Merge remote-tracking branch 'origin/develop'

Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	config/version.php

.all-contributorsrc

@@ -2837,6 +2837,139 @@
       "contributions": [
         "code"
       ]
+    },
+    {
+      "login": "AndrewSav",
+      "name": "Andrew Savinykh",
+      "avatar_url": "https://avatars.githubusercontent.com/u/658865?v=4",
+      "profile": "https://github.com/AndrewSav",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "kenchan0130",
+      "name": "Tadayuki Onishi",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1155067?v=4",
+      "profile": "https://kenchan0130.github.io",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "floschoepfer",
+      "name": "Florian",
+      "avatar_url": "https://avatars.githubusercontent.com/u/112496896?v=4",
+      "profile": "https://github.com/floschoepfer",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "spencerrlongg",
+      "name": "Spencer Long",
+      "avatar_url": "https://avatars.githubusercontent.com/u/7305753?v=4",
+      "profile": "http://spencerlong.com",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "marcusmoore",
+      "name": "Marcus Moore",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1141514?v=4",
+      "profile": "https://github.com/marcusmoore",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Mezzle",
+      "name": "Martin Meredith",
+      "avatar_url": "https://avatars.githubusercontent.com/u/570639?v=4",
+      "profile": "https://github.com/Mezzle",
+      "contributions": []
+    },
+    {
+      "login": "dboth",
+      "name": "dboth",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5731963?v=4",
+      "profile": "http://dboth.de",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "zacharyfleck",
+      "name": "Zachary Fleck",
+      "avatar_url": "https://avatars.githubusercontent.com/u/87536651?v=4",
+      "profile": "https://github.com/zacharyfleck",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "vikaas-cyper",
+      "name": "VIKAAS-A",
+      "avatar_url": "https://avatars.githubusercontent.com/u/74609912?v=4",
+      "profile": "https://github.com/vikaas-cyper",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ak-piracha",
+      "name": "Abdul Kareem",
+      "avatar_url": "https://avatars.githubusercontent.com/u/88882041?v=4",
+      "profile": "https://github.com/ak-piracha",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "NojoudAlshehri",
+      "name": "NojoudAlshehri",
+      "avatar_url": "https://avatars.githubusercontent.com/u/111287779?v=4",
+      "profile": "https://github.com/NojoudAlshehri",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "stefanstidlffg",
+      "name": "Stefan Stidl",
+      "avatar_url": "https://avatars.githubusercontent.com/u/54367449?v=4",
+      "profile": "https://github.com/stefanstidlffg",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "qay21",
+      "name": "Quentin Aymard",
+      "avatar_url": "https://avatars.githubusercontent.com/u/87803479?v=4",
+      "profile": "https://github.com/qay21",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "cram42",
+      "name": "Grant Le Roux",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5396871?v=4",
+      "profile": "https://github.com/cram42",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Singrity",
+      "name": "Bogdan",
+      "avatar_url": "https://avatars.githubusercontent.com/u/58479551?v=4",
+      "profile": "http://@singrity",
+      "contributions": [
+        "code"
+      ]
     }
   ]
 }

.env.example

@@ -85,6 +85,7 @@ COOKIE_NAME=snipeit_session
 COOKIE_DOMAIN=null
 SECURE_COOKIES=false
 API_TOKEN_EXPIRATION_YEARS=15
+BS_TABLE_STORAGE=cookieStorage
 
 # --------------------------------------------
 # OPTIONAL: SECURITY HEADER SETTINGS
@@ -148,6 +149,7 @@ AWS_DEFAULT_REGION=null
 # --------------------------------------------
 LOGIN_MAX_ATTEMPTS=5
 LOGIN_LOCKOUT_DURATION=60
+LOGIN_AUTOCOMPLETE=false
 
 # --------------------------------------------
 # OPTIONAL: FORGOTTEN PASSWORD SETTINGS
@@ -175,6 +177,15 @@ REQUIRE_SAML=false
 API_THROTTLE_PER_MINUTE=120
 CSV_ESCAPE_FORMULAS=true
 
