Commit graph

6109 commits

Author SHA1 Message Date
Tobias Regnery fdcc17ca2c Fix user creation with FullMultipleCompanySupport enabled over API
It is currently possible as a non-superuser to create a new user or patch an existing user with arbitrary company over the API if FullMultipleCompanySupport is enabled.
Altough a highly unlikely scenario as the user needs permission to create API keys and new users, it is a bug that should get fixed.

Add a call to getIdForCurrentUser() to normalize the company_id if FullMultipleCompanySupport is enabled.
2024-10-16 11:47:18 +02:00
Brady Wetherington e4e1d0d50a Clean up how we use the '$location' in LDAP sync command 2024-10-15 17:26:31 +01:00
snipe 0ae9ce0aa9 Cannot sort by updated at on Users [sc-27147]
Signed-off-by: snipe <snipe@snipe.net>
2024-10-15 16:41:45 +01:00
snipe 50b8f180b3 More logical grouping in allow_columns
Signed-off-by: snipe <snipe@snipe.net>
2024-10-15 16:41:39 +01:00
snipe d0d4159088 Fixed typo
Signed-off-by: snipe <snipe@snipe.net>
2024-10-15 12:42:09 +01:00
Tobias Regnery f3c4e55667 Refactor asset creation with API
Commit fb4fe3004 restored the previous behaviour to check the company_id in case of FullMultipleCompanySupport.
But after rereading the code and the laravel documentation, the check is already there where it belongs in AssetStoreRequest::prepareForValidation()
The bug is the is_int-check of the request input in prepareForValidation(). Is is of type string even if it is a numeric value, so the call to getIdForCurrentUser() never happend.
Fix this by removing the check and the now redundant call to getIdForCurrentUser().
Wrong values will get caught by the model-level validation rules.
2024-10-14 15:14:41 +02:00
snipe 0d35335da7 Removed debugging
Some checks failed
Crowdin Action / upload-sources-to-crowdin (push) Has been cancelled
Docker images (Alpine) / docker (push) Has been cancelled
Docker images / docker (push) Has been cancelled
Tests in MySQL / PHP ${{ matrix.php-version }} (8.1) (push) Has been cancelled
Tests in MySQL / PHP ${{ matrix.php-version }} (8.2) (push) Has been cancelled
Tests in MySQL / PHP ${{ matrix.php-version }} (8.3) (push) Has been cancelled
Tests in SQLite / PHP ${{ matrix.php-version }} (8.1.1) (push) Has been cancelled
Signed-off-by: snipe <snipe@snipe.net>
2024-10-11 16:06:17 +01:00
snipe e1a70023b1
Merge pull request #15655 from Toreg87/fixes/api_asset_create_fmcs
Fixes #15654 Fix asset creation with API and FullMultipleCompanySupport
2024-10-11 11:45:48 +01:00
snipe de62359c67
Merge pull request #15533 from marcusmoore/testing/fmcs-accessories
Added tests for accessory api controller
2024-10-11 11:29:34 +01:00
Tobias Regnery fb4fe30049 Fix asset creation with API and FullMultipleCompanySupport
It is currently possible to create an asset with arbitrary company without being superuser and FullMultipleCompanySupport enabled.
This bug goes back to 75ac7f80b9 which is part of version 6.3.0.
Fix this by restoring the previous behaviour to check the company_id with getIdForCurrentUser().
2024-10-11 12:19:20 +02:00
snipe b054017c9f Fixed #15651 - admin user now displaying on maintenances page
Signed-off-by: snipe <snipe@snipe.net>
2024-10-11 11:16:24 +01:00
snipe 8aa298f6b0
Merge pull request #15644 from snipe/form_requests_for_settings
Some checks are pending
Crowdin Action / upload-sources-to-crowdin (push) Waiting to run
Docker images (Alpine) / docker (push) Waiting to run
Docker images / docker (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.1) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.2) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.3) (push) Waiting to run
Tests in SQLite / PHP ${{ matrix.php-version }} (8.1.1) (push) Waiting to run
Form requests for settings
2024-10-10 12:30:53 +01:00
snipe 94a074a193
Merge pull request #15601 from snipe/check_db_on_healthcheck
Some checks are pending
Crowdin Action / upload-sources-to-crowdin (push) Waiting to run
Docker images (Alpine) / docker (push) Waiting to run
Docker images / docker (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.1) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.2) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.3) (push) Waiting to run
Tests in SQLite / PHP ${{ matrix.php-version }} (8.1.1) (push) Waiting to run
Fixed #15439 - check database on healthcheck
2024-10-10 01:11:10 +01:00
snipe 3886da8941 Remove form request from get LDAP method
Signed-off-by: snipe <snipe@snipe.net>
2024-10-09 22:15:49 +01:00
snipe 130e0c6242 More validation
