Fixed #15320 - add deployable status to bulk checkout

Signed-off-by: snipe <snipe@snipe.net>

.all-contributorsrc

@@ -3154,6 +3154,87 @@
       "contributions": [
         "code"
       ]
+    },
+    {
+      "login": "r-xyz",
+      "name": "r-xyz",
+      "avatar_url": "https://avatars.githubusercontent.com/u/100710244?v=4",
+      "profile": "https://github.com/r-xyz",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "DrekiDegga",
+      "name": "Steven Mainor",
+      "avatar_url": "https://avatars.githubusercontent.com/u/47491036?v=4",
+      "profile": "https://github.com/DrekiDegga",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "arne-kroeger",
+      "name": "arne-kroeger",
+      "avatar_url": "https://avatars.githubusercontent.com/u/65785975?v=4",
+      "profile": "https://github.com/arne-kroeger",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Glukose1",
+      "name": "Glukose1",
+      "avatar_url": "https://avatars.githubusercontent.com/u/167117705?v=4",
+      "profile": "https://github.com/Glukose1",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Scarzy",
+      "name": "Scarzy",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1197791?v=4",
+      "profile": "https://github.com/Scarzy",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "setpill",
+      "name": "setpill",
+      "avatar_url": "https://avatars.githubusercontent.com/u/37372069?v=4",
+      "profile": "https://github.com/setpill",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "swift2512",
+      "name": "swift2512",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3755203?v=4",
+      "profile": "https://github.com/swift2512",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "DarrenRainey",
+      "name": "Darren Rainey",
+      "avatar_url": "https://avatars.githubusercontent.com/u/6136439?v=4",
+      "profile": "https://darrenraineys.co.uk",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "maciej-poleszczyk",
+      "name": "maciej-poleszczyk",
+      "avatar_url": "https://avatars.githubusercontent.com/u/133033121?v=4",
+      "profile": "https://github.com/maciej-poleszczyk",
+      "contributions": [
+        "code"
+      ]
     }
   ]
 }

.env.dev.docker

@@ -1,6 +1,8 @@
 # --------------------------------------------
 # REQUIRED: DB SETUP
 # --------------------------------------------
+# https://mariadb.com/kb/en/mariadb-server-docker-official-image-environment-variables/
+
 MYSQL_DATABASE=snipeit
 MYSQL_USER=snipeit
 MYSQL_PASSWORD=changeme1234

.env.docker

@@ -14,7 +14,7 @@ APP_KEY=base64:3ilviXqB9u6DX1NRcyWGJ+sjySF+H18CPDGb3+IVwMQ=
 APP_URL=http://localhost:8000
 # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
 APP_TIMEZONE='UTC'
-APP_LOCALE=en
+APP_LOCALE=en-US
 MAX_RESULTS=500
 
 # --------------------------------------------
@@ -97,7 +97,7 @@ API_TOKEN_EXPIRATION_YEARS=40
 # --------------------------------------------
 # OPTIONAL: SECURITY HEADER SETTINGS
 # --------------------------------------------
-APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1,172.0.0.0/8
+APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1,172.16.0.0/12
 ALLOW_IFRAMING=false
 REFERRER_POLICY=same-origin
 ENABLE_CSP=false

.env.dusk.example

@@ -6,7 +6,7 @@ APP_DEBUG=false
 APP_KEY=base64:hTUIUh9CP6dQx+6EjSlfWTgbaMaaRvlpEwk45vp+xmk=
 APP_URL=http://127.0.0.1:8000
 APP_TIMEZONE='US/Eastern'
-APP_LOCALE=en
+APP_LOCALE=en-US
 APP_LOCKED=false
 MAX_RESULTS=200
 

.env.example

@@ -32,6 +32,8 @@ DB_PREFIX=null
 DB_DUMP_PATH='/usr/bin'
 DB_CHARSET=utf8mb4
 DB_COLLATION=utf8mb4_unicode_ci
+DB_SANITIZE_BY_DEFAULT=false
+
 
 # --------------------------------------------
 # OPTIONAL: SSL DATABASE SETTINGS
@@ -87,6 +89,7 @@ SESSION_LIFETIME=12000
 EXPIRE_ON_CLOSE=false
 ENCRYPT=false
 COOKIE_NAME=snipeit_session
+PASSPORT_COOKIE_NAME='snipeit_passport_token'
 COOKIE_DOMAIN=null
 SECURE_COOKIES=false
 API_TOKEN_EXPIRATION_YEARS=15

.github/stale.yml

@@ -1,43 +0,0 @@
-# Number of days of inactivity before an issue becomes stale
-daysUntilStale: 60
-# Number of days of inactivity before a stale issue is closed
-daysUntilClose: 7
-# Issues with these labels will never be considered stale
-exemptLabels:
-  - pinned
-  - security
-  - :woman_technologist: ready for dev
-  - :moneybag: bounty
-  - :hand: bug
-  - "🔐 security"
-  - "👩‍💻 ready for dev"
-  - "💰 bounty"
-  - "✋ bug"
-
-exemptMilestones: true
-
-# Label to use when marking an issue as stale
-staleLabel: stale
-
-only: issues
-
-# Comment to post when removing the stale label.
-unmarkComment: >
-  Okay, it looks like this issue or feature request might still be important. We'll re-open
-  it for now. Thank you for letting us know!
-
-# Comment to post when marking an issue as stale. Set to `false` to disable
-markComment: >
-  Is this still relevant? We haven't heard from anyone in a bit. If so,
-  please comment with any updates or additional detail.
-
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Don't
-  take it personally, we just need to keep a handle on things. Thank you
-  for your contributions!
-# Comment to post when closing a stale issue. Set to `false` to disable
-closeComment: >
-  This issue has been automatically closed because it has not had
-  recent activity. If you believe this is still an issue, please confirm that
-  this issue is still happening in the most recent version of Snipe-IT and reply
-  to this thread to re-open it.

.github/workflows/stale.yml

@@ -0,0 +1,40 @@
+name: 'Close stale issues'
+on:
+  schedule:
+    - cron: '30 1 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      #  contents: write # only for delete-branch option
+      issues: write
+      #  pull-requests: write
+    steps:
+      - uses: actions/stale@v9
+        with:
+          debug-only: true
+          ascending: true
+          operations-per-run: 1000 # just while we're debugging
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 60
+          days-before-close: 7
+          exempt-all-milestones: true
+          stale-issue-message: >
+            Is this still relevant? We haven't heard from anyone in a bit. If so,
+            please comment with any updates or additional detail.
+            
+            This issue has been automatically marked as stale because it has not had
+            recent activity. It will be closed if no further activity occurs. Don't
+            take it personally, we just need to keep a handle on things. Thank you
+            for your contributions!
+          close-issue-message: >
+            This issue has been automatically closed because it has not had
+            recent activity. If you believe this is still an issue, please confirm that
+            this issue is still happening in the most recent version of Snipe-IT and reply
+            to this thread to re-open it.
+          # There doesn't seem to be a 'reopen issue message'?
+          # Since there is no 'stale-pr-message' - PR's should not be stale'd
+          stale-issue-label: stale
+          exempt-issue-labels: >
+            pinned,security,:woman_technologist: ready for dev,:moneybag: bounty,:hand: bug,🔐 security,👩‍💻 ready for dev,💰 bounty,✋ bug

.github/workflows/tests-mysql.yml

@@ -76,4 +76,4 @@ jobs:
           DB_DATABASE: snipeit
           DB_PORT: ${{ job.services.mysql.ports[3306] }}
           DB_USERNAME: root
-        run: php artisan test --parallel
+        run: php artisan test

.github/workflows/tests-postgres.yml

@@ -74,4 +74,4 @@ jobs:
           DB_PORT: ${{ job.services.postgresql.ports[5432] }}
           DB_USERNAME: snipeit
           DB_PASSWORD: password
-        run: php artisan test --parallel
+        run: php artisan test

.github/workflows/tests-sqlite.yml

@@ -58,4 +58,4 @@ jobs:
       - name: Execute tests (Unit and Feature tests) via PHPUnit
         env:
           DB_CONNECTION: sqlite_testing
-        run: php artisan test --parallel
+        run: php artisan test

.gitignore

@@ -47,6 +47,7 @@ storage/private_uploads/users/*
 tests/_data/scenarios
 tests/_output/*
 tests/_support/_generated/*
+tests/coverage/*
 /npm-debug.log
 /storage/oauth-private.key
 /storage/oauth-public.key
@@ -67,3 +68,6 @@ _ide_helper_models.php
 /.phplint-cache
 storage/ldap_client_tls.cert
 storage/ldap_client_tls.key
+/storage/framework/testing
+
+/.phpunit.cache

CONTRIBUTORS.md

@@ -51,7 +51,8 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 | [<img src="https://avatars.githubusercontent.com/u/111287779?v=4" width="110px;"/><br /><sub>NojoudAlshehri</sub>](https://github.com/NojoudAlshehri)<br />[💻](https://github.com/snipe/snipe-it/commits?author=NojoudAlshehri "Code") | [<img src="https://avatars.githubusercontent.com/u/54367449?v=4" width="110px;"/><br /><sub>Stefan Stidl</sub>](https://github.com/stefanstidlffg)<br />[💻](https://github.com/snipe/snipe-it/commits?author=stefanstidlffg "Code") | [<img src="https://avatars.githubusercontent.com/u/87803479?v=4" width="110px;"/><br /><sub>Quentin Aymard</sub>](https://github.com/qay21)<br />[💻](https://github.com/snipe/snipe-it/commits?author=qay21 "Code") | [<img src="https://avatars.githubusercontent.com/u/5396871?v=4" width="110px;"/><br /><sub>Grant Le Roux</sub>](https://github.com/cram42)<br />[💻](https://github.com/snipe/snipe-it/commits?author=cram42 "Code") | [<img src="https://avatars.githubusercontent.com/u/58479551?v=4" width="110px;"/><br /><sub>Bogdan</sub>](http://@singrity)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Singrity "Code") | [<img src="https://avatars.githubusercontent.com/u/3483684?v=4" width="110px;"/><br /><sub>mmanjos</sub>](https://github.com/mmanjos)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mmanjos "Code") | [<img src="https://avatars.githubusercontent.com/u/7429229?v=4" width="110px;"/><br /><sub>Abdelaziz Faki</sub>](https://azooz2014.github.io/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Azooz2014 "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/47315739?v=4" width="110px;"/><br /><sub>bilias</sub>](https://github.com/bilias)<br />[💻](https://github.com/snipe/snipe-it/commits?author=bilias "Code") | [<img src="https://avatars.githubusercontent.com/u/2565989?v=4" width="110px;"/><br /><sub>coach1988</sub>](https://github.com/coach1988)<br />[💻](https://github.com/snipe/snipe-it/commits?author=coach1988 "Code") | [<img src="https://avatars.githubusercontent.com/u/11910225?v=4" width="110px;"/><br /><sub>MrM</sub>](https://github.com/mauro-miatello)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mauro-miatello "Code") | [<img src="https://avatars.githubusercontent.com/u/60405354?v=4" width="110px;"/><br /><sub>koiakoia</sub>](https://github.com/koiakoia)<br />[💻](https://github.com/snipe/snipe-it/commits?author=koiakoia "Code") | [<img src="https://avatars.githubusercontent.com/u/5323832?v=4" width="110px;"/><br /><sub>Mustafa Online</sub>](https://github.com/mustafa-online)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mustafa-online "Code") | [<img src="https://avatars.githubusercontent.com/u/104601439?v=4" width="110px;"/><br /><sub>franceslui</sub>](https://github.com/franceslui)<br />[💻](https://github.com/snipe/snipe-it/commits?author=franceslui "Code") | [<img src="https://avatars.githubusercontent.com/u/125313163?v=4" width="110px;"/><br /><sub>Q4kK</sub>](https://github.com/Q4kK)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Q4kK "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/55590532?v=4" width="110px;"/><br /><sub>squintfox</sub>](https://github.com/squintfox)<br />[💻](https://github.com/snipe/snipe-it/commits?author=squintfox "Code") | [<img src="https://avatars.githubusercontent.com/u/1380084?v=4" width="110px;"/><br /><sub>Jeff Clay</sub>](https://github.com/jeffclay)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jeffclay "Code") | [<img src="https://avatars.githubusercontent.com/u/52716446?v=4" width="110px;"/><br /><sub>Phil J R</sub>](https://github.com/PP-JN-RL)<br />[💻](https://github.com/snipe/snipe-it/commits?author=PP-JN-RL "Code") | [<img src="https://avatars.githubusercontent.com/u/1496725?v=4" width="110px;"/><br /><sub>i_virus</sub>](https://www.corelight.com/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=chandanchowdhury "Code") | [<img src="https://avatars.githubusercontent.com/u/1020541?v=4" width="110px;"/><br /><sub>Paul Grime</sub>](https://github.com/gitgrimbo)<br />[💻](https://github.com/snipe/snipe-it/commits?author=gitgrimbo "Code") | [<img src="https://avatars.githubusercontent.com/u/922815?v=4" width="110px;"/><br /><sub>Lee Porte</sub>](https://leeporte.co.uk)<br />[💻](https://github.com/snipe/snipe-it/commits?author=LeePorte "Code") | [<img src="https://avatars.githubusercontent.com/u/23613427?v=4" width="110px;"/><br /><sub>BRYAN </sub>](https://github.com/bryanlopezinc)<br />[💻](https://github.com/snipe/snipe-it/commits?author=bryanlopezinc "Code") [⚠️](https://github.com/snipe/snipe-it/commits?author=bryanlopezinc "Tests") |
-| [<img src="https://avatars.githubusercontent.com/u/64061710?v=4" width="110px;"/><br /><sub>U-H-T</sub>](https://github.com/U-H-T)<br />[💻](https://github.com/snipe/snipe-it/commits?author=U-H-T "Code") | [<img src="https://avatars.githubusercontent.com/u/5395363?v=4" width="110px;"/><br /><sub>Matt Tyree</sub>](https://github.com/Tyree)<br />[📖](https://github.com/snipe/snipe-it/commits?author=Tyree "Documentation") | [<img src="https://avatars.githubusercontent.com/u/292081?v=4" width="110px;"/><br /><sub>Florent Bervas</sub>](http://spoontux.net)<br />[💻](https://github.com/snipe/snipe-it/commits?author=FlorentDotMe "Code") | [<img src="https://avatars.githubusercontent.com/u/4498077?v=4" width="110px;"/><br /><sub>Daniel Albertsen</sub>](https://ditscheri.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dbakan "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/64061710?v=4" width="110px;"/><br /><sub>U-H-T</sub>](https://github.com/U-H-T)<br />[💻](https://github.com/snipe/snipe-it/commits?author=U-H-T "Code") | [<img src="https://avatars.githubusercontent.com/u/5395363?v=4" width="110px;"/><br /><sub>Matt Tyree</sub>](https://github.com/Tyree)<br />[📖](https://github.com/snipe/snipe-it/commits?author=Tyree "Documentation") | [<img src="https://avatars.githubusercontent.com/u/292081?v=4" width="110px;"/><br /><sub>Florent Bervas</sub>](http://spoontux.net)<br />[💻](https://github.com/snipe/snipe-it/commits?author=FlorentDotMe "Code") | [<img src="https://avatars.githubusercontent.com/u/4498077?v=4" width="110px;"/><br /><sub>Daniel Albertsen</sub>](https://ditscheri.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dbakan "Code") | [<img src="https://avatars.githubusercontent.com/u/100710244?v=4" width="110px;"/><br /><sub>r-xyz</sub>](https://github.com/r-xyz)<br />[💻](https://github.com/snipe/snipe-it/commits?author=r-xyz "Code") | [<img src="https://avatars.githubusercontent.com/u/47491036?v=4" width="110px;"/><br /><sub>Steven Mainor</sub>](https://github.com/DrekiDegga)<br />[💻](https://github.com/snipe/snipe-it/commits?author=DrekiDegga "Code") | [<img src="https://avatars.githubusercontent.com/u/65785975?v=4" width="110px;"/><br /><sub>arne-kroeger</sub>](https://github.com/arne-kroeger)<br />[💻](https://github.com/snipe/snipe-it/commits?author=arne-kroeger "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/167117705?v=4" width="110px;"/><br /><sub>Glukose1</sub>](https://github.com/Glukose1)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Glukose1 "Code") | [<img src="https://avatars.githubusercontent.com/u/1197791?v=4" width="110px;"/><br /><sub>Scarzy</sub>](https://github.com/Scarzy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Scarzy "Code") | [<img src="https://avatars.githubusercontent.com/u/37372069?v=4" width="110px;"/><br /><sub>setpill</sub>](https://github.com/setpill)<br />[💻](https://github.com/snipe/snipe-it/commits?author=setpill "Code") | [<img src="https://avatars.githubusercontent.com/u/3755203?v=4" width="110px;"/><br /><sub>swift2512</sub>](https://github.com/swift2512)<br />[🐛](https://github.com/snipe/snipe-it/issues?q=author%3Aswift2512 "Bug reports") | [<img src="https://avatars.githubusercontent.com/u/6136439?v=4" width="110px;"/><br /><sub>Darren Rainey</sub>](https://darrenraineys.co.uk)<br />[💻](https://github.com/snipe/snipe-it/commits?author=DarrenRainey "Code") | [<img src="https://avatars.githubusercontent.com/u/133033121?v=4" width="110px;"/><br /><sub>maciej-poleszczyk</sub>](https://github.com/maciej-poleszczyk)<br />[💻](https://github.com/snipe/snipe-it/commits?author=maciej-poleszczyk "Code") |
 <!-- ALL-CONTRIBUTORS-LIST:END -->
 
 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!

Dockerfile.alpine

@@ -1,35 +1,35 @@
-FROM alpine:3.18.6
+FROM alpine:3.19
 # Apache + PHP
 RUN  apk add --no-cache \
         apache2 \
-        php81 \
-        php81-common \
-        php81-apache2 \
-        php81-curl \
-        php81-ldap \
-        php81-mysqli \
-        php81-gd \
-        php81-xml \
-        php81-mbstring \
-        php81-zip \
-        php81-ctype \
-        php81-tokenizer \
-        php81-pdo_mysql \
-        php81-openssl \
-        php81-bcmath \
-        php81-phar \
-        php81-json \
-        php81-iconv \
-        php81-fileinfo \
-        php81-simplexml \
-        php81-session \
-        php81-dom \
-        php81-xmlwriter \
-        php81-xmlreader \
-        php81-sodium \
-        php81-redis \
-        php81-pecl-memcached \
-        php81-exif \
+        php82 \
+        php82-common \
+        php82-apache2 \
+        php82-curl \
+        php82-ldap \
+        php82-mysqli \
+        php82-gd \
+        php82-xml \
+        php82-mbstring \
+        php82-zip \
+        php82-ctype \
+        php82-tokenizer \
+        php82-pdo_mysql \
+        php82-openssl \
+        php82-bcmath \
+        php82-phar \
+        php82-json \
+        php82-iconv \
+        php82-fileinfo \
+        php82-simplexml \
+        php82-session \
+        php82-dom \
+        php82-xmlwriter \
+        php82-xmlreader \
+        php82-sodium \
+        php82-redis \
+        php82-pecl-memcached \
+        php82-exif \
         curl \
         wget \
         vim \
@@ -42,7 +42,7 @@ COPY docker/column-statistics.cnf /etc/mysql/conf.d/column-statistics.cnf
 # Where apache's PID lives
 RUN mkdir -p /run/apache2 && chown apache:apache /run/apache2
 
-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php81/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php82/php.ini
 COPY  docker/000-default-2.4.conf /etc/apache2/conf.d/default.conf
 
 # Enable mod_rewrite
@@ -79,12 +79,12 @@ USER root
 
 VOLUME ["/var/lib/snipeit"]
 
-# Entrypoints
-COPY docker/entrypoint_alpine.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
+# Startup script
+COPY docker/startup_alpine.sh /startup.sh
+RUN chmod +x /startup.sh
 
 ENTRYPOINT ["/sbin/tini", "--"]
 
-CMD ["/entrypoint.sh"]
+CMD ["/startup.sh"]
 
 EXPOSE 80

Dockerfile.fpm-alpine

@@ -97,7 +97,7 @@ RUN set -eux; \
 VOLUME [ "/var/lib/snipeit" ]
 
 COPY --chown=www-data:www-data docker/docker-secrets.env /var/www/html/.env
-COPY --chmod=655 docker/docker-entrypoint.sh /usr/local/bin/docker-snipeit-entrypoint
+COPY --chmod=655 docker/startup_alpine_fpm.sh /startup.sh
 COPY docker/column-statistics.cnf /etc/mysql/conf.d/column-statistics.cnf
-ENTRYPOINT [ "/usr/local/bin/docker-snipeit-entrypoint" ]
-CMD [ "/usr/local/bin/docker-php-entrypoint", "php-fpm" ]
+ENTRYPOINT [ "/startup.sh" ]
+CMD [ "/startup.sh", "php-fpm" ]

README.md

@@ -1,6 +1,6 @@
 ![snipe-it-by-grok](https://github.com/snipe/snipe-it/assets/197404/b515673b-c7c8-4d9a-80f5-9fa58829a602)
 
-[![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp) [![Codacy Badge](https://app.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://app.codacy.com/gh/snipe/snipe-it/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) [![Tests](https://github.com/snipe/snipe-it/actions/workflows/tests.yml/badge.svg)](https://github.com/snipe/snipe-it/actions/workflows/tests.yml)
+[![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Codacy Badge](https://app.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://app.codacy.com/gh/snipe/snipe-it/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) [![Tests](https://github.com/snipe/snipe-it/actions/workflows/tests.yml/badge.svg)](https://github.com/snipe/snipe-it/actions/workflows/tests.yml)
 [![All Contributors](https://img.shields.io/badge/all_contributors-331-orange.svg?style=flat-square)](#contributing) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk)
 
 ## Snipe-IT - Open Source Asset Management System
@@ -14,6 +14,21 @@ Snipe-IT is actively developed and we [release quite frequently](https://github.
 > [!TIP]
 > __This is web-based software__. This means there is no executable file (aka no .exe files), and it must be run on a web server and accessed through a web browser. It runs on any Mac OSX, any flavor of Linux, as well as Windows, and we have a [Docker image](https://snipe-it.readme.io/docs/docker) available if that's what you're into.
 
+-----
+
+### Table of Contents
+* [Installation](#installation)
+* [User's Manual](#users-manual)
+* [Bug Reports & Feature Requests](#bug-reports--feature-requests)
+* [Security](#security)
+* [Upgrading](#upgrading)
+* [Translations!](#translations-)
+* [Libraries, Modules & Related Projects](#libraries-modules--related-projects)
+* [Join the Community!](#join-the-community)
+* [Contributing](#contributing)
+* [Announcement List](#announcement-list)
+
+
 -----
 
 ### Installation
@@ -22,8 +37,6 @@ For instructions on installing and configuring Snipe-IT on your server, check ou
 
 If you're having trouble with the installation, please check the [Common Issues](https://snipe-it.readme.io/docs/common-issues) and [Getting Help](https://snipe-it.readme.io/docs/getting-help) documentation, and search this repository's open *and* closed issues for help.
 
-<!-- [![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy) -->
-
 -----
 ### User's Manual
 For help using Snipe-IT, check out the [user's manual](https://snipe-it.readme.io/docs/overview).
@@ -35,20 +48,21 @@ Feel free to check out the [GitHub Issues for this project](https://github.com/s
 
 > [!IMPORTANT]  
 > **PLEASE see the [Getting Help Guidelines](https://snipe-it.readme.io/docs/getting-help) and [Common Issues](https://snipe-it.readme.io/docs/common-issues) before opening a ticket, and be sure to complete all of the questions in the Github Issue template to help us to help you as quickly as possible.**
-> 
+
 -----
 
+### Security
+
+> [!IMPORTANT]
+> **To report a security vulnerability, please email security@snipeitapp.com instead of using the issue tracker.**
+-----
+
+
 ### Upgrading
 
 Please see the [upgrading documentation](https://snipe-it.readme.io/docs/upgrading) for instructions on upgrading Snipe-IT.
 
 ------
-### Announcement List
-
-To be notified of important news (such as new releases, security advisories, etc), [sign up for our list](http://eepurl.com/XyZKz). We'll never sell or give away your info, and we'll only email you when it's important.
-
-------
-
 ### Translations!
 
 Please see the [translations documentation](https://snipe-it.readme.io/docs/translations) for information about available languages and how to add translations to Snipe-IT.
@@ -72,28 +86,43 @@ Since the release of the JSON REST API, several third-party developers have been
 - [Snipe-IT plugin for Jira Service Desk](https://marketplace.atlassian.com/apps/1220964/snipe-it-for-jira)
 - [Python 3 CSV importer](https://github.com/gastamper/snipeit-csvimporter) - allows importing assets into Snipe-IT based on Item Name rather than Asset Tag.
 - [Snipe-IT Kubernetes Helm Chart](https://github.com/t3n/helm-charts/tree/master/snipeit) - For more information, [click here](https://hub.helm.sh/charts/t3n/snipeit).
-- [Snipe-IT Bulk Edit](https://github.com/bricelabelle/snipe-it-bulkedit) - Google Script files to use Google Sheets as a bulk checkout/checkin/edit tool for Snipe-it.
-- [MosyleSnipeSync](https://github.com/RodneyLeeBrands/MosyleSnipeSync) by [@Karpadiem](https://github.com/Karpadiem) - Python script to synchronize information between Mosyle and Snipe-IT
+- [Snipe-IT Bulk Edit](https://github.com/bricelabelle/snipe-it-bulkedit) - Google Script files to use Google Sheets as a bulk checkout/checkin/edit tool for Snipe-IT.
+- [MosyleSnipeSync](https://github.com/RodneyLeeBrands/MosyleSnipeSync) by [@Karpadiem](https://github.com/Karpadiem) - Python script to synchronize information between Mosyle and Snipe-IT.
 - [WWW::SnipeIT](https://github.com/SEDC/perl-www-snipeit) by [@SEDC](https://github.com/SEDC) - perl module for accessing the API
 - [UniFi to Snipe-IT](https://github.com/RodneyLeeBrands/UnifiSnipeSync) by [@karpadiem](https://github.com/karpadiem) - Python script that synchronizes UniFi devices with Snipe-IT.
 - [Kandji2Snipe](https://github.com/grokability/kandji2snipe) by [@briangoldstein](https://github.com/briangoldstein) - Python script that synchronizes Kandji with Snipe-IT.
-- [SnipeAgent](https://github.com/ReticentRobot/SnipeAgent) by @ReticentRobot - Windows agent for Snipe-IT
+- [SnipeAgent](https://github.com/ReticentRobot/SnipeAgent) by [@ReticentRobot](https://github.com/ReticentRobot) - Windows agent for Snipe-IT.
+- [Gate Pass Generator](https://github.com/cha7uraAE/snipe-it-gate-pass-system) by [@cha7uraAE](https://github.com/cha7uraAE) - A Streamlit application for generating gate passes based on hardware data from a Snipe-IT API.
+
+-----
+
+### Join the Community!
+
+- **[Join our Discord](https://discord.gg/yZFtShAcKk)!** It’s full of great people. We even wrote about it [here](https://grokstar.dev/culture/2024/06/the-unlikely-rise-of-discord-as-a-support-channel/)!
+- **Follow us on Bluesky** at [@snipeitapp.com](https://bsky.app/profile/snipeitapp.com)
+- **Follow us on Mastodon** at [hachyderm.io/@grokability](https://hachyderm.io/@grokability)
+- **Follow our blog** at [Grokstar.Dev](https://grokstar.dev)
+- **Subscribe here** on Github for notifications about new releases. (We recommend selecting "Releases" only for mosrt users - this repo can get noisy.)
 
 -----
 
 ### Contributing
 
-Please see the documentation on [contributing and developing for Snipe-IT](https://snipe-it.readme.io/docs/contributing-overview).
+**Please refrain from submitting issues or pull requests generated by fully-automated tools. Maintainers reserve the right, at their sole discretion, to close such submissions and to block any account responsible for them.** 
 
-Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
+Contributions should follow from a human-to-human discussion in the form of an issue for the best chances of being merged into the core project. (Sometimes we might already be working on that feature, sometimes we've decided against )
+
+Please see the complete documentation on [contributing and developing for Snipe-IT](https://snipe-it.readme.io/docs/contributing-overview).
+
+This project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
 
 The ERD is available [online here](https://drawsql.app/templates/snipe-it).
 
-[Here is a list](CONTRIBUTORS.md) of the wonderful people that have contributed to the Snipe-IT.
+Be sure to check out all of the [amazing people](CONTRIBUTORS.md) that have contributed to Snipe-IT over the years!
 
------
+------
+### Announcement List
+
+To be notified of important news (such as new releases, security advisories, etc), [sign up for our list](http://eepurl.com/XyZKz). We'll never sell or give away your info, and we'll only email you when it's important.
 
