diff --git a/app/controllers/account/ViewAssetsController.php b/app/controllers/account/ViewAssetsController.php index 46f3f4f013..7ac3eecc9a 100755 --- a/app/controllers/account/ViewAssetsController.php +++ b/app/controllers/account/ViewAssetsController.php @@ -9,6 +9,7 @@ use Location; use View; use Asset; use Actionlog; +use Company; use Lang; use Accessory; use DB; @@ -43,7 +44,9 @@ class ViewAssetsController extends AuthorizedController public function getRequestableIndex() { - $assets = Asset::with('model','defaultLoc')->Hardware()->RequestableAssets()->get(); + $assets = Asset::with('model','defaultLoc')->Hardware()->RequestableAssets(); + $assets = Company::scopeCompanayables($assets)->get(); + return View::make('frontend/account/requestable-assets', compact('user','assets')); } @@ -56,7 +59,11 @@ class ViewAssetsController extends AuthorizedController if (is_null($asset = Asset::RequestableAssets()->find($assetId))) { // Redirect to the asset management page return Redirect::route('requestable-assets')->with('error', Lang::get('admin/hardware/message.does_not_exist_or_not_requestable')); - } else { + } + else if (!Company::isCurrentUserHasAccess($asset)) { + return Redirect::route('requestable-assets')->with('error', Lang::get('general.insufficient_permissions')); + } + else { $logaction = new Actionlog(); $logaction->asset_id = $asset->id; @@ -133,24 +140,27 @@ class ViewAssetsController extends AuthorizedController // Redirect to the asset management page return Redirect::to('account')->with('error', Lang::get('admin/hardware/message.does_not_exist')); } - - return View::make('frontend/account/accept-asset', compact('item'))->with('findlog', $findlog); - - - - + else if (!Company::isCurrentUserHasAccess($item)) { + return Redirect::route('requestable-assets')->with('error', Lang::get('general.insufficient_permissions')); + } + else { + return View::make('frontend/account/accept-asset', compact('item'))->with('findlog', $findlog); + } } // Save the acceptance public function postAcceptAsset($logID = null) { - // Check if the asset exists if (is_null($findlog = Actionlog::find($logID))) { // Redirect to the asset management page return Redirect::to('account/view-assets')->with('error', Lang::get('admin/hardware/message.does_not_exist')); } + $is_unauthorized = is_null(Company::scopeActionLogs(Actionlog::where('id', '=', $logID))->first()); + if ($is_unauthorized) { + return Redirect::route('requestable-assets')->with('error', Lang::get('general.insufficient_permissions')); + } if ($findlog->accepted_id!='') { // Redirect to the asset management page @@ -221,14 +231,5 @@ class ViewAssetsController extends AuthorizedController } else { return Redirect::to('account/view-assets')->with('error', 'Something went wrong '); } - - - - - } - - - - } diff --git a/app/controllers/admin/AccessoriesController.php b/app/controllers/admin/AccessoriesController.php index 8e7a72747e..f46a68d5d1 100755 --- a/app/controllers/admin/AccessoriesController.php +++ b/app/controllers/admin/AccessoriesController.php @@ -73,7 +73,7 @@ class AccessoriesController extends AdminController // Update the accessory data $accessory->name = e(Input::get('name')); $accessory->category_id = e(Input::get('category_id')); - $accessory->company_id = Company::getIdFromInput(Input::get('company_id')); + $accessory->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $accessory->order_number = e(Input::get('order_number')); if (e(Input::get('purchase_date')) == '') { @@ -117,6 +117,9 @@ class AccessoriesController extends AdminController // Redirect to the blogs management page return Redirect::to('admin/accessories')->with('error', Lang::get('admin/accessories/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($accessory)) { + return Redirect::to('admin/accessories')->with('error', Lang::get('general.insufficient_permissions')); + } $category_list = array('' => '') + DB::table('categories')->where('category_type','=','accessory')->whereNull('deleted_at')->orderBy('name','ASC')->lists('name', 'id'); $company_list = Company::getSelectList(); @@ -140,6 +143,9 @@ class AccessoriesController extends AdminController // Redirect to the blogs management page return Redirect::to('admin/accessories')->with('error', Lang::get('admin/accessories/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($accessory)) { + return Redirect::to('admin/accessories')->with('error', Lang::get('general.insufficient_permissions')); + } // get the POST data @@ -160,7 +166,7 @@ class AccessoriesController extends AdminController // Update the accessory data $accessory->name = e(Input::get('name')); $accessory->category_id = e(Input::get('category_id')); - $accessory->company_id = Company::getIdFromInput(Input::get('company_id')); + $accessory->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $accessory->order_number = e(Input::get('order_number')); if (e(Input::get('purchase_date')) == '') { @@ -202,6 +208,9 @@ class AccessoriesController extends AdminController // Redirect to the blogs management page return Redirect::to('admin/accessories')->with('error', Lang::get('admin/accessories/message.not_found')); } + else if (!Company::isCurrentUserHasAccess($accessory)) { + return Redirect::to('admin/accessories')->with('error', Lang::get('general.insufficient_permissions')); + } if ($accessory->hasUsers() > 0) { @@ -233,7 +242,13 @@ class AccessoriesController extends AdminController $accessory = Accessory::find($accessoryID); if (isset($accessory->id)) { + + if (!Company::isCurrentUserHasAccess($accessory)) { + return Redirect::to('admin/accessories')->with('error', Lang::get('general.insufficient_permissions')); + } + else { return View::make('backend/accessories/view', compact('accessory')); + } } else { // Prepare the error message $error = Lang::get('admin/accessories/message.does_not_exist', compact('id')); @@ -255,6 +270,9 @@ class AccessoriesController extends AdminController // Redirect to the accessory management page with error return Redirect::to('accessories')->with('error', Lang::get('admin/accessories/message.not_found')); } + else if (!Company::isCurrentUserHasAccess($accessory)) { + return Redirect::to('admin/accessories')->with('error', Lang::get('general.insufficient_permissions')); + } // Get the dropdown of users and then pass it to the checkout view $users_list = array('' => 'Select a User') + DB::table('users')->select(DB::raw('concat(last_name,", ",first_name," (",username,")") as full_name, id'))->whereNull('deleted_at')->orderBy('last_name', 'asc')->orderBy('first_name', 'asc')->lists('full_name', 'id'); @@ -273,6 +291,9 @@ class AccessoriesController extends AdminController // Redirect to the accessory management page with error return Redirect::to('accessories')->with('error', Lang::get('admin/accessories/message.not_found')); } + else if (!Company::isCurrentUserHasAccess($accessory)) { + return Redirect::to('admin/accessories')->with('error', Lang::get('general.insufficient_permissions')); + } $admin_user = Sentry::getUser(); $assigned_to = e(Input::get('assigned_to')); @@ -399,7 +420,13 @@ class AccessoriesController extends AdminController } $accessory = Accessory::find($accessory_user->accessory_id); - return View::make('backend/accessories/checkin', compact('accessory'))->with('backto',$backto); + + if (!is_null($accessory) && !Company::isCurrentUserHasAccess($accessory)) { + return Redirect::to('admin/accessories')->with('error', Lang::get('general.insufficient_permissions')); + } + else { + return View::make('backend/accessories/checkin', compact('accessory'))->with('backto',$backto); + } } @@ -419,6 +446,11 @@ class AccessoriesController extends AdminController $accessory = Accessory::find($accessory_user->accessory_id); + + if (!is_null($accessory) && !Company::isCurrentUserHasAccess($accessory)) { + return Redirect::to('admin/accessories')->with('error', Lang::get('general.insufficient_permissions')); + } + $logaction = new Actionlog(); $logaction->checkedout_to = $accessory_user->assigned_to; $return_to = $accessory_user->assigned_to; @@ -507,6 +539,8 @@ class AccessoriesController extends AdminController $accessories = Accessory::with('category', 'company') ->whereNull('deleted_at'); + $accessories = Company::scopeCompanayables($accessories); + if (Input::has('search')) { $accessories = $accessories->TextSearch(Input::get('search')); } @@ -560,6 +594,11 @@ class AccessoriesController extends AdminController public function getDataView($accessoryID) { $accessory = Accessory::find($accessoryID); + + if (!is_null($accessory) && !Company::isCurrentUserHasAccess($accessory)) { + return ['total' => 0, 'rows' => []]; + } + $accessory_users = $accessory->users; $count = $accessory_users->count(); diff --git a/app/controllers/admin/AssetMaintenancesController.php b/app/controllers/admin/AssetMaintenancesController.php index 7959bad096..5ead68715e 100644 --- a/app/controllers/admin/AssetMaintenancesController.php +++ b/app/controllers/admin/AssetMaintenancesController.php @@ -5,6 +5,7 @@ use AdminController; use AssetMaintenance; use Carbon\Carbon; + use Company; use DB; use Input; use Lang; @@ -48,11 +49,11 @@ public function getDatatable() { - - - $maintenances = AssetMaintenance::with('asset','supplier') + $maintenances = AssetMaintenance::with('asset','supplier','asset.company') ->whereNull('deleted_at'); + $maintenances = Company::scopeCompanayableChildren('asset', $maintenances); + if (Input::has('search')) { $maintenances = $maintenances->TextSearch(e(Input::get('search'))); } @@ -91,6 +92,8 @@ $maintenance_cost = $settings->default_currency.$maintenance->cost; } + $company = $maintenance->asset->company; + $rows[] = array( 'id' => $maintenance->id, 'asset_name' => link_to('/hardware/'.$maintenance->asset->id.'/view', $maintenance->asset->showAssetName()) , @@ -102,7 +105,8 @@ 'start_date' => $maintenance->start_date, 'time' => $maintenance->asset_maintenance_time, 'completion_date' => $maintenance->completion_date, - 'actions' => $actions + 'actions' => $actions, + 'companyName' => is_null($company) ? '' : $company->name ); } @@ -123,7 +127,6 @@ */ public function getCreate( $assetId = null ) { - // Prepare Asset Maintenance Type List $assetMaintenanceType = [ '' => 'Select an asset maintenance type', @@ -131,7 +134,7 @@ // Mark the selected asset, if it came in $selectedAsset = $assetId; // Get the possible assets using a left join to get a list of assets and some other helpful info - $asset = DB::table( 'assets' ) + $asset = Company::scopeCompanayables( DB::table( 'assets' ), 'assets.company_id' ) ->leftJoin( 'users', 'users.id', '=', 'assets.assigned_to' ) ->leftJoin( 'models', 'assets.model_id', '=', 'models.id' ) ->select( 'assets.id', 'assets.name', 'first_name', 'last_name', 'asset_tag', @@ -207,6 +210,12 @@ $assetMaintenance->notes = e( Input::get( 'notes' ) ); } + $asset = Asset::find( e( Input::get( 'asset_id' ) ) ); + + if (is_null($asset) || !Company::isCurrentUserHasAccess($asset)) { + return Redirect::to( 'admin/asset_maintenances', Lang::get( 'general.insufficient_permissions' ) ); + } + // Save the asset maintenance data $assetMaintenance->asset_id = e( Input::get( 'asset_id' ) ); $assetMaintenance->asset_maintenance_type = e( Input::get( 'asset_maintenance_type' ) ); @@ -254,13 +263,15 @@ */ public function getEdit( $assetMaintenanceId = null ) { - // Check if the asset maintenance exists if (is_null( $assetMaintenance = AssetMaintenance::find( $assetMaintenanceId ) )) { // Redirect to the improvement management page return Redirect::to( 'admin/asset_maintenances' ) ->with( 'error', Lang::get( 'admin/asset_maintenances/message.not_found' ) ); } + else if (!Company::isCurrentUserHasAccess( $assetMaintenance->asset )) { + return Redirect::to( 'admin/asset_maintenances', Lang::get( 'general.insufficient_permissions' ) ); + } if ($assetMaintenance->completion_date == '0000-00-00') { $assetMaintenance->completion_date = null; @@ -280,7 +291,7 @@ ] + AssetMaintenance::getImprovementOptions(); // Get the possible assets using a left join to get a list of assets and some other helpful info - $asset = DB::table( 'assets' ) + $asset = Company::scopeCompanayables( DB::table( 'assets' ), 'assets.company_id' ) ->leftJoin( 'users', 'users.id', '=', 'assets.assigned_to' ) ->leftJoin( 'models', 'assets.model_id', '=', 'models.id' ) ->select( 'assets.id', 'assets.name', 'first_name', 'last_name', 'asset_tag', @@ -335,6 +346,9 @@ return Redirect::to( 'admin/asset_maintenances' ) ->with( 'error', Lang::get( 'admin/asset_maintenances/message.not_found' ) ); } + else if (!Company::isCurrentUserHasAccess( $assetMaintenance->asset )) { + return Redirect::to( 'admin/asset_maintenances', Lang::get( 'general.insufficient_permissions' ) ); + } // attempt validation if ($assetMaintenance->validate( $new )) { @@ -363,6 +377,12 @@ $assetMaintenance->notes = e( Input::get( 'notes' ) ); } + $asset = Asset::find( e( Input::get( 'asset_id' ) ) ); + + if (is_null($asset) || !Company::isCurrentUserHasAccess($asset)) { + return Redirect::to( 'admin/asset_maintenances', Lang::get( 'general.insufficient_permissions' ) ); + } + // Save the asset maintenance data $assetMaintenance->asset_id = e( Input::get( 'asset_id' ) ); $assetMaintenance->asset_maintenance_type = e( Input::get( 'asset_maintenance_type' ) ); @@ -425,13 +445,16 @@ */ public function getDelete( $assetMaintenanceId ) { - // Check if the asset maintenance exists if (is_null( $assetMaintenance = AssetMaintenance::find( $assetMaintenanceId ) )) { // Redirect to the asset maintenance management page return Redirect::to( 'admin/asset_maintenances' ) ->with( 'error', Lang::get( 'admin/asset_maintenances/message.not_found' ) ); } + else if (!Company::isCurrentUserHasAccess( $assetMaintenance->asset )) { + return Redirect::to( 'admin/asset_maintenances', Lang::get( 'general.insufficient_permissions' ) ); + } + // Delete the asset maintenance $assetMaintenance->delete(); @@ -451,13 +474,15 @@ */ public function getView( $assetMaintenanceId ) { - // Check if the asset maintenance exists if (is_null( $assetMaintenance = AssetMaintenance::find( $assetMaintenanceId ) )) { // Redirect to the asset maintenance management page return Redirect::to( 'admin/asset_maintenances' ) ->with( 'error', Lang::get( 'admin/asset_maintenances/message.not_found' ) ); } + else if (!Company::isCurrentUserHasAccess( $assetMaintenance->asset )) { + return Redirect::to( 'admin/asset_maintenances', Lang::get( 'general.insufficient_permissions' ) ); + } return View::make( 