Signed-off-by: snipe <snipe@snipe.net>
2024-10-09 22:15:37 +01:00
snipe 3705b91439 Added more validation
Signed-off-by: snipe <snipe@snipe.net>
2024-10-09 20:51:34 +01:00
snipe ded79469c1 Remove unused controller method
Signed-off-by: snipe <snipe@snipe.net>
2024-10-09 20:33:29 +01:00
snipe d9fbf330e5 Fixed translations
Signed-off-by: snipe <snipe@snipe.net>
2024-10-09 20:33:15 +01:00
snipe 3a77b83e9c Added space
Signed-off-by: snipe <snipe@snipe.net>
2024-10-09 19:30:34 +01:00
snipe d9be2b5a5e Trying to use the email_array translation
Signed-off-by: snipe <snipe@snipe.net>
2024-10-09 19:30:25 +01:00
snipe 4f957bcf71 Required flag
Signed-off-by: snipe <snipe@snipe.net>
2024-10-09 18:34:53 +01:00
snipe 5cda7cce48 Only accept a positive number for thresholds
Signed-off-by: snipe <snipe@snipe.net>
2024-10-09 18:21:40 +01:00
snipe aa55fa6ff4 Switch to form requests for settings
Signed-off-by: snipe <snipe@snipe.net>
2024-10-09 18:16:34 +01:00
snipe 3ee5713740
Merge pull request #15631 from snipe/test/importer-tests
Some checks failed
Crowdin Action / upload-sources-to-crowdin (push) Has been cancelled
Docker images (Alpine) / docker (push) Has been cancelled
Docker images / docker (push) Has been cancelled
Tests in MySQL / PHP ${{ matrix.php-version }} (8.1) (push) Has been cancelled
Tests in MySQL / PHP ${{ matrix.php-version }} (8.2) (push) Has been cancelled
Tests in MySQL / PHP ${{ matrix.php-version }} (8.3) (push) Has been cancelled
Tests in SQLite / PHP ${{ matrix.php-version }} (8.1.1) (push) Has been cancelled
Add importer tests
2024-10-07 23:13:15 +01:00
snipe 26d7572bcc
Merge pull request #15603 from marcusmoore/fixes/add-reguard
Added `Model::reguard()` to importer
2024-10-07 22:28:53 +01:00
Marcus Moore e213053775
Swap factory syntax 2024-10-03 13:59:58 -07:00
Marcus Moore 32551d55d7
Merge pull request #15579 from bryanlopezinc/ImportTests
Add Import data tests
2024-10-03 11:39:21 -07:00
snipe 7461c3e0ca Change controller to assume a collection. (This is dumb, but whatever)
Signed-off-by: snipe <snipe@snipe.net>
2024-10-03 16:19:27 +01:00
Brady Wetherington 350b627ce1 Fix numeric sort 'ambiguous order clause' error 2024-10-03 14:23:40 +01:00
Marcus Moore ee046a8688
Add matching Model::reguard() 2024-10-02 10:50:40 -07:00
snipe b34a7c8aad Removed die()
Signed-off-by: snipe <snipe@snipe.net>
2024-10-02 15:48:35 +01:00
snipe f92bf5dc20 Updated language for failure
Signed-off-by: snipe <snipe@snipe.net>
2024-10-02 15:39:27 +01:00
snipe 4d9e85026a Fixed #15439 - check database on healthcheck
Signed-off-by: snipe <snipe@snipe.net>
2024-10-02 15:36:01 +01:00
snipe 4db7358086
Merge pull request #15593 from Godmartinz/Fixed-divide-by-zero-bug
Fixed divide by zero bug in depreciation transformer
2024-10-02 12:38:46 +01:00
spencerrlongg 8232618a9f change the other one too 2024-10-01 14:26:32 -05:00
spencerrlongg 9a651b567d change error to warning 2024-10-01 14:24:03 -05:00
Godfrey M b9cfdf2e54 reworked monthly depreciation variable value 2024-10-01 11:41:59 -07:00
spencerrlongg 1139acd9f3 catch errors around request notifications 2024-10-01 13:36:47 -05:00
Godfrey M b7ad80bd31 fix monthly depreciation value 2024-10-01 11:24:24 -07:00
Godfrey M 5ffd1b8daa fixes if statement in transformer 2024-10-01 11:02:39 -07:00
snipe 27ba641aa5 Added checkin on delete to API
Signed-off-by: snipe <snipe@snipe.net>
2024-10-01 14:30:34 +01:00
snipe 5823197e6f Added checkin action on delete for checked out assets
Signed-off-by: snipe <snipe@snipe.net>
2024-10-01 14:29:02 +01:00
snipe cae8aa7840 Added maxlengths to additional fields
Signed-off-by: snipe <snipe@snipe.net>
2024-10-01 14:02:54 +01:00
Marcus Moore fdfea390fb
Merge branch 'develop' into testing/fmcs-accessories 2024-09-30 12:59:27 -07:00
snipe b964ce1025
Merge pull request #15583 from Godmartinz/remove-sortable-from-depreciations
Removed sortablity for current value column in depreciations report
2024-09-30 19:25:05 +01:00
snipe 6217cba201
Merge pull request #15524 from Godmartinz/double-notif-bug
Fixed double webhook notifications // Separated email and webhook notifications.
2024-09-30 19:24:19 +01:00
Godfrey M 68e3f375fc removes sortablity from current value column 2024-09-30 11:15:49 -07:00
bryanlopezinc e807cfab86 Merge branch 'develop' into importTests 2024-09-30 12:47:52 +01:00
bryanlopezinc 0b3f458561 Added tests for Import feature 2024-09-30 12:42:41 +01:00
snipe 3f0245f88f Make controller gate match dropdown gate
Signed-off-by: snipe <snipe@snipe.net>
2024-09-25 20:33:00 +01:00