Commit Graph

49 Commits

Author SHA1 Message Date
snipe d6769443a9 Squashed commit of the following:
commit 399c7590cd
Merge: d0c5ba70f eb67d1b06
Author: snipe <snipe@snipe.net>
Date:   Thu Dec 15 14:19:41 2022 -0800

    Merge pull request #12209 from snipe/fixes/error_downloading_unaccepted_assets

    Fixed 500 when downloading the Unaccepted Assets report  [sc-19555]

commit d0c5ba70f6
Merge: 29c2ff56e d9a21cce0
Author: snipe <snipe@snipe.net>
Date:   Thu Dec 15 12:42:29 2022 -0800

    Merge pull request #12242 from inietov/features/add_purchase_cost_column

    Added `purchase_cost` to user's default view [sc-19680]

commit d9a21cce00
Author: Ivan Nieto Vivanco <inietov@gmail.com>
Date:   Thu Dec 15 14:12:05 2022 -0600

    Add other items' purchase_cost columns to the same permission

commit 29c2ff56ec
Merge: 3e7975b2c 1fe0bfe17
Author: snipe <snipe@snipe.net>
Date:   Thu Dec 15 11:26:49 2022 -0800

    Merge pull request #12188 from snipe/fixes/decrease_logging_for_saml_when_not_enabled

    Removed extra logging case that was very noisy

commit 3e7975b2c3
Merge: 227fef76e d870bc3b0
Author: snipe <snipe@snipe.net>
Date:   Thu Dec 15 11:25:53 2022 -0800

    Merge pull request #12250 from akemidx/grey_out_pw_reset_button

    Fixed: Grey out pw reset button for consistency

commit d870bc3b02
Author: akemidx <kojotek.dx@gmail.com>
Date:   Thu Dec 15 14:19:51 2022 -0500

    nested if loop

commit 227fef76ee
Merge: 418ddcfac 9d44720ff
Author: snipe <snipe@snipe.net>
Date:   Thu Dec 15 11:06:53 2022 -0800

    Merge pull request #11736 from Godmartinz/gh6508_ldap_default_group

    Adds a permission group selection for directory sync

commit 9d44720ffd
Author: Godfrey M <godmartinz@gmail.com>
Date:   Thu Dec 15 11:02:34 2022 -0800

    reverted changes to composer.lock

commit 9f3f0a25ed
Author: Godfrey M <godmartinz@gmail.com>
Date:   Thu Dec 15 10:53:45 2022 -0800

    reverted changes to composer.lock

commit 2e228ccb0b
Author: Godfrey M <godmartinz@gmail.com>
Date:   Thu Dec 15 10:45:42 2022 -0800

    redid a few things. should be good now :)

commit 3ee413f379
Author: Godfrey M <godmartinz@gmail.com>
Date:   Thu Dec 15 09:20:30 2022 -0800

    removes livewire stuff

commit b142f8e012
Author: Ivan Nieto Vivanco <inietov@gmail.com>
Date:   Wed Dec 14 23:00:35 2022 -0600

    Add the permission to show purchase cost column to non-admin sessions

commit 418ddcfac3
Merge: c342668f0 1a908e361
Author: snipe <snipe@snipe.net>
Date:   Wed Dec 14 17:46:53 2022 -0800

    Merge pull request #9876 from Toreg87/fixes/locations-deletable

    Fixed #9875: Make locations deletable for non Superuser-Accounts with FullMultipleCompanySupport

commit c342668f0f
Author: snipe <snipe@snipe.net>
Date:   Wed Dec 14 17:25:39 2022 -0800

    Update @scoo73r as a contributor

commit 2f6a26ec7d
Author: snipe <snipe@snipe.net>
Date:   Wed Dec 14 17:25:25 2022 -0800

    Add @scoo73r as a contributor

commit f635278010
Merge: d13a23700 8043b8678
Author: snipe <snipe@snipe.net>
Date:   Wed Dec 14 16:42:41 2022 -0800

    Merge pull request #12251 from snipe/security/upgrade_font_awesome

    Upgraded font awesome to 6.2.1

commit 8043b86786
Author: snipe <snipe@snipe.net>
Date:   Wed Dec 14 16:41:56 2022 -0800

    Upgraded font awesome to 6.2.1

    Signed-off-by: snipe <snipe@snipe.net>

commit d13a237000
Merge: fabefa61b d0d0058e7
Author: snipe <snipe@snipe.net>
Date:   Wed Dec 14 12:13:18 2022 -0800