-### Security
 
-> [!IMPORTANT]
-> **To report a security vulnerability, please email security@snipeitapp.com instead of using the issue tracker.**

TESTING.md

@@ -20,7 +20,7 @@ APP_DEBUG=true
 APP_KEY=base64:glJpcM7BYwWiBggp3SQ/+NlRkqsBQMaGEOjemXqJzOU=
 APP_URL=http://localhost:8000
 APP_TIMEZONE='UTC'
-APP_LOCALE=en
+APP_LOCALE=en-US
 
 # --------------------------------------------
 # REQUIRED: DATABASE SETTINGS

app/Console/Commands/FixupAssignedToWithoutAssignedType.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\Asset;
+use Illuminate\Console\Command;
+
+class FixupAssignedToWithoutAssignedType extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:assigned-to-fixup
+                            {--debug : Display debugging output}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Fixes up assets that have an assigned_to but no assigned_type';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle()
+    {
+        $assets = Asset::whereNull("assigned_type")->whereNotNull("assigned_to")->withTrashed();
+        $this->withProgressBar($assets->get(), function (Asset $asset) {
+            //now check each action log, from the most recent backwards, to find the last checkin or checkout
+            foreach($asset->log()->orderBy("id","desc")->get() as $action_log) {
+                if($this->option("debug")) {
+                    $this->info("Asset id: " . $asset->id . " action log, action type is: " . $action_log->action_type);
+                }
+                switch($action_log->action_type) {
+                    case 'checkin from':
+                        if($this->option("debug")) {
+                            $this->info("Doing a checkin for ".$asset->id);
+                        }
+                        $asset->assigned_to = null;
+                        // if you have a required custom field, we still want to save, and we *don't* want an action_log
+                        $asset->saveQuietly();
+                        return;
+
+                    case 'checkout':
+                        if($this->option("debug")) {
+                            $this->info("Doing a checkout for " . $asset->id . " picking target type: " . $action_log->target_type);
+                        }
+                        if($asset->assigned_to != $action_log->target_id) {
+                            $this->error("Asset's assigned_to does *NOT* match Action Log's target_id. \$asset->assigned_to=".$asset->assigned_to." vs. \$action_log->target_id=".$action_log->target_id);
+                            //FIXME - do we abort here? Do we try to keep looking? I don't know, this means your data is *really* messed up...
+                        }
+                        $asset->assigned_type = $action_log->target_type;
+                        $asset->saveQuietly(); // see above
+                        return;
+                }
+            }
+            $asset->assigned_to = null; //asset was never checked in or out in its lifetime - it stays 'checked in'
+            $asset->saveQuietly(); //see above
+        });
+        $this->newLine();
+        $this->info("Assets assigned_type are fixed");
+    }
+}

app/Console/Commands/LdapSync.php

@@ -2,6 +2,7 @@
 
 namespace App\Console\Commands;
 
+use App\Models\Asset;
 use App\Models\Department;
 use App\Models\Group;
 use Illuminate\Console\Command;
@@ -53,18 +54,22 @@ class LdapSync extends Command
 
         ini_set('max_execution_time', env('LDAP_TIME_LIM', 600)); //600 seconds = 10 minutes
         ini_set('memory_limit', env('LDAP_MEM_LIM', '500M'));
-        $ldap_result_username = Setting::getSettings()->ldap_username_field;
-        $ldap_result_last_name = Setting::getSettings()->ldap_lname_field;
-        $ldap_result_first_name = Setting::getSettings()->ldap_fname_field;
-        $ldap_result_active_flag = Setting::getSettings()->ldap_active_flag;
-        $ldap_result_emp_num = Setting::getSettings()->ldap_emp_num;
-        $ldap_result_email = Setting::getSettings()->ldap_email;
-        $ldap_result_phone = Setting::getSettings()->ldap_phone_field;
-        $ldap_result_jobtitle = Setting::getSettings()->ldap_jobtitle;
-        $ldap_result_country = Setting::getSettings()->ldap_country;
-        $ldap_result_location = Setting::getSettings()->ldap_location;
-        $ldap_result_dept = Setting::getSettings()->ldap_dept;
-        $ldap_result_manager = Setting::getSettings()->ldap_manager;
+
+        $ldap_map = [
+            "username" => Setting::getSettings()->ldap_username_field,
+            "last_name" => Setting::getSettings()->ldap_lname_field,
+            "first_name" => Setting::getSettings()->ldap_fname_field,
+            "active_flag" => Setting::getSettings()->ldap_active_flag,
+            "emp_num" => Setting::getSettings()->ldap_emp_num,
+            "email" => Setting::getSettings()->ldap_email,
+            "phone" => Setting::getSettings()->ldap_phone_field,
+            "jobtitle" => Setting::getSettings()->ldap_jobtitle,
+            "country" => Setting::getSettings()->ldap_country,
+            "location" => Setting::getSettings()->ldap_location,
+            "dept" => Setting::getSettings()->ldap_dept,
+            "manager" => Setting::getSettings()->ldap_manager,
+        ];
+
         $ldap_default_group = Setting::getSettings()->ldap_default_group;
         $search_base = Setting::getSettings()->ldap_base_dn;
 
@@ -107,14 +112,21 @@ class LdapSync extends Command
             }
 
             /**
-             * If a filter has been specified, use that
+             * If a filter has been specified, use that, otherwise default to null
              */
             if ($this->option('filter') != '') {
-                $results = Ldap::findLdapUsers($search_base, -1, $this->option('filter'));
+                $filter = $this->option('filter');
             } else {
-                $results = Ldap::findLdapUsers($search_base);
+                $filter = null;
             }
 
+            /**
+             * We only need to request the LDAP attributes that we process
+             */
+            $attributes = array_values(array_filter($ldap_map));
+
+            $results = Ldap::findLdapUsers($search_base, -1, $filter, $attributes);
+
         } catch (\Exception $e) {
             if ($this->option('json_summary')) {
                 $json_summary = ['error' => true, 'error_message' => $e->getMessage(), 'summary' => []];
@@ -126,23 +138,24 @@ class LdapSync extends Command
         }
 
         /* Determine which location to assign users to by default. */
-        $location = null; // TODO - this would be better called "$default_location", which is more explicit about its purpose
+        $default_location = null;
         if ($this->option('location') != '') {
-            if ($location = Location::where('name', '=', $this->option('location'))->first()) {
+            if ($default_location = Location::where('name', '=', $this->option('location'))->first()) {
                 Log::debug('Location name ' . $this->option('location') . ' passed');
-                Log::debug('Importing to ' . $location->name . ' (' . $location->id . ')');
+                Log::debug('Importing to '.$default_location->name.' ('.$default_location->id.')');
             }
 
         } elseif ($this->option('location_id')) {
+            //TODO - figure out how or why this is an array?
             foreach($this->option('location_id') as $location_id) {
-                if ($location = Location::where('id', '=', $location_id)->first()) {
+                if ($default_location = Location::where('id', '=', $location_id)->first()) {
                     Log::debug('Location ID ' . $location_id . ' passed');
-                    Log::debug('Importing to ' . $location->name . ' (' . $location->id . ')');
+                    Log::debug('Importing to '.$default_location->name.' ('.$default_location->id.')');
                 }
 
             }
         }
-        if (! isset($location)) {
+        if (!isset($default_location)) {
             Log::debug('That location is invalid or a location was not provided, so no location will be assigned by default.');
         }
 
@@ -183,17 +196,17 @@ class LdapSync extends Command
                 }
                 $usernames = [];
                 for ($i = 0; $i < $location_users['count']; $i++) {
-                    if (array_key_exists($ldap_result_username, $location_users[$i])) {
+                    if (array_key_exists($ldap_map["username"], $location_users[$i])) {
                         $location_users[$i]['ldap_location_override'] = true;
                         $location_users[$i]['location_id'] = $ldap_loc['id'];
-                        $usernames[] = $location_users[$i][$ldap_result_username][0];
+                        $usernames[] = $location_users[$i][$ldap_map["username"]][0];
                     }
                 }
 
                 // Delete located users from the general group.
                 foreach ($results as $key => $generic_entry) {
-                    if ((is_array($generic_entry)) && (array_key_exists($ldap_result_username, $generic_entry))) {
-                        if (in_array($generic_entry[$ldap_result_username][0], $usernames)) {
+                    if ((is_array($generic_entry)) && (array_key_exists($ldap_map["username"], $generic_entry))) {
+                        if (in_array($generic_entry[$ldap_map["username"]][0], $usernames)) {
                             unset($results[$key]);
                         }
                     }
@@ -219,22 +232,23 @@ class LdapSync extends Command
 
         for ($i = 0; $i < $results['count']; $i++) {
             $item = [];
-                $item['username'] = $results[$i][$ldap_result_username][0] ?? '';
-                $item['employee_number'] = $results[$i][$ldap_result_emp_num][0] ?? '';
-                $item['lastname'] = $results[$i][$ldap_result_last_name][0] ?? '';
-                $item['firstname'] = $results[$i][$ldap_result_first_name][0] ?? '';
-                $item['email'] = $results[$i][$ldap_result_email][0] ?? '';
+            $item['username'] = $results[$i][$ldap_map["username"]][0] ?? '';
+            $item['employee_number'] = $results[$i][$ldap_map["emp_num"]][0] ?? '';
+            $item['lastname'] = $results[$i][$ldap_map["last_name"]][0] ?? '';
+            $item['firstname'] = $results[$i][$ldap_map["first_name"]][0] ?? '';
+            $item['email'] = $results[$i][$ldap_map["email"]][0] ?? '';
             $item['ldap_location_override'] = $results[$i]['ldap_location_override'] ?? '';
             $item['location_id'] = $results[$i]['location_id'] ?? '';
-                $item['telephone'] = $results[$i][$ldap_result_phone][0] ?? '';
-                $item['jobtitle'] = $results[$i][$ldap_result_jobtitle][0] ?? '';
-                $item['country'] = $results[$i][$ldap_result_country][0] ?? '';
-                $item['department'] = $results[$i][$ldap_result_dept][0] ?? '';
-                $item['manager'] = $results[$i][$ldap_result_manager][0] ?? '';
-                $item['location'] = $results[$i][$ldap_result_location][0] ?? '';
+            $item['telephone'] = $results[$i][$ldap_map["phone"]][0] ?? '';
+            $item['jobtitle'] = $results[$i][$ldap_map["jobtitle"]][0] ?? '';
+            $item['country'] = $results[$i][$ldap_map["country"]][0] ?? '';
+            $item['department'] = $results[$i][$ldap_map["dept"]][0] ?? '';
+            $item['manager'] = $results[$i][$ldap_map["manager"]][0] ?? '';
+            $item['location'] = $results[$i][$ldap_map["location"]][0] ?? '';
+            $location = $default_location; //initially, set '$location' to the default_location (which may just be `null`)
 
             // ONLY if you are using the "ldap_location" option *AND* you have an actual result
-                if ($ldap_result_location && $item['location']) {
+            if ($ldap_map["location"] && $item['location']) {
                 $location = Location::firstOrCreate([
                     'name' => $item['location'],
                 ]);
@@ -257,38 +271,38 @@ class LdapSync extends Command
             }
 
             //If a sync option is not filled in on the LDAP settings don't populate the user field
-            if($ldap_result_username  != null){
+            if($ldap_map["username"]  != null){
                 $user->username = $item['username'];
             }
-            if($ldap_result_last_name != null){
+            if($ldap_map["last_name"] != null){
                 $user->last_name = $item['lastname'];
             }
-            if($ldap_result_first_name != null){
+            if($ldap_map["first_name"] != null){
                 $user->first_name = $item['firstname'];
             }
-            if($ldap_result_emp_num  != null){
+            if($ldap_map["emp_num"]  != null){
                 $user->employee_num = e($item['employee_number']);
             }
-            if($ldap_result_email != null){
+            if($ldap_map["email"] != null){
                 $user->email = $item['email'];
             }
-            if($ldap_result_phone != null){
+            if($ldap_map["phone"] != null){
                 $user->phone = $item['telephone'];
             }
-            if($ldap_result_jobtitle != null){
+            if($ldap_map["jobtitle"] != null){
                 $user->jobtitle = $item['jobtitle'];
             }
-            if($ldap_result_country != null){
+            if($ldap_map["country"] != null){
                 $user->country = $item['country'];
             }
-            if($ldap_result_dept  != null){
+            if($ldap_map["dept"]  != null){
                 $user->department_id = $department->id;
             }
-            if($ldap_result_location != null){
-                $user->location_id = $location ? $location->id : null;
+            if($ldap_map["location"] != null){
+                $user->location_id = $location?->id;
             }
 
-            if($ldap_result_manager != null){
+            if($ldap_map["manager"] != null){
                 if($item['manager'] != null) {
                     // Check Cache first
                     if (isset($manager_cache[$item['manager']])) {
@@ -305,16 +319,17 @@ class LdapSync extends Command
                             $ldap_manager = [
                                 "count" => 1,
                                 0 => [
-                                    $ldap_result_username => [$item['manager']]
+                                    $ldap_map["username"] => [$item['manager']]
                                 ]
                             ];
                         }
                         
+                        $add_manager_to_cache = true;
                         if ($ldap_manager["count"] > 0) {
-
+                            try {
                                 // Get the Manager's username
                                 // PHP LDAP returns every LDAP attribute as an array, and 90% of the time it's an array of just one item. But, hey, it's an array.
-                            $ldapManagerUsername = $ldap_manager[0][$ldap_result_username][0];
+                                $ldapManagerUsername = $ldap_manager[0][$ldap_map["username"]][0];
 
                                 // Get User from Manager username.
                                 $ldap_manager = User::where('username', $ldapManagerUsername)->first();
@@ -323,24 +338,30 @@ class LdapSync extends Command
                                     // Link user to manager id.
                                     $user->manager_id = $ldap_manager->id;
                                 }
+                            } catch (\Exception $e) {
+                                $add_manager_to_cache = false;
+                                \Log::warning('Handling ldap manager ' . $item['manager'] . ' caused an exception: ' . $e->getMessage() . '. Continuing synchronization.');
                             }
+                        }
+                        if ($add_manager_to_cache) {
                             $manager_cache[$item['manager']] = $ldap_manager && isset($ldap_manager->id)  ? $ldap_manager->id : null; // Store results in cache, even if 'failed'
+                        }
 
                     }
                 }
             }
 
             // Sync activated state for Active Directory.
-                if ( !empty($ldap_result_active_flag)) { // IF we have an 'active' flag set....
+            if (!empty($ldap_map["active_flag"])) { // IF we have an 'active' flag set....
                 // ....then *most* things that are truthy will activate the user. Anything falsey will deactivate them.
                 // (Specifically, we don't handle a value of '0.0' correctly)
-                    $raw_value = @$results[$i][$ldap_result_active_flag][0];
+                $raw_value = @$results[$i][$ldap_map["active_flag"]][0];
                 $filter_var = filter_var($raw_value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
-                    $boolean_cast = (bool)$raw_value;
+                $boolean_cast = (bool) $raw_value;
 
                 $user->activated = $filter_var ?? $boolean_cast; // if filter_var() was true or false, use that. If it's null, use the $boolean_cast
 
-                } elseif (array_key_exists('useraccountcontrol', $results[$i]) ) {
+            } elseif (array_key_exists('useraccountcontrol', $results[$i])) {
                 // ....otherwise, (ie if no 'active' LDAP flag is defined), IF the UAC setting exists,
                 // ....then use the UAC setting on the account to determine can-log-in vs. cannot-log-in
 
@@ -384,13 +405,16 @@ class LdapSync extends Command
 
             if ($item['ldap_location_override'] == true) {
                 $user->location_id = $item['location_id'];
-                } elseif ((isset($location)) && (! empty($location))) {
+            } elseif ((isset($location)) && (!empty($location))) {
                 if ((is_array($location)) && (array_key_exists('id', $location))) {
                     $user->location_id = $location['id'];
                 } elseif (is_object($location)) {
-                        $user->location_id = $location->id;
+                    $user->location_id = $location->id; //THIS is the magic line, this should do it.
                 }
             }
+            // TODO - should we be NULLING locations if $location is really `null`, and that's what we came up with?
+            // will that conflict with any overriding setting that the user set? Like, if they moved someone from
+            // the 'null' location to somewhere, we wouldn't want to try to override that, right?
             $location = null;
             $user->ldap_import = 1;
 
@@ -399,9 +423,11 @@ class LdapSync extends Command
             if ($user->save()) {
                 $item['note'] = $item['createorupdate'];
                 $item['status'] = 'success';
-                    if ( $item['createorupdate'] === 'created' && $ldap_default_group) {
+                if ($item['createorupdate'] === 'created' && $ldap_default_group) {
                     $user->groups()->attach($ldap_default_group);
                 }
+                //updates assets location based on user's location
+                Asset::where('assigned_to', '=', $user->id)->update(['location_id' => $user->location_id]);
 
             } else {
                 foreach ($user->getErrors()->getMessages() as $key => $err) {

app/Console/Commands/ObjectImportCommand.php

@@ -6,6 +6,7 @@ use Illuminate\Console\Command;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputOption;
 use Illuminate\Support\Facades\Log;
+use Symfony\Component\Console\Helper\ProgressIndicator;
 
 ini_set('max_execution_time', env('IMPORT_TIME_LIMIT', 600)); //600 seconds = 10 minutes
 ini_set('memory_limit', env('IMPORT_MEMORY_LIMIT', '500M'));
@@ -29,6 +30,11 @@ class ObjectImportCommand extends Command
      */
     protected $description = 'Import Items from CSV';
 
+    /**
+     * The progress indicator instance.
+     */
+    protected ProgressIndicator $progressIndicator;
+
     /**
      * Create a new command instance.
      *
@@ -39,8 +45,6 @@ class ObjectImportCommand extends Command
         parent::__construct();
     }
 
-    private $bar;
-
     /**
      * Execute the console command.
      *
@@ -48,6 +52,8 @@ class ObjectImportCommand extends Command
      */
     public function handle()
     {
+        $this->progressIndicator = new ProgressIndicator($this->output);
+
         $filename = $this->argument('filename');
         $class = title_case($this->option('item-type'));
         $classString = "App\\Importer\\{$class}Importer";
@@ -61,45 +67,24 @@ class ObjectImportCommand extends Command
         // This $logFile/useFiles() bit is currently broken, so commenting it out for now
         // $logFile = $this->option('logfile');
         // Log::useFiles($logFile);
-        $this->comment('======= Importing Items from '.$filename.' =========');
+        $this->progressIndicator->start('======= Importing Items from '.$filename.' =========');
+
         $importer->import();
 
-        $this->bar = null;
-
-        if (! empty($this->errors)) {
-            $this->comment('The following Errors were encountered.');
-            foreach ($this->errors as $asset => $error) {
-                $this->comment('Error: Item: '.$asset.' failed validation: '.json_encode($error));
-            }
-        } else {
-            $this->comment('All Items imported successfully!');
-        }
-        $this->comment('');
+        $this->progressIndicator->finish('Import finished.');
     }
 
-    public function errorCallback($item, $field, $errorString)
+    public function errorCallback($item, $field, $error)
     {
-        $this->errors[$item->name][$field] = $errorString;
+        $this->output->write("\x0D\x1B[2K");
+
+        $this->warn('Error: Item: '.$item->name.' failed validation: '.json_encode($error));
     }
 
-    public function progress($count)
+    public function progress($importedItemsCount)
     {
-        if (! $this->bar) {
-            $this->bar = $this->output->createProgressBar($count);
+        $this->progressIndicator->advance();
     }
-        static $index = 0;
-        $index++;
-        if ($index < $count) {
-            $this->bar->advance();
-        } else {
-            $this->bar->finish();
-        }
-    }
-
-    // Tracks the current item for error messages
-    private $updating;
-    // An array of errors encountered while parsing
-    private $errors;
 
     /**
      * Log a message to file, configurable by the --log-file parameter.

app/Console/Commands/Purge.php

@@ -3,6 +3,7 @@
 namespace App\Console\Commands;
 
 use App\Models\Accessory;
+use App\Models\Actionlog;
 use App\Models\Asset;
 use App\Models\AssetModel;
 use App\Models\Category;
@@ -15,6 +16,8 @@ use App\Models\Statuslabel;
 use App\Models\Supplier;
 use App\Models\User;
 use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Storage;
 
 class Purge extends Command
 {
@@ -141,6 +144,20 @@ class Purge extends Command
             $this->info($users->count().' users purged.');
             $user_assoc = 0;
             foreach ($users as $user) {
+
+                $rel_path = 'private_uploads/users';
+                $filenames = Actionlog::where('action_type', 'uploaded')
+                    ->where('item_id', $user->id)
+                    ->pluck('filename');
+                foreach($filenames as $filename) {
+                    try {
+                        if (Storage::exists($rel_path . '/' . $filename)) {
+                            Storage::delete($rel_path . '/' . $filename);
+                        }
+                    } catch (\Exception $e) {
+                        Log::info('An error occurred while deleting files: ' . $e->getMessage());
+                    }
+                }
                 $this->info('- User "'.$user->username.'" deleted.');
                 $user_assoc += $user->userlog()->count();
                 $user->userlog()->forceDelete();

app/Console/Commands/RemoveExplicitEols.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\Asset;
+use App\Models\AssetModel;
+use Illuminate\Console\Command;
+
+class RemoveExplicitEols extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:remove-explicit-eols {--model_name= : The name of the asset model to update (use "all" to update all models)}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Removes explicit EOLs on assets with selected model so they may inherit the asset model EOL';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle()
+    {
+        $startTime = microtime(true);
+
+        if ($this->option('model_name') == 'all') {
+            $assets = Asset::all();
+            $this->updateAssets($assets);
+        } else {
+            $assetModel = AssetModel::where('name', '=', $this->option('model_name'))->first();
+
+            if ($assetModel) {
+                $assets = Asset::where('model_id', '=', $assetModel->id)->get();
+                $this->updateAssets($assets);
+            } else {
+                $this->error('Asset model not found');
+            }
+        }
+        $endTime = microtime(true);
+        $executionTime = ($endTime - $startTime);
+        $this->info('Command executed in ' . round($executionTime, 2) . ' seconds.');
+    }
+
+    private function updateAssets($assets)
+    {
+        foreach ($assets as $asset) {
+            $asset->eol_explicit = 0;
+            $asset->asset_eol_date = null;
+            $asset->save();
+        }
+
+        $this->info($assets->count() . ' Assets updated successfully');
+    }
+}

app/Console/Commands/ResetDemoSettings.php

@@ -73,6 +73,7 @@ class ResetDemoSettings extends Command
         $settings->saml_forcelogin = '0';
         $settings->saml_slo = null;
         $settings->saml_custom_settings = null;
+        $settings->default_avatar = 'default.png';
 
 
         $settings->save();

app/Console/Commands/RestoreFromBackup.php

@@ -30,8 +30,11 @@ class SQLStreamer {
     public function parse_sql(string $line): string {
         // take into account the 'start of line or not' setting as an instance variable?
         // 'continuation' lines for a permitted statement are PERMITTED.
+        // remove *only* line-feeds & carriage-returns; helpful for regexes against lines from
+        // Windows dumps
+        $line = trim($line, "\r\n");
         if($this->statement_is_permitted && $line[0] === ' ') {
-            return $line;
+            return $line . "\n"; //re-add the newline
         }
 
         $table_regex = '`?([a-zA-Z0-9_]+)`?';
@@ -42,8 +45,12 @@ class SQLStreamer {
             "/^(INSERT INTO )$table_regex(.*)$/" => false,
             "/^UNLOCK TABLES/" => false,
             // "/^\\) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;/" => false, // FIXME not sure what to do here?
-            "/^\\)[a-zA-Z0-9_= ]*;$/" => false
-            // ^^^^^^ that bit should *exit* the 'perimitted' black
+            "/^\\)[a-zA-Z0-9_= ]*;$/" => false,
+            // ^^^^^^ that bit should *exit* the 'permitted' block
+            "/^\\(.*\\)[,;]$/" => false, //older MySQL dump style with one set of values per line
+            /* we *could* have made the ^INSERT INTO blah VALUES$ turn on the capturing state, and closed it with
+               a ^(blahblah);$ but it's cleaner to not have to manage the state machine. We're just going to
+               assume that (blahblah), or (blahblah); are values for INSERT and are always acceptable. */
         ];
 
         foreach($allowed_statements as $statement => $statechange) {
@@ -67,7 +74,7 @@ class SQLStreamer {
                 }
                 //how do we *replace* the tablename?
 //                print "RETURNING LINE: $line";
-                return $line;
+                return $line . "\n"; //re-add newline
             }
         }
         // all that is not allowed is denied.
@@ -85,7 +92,7 @@ class SQLStreamer {
         $parser->line_aware_piping(); // <----- THIS is doing the heavy lifting!
 
         $check_tables = ['settings' => null, 'migrations' => null /* 'assets' => null */]; //TODO - move to statics?
-        //can't use 'users' because the 'accessories_users' table?
+        //can't use 'users' because the 'accessories_checkout' table?
         // can't use 'assets' because 'ver1_components_assets'
         foreach($check_tables as $check_table => $_ignore) {
             foreach ($parser->tablenames as $tablename => $_count) {
@@ -164,7 +171,8 @@ class RestoreFromBackup extends Command
                                             {filename : The zip file to be migrated}
                                             {--no-progress : Don\'t show a progress bar}
                                             {--sanitize-guess-prefix : Guess and output the table-prefix needed to "sanitize" the SQL}
-                                            {--sanitize-with-prefix= : "Sanitize" the SQL, using the passed-in table prefix (can be learned from --sanitize-guess-prefix). Pass as just \'--sanitize-with-prefix=\' to use no prefix}';
+                                            {--sanitize-with-prefix= : "Sanitize" the SQL, using the passed-in table prefix (can be learned from --sanitize-guess-prefix). Pass as just \'--sanitize-with-prefix=\' to use no prefix}
+                                            {--sql-stdout-only : ONLY "Sanitize" the SQL and print it to stdout - useful for debugging - probably requires --sanitize-with-prefix= }';
 
     /**
      * The console command description.
@@ -365,6 +373,15 @@ class RestoreFromBackup extends Command
             return $this->info("Re-run this command with '--sanitize-with-prefix=".$prefix."' to see an attempt to sanitze your SQL.");
         }
 
+        // If we're doing --sql-stdout-only, handle that now so we don't have to open pipes to mysql and all of that silliness
+        if ($this->option('sql-stdout-only')) {
+            $sql_importer = new SQLStreamer($sql_contents, STDOUT, $this->option('sanitize-with-prefix'));
+            $bytes_read = $sql_importer->line_aware_piping();
+            return $this->warn("$bytes_read total bytes read");
+            //TODO - it'd be nice to dump this message to STDERR so that STDOUT is just pure SQL,
+            // which would be good for redirecting to a file, and not having to trim the last line off of it
+        }
+
         //how to invoke the restore?
         $pipes = [];
 
@@ -466,6 +483,9 @@ class RestoreFromBackup extends Command
             $ugly_file_name = $za->statIndex($file_details['index'])['name'];
             $fp = $za->getStream($ugly_file_name);
             //$this->info("Weird problem, here are file details? ".print_r($file_details,true));
+            if (!is_dir($file_details['dest'])) {
+                mkdir($file_details['dest'], 0755, true); //0755 is what Laravel uses, so we do that
+            }
             $migrated_file = fopen($file_details['dest'].'/'.basename($pretty_file_name), 'w');
             while (($buffer = fgets($fp, SQLStreamer::$buffer_size)) !== false) {
                 fwrite($migrated_file, $buffer);

app/Console/Commands/SendAcceptanceReminder.php

@@ -47,7 +47,8 @@ class SendAcceptanceReminder extends Command
     {
         $pending = CheckoutAcceptance::pending()->where('checkoutable_type', 'App\Models\Asset')
                                                 ->whereHas('checkoutable', function($query) {
-                                                    $query->where('archived', 0);
+                                                    $query->where('accepted_at', null)
+                                                          ->where('declined_at', null);
                                                 })
                                                 ->with(['assignedTo', 'checkoutable.assignedTo', 'checkoutable.model', 'checkoutable.adminuser'])
                                                 ->get();

app/Helpers/Helper.php

@@ -16,6 +16,7 @@ use Illuminate\Support\Facades\Crypt;
 use Illuminate\Contracts\Encryption\DecryptException;
 use Carbon\Carbon;
 use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Str;
 use Intervention\Image\ImageManagerStatic as Image;
 use Illuminate\Support\Facades\Session;
 
@@ -62,8 +63,9 @@ class Helper
         'mn' => 'mn-MN', // Mongolian
         'ms' => 'ms-MY', // Malay
         'nl' => 'nl-NL', // Dutch
-        'no' => 'no-NO', // Norwegian
+        'no' => 'nb-NO', // Norwegian Bokmål
         'pl' => 'pl-PL', // Polish
+        'pt' => 'pt-PT', // Portuguese
         'ro' => 'ro-RO', // Romanian
         'ru' => 'ru-RU', // Russian
         'sk' => 'sk-SK', // Slovak
@@ -707,6 +709,28 @@ class Helper
 
         return $randomString;
     }
+    /**
+     * A method to be used to handle deprecations notifications, currently handling MS Teams. more can be added when needed.
+     *
+     *
+     * @author [Godfrey Martinez]
+     * @since [v7.0.14]
+     * @return array
+     */
+    public static function deprecationCheck()  : array {
+        // The check and message that the user is still using the deprecated version
+        $deprecations = [
+            'ms_teams_deprecated' => array(
+            'check' => !Str::contains(Setting::getSettings()->webhook_endpoint, 'workflows'),
+            'message' => 'The Microsoft Teams webhook URL being used will be deprecated Jan 31st, 2025. <a class="btn btn-primary" href="' . route('settings.slack.index') . '">Change webhook endpoint</a>'),
+        ];
+
+        // if item of concern is being used and its being used with the deprecated values return the notification array.
+        if(Setting::getSettings()->webhook_selected === 'microsoft' && $deprecations['ms_teams_deprecated']['check']) {
+            return $deprecations;
+        }
+            return [];
+    }
 
     /**
      * This nasty little method gets the low inventory info for the
@@ -720,7 +744,7 @@ class Helper
     {
         $alert_threshold = \App\Models\Setting::getSettings()->alert_threshold;
         $consumables = Consumable::withCount('consumableAssignments as consumable_assignments_count')->whereNotNull('min_amt')->get();
-        $accessories = Accessory::withCount('users as users_count')->whereNotNull('min_amt')->get();
+        $accessories = Accessory::withCount('checkouts as checkouts_count')->whereNotNull('min_amt')->get();
         $components = Component::whereNotNull('min_amt')->get();
         $asset_models = AssetModel::where('min_amt', '>', 0)->get();
         $licenses = License::where('min_amt', '>', 0)->get();
@@ -748,7 +772,7 @@ class Helper
         }
 
         foreach ($accessories as $accessory) {
-            $avail = $accessory->qty - $accessory->users_count;
+            $avail = $accessory->qty - $accessory->checkouts_count;
             if ($avail < ($accessory->min_amt) + $alert_threshold) {
                 if ($accessory->qty > 0) {
                     $percent = number_format((($avail / $accessory->qty) * 100), 0);
@@ -913,6 +937,13 @@ class Helper
         $rules = $class::rules();
         foreach ($rules as $rule_name => $rule) {
             if ($rule_name == $field) {
+                if (is_array($rule)) {
+                    if (in_array('required', $rule)) {
+                       return true;
+                    } else {
+                        return false;
+                    }
+                } else {
                     if (strpos($rule, 'required') === false) {
                             return false;
                         } else {
@@ -921,6 +952,8 @@ class Helper
                     }
             }
         }
+        return false;
+    }
 