+# --------------------------------------------
+# OPTIONAL: HASHING
+# --------------------------------------------
+HASHING_DRIVER='bcrypt'
+BCRYPT_ROUNDS=10
+ARGON_MEMORY=1024
+ARGON_THREADS=2
+ARGON_TIME=2
+
 # --------------------------------------------
 # OPTIONAL: SCIM
 # --------------------------------------------

.env.testing

@@ -1,75 +0,0 @@
-# --------------------------------------------
-# REQUIRED: BASIC APP SETTINGS
-# --------------------------------------------
-APP_ENV=testing
-APP_DEBUG=true
-APP_KEY=base64:glJpcM7BYwWiBggp3SQ/+NlRkqsBQMaGEOjemXqJzOU=
-APP_URL=http://localhost:8000
-APP_TIMEZONE='US/Pacific'
-APP_LOCALE=en
-FILESYSTEM_DISK=local
-
-# --------------------------------------------
-# REQUIRED: DATABASE SETTINGS
-# --------------------------------------------
-DB_CONNECTION=sqlite_testing
-DB_HOST=localhost
-DB_PORT=3306
-DB_DATABASE=testing.sqlite
-DB_USERNAME=null
-DB_PASSWORD=null
-
-# --------------------------------------------
-# REQUIRED: OUTGOING MAIL SERVER SETTINGS
-# --------------------------------------------
-MAIL_DRIVER=log
-MAIL_HOST=email-smtp.us-west-2.amazonaws.com
-MAIL_PORT=587
-MAIL_USERNAME=YOURUSERNAME
-MAIL_PASSWORD=YOURPASSWORD
-MAIL_ENCRYPTION=null
-MAIL_FROM_ADDR=you@example.com
-MAIL_FROM_NAME=Snipe-IT
-
-# --------------------------------------------
-# REQUIRED: IMAGE LIBRARY
-# This should be gd or imagick
-# --------------------------------------------
-IMAGE_LIB=gd
-
-
-# --------------------------------------------
-# OPTIONAL: AWS SETTINGS
-# --------------------------------------------
-AWS_SECRET_ACCESS_KEY=null
-AWS_ACCESS_KEY_ID=null
-AWS_DEFAULT_REGION=null
-AWS_BUCKET=null
-AWS_BUCKET_ROOT=null
-AWS_URL=null
-
-
-# --------------------------------------------
-# OPTIONAL: CACHE SETTINGS
-# --------------------------------------------
-CACHE_DRIVER=file
-SESSION_DRIVER=file
-QUEUE_DRIVER=sync
-
-
-# --------------------------------------------
-# OPTIONAL: SESSION SETTINGS
-# --------------------------------------------
-SESSION_LIFETIME=12000
-EXPIRE_ON_CLOSE=false
-ENCRYPT=false
-COOKIE_NAME=snipeittest_session
-COOKIE_DOMAIN=null
-SECURE_COOKIES=false
-
-
-# --------------------------------------------
-# OPTIONAL: APP LOG FORMAT
-# --------------------------------------------
-LOG_CHANNEL=single
-LOG_LEVEL=debug

.env.testing.example

@@ -0,0 +1,19 @@
+# --------------------------------------------
+# REQUIRED: BASIC APP SETTINGS
+# --------------------------------------------
+APP_ENV=testing
+APP_DEBUG=true
+APP_KEY=base64:glJpcM7BYwWiBggp3SQ/+NlRkqsBQMaGEOjemXqJzOU=
+APP_URL=http://localhost:8000
+APP_TIMEZONE='UTC'
+APP_LOCALE=en
+
+# --------------------------------------------
+# REQUIRED: DATABASE SETTINGS
+# --------------------------------------------
+DB_CONNECTION=mysql
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE=null
+DB_USERNAME=null
+DB_PASSWORD=null

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -2,8 +2,6 @@ name: Feature Request
 description: Suggest an idea for this project
 title: "[Feature Request]: "
 labels: ["feature request"]
-assignees:
-  - snipe
 body:
   - type: textarea
     attributes:

.github/autolabeler.yml

@@ -1,18 +1,22 @@
-frontend: ["*.js", "*.css", "*.vue", "*.scss", "*.less", "*.blade.*", "*livewire*"]
+frontend: ["*.js", "*.css", "*.vue", "*.scss", "*.less", "*.blade.*", "resources/views/livewire/*"]
 skins: ["*.js", "*.css", "*.scss", "*.less"]
 css: ["*.css","*.scss", "*.less"]
-backend: ["/app/*", "*.php"]
+javascript: ["*.js", "package.json", "package.lock"]
+backend: ["/app/*", "composer.json", "composer.lock"]
+translations: ["/resources/lang"]
+livewire: ["/app/Http/Livewire/*", "resources/views/livewire/*"]
 backups: ["*backup*"]
 restore: ["*restore*"]
 saml: ["*saml*"]
 scim: ["*scim*"]
 custom fields: ["*fields*", "*fieldsets*"]
-dependencies: ["composer.json"]
+dependencies: ["composer.json", "composer.lock", "package.json", "package.lock"]
 consumables: ["*consumables*"]
-api: ["/app/Http/Controllers/api/*"]
+api: ["/app/Http/Controllers/Api/*"]
 notifications: ["/app/Notifications/*"]
-importer: ["/app/Importer/*"]
+importer: ["/app/Importer/*","/app/Http/Livewire/Importer.php", "resources/views/livewire/importer.php"]
 cli / artisan: ["/app/Console/*"]
-LDAP: ["*LDAP*", "/app/Console/Commands/Ldap*","/app/Models/Ldap.php"]
+LDAP: ["*Ldap*", "/app/Console/Commands/Ldap*","/app/Models/Ldap.php"]
 docker: ["*docker/*", "Dockerfile", "Dockerfile.alpine", "Dockerfile.fpm-alpine", ".dockerignore", ".env.docker"]
+tests: ["/tests/*", "/database/factories/*", "/stubs"]
 config: .github

.github/dependabot.yml

@@ -2,5 +2,6 @@ version: 2
 updates:
   - package-ecosystem: "github-actions"
     directory: "/"
+    target-branch: "develop"
     schedule:
       interval: "weekly"

.github/workflows/SA-codeql.yml

@@ -26,7 +26,7 @@ jobs:
         language: [ 'javascript' ]
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3.3.0
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/codacy-analysis.yml

@@ -32,11 +32,11 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout code
-        uses: actions/checkout@v3.3.0
+        uses: actions/checkout@v4
 
       # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
       - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@v4.2.0
+        uses: codacy/codacy-analysis-cli-action@v4.3.0
         with:
           # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
           # You can also omit the token and run the tools that support default configurations

.github/workflows/crowdin-upload.yml

@@ -0,0 +1,21 @@
+name: Crowdin Action
+
+on:
+  push:
+    branches: [ develop ]
+
+jobs:
+  upload-sources-to-crowdin:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Crowdin push
+        uses: crowdin/github-action@v1
+        with:
+          upload_sources: true
+          upload_translations: false
+          download_translations: false
+          project_id: ${{ secrets.CROWDIN_PROJECT_ID }}
+          token: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}

.github/workflows/docker-alpine.yml

@@ -32,6 +32,7 @@ jobs:
         type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }},suffix=-alpine
         type=ref,event=branch,enable=${{ !endsWith(github.ref, github.event.repository.default_branch) }},suffix=-alpine
         type=ref,event=tag,suffix=-alpine
+        type=semver,pattern=v{{major}}-latest-alpine 
       # Define default tag "flavor" for docker/metadata-action per
       # https://github.com/docker/metadata-action#flavor-input
       # We turn off 'latest' tag by default.
@@ -41,17 +42,17 @@ jobs:
     steps:
       # https://github.com/actions/checkout
       - name: Checkout codebase
-        uses: actions/checkout@v3.3.0
+        uses: actions/checkout@v4
 