    Merge pull request #12205 from Godmartinz/sc19675_add_remote_to_importer

    Adds remote field to the user importer

commit b114ffd2c3
Author: akemidx <kojotek.dx@gmail.com>
Date:   Wed Dec 14 14:48:59 2022 -0500

    Grey out button pw reset button for consistency

    When user has no email in their profile, the box is greyed out for
    consistency accross all buttons on the user profile

commit fabefa61b0
Merge: 389ec3a3c f3e57d7dc
Author: snipe <snipe@snipe.net>
Date:   Tue Dec 13 14:00:48 2022 -0800

    Merge pull request #12243 from akemidx/new_grey_out_when_no_assets

    Created method in users.php for adding up all assigned to user and pr…

commit f3e57d7dc0
Author: akemidx <kojotek.dx@gmail.com>
Date:   Tue Dec 13 16:00:59 2022 -0500

    fixing PR

commit 389ec3a3cb
Merge: c432fb9d7 6a72c344b
Author: snipe <snipe@snipe.net>
Date:   Tue Dec 13 12:57:50 2022 -0800

    Merge pull request #12247 from Godmartinz/gh12225_serial_added_to_components

    adds serial to components tab of assets

commit 6a72c344b7
Author: Godfrey M <godmartinz@gmail.com>
Date:   Tue Dec 13 12:32:30 2022 -0800

    removed the cuddlers

commit 4442b446b9
Author: Godfrey M <godmartinz@gmail.com>
Date:   Tue Dec 13 10:30:37 2022 -0800

    adds serial to components tab of assets

commit c432fb9d70
Merge: 9e8fff6e5 fa872b09a
Author: snipe <snipe@snipe.net>
Date:   Tue Dec 13 10:28:17 2022 -0800

    Merge pull request #12181 from Godmartinz/gh12163_asset_age

    Adds asset age to asset index and asset view pages

commit 07ae91b00f
Author: akemi <akemi@ShibaPro.local>
Date:   Wed Dec 7 17:46:18 2022 -0500

    Created method in users.php for adding up all assigned to user and providing an integer value. this then used to grey out buttons on user view if user has nothing assigned.

commit 450ad3dcec
Author: Ivan Nieto Vivanco <inietov@gmail.com>
Date:   Mon Dec 12 14:17:08 2022 -0600

    Added the column purchase_cost to user's default view

commit fa872b09a9
Author: Godfrey M <godmartinz@gmail.com>
Date:   Mon Dec 12 10:38:31 2022 -0800

    fixes a typo, the world is great again

commit eb67d1b064
Author: Ivan Nieto Vivanco <inietov@gmail.com>
Date:   Tue Dec 6 18:00:16 2022 -0600

    Filter items from the report if null returned

commit d0d0058e79
Author: Godfrey M <godmartinz@gmail.com>
Date:   Tue Dec 6 11:19:28 2022 -0800

    removed unwanted changes

commit bbd04f8876
Author: Godfrey M <godmartinz@gmail.com>
Date:   Tue Dec 6 11:13:24 2022 -0800

    adds the rest of the fields for Remote

commit 36901d271b
Author: Godfrey M <godmartinz@gmail.com>
Date:   Mon Dec 5 16:28:19 2022 -0800

    adds csvmatch for remote. Im a bit lost though lol

commit 3206929ee4
Author: Godfrey M <godmartinz@gmail.com>
Date:   Tue Nov 29 09:51:42 2022 -0800

    adds AgeFormatter, not working yet

commit 1fe0bfe17e
Author: snipe <snipe@snipe.net>
Date:   Mon Nov 28 19:27:42 2022 -0800

    Removed extra logging case that was very noisy

    Signed-off-by: snipe <snipe@snipe.net>

commit 8d861cfd82
Author: Godfrey M <godmartinz@gmail.com>
Date:   Mon Nov 28 10:59:18 2022 -0800

    adds age to the asset table

commit 078e7281cd
Author: Godfrey M <godmartinz@gmail.com>
Date:   Mon Nov 28 10:45:58 2022 -0800

    adds asset age to asset view

commit f2d4a61e3c
Author: Godfrey M <godmartinz@gmail.com>
Date:   Tue Oct 18 15:31:37 2022 -0700

    removes dead space

commit 3f25a1bf61
Author: Godfrey M <godmartinz@gmail.com>
Date:   Tue Oct 18 15:25:38 2022 -0700