     /**
      * Check to see if the given key exists in the array, and trim excess white space before returning it
@@ -1113,6 +1146,7 @@ class Helper
             'png'   => 'far fa-image',
             'webp'   => 'far fa-image',
             'avif'   => 'far fa-image',
+            'svg' => 'fas fa-vector-square',
             // word
             'doc'   => 'far fa-file-word',
             'docx'   => 'far fa-file-word',
@@ -1125,7 +1159,7 @@ class Helper
             //Text
             'txt'   => 'far fa-file-alt',
             'rtf'   => 'far fa-file-alt',
-            'xml'   => 'far fa-file-alt',
+            'xml'   => 'fas fa-code',
             // Misc
             'pdf'   => 'far fa-file-pdf',
             'lic'   => 'far fa-save',
@@ -1138,41 +1172,7 @@ class Helper
         return 'far fa-file';
     }
 
-    public static function show_file_inline($filename)
-    {
-        $extension = substr(strrchr($filename, '.'), 1);
 
-        if ($extension) {
-            switch ($extension) {
-                case 'jpg':
-                case 'jpeg':
-                case 'gif':
-                case 'png':
-                case 'webp':
-                case 'avif':
-                    return true;
-                    break;
-                default:
-                    return false;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * Generate a random encrypted password.
-     *
-     * @author Wes Hulette <jwhulette@gmail.com>
-     *
-     * @since 5.0.0
-     *
-     * @return string
-     */
-    public static function generateEncyrptedPassword(): string
-    {
-        return bcrypt(self::generateUnencryptedPassword());
-    }
 
     /**
      * Get a random unencrypted password.
@@ -1440,7 +1440,6 @@ class Helper
 
         foreach (self::$language_map as $legacy => $new) {
             if ($language_code == $legacy) {
-                Log::debug('Current language is '.$legacy.', using '.$new.' instead');
                 return $new;
             }
         }
@@ -1451,6 +1450,7 @@ class Helper
 
     public static function mapBackToLegacyLocale($new_locale = null)
     {
+
         if (strlen($new_locale) <= 4) {
             return $new_locale; //"new locale" apparently wasn't quite so new
         }
@@ -1458,42 +1458,73 @@ class Helper
         // This does a *reverse* search against our new language map array - given the value, find the *key* for it
         $legacy_locale = array_search($new_locale, self::$language_map);
 
-        if($legacy_locale !== false) {
+        if ($legacy_locale !== false) {
             return $legacy_locale;
         }
         return $new_locale; // better that you have some weird locale that doesn't fit into our mappings anywhere than 'void'
     }
 
+    public static function determineLanguageDirection() {
+        return in_array(app()->getLocale(),
+            [
+                'ar-SA',
+                'fa-IR',
+                'he-IL'
+            ]) ? 'rtl' : 'ltr';
+    }
 
-    static public function getRedirectOption($request, $id, $table, $asset_id = null)
+
+    static public function getRedirectOption($request, $id, $table, $item_id = null)
     {
 
         $redirect_option = Session::get('redirect_option');
         $checkout_to_type = Session::get('checkout_to_type');
 
-        //return to index
-        if ($redirect_option == '0') {
+        // return to index
+        if ($redirect_option == 'index') {
             switch ($table) {
                 case "Assets":
-                    return redirect()->route('hardware.index')->with('success', trans('admin/hardware/message.checkout.success'));
+                    return route('hardware.index');
+                case "Users":
+                    return route('users.index');
+                case "Licenses":
+                    return route('licenses.index');
+                case "Accessories":
+                    return route('accessories.index');
+                case "Components":
+                    return route('components.index');
+                case "Consumables":
+                    return route('consumables.index');
             }
         }
-        //return to thing being assigned
-        if ($redirect_option == '1') {
+
+        // return to thing being assigned
+        if ($redirect_option == 'item') {
             switch ($table) {
                 case "Assets":
-                    return redirect()->route('hardware.show', $id ? $id : $asset_id)->with('success', trans('admin/hardware/message.checkout.success'));
+                    return route('hardware.show', $id ?? $item_id);
+                case "Users":
+                    return route('users.show', $id ?? $item_id);
+                case "Licenses":
+                    return route('licenses.show', $id ?? $item_id);
+                case "Accessories":
+                    return route('accessories.show', $id ?? $item_id);
+                case "Components":
+                    return route('components.show', $id ?? $item_id);
+                case "Consumables":
+                    return route('consumables.show', $id ?? $item_id);
             }
         }
-        //return to thing being assigned to
-        if ($redirect_option == '2') {
+
+        // return to assignment target
+        if ($redirect_option == 'target') {
             switch ($checkout_to_type) {
                 case 'user':
-                    return redirect()->route('users.show', $request->assigned_user)->with('success', trans('admin/hardware/message.checkout.success'));
+                    return route('users.show', ['user' => $request->assigned_user]);
                 case 'location':
-                    return redirect()->route('locations.show', $request->assigned_location)->with('success', trans('admin/hardware/message.checkout.success'));
+                    return route('locations.show', ['location' => $request->assigned_location]);
                 case 'asset':
-                    return redirect()->route('hardware.show', $request->assigned_asset)->with('success', trans('admin/hardware/message.checkout.success'));
+                    return route('hardware.show', ['hardware' => $request->assigned_asset]);
             }
         }
         return redirect()->back()->with('error', trans('admin/hardware/message.checkout.error'));

app/Helpers/IconHelper.php

@@ -0,0 +1,190 @@
+<?php
+
+namespace App\Helpers;
+
+class IconHelper
+{
+
+    public static function icon($type) {
+        switch ($type) {
+            case 'checkout':
+                return 'fa-solid fa-rotate-left';
+            case 'checkin':
+                return 'fa-solid fa-rotate-right';
+            case 'edit':
+                return 'fas fa-pencil-alt';
+            case 'clone':
+                return 'far fa-clone';
+            case 'delete':
+                return 'fas fa-trash';
+            case 'create':
+                return 'fa-solid fa-plus';
+            case 'audit':
+                return 'fa-solid fa-clipboard-check';
+            case '2fa reset':
+                return 'fa-solid fa-mobile-screen';
+            case 'new-user':
+                return 'fa-solid fa-user-plus';
+            case 'merged-user':
+                return 'fa-solid fa-people-arrows';
+            case 'delete-user':
+                return 'fa-solid fa-user-minus';
+            case 'update-user':
+                return 'fa-solid fa-user-pen';
+            case 'user':
+                return 'fa-solid fa-user';
+            case 'users':
+                return 'fas fa-users';
+            case 'restore':
+                return 'fa-solid fa-trash-arrow-up';
+            case 'external-link':
+                return 'fa fa-external-link';
+            case 'email':
+                return 'fa-regular fa-envelope';
+            case 'phone':
+                return 'fa-solid fa-phone';
+            case 'long-arrow-right':
+                return 'fas fa-long-arrow-alt-right';
+            case 'download':
+                return 'fas fa-download';
+            case 'checkmark':
+                return 'fas fa-check icon-white';
+            case 'x':
+                return 'fas fa-times';
+            case 'logout':
+                return 'fa fa-sign-out';
+            case 'admin-settings':
+                return 'fas fa-cogs';
+            case 'settings':
+                return 'fas fa-cog';
+            case 'angle-left':
+                return 'fas fa-angle-left';
+            case 'warning':
+                return 'fas fa-exclamation-triangle';
+            case 'kits':
+                return 'fas fa-object-group';
+            case 'assets':
+            case 'asset':
+                return 'fas fa-barcode';
+            case 'accessories':
+            case 'accessory':
+                return 'far fa-keyboard';
+            case 'components':
+            case 'component':
+                return 'far fa-hdd';
+            case 'consumables':
+            case 'consumable':
+                return 'fas fa-tint';
+            case 'licenses':
+            case 'license':
+                return 'far fa-save';
+            case 'requestable':
+                return 'fas fa-laptop';
+            case 'reports':
+                return 'fas fa-chart-bar';
+            case 'heart':
+                return 'fas fa-heart';
+            case 'circle':
+                return 'fa-regular fa-circle';
+            case 'circle-solid':
+                return 'fa-solid fa-circle';
+            case 'due':
+                return 'fas fa-history';
+            case 'import':
+                return 'fas fa-cloud-upload-alt';
+            case 'search':
+                return 'fas fa-search';
+            case 'alerts':
+                return 'far fa-flag';
+            case 'password':
+                return 'fa-solid fa-key';
+            case 'api-key':
+                return 'fa-solid fa-user-secret';
+            case 'nav-toggle':
+                return 'fas fa-bars';
+            case 'dashboard':
+                return 'fas fa-tachometer-alt';
+            case 'info-circle':
+                    return 'fas fa-info-circle';
+            case 'caret-right':
+                return 'fa fa-caret-right';
+            case 'caret-up':
+                return 'fa fa-caret-up';
+            case 'caret-down':
+                return 'fa fa-caret-down';
+            case 'arrow-circle-right':
+                return 'fa fa-arrow-circle-right';
+            case 'minus':
+                return 'fas fa-minus';
+            case 'spinner':
+                return 'fas fa-spinner fa-spin';
+            case 'copy-clipboard':
+                return 'fa-regular fa-clipboard';
+            case 'paperclip':
+                return 'fas fa-paperclip';
+            case 'files':
+                return 'fa-regular fa-file';
+            case 'more-info':
+                return 'far fa-life-ring';
+            case 'calendar':
+                return 'fas fa-calendar';
+            case 'plus':
+                return 'fas fa-plus';
+            case 'history':
+                return 'fas fa-history';
+            case 'more-files':
+                return 'fa-solid fa-laptop-file';
+            case 'maintenances':
+                return 'fas fa-wrench';
+            case 'seats':
+                return 'far fa-list-alt';
+            case 'globe-us':
+                return 'fas fa-globe-americas';
+            case 'locked':
+                return 'fas fa-lock';
+            case 'unlocked':
+                return 'fas fa-lock';
+            case 'locations':
+                return 'fas fa-map-marker-alt';
+            case 'location':
+                return 'fas fa-map-marker-alt';
+            case 'superadmin':
+                return 'fas fa-crown';
+            case 'print':
+                return 'fa-solid fa-print';
+            case 'checkin-and-delete':
+                return 'fa-solid fa-user-xmark';
+            case 'branding':
+                return 'fas fa-copyright';
+            case 'general-settings':
+                return 'fa-solid fa-list-check';
+            case 'groups':
+                return 'fa-solid fa-user-group';
+            case 'bell':
+                return 'fa-solid fa-bell';
+            case 'hashtag':
+                return 'fa-solid fa-hashtag';
+            case 'asset-tags':
+                return 'fas fa-list-ol';
+            case 'labels':
+                return 'fas fa-tags';
+            case 'ldap':
+                return 'fas fa-sitemap';
+            case 'google':
+                return 'fa-brands fa-google';
+            case 'saml':
+                return 'fas fa-sign-in-alt';
+            case 'backups':
+                return 'fas fa-file-archive';
+            case 'logins':
+                return 'fas fa-crosshairs';
+            case 'oauth':
+                return 'fas fa-user-secret';
+            case 'employee_num' :
+                return 'fa-regular fa-id-card';
+            case 'department' :
+                return 'fa-solid fa-building-user';
+
+        }
+    }
+}

app/Helpers/StorageHelper.php

@@ -7,6 +7,7 @@ use Illuminate\Http\Response;
 use Illuminate\Http\RedirectResponse;
 use Symfony\Component\HttpFoundation\BinaryFileResponse;
 use Symfony\Component\HttpFoundation\StreamedResponse;
+use Illuminate\Contracts\Filesystem\FileNotFoundException;
 class StorageHelper
 {
     public static function downloader($filename, $disk = 'default') : BinaryFileResponse | RedirectResponse | StreamedResponse
@@ -25,4 +26,64 @@ class StorageHelper
                 return Storage::disk($disk)->download($filename);
         }
     }
+
+
+    /**
+     * This determines the file types that should be allowed inline and checks their fileinfo extension
+     * to determine that they are safe to display inline.
+     *
+     * @author <A. Gianotto> [<snipe@snipe.net]>
+     * @since v7.0.14
+     * @param $file_with_path
+     * @return bool
+     */
+    public static function allowSafeInline($file_with_path) {
+
+        $allowed_inline = [
+            'pdf',
+            'svg',
+            'jpg',
+            'gif',
+            'svg',
+            'avif',
+            'webp',
+            'png',
+        ];
+
+
+        // The file exists and is allowed to be displayed inline
+        if (Storage::exists($file_with_path) && (in_array(pathinfo($file_with_path, PATHINFO_EXTENSION), $allowed_inline))) {
+            return true;
+        }
+        return false;
+
+    }
+
+    /**
+     * Decide whether to show the file inline or download it.
+     */
+    public static function showOrDownloadFile($file, $filename) {
+
+        $headers = [];
+
+        if (request('inline') == 'true') {
+
+            $headers = [
+                'Content-Disposition' => 'inline',
+            ];
+
+            // This is NOT allowed as inline - force it to be displayed as text in the browser
+            if (self::allowSafeInline($file) != true) {
+                $headers = array_merge($headers, ['Content-Type' => 'text/plain']);
+            }
+        }
+
+        // Everything else seems okay, but the file doesn't exist on the server.
+        if (Storage::missing($file)) {
+            throw new FileNotFoundException();
+        }
+
+        return Storage::download($file, $filename, $headers);
+
+    }
 }

app/Http/Controllers/Accessories/AccessoriesController.php

@@ -73,16 +73,17 @@ class AccessoriesController extends Controller
         $accessory->purchase_date           = request('purchase_date');
         $accessory->purchase_cost           = request('purchase_cost');
         $accessory->qty                     = request('qty');
-        $accessory->user_id                 = auth()->id();
+        $accessory->created_by              = auth()->id();
         $accessory->supplier_id             = request('supplier_id');
         $accessory->notes                   = request('notes');
 
         $accessory = $request->handleImages($accessory);
 
+        session()->put(['redirect_option' => $request->get('redirect_option')]);
         // Was the accessory created?
         if ($accessory->save()) {
             // Redirect to the new accessory  page
-            return redirect()->route('accessories.index')->with('success', trans('admin/accessories/message.create.success'));
+            return redirect()->to(Helper::getRedirectOption($request, $accessory->id, 'Accessories'))->with('success', trans('admin/accessories/message.create.success'));
         }
 
         return redirect()->back()->withInput()->withErrors($accessory->getErrors());
@@ -143,12 +144,12 @@ class AccessoriesController extends Controller
      */
     public function update(ImageUploadRequest $request, $accessoryId = null) : RedirectResponse
     {
-        if ($accessory = Accessory::withCount('users as users_count')->find($accessoryId)) {
+        if ($accessory = Accessory::withCount('checkouts as checkouts_count')->find($accessoryId)) {
 
             $this->authorize($accessory);
 
             $validator = Validator::make($request->all(), [
-                "qty" => "required|numeric|min:$accessory->users_count"
+                "qty" => "required|numeric|min:$accessory->checkouts_count"
             ]);
 
             if ($validator->fails()) {
@@ -176,9 +177,10 @@ class AccessoriesController extends Controller
 
             $accessory = $request->handleImages($accessory);
 
-            // Was the accessory updated?
+            session()->put(['redirect_option' => $request->get('redirect_option')]);
+
             if ($accessory->save()) {
-                return redirect()->route('accessories.index')->with('success', trans('admin/accessories/message.update.success'));
+                return redirect()->to(Helper::getRedirectOption($request, $accessory->id, 'Accessories'))->with('success', trans('admin/accessories/message.update.success'));
             }
         } else {
             return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.does_not_exist'));
@@ -231,7 +233,7 @@ class AccessoriesController extends Controller
      */
     public function show($accessoryID = null) : View | RedirectResponse
     {
-        $accessory = Accessory::withCount('users as users_count')->find($accessoryID);
+        $accessory = Accessory::withCount('checkouts as checkouts_count')->find($accessoryID);
         $this->authorize('view', $accessory);
         if (isset($accessory->id)) {
             return view('accessories/view', compact('accessory'));

app/Http/Controllers/Accessories/AccessoriesFilesController.php

@@ -106,50 +106,29 @@ class AccessoriesFilesController extends Controller
      * @param int $accessoryId
      * @param int $fileId
      */
-    public function show($accessoryId = null, $fileId = null, $download = true) : View | RedirectResponse | Response | BinaryFileResponse | StreamedResponse
+    public function show($accessoryId = null, $fileId = null) : View | RedirectResponse | Response | BinaryFileResponse | StreamedResponse
     {
 
-        Log::debug('Private filesystem is: '.config('filesystems.default'));
-        $accessory = Accessory::find($accessoryId);
-
-
 
         // the accessory is valid
-        if (isset($accessory->id)) {
+        if ($accessory = Accessory::find($accessoryId)) {
             $this->authorize('view', $accessory);
             $this->authorize('accessories.files', $accessory);
 
-            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $accessory->id)->find($fileId)) {
-                return redirect()->route('accessories.index')->with('error',  trans('admin/users/message.log_record_not_found'));
-            }
-
+            if ($log = Actionlog::whereNotNull('filename')->where('item_id', $accessory->id)->find($fileId)) {
                 $file = 'private_uploads/accessories/'.$log->filename;
 
-            if (Storage::missing($file)) {
-                Log::debug('FILE DOES NOT EXISTS for '.$file);
-                Log::debug('URL should be '.Storage::url($file));
-
-                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
-                    ->header('Content-Type', 'text/plain');
-            } else {
-
-                // Display the file inline
-                if (request('inline') == 'true') {
-                    $headers = [
-                        'Content-Disposition' => 'inline',
-                    ];
-                    return Storage::download($file, $log->filename, $headers);
-                }
-
-
-                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
-                // won't work, as they're not accessible via the web
-                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
-                    return StorageHelper::downloader($file);
+                try {
+                    return StorageHelper::showOrDownloadFile($file, $log->filename);
+                } catch (\Exception $e) {
+                    return redirect()->route('accessories.show', ['accessory' => $accessory])->with('error',  trans('general.file_not_found'));
                 }
             }
+
+            return redirect()->route('accessories.show', ['accessory' => $accessory])->with('error',  trans('general.log_record_not_found'));
+
         }
 
-        return redirect()->route('accessories.index')->with('error', trans('general.file_does_not_exist', ['id' => $fileId]));
+        return redirect()->route('accessories.index')->with('error', trans('general.file_not_found'));
     }
 }

app/Http/Controllers/Accessories/AccessoryCheckinController.php

@@ -3,8 +3,10 @@
 namespace App\Http\Controllers\Accessories;
 
 use App\Events\CheckoutableCheckedIn;
+use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Models\Accessory;
+use App\Models\AccessoryCheckout;
 use App\Models\User;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\DB;
@@ -23,7 +25,7 @@ class AccessoryCheckinController extends Controller
      */
     public function create($accessoryUserId = null, $backto = null) : View | RedirectResponse
     {
-        if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
+        if (is_null($accessory_user = DB::table('accessories_checkout')->find($accessoryUserId))) {
             return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.not_found'));
         }
 
@@ -38,16 +40,16 @@ class AccessoryCheckinController extends Controller
      *
      * @uses Accessory::checkin_email() to determine if an email can and should be sent
      * @author [A. Gianotto] [<snipe@snipe.net>]
-     * @param null $accessoryUserId
+     * @param null $accessoryCheckoutId
      * @param string $backto
      */
-    public function store(Request $request, $accessoryUserId = null, $backto = null) : RedirectResponse
+    public function store(Request $request, $accessoryCheckoutId = null, $backto = null) : RedirectResponse
     {
-        if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
+        if (is_null($accessory_checkout = AccessoryCheckout::find($accessoryCheckoutId))) {
             return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.does_not_exist'));
         }
 
-        $accessory = Accessory::find($accessory_user->accessory_id);
+        $accessory = Accessory::find($accessory_checkout->accessory_id);
 
         $this->authorize('checkin', $accessory);
 
@@ -58,12 +60,12 @@ class AccessoryCheckinController extends Controller
         }
 
         // Was the accessory updated?
-        if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {
-            $return_to = e($accessory_user->assigned_to);
+        if ($accessory_checkout->delete()) {
+            event(new CheckoutableCheckedIn($accessory, $accessory_checkout->assignedTo, auth()->user(), $request->input('note'), $checkin_at));
 
-            event(new CheckoutableCheckedIn($accessory, User::find($return_to), auth()->user(), $request->input('note'), $checkin_at));
+            session()->put(['redirect_option' => $request->get('redirect_option')]);
 
-            return redirect()->route('accessories.show', $accessory->id)->with('success', trans('admin/accessories/message.checkin.success'));
+            return redirect()->to(Helper::getRedirectOption($request, $accessory->id, 'Accessories'))->with('success', trans('admin/accessories/message.checkin.success'));
         }
         // Redirect to the accessory management page with error
         return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.checkin.error'));

app/Http/Controllers/Accessories/AccessoryCheckoutController.php

@@ -3,18 +3,24 @@
 namespace App\Http\Controllers\Accessories;
 
 use App\Events\CheckoutableCheckedOut;
+use App\Helpers\Helper;
+use App\Http\Controllers\CheckInOutRequest;
 use App\Http\Controllers\Controller;
+use App\Http\Requests\AccessoryCheckoutRequest;
 use App\Models\Accessory;
+use App\Models\AccessoryCheckout;
 use App\Models\User;
 use Carbon\Carbon;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\DB;
 use \Illuminate\Contracts\View\View;
 use \Illuminate\Http\RedirectResponse;
 
 class AccessoryCheckoutController extends Controller
 {
+
+    use CheckInOutRequest;
+
     /**
      * Return the form to checkout an Accessory to a user.
      *
@@ -24,7 +30,7 @@ class AccessoryCheckoutController extends Controller
     public function create($id) : View | RedirectResponse
     {
 
-        if ($accessory = Accessory::withCount('users as users_count')->find($id)) {
+        if ($accessory = Accessory::withCount('checkouts as checkouts_count')->find($id)) {
 
             $this->authorize('checkout', $accessory);
 
@@ -57,44 +63,38 @@ class AccessoryCheckoutController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param Request $request
-     * @param  int $accessoryId
+     * @param  Accessory $accessory
      */
-    public function store(Request $request, $accessoryId) : RedirectResponse
+    public function store(AccessoryCheckoutRequest $request, Accessory $accessory) : RedirectResponse
     {
-        // Check if the accessory exists
-        if (is_null($accessory = Accessory::withCount('users as users_count')->find($accessoryId))) {
-            // Redirect to the accessory management page with error
-            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.user_not_found'));
-        }
         
         $this->authorize('checkout', $accessory);
 
-        if (!$user = User::find($request->input('assigned_to'))) {
-            return redirect()->route('accessories.checkout.show', $accessory->id)->with('error', trans('admin/accessories/message.checkout.user_does_not_exist'));
-        }
+        $target = $this->determineCheckoutTarget();
         
-        // Make sure there is at least one available to checkout
-        if ($accessory->numRemaining() <= 0){
-            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.checkout.unavailable'));
-        }
+        $accessory->checkout_qty = $request->input('checkout_qty', 1);
         
-
-        // Update the accessory data
-        $accessory->assigned_to = e($request->input('assigned_to'));
-
-        $accessory->users()->attach($accessory->id, [
+        for ($i = 0; $i < $accessory->checkout_qty; $i++) {
+            AccessoryCheckout::create([
                 'accessory_id' => $accessory->id,
                 'created_at' => Carbon::now(),
-            'user_id' => Auth::id(),
-            'assigned_to' => $request->get('assigned_to'),
+                'created_by' => auth()->id(),
+                'assigned_to' => $target->id,
+                'assigned_type' => $target::class,
                 'note' => $request->input('note'),
             ]);
+        }
+        event(new CheckoutableCheckedOut($accessory,  $target, auth()->user(), $request->input('note')));
 
-        DB::table('accessories_users')->where('assigned_to', '=', $accessory->assigned_to)->where('accessory_id', '=', $accessory->id)->first();
+        // Set this as user since we only allow checkout to user for this item type
+        $request->request->add(['checkout_to_type' => request('checkout_to_type')]);
+        $request->request->add(['assigned_user' => $target->id]);
+
+        session()->put(['redirect_option' => $request->get('redirect_option'), 'checkout_to_type' => $request->get('checkout_to_type')]);
 
-        event(new CheckoutableCheckedOut($accessory, $user, auth()->user(), $request->input('note')));
 
         // Redirect to the new accessory page
-        return redirect()->route('accessories.index')->with('success', trans('admin/accessories/message.checkout.success'));
+        return redirect()->to(Helper::getRedirectOption($request, $accessory->id, 'Accessories'))
+            ->with('success', trans('admin/accessories/message.checkout.success'));
     }
 }

app/Http/Controllers/Account/AcceptanceController.php

@@ -218,6 +218,7 @@ class AcceptanceController extends Controller
                 'item_tag' => $item->asset_tag,
                 'item_model' => $display_model,
                 'item_serial' => $item->serial,
+                'item_status' => $item->assetstatus?->name,
                 'eula' => $item->getEula(),
                 'note' => $request->input('note'),
                 'check_out_date' => Carbon::parse($acceptance->created_at)->format('Y-m-d'),
@@ -236,7 +237,11 @@ class AcceptanceController extends Controller
             }
 
             $acceptance->accept($sig_filename, $item->getEula(), $pdf_filename, $request->input('note'));
+            try {
                 $acceptance->notify(new AcceptanceAssetAcceptedNotification($data));
+            } catch (\Exception $e) {
+                Log::warning($e);
+            }
             event(new CheckoutAccepted($acceptance));
 
             $return_msg = trans('admin/users/message.accepted');
@@ -308,6 +313,7 @@ class AcceptanceController extends Controller
                 'item_tag' => $item->asset_tag,
                 'item_model' => $display_model,
                 'item_serial' => $item->serial,
+                'item_status' => $item->assetstatus?->name,
                 'note' => $request->input('note'),
                 'declined_date' => Carbon::parse($acceptance->declined_at)->format('Y-m-d'),
                 'signature' => ($sig_filename) ? storage_path() . '/private_uploads/signatures/' . $sig_filename : null,
@@ -332,4 +338,5 @@ class AcceptanceController extends Controller
         return redirect()->to('account/accept')->with('success', $return_msg);
 
     }
+
 }

app/Http/Controllers/ActionlogController.php

@@ -37,10 +37,18 @@ class ActionlogController extends Controller
         }
     }
 
-    public function getStoredEula($filename) : Response | BinaryFileResponse
+    public function getStoredEula($filename) : Response | BinaryFileResponse | RedirectResponse
     {
         $this->authorize('view', \App\Models\Asset::class);
         $file = config('app.private_uploads').'/eula-pdfs/'.$filename;
+
+        if (Storage::exists($file)) {
             return response()->download($file);
         }
+
+        return redirect()->back()->with('error',  trans('general.file_does_not_exist'));
+
+
+
+    }
 }

app/Http/Controllers/Api/AccessoriesController.php

@@ -4,7 +4,10 @@ namespace App\Http\Controllers\Api;
 
 use App\Events\CheckoutableCheckedOut;
 use App\Helpers\Helper;
+use App\Http\Controllers\CheckInOutRequest;
 use App\Http\Controllers\Controller;
+use App\Http\Requests\AccessoryCheckoutRequest;
+use App\Http\Requests\StoreAccessoryRequest;
 use App\Http\Transformers\AccessoriesTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Accessory;
@@ -15,10 +18,12 @@ use Carbon\Carbon;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
-
+use App\Models\AccessoryCheckout;
 
 class AccessoriesController extends Controller
 {
+    use CheckInOutRequest;
+
     /**
      * Display a listing of the resource.
      *
@@ -46,13 +51,14 @@ class AccessoriesController extends Controller
                 'min_amt',
                 'company_id',
                 'notes',
-                'users_count',
+                'checkouts_count',
                 'qty',
             ];
 
 
-        $accessories = Accessory::select('accessories.*')->with('category', 'company', 'manufacturer', 'users', 'location', 'supplier')
-                                ->withCount('users as users_count');
+        $accessories = Accessory::select('accessories.*')
+            ->with('category', 'company', 'manufacturer', 'checkouts', 'location', 'supplier', 'adminuser')
+            ->withCount('checkouts as checkouts_count');
 
         if ($request->filled('search')) {
             $accessories = $accessories->TextSearch($request->input('search'));
@@ -106,6 +112,9 @@ class AccessoriesController extends Controller
             case 'supplier':
                 $accessories = $accessories->OrderSupplier($order);
                 break;
+            case 'created_by':
+                $accessories = $accessories->OrderByCreatedByName($order);
+                break;
             default:
                 $accessories = $accessories->orderBy($column_sort, $order);
                 break;
@@ -121,14 +130,13 @@ class AccessoriesController extends Controller
     /**
      * Store a newly created resource in storage.
      *
+     * @param  \App\Http\Requests\ImageUploadRequest $request
+     * @return \Illuminate\Http\JsonResponse
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \App\Http\Requests\ImageUploadRequest $request
-     * @return \Illuminate\Http\Response
      */
-    public function store(ImageUploadRequest $request)
+    public function store(StoreAccessoryRequest $request)
     {
-        $this->authorize('create', Accessory::class);
         $accessory = new Accessory;
         $accessory->fill($request->all());
         $accessory = $request->handleImages($accessory);
@@ -144,15 +152,15 @@ class AccessoriesController extends Controller
     /**
      * Display the specified resource.
      *
+     * @param  int  $id
+     * @return array
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  int  $id
-     * @return \Illuminate\Http\Response
      */
     public function show($id)
     {
         $this->authorize('view', Accessory::class);
-        $accessory = Accessory::withCount('users as users_count')->findOrFail($id);
+        $accessory = Accessory::withCount('checkouts as checkouts_count')->findOrFail($id);
 
         return (new AccessoriesTransformer)->transformAccessory($accessory);
     }
@@ -161,10 +169,10 @@ class AccessoriesController extends Controller
     /**
      * Display the specified resource.
      *
+     * @param  int  $id
+     * @return array
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  int  $id
-     * @return \Illuminate\Http\Response
      */
     public function accessory_detail($id)
     {
@@ -188,35 +196,27 @@ class AccessoriesController extends Controller
         $this->authorize('view', Accessory::class);
 
         $accessory = Accessory::with('lastCheckout')->findOrFail($id);
-        if (! Company::isCurrentUserHasAccess($accessory)) {
-            return ['total' => 0, 'rows' => []];
-        }
 
         $offset = request('offset', 0);
         $limit = request('limit', 50);
 