       # https://github.com/docker/setup-buildx-action
       - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       # https://github.com/docker/login-action
       - name: Login to DockerHub
         # Only login if not a PR, as PRs only trigger a Docker build and not a push
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
@@ -63,7 +64,7 @@ jobs:
       # Get Metadata for docker_build step below
       - name: Sync metadata (tags, labels) from GitHub to Docker for 'snipe-it' image
         id: meta_build
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: snipe/snipe-it
           tags: ${{ env.IMAGE_TAGS }}
@@ -72,11 +73,11 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push 'snipe-it' image
         id: docker_build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ./Dockerfile.alpine
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           # For pull requests, we run the Docker build (to ensure no PR changes break the build),
           # but we ONLY do an image push to DockerHub if it's NOT a PR
           push: ${{ github.event_name != 'pull_request' }}

.github/workflows/docker.yml

@@ -32,6 +32,7 @@ jobs:
         type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
         type=ref,event=branch,enable=${{ !endsWith(github.ref, github.event.repository.default_branch) }}
         type=ref,event=tag
+        type=semver,pattern=v{{major}}-latest 
       # Define default tag "flavor" for docker/metadata-action per
       # https://github.com/docker/metadata-action#flavor-input
       # We turn off 'latest' tag by default.
@@ -41,17 +42,17 @@ jobs:
     steps:
       # https://github.com/actions/checkout
       - name: Checkout codebase
-        uses: actions/checkout@v3.3.0
+        uses: actions/checkout@v4
 
       # https://github.com/docker/setup-buildx-action
       - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       # https://github.com/docker/login-action
       - name: Login to DockerHub
         # Only login if not a PR, as PRs only trigger a Docker build and not a push
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
@@ -63,7 +64,7 @@ jobs:
       # Get Metadata for docker_build step below
       - name: Sync metadata (tags, labels) from GitHub to Docker for 'snipe-it' image
         id: meta_build
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: snipe/snipe-it
           tags: ${{ env.IMAGE_TAGS }}
@@ -72,11 +73,11 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push 'snipe-it' image
         id: docker_build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ./Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           # For pull requests, we run the Docker build (to ensure no PR changes break the build),
           # but we ONLY do an image push to DockerHub if it's NOT a PR
           push: ${{ github.event_name != 'pull_request' }}

.github/workflows/tests.yml

@@ -0,0 +1,73 @@
+name: Tests
+
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+
+    services:
+      mysql:
+        image: mysql:5.7
+        env:
+          MYSQL_ALLOW_EMPTY_PASSWORD: yes
+          MYSQL_DATABASE: snipeit
+        ports:
+          - 33306:3306
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version:
+          - "7.4"
+          - "8.0"
+          - "8.1.1"
+
+    name: PHP ${{ matrix.php-version }}
+
+    steps:
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: "${{ matrix.php-version }}"
+          coverage: none
+
+      - uses: actions/checkout@v4
+
+      - name: Get Composer Cache Directory
+        id: composer-cache
+        run: |
+          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+      - uses: actions/cache@v3
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-${{ matrix.php-version }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-
+
+      - name: Copy .env
+        run: |
+          cp -v .env.testing.example .env
+          cp -v .env.testing.example .env.testing
+
+      - name: Install Dependencies
+        run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
+
+      - name: Generate key
+        run: php artisan key:generate
+
+      - name: Directory Permissions
+        run: chmod -R 777 storage bootstrap/cache
+
+      - name: Execute tests (Unit and Feature tests) via PHPUnit
+        env:
+          DB_CONNECTION: mysql
+          DB_DATABASE: snipeit
+          DB_PORT: ${{ job.services.mysql.ports[3306] }}
+          DB_USERNAME: root
+        run: php artisan test --parallel

.gitignore

@@ -1,8 +1,8 @@
 .couscous
 .DS_Store
 .env
-.env.dusk.*
-!.env.dusk.example
+.env.testing
+phpstan.neon
 .idea
 /bin/
 /bootstrap/compiled.php

Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 LABEL maintainer="Brady Wetherington <bwetherington@grokability.com>"
 
 # No need to add `apt-get clean` here, reference:
@@ -14,16 +14,16 @@ RUN export DEBIAN_FRONTEND=noninteractive; \
 apt-utils \
 apache2 \
 apache2-bin \
-libapache2-mod-php7.4 \
-php7.4-curl \
-php7.4-ldap \
-php7.4-mysql \
-php7.4-gd \
-php7.4-xml \
-php7.4-mbstring \
-php7.4-zip \
-php7.4-bcmath \
-php7.4-redis \
+libapache2-mod-php8.1 \
+php8.1-curl \
+php8.1-ldap \
+php8.1-mysql \
+php8.1-gd \
+php8.1-xml \
+php8.1-mbstring \
+php8.1-zip \
+php8.1-bcmath \
+php8.1-redis \
 php-memcached \
 patch \
 curl \
@@ -38,9 +38,10 @@ gcc \
 make \
 autoconf \
 libc-dev \
+libldap-common \
 pkg-config \
 libmcrypt-dev \
-php7.4-dev \
+php8.1-dev \
 ca-certificates \
 unzip \
 dnsutils \
@@ -50,16 +51,16 @@ dnsutils \
 RUN curl -L -O https://github.com/pear/pearweb_phars/raw/master/go-pear.phar
 RUN php go-pear.phar
 
-RUN pecl install mcrypt-1.0.3
+RUN pecl install mcrypt
 
-RUN bash -c "echo extension=/usr/lib/php/20190902/mcrypt.so > /etc/php/7.4/mods-available/mcrypt.ini"
+RUN bash -c "echo extension=/usr/lib/php/20210902/mcrypt.so > /etc/php/8.1/mods-available/mcrypt.ini"
 
 RUN phpenmod mcrypt
 RUN phpenmod gd
 RUN phpenmod bcmath
 
-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.4/apache2/php.ini
-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.4/cli/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/8.1/apache2/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/8.1/cli/php.ini
 
 RUN useradd -m --uid 1000 --gid 50 docker
 

Dockerfile.alpine

@@ -1,34 +1,34 @@
-FROM alpine:3.14.2
+FROM alpine:3.17.3
 # Apache + PHP
 RUN  apk add --no-cache \
         apache2 \
-        php7 \
-        php7-common \
-        php7-apache2 \
-        php7-curl \
-        php7-ldap \
-        php7-mysqli \
-        php7-gd \
-        php7-xml \
-        php7-mbstring \
-        php7-zip \
-        php7-ctype \
-        php7-tokenizer \
-        php7-pdo_mysql \
-        php7-openssl \
-        php7-bcmath \
-        php7-phar \
-        php7-json \
-        php7-iconv \
-        php7-fileinfo \
-        php7-simplexml \
-        php7-session \
-        php7-dom \
-        php7-xmlwriter \
-        php7-xmlreader \
-        php7-sodium \
-        php7-redis \
-        php7-pecl-memcached \
+        php81 \
+        php81-common \
+        php81-apache2 \
+        php81-curl \
+        php81-ldap \
+        php81-mysqli \
+        php81-gd \
+        php81-xml \
+        php81-mbstring \
+        php81-zip \
+        php81-ctype \
+        php81-tokenizer \
+        php81-pdo_mysql \
+        php81-openssl \
+        php81-bcmath \
+        php81-phar \
+        php81-json \
+        php81-iconv \
+        php81-fileinfo \
+        php81-simplexml \
+        php81-session \
+        php81-dom \
+        php81-xmlwriter \
+        php81-xmlreader \
+        php81-sodium \
+        php81-redis \
+        php81-pecl-memcached \
         curl \
         wget \
         vim \
@@ -41,7 +41,7 @@ COPY docker/column-statistics.cnf /etc/mysql/conf.d/column-statistics.cnf
 # Where apache's PID lives
 RUN mkdir -p /run/apache2 && chown apache:apache /run/apache2
 