'backend/asset_maintenances/view')->with('assetMaintenance', $assetMaintenance); } diff --git a/app/controllers/admin/AssetsController.php b/app/controllers/admin/AssetsController.php index 3e62ec2ab2..3966c0994c 100755 --- a/app/controllers/admin/AssetsController.php +++ b/app/controllers/admin/AssetsController.php @@ -165,7 +165,7 @@ class AssetsController extends AdminController // Save the asset data $asset->name = e(Input::get('name')); $asset->serial = e(Input::get('serial')); - $asset->company_id = Company::getIdFromInput(Input::get('company_id')); + $asset->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $asset->model_id = e(Input::get('model_id')); $asset->order_number = e(Input::get('order_number')); $asset->notes = e(Input::get('notes')); @@ -224,6 +224,10 @@ class AssetsController extends AdminController // Redirect to the asset management page return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + // Grab the dropdown lists $model_list = modelList(); $statuslabel_list = statusLabelList(); @@ -261,6 +265,9 @@ class AssetsController extends AdminController // Redirect to the asset management page with error return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } //attempt to validate $validator = Validator::make(Input::all(), $asset->validationRules($assetId)); @@ -322,7 +329,7 @@ class AssetsController extends AdminController // Update the asset data $asset->name = e(Input::get('name')); $asset->serial = e(Input::get('serial')); - $asset->company_id = Company::getIdFromInput(Input::get('company_id')); + $asset->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $asset->model_id = e(Input::get('model_id')); $asset->order_number = e(Input::get('order_number')); $asset->asset_tag = e(Input::get('asset_tag')); @@ -373,6 +380,9 @@ class AssetsController extends AdminController // Redirect to the asset management page with error return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } if (isset($asset->assigneduser->id) && ($asset->assigneduser->id!=0)) { // Redirect to the asset management page @@ -405,6 +415,9 @@ class AssetsController extends AdminController // Redirect to the asset management page with error return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } // Get the dropdown of users and then pass it to the checkout view $users_list = usersList(); @@ -423,6 +436,9 @@ class AssetsController extends AdminController if (!$asset = Asset::find($assetId)) { return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } // Declare the rules for the form validation $rules = array( @@ -485,6 +501,9 @@ class AssetsController extends AdminController // Redirect to the asset management page with error return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } return View::make('backend/hardware/checkin', compact('asset'))->with('backto', $backto); } @@ -503,6 +522,9 @@ class AssetsController extends AdminController // Redirect to the asset management page with error return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } // Check for a valid user to checkout fa-random // This will need to be tweaked for checkout to location @@ -614,8 +636,10 @@ class AssetsController extends AdminController $asset = Asset::withTrashed()->find($assetId); $settings = Setting::getSettings(); - - if ($asset->userloc) { + if (!is_null($asset) && !Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + else if ($asset->userloc) { $use_currency = $asset->userloc->currency; } elseif ($asset->assetloc) { $use_currency = $asset->assetloc->currency; @@ -664,6 +688,10 @@ class AssetsController extends AdminController $asset = Asset::find($assetId); $size = barcodeDimensions($settings->barcode_type); + if (!is_null($asset) && !Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + if (isset($asset->id,$asset->asset_tag)) { $barcode = new \Com\Tecnick\Barcode\Barcode(); $barcode_obj = $barcode->getBarcodeObj($settings->barcode_type, route('view/hardware', $asset->id), $size['height'], $size['width'], 'black', array(-2, -2, -2, -2)); @@ -679,6 +707,10 @@ class AssetsController extends AdminController $path = app_path().'/private_uploads/imports/assets'; $files = array(); + if (!Company::isCurrentUserAuthorized()) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + if ($handle = opendir($path)) { /* This is the correct way to loop over the directory. */ @@ -704,7 +736,10 @@ class AssetsController extends AdminController public function postAPIImportUpload() { - if (!Config::get('app.lock_passwords')) { + if (!Company::isCurrentUserAuthorized()) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + else if (!Config::get('app.lock_passwords')) { $rules = array( 'files' => 'required' @@ -758,6 +793,10 @@ class AssetsController extends AdminController public function getProcessImportFile($filename) { // php artisan asset-import:csv path/to/your/file.csv --domain=yourdomain.com --email_format=firstname.lastname + if (!Company::isCurrentUserAuthorized()) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + $output = new BufferedOutput; Artisan::call('asset-import:csv', ['filename'=> app_path().'/private_uploads/imports/assets/'.$filename, '--email_format'=>'firstname.lastname', '--username_format'=>'firstname.lastname'], $output); $display_output = $output->fetch(); @@ -782,6 +821,9 @@ class AssetsController extends AdminController // Redirect to the asset management page return Redirect::to('hardware')->with('error', Lang::get('admin/hardware/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($asset_to_clone)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } // Grab the dropdown lists $model_list = modelList(); @@ -819,7 +861,10 @@ class AssetsController extends AdminController // Get user information $asset = Asset::withTrashed()->find($assetId); - if (isset($asset->id)) { + if (!is_null($asset) && !Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + else if (isset($asset->id)) { // Restore the user $asset->restore(); @@ -852,6 +897,10 @@ class AssetsController extends AdminController if (isset($asset->id)) { + if (!Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + if (Input::hasFile('assetfile')) { foreach(Input::file('assetfile') as $file) { @@ -923,6 +972,11 @@ class AssetsController extends AdminController // the asset is valid if (isset($asset->id)) { + + if (!Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + $log = Actionlog::find($fileId); $full_filename = $destinationPath.'/'.