-        $accessory_users = $accessory->users;
-        $total = $accessory_users->count();
+        $accessory_checkouts = $accessory->checkouts;
+        $total = $accessory_checkouts->count();
 
         if ($total < $offset) {
             $offset = 0;
         }
 
-        $accessory_users = $accessory->users()->skip($offset)->take($limit)->get();
+        $accessory_checkouts = $accessory->checkouts()->skip($offset)->take($limit)->get();
 
         if ($request->filled('search')) {
-            $accessory_users = $accessory->users()
-                                         ->where(function ($query) use ($request) {
-                                             $search_str = '%' . $request->input('search') . '%';
-                                             $query->where('first_name', 'like', $search_str)
-                                                   ->orWhere('last_name', 'like', $search_str)
-                                                   ->orWhere('note', 'like', $search_str);
-                                         })
+            
+            $accessory_checkouts = $accessory->checkouts()->TextSearch($request->input('search'))
                                          ->get();
-            $total = $accessory_users->count();
+            $total = $accessory_checkouts->count();
         }
 
-        return (new AccessoriesTransformer)->transformCheckedoutAccessory($accessory, $accessory_users, $total);
+        return (new AccessoriesTransformer)->transformCheckedoutAccessory($accessory, $accessory_checkouts, $total);
     }
 
 
@@ -273,43 +273,31 @@ class AccessoriesController extends Controller
      * If Slack is enabled and/or asset acceptance is enabled, it will also
      * trigger a Slack message and send an email.
      *
-     * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param  int  $accessoryId
-     * @return \Illuminate\Http\RedirectResponse
+     * @return \Illuminate\Http\JsonResponse
+     * @author [A. Gianotto] [<snipe@snipe.net>]
      */
-    public function checkout(Request $request, $accessoryId)
+    public function checkout(AccessoryCheckoutRequest $request, Accessory $accessory)
     {
-        // Check if the accessory exists
-        if (is_null($accessory = Accessory::withCount('users as users_count')->find($accessoryId))) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.does_not_exist')));
-        }
-
         $this->authorize('checkout', $accessory);
+        $target = $this->determineCheckoutTarget();
+        $accessory->checkout_qty = $request->input('checkout_qty', 1);
 
-
-        if ($accessory->numRemaining() > 0) {
-
-            if (! $user = User::find($request->input('assigned_to'))) {
-                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.checkout.user_does_not_exist')));
-            }
-
-            // Update the accessory data
-            $accessory->assigned_to = $request->input('assigned_to');
-
-            $accessory->users()->attach($accessory->id, [
+        for ($i = 0; $i < $accessory->checkout_qty; $i++) {
+            AccessoryCheckout::create([
                 'accessory_id' => $accessory->id,
                 'created_at' => Carbon::now(),
-                'user_id' => Auth::id(),
-                'assigned_to' => $request->get('assigned_to'),
-                'note' => $request->get('note'),
+                'created_by' => auth()->id(),
+                'assigned_to' => $target->id,
+                'assigned_type' => $target::class,
+                'note' => $request->input('note'),
             ]);
-
-            event(new CheckoutableCheckedOut($accessory, $user, auth()->user(), $request->input('note')));
-
-            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/accessories/message.checkout.success')));
         }
 
-        return response()->json(Helper::formatStandardApiResponse('error', null, 'No accessories remaining'));
+        // Set this value to be able to pass the qty through to the event
+        event(new CheckoutableCheckedOut($accessory, $target, auth()->user(), $request->input('note')));
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/accessories/message.checkout.success')));
 
     }
 
@@ -326,29 +314,21 @@ class AccessoriesController extends Controller
      */
     public function checkin(Request $request, $accessoryUserId = null)
     {
-        if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
+        if (is_null($accessory_checkout = AccessoryCheckout::find($accessoryUserId))) {
             return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.does_not_exist')));
         }
 
-        $accessory = Accessory::find($accessory_user->accessory_id);
+        $accessory = Accessory::find($accessory_checkout->accessory_id);
         $this->authorize('checkin', $accessory);
 
-        $logaction = $accessory->logCheckin(User::find($accessory_user->assigned_to), $request->input('note'));
+        $accessory->logCheckin(User::find($accessory_checkout->assigned_to), $request->input('note'));
 
         // Was the accessory updated?
-        if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {
-            if (! is_null($accessory_user->assigned_to)) {
-                $user = User::find($accessory_user->assigned_to);
+        if ($accessory_checkout->delete()) {
+            if (! is_null($accessory_checkout->assigned_to)) {
+                $user = User::find($accessory_checkout->assigned_to);
             }
 
-            $data['log_id'] = $logaction->id;
-            $data['first_name'] = $user->first_name;
-            $data['last_name'] = $user->last_name;
-            $data['item_name'] = $accessory->name;
-            $data['checkin_date'] = $logaction->created_at;
-            $data['item_tag'] = '';
-            $data['note'] = $logaction->note;
-
             return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.checkin.success')));
         }
 

app/Http/Controllers/Api/AssetMaintenancesController.php

@@ -34,7 +34,7 @@ class AssetMaintenancesController extends Controller
         $this->authorize('view', Asset::class);
 
         $maintenances = AssetMaintenance::select('asset_maintenances.*')
-            ->with('asset', 'asset.model', 'asset.location', 'asset.defaultLoc', 'supplier', 'asset.company',  'asset.assetstatus', 'admin');
+            ->with('asset', 'asset.model', 'asset.location', 'asset.defaultLoc', 'supplier', 'asset.company',  'asset.assetstatus', 'adminuser');
 
         if ($request->filled('search')) {
             $maintenances = $maintenances->TextSearch($request->input('search'));
@@ -48,6 +48,10 @@ class AssetMaintenancesController extends Controller
             $maintenances->where('asset_maintenances.supplier_id', '=', $request->input('supplier_id'));
         }
 
+        if ($request->filled('created_by')) {
+            $maintenances->where('asset_maintenances.created_by', '=', $request->input('created_by'));
+        }
+
         if ($request->filled('asset_maintenance_type')) {
             $maintenances->where('asset_maintenance_type', '=', $request->input('asset_maintenance_type'));
         }
@@ -69,7 +73,7 @@ class AssetMaintenancesController extends Controller
                                 'asset_tag',
                                 'asset_name',
                                 'serial',
-                                'user_id',
+                                'created_by',
                                 'supplier',
                                 'is_warranty',
                                 'status_label',
@@ -79,8 +83,8 @@ class AssetMaintenancesController extends Controller
         $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
 
         switch ($sort) {
-            case 'user_id':
-                $maintenances = $maintenances->OrderAdmin($order);
+            case 'created_by':
+                $maintenances = $maintenances->OrderByCreatedBy($order);
                 break;
             case 'supplier':
                 $maintenances = $maintenances->OrderBySupplier($order);
@@ -124,7 +128,7 @@ class AssetMaintenancesController extends Controller
         // create a new model instance
         $maintenance = new AssetMaintenance();
         $maintenance->fill($request->all());
-        $maintenance->user_id = Auth::id();
+        $maintenance->created_by = auth()->id();
 
         // Was the asset maintenance created?
         if ($maintenance->save()) {
@@ -186,11 +190,8 @@ class AssetMaintenancesController extends Controller
     {
         $this->authorize('update', Asset::class);
         // Check if the asset maintenance exists
-        $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
 
-        if (! Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot delete a maintenance for that asset'));
-        }
+        $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
 
         $assetMaintenance->delete();
 

app/Http/Controllers/Api/AssetModelFilesController.php

@@ -0,0 +1,200 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\StorageHelper;
+use Illuminate\Support\Facades\Storage;
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Models\AssetModel;
+use App\Models\Actionlog;
+use App\Http\Requests\UploadFileRequest;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Log;
+use Symfony\Component\HttpFoundation\StreamedResponse;
+use Symfony\Component\HttpFoundation\BinaryFileResponse;
+
+
+/**
+ * This class controls file related actions related
+ * to assets for the Snipe-IT Asset Management application.
+ *
+ * Based on the Assets/AssetFilesController by A. Gianotto <snipe@snipe.net>
+ *
+ * @version    v1.0
+ * @author [T. Scarsbrook] [<snipe@scarzybrook.co.uk>]
+ */
+class AssetModelFilesController extends Controller
+{
+    /**
+     * Accepts a POST to upload a file to the server.
+     *
+     * @param \App\Http\Requests\UploadFileRequest $request
+     * @param int $assetModelId
+     * @since [v7.0.12]
+     * @author [r-xyz]
+     */
+    public function store(UploadFileRequest $request, $assetModelId = null) : JsonResponse
+    {
+        // Start by checking if the asset being acted upon exists
+        if (! $assetModel = AssetModel::find($assetModelId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.does_not_exist')), 404);
+        }
+
+        // Make sure we are allowed to update this asset
+        $this->authorize('update', $assetModel);
+
+            if ($request->hasFile('file')) {
+            // If the file storage directory doesn't exist; create it
+            if (! Storage::exists('private_uploads/assetmodels')) {
+                Storage::makeDirectory('private_uploads/assetmodels', 775);
+            }
+
+            // Loop over the attached files and add them to the asset
+            foreach ($request->file('file') as $file) {
+                $file_name = $request->handleFile('private_uploads/assetmodels/','model-'.$assetModel->id, $file);
+                
+                $assetModel->logUpload($file_name, e($request->get('notes')));
+            }
+
+            // All done - report success
+            return response()->json(Helper::formatStandardApiResponse('success', $assetModel, trans('admin/models/message.upload.success')));
+        }
+
+        // We only reach here if no files were included in the POST, so tell the user this
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.upload.nofiles')), 500);
+    }
+
+    /**
+     * List the files for an asset.
+     *
+     * @param  int $assetModelId
+     * @since [v7.0.12]
+     * @author [r-xyz]
+     */
+    public function list($assetModelId = null) : JsonResponse
+    {
+        // Start by checking if the asset being acted upon exists
+        if (! $assetModel = AssetModel::find($assetModelId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.does_not_exist')), 404);
+        }
+        
+        // the asset is valid
+        if (isset($assetModel->id)) {
+            $this->authorize('view', $assetModel);
+
+            // Check that there are some uploads on this asset that can be listed
+            if ($assetModel->uploads->count() > 0) {
+                $files = array();
+                foreach ($assetModel->uploads as $upload) {
+                    array_push($files, $upload);
+                }
+                // Give the list of files back to the user
+                return response()->json(Helper::formatStandardApiResponse('success', $files, trans('admin/models/message.upload.success')));
+            }
+
+            // There are no files.
+            return response()->json(Helper::formatStandardApiResponse('success', array(), trans('admin/models/message.upload.success')));
+        }
+
+        // Send back an error message
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.download.error')), 500);
+    }
+
+    /**
+     * Check for permissions and display the file.
+     *
+     * @param  int $assetModelId
+     * @param  int $fileId
+     * @return \Illuminate\Http\JsonResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     * @since [v7.0.12]
+     * @author [r-xyz]
+     */
+    public function show($assetModelId = null, $fileId = null) : JsonResponse | StreamedResponse | Storage | StorageHelper | BinaryFileResponse
+    {
+        // Start by checking if the asset being acted upon exists
+        if (! $assetModel = AssetModel::find($assetModelId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.does_not_exist')), 404);
+        }
+
+        // the asset is valid
+        if (isset($assetModel->id)) {
+            $this->authorize('view', $assetModel);
+
+            // Check that the file being requested exists for the asset
+            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $assetModel->id)->find($fileId)) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.download.no_match', ['id' => $fileId])), 404);
+            }
+
+            // Form the full filename with path
+            $file = 'private_uploads/assetmodels/'.$log->filename;
+            Log::debug('Checking for '.$file);
+
+            if ($log->action_type == 'audit') {
+                $file = 'private_uploads/audits/'.$log->filename;
+            }
+
+            // Check the file actually exists on the filesystem
+            if (! Storage::exists($file)) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.download.does_not_exist', ['id' => $fileId])), 404);
+            }
+
+            if (request('inline') == 'true') {
+
+                $headers = [
+                    'Content-Disposition' => 'inline',
+                ];
+
+                return Storage::download($file, $log->filename, $headers);
+            }
+
+            return StorageHelper::downloader($file);
+        }
+
+        // Send back an error message
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.download.error', ['id' => $fileId])), 500);
+    }
+
+    /**
+     * Delete the associated file
+     *
+     * @param  int $assetModelId
+     * @param  int $fileId
+     * @since [v7.0.12]
+     * @author [r-xyz]
+     */
+    public function destroy($assetModelId = null, $fileId = null) : JsonResponse
+    {
+        // Start by checking if the asset being acted upon exists
+        if (! $assetModel = AssetModel::find($assetModelId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.does_not_exist')), 404);
+        }
+
+        $rel_path = 'private_uploads/assetmodels';
+
+        // the asset is valid
+        if (isset($assetModel->id)) {
+            $this->authorize('update', $assetModel);
+
+            // Check for the file
+            $log = Actionlog::find($fileId);
+            if ($log) {
+                // Check the file actually exists, and delete it
+                if (Storage::exists($rel_path.'/'.$log->filename)) {
+                    Storage::delete($rel_path.'/'.$log->filename);
+                }
+                // Delete the record of the file
+                $log->delete();
+
+                // All deleting done - notify the user of success
+                return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/models/message.deletefile.success')), 200);
+            }
+
+            // The file doesn't seem to really exist, so report an error
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.deletefile.error')), 500);
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.deletefile.error')), 500);
+    }
+}

app/Http/Controllers/Api/AssetModelsController.php

@@ -48,26 +48,29 @@ class AssetModelsController extends Controller
                 'assets_count',
                 'category',
                 'fieldset',
+                'deleted_at',
+                'updated_at',
             ];
 
         $assetmodels = AssetModel::select([
             'models.id',
             'models.image',
             'models.name',
-            'model_number',
-            'min_amt',
-            'eol',
-            'requestable',
+            'models.model_number',
+            'models.min_amt',
+            'models.eol',
+            'models.created_by',
+            'models.requestable',
             'models.notes',
             'models.created_at',
-            'category_id',
-            'manufacturer_id',
-            'depreciation_id',
-            'fieldset_id',
+            'models.category_id',
+            'models.manufacturer_id',
+            'models.depreciation_id',
+            'models.fieldset_id',
             'models.deleted_at',
             'models.updated_at',
          ])
-            ->with('category', 'depreciation', 'manufacturer', 'fieldset.fields.defaultValues')
+            ->with('category', 'depreciation', 'manufacturer', 'fieldset.fields.defaultValues', 'adminuser')
             ->withCount('assets as assets_count');
 
         if ($request->input('status')=='deleted') {
@@ -78,6 +81,10 @@ class AssetModelsController extends Controller
             $assetmodels = $assetmodels->where('models.category_id', '=', $request->input('category_id'));
         }
 
+        if ($request->filled('depreciation_id')) {
+            $assetmodels = $assetmodels->where('models.depreciation_id', '=', $request->input('depreciation_id'));
+        }
+
         if ($request->filled('search')) {
             $assetmodels->TextSearch($request->input('search'));
         }
@@ -89,7 +96,7 @@ class AssetModelsController extends Controller
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'models.created_at';
 
-        switch ($sort) {
+        switch ($request->input('sort')) {
             case 'manufacturer':
                 $assetmodels->OrderManufacturer($order);
                 break;
@@ -99,6 +106,9 @@ class AssetModelsController extends Controller
             case 'fieldset':
                 $assetmodels->OrderFieldset($order);
                 break;
+            case 'created_by':
+                $assetmodels->OrderByCreatedByName($order);
+                break;
             default:
                 $assetmodels->orderBy($sort, $order);
                 break;

app/Http/Controllers/Api/AssetsController.php

@@ -4,6 +4,7 @@ namespace App\Http\Controllers\Api;
 
 use App\Events\CheckoutableCheckedIn;
 use App\Http\Requests\StoreAssetRequest;
+use App\Http\Requests\UpdateAssetRequest;
 use App\Http\Traits\MigratesLegacyAssetLocations;
 use App\Models\CheckoutAcceptance;
 use App\Models\LicenseSeat;
@@ -55,6 +56,11 @@ class AssetsController extends Controller
     public function index(Request $request, $action = null, $upcoming_status = null) : JsonResponse | array
     {
 
+
+        // This handles the legacy audit endpoints :(
+        if ($action == 'audit') {
+            $action = 'audits';
+        }
         $filter_non_deprecable_assets = false;
 
         /**
@@ -120,7 +126,7 @@ class AssetsController extends Controller
         }
 
         $assets = Asset::select('assets.*')
-            ->with('location', 'assetstatus', 'company', 'defaultLoc','assignedTo',
+            ->with('location', 'assetstatus', 'company', 'defaultLoc','assignedTo', 'adminuser','model.depreciation',
                 'model.category', 'model.manufacturer', 'model.fieldset','supplier'); //it might be tempting to add 'assetlog' here, but don't. It blows up update-heavy users.
 
 
@@ -153,8 +159,8 @@ class AssetsController extends Controller
          * Handle due and overdue audits and checkin dates
          */
         switch ($action) {
-            case 'audits':
-
+            // Audit (singular) is left over from earlier legacy APIs
+            case 'audits' :
                 switch ($upcoming_status) {
                     case 'due':
                         $assets->DueForAudit($settings);
@@ -370,8 +376,33 @@ class AssetsController extends Controller
             case 'assigned_to':
                 $assets->OrderAssigned($order);
                 break;
+            case 'created_by':
+                $assets->OrderByCreatedByName($order);
+                break;
             default:
+                $numeric_sort = false;
+
+                // Search through the custom fields array to see if we're sorting on a custom field
+                if (array_search($column_sort, $all_custom_fields->pluck('db_column')->toArray()) !== false) {
+
+                    // Check to see if this is a numeric field type
+                    foreach ($all_custom_fields as $field) {
+                        if (($field->db_column == $sort_override) && ($field->format == 'NUMERIC')) {
+                            $numeric_sort = true;
+                            break;
+                        }
+                    }
+
+                    // This may not work for all databases, but it works for MySQL
+                    if ($numeric_sort) {
+                        $assets->orderByRaw(DB::getTablePrefix() . 'assets.' . $sort_override . ' * 1 ' . $order);
+                    } else {
+                        $assets->orderBy($sort_override, $order);
+                    }
+
+                } else {
                     $assets->orderBy($column_sort, $order);
+                }
                 break;
         }
 
@@ -567,7 +598,7 @@ class AssetsController extends Controller
         $asset->model()->associate(AssetModel::find((int) $request->get('model_id')));
 
         $asset->fill($request->validated());
-        $asset->user_id    = Auth::id();
+        $asset->created_by    = auth()->id();
 
         /**
         * this is here just legacy reasons. Api\AssetController
@@ -601,7 +632,7 @@ class AssetsController extends Controller
                 if ($field->field_encrypted == '1') {
                     Log::debug('This model field is encrypted in this fieldset.');
 
-                    if (Gate::allows('admin')) {
+                    if (Gate::allows('assets.view.encrypted_custom_fields')) {
 
                         // If input value is null, use custom field's default value
                         if (($field_val == null) && ($request->has('model_id') != '')) {
@@ -651,25 +682,24 @@ class AssetsController extends Controller
      * Accepts a POST request to update an asset
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
-     * @param \App\Http\Requests\ImageUploadRequest $request
      * @since [v4.0]
      */
-    public function update(ImageUploadRequest $request, $id) : JsonResponse
+    public function update(UpdateAssetRequest $request, Asset $asset): JsonResponse
     {
-        $this->authorize('update', Asset::class);
+        $asset->fill($request->validated());
 
-        if ($asset = Asset::find($id)) {
-            $asset->fill($request->all());
-
-            ($request->filled('model_id')) ?
-                $asset->model()->associate(AssetModel::find($request->get('model_id'))) : null;
-            ($request->filled('rtd_location_id')) ?
-                $asset->location_id = $request->get('rtd_location_id') : '';
-            ($request->filled('company_id')) ?
-                $asset->company_id = Company::getIdForCurrentUser($request->get('company_id')) : '';
-
-            ($request->filled('rtd_location_id')) ?
-                $asset->location_id = $request->get('rtd_location_id') : null;
+        if ($request->has('model_id')) {
+            $asset->model()->associate(AssetModel::find($request->validated()['model_id']));
+        }
+        if ($request->has('company_id')) {
+            $asset->company_id = Company::getIdForCurrentUser($request->validated()['company_id']);
+        }
+        if ($request->has('rtd_location_id') && !$request->has('location_id')) {
+            $asset->location_id = $request->validated()['rtd_location_id'];
+        }
+        if ($request->input('last_audit_date')) {
+            $asset->last_audit_date = Carbon::parse($request->input('last_audit_date'))->startOfDay()->format('Y-m-d H:i:s');
+        }
 
         /**
         * this is here just legacy reasons. Api\AssetController
@@ -680,7 +710,7 @@ class AssetsController extends Controller
         }
 
         $asset = $request->handleImages($asset);
-            $model = AssetModel::find($asset->model_id);
+        $model = $asset->model;
             
             // Update custom fields
             $problems_updating_encrypted_custom_fields = false;
@@ -695,7 +725,7 @@ class AssetsController extends Controller
                             }
                         }
                         if ($field->field_encrypted == '1') {
-                            if (Gate::allows('admin')) {
+                            if (Gate::allows('assets.view.encrypted_custom_fields')) {
                                 $field_val = Crypt::encrypt($field_val);
                             } else {
                                 $problems_updating_encrypted_custom_fields = true;
@@ -706,15 +736,13 @@ class AssetsController extends Controller
                     }
                 }
             }
-
-
             if ($asset->save()) {
                 if (($request->filled('assigned_user')) && ($target = User::find($request->get('assigned_user')))) {
                         $location = $target->location_id;
                 } elseif (($request->filled('assigned_asset')) && ($target = Asset::find($request->get('assigned_asset')))) {
                     $location = $target->location_id;
 
-                    Asset::where('assigned_type', \App\Models\Asset::class)->where('assigned_to', $id)
+                    Asset::where('assigned_type', \App\Models\Asset::class)->where('assigned_to', $asset->id)
                         ->update(['location_id' => $target->location_id]);
                 } elseif (($request->filled('assigned_location')) && ($target = Location::find($request->get('assigned_location')))) {
                     $location = $target->id;
@@ -734,13 +762,9 @@ class AssetsController extends Controller
                 return response()->json(Helper::formatStandardApiResponse('success', $asset, trans('admin/hardware/message.update.success')));
             }
         }
-
         return response()->json(Helper::formatStandardApiResponse('error', null, $asset->getErrors()), 200);
     }
 
-        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
-    }
-
 
     /**
      * Delete a given asset (mark as deleted).
@@ -756,9 +780,16 @@ class AssetsController extends Controller
         if ($asset = Asset::find($id)) {
             $this->authorize('delete', $asset);
 
+            if ($asset->assignedTo) {
+
+                $target = $asset->assignedTo;
+                $checkin_at = date('Y-m-d H:i:s');
+                $originalValues = $asset->getRawOriginal();
+                event(new CheckoutableCheckedIn($asset, $target, auth()->user(), 'Checkin on delete', $checkin_at, $originalValues));
                 DB::table('assets')
                     ->where('id', $asset->id)
                     ->update(['assigned_to' => null]);
+            }
 
             $asset->delete();
 
@@ -934,7 +965,7 @@ class AssetsController extends Controller
             }
         }
 
-        if ($request->has('status_id')) {
+        if ($request->filled('status_id')) {
             $asset->status_id = $request->input('status_id');
         }
         
@@ -984,7 +1015,7 @@ class AssetsController extends Controller
     public function checkinByTag(Request $request, $tag = null) : JsonResponse
     {
         $this->authorize('checkin', Asset::class);
-        if(null == $tag && null !== ($request->input('asset_tag'))) {
+        if (null == $tag && null !== ($request->input('asset_tag'))) {
             $tag = $request->input('asset_tag');
         }
         $asset = Asset::where('asset_tag', $tag)->first();

app/Http/Controllers/Api/CategoriesController.php

@@ -43,6 +43,7 @@ class CategoriesController extends Controller
 
         $categories = Category::select([
             'id',
+            'created_by',
             'created_at',
             'updated_at',
             'name', 'category_type',
@@ -50,8 +51,10 @@ class CategoriesController extends Controller
             'eula_text',
             'require_acceptance',
             'checkin_email',
-            'image'
-            ])->withCount('accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count');
+            'image',
+            ])
+            ->with('adminuser')
+            ->withCount('accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count');
 
 
         /*
@@ -91,13 +94,33 @@ class CategoriesController extends Controller
             $categories->where('checkin_email', '=', $request->input('checkin_email'));
         }
 
+        if ($request->filled('created_by')) {
+            $categories->where('created_by', '=', $request->input('created_by'));
+        }
+
+        if ($request->filled('created_at')) {
+            $categories->where('created_at', '=', $request->input('created_at'));
+        }
+
+        if ($request->filled('updated_at')) {
+            $categories->where('updated_at', '=', $request->input('updated_at'));
+        }
+
         // Make sure the offset and limit are actually integers and do not exceed system limits
         $offset = ($request->input('offset') > $categories->count()) ? $categories->count() : app('api_offset_value');
         $limit = app('api_limit_value');
-
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'assets_count';
-        $categories->orderBy($sort, $order);
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'assets_count';
+
+        switch ($sort_override) {
+            case 'created_by':
+                $categories = $categories->OrderByCreatedBy($order);
+                break;
+            default:
+                $categories = $categories->orderBy($column_sort, $order);
+                break;
+        }
 
         $total = $categories->count();
         $categories = $categories->skip($offset)->take($limit)->get();

app/Http/Controllers/Api/CompaniesController.php

@@ -42,7 +42,7 @@ class CompaniesController extends Controller
 
         $companies = Company::withCount(['assets as assets_count'  => function ($query) {
             $query->AssetsForShow();
-        }])->withCount('licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'users as users_count');
+        }])->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'users as users_count');
 
         if ($request->filled('search')) {
             $companies->TextSearch($request->input('search'));
@@ -56,17 +56,29 @@ class CompaniesController extends Controller
             $companies->where('email', '=', $request->input('email'));
         }
 
+        if ($request->filled('created_by')) {
+            $companies->where('created_by', '=', $request->input('created_by'));
+        }
+
 
         // Make sure the offset and limit are actually integers and do not exceed system limits
         $offset = ($request->input('offset') > $companies->count()) ? $companies->count() : app('api_offset_value');
         $limit = app('api_limit_value');
-
-
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
-        $companies->orderBy($sort, $order);
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
+
+        switch ($sort_override) {
+            case 'created_by':
+                $companies = $companies->OrderByCreatedBy($order);
+                break;
+            default:
+                $companies = $companies->orderBy($column_sort, $order);
+                break;
+        }
 
         $total = $companies->count();
+
         $companies = $companies->skip($offset)->take($limit)->get();
         return (new CompaniesTransformer)->transformCompanies($companies, $total);
 

app/Http/Controllers/Api/ComponentsController.php

@@ -38,6 +38,7 @@ class ComponentsController extends Controller
                 'name',
                 'min_amt',
                 'order_number',
+                'model_number',
                 'serial',
                 'purchase_date',
                 'purchase_cost',
@@ -47,7 +48,7 @@ class ComponentsController extends Controller
             ];
 
         $components = Component::select('components.*')
-            ->with('company', 'location', 'category', 'assets', 'supplier');
+            ->with('company', 'location', 'category', 'assets', 'supplier', 'adminuser', 'manufacturer');
 
         if ($request->filled('search')) {
             $components = $components->TextSearch($request->input('search'));
@@ -69,6 +70,14 @@ class ComponentsController extends Controller
             $components->where('supplier_id', '=', $request->input('supplier_id'));
         }
 
+        if ($request->filled('manufacturer_id')) {
+            $components->where('manufacturer_id', '=', $request->input('manufacturer_id'));
+        }
+
+        if ($request->filled('model_number')) {
+            $components->where('model_number', '=', $request->input('model_number'));
+        }
+
         if ($request->filled('location_id')) {
             $components->where('location_id', '=', $request->input('location_id'));
         }
@@ -98,6 +107,12 @@ class ComponentsController extends Controller
             case 'supplier':
                 $components = $components->OrderSupplier($order);
                 break;
+            case 'manufacturer':
+                $components = $components->OrderManufacturer($order);
+                break;
+            case 'created_by':
+                $components = $components->OrderByCreatedBy($order);
+                break;
             default:
                 $components = $components->orderBy($column_sort, $order);
                 break;
@@ -270,7 +285,7 @@ class ComponentsController extends Controller
                 'component_id' => $component->id,
                 'created_at' => Carbon::now(),
                 'assigned_qty' => $request->get('assigned_qty', 1),
-                'user_id' => auth()->id(),
+                'created_by' => auth()->id(),
                 'asset_id' => $request->get('assigned_to'),
                 'note' => $request->get('note'),
             ]);

app/Http/Controllers/Api/ConsumablesController.php

@@ -86,9 +86,15 @@ class ConsumablesController extends Controller
             case 'company':
                 $consumables = $consumables->OrderCompany($order);
                 break;
+            case 'remaining':
+                $consumables = $consumables->OrderRemaining($order);
+                break;
             case 'supplier':
                 $consumables = $consumables->OrderSupplier($order);
                 break;
+            case 'created_by':
+                $consumables = $consumables->OrderByCreatedBy($order);
+                break;
             default:
                 // This array is what determines which fields should be allowed to be sorted on ON the table itself.
                 // These must match a column on the consumables table directly.
@@ -207,7 +213,7 @@ class ConsumablesController extends Controller
         $consumable = Consumable::with(['consumableAssignments'=> function ($query) {
             $query->orderBy($query->getModel()->getTable().'.created_at', 'DESC');
         },
-        'consumableAssignments.admin'=> function ($query) {
+        'consumableAssignments.adminuser'=> function ($query) {
         },
         'consumableAssignments.user'=> function ($query) {
         },
@@ -225,7 +231,8 @@ class ConsumablesController extends Controller
                 'name' => ($consumable_assignment->user) ? $consumable_assignment->user->present()->nameUrl() : 'Deleted User',
                 'created_at' => Helper::getFormattedDateObject($consumable_assignment->created_at, 'datetime'),
                 'note' => ($consumable_assignment->note) ? e($consumable_assignment->note) : null,
-                'admin' => ($consumable_assignment->admin) ? $consumable_assignment->admin->present()->nameUrl() : null,
+                'admin' => ($consumable_assignment->adminuser) ? $consumable_assignment->adminuser->present()->nameUrl() : null, // legacy, so we don't change the shape of the response
+                'created_by' => ($consumable_assignment->adminuser) ? $consumable_assignment->adminuser->present()->nameUrl() : null,
             ];
         }
 
@@ -251,6 +258,8 @@ class ConsumablesController extends Controller
 
         $this->authorize('checkout', $consumable);
 
