)
- removed the 999 max seats limit from the License Model,
- reworked how new license seats are created when increasing seats or creating licenses
- Added an index the license_seats table to help speed up lookups
2022-01-10 14:03:28 -05:00
snipe
6e0f8068b2
Fixed duplicate use statement from merge fuckery
...
Signed-off-by: snipe <snipe@snipe.net>
2021-10-20 17:54:32 -07:00
snipe
aa8f1378c9
Merge remote-tracking branch 'origin/master' into develop
...
Signed-off-by: snipe <snipe@snipe.net>
# Conflicts:
# README.md
# app/Http/Controllers/Accessories/AccessoriesController.php
# app/Http/Controllers/Api/AssetMaintenancesController.php
# app/Http/Controllers/Api/AssetModelsController.php
# app/Http/Controllers/Api/AssetsController.php
# app/Http/Controllers/Api/UsersController.php
# app/Http/Controllers/AssetMaintenancesController.php
# app/Http/Controllers/Assets/AssetFilesController.php
# app/Http/Controllers/Assets/AssetsController.php
# app/Http/Controllers/Assets/BulkAssetsController.php
# app/Http/Controllers/Components/ComponentsController.php
# app/Http/Controllers/Consumables/ConsumablesController.php
# app/Http/Controllers/Licenses/LicenseFilesController.php
# app/Http/Controllers/Licenses/LicensesController.php
# app/Http/Controllers/Users/UserFilesController.php
# app/Http/Transformers/AssetsTransformer.php
# app/Http/Transformers/LicensesTransformer.php
# app/Importer/UserImporter.php
# app/Models/Asset.php
# config/app.php
# config/version.php
# package-lock.json
# public/js/build/app.js
# public/js/dist/all.js
# public/js/dist/bootstrap-table.js
# public/mix-manifest.json
# resources/lang/en/admin/users/message.php
# resources/lang/is/button.php
# resources/lang/ja/admin/kits/general.php
# resources/lang/ro/admin/users/general.php
# resources/lang/zh-HK/admin/depreciations/general.php
# resources/lang/zh-HK/admin/models/general.php
# resources/views/hardware/qr-view.blade.php
# resources/views/hardware/view.blade.php
# resources/views/partials/bootstrap-table.blade.php
# resources/views/users/view.blade.php
# routes/web.php
# routes/web/hardware.php
# routes/web/models.php
# routes/web/users.php
2021-10-20 17:26:41 -07:00
snipe
ccd430ce07
Switched back down to debug level
...
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 12:38:21 -07:00
snipe
f306401e7e
Fixed SVG XSS vuln
...
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 12:26:45 -07:00
Brady Wetherington
f3338667c7
Create new ParseCurrency helper and use it in the appropriate controllers
2021-09-28 18:20:39 -07:00
snipe
e27065fe16
Merge branch 'develop-v6-integration' into develop-v6-rc1
...
Signed-off-by: snipe <snipe@snipe.net>
# Conflicts:
# .all-contributorsrc
# README.md
# app/Console/Commands/ResetDemoSettings.php
# app/Helpers/Helper.php
# app/Http/Controllers/Api/AccessoriesController.php
# app/Http/Controllers/Api/AssetsController.php
# app/Http/Controllers/Api/CategoriesController.php
# app/Http/Controllers/Api/ComponentsController.php
# app/Http/Controllers/Api/ConsumablesController.php
# app/Http/Controllers/Api/LocationsController.php
# app/Http/Controllers/Api/StatuslabelsController.php
# app/Http/Controllers/Api/SuppliersController.php
# app/Http/Controllers/AssetMaintenancesController.php
# app/Http/Controllers/Auth/ForgotPasswordController.php
# app/Http/Controllers/DepreciationsController.php
# app/Http/Controllers/ReportsController.php
# app/Http/Controllers/SettingsController.php
# app/Http/Requests/ImageUploadRequest.php
# app/Http/Transformers/ActionlogsTransformer.php
# app/Http/Transformers/DepreciationsTransformer.php
# app/Listeners/CheckoutableListener.php
# app/Models/Accessory.php
# app/Models/Asset.php
# app/Models/Company.php
# app/Models/Ldap.php
# app/Models/User.php
# app/Presenters/AssetPresenter.php
# app/Presenters/CategoryPresenter.php
# composer.json
# composer.lock
# config/version.php
# database/factories/AssetModelFactory.php
# database/migrations/2020_10_22_233743_move_accessory_checkout_note_to_join_table.php
# database/seeds/AssetModelSeeder.php
# package-lock.json
# public/css/build/AdminLTE.css
# public/css/build/app.css
# public/css/build/overrides.css
# public/css/dist/all.css
# public/css/dist/bootstrap-table.css
# public/css/dist/skins/skin-black-dark.css
# public/css/dist/skins/skin-black-dark.min.css
# public/css/dist/skins/skin-black.css
# public/css/dist/skins/skin-black.min.css
# public/css/dist/skins/skin-blue-dark.css
# public/css/dist/skins/skin-blue-dark.min.css
# public/css/dist/skins/skin-blue.css
# public/css/dist/skins/skin-blue.min.css
# public/css/dist/skins/skin-contrast.css