-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php7/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php81/php.ini
 COPY  docker/000-default-2.4.conf /etc/apache2/conf.d/default.conf
 
 # Enable mod_rewrite

Dockerfile.fpm-alpine

@@ -1,8 +1,8 @@
 ARG ENVIRONMENT=production
-ARG SNIPEIT_RELEASE=5.1.3
-ARG PHP_VERSION=7.4.16
-ARG PHP_ALPINE_VERSION=3.13
-ARG COMPOSER_VERSION=2.0.11
+ARG SNIPEIT_RELEASE=6.1.0
+ARG PHP_VERSION=8.2
+ARG PHP_ALPINE_VERSION=3.17
+ARG COMPOSER_VERSION=2
 
 # Cannot use arguments with 'COPY --from' workaround
 # https://github.com/moby/moby/issues/34482#issuecomment-454716952
@@ -52,7 +52,7 @@ RUN { \
 
 # Install php extensions inside docker containers easily
 # https://github.com/mlocati/docker-php-extension-installer
-COPY --from=mlocati/php-extension-installer:1.2.19 /usr/bin/install-php-extensions /usr/local/bin/
+COPY --from=mlocati/php-extension-installer:2.1.15 /usr/bin/install-php-extensions /usr/local/bin/
 RUN set -eux; \
     install-php-extensions \
         bcmath \

README.md

@@ -1,5 +1,5 @@
-![Build Status](https://app.chipperci.com/projects/0e5f8979-31eb-4ee6-9abf-050b76ab0383/status/master) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&utm_medium=referral&utm_content=snipe/snipe-it&utm_campaign=Badge_Grade)
-[![All Contributors](https://img.shields.io/badge/all_contributors-312-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)
+[![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&utm_medium=referral&utm_content=snipe/snipe-it&utm_campaign=Badge_Grade)
+[![All Contributors](https://img.shields.io/badge/all_contributors-327-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)
 
 ## Snipe-IT - Open Source Asset Management System
 
@@ -66,8 +66,11 @@ Since the release of the JSON REST API, several third-party developers have been
 - [Python 3 CSV importer](https://github.com/gastamper/snipeit-csvimporter) - allows importing assets into Snipe-IT based on Item Name rather than Asset Tag.
 - [Snipe-IT Kubernetes Helm Chart](https://github.com/t3n/helm-charts/tree/master/snipeit) - For more information, [click here](https://hub.helm.sh/charts/t3n/snipeit).
 - [Snipe-IT Bulk Edit](https://github.com/bricelabelle/snipe-it-bulkedit) - Google Script files to use Google Sheets as a bulk checkout/checkin/edit tool for Snipe-it.
-- [MosyleSnipeSync](https://github.com/RodneyLeeBrands/MosyleSnipeSync) by [@RodneyLeeBrands](https://github.com/RodneyLeeBrands) - Python script to synchronize information between Mosyle and Snipe-IT
+- [MosyleSnipeSync](https://github.com/RodneyLeeBrands/MosyleSnipeSync) by [@Karpadiem](https://github.com/Karpadiem) - Python script to synchronize information between Mosyle and Snipe-IT
 - [WWW::SnipeIT](https://github.com/SEDC/perl-www-snipeit) by [@SEDC](https://github.com/SEDC) - perl module for accessing the API
+- [UniFi to Snipe-IT](https://github.com/RodneyLeeBrands/UnifiSnipeSync) by [@karpadiem](https://github.com/karpadiem) - Python script that synchronizes UniFi devices with Snipe-IT.
+- [Kandji2Snipe](https://github.com/grokability/kandji2snipe) by [@briangoldstein](https://github.com/briangoldstein) - Python script that synchronizes Kandji with Snipe-IT.
+- [SnipeAgent](https://github.com/ReticentRobot/SnipeAgent) by @ReticentRobot - Windows agent for Snipe-IT
                                                      