+        $consumable->checkout_qty = $request->input('checkout_qty', 1);
+
         // Make sure there is at least one available to checkout
         if ($consumable->numRemaining() <= 0) {
             return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/consumables/message.checkout.unavailable')));
@@ -261,6 +270,12 @@ class ConsumablesController extends Controller
             return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.invalid_item_category_single', ['type' => trans('general.consumable')])));
         }
 
+        // Make sure there is at least one available to checkout
+        if ($consumable->numRemaining() <= 0 || $consumable->checkout_qty > $consumable->numRemaining()) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/consumables/message.checkout.unavailable', ['requested' => $consumable->checkout_qty, 'remaining' => $consumable->numRemaining() ])));
+        }
+
+
 
         // Check if the user exists - @TODO:  this should probably be handled via validation, not here??
         if (!$user = User::find($request->input('assigned_to'))) {
@@ -271,14 +286,17 @@ class ConsumablesController extends Controller
         // Update the consumable data
         $consumable->assigned_to = $request->input('assigned_to');
 
+        for ($i = 0; $i < $consumable->checkout_qty; $i++) {
             $consumable->users()->attach($consumable->id,
                 [
                     'consumable_id' => $consumable->id,
-                    'user_id' => $user->id,
+                    'created_by' => $user->id,
                     'assigned_to' => $request->input('assigned_to'),
                     'note' => $request->input('note'),
                 ]
             );
+        }
+
 
         event(new CheckoutableCheckedOut($consumable, $user, auth()->user(), $request->input('note')));
 

app/Http/Controllers/Api/DepartmentsController.php

@@ -97,7 +97,7 @@ class DepartmentsController extends Controller
         $department->fill($request->all());
         $department = $request->handleImages($department);
 
-        $department->user_id = auth()->id();
+        $department->created_by = auth()->id();
         $department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
 
         if ($department->save()) {

app/Http/Controllers/Api/DepreciationsController.php

@@ -20,9 +20,23 @@ class DepreciationsController extends Controller
     public function index(Request $request) : JsonResponse | array
     {
         $this->authorize('view', Depreciation::class);
-        $allowed_columns = ['id','name','months','depreciation_min','created_at'];
+        $allowed_columns = [
+            'id',
+            'name',
+            'months',
+            'depreciation_min',
+            'depreciation_type',
+            'created_at',
+            'assets_count',
+            'models_count',
+            'licenses_count',
+        ];
 
-        $depreciations = Depreciation::select('id','name','months','depreciation_min','user_id','created_at','updated_at');
+        $depreciations = Depreciation::select('id','name','months','depreciation_min','depreciation_type','created_at','updated_at', 'created_by')
+            ->with('adminuser')
+            ->withCount('assets as assets_count')
+            ->withCount('models as models_count')
+            ->withCount('licenses as licenses_count');
 
         if ($request->filled('search')) {
             $depreciations = $depreciations->TextSearch($request->input('search'));
@@ -31,10 +45,18 @@ class DepreciationsController extends Controller
         // Make sure the offset and limit are actually integers and do not exceed system limits
         $offset = ($request->input('offset') > $depreciations->count()) ? $depreciations->count() : app('api_offset_value');
         $limit = app('api_limit_value');
-
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
-        $depreciations->orderBy($sort, $order);
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
+
+        switch ($sort_override) {
+            case 'created_by':
+                $depreciations = $depreciations->OrderByCreatedBy($order);
+                break;
+            default:
+                $depreciations = $depreciations->orderBy($column_sort, $order);
+                break;
+        }
 
         $total = $depreciations->count();
         $depreciations = $depreciations->skip($offset)->take($limit)->get();

app/Http/Controllers/Api/GroupsController.php

@@ -23,9 +23,8 @@ class GroupsController extends Controller
         $this->authorize('superadmin');
 
         $this->authorize('view', Group::class);
-        $allowed_columns = ['id', 'name', 'created_at', 'users_count'];
 
-        $groups = Group::select('id', 'name', 'permissions', 'created_at', 'updated_at', 'created_by')->with('admin')->withCount('users as users_count');
+        $groups = Group::select('id', 'name', 'permissions', 'created_at', 'updated_at', 'created_by')->with('adminuser')->withCount('users as users_count');
 
         if ($request->filled('search')) {
             $groups = $groups->TextSearch($request->input('search'));
@@ -35,13 +34,29 @@ class GroupsController extends Controller
             $groups->where('name', '=', $request->input('name'));
         }
 
-        // Make sure the offset and limit are actually integers and do not exceed system limits
+
         $offset = ($request->input('offset') > $groups->count()) ? $groups->count() : app('api_offset_value');
         $limit = app('api_limit_value');
-
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+
+        switch ($request->input('sort')) {
+            case 'created_by':
+                $groups = $groups->OrderByCreatedBy($order);
+                break;
+            default:
+                // This array is what determines which fields should be allowed to be sorted on ON the table itself.
+                // These must match a column on the consumables table directly.
+                $allowed_columns = [
+                    'id',
+                    'name',
+                    'created_at',
+                    'users_count',
+                ];
+
                 $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
-        $groups->orderBy($sort, $order);
+                $groups = $groups->orderBy($sort, $order);
+                break;
+        }
 
         $total = $groups->count();
         $groups = $groups->skip($offset)->take($limit)->get();

app/Http/Controllers/Api/ImportController.php

@@ -28,8 +28,7 @@ class ImportController extends Controller
     public function index() : JsonResponse | array
     {
         $this->authorize('import');
-        $imports = Import::latest()->get();
-
+        $imports = Import::with('adminuser')->latest()->get();
         return (new ImportsTransformer)->transformImports($imports);
     }
 
@@ -133,7 +132,7 @@ class ImportController extends Controller
                 }
 
                 $import->filesize = filesize($path.'/'.$file_name);
-                
+                $import->created_by = auth()->id();
                 $import->save();
                 $results[] = $import;
             }
@@ -177,6 +176,9 @@ class ImportController extends Controller
             case 'asset':
                 $redirectTo = 'hardware.index';
                 break;
+            case 'assetModel':
+                $redirectTo = 'models.index';
+                break;
             case 'accessory':
                 $redirectTo = 'accessories.index';
                 break;

app/Http/Controllers/Api/LicenseSeatsController.php

@@ -107,7 +107,7 @@ class LicenseSeatsController extends Controller
 
         // attempt to update the license seat
         $licenseSeat->fill($request->all());
-        $licenseSeat->user_id = auth()->id();
+        $licenseSeat->created_by = auth()->id();
 
         // check if this update is a checkin operation
         // 1. are relevant fields touched at all?

app/Http/Controllers/Api/LicensesController.php

@@ -24,10 +24,10 @@ class LicensesController extends Controller
     {
         $this->authorize('view', License::class);
 
-        $licenses = License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count');
+        $licenses = License::with('company', 'manufacturer', 'supplier','category', 'adminuser')->withCount('freeSeats as free_seats_count');
 
         if ($request->filled('company_id')) {
-            $licenses->where('company_id', '=', $request->input('company_id'));
+            $licenses->where('licenses.company_id', '=', $request->input('company_id'));
         }
 
         if ($request->filled('name')) {
@@ -70,6 +70,9 @@ class LicensesController extends Controller
             $licenses->where('depreciation_id', '=', $request->input('depreciation_id'));
         }
 
+        if ($request->filled('created_by')) {
+            $licenses->where('created_by', '=', $request->input('created_by'));
+        }
 
         if (($request->filled('maintained')) && ($request->input('maintained')=='true')) {
             $licenses->where('maintained','=',1);
@@ -113,6 +116,9 @@ class LicensesController extends Controller
             case 'company':
                 $licenses = $licenses->leftJoin('companies', 'licenses.company_id', '=', 'companies.id')->orderBy('companies.name', $order);
                 break;
+            case 'created_by':
+                $licenses = $licenses->OrderByCreatedBy($order);
+                break;
             default:
                 $allowed_columns =
                     [
@@ -176,7 +182,7 @@ class LicensesController extends Controller
     public function show($id) : JsonResponse | array
     {
         $this->authorize('view', License::class);
-        $license = License::withCount('freeSeats')->findOrFail($id);
+        $license = License::withCount('freeSeats as free_seats_count')->findOrFail($id);
         $license = $license->load('assignedusers', 'licenseSeats.user', 'licenseSeats.asset');
 
         return (new LicensesTransformer)->transformLicense($license);
@@ -214,7 +220,6 @@ class LicensesController extends Controller
      */
     public function destroy($id) : JsonResponse
     {
-        //
         $license = License::findOrFail($id);
         $this->authorize('delete', $license);
 

app/Http/Controllers/Api/LocationsController.php

@@ -5,8 +5,10 @@ namespace App\Http\Controllers\Api;
 use App\Helpers\Helper;
 use App\Http\Requests\ImageUploadRequest;
 use App\Http\Controllers\Controller;
+use App\Http\Transformers\AssetsTransformer;
 use App\Http\Transformers\LocationsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Asset;
 use App\Models\Location;
 use Illuminate\Http\Request;
 use Illuminate\Pagination\LengthAwarePaginator;
@@ -222,6 +224,15 @@ class LocationsController extends Controller
         return response()->json(Helper::formatStandardApiResponse('error', null, $location->getErrors()));
     }
 
+    public function assets(Request $request, Location $location) : JsonResponse | array
+    {
+        $this->authorize('view', Asset::class);
+        $this->authorize('view', $location);
+        $assets = Asset::where('assigned_to', '=', $location->id)->where('assigned_type', '=', Location::class)->with('model', 'model.category', 'assetstatus', 'location', 'company', 'defaultLoc');
+        $assets = $assets->get();
+        return (new AssetsTransformer)->transformAssets($assets, $assets->count(), $request);
+    }
+
     /**
      * Remove the specified resource from storage.
      *
@@ -237,6 +248,7 @@ class LocationsController extends Controller
             ->withCount('rtd_assets as rtd_assets_count')
             ->withCount('children as children_count')
             ->withCount('users as users_count')
+            ->withCount('accessories as accessories_count')
             ->findOrFail($id);
 
         if (! $location->isDeletable()) {

app/Http/Controllers/Api/ManufacturersController.php

@@ -25,11 +25,43 @@ class ManufacturersController extends Controller
     public function index(Request $request) : JsonResponse | array
     {
         $this->authorize('view', Manufacturer::class);
-        $allowed_columns = ['id', 'name', 'url', 'support_url', 'support_email', 'warranty_lookup_url', 'support_phone', 'created_at', 'updated_at', 'image', 'assets_count', 'consumables_count', 'components_count', 'licenses_count'];
+        $allowed_columns =  [
+            'id',
+            'name',
+            'url',
+            'support_url',
+            'support_email',
+            'warranty_lookup_url',
+            'support_phone',
+            'created_at',
+            'updated_at',
+            'image',
+            'assets_count',
+            'consumables_count',
+            'components_count',
+            'licenses_count'
+        ];
 
-        $manufacturers = Manufacturer::select(
-            ['id', 'name', 'url', 'support_url', 'warranty_lookup_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'deleted_at']
-        )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('consumables as consumables_count')->withCount('accessories as accessories_count');
+        $manufacturers = Manufacturer::select([
+                'id',
+                'name',
+                'url',
+                'support_url',
+                'warranty_lookup_url',
+                'support_email',
+                'support_phone',
+                'created_by',
+                'created_at',
+                'updated_at',
+                'image',
+                'deleted_at',
+            ])
+            ->with('adminuser')
+            ->withCount('assets as assets_count')
+            ->withCount('licenses as licenses_count')
+            ->withCount('consumables as consumables_count')
+            ->withCount('accessories as accessories_count')
+            ->withCount('components as components_count');
 
         if ($request->input('deleted') == 'true') {
             $manufacturers->onlyTrashed();
@@ -66,10 +98,18 @@ class ManufacturersController extends Controller
         // Make sure the offset and limit are actually integers and do not exceed system limits
         $offset = ($request->input('offset') > $manufacturers->count()) ? $manufacturers->count() : app('api_offset_value');
         $limit = app('api_limit_value');
-
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
-        $manufacturers->orderBy($sort, $order);
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
+
+        switch ($sort_override) {
+            case 'created_by':
+                $manufacturers = $manufacturers->OrderByCreatedBy($order);
+                break;
+            default:
+                $manufacturers = $manufacturers->orderBy($column_sort, $order);
+                break;
+        }
 
         $total = $manufacturers->count();
         $manufacturers = $manufacturers->skip($offset)->take($limit)->get();
@@ -181,7 +221,7 @@ class ManufacturersController extends Controller
                 $logaction->item_type = Manufacturer::class;
                 $logaction->item_id = $manufacturer->id;
                 $logaction->created_at = date('Y-m-d H:i:s');
-                $logaction->user_id = auth()->id();
+                $logaction->created_by = auth()->id();
                 $logaction->logaction('restore');
 
                 return response()->json(Helper::formatStandardApiResponse('success', trans('admin/manufacturers/message.restore.success')), 200);

app/Http/Controllers/Api/PredefinedKitsController.php

@@ -23,9 +23,8 @@ class PredefinedKitsController extends Controller
     public function index(Request $request) : JsonResponse | array
     {
         $this->authorize('view', PredefinedKit::class);
-        $allowed_columns = ['id', 'name'];
 
-        $kits = PredefinedKit::query();
+        $kits = PredefinedKit::query()->with('adminuser');
 
         if ($request->filled('search')) {
             $kits = $kits->TextSearch($request->input('search'));
@@ -36,8 +35,25 @@ class PredefinedKitsController extends Controller
         $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'desc' ? 'desc' : 'asc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'name';
-        $kits->orderBy($sort, $order);
+
+        switch ($request->input('sort')) {
+            case 'created_by':
+                $kits = $kits->OrderByCreatedBy($order);
+                break;
+            default:
+                // This array is what determines which fields should be allowed to be sorted on ON the table itself.
+                // These must match a column on the consumables table directly.
+                $allowed_columns = [
+                    'id',
+                    'name',
+                    'created_at',
+                    'updated_at',
+                ];
+
+                $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+                $kits = $kits->orderBy($sort, $order);
+                break;
+        }
 
         $total = $kits->count();
         $kits = $kits->skip($offset)->take($limit)->get();
@@ -246,7 +262,7 @@ class PredefinedKitsController extends Controller
 
         $relation = $kit->models();
         if ($relation->find($model_id)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, ['model' => 'Model already attached to kit']));
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['model' => trans('admin/kits/general.model_already_attached')]));
         }
         $relation->attach($model_id, ['quantity' => $quantity]);
 

app/Http/Controllers/Api/ReportsController.php

@@ -20,7 +20,7 @@ class ReportsController extends Controller
     {
         $this->authorize('reports.view');
 
-        $actionlogs = Actionlog::with('item', 'user', 'admin', 'target', 'location');
+        $actionlogs = Actionlog::with('item', 'user', 'adminuser', 'target', 'location');
 
         if ($request->filled('search')) {
             $actionlogs = $actionlogs->TextSearch(e($request->input('search')));
@@ -45,36 +45,40 @@ class ReportsController extends Controller
         }
 
         if ($request->filled('action_type')) {
-            $actionlogs = $actionlogs->where('action_type', '=', $request->input('action_type'))->orderBy('created_at', 'desc');
+            $actionlogs = $actionlogs->where('action_type', '=', $request->input('action_type'));
         }
 
-        if ($request->filled('user_id')) {
-            $actionlogs = $actionlogs->where('user_id', '=', $request->input('user_id'));
+        if ($request->filled('created_by')) {
+            $actionlogs = $actionlogs->where('created_by', '=', $request->input('created_by'));
         }
 
         if ($request->filled('action_source')) {
-            $actionlogs = $actionlogs->where('action_source', '=', $request->input('action_source'))->orderBy('created_at', 'desc');
+            $actionlogs = $actionlogs->where('action_source', '=', $request->input('action_source'));
         }
         
         if ($request->filled('remote_ip')) {
-            $actionlogs = $actionlogs->where('remote_ip', '=', $request->input('remote_ip'))->orderBy('created_at', 'desc');
+            $actionlogs = $actionlogs->where('remote_ip', '=', $request->input('remote_ip'));
         }
 
+
         if ($request->filled('uploads')) {
-            $actionlogs = $actionlogs->whereNotNull('filename')->orderBy('created_at', 'desc');
+            $actionlogs = $actionlogs->whereNotNull('filename');
         }
 
         $allowed_columns = [
             'id',
             'created_at',
             'target_id',
-            'user_id',
+            'created_by',
             'accept_signature',
             'action_type',
             'note',
             'remote_ip',
             'user_agent',
+            'target_type',
+            'item_type',
             'action_source',
+            'action_date',
         ];
 
 
@@ -83,11 +87,19 @@ class ReportsController extends Controller
         $offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
         $limit = app('api_limit_value');
 
-        $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
         $order = ($request->input('order') == 'asc') ? 'asc' : 'desc';
 
+        switch ($request->input('sort')) {
+            case 'created_by':
+                $actionlogs->OrderByCreatedBy($order);
+                break;
+            default:
+                $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'action_logs.created_at';
+                $actionlogs = $actionlogs->orderBy($sort, $order);
+                break;
+        }
 
-        $actionlogs = $actionlogs->orderBy($sort, $order)->skip($offset)->take($limit)->get();
+        $actionlogs = $actionlogs->skip($offset)->take($limit)->get();
 
         return response()->json((new ActionlogsTransformer)->transformActionlogs($actionlogs, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
     }

app/Http/Controllers/Api/StatuslabelsController.php

@@ -8,6 +8,7 @@ use App\Http\Transformers\AssetsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Http\Transformers\StatuslabelsTransformer;
 use App\Models\Asset;
+use App\Models\Setting;
 use App\Models\Statuslabel;
 use Illuminate\Http\Request;
 use App\Http\Transformers\PieChartTransformer;
@@ -24,9 +25,17 @@ class StatuslabelsController extends Controller
     public function index(Request $request) : array
     {
         $this->authorize('view', Statuslabel::class);
-        $allowed_columns = ['id', 'name', 'created_at', 'assets_count', 'color', 'notes', 'default_label'];
+        $allowed_columns = [
+            'id',
+            'name',
+            'created_at',
+            'assets_count',
+            'color',
+            'notes',
+            'default_label'
+        ];
 
-        $statuslabels = Statuslabel::withCount('assets as assets_count');
+        $statuslabels = Statuslabel::with('adminuser')->withCount('assets as assets_count');
 
         if ($request->filled('search')) {
             $statuslabels = $statuslabels->TextSearch($request->input('search'));
@@ -53,10 +62,18 @@ class StatuslabelsController extends Controller
         // Make sure the offset and limit are actually integers and do not exceed system limits
         $offset = ($request->input('offset') > $statuslabels->count()) ? $statuslabels->count() : app('api_offset_value');
         $limit = app('api_limit_value');
-
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
-        $statuslabels->orderBy($sort, $order);
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
+
+        switch ($sort_override) {
+            case 'created_by':
+                $statuslabels = $statuslabels->OrderByCreatedBy($order);
+                break;
+            default:
+                $statuslabels = $statuslabels->orderBy($column_sort, $order);
+                break;
+        }
 
         $total = $statuslabels->count();
         $statuslabels = $statuslabels->skip($offset)->take($limit)->get();
@@ -78,7 +95,8 @@ class StatuslabelsController extends Controller
         $request->except('deployable', 'pending', 'archived');
 
         if (! $request->filled('type')) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, ['type' => ['Status label type is required.']]), 500);
+
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['type' => ['Status label type is required.']]));
         }
 
         $statuslabel = new Statuslabel;
@@ -187,8 +205,14 @@ class StatuslabelsController extends Controller
     public function getAssetCountByStatuslabel() : array
     {
         $this->authorize('view', Statuslabel::class);
+
+        if (Setting::getSettings()->show_archived_in_list == 0 ) {
+            $statuslabels = Statuslabel::withCount('assets')->where('archived','0')->get();
+        } else {
             $statuslabels = Statuslabel::withCount('assets')->get();
-        $total = Array();
+        }
+
+        $total = [];
 
         foreach ($statuslabels as $statuslabel) {
 

app/Http/Controllers/Api/UsersController.php

@@ -14,6 +14,7 @@ use App\Http\Transformers\UsersTransformer;
 use App\Models\Actionlog;
 use App\Models\Asset;
 use App\Models\Accessory;
+use App\Models\Company;
 use App\Models\Consumable;
 use App\Models\License;
 use App\Models\User;
@@ -42,13 +43,14 @@ class UsersController extends Controller
 
         $users = User::select([
             'users.activated',
-            'users.created_by',
             'users.address',
             'users.avatar',
             'users.city',
             'users.company_id',
             'users.country',
+            'users.created_by',
             'users.created_at',
+            'users.updated_at',
             'users.deleted_at',
             'users.department_id',
             'users.email',
@@ -67,7 +69,6 @@ class UsersController extends Controller
             'users.state',
             'users.two_factor_enrolled',
             'users.two_factor_optin',
-            'users.updated_at',
             'users.username',
             'users.zip',
             'users.remote',
@@ -206,6 +207,10 @@ class UsersController extends Controller
             $users->where('autoassign_licenses', '=', $request->input('autoassign_licenses'));
         }
 
+        if ($request->filled('locale')) {
+            $users = $users->where('users.locale', '=', $request->input('locale'));
+        }
+
 
         if (($request->filled('deleted')) && ($request->input('deleted') == 'true')) {
             $users = $users->onlyTrashed();
@@ -251,6 +256,7 @@ class UsersController extends Controller
                         'groups',
                         'activated',
                         'created_at',
+                        'updated_at',
                         'two_factor_enrolled',
                         'two_factor_optin',
                         'last_login',
@@ -276,6 +282,7 @@ class UsersController extends Controller
                         'end_date',
                         'autoassign_licenses',
                         'website',
+                        'locale',
                     ];
 
                 $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'first_name';
@@ -365,6 +372,7 @@ class UsersController extends Controller
 
         $user = new User;
         $user->fill($request->all());
+        $user->company_id = Company::getIdForCurrentUser($request->input('company_id'));
         $user->created_by = auth()->id();
 
         if ($request->has('permissions')) {
@@ -427,13 +435,10 @@ class UsersController extends Controller
      * @param  \Illuminate\Http\Request  $request
      * @param  int  $id
      */
-    public function update(SaveUserRequest $request, $id) : JsonResponse
+    public function update(SaveUserRequest $request, User $user): JsonResponse
     {
         $this->authorize('update', User::class);
 
-        if ($user = User::find($id)) {
-
-
             $this->authorize('update', $user);
 
             /**
@@ -443,14 +448,16 @@ class UsersController extends Controller
              *
              */
 
-
-            if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
+        if ((($user->id == 1) || ($user->id == 2)) && (config('app.lock_passwords'))) {
                 return response()->json(Helper::formatStandardApiResponse('error', null, 'Permission denied. You cannot update user information via API on the demo.'));
             }
 
-
             $user->fill($request->all());
 
+            if ($request->filled('company_id')) {
+                $user->company_id = Company::getIdForCurrentUser($request->input('company_id'));
+            }
+
             if ($user->id == $request->input('manager_id')) {
                 return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
             }
@@ -473,16 +480,13 @@ class UsersController extends Controller
                 $user->permissions = $permissions_array;
             }
 
-
             // Update the location of any assets checked out to this user
             Asset::where('assigned_type', User::class)
                 ->where('assigned_to', $user->id)->update(['location_id' => $request->input('location_id', null)]);
 
-
             app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
 
             if ($user->save()) {
-
                 // Check if the request has groups passed and has a value, AND that the user us a superuser
                 if (($request->has('groups')) && (auth()->user()->isSuperUser())) {
 
@@ -496,20 +500,12 @@ class UsersController extends Controller
 
                     // Sync the groups since the user is a superuser and the groups pass validation
                     $user->groups()->sync($request->input('groups'));
-
-
                 }
-
                 return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
             }
-
             return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
     }
 
-        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))));
-
-    }
-
     /**
      * Remove the specified resource from storage.
      *
@@ -702,7 +698,7 @@ class UsersController extends Controller
                 $logaction->item_type = User::class;
                 $logaction->item_id = $user->id;
                 $logaction->created_at = date('Y-m-d H:i:s');
-                $logaction->user_id = auth()->id();
+                $logaction->created_by = auth()->id();
                 $logaction->logaction('2FA reset');
 
                 return response()->json(['message' => trans('admin/settings/general.two_factor_reset_success')], 200);
@@ -752,7 +748,7 @@ class UsersController extends Controller
                 $logaction->item_type = User::class;
                 $logaction->item_id = $user->id;
                 $logaction->created_at = date('Y-m-d H:i:s');
-                $logaction->user_id = auth()->id();
+                $logaction->created_by = auth()->id();
                 $logaction->logaction('restore');
 
                 return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.restored')), 200);

app/Http/Controllers/AssetMaintenancesController.php

@@ -109,7 +109,7 @@ class AssetMaintenancesController extends Controller
         $assetMaintenance->title = $request->input('title');
         $assetMaintenance->start_date = $request->input('start_date');
         $assetMaintenance->completion_date = $request->input('completion_date');
-        $assetMaintenance->user_id = Auth::id();
+        $assetMaintenance->created_by = auth()->id();
 
         if (($assetMaintenance->completion_date !== null)
             && ($assetMaintenance->start_date !== '')

app/Http/Controllers/AssetModelsController.php

@@ -78,7 +78,7 @@ class AssetModelsController extends Controller
         $model->manufacturer_id = $request->input('manufacturer_id');
         $model->category_id = $request->input('category_id');
         $model->notes = $request->input('notes');
-        $model->user_id = Auth::id();
+        $model->created_by = auth()->id();
         $model->requestable = $request->has('requestable');
 
         if ($request->input('fieldset_id') != '') {
@@ -151,17 +151,17 @@ class AssetModelsController extends Controller
         $model->notes = $request->input('notes');
         $model->requestable = $request->input('requestable', '0');
 
-        $this->removeCustomFieldsDefaultValues($model);
-
         $model->fieldset_id = $request->input('fieldset_id');
 
+        if ($model->save()) {
+            $this->removeCustomFieldsDefaultValues($model);
+
             if ($this->shouldAddDefaultValues($request->input())) {
-            if (!$this->assignCustomFieldsDefaultValues($model, $request->input('default_values'))){
+                if (!$this->assignCustomFieldsDefaultValues($model, $request->input('default_values'))) {
                     return redirect()->back()->withInput()->with('error', trans('admin/custom_fields/message.fieldset_default_value.error'));
                 }
             }
 
-        if ($model->save()) {
             if ($model->wasChanged('eol')) {
                     if ($model->eol > 0) {
                         $newEol = $model->eol; 
@@ -202,6 +202,7 @@ class AssetModelsController extends Controller
         if ($model->image) {
             try {
                 Storage::disk('public')->delete('models/'.$model->image);
+                $model->update(['image' => null]);
             } catch (\Exception $e) {
                 Log::info($e);
             }
@@ -233,10 +234,10 @@ class AssetModelsController extends Controller
 
             if ($model->restore()) {
                 $logaction = new Actionlog();
-                $logaction->item_type = User::class;
+                $logaction->item_type = AssetModel::class;
                 $logaction->item_id = $model->id;
                 $logaction->created_at = date('Y-m-d H:i:s');
-                $logaction->user_id = auth()->id();
+                $logaction->created_by = auth()->id();
                 $logaction->logaction('restore');
 
 

app/Http/Controllers/Assets/AssetCheckinController.php

@@ -11,7 +11,6 @@ use App\Models\Asset;
 use App\Models\CheckoutAcceptance;
 use App\Models\LicenseSeat;
 use Illuminate\Database\Eloquent\Builder;
-use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\Log;
 use \Illuminate\Contracts\View\View;
 use \Illuminate\Http\RedirectResponse;
@@ -83,7 +82,6 @@ class AssetCheckinController extends Controller
         }
 
         $asset->expected_checkin = null;
-        //$asset->last_checkout = null;
         $asset->last_checkin = now();
         $asset->assignedTo()->disassociate($asset);
         $asset->accepted = null;
@@ -128,12 +126,12 @@ class AssetCheckinController extends Controller
             $acceptance->delete();
         });
 
-        Session::put('redirect_option', $request->get('redirect_option'));
-        // Was the asset updated?
+        session()->put('redirect_option', $request->get('redirect_option'));
+
         if ($asset->save()) {
 
             event(new CheckoutableCheckedIn($asset, $target, auth()->user(), $request->input('note'), $checkin_at, $originalValues));
-            return Helper::getRedirectOption($asset, $assetId, 'Assets');
+            return redirect()->to(Helper::getRedirectOption($request, $asset->id, 'Assets'))->with('success', trans('admin/hardware/message.checkin.success'));
         }
         // Redirect to the asset management page with error
         return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.checkin.error').$asset->getErrors());

app/Http/Controllers/Assets/AssetCheckoutController.php

@@ -109,10 +109,11 @@ class AssetCheckoutController extends Controller
                 }
             }
 
-                Session::put(['redirect_option' => $request->get('redirect_option'), 'checkout_to_type' => $request->get('checkout_to_type')]);
+                session()->put(['redirect_option' => $request->get('redirect_option'), 'checkout_to_type' => $request->get('checkout_to_type')]);
 
             if ($asset->checkOut($target, $admin, $checkout_at, $expected_checkin, $request->get('note'), $request->get('name'))) {
-                return Helper::getRedirectOption($request, $assetId, 'Assets');
+                return redirect()->to(Helper::getRedirectOption($request, $asset->id, 'Assets'))
+                    ->with('success', trans('admin/hardware/message.checkout.success'));
             }
             // Redirect to the asset management page with error
             return redirect()->to("hardware/$assetId/checkout")->with('error', trans('admin/hardware/message.checkout.error').$asset->getErrors());

app/Http/Controllers/Assets/AssetFilesController.php

@@ -61,43 +61,30 @@ class AssetFilesController extends Controller
      */
     public function show($assetId = null, $fileId = null) : View | RedirectResponse | Response | StreamedResponse | BinaryFileResponse
     {
-        $asset = Asset::find($assetId);
-        // the asset is valid
-        if (isset($asset->id)) {
+        if ($asset = Asset::find($assetId)) {
+
             $this->authorize('view', $asset);
 
-            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $asset->id)->find($fileId)) {
-                return response('No matching record for that asset/file', 500)
-                    ->header('Content-Type', 'text/plain');
-            }
-
+            if ($log = Actionlog::whereNotNull('filename')->where('item_id', $asset->id)->find($fileId)) {
                 $file = 'private_uploads/assets/'.$log->filename;
 
                 if ($log->action_type == 'audit') {
                     $file = 'private_uploads/audits/'.$log->filename;
                 }
 
