Commit graph

51 commits

Author SHA1 Message Date
snipe adf6e7d1cd Added group support for user API 2018-09-07 18:25:58 -07:00
snipe 614e858e44 Restrict users asset listing to just assets checked out to users 2018-07-25 21:38:14 -07:00
Daniel Meltzer 3bc43210ab Add ID to the allowed sort fields in api/Users. (#5929) 2018-07-23 06:46:50 -07:00
snipe 5a1e1c73c9 Include show_in_list option in select 2018-07-18 03:59:02 -07:00
Till Deeke 48bbbe0f40 Fixing authorization issues (#5807)
* adds permission checks for companies

* adds permission checks for depreciations

* adds permission check for all reports

* fixes permissions for departments

* fixes permission naming (edit -> update)

* fixes authorization checking wrong permission in API

The authorization was checking for the non-existent „edit“ method where it should have checked for the „update“ method.

* adds authorization checks for select2 lists

* adds missing authorization checks for api

* fixes user authorization check for creating users

* adds additional check viewing assets on showing a users assets

* Removes authorization checks for select2 lists

Reference: https://github.com/snipe/snipe-it/pull/5807#pullrequestreview-136018755
2018-07-12 18:28:02 -07:00
Juan Font 311f9fcefb Implemented method to get info on the current user of the API (#5722)
* Implemented method to get info on the current user of the API

* Move userinfo method to UsersController

* Added missing files
2018-07-02 20:35:10 -07:00
Stephen c23955d0b5 Allow setting of "ldap_import" through the API (#5218)
* Allow setting of "ldap_import" through the API, this will allow cusom scripts to be made to import data from Active directory using the API, this would allow any field to be filled such as the manager (based on the ID), department etc.

* Password fix for LDAP through API
2018-04-20 14:02:52 -07:00
snipe b4f704d7f1 Fixed 2FA reset button 2018-02-26 15:43:49 -08:00
Daniel Meltzer 7de8f71f58 Api tests (#5096)
* Use the formated date helper to clean up verifications.

* Add Checkin/Checkout api tests.

* Accessories api test

* Add Companies API Test.

* Return ModelNotFound as a 404.

* Cleanups/simplficiations/updates.

* Locations api test.

* currency and image should be fillable on location.

* Update components api test.

* Use findOrFail so we return a 404 instead of a 200.  Matches other item types.

* order_number should be fillable in component.

* Add updated_at and permissions to information returned from api for a user.

* Add users test and flesh out factory and fillable fields.

* Add test for assets method

* API status label test.

* Disable php7.2 for now on travis until the count(null) issues are remedied

* Add serial to update.

