mirror of
https://github.com/snipe/snipe-it.git
synced 2024-11-14 01:24:06 -08:00
5fded57ec6
Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # README.md # app/Console/Commands/LdapSync.php # app/Http/Controllers/Api/AssetsController.php # app/Http/Controllers/ProfileController.php # app/Importer/ItemImporter.php # app/Importer/UserImporter.php # app/Models/Asset.php # app/Models/License.php # app/Providers/AppServiceProvider.php # app/Services/LdapAd.php # config/version.php # public/js/build/app.js # public/js/dist/all.js # public/mix-manifest.json # resources/lang/ar/button.php # resources/lang/de/admin/companies/general.php # resources/lang/de/admin/custom_fields/general.php # resources/lang/de/admin/groups/titles.php # resources/lang/de/admin/hardware/form.php # resources/lang/de/admin/hardware/general.php # resources/lang/de/admin/hardware/message.php # resources/lang/de/admin/hardware/table.php # resources/lang/de/admin/kits/general.php # resources/lang/de/admin/locations/table.php # resources/lang/de/admin/reports/general.php # resources/lang/de/admin/settings/general.php # resources/lang/de/admin/settings/message.php # resources/lang/de/admin/users/general.php # resources/lang/de/general.php # resources/lang/de/mail.php # resources/lang/en/admin/asset_maintenances/message.php # resources/lang/en/admin/asset_maintenances/table.php # resources/lang/en/admin/companies/general.php # resources/lang/en/admin/companies/message.php # resources/lang/en/admin/custom_fields/general.php # resources/lang/en/admin/depreciations/general.php # resources/lang/en/admin/groups/titles.php # resources/lang/en/admin/hardware/form.php # resources/lang/en/admin/hardware/general.php # resources/lang/en/admin/hardware/table.php # resources/lang/en/admin/kits/general.php # resources/lang/en/admin/locations/table.php # resources/lang/en/admin/reports/general.php # resources/lang/en/admin/settings/general.php # resources/lang/en/admin/settings/message.php # resources/lang/en/admin/users/general.php # resources/lang/en/button.php # resources/lang/en/general.php # resources/lang/en/help.php # resources/lang/en/mail.php # resources/lang/en/passwords.php # resources/lang/hu/admin/hardware/general.php # resources/lang/hu/admin/hardware/table.php # resources/lang/hu/admin/locations/table.php # resources/lang/is/admin/locations/table.php # resources/lang/ko/admin/custom_fields/general.php # resources/lang/ko/general.php # resources/lang/nl/admin/hardware/general.php # resources/lang/nl/admin/hardware/message.php # resources/lang/nl/admin/hardware/table.php # resources/lang/nl/admin/locations/table.php # resources/lang/nl/admin/statuslabels/message.php # resources/lang/nl/admin/users/general.php # resources/lang/no/admin/companies/general.php # resources/lang/no/admin/custom_fields/general.php # resources/lang/no/admin/depreciations/general.php # resources/lang/no/admin/depreciations/table.php # resources/lang/no/admin/groups/titles.php # resources/lang/no/admin/hardware/form.php # resources/lang/no/admin/hardware/general.php # resources/lang/no/admin/hardware/table.php # resources/lang/no/admin/kits/general.php # resources/lang/no/admin/locations/table.php # resources/lang/no/admin/reports/general.php # resources/lang/no/admin/settings/general.php # resources/lang/no/admin/settings/message.php # resources/lang/no/admin/statuslabels/message.php # resources/lang/no/admin/users/general.php # resources/lang/no/button.php # resources/lang/no/general.php # resources/lang/no/mail.php # resources/lang/no/validation.php # resources/lang/pl/admin/companies/general.php # resources/lang/pl/admin/custom_fields/general.php # resources/lang/pl/admin/depreciations/general.php # resources/lang/pl/admin/depreciations/table.php # resources/lang/pl/admin/groups/titles.php # resources/lang/pl/admin/hardware/form.php # resources/lang/pl/admin/hardware/general.php # resources/lang/pl/admin/hardware/table.php # resources/lang/pl/admin/kits/general.php # resources/lang/pl/admin/locations/table.php # resources/lang/pl/admin/reports/general.php # resources/lang/pl/admin/settings/general.php # resources/lang/pl/admin/settings/message.php # resources/lang/pl/admin/users/general.php # resources/lang/pl/button.php # resources/lang/pl/general.php # resources/lang/pt-PT/admin/companies/general.php # resources/lang/pt-PT/admin/custom_fields/general.php # resources/lang/pt-PT/admin/depreciations/general.php # resources/lang/pt-PT/admin/depreciations/table.php # resources/lang/pt-PT/admin/groups/titles.php # resources/lang/pt-PT/admin/hardware/form.php # resources/lang/pt-PT/admin/hardware/general.php # resources/lang/pt-PT/general.php # resources/lang/pt-PT/help.php # resources/lang/pt-PT/validation.php # resources/lang/ro/admin/companies/general.php # resources/lang/ro/admin/custom_fields/general.php # resources/lang/ro/admin/groups/titles.php # resources/lang/ro/admin/hardware/form.php # resources/lang/ro/admin/hardware/general.php # resources/lang/ro/admin/hardware/message.php # resources/lang/ro/admin/hardware/table.php # resources/lang/ro/admin/locations/table.php # resources/lang/ro/admin/settings/message.php # resources/lang/ru/admin/companies/general.php # resources/lang/ru/admin/custom_fields/general.php # resources/lang/ru/admin/settings/general.php # resources/lang/ru/button.php # resources/lang/ru/general.php # resources/lang/ru/validation.php # resources/lang/sk/admin/settings/general.php # resources/lang/sk/button.php # resources/lang/sk/general.php # resources/lang/tr/admin/hardware/form.php # resources/lang/tr/admin/hardware/table.php # resources/lang/tr/admin/kits/general.php # resources/lang/tr/admin/locations/table.php # resources/lang/tr/admin/reports/general.php # resources/lang/tr/admin/settings/general.php # resources/lang/tr/admin/settings/message.php # resources/lang/tr/admin/statuslabels/message.php # resources/lang/tr/admin/users/general.php # resources/lang/tr/button.php # resources/lang/tr/general.php # resources/lang/zh-CN/admin/companies/general.php # resources/lang/zh-CN/admin/custom_fields/general.php # resources/lang/zh-CN/admin/depreciations/general.php # resources/lang/zh-CN/admin/depreciations/table.php # resources/lang/zh-CN/admin/groups/titles.php # resources/lang/zh-CN/admin/hardware/form.php # resources/lang/zh-CN/admin/hardware/general.php # resources/lang/zh-CN/admin/hardware/message.php # resources/lang/zh-CN/admin/hardware/table.php # resources/lang/zh-CN/admin/kits/general.php # resources/lang/zh-CN/admin/locations/table.php # resources/lang/zh-CN/admin/reports/general.php # resources/lang/zh-CN/admin/settings/general.php # resources/lang/zh-CN/admin/settings/message.php # resources/lang/zh-CN/admin/statuslabels/message.php # resources/lang/zh-CN/admin/users/general.php # resources/lang/zh-CN/button.php # resources/lang/zh-CN/general.php # resources/lang/zh-CN/mail.php # resources/views/depreciations/edit.blade.php
217 lines
7 KiB
PHP
Executable file
217 lines
7 KiB
PHP
Executable file
<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use App\Http\Requests\ImageUploadRequest;
|
|
use App\Models\Setting;
|
|
use Auth;
|
|
use Gate;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Support\Facades\Storage;
|
|
use Image;
|
|
use Redirect;
|
|
use View;
|
|
|
|
/**
|
|
* This controller handles all actions related to User Profiles for
|
|
* the Snipe-IT Asset Management application.
|
|
*
|
|
* @version v1.0
|
|
*/
|
|
class ProfileController extends Controller
|
|
{
|
|
/**
|
|
* Returns a view with the user's profile form for editing
|
|
*
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
* @since [v1.0]
|
|
* @return \Illuminate\Contracts\View\View
|
|
*/
|
|
public function getIndex()
|
|
{
|
|
$user = Auth::user();
|
|
|
|
return view('account/profile', compact('user'));
|
|
}
|
|
|
|
/**
|
|
* Validates and stores the user's update data.
|
|
*
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
* @since [v1.0]
|
|
* @return \Illuminate\Http\RedirectResponse
|
|
*/
|
|
public function postIndex(ImageUploadRequest $request)
|
|
{
|
|
$user = Auth::user();
|
|
$user->first_name = $request->input('first_name');
|
|
$user->last_name = $request->input('last_name');
|
|
$user->website = $request->input('website');
|
|
$user->gravatar = $request->input('gravatar');
|
|
$user->skin = $request->input('skin');
|
|
$user->phone = $request->input('phone');
|
|
|
|
if (! config('app.lock_passwords')) {
|
|
$user->locale = $request->input('locale', 'en');
|
|
}
|
|
|
|
if ((Gate::allows('self.two_factor')) && ((Setting::getSettings()->two_factor_enabled == '1') && (! config('app.lock_passwords')))) {
|
|
$user->two_factor_optin = $request->input('two_factor_optin', '0');
|
|
}
|
|
|
|
if (Gate::allows('self.edit_location') && (! config('app.lock_passwords'))) {
|
|
$user->location_id = $request->input('location_id');
|
|
}
|
|
|
|
|
|
if ($request->input('avatar_delete') == 1) {
|
|
$user->avatar = null;
|
|
}
|
|
|
|
|
|
if ($request->hasFile('avatar')) {
|
|
$path = 'avatars';
|
|
|
|
if (! Storage::disk('public')->exists($path)) {
|
|
Storage::disk('public')->makeDirectory($path, 775);
|
|
}
|
|
|
|
$upload = $image = $request->file('avatar');
|
|
$ext = $image->getClientOriginalExtension();
|
|
$file_name = 'avatar-'.str_random(18).'.'.$ext;
|
|
|
|
if ($image->getClientOriginalExtension() != 'svg') {
|
|
$upload = Image::make($image->getRealPath())->resize(84, 84);
|
|
}
|
|
|
|
// This requires a string instead of an object, so we use ($string)
|
|
Storage::disk('public')->put($path.'/'.$file_name, (string) $upload->encode());
|
|
|
|
// Remove Current image if exists
|
|
if (($user->avatar) && (Storage::disk('public')->exists($path.'/'.$user->avatar))) {
|
|
Storage::disk('public')->delete($path.'/'.$user->avatar);
|
|
}
|
|
|
|
$user->avatar = $file_name;
|
|
}
|
|
|
|
if ($user->save()) {
|
|
return redirect()->route('profile')->with('success', 'Account successfully updated');
|
|
}
|
|
|
|
return redirect()->back()->withInput()->withErrors($user->getErrors());
|
|
}
|
|
|
|
|
|
/**
|
|
* Returns a page with the API token generation interface.