-            if (! Storage::exists($file)) {
-                return response('File '.$file.' not found on server', 404)
-                    ->header('Content-Type', 'text/plain');
+                try {
+                     return StorageHelper::showOrDownloadFile($file, $log->filename);
+                } catch (\Exception $e) {
+                    return redirect()->route('hardware.show', ['hardware' => $asset])->with('error',  trans('general.file_not_found'));
                 }
 
-            if (request('inline') == 'true') {
-
-                $headers = [
-                    'Content-Disposition' => 'inline',
-                ];
-
-                return Storage::download($file, $log->filename, $headers);
             }
 
-            return StorageHelper::downloader($file);
+            return redirect()->route('hardware.show', ['hardware' => $asset])->with('error',  trans('general.log_record_not_found'));
         }
-        // Prepare the error message
-        $error = trans('admin/hardware/message.does_not_exist', ['id' => $fileId]);
 
-        // Redirect to the hardware management page
-        return redirect()->route('hardware.index')->with('error', $error);
+        return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
+
     }
 
     /**

app/Http/Controllers/Assets/AssetsController.php

@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers\Assets;
 
+use App\Events\CheckoutableCheckedIn;
 use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\ImageUploadRequest;
@@ -16,7 +17,6 @@ use App\Models\Location;
 use App\Models\Setting;
 use App\Models\Statuslabel;
 use App\Models\User;
-use Illuminate\Support\Facades\Auth;
 use App\View\Label;
 use Carbon\Carbon;
 use Illuminate\Support\Facades\DB;
@@ -111,8 +111,10 @@ class AssetsController extends Controller
 
         $settings = Setting::getSettings();
 
-        $success = false;
+        $successes = [];
+        $failures = [];
         $serials = $request->input('serials');
+        $asset = null;
 
         for ($a = 1; $a <= count($asset_tags); $a++) {
             $asset = new Asset();
@@ -132,7 +134,7 @@ class AssetsController extends Controller
             $asset->model_id                = $request->input('model_id');
             $asset->order_number            = $request->input('order_number');
             $asset->notes                   = $request->input('notes');
-            $asset->user_id                 = Auth::id();
+            $asset->created_by              = auth()->id();
             $asset->status_id               = request('status_id');
             $asset->warranty_months         = request('warranty_months', null);
             $asset->purchase_cost           = request('purchase_cost');
@@ -165,7 +167,7 @@ class AssetsController extends Controller
             if (($model) && ($model->fieldset)) {
                 foreach ($model->fieldset->fields as $field) {
                     if ($field->field_encrypted == '1') {
-                        if (Gate::allows('admin')) {
+                        if (Gate::allows('assets.view.encrypted_custom_fields')) {
                             if (is_array($request->input($field->db_column))) {
                                 $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                             } else {
@@ -199,16 +201,35 @@ class AssetsController extends Controller
                     $asset->checkOut($target, auth()->user(), date('Y-m-d H:i:s'), $request->input('expected_checkin', null), 'Checked out on asset creation', $request->get('name'), $location);
                 }
 
-                $success = true;
+                $successes[] = "<a href='" . route('hardware.show', ['hardware' => $asset->id]) . "' style='color: white;'>" . e($asset->asset_tag) . "</a>";
 
+            } else {
+                $failures[] = join(",", $asset->getErrors()->all());
             }
         }
 
-        if ($success) {
-            return redirect()->route('hardware.index')
-                ->with('success-unescaped', trans('admin/hardware/message.create.success_linked', ['link' => route('hardware.show', $asset->id), 'id', 'tag' => e($asset->asset_tag)]));
+        session()->put(['redirect_option' => $request->get('redirect_option'), 'checkout_to_type' => $request->get('checkout_to_type')]);
 
 
+        if ($successes) {
+            if ($failures) {
+                //some succeeded, some failed
+                return redirect()->to(Helper::getRedirectOption($request, $asset->id, 'Assets')) //FIXME - not tested
+                ->with('success-unescaped', trans_choice('admin/hardware/message.create.multi_success_linked', $successes, ['links' => join(", ", $successes)]))
+                    ->with('warning', trans_choice('admin/hardware/message.create.partial_failure', $failures, ['failures' => join("; ", $failures)]));
+            } else {
+                if (count($successes) == 1) {
+                    //the most common case, keeping it so we don't have to make every use of that translation string be trans_choice'ed
+                    //and re-translated
+                    return redirect()->to(Helper::getRedirectOption($request, $asset->id, 'Assets'))
+                        ->with('success-unescaped', trans('admin/hardware/message.create.success_linked', ['link' => route('hardware.show', ['hardware' => $asset->id]), 'id', 'tag' => e($asset->asset_tag)]));
+                } else {
+                    //multi-success
+                    return redirect()->to(Helper::getRedirectOption($request, $asset->id, 'Assets'))
+                        ->with('success-unescaped', trans_choice('admin/hardware/message.create.multi_success_linked', $successes, ['links' => join(", ", $successes)]));
+                }
+            }
+
         }
 
         return redirect()->back()->withInput()->withErrors($asset->getErrors());
@@ -289,6 +310,7 @@ class AssetsController extends Controller
      */
     public function update(ImageUploadRequest $request, $assetId = null) : RedirectResponse
     {
+
         // Check if the asset exists
         if (! $asset = Asset::find($assetId)) {
             // Redirect to the asset management page with error
@@ -323,16 +345,21 @@ class AssetsController extends Controller
         }
         $asset->supplier_id = $request->input('supplier_id', null);
         $asset->expected_checkin = $request->input('expected_checkin', null);
-
-        // If the box isn't checked, it's not in the request at all.
-        $asset->requestable = $request->filled('requestable');
+        $asset->requestable = $request->input('requestable', 0);
         $asset->rtd_location_id = $request->input('rtd_location_id', null);
         $asset->byod = $request->input('byod', 0);
 
-        $status = Statuslabel::find($asset->status_id);
+        $status = Statuslabel::find($request->input('status_id'));
 
-        if($status->archived){
+        // This is a non-deployable status label - we should check the asset back in.
+        if (($status && $status->getStatuslabelType() != 'deployable') && ($target = $asset->assignedTo)) {
+
+            $originalValues = $asset->getRawOriginal();
             $asset->assigned_to = null;
+            $asset->assigned_type = null;
+            $asset->accepted = null;
+
+            event(new CheckoutableCheckedIn($asset, $target, auth()->user(), 'Checkin on asset update', date('Y-m-d H:i:s'), $originalValues));
         }
 
         if ($asset->assigned_to == '') {
@@ -350,14 +377,26 @@ class AssetsController extends Controller
         }
 
         // Update the asset data
-        $asset_tag = $request->input('asset_tags');
+
         $serial = $request->input('serials');
-        $asset->name = $request->input('name');
+        $asset->serial = $request->input('serials');
+
+        if (is_array($request->input('serials'))) {
             $asset->serial = $serial[1];
+        }
+
+        $asset->name = $request->input('name');
         $asset->company_id = Company::getIdForCurrentUser($request->input('company_id'));
         $asset->model_id = $request->input('model_id');
         $asset->order_number = $request->input('order_number');
-        $asset->asset_tag = $asset_tag[1];
+
+        $asset_tags = $request->input('asset_tags');
+        $asset->asset_tag = $request->input('asset_tags');
+
+        if (is_array($request->input('asset_tags'))) {
+            $asset->asset_tag = $asset_tags[1];
+        }
+
         $asset->notes = $request->input('notes');
 
         $asset = $request->handleImages($asset);
@@ -369,8 +408,9 @@ class AssetsController extends Controller
         $model = AssetModel::find($request->get('model_id'));
         if (($model) && ($model->fieldset)) {
             foreach ($model->fieldset->fields as $field) {
+
                 if ($field->field_encrypted == '1') {
-                    if (Gate::allows('admin')) {
+                    if (Gate::allows('assets.view.encrypted_custom_fields')) {
                         if (is_array($request->input($field->db_column))) {
                             $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                         } else {
@@ -387,9 +427,10 @@ class AssetsController extends Controller
             }
         }
 
+        session()->put(['redirect_option' => $request->get('redirect_option'), 'checkout_to_type' => $request->get('checkout_to_type')]);
 
         if ($asset->save()) {
-            return redirect()->route('hardware.show', $assetId)
+            return redirect()->to(Helper::getRedirectOption($request, $assetId, 'Assets'))
                 ->with('success', trans('admin/hardware/message.update.success'));
         }
 
@@ -403,7 +444,7 @@ class AssetsController extends Controller
      * @param int $assetId
      * @since [v1.0]
      */
-    public function destroy($assetId) : RedirectResponse
+    public function destroy(Request $request, $assetId) : RedirectResponse
     {
         // Check if the asset exists
         if (is_null($asset = Asset::find($assetId))) {
@@ -413,9 +454,17 @@ class AssetsController extends Controller
 
         $this->authorize('delete', $asset);
 
+        if ($asset->assignedTo) {
+
+            $target = $asset->assignedTo;
+            $checkin_at = date('Y-m-d H:i:s');
+            $originalValues = $asset->getRawOriginal();
+            event(new CheckoutableCheckedIn($asset, $target, auth()->user(), 'Checkin on delete', $checkin_at, $originalValues));
             DB::table('assets')
                 ->where('id', $asset->id)
                 ->update(['assigned_to' => null]);
+        }
+
 
         if ($asset->image) {
             try {
@@ -459,9 +508,16 @@ class AssetsController extends Controller
         $tag = $tag ? $tag : $request->get('assetTag');
         $topsearch = ($request->get('topsearch') == 'true');
 
-        if (! $asset = Asset::where('asset_tag', '=', $tag)->first()) {
-            return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
+        // Search for an exact and unique asset tag match
+        $assets = Asset::where('asset_tag', '=', $tag);
+
+        // If not a unique result, redirect to the index view
+        if ($assets->count() != 1) {
+            return redirect()->route('hardware.index')
+                ->with('search', $tag)
+                ->with('warning', trans('admin/hardware/message.does_not_exist_var', [ 'asset_tag' => $tag ]));
         }
+        $asset = $assets->first();
         $this->authorize('view', $asset);
 
         return redirect()->route('hardware.show', $asset->id)->with('topsearch', $topsearch);
@@ -576,26 +632,20 @@ class AssetsController extends Controller
      * @since [v1.0]
      * @return \Illuminate\Contracts\View\View
      */
-    public function getClone($assetId = null)
+    public function getClone(Asset $asset)
     {
-        // Check if the asset exists
-        if (is_null($asset_to_clone = Asset::find($assetId))) {
-            // Redirect to the asset management page
-            return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
-        }
-
-        $this->authorize('create', $asset_to_clone);
-
-        $asset = clone $asset_to_clone;
-        $asset->id = null;
-        $asset->asset_tag = '';
-        $asset->serial = '';
-        $asset->assigned_to = '';
+        $this->authorize('create', $asset);
+        $cloned = clone $asset;
+        $cloned->id = null;
+        $cloned->asset_tag = '';
+        $cloned->serial = '';
+        $cloned->assigned_to = '';
+        $cloned->deleted_at = '';
 
         return view('hardware/edit')
             ->with('statuslabel_list', Helper::statusLabelList())
             ->with('statuslabel_types', Helper::statusTypeList())
-            ->with('item', $asset);
+            ->with('item', $cloned);
     }
 
     /**
@@ -719,7 +769,7 @@ class AssetsController extends Controller
                         Actionlog::firstOrCreate([
                             'item_id' => $asset->id,
                             'item_type' => Asset::class,
-                            'user_id' =>  auth()->id(),
+                            'created_by' =>  auth()->id(),
                             'note' => 'Checkout imported by '.auth()->user()->present()->fullName().' from history importer',
                             'target_id' => $item[$asset_tag][$batch_counter]['user_id'],
                             'target_type' => User::class,
@@ -747,7 +797,7 @@ class AssetsController extends Controller
                             Actionlog::firstOrCreate([
                                 'item_id' => $item[$asset_tag][$batch_counter]['asset_id'],
                                 'item_type' => Asset::class,
-                                'user_id' => auth()->id(),
+                                'created_by' => auth()->id(),
                                 'note' => 'Checkin imported by '.auth()->user()->present()->fullName().' from history importer',
                                 'target_id' => null,
                                 'created_at' => $checkin_date,
@@ -824,7 +874,7 @@ class AssetsController extends Controller
     {
         $this->authorize('checkin', Asset::class);
 
-        return view('hardware/quickscan-checkin');
+        return view('hardware/quickscan-checkin')->with('statusLabel_list', Helper::statusLabelList());
     }
 
     public function audit($id)

app/Http/Controllers/Assets/BulkAssetsController.php

@@ -10,6 +10,7 @@ use App\Models\AssetModel;
 use App\Models\Statuslabel;
 use App\Models\Setting;
 use App\View\Label;
+use Carbon\Carbon;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Crypt;
 use Illuminate\Support\Facades\DB;
@@ -51,6 +52,10 @@ class BulkAssetsController extends Controller
         }
 
         $asset_ids = $request->input('ids');
+        if ($request->input('bulk_actions') === 'checkout') {
+            $request->session()->flashInput(['selected_assets' => $asset_ids]);
+            return redirect()->route('hardware.bulkcheckout.show');
+        }
 
         // Figure out where we need to send the user after the update is complete, and store that in the session
         $bulk_back_url = request()->headers->get('referer');
@@ -92,7 +97,9 @@ class BulkAssetsController extends Controller
         // This handles all of the pivot sorting below (versus the assets.* fields in the allowed_columns array)
         $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'assets.id';
 
-        $assets = Asset::with('assignedTo', 'location', 'model')->whereIn('assets.id', $asset_ids);
+        $assets = Asset::with('assignedTo', 'location', 'model')
+                ->whereIn('assets.id', $asset_ids)
+                ->withTrashed();
 
         $assets = $assets->get();
 
@@ -225,7 +232,8 @@ class BulkAssetsController extends Controller
          * its checkout status.
          */
 
-        if (($request->filled('purchase_date'))
+        if (($request->filled('name'))
+            || ($request->filled('purchase_date'))
             || ($request->filled('expected_checkin'))
             || ($request->filled('purchase_cost'))
             || ($request->filled('supplier_id'))
@@ -237,9 +245,12 @@ class BulkAssetsController extends Controller
             || ($request->filled('status_id'))
             || ($request->filled('model_id'))
             || ($request->filled('next_audit_date'))
+            || ($request->filled('asset_eol_date'))
+            || ($request->filled('null_name'))
             || ($request->filled('null_purchase_date'))
             || ($request->filled('null_expected_checkin_date'))
             || ($request->filled('null_next_audit_date'))
+            || ($request->filled('null_asset_eol_date'))
             || ($request->anyFilled($custom_field_columns))
 
         ) {
@@ -249,28 +260,55 @@ class BulkAssetsController extends Controller
                 $this->update_array = [];
 
                 /**
-                 * Leave out model_id and status here because we do math on that later. We have to do some extra
-                 * validation and checks on those two.
+                 * Leave out model_id and status here because we do math on that later. We have to do some
+                 * extra validation and checks on those two.
                  *
                  * It's tempting to make these match the request check above, but some of these values require
                  * extra work to make sure the data makes sense.
                  */
-                $this->conditionallyAddItem('purchase_date')
+                $this->conditionallyAddItem('name')
+                    ->conditionallyAddItem('purchase_date')
                     ->conditionallyAddItem('expected_checkin')
                     ->conditionallyAddItem('order_number')
                     ->conditionallyAddItem('requestable')
                     ->conditionallyAddItem('supplier_id')
                     ->conditionallyAddItem('warranty_months')
-                    ->conditionallyAddItem('next_audit_date');
+                    ->conditionallyAddItem('next_audit_date')
+                    ->conditionallyAddItem('asset_eol_date');
                     foreach ($custom_field_columns as $key => $custom_field_column) {
                         $this->conditionallyAddItem($custom_field_column); 
                    }
 
+                if (!($asset->eol_explicit)) {
+					if ($request->filled('model_id')) {
+						$model = AssetModel::find($request->input('model_id'));
+						if ($model->eol > 0) {
+							if ($request->filled('purchase_date')) {
+								$this->update_array['asset_eol_date'] = Carbon::parse($request->input('purchase_date'))->addMonths($model->eol)->format('Y-m-d');
+							} else {
+								$this->update_array['asset_eol_date'] = Carbon::parse($asset->purchase_date)->addMonths($model->eol)->format('Y-m-d');
+							}
+						} else {
+							$this->update_array['asset_eol_date'] = null;
+						}
+					} elseif (($request->filled('purchase_date')) && ($asset->model->eol > 0)) {
+						$this->update_array['asset_eol_date'] = Carbon::parse($request->input('purchase_date'))->addMonths($asset->model->eol)->format('Y-m-d');
+					}
+				}                
+                
                 /**
                  * Blank out fields that were requested to be blanked out via checkbox
                  */
+                if ($request->input('null_name')=='1') {
+
+                    $this->update_array['name'] = null;
+                }
+
                 if ($request->input('null_purchase_date')=='1') {
                     $this->update_array['purchase_date'] = null;
+                    if (!($asset->eol_explicit)) {
+						$this->update_array['asset_eol_date'] = null;
+					}
                 }
 
                 if ($request->input('null_expected_checkin_date')=='1') {
@@ -281,6 +319,17 @@ class BulkAssetsController extends Controller
                     $this->update_array['next_audit_date'] = null;
                 }
 
+                if ($request->input('null_asset_eol_date')=='1') {
+                    $this->update_array['asset_eol_date'] = null;
+
+                    // If they are nulling the EOL date to allow it to calculate, set eol explicit to 0
+                    if ($request->input('calc_eol')=='1') {
+                        $this->update_array['eol_explicit'] = 0;
+                    }
+                }
+
+
+
                 if ($request->filled('purchase_cost')) {
                     $this->update_array['purchase_cost'] =  $request->input('purchase_cost');
                 }
@@ -483,12 +532,7 @@ class BulkAssetsController extends Controller
         if ($request->filled('ids')) {
             $assets = Asset::find($request->get('ids'));
             foreach ($assets as $asset) {
-                $update_array['deleted_at'] = date('Y-m-d H:i:s');
-                $update_array['assigned_to'] = null;
-
-                DB::table('assets')
-                    ->where('id', $asset->id)
-                    ->update($update_array);
+                $asset->delete();
             } // endforeach
 
             return redirect($bulk_back_url)->with('success', trans('admin/hardware/message.delete.success'));
@@ -504,7 +548,7 @@ class BulkAssetsController extends Controller
     public function showCheckout() : View
     {
         $this->authorize('checkout', Asset::class);
-        return view('hardware/bulk-checkout');
+        return view('hardware/bulk-checkout')->with('statusLabel_list', Helper::deployableStatusLabelList());
     }
 
     /**
@@ -533,6 +577,7 @@ class BulkAssetsController extends Controller
                     }
                 }
             }
+
             $checkout_at = date('Y-m-d H:i:s');
             if (($request->filled('checkout_at')) && ($request->get('checkout_at') != date('Y-m-d'))) {
                 $checkout_at = e($request->get('checkout_at'));
@@ -545,31 +590,38 @@ class BulkAssetsController extends Controller
             }
 
             $errors = [];
-            DB::transaction(function () use ($target, $admin, $checkout_at, $expected_checkin, $errors, $asset_ids, $request) {
+            DB::transaction(function () use ($target, $admin, $checkout_at, $expected_checkin, &$errors, $asset_ids, $request) { //NOTE: $errors is passed by reference!
                 foreach ($asset_ids as $asset_id) {
                     $asset = Asset::findOrFail($asset_id);
                     $this->authorize('checkout', $asset);
 
-                    $error = $asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), $asset->name, null);
-
-                    if ($target->location_id != '') {
-                        $asset->location_id = $target->location_id;
-                        $asset->unsetEventDispatcher();
-                        $asset->save();
+                    if ($request->filled('status_id')) {
+                        $asset->status_id = $request->input('status_id');
                     }
 
-                    if ($error) {
-                        array_merge_recursive($errors, $asset->getErrors()->toArray());
+                    $checkout_success = $asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), $asset->name, null);
+
+                    //TODO - I think this logic is duplicated in the checkOut method?
+                    if ($target->location_id != '') {
+                        $asset->location_id = $target->location_id;
+                        // TODO - I don't know why this is being saved without events
+                        $asset::withoutEvents(function () use ($asset) {
+                            $asset->save();
+                        });
+                    }
+
+                    if (!$checkout_success) {
+                        $errors = array_merge_recursive($errors, $asset->getErrors()->toArray());
                     }
                 }
             });
 
             if (! $errors) {
                 // Redirect to the new asset page
-                return redirect()->to('hardware')->with('success', trans('admin/hardware/message.checkout.success'));
+                return redirect()->to('hardware')->with('success', trans_choice('admin/hardware/message.multi-checkout.success', $asset_ids));
             }
             // Redirect to the asset management page with error
-            return redirect()->route('hardware.bulkcheckout.show')->with('error', trans('admin/hardware/message.checkout.error'))->withErrors($errors);
+            return redirect()->route('hardware.bulkcheckout.show')->withInput()->with('error', trans_choice('admin/hardware/message.multi-checkout.error', $asset_ids))->withErrors($errors);
         } catch (ModelNotFoundException $e) {
             return redirect()->route('hardware.bulkcheckout.show')->with('error', $e->getErrors());
         }

app/Http/Controllers/Auth/LoginController.php

@@ -508,8 +508,8 @@ class LoginController extends Controller
     protected function validator(array $data)
     {
         return Validator::make($data, [
-            'username' => 'required',
-            'password' => 'required',
+            'username' => 'required|not_array',
+            'password' => 'required|not_array',
         ]);
     }
 

app/Http/Controllers/Auth/ResetPasswordController.php

@@ -87,7 +87,7 @@ class ResetPasswordController extends Controller
             'password.not_in' => trans('validation.disallow_same_pwd_as_user_fields'),
         ];
 
-        $request->validate($this->rules(), $request->all(), $this->validationErrorMessages());
+        $request->validate($this->rules());
 
         Log::debug('Checking if '.$request->input('username').' exists');
         // Check to see if the user even exists - we'll treat the response the same to prevent user sniffing

app/Http/Controllers/Auth/SamlController.php

@@ -99,12 +99,18 @@ class SamlController extends Controller
     {
         $saml = $this->saml;
         $auth = $saml->getAuth();
+        $saml_exception = false;
+        try {
             $auth->processResponse();
+        } catch (\Exception $e) {
+            Log::warning("Exception caught in SAML login: " . $e->getMessage());
+            $saml_exception = true;
+        }
         $errors = $auth->getErrors();
 
-        if (! empty($errors)) {
-            Log::error('There was an error with SAML ACS: '.implode(', ', $errors));
-            Log::error('Reason: '.$auth->getLastErrorReason());
+        if (!empty($errors) || $saml_exception) {
+            Log::warning('There was an error with SAML ACS: ' . implode(', ', $errors));
+            Log::warning('Reason: ' . $auth->getLastErrorReason());
 
             return redirect()->route('login')->with('error', trans('auth/message.signin.error'));
         }
@@ -132,12 +138,18 @@ class SamlController extends Controller
     {
         $auth = $this->saml->getAuth();
         $retrieveParametersFromServer = $this->saml->getSetting('retrieveParametersFromServer', false);
+        $saml_exception = false;
+        try {
             $sloUrl = $auth->processSLO(true, null, $retrieveParametersFromServer, null, true);
+        } catch (\Exception $e) {
+            Log::warning("Exception caught in SAML single-logout: " . $e->getMessage());
+            $saml_exception = true;
+        }
         $errors = $auth->getErrors();
 
-        if (! empty($errors)) {
-            Log::error('There was an error with SAML SLS: '.implode(', ', $errors));
-            Log::error('Reason: '.$auth->getLastErrorReason());
+        if (!empty($errors) || $saml_exception) {
+            Log::warning('There was an error with SAML SLS: ' . implode(', ', $errors));
+            Log::warning('Reason: ' . $auth->getLastErrorReason());
 
             return view('errors.403');
         }

app/Http/Controllers/CategoriesController.php

@@ -69,7 +69,7 @@ class CategoriesController extends Controller
         $category->use_default_eula = $request->input('use_default_eula', '0');
         $category->require_acceptance = $request->input('require_acceptance', '0');
         $category->checkin_email = $request->input('checkin_email', '0');
-        $category->user_id = Auth::id();
+        $category->created_by = auth()->id();
 
         $category = $request->handleImages($category);
         if ($category->save()) {

app/Http/Controllers/CheckInOutRequest.php

@@ -20,7 +20,7 @@ trait CheckInOutRequest
                 return Location::findOrFail(request('assigned_location'));
             case 'asset':
                 return Asset::findOrFail(request('assigned_asset'));
-            case 'user':
+            default:
                 return User::findOrFail(request('assigned_user'));
         }
 

app/Http/Controllers/CompaniesController.php

@@ -60,6 +60,7 @@ final class CompaniesController extends Controller
         $company->phone = $request->input('phone');
         $company->fax = $request->input('fax');
         $company->email = $request->input('email');
+        $company->created_by = auth()->id();
 
         $company = $request->handleImages($company);
 

app/Http/Controllers/Components/ComponentCheckinController.php

@@ -4,6 +4,7 @@ namespace App\Http\Controllers\Components;
 
 use App\Events\CheckoutableCheckedIn;
 use App\Events\ComponentCheckedIn;
+use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Models\Asset;
 use App\Models\Component;
@@ -96,12 +97,10 @@ class ComponentCheckinController extends Controller
             $asset = Asset::find($component_assets->asset_id);
 
             event(new CheckoutableCheckedIn($component, $asset, auth()->user(), $request->input('note'), Carbon::now()));
-            if ($backto == 'asset'){
-                return redirect()->route('hardware.show', $asset->id)->with('success',
-                    trans('admin/components/message.checkin.success'));
-            }
 
-            return redirect()->route('components.index')->with('success',
+            session()->put(['redirect_option' => $request->get('redirect_option')]);
+
+            return redirect()->to(Helper::getRedirectOption($request, $component->id, 'Components'))->with('success',
                 trans('admin/components/message.checkin.success'));
         }
 

app/Http/Controllers/Components/ComponentCheckoutController.php

@@ -4,9 +4,11 @@ namespace App\Http\Controllers\Components;
 
 use App\Events\CheckoutableCheckedOut;
 use App\Events\ComponentCheckedOut;
+use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Models\Asset;
 use App\Models\Component;
+use App\Models\Setting;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Input;
@@ -93,14 +95,18 @@ class ComponentCheckoutController extends Controller
                 ->withInput();
         }
 
-        // Check if the user exists
+        // Check if the asset exists
         $asset = Asset::find($request->input('asset_id'));
 
+        if ((Setting::getSettings()->full_multiple_companies_support) && $component->company_id !== $asset->company_id) {
+            return redirect()->route('components.checkout.show', $componentId)->with('error', trans('general.error_user_company'));
+        }
+
         // Update the component data
         $component->asset_id = $request->input('asset_id');
         $component->assets()->attach($component->id, [
             'component_id' => $component->id,
-            'user_id' => auth()->user(),
+            'created_by' => auth()->user()->id,
             'created_at' => date('Y-m-d H:i:s'),
             'assigned_qty' => $request->input('assigned_qty'),
             'asset_id' => $request->input('asset_id'),
@@ -109,6 +115,11 @@ class ComponentCheckoutController extends Controller
 
         event(new CheckoutableCheckedOut($component, $asset, auth()->user(), $request->input('note')));
 
-        return redirect()->route('components.index')->with('success', trans('admin/components/message.checkout.success'));
+        $request->request->add(['checkout_to_type' => 'asset']);
+        $request->request->add(['assigned_asset' => $asset->id]);
+
+        session()->put(['redirect_option' => $request->get('redirect_option'), 'checkout_to_type' => $request->get('checkout_to_type')]);
+
+        return redirect()->to(Helper::getRedirectOption($request, $component->id, 'Components'))->with('success', trans('admin/components/message.checkout.success'));
     }
 }

app/Http/Controllers/Components/ComponentsController.php

@@ -73,6 +73,8 @@ class ComponentsController extends Controller
         $component->name                   = $request->input('name');
         $component->category_id            = $request->input('category_id');
         $component->supplier_id            = $request->input('supplier_id');
+        $component->manufacturer_id        = $request->input('manufacturer_id');
+        $component->model_number           = $request->input('model_number');
         $component->location_id            = $request->input('location_id');
         $component->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
         $component->order_number           = $request->input('order_number', null);
@@ -81,13 +83,15 @@ class ComponentsController extends Controller
         $component->purchase_date          = $request->input('purchase_date', null);
         $component->purchase_cost          = $request->input('purchase_cost', null);
         $component->qty                    = $request->input('qty');
-        $component->user_id                = Auth::id();
+        $component->created_by                = auth()->id();
         $component->notes                  = $request->input('notes');
 
         $component = $request->handleImages($component);
 
+        session()->put(['redirect_option' => $request->get('redirect_option')]);
+
         if ($component->save()) {
-            return redirect()->route('components.index')->with('success', trans('admin/components/message.create.success'));
+            return redirect()->to(Helper::getRedirectOption($request, $component->id, 'Components'))->with('success', trans('admin/components/message.create.success'));
         }
 
         return redirect()->back()->withInput()->withErrors($component->getErrors());
@@ -148,6 +152,8 @@ class ComponentsController extends Controller
         $component->name                   = $request->input('name');
         $component->category_id            = $request->input('category_id');
         $component->supplier_id            = $request->input('supplier_id');
+        $component->manufacturer_id        = $request->input('manufacturer_id');
+        $component->model_number           = $request->input('model_number');
         $component->location_id            = $request->input('location_id');
         $component->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
         $component->order_number           = $request->input('order_number');
@@ -160,8 +166,10 @@ class ComponentsController extends Controller
 
         $component = $request->handleImages($component);
 
+        session()->put(['redirect_option' => $request->get('redirect_option')]);
+
         if ($component->save()) {
-            return redirect()->route('components.index')->with('success', trans('admin/components/message.update.success'));
+            return redirect()->to(Helper::getRedirectOption($request, $component->id, 'Components'))->with('success', trans('admin/components/message.update.success'));
         }
 
         return redirect()->back()->withInput()->withErrors($component->getErrors());

app/Http/Controllers/Components/ComponentsFilesController.php

@@ -112,40 +112,25 @@ class ComponentsFilesController extends Controller
     public function show($componentId = null, $fileId = null)
     {
         Log::debug('Private filesystem is: '.config('filesystems.default'));
-        $component = Component::find($componentId);
+
 