* API model not found should return a 200
2018-02-24 19:01:34 -08:00
snipe f1bbdc9e59 Revert PR #4845 2018-01-24 03:32:45 -08:00
vcordes79 0fb8dc3418 check if user is allowed to view assets (#4845) 2018-01-23 18:10:05 -08:00
snipe e6f70f2ab7 Fixed #4821 - add username to user selection dropdown 2018-01-19 23:47:37 -08:00
snipe 9293f17707 Moved search scope lower to fix weird (possible Laravel) bug w/prepared statements 2018-01-11 15:17:34 -08:00
snipe 5b00a8ae33 Use specific company_id column name in user search 2017-12-11 22:50:55 -08:00
snipe 6fb0ef908d Fixed issue sorting when viewing users by department 2017-11-03 14:29:04 -07:00
snipe 85360a7c7f Removed gates on selectlists
They can’t access the API directly unless they have been granted API accesses anyway
2017-11-03 13:03:57 -07:00
snipe 416455fe01 Fixes weird manager_id validation
This is a shit fix - need to find out what’s happening here.
2017-11-03 12:48:00 -07:00
snipe 28a4293a0b Fixed #4370 - user’s listing flashing then no results 2017-11-02 11:19:34 -07:00
snipe f095f1807c Eager load userloc 2017-11-02 11:06:15 -07:00
snipe ca6dc5c2b5 Eager load user location 2017-11-02 10:56:36 -07:00
snipe 121e158f39 Change method name from userloc to location
This needs to be changed in more places though
2017-10-31 05:22:57 -07:00
snipe 0f4c05c5d0 Remove commented code 2017-10-31 05:02:46 -07:00
snipe 546c3e50fa Fixed updating the assigned assets location if user’s location changes 2017-10-30 19:33:52 -07:00
snipe 4eee7f8d97 Added address for users - fixes #4323 2017-10-30 18:57:00 -07:00
snipe 39c68214e9 More ajax menu fixes 2017-10-28 11:17:52 -07:00
snipe 7d11cb0748 Added selectlist transformer for select2 API calls 2017-10-26 21:50:01 -07:00
snipe ea07517ad5 Added more ajax select2 boxes to checkouts, remove helper ->with() methods 2017-10-26 03:43:28 -07:00
snipe 17d58d9cc5 Added snazzy rich user selection menu
TODO:
- Abstract this out so it can be used by other select2 menus
- Write a select2 transformer to standardize output
2017-10-24 19:24:35 -07:00
snipe 7140efc561 Use the transformers, Luke 2017-10-24 19:18:20 -07:00
snipe 99be54fd96 Fixed success message on saving new user 2017-10-24 19:17:30 -07:00
snipe dc805dd9b1 Added user avatars to listing 2017-10-24 09:51:07 -07:00
snipe 7d64ab3158 Fixes #4294 - pass correct group ID for group user listings 2017-10-24 04:39:47 -07:00
snipe fc644925ea Fixes #4291 - adds phone to user listing 2017-10-23 14:21:51 -07:00
snipe 22e13cd4d2 Allow sorting on asset counts, disable delete button if the user has items checked out to them 2017-10-19 17:15:21 -07:00
snipe c069829b33 Fixes #906 - groups view 2017-10-17 21:43:57 -07:00
snipe 47909b93f7 Fixed deleted users/restore users view 2017-09-06 17:11:43 -07:00
snipe bf157773c8 Also related to #3888 2017-08-26 15:21:38 -07:00
snipe 9bda62d295 ADDED: Password rules for complexity, min length, rejecting common passwords 2017-08-22 20:32:39 -07:00
snipe de18e2a887 Only bcrypt passwords on user save if the password value is passed 2017-08-08 14:41:58 -07:00
snipe df87c82ddc Fixes #3805 - add/update/delete methods for User API 2017-08-03 19:50:18 -07:00
Daniel Meltzer 5d4920c741 [WIP] Improvements to unit tests. (#3574)
* Improvemenets to unit tests.

* Break up modelfactory into multiple files, populate many states.
* Begin testing validation at the unit test level, test relationships.
* Add tests for Asset::availableForCheckout.
* Model factories now generate all needed relationships on demand,
  which allows us to unit test with a empty database.
* To faciliate the empty database, we move to using sqlite in memory as
  the unit testing database.

* Fix bug with logs of checkouts to non users.

* Fix location finding for assets.  Also Fix location show page to show users associated with location.  Still need some work to show assets.

* More test and generator improvements

* More unit test fixes. PermissionsTest is borked still.

* More Updates

* Rewrite permissionstest.  Check that we have access on the model level rather than via web requests.  Also test delete permissions.

* Fix seeders.

* Make the default asset model factory generate assets that are rtd for testing.

* Save progress.

* Rebase tests, fix department unit test, update database for functional tests.

* Update functional and api tests to use new modelfactory signatures.
2017-06-12 17:39:03 -07:00
snipe 452c52a3ab Changed variable name for consistency 2017-05-23 14:30:07 -07:00
snipe 811ddd2f67 Include depts in returned list, sort by dept 2017-05-23 02:46:55 -07:00
snipe 8caf6623f1 Filter by dept for user display 2017-05-23 01:09:03 -07:00
snipe 51fccbdda4 Added last login to user menu 2017-03-03 18:28:13 -08:00
snipe 86198badbb Added more company_id filtering, more transformers 2017-02-08 08:48:41 -08:00
snipe 1751a8c0e0 Switched to presented for ugly BS table column headers 2017-02-03 22:20:11 -08:00
snipe c7e1b426e7 Additional API routes and controllers for models, suppliers, users, locations and status labels 2017-01-13 04:50:20 -08:00
snipe 58b1ac5f0f Some route/transformer edits 2017-01-13 00:13:57 -08:00
snipe 9c41881d99 Use transformers for API response
This is experimental
2017-01-12 23:42:39 -08:00