Squashed commit of the following:
commit147fcfb8ebMerge:58a3d09b5fdcc17ca2Author: snipe <snipe@snipe.net> Date: Tue Oct 22 15:12:55 2024 +0100 Merge pull request #15676 from Toreg87/fixes/api_create_user_fmcs Fix user creation with FullMultipleCompanySupport enabled over API commit58a3d09b5fMerge:30a06a594867fa2f36Author: snipe <snipe@snipe.net> Date: Tue Oct 22 14:55:42 2024 +0100 Merge pull request #15703 from marcusmoore/bug/sc-27188 Linked accessory files in activity report commit30a06a5942Merge:6c6af78e0ce3086317Author: snipe <snipe@snipe.net> Date: Tue Oct 22 11:47:06 2024 +0100 Merge pull request #15693 from marcusmoore/chore/remove-parallel-testing Removed brianium/paratest commit6c6af78e08Merge:9b06bbb6c3f79fd7eaAuthor: snipe <snipe@snipe.net> Date: Tue Oct 22 11:46:04 2024 +0100 Merge pull request #15705 from marcusmoore/tests/icon-component-test Added test to ensure icon component does not end in newline commit3f79fd7ea7Author: Marcus Moore <contact@marcusmoore.io> Date: Mon Oct 21 17:07:40 2024 -0700 Add test to ensure icon component does not end in newline commit9b06bbb6c3Merge:46ad1d072d7f70146fAuthor: snipe <snipe@snipe.net> Date: Mon Oct 21 22:38:26 2024 +0100 Merge pull request #15704 from marcusmoore/bug/remove-extra-icon Removed second icon in accessory file list commitce30863177Author: Marcus Moore <contact@marcusmoore.io> Date: Mon Oct 21 13:57:04 2024 -0700 Remove brianium/paratest dependency commitd7f70146f4Author: Marcus Moore <contact@marcusmoore.io> Date: Mon Oct 21 13:48:25 2024 -0700 Remove extra icon in accessory file upload list commit867fa2f36eAuthor: Marcus Moore <contact@marcusmoore.io> Date: Mon Oct 21 12:40:24 2024 -0700 Display file in activity report for accessories commit0933a2d4eaAuthor: Marcus Moore <contact@marcusmoore.io> Date: Thu Oct 17 18:01:48 2024 -0700 Remove --parallel flag commit46ad1d072fMerge:bcb4bd9eb3cf746d7dAuthor: snipe <snipe@snipe.net> Date: Thu Oct 17 15:29:47 2024 +0100 Merge pull request #15680 from uberbrady/bulk_checkout_to_bulk_actions Bulk checkout to bulk actions commitbcb4bd9eb4Merge:250037540f50ccbcc4Author: snipe <snipe@snipe.net> Date: Thu Oct 17 10:20:13 2024 +0100 Merge pull request #15683 from Toreg87/fixes/outdated_comment Fix outdated comment in CompanyableTrait commitf50ccbcc49Author: Tobias Regnery <tobias.regnery@gmail.com> Date: Thu Oct 17 11:07:28 2024 +0200 Fix outdated comment in CompanyableTrait As of commit5800e8dthe user model uses CompanyableTrait so remove this clearly outdated comment commit3cf746d7dfAuthor: Brady Wetherington <bwetherington@grokability.com> Date: Wed Oct 16 23:13:32 2024 +0100 Rework the bulk checkout to not change how all checkouts work commit6b7af802afAuthor: Brady Wetherington <bwetherington@grokability.com> Date: Thu Oct 10 13:28:23 2024 +0100 Add 'bulk checkout' as one of the bulk actions in the bulk actions toolbar commitfdcc17ca2cAuthor: Tobias Regnery <tobias.regnery@gmail.com> Date: Wed Oct 16 11:18:24 2024 +0200 Fix user creation with FullMultipleCompanySupport enabled over API It is currently possible as a non-superuser to create a new user or patch an existing user with arbitrary company over the API if FullMultipleCompanySupport is enabled. Altough a highly unlikely scenario as the user needs permission to create API keys and new users, it is a bug that should get fixed. Add a call to getIdForCurrentUser() to normalize the company_id if FullMultipleCompanySupport is enabled. Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe
@@ -14,6 +14,7 @@ use App\Http\Transformers\UsersTransformer;
|
||||
use App\Models\Actionlog;
|
||||
use App\Models\Asset;
|
||||
use App\Models\Accessory;
|
||||
use App\Models\Company;
|
||||
use App\Models\Consumable;
|
||||
use App\Models\License;
|
||||
use App\Models\User;
|
||||
@@ -371,6 +372,7 @@ class UsersController extends Controller
|
||||
|
||||
$user = new User;
|
||||
$user->fill($request->all());
|
||||
$user->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