         // the component is valid
-        if (isset($component->id)) {
+        if ($component = Component::find($componentId)) {
             $this->authorize('view', $component);
             $this->authorize('components.files', $component);
 
-            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $component->id)->find($fileId)) {
-                return response('No matching record for that asset/file', 500)
-                    ->header('Content-Type', 'text/plain');
-            }
+            if ($log = Actionlog::whereNotNull('filename')->where('item_id', $component->id)->find($fileId)) {
 
                 $file = 'private_uploads/components/'.$log->filename;
 
-            if (Storage::missing($file)) {
-                Log::debug('FILE DOES NOT EXISTS for '.$file);
-                Log::debug('URL should be '.Storage::url($file));
-
-                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
-                    ->header('Content-Type', 'text/plain');
-            } else {
-
-                // Display the file inline
-                if (request('inline') == 'true') {
-                    $headers = [
-                        'Content-Disposition' => 'inline',
-                    ];
-                    return Storage::download($file, $log->filename, $headers);
-                }
-
-                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
-                    return StorageHelper::downloader($file);
+                try {
+                    return StorageHelper::showOrDownloadFile($file, $log->filename);
+                } catch (\Exception $e) {
+                    return redirect()->route('components.show', ['component' => $component])->with('error',  trans('general.file_not_found'));
                 }
             }
+            return redirect()->route('components.show', ['component' => $component])->with('error',  trans('general.log_record_not_found'));
+
         }
 
         return redirect()->route('components.index')->with('error', trans('general.file_does_not_exist', ['id' => $fileId]));

app/Http/Controllers/Consumables/ConsumableCheckoutController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Consumables;
 
 use App\Events\CheckoutableCheckedOut;
+use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Models\Consumable;
 use App\Models\User;
@@ -33,7 +34,7 @@ class ConsumableCheckoutController extends Controller
                 // Make sure there is at least one available to checkout
                 if ($consumable->numRemaining() <= 0){
                     return redirect()->route('consumables.index')
-                        ->with('error', trans('admin/consumables/message.checkout.unavailable'));
+                        ->with('error', trans('admin/consumables/message.checkout.unavailable', ['requested' => 1, 'remaining' => $consumable->numRemaining()]));
                 }
 
                 // Return the checkout view
@@ -69,14 +70,14 @@ class ConsumableCheckoutController extends Controller
         $this->authorize('checkout', $consumable);
 
         // If the quantity is not present in the request or is not a positive integer, set it to 1
-        $quantity = $request->input('qty');
+        $quantity = $request->input('checkout_qty');
         if (!isset($quantity) || !ctype_digit((string)$quantity) || $quantity <= 0) {
             $quantity = 1;
         }
 
         // Make sure there is at least one available to checkout
         if ($consumable->numRemaining() <= 0 || $quantity > $consumable->numRemaining()) {
-            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.checkout.unavailable'));
+            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.checkout.unavailable', ['requested' => $quantity, 'remaining' => $consumable->numRemaining() ]));
         }
 
         $admin_user = auth()->user();
@@ -91,17 +92,25 @@ class ConsumableCheckoutController extends Controller
         // Update the consumable data
         $consumable->assigned_to = e($request->input('assigned_to'));
 
-        for($i = 0; $i < $quantity; $i++){
+        for ($i = 0; $i < $quantity; $i++){
         $consumable->users()->attach($consumable->id, [
             'consumable_id' => $consumable->id,
-            'user_id' => $admin_user->id,
+            'created_by' => $admin_user->id,
             'assigned_to' => e($request->input('assigned_to')),
             'note' => $request->input('note'),
         ]);
         }
+
+        $consumable->checkout_qty = $quantity;
         event(new CheckoutableCheckedOut($consumable, $user, auth()->user(), $request->input('note')));
 
+        $request->request->add(['checkout_to_type' => 'user']);
+        $request->request->add(['assigned_user' => $user->id]);
+
+        session()->put(['redirect_option' => $request->get('redirect_option'), 'checkout_to_type' => $request->get('checkout_to_type')]);
+
+
         // Redirect to the new consumable page
-        return redirect()->route('consumables.index')->with('success', trans('admin/consumables/message.checkout.success'));
+        return redirect()->to(Helper::getRedirectOption($request, $consumable->id, 'Consumables'))->with('success', trans('admin/consumables/message.checkout.success'));
     }
 }

app/Http/Controllers/Consumables/ConsumablesController.php

@@ -81,14 +81,16 @@ class ConsumablesController extends Controller
         $consumable->purchase_date          = $request->input('purchase_date');
         $consumable->purchase_cost          = $request->input('purchase_cost');
         $consumable->qty                    = $request->input('qty');
-        $consumable->user_id                = Auth::id();
+        $consumable->created_by                = auth()->id();
         $consumable->notes                  = $request->input('notes');
 
 
         $consumable = $request->handleImages($consumable);
 
+        session()->put(['redirect_option' => $request->get('redirect_option')]);
+
         if ($consumable->save()) {
-            return redirect()->route('consumables.index')->with('success', trans('admin/consumables/message.create.success'));
+            return redirect()->to(Helper::getRedirectOption($request, $consumable->id, 'Consumables'))->with('success', trans('admin/consumables/message.create.success'));
         }
 
         return redirect()->back()->withInput()->withErrors($consumable->getErrors());
@@ -160,8 +162,10 @@ class ConsumablesController extends Controller
 
         $consumable = $request->handleImages($consumable);
 
+        session()->put(['redirect_option' => $request->get('redirect_option')]);
+
         if ($consumable->save()) {
-            return redirect()->route('consumables.index')->with('success', trans('admin/consumables/message.update.success'));
+            return redirect()->to(Helper::getRedirectOption($request, $consumable->id, 'Consumables'))->with('success', trans('admin/consumables/message.update.success'));
         }
 
         return redirect()->back()->withInput()->withErrors($consumable->getErrors());
@@ -200,7 +204,7 @@ class ConsumablesController extends Controller
      */
     public function show($consumableId = null)
     {
-        $consumable = Consumable::find($consumableId);
+        $consumable = Consumable::withCount('users as users_consumables')->find($consumableId);
         $this->authorize($consumable);
         if (isset($consumable->id)) {
             return view('consumables/view', compact('consumable'));
@@ -209,4 +213,16 @@ class ConsumablesController extends Controller
         return redirect()->route('consumables.index')
             ->with('error', trans('admin/consumables/message.does_not_exist'));
     }
+
+    public function clone(Consumable $consumable) : View
+    {
+        $this->authorize('create', $consumable);
+        $consumable_to_close = $consumable;
+        $consumable = clone $consumable_to_close;
+        $consumable->id = null;
+        $consumable->image = null;
+        $consumable->created_by = null;
+
+        return view('consumables/edit')->with('item', $consumable);
+    }
 }

app/Http/Controllers/Consumables/ConsumablesFilesController.php

@@ -104,7 +104,6 @@ class ConsumablesFilesController extends Controller
      * @since [v1.4]
      * @param int $consumableId
      * @param int $fileId
-     * @return \Symfony\Consumable\HttpFoundation\Response
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function show($consumableId = null, $fileId = null)
@@ -116,36 +115,18 @@ class ConsumablesFilesController extends Controller
             $this->authorize('view', $consumable);
             $this->authorize('consumables.files', $consumable);
 
-            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $consumable->id)->find($fileId)) {
-                return response('No matching record for that asset/file', 500)
-                    ->header('Content-Type', 'text/plain');
-            }
-
+            if ($log = Actionlog::whereNotNull('filename')->where('item_id', $consumable->id)->find($fileId)) {
                 $file = 'private_uploads/consumables/'.$log->filename;
 
-            if (Storage::missing($file)) {
-                Log::debug('FILE DOES NOT EXISTS for '.$file);
-                Log::debug('URL should be '.Storage::url($file));
-
-                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
-                    ->header('Content-Type', 'text/plain');
-            } else {
-
-                // Display the file inline
-                if (request('inline') == 'true') {
-                    $headers = [
-                        'Content-Disposition' => 'inline',
-                    ];
-                    return Storage::download($file, $log->filename, $headers);
-                }
-
-
-                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
-                // won't work, as they're not accessible via the web
-                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
-                    return StorageHelper::downloader($file);
+                try {
+                    return StorageHelper::showOrDownloadFile($file, $log->filename);
+                } catch (\Exception $e) {
+                    return redirect()->route('consumables.show', ['consumable' => $consumable])->with('error',  trans('general.file_not_found'));
                 }
             }
+            // The log record doesn't exist somehow
+            return redirect()->route('consumables.show', ['consumable' => $consumable])->with('error',  trans('general.log_record_not_found'));
+
         }
 
         return redirect()->route('consumables.index')->with('error', trans('general.file_does_not_exist', ['id' => $fileId]));

app/Http/Controllers/CustomFieldsController.php

@@ -104,7 +104,7 @@ class CustomFieldsController extends Controller
             "auto_add_to_fieldsets" => $request->get("auto_add_to_fieldsets", 0),
             "show_in_listview" => $request->get("show_in_listview", 0),
             "show_in_requestable_list" => $request->get("show_in_requestable_list", 0),
-            "user_id" => Auth::id()
+            "user_id" => auth()->id()
         ]);
 
 
@@ -248,7 +248,7 @@ class CustomFieldsController extends Controller
         $field->name          = trim(e($request->get("name")));
         $field->element       = e($request->get("element"));
         $field->field_values  = $request->get("field_values");
-        $field->user_id       = Auth::id();
+        $field->created_by       = auth()->id();
         $field->help_text     = $request->get("help_text");
         $field->show_in_email = $show_in_email;
         $field->is_unique     = $request->get("is_unique", 0);

app/Http/Controllers/CustomFieldsetsController.php

@@ -90,7 +90,7 @@ class CustomFieldsetsController extends Controller
 
         $fieldset = new CustomFieldset([
                 'name' => $request->get('name'),
-                'user_id' => auth()->id(),
+                'created_by' => auth()->id(),
         ]);
 
         $validator = Validator::make($request->all(), $fieldset->rules);
@@ -211,7 +211,7 @@ class CustomFieldsetsController extends Controller
             return redirect()->route('fieldsets.show', [$id])->with('success', trans('admin/custom_fields/message.field.create.assoc_success'));
         }
 
-        return redirect()->route('fieldsets.show', [$id])->with('error', 'No field selected.');
+        return redirect()->route('fieldsets.show', [$id])->with('error', trans('admin/custom_fields/message.field.none_selected'));
     }
 
     /**

app/Http/Controllers/DashboardController.php

@@ -5,6 +5,7 @@ namespace App\Http\Controllers;
 use Illuminate\Support\Facades\Artisan;
 use Illuminate\Http\RedirectResponse;
 use \Illuminate\Contracts\View\View;
+use Illuminate\Support\Facades\Session;
 
 
 /**
@@ -44,6 +45,8 @@ class DashboardController extends Controller
 
             return view('dashboard')->with('asset_stats', $asset_stats)->with('counts', $counts);
         } else {
+            Session::reflash();
+
             // Redirect to the profile page
             return redirect()->intended('account/view-assets');
         }

app/Http/Controllers/DepartmentsController.php

@@ -51,7 +51,7 @@ class DepartmentsController extends Controller
         $this->authorize('create', Department::class);
         $department = new Department;
         $department->fill($request->all());
-        $department->user_id = auth()->id();
+        $department->created_by = auth()->id();
         $department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
         $department->location_id = ($request->filled('location_id') ? $request->input('location_id') : null);
         $department->company_id = ($request->filled('company_id') ? $request->input('company_id') : null);

app/Http/Controllers/DepreciationsController.php

@@ -61,7 +61,21 @@ class DepreciationsController extends Controller
         // Depreciation data
         $depreciation->name = $request->input('name');
         $depreciation->months = $request->input('months');
-        $depreciation->user_id = Auth::id();
+        $depreciation->created_by = auth()->id();
+
+        $request->validate([
+            'depreciation_min' => [
+                'required',
+                'numeric',
+                function ($attribute, $value, $fail) use ($request) {
+                    if ($request->input('depreciation_type') == 'percent' && ($value < 0 || $value > 100)) {
+                        $fail(trans('validation.percent'));
+                    }
+                },
+            ],
+            'depreciation_type' => 'required|in:amount,percent',
+        ]);
+        $depreciation->depreciation_type = $request->input('depreciation_type');
         $depreciation->depreciation_min = $request->input('depreciation_min');
 
         // Was the asset created?
@@ -116,6 +130,20 @@ class DepreciationsController extends Controller
         // Depreciation data
         $depreciation->name             = $request->input('name');
         $depreciation->months           = $request->input('months');
+
+        $request->validate([
+            'depreciation_min' => [
+                'required',
+                'numeric',
+                function ($attribute, $value, $fail) use ($request) {
+                    if ($request->input('depreciation_type') == 'percent' && ($value < 0 || $value > 100)) {
+                        $fail(trans('validation.percent'));
+                    }
+                },
+            ],
+            'depreciation_type' => 'required|in:amount,percent',
+        ]);
+        $depreciation->depreciation_type = $request->input('depreciation_type');
         $depreciation->depreciation_min = $request->input('depreciation_min');
 
         // Was the asset created?
@@ -165,13 +193,20 @@ class DepreciationsController extends Controller
      */
     public function show($id) : View | RedirectResponse
     {
-        if (is_null($depreciation = Depreciation::find($id))) {
-            // Redirect to the blogs management page
-            return redirect()->route('depreciations.index')->with('error', trans('admin/depreciations/message.does_not_exist'));
-        }
+        $depreciation = Depreciation::withCount('assets as assets_count')
+            ->withCount('models as models_count')
+            ->withCount('licenses as licenses_count')
+            ->find($id);
 
         $this->authorize('view', $depreciation);
 
+        if ($depreciation) {
             return view('depreciations/view', compact('depreciation'));
+
+        }
+
+        return redirect()->route('depreciations.index')->with('error', trans('admin/depreciations/message.does_not_exist'));
+
+
     }
 }

app/Http/Controllers/HealthController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers;
 
 use Illuminate\Routing\Controller as BaseController;
+use Illuminate\Support\Facades\DB;
 
 /**
  * This controller provide the health route  for
@@ -15,13 +16,35 @@ use Illuminate\Routing\Controller as BaseController;
  */
 class HealthController extends BaseController
 {
+
+    public function __construct()
+    {
+        $this->middleware('health');
+    }
+
+
     /**
      * Returns a fixed JSON content ({ "status": "ok"}) which indicate the app is up and running
      */
     public function get()
     {
+        try {
+
+            if (DB::select('select 2 + 2')) {
                 return response()->json([
                     'status' => 'ok',
                 ]);
+            }
+
+        } catch (\Exception $e) {
+            \Log::error('Could not connect to database');
+            return response()->json([
+                'status' => 'database connection failed',
+            ], 500);
+
+        }
+
+
+
     }
 }

app/Http/Controllers/Kits/CheckoutKitController.php

@@ -62,10 +62,10 @@ class CheckoutKitController extends Controller
 
         $checkout_result = $this->kitService->checkout($request, $kit, $user);
         if (Arr::has($checkout_result, 'errors') && count($checkout_result['errors']) > 0) {
-            return redirect()->back()->with('error', trans('general.checkout_error'))->with('error_messages', $checkout_result['errors']);
+            return redirect()->back()->with('error', trans('admin/kits/general.checkout_error'))->with('error_messages', $checkout_result['errors']);
         }
 
-        return redirect()->back()->with('success', trans('general.checkout_success'))
+        return redirect()->back()->with('success', trans('admin/kits/general.checkout_success'))
             ->with('assets', Arr::get($checkout_result, 'assets', null))
             ->with('accessories', Arr::get($checkout_result, 'accessories', null))
             ->with('consumables', Arr::get($checkout_result, 'consumables', null));

app/Http/Controllers/Kits/PredefinedKitsController.php

@@ -55,6 +55,7 @@ class PredefinedKitsController extends Controller
         // Create a new Predefined Kit
         $kit = new PredefinedKit;
         $kit->name = $request->input('name');
+        $kit->created_by = auth()->id();
 
         if (! $kit->save()) {
             return redirect()->back()->withInput()->withErrors($kit->getErrors());

app/Http/Controllers/Licenses/LicenseCheckinController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Licenses;
 
 use App\Events\CheckoutableCheckedIn;
+use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Models\License;
 use App\Models\LicenseSeat;
@@ -100,15 +101,15 @@ class LicenseCheckinController extends Controller
         $licenseSeat->asset_id = null;
         $licenseSeat->notes = $request->input('notes');
 
+        session()->put(['redirect_option' => $request->get('redirect_option')]);
+
+
         // Was the asset updated?
         if ($licenseSeat->save()) {
             event(new CheckoutableCheckedIn($licenseSeat, $return_to, auth()->user(), $request->input('notes')));
 
-            if ($backTo == 'user') {
-                return redirect()->route('users.show', $return_to->id)->with('success', trans('admin/licenses/message.checkin.success'));
-            }
 
-            return redirect()->route('licenses.show', $licenseSeat->license_id)->with('success', trans('admin/licenses/message.checkin.success'));
+            return redirect()->to(Helper::getRedirectOption($request, $license->id, 'Licenses'))->with('success', trans('admin/licenses/message.checkin.success'));
         }
 
         // Redirect to the license page with error

app/Http/Controllers/Licenses/LicenseCheckoutController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Licenses;
 
 use App\Events\CheckoutableCheckedOut;
+use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\LicenseCheckoutRequest;
 use App\Models\Accessory;
@@ -76,15 +77,32 @@ class LicenseCheckoutController extends Controller
         $this->authorize('checkout', $license);
 
         $licenseSeat = $this->findLicenseSeatToCheckout($license, $seatId);
-        $licenseSeat->user_id = Auth::id();
+        $licenseSeat->created_by = auth()->id();
         $licenseSeat->notes = $request->input('notes');
         
 
         $checkoutMethod = 'checkoutTo'.ucwords(request('checkout_to_type'));
-        if ($this->$checkoutMethod($licenseSeat)) {
-            return redirect()->route('licenses.index')->with('success', trans('admin/licenses/message.checkout.success'));
+
+        if ($request->filled('asset_id')) {
+
+            $checkoutTarget = $this->checkoutToAsset($licenseSeat);
+            $request->request->add(['assigned_asset' => $checkoutTarget->id]);
+            session()->put(['redirect_option' => $request->get('redirect_option'), 'checkout_to_type' => 'asset']);
+
+        } elseif ($request->filled('assigned_to')) {
+            $checkoutTarget = $this->checkoutToUser($licenseSeat);
+            $request->request->add(['assigned_user' => $checkoutTarget->id]);
+            session()->put(['redirect_option' => $request->get('redirect_option'), 'checkout_to_type' => 'user']);
         }
 
+
+
+        if ($checkoutTarget) {
+            return redirect()->to(Helper::getRedirectOption($request, $license->id, 'Licenses'))->with('success', trans('admin/licenses/message.checkout.success'));
+        }
+
+
+
         return redirect()->route('licenses.index')->with('error', trans('Something went wrong handling this checkout.'));
     }
 
@@ -94,14 +112,14 @@ class LicenseCheckoutController extends Controller
 
         if (! $licenseSeat) {
             if ($seatId) {
-                throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', 'This Seat is not available for checkout.'));
+                throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.checkout.unavailable')));
             }
             
-            throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', 'There are no available seats for this license.'));
+            throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.checkout.not_enough_seats')));
         }
 
         if (! $licenseSeat->license->is($license)) {
-            throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', 'The license seat provided does not match the license.'));
+            throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.checkout.mismatch')));
         }
 
         return $licenseSeat;
@@ -120,8 +138,7 @@ class LicenseCheckoutController extends Controller
         }
         if ($licenseSeat->save()) {
             event(new CheckoutableCheckedOut($licenseSeat, $target, auth()->user(), request('notes')));
-
-            return true;
+            return $target;
         }
 
         return false;
@@ -137,8 +154,7 @@ class LicenseCheckoutController extends Controller
 
         if ($licenseSeat->save()) {
             event(new CheckoutableCheckedOut($licenseSeat, $target, auth()->user(), request('notes')));
-
-            return true;
+            return $target;
         }
 
         return false;

app/Http/Controllers/Licenses/LicenseFilesController.php

@@ -112,37 +112,19 @@ class LicenseFilesController extends Controller
             $this->authorize('view', $license);
             $this->authorize('licenses.files', $license);
 
-            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $license->id)->find($fileId)) {
-                return response('No matching record for that asset/file', 500)
-                    ->header('Content-Type', 'text/plain');
-            }
-
+            if ($log = Actionlog::whereNotNull('filename')->where('item_id', $license->id)->find($fileId)) {
                 $file = 'private_uploads/licenses/'.$log->filename;
 
-            if (Storage::missing($file)) {
-                Log::debug('NOT EXISTS for '.$file);
-                Log::debug('NOT EXISTS URL should be '.Storage::url($file));
-
-                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
-                    ->header('Content-Type', 'text/plain');
-            } else {
-
-                if (request('inline') == 'true') {
-
-                    $headers = [
-                        'Content-Disposition' => 'inline',
-                    ];
-
-                    return Storage::download($file, $log->filename, $headers);
-                }
-
-                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
-                // won't work, as they're not accessible via the web
-                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
-                    return StorageHelper::downloader($file);
-
+                try {
+                    return StorageHelper::showOrDownloadFile($file, $log->filename);
+                } catch (\Exception $e) {
+                    return redirect()->route('licenses.show', ['licenses' => $license])->with('error',  trans('general.file_not_found'));
                 }
             }
+
+            // The log record doesn't exist somehow
+            return redirect()->route('licenses.show', ['licenses' => $license])->with('error',  trans('general.log_record_not_found'));
+
         }
 
         return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId]));

app/Http/Controllers/Licenses/LicensesController.php

@@ -99,11 +99,13 @@ class LicensesController extends Controller
         $license->supplier_id       = $request->input('supplier_id');
         $license->category_id       = $request->input('category_id');
         $license->termination_date  = $request->input('termination_date');
-        $license->user_id           = Auth::id();
+        $license->created_by           = auth()->id();
         $license->min_amt           = $request->input('min_amt');
 
+        session()->put(['redirect_option' => $request->get('redirect_option')]);
+
         if ($license->save()) {
-            return redirect()->route('licenses.index')->with('success', trans('admin/licenses/message.create.success'));
+            return redirect()->to(Helper::getRedirectOption($request, $license->id, 'Licenses'))->with('success', trans('admin/licenses/message.create.success'));
         }
 
         return redirect()->back()->withInput()->withErrors($license->getErrors());
@@ -180,8 +182,10 @@ class LicensesController extends Controller
         $license->category_id       = $request->input('category_id');
         $license->min_amt           = $request->input('min_amt');
 
+        session()->put(['redirect_option' => $request->get('redirect_option')]);
+
         if ($license->save()) {
-            return redirect()->route('licenses.show', ['license' => $licenseId])->with('success', trans('admin/licenses/message.update.success'));
+            return redirect()->to(Helper::getRedirectOption($request, $license->id, 'Licenses'))->with('success', trans('admin/licenses/message.update.success'));
         }
         // If we can't adjust the number of seats, the error is flashed to the session by the event handler in License.php
         return redirect()->back()->withInput()->withErrors($license->getErrors());

app/Http/Controllers/LocationsController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers;
 
 use App\Http\Requests\ImageUploadRequest;
+use App\Models\Actionlog;
 use App\Models\Asset;
 use App\Models\Location;
 use App\Models\User;
@@ -74,7 +75,7 @@ class LocationsController extends Controller
         $location->zip = $request->input('zip');
         $location->ldap_ou = $request->input('ldap_ou');
         $location->manager_id = $request->input('manager_id');
-        $location->user_id = auth()->id();
+        $location->created_by = auth()->id();
         $location->phone = request('phone');
         $location->fax = request('fax');
 
@@ -193,7 +194,13 @@ class LocationsController extends Controller
      */
     public function show($id = null) : View | RedirectResponse
     {
-        $location = Location::find($id);
+        $location = Location::withCount('assignedAssets as assigned_assets_count')
+            ->withCount('assets as assets_count')
+            ->withCount('rtd_assets as rtd_assets_count')
+            ->withCount('children as children_count')
+            ->withCount('users as users_count')
+            ->withTrashed()
+            ->find($id);
 
         if (isset($location->id)) {
             return view('locations/view', compact('location'));
@@ -249,6 +256,41 @@ class LocationsController extends Controller
     }
 
 
+    /**
+     * Restore a given Asset Model (mark as un-deleted)
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param int $id
+     */
+    public function postRestore($id) : RedirectResponse
+    {
+        $this->authorize('create', Location::class);
+
+        if ($location = Location::withTrashed()->find($id)) {
+
+            if ($location->deleted_at == '') {
+                return redirect()->back()->with('error', trans('general.not_deleted', ['item_type' => trans('general.location')]));
+            }
+
+            if ($location->restore()) {
+                $logaction = new Actionlog();
+                $logaction->item_type = Location::class;
+                $logaction->item_id = $location->id;
+                $logaction->created_at = date('Y-m-d H:i:s');
+                $logaction->created_by = auth()->id();
+                $logaction->logaction('restore');
+
+                return redirect()->route('locations.index')->with('success', trans('admin/locations/message.restore.success'));
+            }
+
+            // Check validation
+            return redirect()->back()->with('error', trans('general.could_not_restore', ['item_type' => trans('general.location'), 'error' => $location->getErrors()->first()]));
+        }
+
+        return redirect()->back()->with('error', trans('admin/models/message.does_not_exist'));
+
+    }
     public function print_all_assigned($id) : View | RedirectResponse
     {
         if ($location = Location::where('id', $id)->first()) {

app/Http/Controllers/ManufacturersController.php

@@ -61,7 +61,7 @@ class ManufacturersController extends Controller
         $this->authorize('create', Manufacturer::class);
         $manufacturer = new Manufacturer;
         $manufacturer->name = $request->input('name');
-        $manufacturer->user_id = Auth::id();
+        $manufacturer->created_by = auth()->id();
         $manufacturer->url = $request->input('url');
         $manufacturer->support_url = $request->input('support_url');
         $manufacturer->warranty_lookup_url = $request->input('warranty_lookup_url');
@@ -219,7 +219,7 @@ class ManufacturersController extends Controller
                 $logaction->item_type = Manufacturer::class;
                 $logaction->item_id = $manufacturer->id;
                 $logaction->created_at = date('Y-m-d H:i:s');
-                $logaction->user_id = auth()->id();
+                $logaction->created_by = auth()->id();
                 $logaction->logaction('restore');
 
                 // Redirect them to the deleted page if there are more, otherwise the section index

app/Http/Controllers/ProfileController.php

@@ -49,6 +49,8 @@ class ProfileController extends Controller
         $user->gravatar = $request->input('gravatar');
         $user->skin = $request->input('skin');
         $user->phone = $request->input('phone');
+        $user->enable_sounds = $request->input('enable_sounds', false);
+        $user->enable_confetti = $request->input('enable_confetti', false);
 
         if (! config('app.lock_passwords')) {
             $user->locale = $request->input('locale', 'en-US');
@@ -192,14 +194,14 @@ class ProfileController extends Controller
      */
     public function printInventory() : View
     {
-        $show_user = auth()->user();
+        $show_users = User::where('id',auth()->user()->id)->get();
 
         return view('users/print')
-            ->with('assets', auth()->user()->assets)
-            ->with('licenses', $show_user->licenses()->get())
-            ->with('accessories', $show_user->accessories()->get())
-            ->with('consumables', $show_user->consumables()->get())
-            ->with('show_user', $show_user)
+            ->with('assets', auth()->user()->assets())
+            ->with('licenses', auth()->user()->licenses()->get())
+            ->with('accessories', auth()->user()->accessories()->get())
+            ->with('consumables', auth()->user()->consumables()->get())
+            ->with('users', $show_users)
             ->with('settings', Setting::getSettings());
     }
 
@@ -220,7 +222,12 @@ class ProfileController extends Controller
             return redirect()->back()->with('error', trans('admin/users/message.user_has_no_email'));
         }
 
+        try {
             $user->notify((new CurrentInventory($user)));
+        } catch (\Exception $e) {
+            \Log::error($e);
+        }
+
         return redirect()->back()->with('success', trans('admin/users/general.user_notified'));
     }
 }

app/Http/Controllers/ReportsController.php

@@ -703,6 +703,10 @@ class ReportsController extends Controller
                     $assets->whereBetween('assets.expected_checkin', [$request->input('expected_checkin_start'), $request->input('expected_checkin_end')]);
             }
 
+            if (($request->filled('asset_eol_date_start')) && ($request->filled('asset_eol_date_end'))) {
+                $assets->whereBetween('assets.asset_eol_date', [$request->input('asset_eol_date_start'), $request->input('asset_eol_date_end')]);
+            }
+
             if (($request->filled('last_audit_start')) && ($request->filled('last_audit_end'))) {
                     $last_audit_start = Carbon::parse($request->input('last_audit_start'))->startOfDay();
                     $last_audit_end = Carbon::parse($request->input('last_audit_end'))->endOfDay();
@@ -778,7 +782,7 @@ class ReportsController extends Controller
                     }
 
                     if ($request->filled('eol')) {
-                            $row[] = ($asset->asset_eol_date) ? $asset->asset_eol_date : '';
+                        $row[] = ($asset->purchase_date != '') ? $asset->asset_eol_date : '';
                     }
 
                     if ($request->filled('order')) {

app/Http/Controllers/SettingsController.php

@@ -7,6 +7,11 @@ use App\Helpers\StorageHelper;
 use App\Http\Requests\ImageUploadRequest;
 use App\Http\Requests\SettingsSamlRequest;
 use App\Http\Requests\SetupUserRequest;
+use App\Http\Requests\StoreLdapSettings;
+use App\Http\Requests\StoreLocalizationSettings;
+use App\Http\Requests\StoreNotificationSettings;
+use App\Http\Requests\StoreLabelSettings;
+use App\Http\Requests\StoreSecuritySettings;
 use App\Models\CustomField;
 use App\Models\Group;
 use App\Models\Setting;
@@ -14,7 +19,6 @@ use App\Models\Asset;
 use App\Models\User;
 use App\Notifications\FirstAdminNotification;
 use App\Notifications\MailTest;
-use Illuminate\Http\Client\HttpClientException;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Storage;
@@ -129,11 +133,11 @@ class SettingsController extends Controller
     protected function dotEnvFileIsExposed() : bool
     {
         try {
-            return Http::timeout(10)
+            return Http::withoutVerifying()->timeout(10)
                 ->accept('*/*')
                 ->get(URL::to('.env'))
                 ->successful();
-        } catch (HttpClientException $e) {
+        } catch (\Exception $e) {
             Log::debug($e->getMessage());
             return true;
         }
@@ -182,7 +186,7 @@ class SettingsController extends Controller
         $settings->brand = 1;
         $settings->locale = $request->input('locale', 'en-US');
         $settings->default_currency = $request->input('default_currency', 'USD');
-        $settings->user_id = 1;
+        $settings->created_by = 1;
         $settings->email_domain = $request->input('email_domain');
         $settings->email_format = $request->input('email_format');
         $settings->next_auto_tag_base = 1;
@@ -274,20 +278,6 @@ class SettingsController extends Controller
         return view('settings/index', compact('settings'));
     }
 