    removes dead code

commit f9ac447dd1
Merge: 9b448227f b7bcfaccc
Author: Godfrey M <godmartinz@gmail.com>
Date:   Tue Oct 18 15:18:09 2022 -0700

    adds default group to LDAP

commit 9b448227f7
Author: Godfrey M <godmartinz@gmail.com>
Date:   Tue Sep 13 11:40:10 2022 -0700

    tinkering to no avail

commit 28bc97f29f
Author: Godfrey M <godmartinz@gmail.com>
Date:   Mon Sep 12 11:40:16 2022 -0700

    one line away from this being over with

commit 193b31e427
Author: Godfrey M <godmartinz@gmail.com>
Date:   Wed Aug 31 12:58:33 2022 -0700

    select options working, testing sync then done

commit 70ac8af9c4
Author: Godfrey M <godmartinz@gmail.com>
Date:   Wed Aug 31 09:53:20 2022 -0700

    .

commit 0c362e8b57
Author: Godfrey M <godmartinz@gmail.com>
Date:   Mon Aug 29 12:09:56 2022 -0700

    gets the groups selector to appear but options are blank

commit fc6fefdb4e
Author: Godfrey M <godmartinz@gmail.com>
Date:   Thu Aug 25 15:19:38 2022 -0700

    adds migration, variables, checkbox,working on groups

commit 1a908e361e
Author: Tobias Regnery <tobias.regnery@gmail.com>
Date:   Thu Jul 29 10:33:34 2021 +0200

    Make locations deletable for non Superuser-Accounts with FullMultipleCompanySupport

    locations->isDeletable() checks via gate::allows if a locations is deletable.
    This calls SnipePermissionsPolicy->before() and checks for !Company::isCurrentUserHasAccess($item).
    This returns false because locations don't have a company_id.

    Check for this and return true if the item don't have a company_id.

Signed-off-by: snipe <snipe@snipe.net>
2022-12-15 15:18:16 -08:00
snipe dcab1381e7 Check for licenses.files permissions
Signed-off-by: snipe <snipe@snipe.net>
2022-09-16 14:00:27 -07:00
snipe b876d0abb0 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	.env.example
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Kernel.php
#	app/Http/Transformers/ActionlogsTransformer.php
#	app/Importer/AssetImporter.php
#	app/Models/Accessory.php
#	app/Models/Consumable.php
#	app/Presenters/AccessoryPresenter.php
#	app/Presenters/ComponentPresenter.php
#	app/Presenters/ConsumablePresenter.php
#	app/Providers/AuthServiceProvider.php
#	composer.json
#	composer.lock
#	config/app.php
#	config/cors.php
#	config/version.php
#	package-lock.json
#	public/js/build/app.js
#	public/js/build/app.js.LICENSE.txt
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/views/accessories/view.blade.php
#	resources/views/consumables/view.blade.php
#	resources/views/settings/saml.blade.php
#	routes/api.php
2022-03-03 21:59:38 -08:00
snipe 2eef43e8bf Applies develop fix to master for location drop downs 2022-03-01 12:43:35 -08:00
Andrew Roth 2e60420aeb Fix for location and model drop down with granular permissions. 2022-02-28 17:38:38 -05:00
snipe dd5f812d88 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	.all-contributorsrc
#	README.md
#	app/Console/Commands/FixDoubleEscape.php
#	app/Console/Commands/LdapSync.php
#	app/Exceptions/Handler.php
#	app/Http/Controllers/Api/AssetMaintenancesController.php
#	app/Http/Controllers/Api/AssetModelsController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/CategoriesController.php
#	app/Http/Controllers/Api/CompaniesController.php
#	app/Http/Controllers/Api/DepartmentsController.php
#	app/Http/Controllers/Api/LicensesController.php
#	app/Http/Controllers/Api/LocationsController.php
#	app/Http/Controllers/Api/ManufacturersController.php
#	app/Http/Controllers/Api/SettingsController.php
#	app/Http/Controllers/Api/SuppliersController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/CustomFieldsController.php
#	app/Http/Controllers/SettingsController.php
#	app/Models/Loggable.php
#	app/Providers/AuthServiceProvider.php
#	config/version.php
#	database/migrations/2014_11_04_231416_update_group_field_for_reporting.php
#	database/migrations/2015_11_08_222305_add_ldap_fields_to_settings.php
#	package-lock.json
#	package.json
#	public/js/build/app.js
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/assets/js/components/forms/asset-models/fieldset-default-values.vue
#	resources/views/hardware/view.blade.php
2022-02-20 13:29:12 -08:00
snipe d6b8222371 Refactor to combine permissions
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 12:48:30 -08:00
snipe 2c5abaaea4 Fixed copypasta
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 12:32:09 -08:00
snipe c1a0653847 Restrict to update or create gate methods for select lists
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 12:31:11 -08:00
snipe 9226c8292d Fixed typos in comments
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 12:02:14 -08:00
snipe 5fafa81dc1 Forgot components
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 11:57:29 -08:00
snipe b30d1dce89 Removed selectlist
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 11:55:24 -08:00
snipe 2dad27eed6 Added additional gate for selectlists
Signed-off-by: snipe <snipe@snipe.net>
2022-02-11 11:46:14 -08:00
Laravel Shift 934afa036f Adopt Laravel coding style
Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions.

