commit 147fcfb8eb
Merge: 58a3d09b5fdcc17ca2
Author: snipe <snipe@snipe.net>
Date: Tue Oct 22 15:12:55 2024 +0100
Merge pull request #15676 from Toreg87/fixes/api_create_user_fmcs
Fix user creation with FullMultipleCompanySupport enabled over API
commit 58a3d09b5f
Merge: 30a06a594867fa2f36
Author: snipe <snipe@snipe.net>
Date: Tue Oct 22 14:55:42 2024 +0100
Merge pull request #15703 from marcusmoore/bug/sc-27188
Linked accessory files in activity report
commit 30a06a5942
Merge: 6c6af78e0ce3086317
Author: snipe <snipe@snipe.net>
Date: Tue Oct 22 11:47:06 2024 +0100
Merge pull request #15693 from marcusmoore/chore/remove-parallel-testing
Removed brianium/paratest
commit 6c6af78e08
Merge: 9b06bbb6c3f79fd7ea
Author: snipe <snipe@snipe.net>
Date: Tue Oct 22 11:46:04 2024 +0100
Merge pull request #15705 from marcusmoore/tests/icon-component-test
Added test to ensure icon component does not end in newline
commit 3f79fd7ea7
Author: Marcus Moore <contact@marcusmoore.io>
Date: Mon Oct 21 17:07:40 2024 -0700
Add test to ensure icon component does not end in newline
commit 9b06bbb6c3
Merge: 46ad1d072d7f70146f
Author: snipe <snipe@snipe.net>
Date: Mon Oct 21 22:38:26 2024 +0100
Merge pull request #15704 from marcusmoore/bug/remove-extra-icon
Removed second icon in accessory file list
commit ce30863177
Author: Marcus Moore <contact@marcusmoore.io>
Date: Mon Oct 21 13:57:04 2024 -0700
Remove brianium/paratest dependency
commit d7f70146f4
Author: Marcus Moore <contact@marcusmoore.io>
Date: Mon Oct 21 13:48:25 2024 -0700
Remove extra icon in accessory file upload list
commit 867fa2f36e
Author: Marcus Moore <contact@marcusmoore.io>
Date: Mon Oct 21 12:40:24 2024 -0700
Display file in activity report for accessories
commit 0933a2d4ea
Author: Marcus Moore <contact@marcusmoore.io>
Date: Thu Oct 17 18:01:48 2024 -0700
Remove --parallel flag
commit 46ad1d072f
Merge: bcb4bd9eb3cf746d7d
Author: snipe <snipe@snipe.net>
Date: Thu Oct 17 15:29:47 2024 +0100
Merge pull request #15680 from uberbrady/bulk_checkout_to_bulk_actions
Bulk checkout to bulk actions
commit bcb4bd9eb4
Merge: 250037540f50ccbcc4
Author: snipe <snipe@snipe.net>
Date: Thu Oct 17 10:20:13 2024 +0100
Merge pull request #15683 from Toreg87/fixes/outdated_comment
Fix outdated comment in CompanyableTrait
commit f50ccbcc49
Author: Tobias Regnery <tobias.regnery@gmail.com>
Date: Thu Oct 17 11:07:28 2024 +0200
Fix outdated comment in CompanyableTrait
As of commit 5800e8d the user model uses CompanyableTrait so remove this clearly outdated comment
commit 3cf746d7df
Author: Brady Wetherington <bwetherington@grokability.com>
Date: Wed Oct 16 23:13:32 2024 +0100
Rework the bulk checkout to not change how all checkouts work
commit 6b7af802af
Author: Brady Wetherington <bwetherington@grokability.com>
Date: Thu Oct 10 13:28:23 2024 +0100
Add 'bulk checkout' as one of the bulk actions in the bulk actions toolbar
commit fdcc17ca2c
Author: Tobias Regnery <tobias.regnery@gmail.com>
Date: Wed Oct 16 11:18:24 2024 +0200
Fix user creation with FullMultipleCompanySupport enabled over API
It is currently possible as a non-superuser to create a new user or patch an existing user with arbitrary company over the API if FullMultipleCompanySupport is enabled.
Altough a highly unlikely scenario as the user needs permission to create API keys and new users, it is a bug that should get fixed.
Add a call to getIdForCurrentUser() to normalize the company_id if FullMultipleCompanySupport is enabled.
Signed-off-by: snipe <snipe@snipe.net>
It is currently possible as a non-superuser to create a new user or patch an existing user with arbitrary company over the API if FullMultipleCompanySupport is enabled.
Altough a highly unlikely scenario as the user needs permission to create API keys and new users, it is a bug that should get fixed.
Add a call to getIdForCurrentUser() to normalize the company_id if FullMultipleCompanySupport is enabled.
Commit fb4fe3004 restored the previous behaviour to check the company_id in case of FullMultipleCompanySupport.
But after rereading the code and the laravel documentation, the check is already there where it belongs in AssetStoreRequest::prepareForValidation()
The bug is the is_int-check of the request input in prepareForValidation(). Is is of type string even if it is a numeric value, so the call to getIdForCurrentUser() never happend.
Fix this by removing the check and the now redundant call to getIdForCurrentUser().
Wrong values will get caught by the model-level validation rules.