# public/css/dist/skins/skin-contrast.min.css
# public/css/dist/skins/skin-green-dark.css
# public/css/dist/skins/skin-green-dark.min.css
# public/css/dist/skins/skin-green.css
# public/css/dist/skins/skin-green.min.css
# public/css/dist/skins/skin-orange-dark.css
# public/css/dist/skins/skin-orange-dark.min.css
# public/css/dist/skins/skin-orange.css
# public/css/dist/skins/skin-orange.min.css
# public/css/dist/skins/skin-purple-dark.css
# public/css/dist/skins/skin-purple-dark.min.css
# public/css/dist/skins/skin-purple.css
# public/css/dist/skins/skin-purple.min.css
# public/css/dist/skins/skin-red-dark.css
# public/css/dist/skins/skin-red-dark.min.css
# public/css/dist/skins/skin-red.css
# public/css/dist/skins/skin-red.min.css
# public/css/dist/skins/skin-yellow-dark.css
# public/css/dist/skins/skin-yellow-dark.min.css
# public/css/dist/skins/skin-yellow.css
# public/css/dist/skins/skin-yellow.min.css
# public/js/build/app.js
# public/js/build/vendor.js
# public/js/dist/all.js
# public/js/dist/bootstrap-table.js
# public/mix-manifest.json
# resources/assets/js/vue.js
# resources/lang/af/validation.php
# resources/lang/ar/admin/settings/general.php
# resources/lang/ar/validation.php
# resources/lang/bg/admin/settings/general.php
# resources/lang/bg/validation.php
# resources/lang/cs/admin/settings/general.php
# resources/lang/cs/validation.php
# resources/lang/cy/help.php
# resources/lang/cy/validation.php
# resources/lang/da/admin/settings/general.php
# resources/lang/da/validation.php
# resources/lang/de/admin/settings/general.php
# resources/lang/de/validation.php
# resources/lang/el/validation.php
# resources/lang/en-GB/admin/settings/general.php
# resources/lang/en-GB/validation.php
# resources/lang/en-ID/admin/hardware/table.php
# resources/lang/en-ID/admin/settings/general.php
# resources/lang/en-ID/validation.php
# resources/lang/es-CO/admin/settings/general.php
# resources/lang/es-CO/auth/message.php
# resources/lang/es-CO/button.php
# resources/lang/es-CO/help.php
# resources/lang/es-CO/validation.php
# resources/lang/es-ES/admin/settings/general.php
# resources/lang/es-ES/auth/message.php
# resources/lang/es-ES/button.php
# resources/lang/es-ES/help.php
# resources/lang/es-ES/validation.php
# resources/lang/es-MX/admin/settings/general.php
# resources/lang/es-MX/validation.php
# resources/lang/es-VE/admin/settings/general.php
# resources/lang/es-VE/auth/message.php
# resources/lang/es-VE/button.php
# resources/lang/es-VE/help.php
# resources/lang/es-VE/validation.php
# resources/lang/et/validation.php
# resources/lang/fa/validation.php
# resources/lang/fi/admin/settings/general.php
# resources/lang/fi/validation.php
# resources/lang/fil/validation.php
# resources/lang/fr/admin/settings/general.php
# resources/lang/fr/validation.php
# resources/lang/ga-IE/validation.php
# resources/lang/he/admin/settings/general.php
# resources/lang/he/general.php
# resources/lang/he/validation.php
# resources/lang/hr/validation.php
# resources/lang/hu/validation.php
# resources/lang/id/validation.php
# resources/lang/is/admin/categories/general.php
# resources/lang/is/admin/companies/message.php
# resources/lang/is/admin/companies/table.php
# resources/lang/is/admin/components/general.php
# resources/lang/is/admin/components/table.php
# resources/lang/is/admin/consumables/table.php
# resources/lang/is/admin/depreciations/general.php
# resources/lang/is/admin/depreciations/message.php
# resources/lang/is/admin/hardware/form.php
# resources/lang/is/admin/hardware/general.php
# resources/lang/is/admin/hardware/message.php
# resources/lang/is/admin/hardware/table.php
# resources/lang/is/admin/kits/general.php
# resources/lang/is/admin/licenses/form.php
# resources/lang/is/admin/licenses/general.php
# resources/lang/is/admin/locations/table.php
# resources/lang/is/admin/manufacturers/table.php
# resources/lang/is/admin/reports/message.php
# resources/lang/is/admin/settings/general.php
# resources/lang/is/admin/settings/message.php
# resources/lang/is/admin/statuslabels/message.php
# resources/lang/is/admin/suppliers/message.php
# resources/lang/is/admin/suppliers/table.php
# resources/lang/is/admin/users/table.php
# resources/lang/is/mail.php
# resources/lang/is/validation.php
# resources/lang/it/admin/settings/general.php
# resources/lang/it/validation.php
# resources/lang/iu/validation.php
# resources/lang/ja/mail.php
# resources/lang/ja/validation.php
# resources/lang/ko/validation.php
# resources/lang/lt/validation.php
# resources/lang/lv/validation.php
# resources/lang/mi/validation.php