$log->filename; if (file_exists($full_filename)) { @@ -956,6 +1010,11 @@ class AssetsController extends AdminController // the asset is valid if (isset($asset->id)) { + + if (!Company::isCurrentUserHasAccess($asset)) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + $log = Actionlog::find($fileId); $file = $log->get_src(); @@ -992,7 +1051,10 @@ class AssetsController extends AdminController public function postBulkEdit($assets = null) { - if (!Input::has('edit_asset')) { + if (!Company::isCurrentUserAuthorized()) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + else if (!Input::has('edit_asset')) { return Redirect::back()->with('error', 'No assets selected'); } else { $asset_raw_array = Input::get('edit_asset'); @@ -1048,7 +1110,10 @@ class AssetsController extends AdminController public function postBulkSave($assets = null) { - if (Input::has('bulk_edit')) { + if (!Company::isCurrentUserAuthorized()) { + return Redirect::to('hardware')->with('error', Lang::get('general.insufficient_permissions')); + } + else if (Input::has('bulk_edit')) { $assets = Input::get('bulk_edit'); @@ -1135,6 +1200,8 @@ class AssetsController extends AdminController $assets = Asset::with('model','assigneduser','assigneduser.userloc','assetstatus','defaultLoc','assetlog','model','model.category','assetstatus','assetloc', 'company') ->Hardware(); + $assets = Company::scopeCompanayables($assets); + if (Input::has('search')) { $assets = $assets->TextSearch(Input::get('search')); } diff --git a/app/controllers/admin/ConsumablesController.php b/app/controllers/admin/ConsumablesController.php index 237962ca7f..64e3206115 100644 --- a/app/controllers/admin/ConsumablesController.php +++ b/app/controllers/admin/ConsumablesController.php @@ -74,7 +74,7 @@ class ConsumablesController extends AdminController // Update the consumable data $consumable->name = e(Input::get('name')); $consumable->category_id = e(Input::get('category_id')); - $consumable->company_id = Company::getIdFromInput(Input::get('company_id')); + $consumable->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $consumable->order_number = e(Input::get('order_number')); if (e(Input::get('purchase_date')) == '') { @@ -118,6 +118,9 @@ class ConsumablesController extends AdminController // Redirect to the blogs management page return Redirect::to('admin/consumables')->with('error', Lang::get('admin/consumables/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($consumable)) { + return Redirect::to('admin/consumables')->with('error', Lang::get('general.insufficient_permissions')); + } $category_list = array('' => '') + DB::table('categories')->where('category_type','=','consumable')->whereNull('deleted_at')->orderBy('name','ASC')->lists('name', 'id'); $company_list = Company::getSelectList(); @@ -141,6 +144,9 @@ class ConsumablesController extends AdminController // Redirect to the blogs management page return Redirect::to('admin/consumables')->with('error', Lang::get('admin/consumables/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($consumable)) { + return Redirect::to('admin/consumables')->with('error', Lang::get('general.insufficient_permissions')); + } // get the POST data @@ -161,7 +167,7 @@ class ConsumablesController extends AdminController // Update the consumable data $consumable->name = e(Input::get('name')); $consumable->category_id = e(Input::get('category_id')); - $consumable->company_id = Company::getIdFromInput(Input::get('company_id')); + $consumable->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $consumable->order_number = e(Input::get('order_number')); if (e(Input::get('purchase_date')) == '') { @@ -203,6 +209,9 @@ class ConsumablesController extends AdminController // Redirect to the blogs management page return Redirect::to('admin/consumables')->with('error', Lang::get('admin/consumables/message.not_found')); } + else if (!Company::isCurrentUserHasAccess($consumable)) { + return Redirect::to('admin/consumables')->with('error', Lang::get('general.insufficient_permissions')); + } $consumable->delete(); @@ -224,7 +233,14 @@ class ConsumablesController extends AdminController $consumable = Consumable::find($consumableID); if (isset($consumable->id)) { + + + if (!Company::isCurrentUserHasAccess($consumable)) { + return Redirect::to('admin/consumables')->with('error', Lang::get('general.insufficient_permissions')); + } + else { return View::make('backend/consumables/view', compact('consumable')); + } } else { // Prepare the error message $error = Lang::get('admin/consumables/message.does_not_exist', compact('id')); @@ -246,6 +262,9 @@ class ConsumablesController extends AdminController // Redirect to the consumable management page with error return Redirect::to('consumables')->with('error', Lang::get('admin/consumables/message.not_found')); } + else if (!Company::isCurrentUserHasAccess($consumable)) { + return Redirect::to('admin/consumables')->with('error', Lang::get('general.insufficient_permissions')); + } // Get the dropdown of users and then pass it to the checkout view $users_list = array('' => 'Select a User') + DB::table('users')->select(DB::raw('concat(last_name,", ",first_name," (",username,")") as full_name, id'))->whereNull('deleted_at')->orderBy('last_name', 'asc')->orderBy('first_name', 'asc')->lists('full_name', 'id'); @@ -264,6 +283,9 @@ class ConsumablesController extends AdminController // Redirect to the consumable management page with error return Redirect::to('consumables')->with('error', Lang::get('admin/consumables/message.not_found')); } + else if (!Company::isCurrentUserHasAccess($consumable)) { + return Redirect::to('admin/consumables')->with('error', Lang::get('general.insufficient_permissions')); + } $admin_user = Sentry::getUser(); $assigned_to = e(Input::get('assigned_to')); @@ -381,6 +403,8 @@ class ConsumablesController extends AdminController ->whereNull('deleted_at') ->with('company'); + $consumables = Company::scopeCompanayables($consumables); + if (Input::has('search')) { $consumables = $consumables->TextSearch(Input::get('search')); } @@ -434,6 +458,10 @@ class ConsumablesController extends AdminController $consumable_users = $consumable->users; $count = $consumable_users->count(); + if (!is_null($consumable) && !Company::isCurrentUserHasAccess($consumable)) { + return ['total' => 0, 'rows' => []]; + } + $rows = array(); foreach ($consumable_users as $user) { diff --git a/app/controllers/admin/LicensesController.php b/app/controllers/admin/LicensesController.php index dab8894590..38c0a780a4 100755 --- a/app/controllers/admin/LicensesController.php +++ b/app/controllers/admin/LicensesController.php @@ -128,7 +128,7 @@ class LicensesController extends AdminController $license->purchase_date = e(Input::get('purchase_date')); $license->purchase_order = e(Input::get('purchase_order')); $license->depreciation_id = e(Input::get('depreciation_id')); - $license->company_id = Company::getIdFromInput(Input::get('company_id')); + $license->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $license->expiration_date = e(Input::get('expiration_date')); $license->user_id = Sentry::getId(); @@ -186,6 +186,9 @@ class LicensesController extends AdminController // Redirect to the blogs management page return Redirect::to('admin/licenses')->with('error', Lang::get('admin/licenses/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($license)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } if ($license->purchase_date == "0000-00-00") { $license->purchase_date = NULL; @@ -224,6 +227,9 @@ class LicensesController extends AdminController // Redirect to the blogs management page return Redirect::to('admin/licenses')->with('error', Lang::get('admin/licenses/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($license)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } // get the POST data @@ -242,7 +248,7 @@ class LicensesController extends AdminController $license->notes = e(Input::get('notes')); $license->order_number = e(Input::get('order_number')); $license->depreciation_id = e(Input::get('depreciation_id')); - $license->company_id = Company::getIdFromInput(Input::get('company_id')); + $license->company_id = Company::getIdForCurrentUser(Input::get('company_id')); $license->purchase_order = e(Input::get('purchase_order')); $license->maintained = e(Input::get('maintained')); $license->reassignable = e(Input::get('reassignable')); @@ -383,6 +389,9 @@ class LicensesController extends AdminController // Redirect to the license management page return Redirect::to('admin/licenses')->with('error', Lang::get('admin/licenses/message.not_found')); } + else if (!Company::isCurrentUserHasAccess($license)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } if (($license->assignedcount()) && ($license->assignedcount() > 0)) { @@ -421,6 +430,9 @@ class LicensesController extends AdminController // Redirect to the asset management page with error return Redirect::to('admin/licenses')->with('error', Lang::get('admin/licenses/message.not_found')); } + else if (!is_null($licenseseat->license) && !Company::isCurrentUserHasAccess($licenseseat->license)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } // Get the dropdown of users and then pass it to the checkout view $users_list = array('' => 'Select a User') + DB::table('users')->select(DB::raw('concat(last_name,", ",first_name," (",username,")") as full_name, id'))->whereNull('deleted_at')->orderBy('last_name', 'asc')->orderBy('first_name', 'asc')->lists('full_name', 'id'); @@ -462,11 +474,15 @@ class LicensesController extends AdminController public function postCheckout($seatId) { - + $licenseseat = LicenseSeat::find($seatId); $assigned_to = e(Input::get('assigned_to')); $asset_id = e(Input::get('asset_id')); $user = Sentry::getUser(); + if (!is_null($licenseseat->license) && !Company::isCurrentUserHasAccess($licenseseat->license)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } + // Declare the rules for the form validation $rules = array( @@ -508,7 +524,7 @@ class LicensesController extends AdminController // Check if the asset exists - if (is_null($licenseseat = LicenseSeat::find($seatId))) { + if (is_null($licenseseat)) { // Redirect to the asset management page with error return Redirect::to('admin/licenses')->with('error', Lang::get('admin/licenses/message.not_found')); } @@ -611,6 +627,9 @@ class LicensesController extends AdminController // Redirect to the asset management page with error return Redirect::to('admin/licenses')->with('error', Lang::get('admin/licenses/message.not_found')); } + else if (!Company::isCurrentUserHasAccess($licenseseat->license)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } return View::make('backend/licenses/checkin', compact('licenseseat'))->with('backto',$backto); } @@ -630,6 +649,10 @@ class LicensesController extends AdminController $license = License::find($licenseseat->license_id); + if (!Company::isCurrentUserHasAccess($license)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } + if(!$license->reassignable) { // Not allowed to checkin Session::flash('error', 'License not reassignable.'); @@ -731,6 +754,10 @@ class LicensesController extends AdminController $license = License::find($licenseId); if (isset($license->id)) { + + if (!Company::isCurrentUserHasAccess($license)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } return View::make('backend/licenses/view', compact('license')); } else { // Prepare the error message @@ -748,6 +775,9 @@ class LicensesController extends AdminController // Redirect to the blogs management page return Redirect::to('admin/licenses')->with('error', Lang::get('admin/licenses/message.does_not_exist')); } + else if (!Company::isCurrentUserHasAccess($license_to_clone)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } // Show the page $license_options = array('0' => 'Top Level') + License::lists('name', 'id'); @@ -780,6 +810,11 @@ class LicensesController extends AdminController if (isset($license->id)) { + + if (!Company::isCurrentUserHasAccess($license)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } + if (Input::hasFile('licensefile')) { foreach(Input::file('licensefile') as $file) { @@ -851,6 +886,11 @@ class LicensesController extends AdminController // the license is valid if (isset($license->id)) { + + if (!Company::isCurrentUserHasAccess($license)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } + $log = Actionlog::find($fileId); $full_filename = $destinationPath.'/'.$log->filename; if (file_exists($full_filename)) { @@ -883,6 +923,11 @@ class LicensesController extends AdminController // the license is valid if (isset($license->id)) { + + if (!Company::isCurrentUserHasAccess($license)) { + return Redirect::to('admin/licenses')->with('error', Lang::get('general.insufficient_permissions')); + } + $log = Actionlog::find($fileId); $file = $log->get_src(); return Response::download($file); @@ -897,6 +942,7 @@ class LicensesController extends AdminController public function getDatatable() { $licenses = License::select('id','name','serial','purchase_date','seats', 'company_id')->with('company'); + $licenses = Company::scopeCompanayables($licenses); if (Input::has('search')) { $licenses = $licenses->TextSearch(Input::get('search')); diff --git a/app/controllers/admin/ReportsController.php b/app/controllers/admin/ReportsController.php index ce6ed1fa38..caa069ae11 100644 --- a/app/controllers/admin/ReportsController.php +++ b/app/controllers/admin/ReportsController.php @@ -7,6 +7,7 @@ use Asset; use AssetMaintenance; use Carbon\Carbon; use Category; +use Company; use Illuminate\Support\Facades\Lang; use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Response; @@ -30,7 +31,9 @@ class ReportsController extends AdminController */ public function getAccessoryReport() { - $accessories = Accessory::orderBy('created_at', 'DESC')->get(); + $accessories = Accessory::orderBy('created_at', 'DESC')->with('company'); + $accessories = Company::scopeCompanayables($accessories)->get(); + return View::make('backend/reports/accessories', compact('accessories')); } @@ -41,7 +44,9 @@ class ReportsController extends AdminController */ public function exportAccessoryReport() { - $accessories = Accessory::orderBy('created_at', 'DESC')->get(); + $accessories = Accessory::orderBy('created_at', 'DESC'); + $accessories = Company::scopeCompanayables($accessories)->get(); + $rows = array(); $header = array( Lang::get('admin/accessories/table.title'), @@ -78,12 +83,12 @@ class ReportsController extends AdminController */ public function getAssetsReport() { - // Grab all the assets $assets = Asset::with( 'model', 'assigneduser.userLoc', 'assetstatus', 'defaultLoc', 'assetlog', 'supplier', - 'model.manufacturer' ) - ->orderBy( 'created_at', 'DESC' ) - ->get(); + 'model.manufacturer', 'company' ) + ->orderBy( 'created_at', 'DESC' ); + + $assets = Company::scopeCompanayables( $assets )->get(); return View::make( 'backend/reports/asset', compact( 'assets' ) ); } @@ -95,10 +100,9 @@ class ReportsController extends AdminController */ public function exportAssetReport() { - // Grab all the assets - $assets = Asset::orderBy( 'created_at', 'DESC' ) - ->get(); + $assets = Asset::orderBy( 'created_at', 'DESC' ); + $assets = Company::scopeCompanayables( $assets )->get(); $rows = [ ]; @@ -205,9 +209,10 @@ class ReportsController extends AdminController { // Grab all the assets - $assets = Asset::with( 'model', 'assigneduser', 'assetstatus', 'defaultLoc', 'assetlog' ) - ->orderBy( 