-    /**
-     * Return the admin settings page.
-     *
-     * @author [A. Gianotto] [<snipe@snipe.net>]
-     *
-     * @since [v1.0]
-     */
-    public function getEdit() : View
-
-    {
-        $setting = Setting::getSettings();
-
-        return view('settings/general', compact('setting'));
-    }
 
     /**
      * Return a form to allow a super admin to update settings.
@@ -325,6 +315,7 @@ class SettingsController extends Controller
 
         $setting->full_multiple_companies_support = $request->input('full_multiple_companies_support', '0');
         $setting->unique_serial = $request->input('unique_serial', '0');
+        $setting->shortcuts_enabled = $request->input('shortcuts_enabled', '0');
         $setting->show_images_in_email = $request->input('show_images_in_email', '0');
         $setting->show_archived_in_list = $request->input('show_archived_in_list', '0');
         $setting->dashboard_message = $request->input('dashboard_message');
@@ -414,10 +405,7 @@ class SettingsController extends Controller
             $setting = $request->handleImages($setting, 600, 'logo', '', 'logo');
 
             if ($request->input('clear_logo') == '1') {
-
-                if (($setting->logo) && (Storage::exists($setting->logo))) {
-                    Storage::disk('public')->delete($setting->logo);
-                }
+                $setting = $request->deleteExistingImage($setting, '', 'logo');
                 $setting->logo = null;
                 $setting->brand = 1;
             }
@@ -425,43 +413,38 @@ class SettingsController extends Controller
             // Email logo upload
             $setting = $request->handleImages($setting, 600, 'email_logo', '', 'email_logo');
             if ($request->input('clear_email_logo') == '1') {
-
-                if (($setting->email_logo) && (Storage::exists($setting->email_logo))) {
-                    Storage::disk('public')->delete($setting->email_logo);
-                }
+                $setting = $request->deleteExistingImage($setting, '', 'email_logo');
                 $setting->email_logo = null;
-                // If they are uploading an image, validate it and upload it
             }
 
              // Label logo upload
             $setting = $request->handleImages($setting, 600, 'label_logo', '', 'label_logo');
-            if ($request->input('clear_label_logo') == '1') {
 
-                if (($setting->label_logo) && (Storage::exists($setting->label_logo))) {
-                    Storage::disk('public')->delete($setting->label_logo);
-                }
+            if ($request->input('clear_label_logo') == '1') {
+                $setting = $request->deleteExistingImage($setting, '', 'label_logo');
                 $setting->label_logo = null;
             }
 
             // Favicon upload
             $setting = $request->handleImages($setting, 100, 'favicon', '', 'favicon');
             if ('1' == $request->input('clear_favicon')) {
-
-                if (($setting->favicon) && (Storage::exists($setting->favicon))) {
-                    Storage::disk('public')->delete($setting->favicon);
-                }
+                $setting = $request->deleteExistingImage($setting, '', 'favicon');
                 $setting->favicon = null;
             }
 
             // Default avatar upload
             $setting = $request->handleImages($setting, 500, 'default_avatar', 'avatars', 'default_avatar');
             if ($request->input('clear_default_avatar') == '1')  {
-
-                if (($setting->default_avatar) && (Storage::exists('avatars/'.$setting->default_avatar))) {
-                    Storage::disk('public')->delete('avatars/'.$setting->default_avatar);
+                // Don't delete the file, just update the field if this is the default
+                if ($setting->default_avatar!='default.png') {
+                    $setting = $request->deleteExistingImage($setting, 'avatars', 'default_avatar');
                 }
                 $setting->default_avatar = null;
             }
+
+            if ($request->input('restore_default_avatar') == '1')  {
+                $setting->default_avatar = 'default.png';
+            }
         }
 
         if ($setting->save()) {
@@ -494,7 +477,7 @@ class SettingsController extends Controller
      *
      * @since [v1.0]
      */
-    public function postSecurity(Request $request) : RedirectResponse
+    public function postSecurity(StoreSecuritySettings $request) : RedirectResponse
     {
         $this->validate($request, [
             'pwd_secure_complexity' => 'array',
@@ -564,7 +547,7 @@ class SettingsController extends Controller
      *
      * @since [v1.0]
      */
-    public function postLocalization(Request $request) : RedirectResponse
+    public function postLocalization(StoreLocalizationSettings $request) : RedirectResponse
     {
         if (is_null($setting = Setting::getSettings())) {
             return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
@@ -607,7 +590,7 @@ class SettingsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v1.0]
      */
-    public function postAlerts(Request $request) : RedirectResponse
+    public function postAlerts(StoreNotificationSettings $request) : RedirectResponse
     {
         if (is_null($setting = Setting::getSettings())) {
             return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
@@ -645,6 +628,7 @@ class SettingsController extends Controller
         $setting->alert_threshold = $request->input('alert_threshold');
         $setting->audit_interval = $request->input('audit_interval');
         $setting->audit_warning_days = $request->input('audit_warning_days');
+        $setting->due_checkin_days = $request->input('due_checkin_days');
         $setting->show_alerts_in_menu = $request->input('show_alerts_in_menu', '0');
 
         if ($setting->save()) {
@@ -787,7 +771,7 @@ class SettingsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
      */
-    public function postLabels(Request $request) : RedirectResponse
+    public function postLabels(StoreLabelSettings $request) : RedirectResponse
     {
         if (is_null($setting = Setting::getSettings())) {
             return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
@@ -866,26 +850,7 @@ class SettingsController extends Controller
     {
         $setting = Setting::getSettings();
         $groups = Group::pluck('name', 'id');
-
-
-        /**
-         * This validator is only temporary (famous last words.) - @snipe
-         */
-        $messages = [
-            'ldap_username_field.not_in' => '<code>sAMAccountName</code> (mixed case) will likely not work. You should use <code>samaccountname</code> (lowercase) instead. ',
-            'ldap_auth_filter_query.not_in' => '<code>uid=samaccountname</code> is probably not a valid auth filter. You probably want <code>uid=</code> ',
-            'ldap_filter.regex' => 'This value should probably not be wrapped in parentheses.',
-        ];
-
-        $validator = Validator::make($setting->toArray(), [
-            'ldap_username_field' => 'not_in:sAMAccountName',
-            'ldap_auth_filter_query' => 'not_in:uid=samaccountname|required_if:ldap_enabled,1',
-            'ldap_filter' => 'nullable|regex:"^[^(]"|required_if:ldap_enabled,1',
-        ],  $messages);
-
-
-
-        return view('settings.ldap', compact('setting', 'groups'))->withErrors($validator);
+        return view('settings.ldap', compact('setting', 'groups'));
     }
 
     /**
@@ -894,7 +859,7 @@ class SettingsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
      */
-    public function postLdapSettings(Request $request) : RedirectResponse
+    public function postLdapSettings(StoreLdapSettings $request) : RedirectResponse
     {
         if (is_null($setting = Setting::getSettings())) {
             return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
@@ -1211,7 +1176,7 @@ class SettingsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v6.0]
      */
-    public function postRestore($filename = null) : RedirectResponse
+    public function postRestore(Request $request, $filename = null): RedirectResponse
     {
 
         if (! config('app.lock_passwords')) {
@@ -1231,13 +1196,29 @@ class SettingsController extends Controller
 
                 Log::debug('Attempting to restore from: '. storage_path($path).'/'.$filename);
 
-                // run the restore command
-                Artisan::call('snipeit:restore',
-                [
+                $restore_params = [
                     '--force' => true,
                     '--no-progress' => true,
-                    'filename' => storage_path($path).'/'.$filename
+                    'filename' => storage_path($path) . '/' . $filename
+                ];
+
+                if ($request->input('clean')) {
+                    Log::debug("Attempting 'clean' - first, guessing prefix...");
+                    Artisan::call('snipeit:restore', [
+                        '--sanitize-guess-prefix' => true,
+                        'filename' => storage_path($path) . '/' . $filename
                     ]);
+                    $guess_prefix_output = Artisan::output();
+                    Log::debug("Sanitize output is: $guess_prefix_output");
+                    list($prefix, $_output) = explode("\n", $guess_prefix_output);
+                    Log::debug("prefix is: '$prefix'");
+                    $restore_params['--sanitize-with-prefix'] = $prefix;
+                }
+
+                // run the restore command
+                Artisan::call('snipeit:restore',
+                    $restore_params
+                );
 
                 // If it's greater than 300, it probably worked
                 $output = Artisan::output();
@@ -1264,7 +1245,7 @@ class SettingsController extends Controller
                 DB::table('users')->update(['remember_token' => null]);
                 Auth::logout();
 
-                return redirect()->route('login')->with('success', 'Your system has been restored. Please login again.');
+                return redirect()->route('login')->with('success', trans('admin/settings/message.restore.success'));
             } else {
                 return redirect()->route('settings.backups.index')->with('error', trans('admin/settings/message.backup.file_not_found'));
             }

app/Http/Controllers/StatuslabelsController.php

@@ -69,7 +69,7 @@ class StatuslabelsController extends Controller
 
         // Save the Statuslabel data
         $statusLabel->name = $request->input('name');
-        $statusLabel->user_id = Auth::id();
+        $statusLabel->created_by = auth()->id();
         $statusLabel->notes = $request->input('notes');
         $statusLabel->deployable = $statusType['deployable'];
         $statusLabel->pending = $statusType['pending'];

app/Http/Controllers/SuppliersController.php

@@ -62,7 +62,7 @@ class SuppliersController extends Controller
         $supplier->email = request('email');
         $supplier->notes = request('notes');
         $supplier->url = $supplier->addhttp(request('url'));
-        $supplier->user_id = Auth::id();
+        $supplier->created_by = auth()->id();
         $supplier = $request->handleImages($supplier);
 
         if ($supplier->save()) {

app/Http/Controllers/Users/BulkUsersController.php

@@ -13,9 +13,11 @@ use App\Models\Group;
 use App\Models\LicenseSeat;
 use App\Models\ConsumableAssignment;
 use App\Models\Consumable;
+use App\Models\Setting;
 use App\Models\User;
 use Carbon\Carbon;
 use Illuminate\Http\Request;
+use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Password;
@@ -29,12 +31,12 @@ class BulkUsersController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v1.7]
      * @param Request $request
-     * @return \Illuminate\Contracts\View\View
+     * @return \Illuminate\Contracts\View\View | \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function edit(Request $request)
     {
-        $this->authorize('update', User::class);
+        $this->authorize('view', User::class);
 
         // Make sure there were users selected
         if (($request->filled('ids')) && (count($request->input('ids')) > 0)) {
@@ -46,16 +48,18 @@ class BulkUsersController extends Controller
 
             // bulk edit, display the bulk edit form
             if ($request->input('bulk_actions') == 'edit') {
+                $this->authorize('update', User::class);
                 return view('users/bulk-edit', compact('users'))
                     ->with('groups', Group::pluck('name', 'id'));
 
             // bulk delete, display the bulk delete confirmation form
             } elseif ($request->input('bulk_actions') == 'delete') {
+                $this->authorize('delete', User::class);
                 return view('users/confirm-bulk-delete')->with('users', $users)->with('statuslabel_list', Helper::statusLabelList());
 
             // merge, confirm they have at least 2 users selected and display the merge screen
             } elseif ($request->input('bulk_actions') == 'merge') {
-
+                $this->authorize('delete', User::class);
                 if (($request->filled('ids')) && (count($request->input('ids')) > 1)) {
                     return view('users/confirm-merge')->with('users', $users);
                 // Not enough users selected, send them back
@@ -75,6 +79,33 @@ class BulkUsersController extends Controller
                 }
                 return redirect()->back()->with('success', trans('admin/users/message.password_resets_sent'));
 
+            } elseif ($request->input('bulk_actions') == 'print') {
+                $users = User::query()
+                    ->with([
+                        'assets.assetlog',
+                        'assets.assignedAssets.assetlog',
+                        'assets.assignedAssets.defaultLoc',
+                        'assets.assignedAssets.location',
+                        'assets.assignedAssets.model.category',
+                        'assets.defaultLoc',
+                        'assets.location',
+                        'assets.model.category',
+                        'accessories.assetlog',
+                        'accessories.category',
+                        'accessories.manufacturer',
+                        'consumables.assetlog',
+                        'consumables.category',
+                        'consumables.manufacturer',
+                        'licenses.category',
+                    ])
+                    ->withTrashed()
+                    ->findMany($request->input('ids'));
+
+                $users->each(fn($user) => $this->authorize('view', $user));
+
+                return view('users.print')
+                    ->with('users', $users)
+                    ->with('settings', Setting::getSettings());
             }
         }
 
@@ -100,7 +131,7 @@ class BulkUsersController extends Controller
         $user_raw_array = $request->input('ids');
 
         // Remove the user from any updates.
-        $user_raw_array = array_diff($user_raw_array, [Auth::id()]);
+        $user_raw_array = array_diff($user_raw_array, [auth()->id()]);
         $manager_conflict = false;
         $users = User::whereIn('id', $user_raw_array)->where('id', '!=', auth()->id())->get();
 
@@ -115,6 +146,9 @@ class BulkUsersController extends Controller
             ->conditionallyAddItem('remote')
             ->conditionallyAddItem('ldap_import')
             ->conditionallyAddItem('activated')
+            ->conditionallyAddItem('start_date')
+            ->conditionallyAddItem('end_date')
+            ->conditionallyAddItem('city')
             ->conditionallyAddItem('autoassign_licenses');
 
 
@@ -145,13 +179,24 @@ class BulkUsersController extends Controller
             $this->update_array['company_id'] = null;
         }
 
+        if ($request->input('null_start_date')=='1') {
+            $this->update_array['start_date'] = null;
+        }
+
+        if ($request->input('null_end_date')=='1') {
+            $this->update_array['end_date'] = null;
+        }
+
+        if ($request->input('null_locale')=='1') {
+            $this->update_array['locale'] = null;
+        }
 
         if (! $manager_conflict) {
             $this->conditionallyAddItem('manager_id');
         }
         // Save the updated info
         User::whereIn('id', $user_raw_array)
-            ->where('id', '!=', Auth::id())->update($this->update_array);
+            ->where('id', '!=', auth()->id())->update($this->update_array);
 
         if (array_key_exists('location_id', $this->update_array)){
             Asset::where('assigned_type', User::class)
@@ -213,26 +258,24 @@ class BulkUsersController extends Controller
 
         $user_raw_array = request('ids');
 
-        if (($key = array_search(Auth::id(), $user_raw_array)) !== false) {
+        if (($key = array_search(auth()->id(), $user_raw_array)) !== false) {
             unset($user_raw_array[$key]);
         }
 
         $users = User::whereIn('id', $user_raw_array)->get();
-        $assets = Asset::whereIn('assigned_to', $user_raw_array)->where('assigned_type', \App\Models\User::class)->get();
-        $accessories = DB::table('accessories_users')->whereIn('assigned_to', $user_raw_array)->get();
+        $assets = Asset::whereIn('assigned_to', $user_raw_array)->where('assigned_type', User::class)->get();
+        $accessoryUserRows = DB::table('accessories_checkout')->where('assigned_type', User::class)->whereIn('assigned_to', $user_raw_array)->get();
         $licenses = DB::table('license_seats')->whereIn('assigned_to', $user_raw_array)->get();
-        $consumables = DB::table('consumables_users')->whereIn('assigned_to', $user_raw_array)->get();
+        $consumableUserRows = DB::table('consumables_users')->whereIn('assigned_to', $user_raw_array)->get();
 
         if ((($assets->count() > 0) && ((!$request->filled('status_id')) || ($request->input('status_id') == '')))) {
             return redirect()->route('users.index')->with('error', 'No status selected');
         }
 
-
         $this->logItemCheckinAndDelete($assets, Asset::class);
-        $this->logItemCheckinAndDelete($accessories, Accessory::class);
+        $this->logAccessoriesCheckin($accessoryUserRows);
         $this->logItemCheckinAndDelete($licenses, License::class);
-        $this->logItemCheckinAndDelete($consumables, Consumable::class);
-
+        $this->logConsumablesCheckin($consumableUserRows);
 
         Asset::whereIn('id', $assets->pluck('id'))->update([
             'status_id'     => e(request('status_id')),
@@ -241,19 +284,14 @@ class BulkUsersController extends Controller
             'expected_checkin' => null,
         ]);
 
-
         LicenseSeat::whereIn('id', $licenses->pluck('id'))->update(['assigned_to' => null]);
-        ConsumableAssignment::whereIn('id', $consumables->pluck('id'))->delete();
-
+        ConsumableAssignment::whereIn('id', $consumableUserRows->pluck('id'))->delete();
 
         foreach ($users as $user) {
-
-            $user->consumables()->sync([]);
             $user->accessories()->sync([]);
             if ($request->input('delete_user')=='1') {
                 $user->delete();
             }
-
         }
 
         $msg = trans('general.bulk_checkin_success');
@@ -285,7 +323,35 @@ class BulkUsersController extends Controller
             $logAction->item_type = $itemType;
             $logAction->target_id = $item->assigned_to;
             $logAction->target_type = User::class;
-            $logAction->user_id = Auth::id();
+            $logAction->created_at = auth()->id();
+            $logAction->note = 'Bulk checkin items';
+            $logAction->logaction('checkin from');
+        }
+    }
+
+    private function logAccessoriesCheckin(Collection $accessoryUserRows): void
+    {
+        foreach ($accessoryUserRows as $accessoryUserRow) {
+            $logAction = new Actionlog();
+            $logAction->item_id = $accessoryUserRow->accessory_id;
+            $logAction->item_type = Accessory::class;
+            $logAction->target_id = $accessoryUserRow->assigned_to;
+            $logAction->target_type = User::class;
+            $logAction->created_at = auth()->id();
+            $logAction->note = 'Bulk checkin items';
+            $logAction->logaction('checkin from');
+        }
+    }
+
+    private function logConsumablesCheckin(Collection $consumableUserRows): void
+    {
+        foreach ($consumableUserRows as $consumableUserRow) {
+            $logAction = new Actionlog();
+            $logAction->item_id = $consumableUserRow->consumable_id;
+            $logAction->item_type = Consumable::class;
+            $logAction->target_id = $consumableUserRow->assigned_to;
+            $logAction->target_type = User::class;
+            $logAction->created_at = auth()->id();
             $logAction->note = 'Bulk checkin items';
             $logAction->logaction('checkin from');
         }

app/Http/Controllers/Users/UserFilesController.php

@@ -7,9 +7,6 @@ use App\Http\Controllers\Controller;
 use App\Http\Requests\UploadFileRequest;
 use App\Models\Actionlog;
 use App\Models\User;
-use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Input;
-use Illuminate\Support\Facades\Response;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Illuminate\Support\Facades\Storage;
 
@@ -46,7 +43,7 @@ class UserFilesController extends Controller
                 $logAction = new Actionlog();
                 $logAction->item_id = $user->id;
                 $logAction->item_type = User::class;
-                $logAction->user_id = Auth::id();
+                $logAction->created_by = auth()->id();
                 $logAction->note = $request->input('notes');
                 $logAction->target_id = null;
                 $logAction->created_at = date("Y-m-d H:i:s");
@@ -116,31 +113,30 @@ class UserFilesController extends Controller
     public function show($userId = null, $fileId = null)
     {
 
+
         if (empty($fileId)) {
             return redirect()->route('users.show')->with('error', 'Invalid file request');
         }
 
-        $user = User::find($userId);
-
-        // the license is valid
-        if (isset($user->id)) {
+        if ($user = User::find($userId)) {
 
             $this->authorize('view', $user);
 
             if ($log = Actionlog::whereNotNull('filename')->where('item_id', $user->id)->find($fileId)) {
+                $file = 'private_uploads/users/'.$log->filename;
 
-                // Display the file inline
-                if (request('inline') == 'true') {
-                    $headers = [
-                        'Content-Disposition' => 'inline',
-                    ];
-                    return Storage::download('private_uploads/users/'.$log->filename, $log->filename, $headers);
+                try {
+                    return StorageHelper::showOrDownloadFile($file, $log->filename);
+                } catch (\Exception $e) {
+                    return redirect()->route('users.show', ['user' => $user])->with('error',  trans('general.file_not_found'));
+                }
             }
 
-                return Storage::download('private_uploads/users/'.$log->filename);
-            }
+            // The log record doesn't exist somehow
+            return redirect()->route('users.show', ['user' => $user])->with('error',  trans('general.log_record_not_found'));
 
-            return redirect()->route('users.index')->with('error',  trans('admin/users/message.log_record_not_found'));
+
+            return redirect()->back()->with('error',  trans('general.file_not_found'));
         }
 
         // Redirect to the user management page if the user doesn't exist

app/Http/Controllers/Users/UsersController.php

@@ -133,6 +133,8 @@ class UsersController extends Controller
         // we have to invoke the
         app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');
 
+        session()->put(['redirect_option' => $request->get('redirect_option')]);
+
         if ($user->save()) {
             if ($request->filled('groups')) {
                 $user->groups()->sync($request->input('groups'));
@@ -152,7 +154,7 @@ class UsersController extends Controller
                 $user->notify(new WelcomeNotification($data));
             }
 
-            return redirect()->route('users.index')->with('success', trans('admin/users/message.success.create'));
+            return redirect()->to(Helper::getRedirectOption($request, $user->id, 'Users'))->with('success', trans('admin/users/message.success.create'));
         }
 
         return redirect()->back()->withInput()->withErrors($user->getErrors());
@@ -184,7 +186,7 @@ class UsersController extends Controller
     {
 
         $this->authorize('update', User::class);
-        $user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($id);
+        $user = User::with(['assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc'])->withTrashed()->find($id);
 
         if ($user) {
 
@@ -212,28 +214,24 @@ class UsersController extends Controller
      * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
-    public function update(SaveUserRequest $request, $id = null)
+    public function update(SaveUserRequest $request, User $user)
     {
         $this->authorize('update', User::class);
 
         // This is a janky hack to prevent people from changing admin demo user data on the public demo.
         // The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
         // Thanks, jerks. You are why we can't have nice things. - snipe
-
-        if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
+        if ((($user->id == 1) || ($user->id == 2)) && (config('app.lock_passwords'))) {
             return redirect()->route('users.index')->with('error', trans('general.permission_denied_superuser_demo'));
         }
 
-
         // We need to reverse the UI specific logic for our
         // permissions here before we update the user.
         $permissions = $request->input('permissions', []);
         app('request')->request->set('permissions', $permissions);
 
-        $user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($id);
+        $user->load(['assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc'])->withTrashed();
 
-        // User is valid - continue...
-        if ($user) {
         $this->authorize('update', $user);
 
         // Figure out of this user was an admin before this edit
@@ -290,7 +288,6 @@ class UsersController extends Controller
             $user->password = bcrypt($request->input('password'));
         }
 
-
         // Update the location of any assets checked out to this user
         Asset::where('assigned_type', User::class)
             ->where('assigned_to', $user->id)
@@ -298,7 +295,6 @@ class UsersController extends Controller
 
         $permissions_array = $request->input('permission');
 
-
         // Strip out the superuser permission if the user isn't a superadmin
         if (! auth()->user()->isSuperUser()) {
             unset($permissions_array['superuser']);
@@ -309,19 +305,14 @@ class UsersController extends Controller
 
         // Handle uploaded avatar
         app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');
+        session()->put(['redirect_option' => $request->get('redirect_option')]);
 
         if ($user->save()) {
             // Redirect to the user page
-                return redirect()->route('users.index')
+            return redirect()->to(Helper::getRedirectOption($request, $user->id, 'Users'))
                 ->with('success', trans('admin/users/message.success.update'));
         }
-
         return redirect()->back()->withInput()->withErrors($user->getErrors());
-
-
-        }
-
-        return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found', compact('id')));
     }
 
     /**
@@ -379,7 +370,7 @@ class UsersController extends Controller
                 $logaction->item_type = User::class;
                 $logaction->item_id = $user->id;
                 $logaction->created_at = date('Y-m-d H:i:s');
-                $logaction->user_id = auth()->id();
+                $logaction->created_by = auth()->id();
                 $logaction->logaction('restore');
 
                 // Redirect them to the deleted page if there are more, otherwise the section index
@@ -598,31 +589,45 @@ class UsersController extends Controller
     /**
      * Print inventory
      *
-     * @author Aladin Alaily
      * @since [v1.8]
-     * @return \Illuminate\Http\RedirectResponse
+     * @author Aladin Alaily
      */
     public function printInventory($id)
     {
         $this->authorize('view', User::class);
-        $user = User::where('id', $id)->withTrashed()->first();
 
+        $user = User::where('id', $id)
+            ->with([
+                'assets.assetlog',
+                'assets.assignedAssets.assetlog',
+                'assets.assignedAssets.defaultLoc',
+                'assets.assignedAssets.location',
+                'assets.assignedAssets.model.category',
+                'assets.defaultLoc',
+                'assets.location',
+                'assets.model.category',
+                'accessories.assetlog',
+                'accessories.category',
+                'accessories.manufacturer',
+                'consumables.assetlog',
+                'consumables.category',
+                'consumables.manufacturer',
+                'licenses.category',
+            ])
+            ->withTrashed()
+            ->first();
 
-        // Make sure they can view this particular user
+        if ($user) {
             $this->authorize('view', $user);
 
-        $assets = Asset::where('assigned_to', $id)->where('assigned_type', User::class)->with('model', 'model.category')->get();
-        $accessories = $user->accessories()->get();
-        $consumables = $user->consumables()->get();
-
-        return view('users/print')->with('assets', $assets)
-            ->with('licenses', $user->licenses()->get())
-            ->with('accessories', $accessories)
-            ->with('consumables', $consumables)
-            ->with('show_user', $user)
+            return view('users.print')
+                ->with('users', [$user])
                 ->with('settings', Setting::getSettings());
         }
 
+        return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found', compact('id')));
+    }
+
     /**
      * Emails user a list of assigned assets
      *

app/Http/Controllers/ViewAssetsController.php

@@ -13,6 +13,7 @@ use App\Notifications\RequestAssetNotification;
 use Illuminate\Http\Request;
 use Illuminate\Http\RedirectResponse;
 use \Illuminate\Contracts\View\View;
+use Log;
 
 /**
  * This controller handles all actions related to the ability for users
@@ -179,8 +180,11 @@ class ViewAssetsController extends Controller
             $asset->decrement('requests_counter', 1);
 
             $logaction->logaction('request canceled');
+            try {
                 $settings->notify(new RequestAssetCancelation($data));
-
+            } catch (\Exception $e) {
+                Log::warning($e);
+            }
             return redirect()->route('requestable-assets')
                 ->with('success')->with('success', trans('admin/hardware/message.requests.canceled'));
         }
@@ -188,7 +192,11 @@ class ViewAssetsController extends Controller
         $logaction->logaction('requested');
         $asset->request();
         $asset->increment('requests_counter', 1);
+        try {
             $settings->notify(new RequestAssetNotification($data));
+        } catch (\Exception $e) {
+            Log::warning($e);
+        }
 
         return redirect()->route('requestable-assets')->with('success')->with('success', trans('admin/hardware/message.requests.success'));
     }

app/Http/Kernel.php

@@ -14,6 +14,7 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $middleware = [
+        \App\Http\Middleware\TrustProxies::class,
         \App\Http\Middleware\NoSessionStore::class,
         \Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance::class,
         \Illuminate\Session\Middleware\StartSession::class,
@@ -21,6 +22,7 @@ class Kernel extends HttpKernel
         \App\Http\Middleware\CheckForSetup::class,
         \App\Http\Middleware\CheckForDebug::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+        \App\Http\Middleware\TrimStrings::class,
         \App\Http\Middleware\SecurityHeaders::class,
         \App\Http\Middleware\PreventBackHistory::class,
         \Illuminate\Http\Middleware\HandleCors::class,
@@ -43,10 +45,17 @@ class Kernel extends HttpKernel
             \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
             \App\Http\Middleware\AssetCountForSidebar::class,
             \Illuminate\Session\Middleware\AuthenticateSession::class,
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],
 
         'api' => [
             'auth:api',
+            \App\Http\Middleware\CheckLocale::class,
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        ],
+
+        'health' => [
+
         ],
     ];
 
@@ -64,5 +73,6 @@ class Kernel extends HttpKernel
         'can' => \Illuminate\Auth\Middleware\Authorize::class,
         'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
+        'health' => null,
     ];
 }

app/Http/Middleware/CheckForSetup.php

@@ -7,14 +7,19 @@ use Closure;
 
 class CheckForSetup
 {
+
+    protected $except = [
+        '_debugbar*',
+        'health'
+    ];
+
     public function handle($request, Closure $next, $guard = null)
     {
 
         /**
-         * This is dumb
-         * @todo Check on removing this, not sure if it's still needed
+         * Skip this middleware for the debugbar and health check
          */
-        if ($request->is('_debugbar*')) {
+        if ($request->is($this->except))  {
             return $next($request);
         }
 
@@ -25,7 +30,7 @@ class CheckForSetup
                 return $next($request);
             }
         } else {
-            if (! ($request->is('setup*')) && ! ($request->is('.env')) && ! ($request->is('health'))) {
+            if (! ($request->is('setup*')) && ! ($request->is('.env'))) {
                 return redirect(config('app.url').'/setup');
             }
 

app/Http/Middleware/EncryptCookies.php

@@ -20,5 +20,5 @@ class EncryptCookies extends BaseEncrypter
      *
      * @var bool
      */
-    protected static $serialize = true;
+    protected static $serialize = false;
 }