# resources/lang/mk/validation.php
# resources/lang/ml-IN/validation.php
# resources/lang/mn/validation.php
# resources/lang/ms/validation.php
# resources/lang/nl/admin/settings/general.php
# resources/lang/nl/validation.php
# resources/lang/no/validation.php
# resources/lang/pl/admin/settings/general.php
# resources/lang/pl/validation.php
# resources/lang/pt-BR/admin/settings/general.php
# resources/lang/pt-BR/mail.php
# resources/lang/pt-BR/validation.php
# resources/lang/pt-PT/validation.php
# resources/lang/ro/validation.php
# resources/lang/ru/validation.php
# resources/lang/sl/validation.php
# resources/lang/sr-CS/admin/settings/general.php
# resources/lang/sr-CS/validation.php
# resources/lang/sv-SE/admin/settings/general.php
# resources/lang/sv-SE/auth/message.php
# resources/lang/sv-SE/button.php
# resources/lang/sv-SE/mail.php
# resources/lang/sv-SE/validation.php
# resources/lang/ta/validation.php
# resources/lang/th/validation.php
# resources/lang/tl/validation.php
# resources/lang/tr/mail.php
# resources/lang/tr/validation.php
# resources/lang/uk/admin/accessories/table.php
# resources/lang/uk/admin/asset_maintenances/message.php
# resources/lang/uk/admin/asset_maintenances/table.php
# resources/lang/uk/validation.php
# resources/lang/ur-PK/validation.php
# resources/lang/vi/admin/settings/general.php
# resources/lang/vi/validation.php
# resources/lang/zh-CN/admin/settings/general.php
# resources/lang/zh-CN/validation.php
# resources/lang/zh-HK/validation.php
# resources/lang/zh-TW/validation.php
# resources/lang/zu/validation.php
# resources/views/partials/bootstrap-table.blade.php
# resources/views/partials/forms/edit/company-select.blade.php
# routes/api.php
2021-09-21 23:46:50 -07:00
Ivan Nieto Vivanco
4a79c77630
Add a condition to checkin licenses assigned to Assets
2021-08-25 16:38:34 -05:00
Laravel Shift
934afa036f
Adopt Laravel coding style
...
Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions.
You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started.
[1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer
[2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 20:15:52 +00:00
Brady Wetherington
c7626f8387
Add new StorageHelper and use it where it makes sense ( #9276 )
2021-03-15 12:26:39 -07:00
snipe
57d25ebb20
Fixed #8719 - use same convention for file names on licenses as we do on assets
2020-11-12 15:13:45 -08:00
snipe
5ae65d5329
Fixed #8566 - PDF files displaying as ascii instead of downloading
2020-10-21 13:32:46 -07:00
snipe
262eb79471
WIP - this needs refactoring
...
We have to use Storage::get() if the filesystem is local, since the method does a file_get_contents() and the file isn’t accessible via a URL since it’s private and doesn’t live on the web root. (We do this slightly differently than Laravel out of the box)
Signed-off-by: snipe <snipe@snipe.net>
2020-05-28 01:59:01 -07:00
Daniel Meltzer
25d6ceee6e
Remove old code.
2020-05-23 12:18:27 -04:00
Daniel Meltzer
c70bd62a0f
Missing includes. Fix by using the request object instead of facade.
2020-05-23 11:36:16 -04:00
Daniel Meltzer
a6f90cb3fc
Assorted licenses UI fixes while testing.
...
* Rename licenses route checkin parameter to clarify it's purpose and
fix incorrect route in users view page.
* Checkin note can be nullable for checking in a license.
* License Seat view was only showing 20 license seats due to faulty
transformer logic.
2020-05-12 14:38:21 -04:00
snipe
296de34e8a
WIP: Upgrade develop to Laravel 6.6.1 ( #7637 )
...
I'm going ahead and merging this, since the upgrade doesn't break Flysystem any worse than the current develop is broken, so far as I can tell.
* Upgraded framework to Laravel 6
### TO DO:
- Fix password restriction rules- the old library isn’t compatible with Laravel 6 :(
- Figure out why in-app API calls are returning “Unauthorized”
* More updates from Input:: to Request:: helper
* Switch to Request:: from Input
* Added passport config
* Fixed goofy password minimum in seeder
* Added laravel/helpers
* Changed ($item) to ($item->id) in forms
I have no idea why this is necessary
* Changed ($item) to ($item->id) in forms
* Updated API middleware to auth:api
* Updated with added laravel auth.php values
* FIxed *&!^$%^&$^%!!!! ajax issue
* Switch to Request::get from Input::get
* Switched to Request facade
* Added password security minimums back in
The package we were using has not been updated to Laravel v6, so I created custom validators instead
* Added language strings for error messages for password rules
* Fixed `($item)` issue in formActions for partials
2019-12-10 19:32:50 -08:00