'created_at', 'DESC' ) - ->get(); + $assets = Asset::with( 'model', 'assigneduser', 'assetstatus', 'defaultLoc', 'assetlog', 'company' ) + ->orderBy( 'created_at', 'DESC' ); + + $assets = Company::scopeCompanayables( $assets )->get(); return View::make( 'backend/reports/depreciation', compact( 'assets' ) ); } @@ -222,8 +227,9 @@ class ReportsController extends AdminController // Grab all the assets $assets = Asset::with( 'model', 'assigneduser', 'assetstatus', 'defaultLoc', 'assetlog' ) - ->orderBy( 'created_at', 'DESC' ) - ->get(); + ->orderBy( 'created_at', 'DESC' ); + + $assets = Company::scopeCompanayables( $assets )->get(); $csv = \League\Csv\Writer::createFromFileObject( new \SplTempFileObject() ); $csv->setOutputBOM( Reader::BOM_UTF16_BE ); @@ -296,11 +302,9 @@ class ReportsController extends AdminController * * @return View */ - public function getActivityReport() { - - $log_actions = Actionlog::orderBy( 'created_at', 'DESC' ) + $log_actions = Company::scopeActionLogs(Actionlog::orderBy( 'created_at', 'DESC' )) ->with( 'adminlog' ) ->with( 'accessorylog' ) ->with( 'assetlog' ) @@ -321,6 +325,9 @@ class ReportsController extends AdminController { $licenses = License::orderBy( 'created_at', 'DESC' ) + ->with( 'company' ); + + $licenses = Company::scopeCompanayables( $licenses ) ->get(); return View::make( 'backend/reports/licenses', compact( 'licenses' ) ); @@ -333,9 +340,10 @@ class ReportsController extends AdminController */ public function exportLicenseReport() { - - $licenses = License::orderBy( 'created_at', 'DESC' ) + $licenses = License::orderBy( 'created_at', 'DESC' ); + $licenses = Company::scopeCompanayables( $licenses ) ->get(); + $rows = [ ]; $header = [ Lang::get( 'admin/licenses/table.title' ), @@ -380,9 +388,9 @@ class ReportsController extends AdminController public function postCustom() { + $assets = Asset::orderBy( 'created_at', 'DESC' ); + $assets = Company::scopeCompanayables( $assets )->get(); - $assets = Asset::orderBy( 'created_at', 'DESC' ) - ->get(); $rows = [ ]; $header = [ ]; @@ -557,11 +565,11 @@ class ReportsController extends AdminController */ public function getAssetMaintenancesReport() { - // Grab all the improvements - $assetMaintenances = \AssetMaintenance::with( 'asset', 'supplier' ) - ->orderBy( 'created_at', 'DESC' ) - ->get(); + $assetMaintenances = \AssetMaintenance::with( 'asset', 'supplier', 'asset.company' ) + ->orderBy( 'created_at', 'DESC' ); + + $assetMaintenances = Company::scopeCompanayableChildren( 'asset', $assetMaintenances )->get(); return View::make( 'backend/reports/asset_maintenances', compact( 'assetMaintenances' ) ); @@ -576,11 +584,11 @@ class ReportsController extends AdminController */ public function exportAssetMaintenancesReport() { - // Grab all the improvements $assetMaintenances = AssetMaintenance::with( 'asset', 'supplier' ) - ->orderBy( 'created_at', 'DESC' ) - ->get(); + ->orderBy( 'created_at', 'DESC' ); + + $assetMaintenances = Company::scopeCompanayableChildren( 'asset', $assetMaintenances )->get(); $rows = [ ]; @@ -635,12 +643,10 @@ class ReportsController extends AdminController */ public function getAssetAcceptanceReport() { - - $assetsForReport = Asset::notYetAccepted() - ->get(); + $assetsForReport = Asset::notYetAccepted()->with( 'company' ); + $assetsForReport = Company::scopeCompanayables( $assetsForReport )->get(); return View::make( 'backend/reports/unaccepted_assets', compact( 'assetsForReport' ) ); - } /** @@ -701,12 +707,13 @@ class ReportsController extends AdminController */ protected function getCheckedOutAssetsRequiringAcceptance( $modelsInCategoriesThatRequireAcceptance ) { + $assets = Asset::deployed()->inModelList( $modelsInCategoriesThatRequireAcceptance ); + $assets = Company::scopeCompanayables( $assets ) + ->select( 'id' ) + ->get() + ->toArray(); - return array_pluck( Asset::deployed() - ->inModelList( $modelsInCategoriesThatRequireAcceptance ) - ->select( 'id' ) - ->get() - ->toArray(), 'id' ); + return array_pluck( $assets, 'id' ); } /** @@ -767,7 +774,6 @@ class ReportsController extends AdminController */ protected function getAssetsNotAcceptedYet() { - - return Asset::unaccepted(); + return Company::scopeCompanayables(Asset::unaccepted()); } } diff --git a/app/controllers/admin/SettingsController.php b/app/controllers/admin/SettingsController.php index e4a572298d..c1cbd07c7f 100755 --- a/app/controllers/admin/SettingsController.php +++ b/app/controllers/admin/SettingsController.php @@ -130,6 +130,7 @@ class SettingsController extends AdminController $setting->auto_increment_assets = e(Input::get('auto_increment_assets', '0')); $setting->alert_email = e(Input::get('alert_email')); $setting->alerts_enabled = e(Input::get('alerts_enabled', '0')); + $setting->full_multiple_companies_support = e(Input::get('full_multiple_companies_support', '0')); $setting->header_color = e(Input::get('header_color')); $setting->default_eula_text = e(Input::get('default_eula_text')); $setting->slack_endpoint = e(Input::get('slack_endpoint')); diff --git a/app/database/migrations/2015_11_15_151803_add_full_multiple_companies_support_to_settings_table.php b/app/database/migrations/2015_11_15_151803_add_full_multiple_companies_support_to_settings_table.php new file mode 100644 index 0000000000..9cf8b163b0 --- /dev/null +++ b/app/database/migrations/2015_11_15_151803_add_full_multiple_companies_support_to_settings_table.php @@ -0,0 +1,34 @@ +boolean('full_multiple_companies_support')->default(FALSE); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::table('settings', function(Blueprint $table) + { + $table->dropColumn('full_multiple_companies_support'); + }); + } + +} diff --git a/app/lang/en/admin/accessories/message.php b/app/lang/en/admin/accessories/message.php index 62f179c5a1..e324708ff3 100755 --- a/app/lang/en/admin/accessories/message.php +++ b/app/lang/en/admin/accessories/message.php @@ -2,17 +2,17 @@ return array( - 'does_not_exist' => 'Category does not exist.', + 'does_not_exist' => 'Accessory does not exist.', 'assoc_users' => 'This accessory currently has :count items checked out to users. Please check in the accessories and and try again. ', 'create' => array( - 'error' => 'Category was not created, please try again.', - 'success' => 'Category created successfully.' + 'error' => 'Accessory was not created, please try again.', + 'success' => 'Accessory created successfully.' ), 'update' => array( - 'error' => 'Category was not updated, please try again', - 'success' => 'Category updated successfully.' + 'error' => 'Accessory was not updated, please try again', + 'success' => 'Accessory updated successfully.' ), 'delete' => array( @@ -20,7 +20,7 @@ return array( 'error' => 'There was an issue deleting the category. Please try again.', 'success' => 'The category was deleted successfully.' ), - + 'checkout' => array( 'error' => 'Accessory was not checked out, please try again', 'success' => 'Accessory checked out successfully.', diff --git a/app/lang/en/admin/companies/general.php b/app/lang/en/admin/companies/general.php index a1fd775c56..318d188e3b 100644 --- a/app/lang/en/admin/companies/general.php +++ b/app/lang/en/admin/companies/general.php @@ -1,5 +1,5 @@ 'Select Company', -); +]; diff --git a/app/lang/en/admin/settings/general.php