You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started.

[1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer
[2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 20:15:52 +00:00
snipe a48d09f37e Fixed non-superadmin gate permissions for kits (#9029) 2021-01-26 11:56:42 -08:00
snipe 5abfbdd1d2 Allow API token expiration in years to be configured via env 2020-11-09 22:52:55 -08:00
snipe 460485d843 Make API tokens expire in 20 years
TODO: Make this configurable and report the expiration in the UI
2020-11-09 22:33:43 -08:00
snipe 296de34e8a WIP: Upgrade develop to Laravel 6.6.1 (#7637)
I'm going ahead and merging this, since the upgrade doesn't break Flysystem any worse than the current develop is broken, so far as I can tell. 


* Upgraded framework to Laravel 6

### TO DO:

- Fix password restriction rules- the old library isn’t compatible with Laravel 6 :(
- Figure out why in-app API calls are returning “Unauthorized”

* More updates from Input:: to Request:: helper

* Switch to Request:: from Input

* Added passport config

* Fixed goofy password minimum in seeder

* Added laravel/helpers

* Changed ($item)  to ($item->id) in forms

I have no idea why this is necessary

* Changed ($item) to ($item->id) in forms

* Updated API middleware to auth:api

* Updated with added laravel auth.php values

* FIxed *&!^$%^&$^%!!!! ajax issue

* Switch to Request::get from Input::get

* Switched to Request facade

* Added password security minimums back in

The package we were using has not been updated to Laravel v6, so I created custom validators instead

* Added language strings for error messages for password rules

* Fixed `($item)` issue in formActions for partials
2019-12-10 19:32:50 -08:00
snipe bca82684a1 Merge branch 'hotfixes/2fa_qr' into develop
# Conflicts:
#	.all-contributorsrc
#	Dockerfile
#	README.md
#	app/Console/Commands/LdapSync.php
#	app/Http/Controllers/Api/ImportController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/CategoriesController.php
#	app/Http/Controllers/CompaniesController.php
#	app/Http/Controllers/DepartmentsController.php
#	app/Http/Controllers/ImportsController.php
#	app/Http/Controllers/LocationsController.php
#	app/Http/Controllers/ManufacturersController.php
#	app/Http/Controllers/SuppliersController.php
#	app/Http/Requests/ItemImportRequest.php
#	app/Http/Transformers/ActionlogsTransformer.php
#	composer.json
#	composer.lock
#	config/app.php
#	config/version.php
#	docker/startup.sh
#	public/css/build/all.css
#	public/css/dist/all.css
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/dist/all.js
#	public/mix-manifest.json
2019-03-20 02:17:02 -07:00
snipe 7b33f95e83 Fixes/import permissions mask (#6826)
* Check for empty headers in import

* Added import permission

* Fixed model path in docblock

* Added import gate to default blade

* Check if the user is an admin OR idf they have import permissions

* Walked back that admin permission

Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
2019-03-18 11:58:08 -07:00
Martin Meredith e3e0d57f56 Minor code cleanup bits and bobs (#6805)
* Add IDE Helper files

* Cleanup imports

- Alphabetises imports
- Removes unused imports

* Add Platform requirements

* Move filling asset into block where asset exists

* Remove duplicate array keys
2019-03-13 20:12:03 -07:00
snipe e4f6aefdad Added self-checkout permission option 2018-08-21 23:26:12 -07:00
snipe 376eb52f00 Fixed #5938 - added “self location edit” as permission 2018-07-24 12:42:16 -07:00
Till Deeke 27699aa99c Adds permission checks for custom fields and custom fieldsets (#5645) (#5795)
* adds permission checks to custom fields

* adds permission checks to custom fieldsets

* adds separate permissions for custom fieldsets

* check for permissions in views

* Removes custom fieldsets from permissions config

* Proxy the authorization for custom fieldsets down to custom fields.