$user->created_by = auth()->id();
|
||||
|
||||
if ($request->has('permissions')) {
|
||||
@@ -452,6 +454,10 @@ class UsersController extends Controller
|
||||
|
||||
$user->fill($request->all());
|
||||
|
||||
if ($request->filled('company_id')) {
|
||||
$user->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
}
|
||||
|
||||
if ($user->id == $request->input('manager_id')) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
|
||||
}
|
||||
|
||||
@@ -52,6 +52,10 @@ class BulkAssetsController extends Controller
|
||||
}
|
||||
|
||||
$asset_ids = $request->input('ids');
|
||||
if ($request->input('bulk_actions') === 'checkout') {
|
||||
$request->session()->flashInput(['selected_assets' => $asset_ids]);
|
||||
return redirect()->route('hardware.bulkcheckout.show');
|
||||
}
|
||||
|
||||
// Figure out where we need to send the user after the update is complete, and store that in the session
|
||||
$bulk_back_url = request()->headers->get('referer');
|
||||
@@ -571,31 +575,34 @@ class BulkAssetsController extends Controller
|
||||
}
|
||||
|
||||
$errors = [];
|
||||
DB::transaction(function () use ($target, $admin, $checkout_at, $expected_checkin, $errors, $asset_ids, $request) {
|
||||
DB::transaction(function () use ($target, $admin, $checkout_at, $expected_checkin, &$errors, $asset_ids, $request) { //NOTE: $errors is passsed by reference!
|
||||
foreach ($asset_ids as $asset_id) {
|
||||
$asset = Asset::findOrFail($asset_id);
|
||||
$this->authorize('checkout', $asset);
|
||||
|
||||
$error = $asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), $asset->name, null);
|
||||
$checkout_success = $asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), $asset->name, null);
|
||||
|
||||
//TODO - I think this logic is duplicated in the checkOut method?
|
||||
if ($target->location_id != '') {
|
||||
$asset->location_id = $target->location_id;
|
||||
$asset->unsetEventDispatcher();
|
||||
$asset->save();
|
||||
// TODO - I don't know why this is being saved without events
|
||||
$asset::withoutEvents(function () use ($asset) {
|
||||
$asset->save();
|
||||
});
|
||||
}
|
||||
|
||||
if ($error) {
|
||||
array_merge_recursive($errors, $asset->getErrors()->toArray());
|
||||
if (!$checkout_success) {
|
||||
$errors = array_merge_recursive($errors, $asset->getErrors()->toArray());
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
if (! $errors) {
|
||||
// Redirect to the new asset page
|
||||
return redirect()->to('hardware')->with('success', trans('admin/hardware/message.checkout.success'));
|
||||
return redirect()->to('hardware')->with('success', trans_choice('admin/hardware/message.multi-checkout.success', $asset_ids));
|
||||
}
|
||||
// Redirect to the asset management page with error
|
||||
return redirect()->route('hardware.bulkcheckout.show')->with('error', trans('admin/hardware/message.checkout.error'))->withErrors($errors);
|
||||
return redirect()->route('hardware.bulkcheckout.show')->withInput()->with('error', trans_choice('admin/hardware/message.multi-checkout.error', $asset_ids))->withErrors($errors);
|
||||
} catch (ModelNotFoundException $e) {
|
||||
return redirect()->route('hardware.bulkcheckout.show')->with('error', $e->getErrors());
|
||||
}
|
||||
|
||||
@@ -141,6 +141,8 @@ class ActionlogsTransformer
|
||||
if ($actionlog->item) {
|
||||
if ($actionlog->itemType() == 'asset') {
|
||||
$file_url = route('show/assetfile', ['assetId' => $actionlog->item->id, 'fileId' => $actionlog->id]);
|
||||
} elseif ($actionlog->itemType() == 'accessory') {
|
||||
$file_url = route('show.accessoryfile', ['accessoryId' => $actionlog->item->id, 'fileId' => $actionlog->id]);
|
||||
} elseif ($actionlog->itemType() == 'license') {
|
||||
$file_url = route('show.licensefile', ['licenseId' => $actionlog->item->id, 'fileId' => $actionlog->id]);
|
||||
} elseif ($actionlog->itemType() == 'user') {
|
||||
@@ -345,4 +347,4 @@ class ActionlogsTransformer
|
||||
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user