b/app/lang/en/admin/settings/general.php index d4f404c00c..106feec7a5 100755 --- a/app/lang/en/admin/settings/general.php +++ b/app/lang/en/admin/settings/general.php @@ -29,6 +29,8 @@ return array( 'load_remote_text' => 'Remote Scripts', 'load_remote_help_text' => 'This Snipe-IT install can load scripts from the outside world.', 'logo' => 'Logo', + 'full_multiple_companies_support_help_text' => 'Restricting users (including admins) assigned to companies to their company\'s assets.', + 'full_multiple_companies_support_text' => 'Full Multiple Companies Support', 'optional' => 'optional', 'per_page' => 'Results Per Page', 'php' => 'PHP Version', @@ -50,5 +52,5 @@ return array( 'value' => 'Value', 'brand' => 'Branding', 'about_settings_title' => 'About Settings', - 'about_settings_text' => 'These settings let you customize certain aspects of your installation.', + 'about_settings_text' => 'These settings let you customize certain aspects of your installation.', ); diff --git a/app/lang/en/general.php b/app/lang/en/general.php index 4bea5e05e6..f2b67f7405 100755 --- a/app/lang/en/general.php +++ b/app/lang/en/general.php @@ -68,6 +68,7 @@ 'asset_maintenance_report' => 'Asset Maintenance Report', 'asset_maintenances' => 'Asset Maintenances', 'item' => 'Item', + 'insufficient_permissions' => 'Insufficient permissions!', 'last' => 'Last', 'last_name' => 'Last Name', 'license' => 'License', diff --git a/app/models/Company.php b/app/models/Company.php index 4e967a2e32..83ee7a627c 100644 --- a/app/models/Company.php +++ b/app/models/Company.php @@ -1,6 +1,9 @@ 'required|alpha_space|min:2|max:255|unique:companies,name,{id}']; + private static function isFullMultipleCompanySupportEnabled() + { + $settings = Setting::getSettings(); + return $settings->full_multiple_companies_support == 1; + } + public static function getSelectList() { $select_company = Lang::get('admin/companies/general.select_company'); return ['0' => $select_company] + DB::table('companies')->orderBy('name', 'ASC')->lists('name', 'id'); } - public static function getIdFromInput($input) + public static function getIdFromInput($unescaped_input) { - $escapedInput = e($input); + $escaped_input = e($unescaped_input); - if ($escapedInput == '0') { return NULL; } - else { return $escapedInput; } + if ($escaped_input == '0') { return NULL; } + else { return $escaped_input; } + } + + public static function getIdForCurrentUser($unescaped_input) + { + if (!static::isFullMultipleCompanySupportEnabled()) { return static::getIdFromInput($unescaped_input); } + else + { + $current_user = Sentry::getUser(); + + if ($current_user->company_id != NULL) { return $current_user->company_id; } + else { return static::getIdFromInput($unescaped_input); } + } + } + + public static function isCurrentUserHasAccess($companyable) + { + if (!static::isFullMultipleCompanySupportEnabled()) { return TRUE; } + else + { + $current_user_company_id = Sentry::getUser()->company_id; + $companyable_company_id = $companyable->company_id; + + return ($current_user_company_id == NULL || $current_user_company_id == $companyable_company_id); + } + } + + public static function isCurrentUserAuthorized() + { + if (!static::isFullMultipleCompanySupportEnabled()) { return TRUE; } + else + { + $current_user = Sentry::getUser(); + return ($current_user->company_id == NULL); + } + } + + public static function scopeCompanayables($query, $column = 'company_id') + { + if (!static::isFullMultipleCompanySupportEnabled()) { return $query; } + else + { + $company_id = Sentry::getUser()->company_id; + + if ($company_id == NULL) { return $query; } + else { return $query->where($column, '=', $company_id); } + } + } + + public static function scopeCompanayableChildren($companyable_name, $query) + { + if (!static::isFullMultipleCompanySupportEnabled()) { return $query; } + else + { + return $query->whereHas($companyable_name, function ($query) + { + static::scopeCompanayables($query); + }); + } + } + + public static function scopeActionLogs($query) + { + if (!static::isFullMultipleCompanySupportEnabled()) { return $query; } + else + { + $f = function ( $q ) + { + static::scopeCompanayables( $q ); + }; + + return $query + ->whereHas( 'accessorylog', $f ) + ->orWhereHas( 'assetlog', $f ) + ->orWhereHas( 'licenselog', $f ) + ->orWhereHas( 'consumablelog', $f ); + } } } diff --git a/app/views/backend/accessories/edit.blade.php b/app/views/backend/accessories/edit.blade.php index 1d0e1464d0..462e5bb1a1 100755 --- a/app/views/backend/accessories/edit.blade.php +++ b/app/views/backend/accessories/edit.blade.php @@ -35,16 +35,18 @@ - -
-
- {{ Form::label('company_id', Lang::get('general.company')) }} -
-
- {{ Form::select('company_id', $company_list , Input::old('company_id', $accessory->company_id), array('class'=>'select2', 'style'=>'width:350px')) }} - {{ $errors->first('company_id', ' :message') }} -
-
+ @if (Company::isCurrentUserAuthorized()) + +
+
+ {{ Form::label('company_id', Lang::get('general.company')) }} +
+
+ {{ Form::select('company_id', $company_list , Input::old('company_id', $accessory->company_id), array('class'=>'select2', 'style'=>'width:350px')) }} + {{ $errors->first('company_id', ' :message') }} +
+
+ @endif
diff --git a/app/views/backend/asset_maintenances/index.blade.php b/app/views/backend/asset_maintenances/index.blade.php index 6f1b52b077..4542118336 100644 --- a/app/views/backend/asset_maintenances/index.blade.php +++ b/app/views/backend/asset_maintenances/index.blade.php @@ -29,6 +29,7 @@ data-cookie-id-table="maintenancesTable-v{{ Config::get('version.app_version') }}"> + @lang('admin/companies/table.title') @lang('general.id') @lang('admin/asset_maintenances/table.asset_name') @lang('admin/asset_maintenances/table.supplier_name') diff --git a/app/views/backend/consumables/edit.blade.php b/app/views/backend/consumables/edit.blade.php index 2864923c06..450b073887 100644 --- a/app/views/backend/consumables/edit.blade.php +++ b/app/views/backend/consumables/edit.blade.php @@ -36,15 +36,17 @@ -
-
- {{ Form::label('company_id', Lang::get('general.company')) }} + @if (Company::isCurrentUserAuthorized()) +
+
+ {{ Form::label('company_id', Lang::get('general.company')) }} +
+
+ {{ Form::select('company_id', $company_list , Input::old('company_id', $consumable->company_id), array('class'=>'select2', 'style'=>'width:350px')) }} + {{ $errors->first('company_id', ' :message') }} +
-
- {{ Form::select('company_id', $company_list , Input::old('company_id', $consumable->company_id), array('class'=>'select2', 'style'=>'width:350px')) }} - {{ $errors->first('company_id', ' :message') }} -
-
+ @endif
diff --git a/app/views/backend/hardware/edit.blade.php b/app/views/backend/hardware/edit.blade.php index 36d49efa84..1d24468c1d 100755 --- a/app/views/backend/hardware/edit.blade.php +++ b/app/views/backend/hardware/edit.blade.php @@ -122,15 +122,17 @@ -
-
- {{ Form::label('company_id', Lang::get('general.company')) }} -
+ @if (Company::isCurrentUserAuthorized()) +
+
{{ Form::label('company_id', Lang::get('general.company')) }}
- {{ Form::select('company_id', $company_list , Input::old('company_id', $asset->company_id), array('class'=>'select2', 'style'=>'min-width:350px')) }} - {{ $errors->first('company_id', '