This allows us to use the existing permissions in use and have more semantically correct authorization checks for custom fieldsets.

* simplifies the authorization check for the custom fields overview

* removes special handling of custom fieldsets in base policy

I just realised that this code duplicates the logic from the custom fieldset policy.
Since we are checking for the authorization of custom fields anyway, we can just use the columnName for the fields.

* cleanup of unused imports
2018-07-12 18:28:20 -07:00
snipe 1d130b4a89 Fixed asset model permission not granted for edit 2018-03-07 18:22:49 -08:00
snipe c4db8d37c2 Fixed #5168 - users without superadmin could not see custom fields UI even if granted 2018-03-07 13:37:37 -08:00
Daniel Meltzer 9ee2c6be57 Api tests2 (#5098)
* Cleanup

* API tests for asset models and related cleanup/improvements

* Api license test.  Tests incomplete because create/update/destroy are not implemented yet in the controller

* API Category tests.

* Manufacturers API Test.

* Implement License Create/Update/Delete Methods for API and enable test.

* Add missing gate for api.  Fixes only superadmins being able to generate Personal Access Toekns
2018-02-25 12:10:02 -08:00
snipe c242abb42e Added Company policy to fix company deletion issue 2018-01-19 17:51:28 -08:00
snipe defed52caa Fixed #4596 - manufacturer gate 2017-12-07 20:59:55 -08:00
Daniel Meltzer 3cea12565b Add missing policies (#4330)
* Add Authorizable trait and interface to our user model so we have access to User::can/User::cant.  We should take a look at where else our user model has diverged from Larvel since it was created...

* Policy cleanup/fixes.

This commit adds policies for the missing backend/"settings" areas.  The
permissions were implemented a while back but the policies did not, so
authorizing actions was failing.

In addition, this condenses a lot of code in the policies into base
classes.  Most of the files were identical except for table names, so we
move all of the checks into a base class and override the table name in
each policy.

* Use a better name and permission for the check in the default layout.
2017-10-27 18:01:11 -07:00
snipe d4e3ea1412 Derp 2017-10-07 15:07:31 -07:00
snipe c5462c5f1f Not sure why this isn’t working… commenting it out for now 2017-10-07 14:52:00 -07:00
snipe 8c406e8e55 Additional auth policies 2017-10-07 14:49:47 -07:00
snipe 841e3efe96 Add passport commands to boot() to allow us to call them via PHP 2017-04-27 07:09:46 -07:00
snipe 93a087b29a Set longer token expiration 2017-01-11 14:50:26 -08:00
snipe b5ddd9ab0a More vue/api work 2017-01-11 03:38:55 -08:00
Daniel Meltzer cd8c585377 Discussion: Moving to policies for controller based authorization (#3080)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
snipe 25f60264bd Passport scaffolding 2016-12-14 10:06:05 -08:00
snipe b83f73f7d6 Updated providers for 5.3 2016-12-14 04:32:24 -08:00
snipe cbfcf959f9 Allow certain users to override 2FA with permission 2016-10-31 16:52:25 -07:00
Brady Wetherington 7ca7877740 Fix mismerged code. (#2705) 2016-09-28 22:57:19 -07:00
snipe a8f79369ee Added components checkout gate 2016-09-07 01:15:14 -07:00
snipe 4ffea7ceaa Fixes #2406 - added missing gate for assets.edit 2016-08-09 16:38:43 -07:00
snipe 8246a319a2 Fixes #2363 and #1097 2016-08-02 00:54:38 -07:00
snipe 85232c47da Merge branch 'develop' of github.com:snipe/snipe-it into develop 2016-07-28 21:31:58 -07:00
snipe 47f6635992 A few more permissions tweaks 2016-07-28 21:31:53 -07:00
Daniel Meltzer eef8d1609e Small fixes (#2350)
* components.view should point to view, not create

* Fix comment

* Rename variable to accurately reflect its responsibility

* Fix line breaks in serial key, remove places where adding line breaks makes no sense.  Fixes #2344
2016-07-28 20:59:42 -07:00
snipe 5de6b8e016 Added gates to authservice provider for finer tuned permissions 2016-06-02 02:40:49 -07:00
snipe fe00b0e401 Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00