|
|
*
|
|
* We created a controller method for this because closures aren't allowed
|
|
* in the routes file if you want to be able to cache the routes.
|
|
*
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
* @since [v4.0]
|
|
* @return View
|
|
*/
|
|
public function api()
|
|
{
|
|
|
|
// Make sure the self.api permission has been granted
|
|
if (!Gate::allows('self.api')) {
|
|
abort(403);
|
|
}
|
|
|
|
return view('account/api');
|
|
}
|
|
|
|
/**
|
|
* User change email page.
|
|
*
|
|
* @return View
|
|
*/
|
|
public function password()
|
|
{
|
|
$user = Auth::user();
|
|
|
|
return view('account/change-password', compact('user'));
|
|
}
|
|
|
|
/**
|
|
* Users change password form processing page.
|
|
*
|
|
* @return Redirect
|
|
*/
|
|
public function passwordSave(Request $request)
|
|
{
|
|
if (config('app.lock_passwords')) {
|
|
return redirect()->route('account.password.index')->with('error', trans('admin/users/table.lock_passwords'));
|
|
}
|
|
|
|
$user = Auth::user();
|
|
if ($user->ldap_import == '1') {
|
|
return redirect()->route('account.password.index')->with('error', trans('admin/users/message.error.password_ldap'));
|
|
}
|
|
|
|
$rules = [
|
|
'current_password' => 'required',
|
|
'password' => Setting::passwordComplexityRulesSaving('store').'|confirmed',
|
|
];
|
|
|
|
$validator = \Validator::make($request->all(), $rules);
|
|
$validator->after(function ($validator) use ($request, $user) {
|
|
if (! Hash::check($request->input('current_password'), $user->password)) {
|
|
$validator->errors()->add('current_password', trans('validation.hashed_pass'));
|
|
}
|
|
|
|
// This checks to make sure that the user's password isn't the same as their username,
|
|
// email address, first name or last name (see https://github.com/snipe/snipe-it/issues/8661)
|
|
// While this is handled via SaveUserRequest form request in other places, we have to do this manually
|
|
// here because we don't have the username, etc form fields available in the profile password change
|
|
// form.
|
|
|
|
// There may be a more elegant way to do this in the future.
|
|
|
|
// First let's see if that option is enabled in the settings
|
|
if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== false) {
|
|
if (($request->input('password') == $user->username) ||
|
|
($request->input('password') == $user->email) ||
|
|
($request->input('password') == $user->first_name) ||
|
|
($request->input('password') == $user->last_name)) {
|
|
$validator->errors()->add('password', trans('validation.disallow_same_pwd_as_user_fields'));
|
|
}
|
|
}
|
|
});
|
|
|
|
if (! $validator->fails()) {
|
|
$user->password = Hash::make($request->input('password'));
|
|
$user->save();
|
|
return redirect()->route('account.password.index')->with('success', 'Password updated!');
|
|
|
|
}
|
|
return redirect()->back()->withInput()->withErrors($validator);
|
|
|
|
|
|
}
|
|
|
|
/**
|
|
* Save the menu state of open/closed when the user clicks on the hamburger
|
|
* menu.
|
|
*
|
|
* This URL is triggered via jquery in
|
|
* resources/views/layouts/default.blade.php
|
|
*
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
* @since [v4.0]
|
|
* @return View
|
|
*/
|
|
public function getMenuState(Request $request)
|
|
{
|
|
if ($request->input('state') == 'open') {
|
|
$request->session()->put('menu_state', 'open');
|
|
} else {
|
|
$request->session()->put('menu_state', 'closed');
|
|
}
|
|
}
|
|
}
|