Commit graph

20 commits

Author SHA1 Message Date
snipe bca82684a1 Merge branch 'hotfixes/2fa_qr' into develop
# Conflicts:
#	.all-contributorsrc
#	Dockerfile
#	README.md
#	app/Console/Commands/LdapSync.php
#	app/Http/Controllers/Api/ImportController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/CategoriesController.php
#	app/Http/Controllers/CompaniesController.php
#	app/Http/Controllers/DepartmentsController.php
#	app/Http/Controllers/ImportsController.php
#	app/Http/Controllers/LocationsController.php
#	app/Http/Controllers/ManufacturersController.php
#	app/Http/Controllers/SuppliersController.php
#	app/Http/Requests/ItemImportRequest.php
#	app/Http/Transformers/ActionlogsTransformer.php
#	composer.json
#	composer.lock
#	config/app.php
#	config/version.php
#	docker/startup.sh
#	public/css/build/all.css
#	public/css/dist/all.css
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/dist/all.js
#	public/mix-manifest.json
2019-03-20 02:17:02 -07:00
snipe 7b33f95e83
Fixes/import permissions mask (#6826)
* Check for empty headers in import

* Added import permission

* Fixed model path in docblock

* Added import gate to default blade

* Check if the user is an admin OR idf they have import permissions

* Walked back that admin permission

Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
2019-03-18 11:58:08 -07:00
snipe 2c79ed5fc1 Added kit permissions 2019-03-13 12:15:54 -07:00
snipe e4f6aefdad Added self-checkout permission option 2018-08-21 23:26:12 -07:00
snipe 376eb52f00 Fixed #5938 - added “self location edit” as permission 2018-07-24 12:42:16 -07:00
Till Deeke 27699aa99c Adds permission checks for custom fields and custom fieldsets (#5645) (#5795)
* adds permission checks to custom fields

* adds permission checks to custom fieldsets

* adds separate permissions for custom fieldsets

* check for permissions in views

* Removes custom fieldsets from permissions config

* Proxy the authorization for custom fieldsets down to custom fields.

This allows us to use the existing permissions in use and have more semantically correct authorization checks for custom fieldsets.

* simplifies the authorization check for the custom fields overview

* removes special handling of custom fieldsets in base policy

I just realised that this code duplicates the logic from the custom fieldset policy.
Since we are checking for the authorization of custom fields anyway, we can just use the columnName for the fields.

* cleanup of unused imports
2018-07-12 18:28:20 -07:00
snipe 95d935d917 Added warning to not edit config files manually 2018-03-07 17:39:13 -08:00
snipe c242abb42e Added Company policy to fix company deletion issue 2018-01-19 17:51:28 -08:00
snipe 808cd0f728 Nicer groups permission edit UI 2017-12-05 18:11:06 -08:00
snipe 16f57e16cb Fixes #1190 - added basic audit workflow 2017-08-25 10:04:19 -07:00
snipe f57ebc664e Added dept management to permissions 2017-05-23 02:50:08 -07:00
snipe b5424462c9 Moved non-superadmin settings into sidebar 2017-03-03 17:30:12 -08:00
snipe 381526e488 Additional permissions 2017-02-22 22:21:26 -08:00
snipe 84154d936a Added self.api permission 2017-01-11 04:05:39 -08:00
snipe cbfcf959f9 Allow certain users to override 2FA with permission 2016-10-31 16:52:25 -07:00
snipe 40befa7b37 Fixes #2792 - corrected typo in permissions array for creating accessories 2016-10-25 11:38:24 -07:00
snipe 8246a319a2 Fixes #2363 and #1097 2016-08-02 00:54:38 -07:00
snipe 5f5fddb7a4 Updated permissions array 2016-06-02 02:39:23 -07:00
snipe 449163c875 Fixes #1995 - updated group admin to use native permissions 2016-04-28 14:03:54 -07:00
snipe fe00b0e401 Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00