:message') }} + {{ Form::select('company_id', $company_list , Input::old('company_id', $asset->company_id), + ['class'=>'select2', 'style'=>'min-width:350px']) }} + {{ $errors->first('company_id', '
:message') }}
-
+
+ @endif +
diff --git a/app/views/backend/licenses/edit.blade.php b/app/views/backend/licenses/edit.blade.php index e096f697ba..a63276262f 100755 --- a/app/views/backend/licenses/edit.blade.php +++ b/app/views/backend/licenses/edit.blade.php @@ -33,16 +33,18 @@ - -
-
- {{ Form::label('company_id', Lang::get('general.company')) }} + @if (Company::isCurrentUserAuthorized()) + +
+
+ {{ Form::label('company_id', Lang::get('general.company')) }} +
+
+ {{ Form::select('company_id', $company_list , Input::old('company_id', $license->company_id), array('class'=>'select2', 'style'=>'min-width:350px')) }} + {{ $errors->first('company_id', '
:message') }} +
-
- {{ Form::select('company_id', $company_list , Input::old('company_id', $license->company_id), array('class'=>'select2', 'style'=>'min-width:350px')) }} - {{ $errors->first('company_id', '
:message') }} -
-
+ @endif
diff --git a/app/views/backend/reports/accessories.blade.php b/app/views/backend/reports/accessories.blade.php index 1875841329..ab2a9a3a3e 100644 --- a/app/views/backend/reports/accessories.blade.php +++ b/app/views/backend/reports/accessories.blade.php @@ -26,6 +26,7 @@ + @lang('admin/companies/table.title') @lang('admin/accessories/table.title') @lang('admin/accessories/general.total') @lang('admin/accessories/general.remaining') @@ -35,6 +36,7 @@ @foreach ($accessories as $accessory) + {{{ is_null($accessory->company) ? '' : $accessory->company->name }}} {{ $accessory->name }} {{ $accessory->qty }} {{ $accessory->numRemaining() }} diff --git a/app/views/backend/reports/asset.blade.php b/app/views/backend/reports/asset.blade.php index ef2745b9b2..c8ac631faa 100644 --- a/app/views/backend/reports/asset.blade.php +++ b/app/views/backend/reports/asset.blade.php @@ -32,6 +32,7 @@ + @lang('admin/companies/table.title') @lang('admin/hardware/table.asset_tag') @lang('admin/hardware/form.manufacturer') @lang('admin/hardware/form.model') @@ -53,6 +54,7 @@ @foreach ($assets as $asset) + {{{ is_null($asset->company) ? '' : $asset->company->name }}} {{{ $asset->asset_tag }}} @if ($asset->model->manufacturer) diff --git a/app/views/backend/reports/asset_maintenances.blade.php b/app/views/backend/reports/asset_maintenances.blade.php index 0d24650f7a..41da6fa245 100644 --- a/app/views/backend/reports/asset_maintenances.blade.php +++ b/app/views/backend/reports/asset_maintenances.blade.php @@ -25,6 +25,7 @@ use Carbon\Carbon; + @lang('admin/companies/table.title') @lang('admin/asset_maintenances/table.asset_name') @lang('admin/asset_maintenances/table.supplier_name') @lang('admin/asset_maintenances/form.asset_maintenance_type') @@ -42,6 +43,7 @@ use Carbon\Carbon; ?> @foreach ($assetMaintenances as $assetMaintenance) + {{{ is_null($assetMaintenance->asset->company) ? '' : $assetMaintenance->asset->company->name }}} {{{ $assetMaintenance->asset->name }}} {{{ $assetMaintenance->supplier->name }}} {{{ $assetMaintenance->asset_maintenance_type }}} diff --git a/app/views/backend/reports/depreciation.blade.php b/app/views/backend/reports/depreciation.blade.php index b7579fbde7..eaf4d35303 100644 --- a/app/views/backend/reports/depreciation.blade.php +++ b/app/views/backend/reports/depreciation.blade.php @@ -25,6 +25,7 @@ data-cookie-id-table="depreciationReportTable"> + @lang('admin/companies/table.title') @lang('admin/hardware/table.asset_tag') @lang('admin/hardware/table.title') @if (Setting::getSettings()->display_asset_name) @@ -44,6 +45,7 @@ @foreach ($assets as $asset) + {{{ is_null($asset->company) ? '' : $asset->company->name }}} @if ($asset->deleted_at!='') {{{ $asset->asset_tag }}} diff --git a/app/views/backend/reports/licenses.blade.php b/app/views/backend/reports/licenses.blade.php index 82f0921326..890159e069 100644 --- a/app/views/backend/reports/licenses.blade.php +++ b/app/views/backend/reports/licenses.blade.php @@ -24,7 +24,8 @@ data-click-to-select="true" data-cookie-id-table="licensesReportTable"> - + + @lang('admin/companies/table.title') @lang('admin/licenses/table.title') @lang('admin/licenses/table.serial') @lang('admin/licenses/form.seats') @@ -38,6 +39,7 @@ @foreach ($licenses as $license) + {{{ is_null($license->company) ? '' : $license->company->name }}} {{{ $license->name }}} {{{ mb_strimwidth($license->serial, 0, 50, "...") }}} {{ $license->seats }} diff --git a/app/views/backend/reports/unaccepted_assets.blade.php b/app/views/backend/reports/unaccepted_assets.blade.php index c069f523f2..9055d9e792 100644 --- a/app/views/backend/reports/unaccepted_assets.blade.php +++ b/app/views/backend/reports/unaccepted_assets.blade.php @@ -23,6 +23,7 @@ data-cookie-id-table="unacceptedAssets"> + @lang('admin/companies/table.title') @lang('general.category') @lang('admin/hardware/form.model') @lang('admin/hardware/form.name') @@ -34,6 +35,7 @@ @if ($assetsForReport) @foreach ($assetsForReport as $assetItem) + {{{ is_null($assetItem->company) ? '' : $assetItem->company->name }}} {{{ $assetItem->model->category->name }}} {{{ $assetItem->model->name }}} {{ link_to(Config::get('app.url').'/hardware/'.$assetItem->id.'/view',$assetItem->showAssetName()) }} @@ -91,5 +93,5 @@ }); @stop - + @stop diff --git a/app/views/backend/settings/edit.blade.php b/app/views/backend/settings/edit.blade.php index c41b7729b4..7fa7ef37bf 100755 --- a/app/views/backend/settings/edit.blade.php +++ b/app/views/backend/settings/edit.blade.php @@ -45,6 +45,21 @@
+ +
+
+ {{ Form::label('full_multiple_companies_support', + Lang::get('admin/settings/general.full_multiple_companies_support_text')) }} +
+
+ {{ Form::checkbox('full_multiple_companies_support', '1', Input::old('full_multiple_companies_support', + $setting->full_multiple_companies_support)) }} + @Lang('admin/settings/general.full_multiple_companies_support_text') + {{ $errors->first('full_multiple_companies_support', '
:message') }} +

@lang('admin/settings/general.full_multiple_companies_support_help_text')

+
+
+
@@ -148,7 +163,7 @@

@lang('admin/settings/general.asset_ids') (@lang('admin/settings/general.optional'))

- +
@@ -173,7 +188,7 @@ {{ Form::text('auto_increment_prefix', Input::old('auto_increment_prefix', $setting->auto_increment_prefix), array('class' => 'form-control', 'disabled'=>'disabled', 'style'=>'width: 100px;')) }} @endif
-
+

@lang('admin/settings/general.barcode_settings') (@lang('admin/settings/general.optional'))

@@ -224,7 +239,7 @@ @lang('admin/settings/general.php_gd_info') @endif - +

@lang('admin/settings/general.eula_settings') (@lang('admin/settings/general.optional'))

diff --git a/app/views/backend/settings/index.blade.php b/app/views/backend/settings/index.blade.php index b856a23784..6bceff616c 100755 --- a/app/views/backend/settings/index.blade.php +++ b/app/views/backend/settings/index.blade.php @@ -30,6 +30,15 @@ @lang('admin/settings/general.site_name') {{{ $setting->site_name }}} + + @lang('admin/settings/general.full_multiple_companies_support_text') + + @if ($setting->full_multiple_companies_support == 1) + @lang('general.yes') + @else + @lang('general.no') + @endif + @lang('admin/settings/general.default_currency') {{{ $setting->default_currency }}}