 As these were created by third-parties, Snipe-IT cannot provide support for these project, and you should contact the developers directly if you need assistance. Additionally, Snipe-IT makes no guarantees as to the reliability, accuracy or maintainability of these libraries. Use at your own risk. :)
 
@@ -140,7 +143,9 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 | [<img src="https://avatars.githubusercontent.com/u/97299851?v=4" width="110px;"/><br /><sub>Christian Weirich</sub>](https://github.com/chrisweirich)<br />[💻](https://github.com/snipe/snipe-it/commits?author=chrisweirich "Code") | [<img src="https://avatars.githubusercontent.com/u/1294403?v=4" width="110px;"/><br /><sub>denzfarid</sub>](https://github.com/denzfarid)<br /> | [<img src="https://avatars.githubusercontent.com/u/94018771?v=4" width="110px;"/><br /><sub>ntbutler-nbcs</sub>](https://github.com/ntbutler-nbcs)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ntbutler-nbcs "Code") | [<img src="https://avatars.githubusercontent.com/u/172697?v=4" width="110px;"/><br /><sub>Naveen</sub>](https://naveensrinivasan.dev)<br />[💻](https://github.com/snipe/snipe-it/commits?author=naveensrinivasan "Code") | [<img src="https://avatars.githubusercontent.com/u/55674383?v=4" width="110px;"/><br /><sub>Mike Roquemore</sub>](https://github.com/mikeroq)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mikeroq "Code") | [<img src="https://avatars.githubusercontent.com/u/7991086?v=4" width="110px;"/><br /><sub>Daniel Reeder</sub>](https://github.com/reederda)<br />[🌍](#translation-reederda "Translation") [🌍](#translation-reederda "Translation") [💻](https://github.com/snipe/snipe-it/commits?author=reederda "Code") | [<img src="https://avatars.githubusercontent.com/u/109422491?v=4" width="110px;"/><br /><sub>vickyjaura183</sub>](https://github.com/vickyjaura183)<br />[💻](https://github.com/snipe/snipe-it/commits?author=vickyjaura183 "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/32363424?v=4" width="110px;"/><br /><sub>Peace</sub>](https://github.com/julian-piehl)<br />[💻](https://github.com/snipe/snipe-it/commits?author=julian-piehl "Code") | [<img src="https://avatars.githubusercontent.com/u/231528?v=4" width="110px;"/><br /><sub>Kyle Gordon</sub>](https://github.com/kylegordon)<br />[💻](https://github.com/snipe/snipe-it/commits?author=kylegordon "Code") | [<img src="https://avatars.githubusercontent.com/u/53009155?v=4" width="110px;"/><br /><sub>Katharina Drexel</sub>](http://www.bfh.ch)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sunflowerbofh "Code") | [<img src="https://avatars.githubusercontent.com/u/1931963?v=4" width="110px;"/><br /><sub>David Sferruzza</sub>](https://david.sferruzza.fr/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dsferruzza "Code") | [<img src="https://avatars.githubusercontent.com/u/19511639?v=4" width="110px;"/><br /><sub>Rick Nelson</sub>](https://github.com/rnelsonee)<br />[💻](https://github.com/snipe/snipe-it/commits?author=rnelsonee "Code") | [<img src="https://avatars.githubusercontent.com/u/94169344?v=4" width="110px;"/><br /><sub>BasO12</sub>](https://github.com/BasO12)<br />[💻](https://github.com/snipe/snipe-it/commits?author=BasO12 "Code") | [<img src="https://avatars.githubusercontent.com/u/111710123?v=4" width="110px;"/><br /><sub>Vautia</sub>](https://github.com/Vautia)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Vautia "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/28321?v=4" width="110px;"/><br /><sub>Chris Hartjes</sub>](http://www.littlehart.net/atthekeyboard)<br />[💻](https://github.com/snipe/snipe-it/commits?author=chartjes "Code") | [<img src="https://avatars.githubusercontent.com/u/2404584?v=4" width="110px;"/><br /><sub>geo-chen</sub>](https://github.com/geo-chen)<br />[💻](https://github.com/snipe/snipe-it/commits?author=geo-chen "Code") | [<img src="https://avatars.githubusercontent.com/u/6006620?v=4" width="110px;"/><br /><sub>Phan Nguyen</sub>](https://github.com/nh314)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nh314 "Code") | [<img src="https://avatars.githubusercontent.com/u/115993812?v=4" width="110px;"/><br /><sub>Iisakki Jaakkola</sub>](https://github.com/StarlessNights)<br />[💻](https://github.com/snipe/snipe-it/commits?author=StarlessNights "Code") | [<img src="https://avatars.githubusercontent.com/u/22633385?v=4" width="110px;"/><br /><sub>Ikko Ashimine</sub>](https://bandism.net/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=eltociear "Code") | [<img src="https://avatars.githubusercontent.com/u/56871540?v=4" width="110px;"/><br /><sub>Lukas Fehling</sub>](https://github.com/lukasfehling)<br />[💻](https://github.com/snipe/snipe-it/commits?author=lukasfehling "Code") | [<img src="https://avatars.githubusercontent.com/u/1975990?v=4" width="110px;"/><br /><sub>Fernando Almeida</sub>](https://github.com/fernando-almeida)<br />[💻](https://github.com/snipe/snipe-it/commits?author=fernando-almeida "Code") |
-| [<img src="https://avatars.githubusercontent.com/u/116301219?v=4" width="110px;"/><br /><sub>akemidx</sub>](https://github.com/akemidx)<br />[💻](https://github.com/snipe/snipe-it/commits?author=akemidx "Code") | [<img src="https://avatars.githubusercontent.com/u/144778?v=4" width="110px;"/><br /><sub>Oguz Bilgic</sub>](http://oguz.site)<br />[💻](https://github.com/snipe/snipe-it/commits?author=oguzbilgic "Code") | [<img src="https://avatars.githubusercontent.com/u/9262438?v=4" width="110px;"/><br /><sub>Scooter Crawford</sub>](https://github.com/scoo73r)<br />[💻](https://github.com/snipe/snipe-it/commits?author=scoo73r "Code") | [<img src="https://avatars.githubusercontent.com/u/5957345?v=4" width="110px;"/><br /><sub>subdriven</sub>](https://github.com/subdriven)<br />[💻](https://github.com/snipe/snipe-it/commits?author=subdriven "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/116301219?v=4" width="110px;"/><br /><sub>akemidx</sub>](https://github.com/akemidx)<br />[💻](https://github.com/snipe/snipe-it/commits?author=akemidx "Code") | [<img src="https://avatars.githubusercontent.com/u/144778?v=4" width="110px;"/><br /><sub>Oguz Bilgic</sub>](http://oguz.site)<br />[💻](https://github.com/snipe/snipe-it/commits?author=oguzbilgic "Code") | [<img src="https://avatars.githubusercontent.com/u/9262438?v=4" width="110px;"/><br /><sub>Scooter Crawford</sub>](https://github.com/scoo73r)<br />[💻](https://github.com/snipe/snipe-it/commits?author=scoo73r "Code") | [<img src="https://avatars.githubusercontent.com/u/5957345?v=4" width="110px;"/><br /><sub>subdriven</sub>](https://github.com/subdriven)<br />[💻](https://github.com/snipe/snipe-it/commits?author=subdriven "Code") | [<img src="https://avatars.githubusercontent.com/u/658865?v=4" width="110px;"/><br /><sub>Andrew Savinykh</sub>](https://github.com/AndrewSav)<br />[💻](https://github.com/snipe/snipe-it/commits?author=AndrewSav "Code") | [<img src="https://avatars.githubusercontent.com/u/1155067?v=4" width="110px;"/><br /><sub>Tadayuki Onishi</sub>](https://kenchan0130.github.io)<br />[💻](https://github.com/snipe/snipe-it/commits?author=kenchan0130 "Code") | [<img src="https://avatars.githubusercontent.com/u/112496896?v=4" width="110px;"/><br /><sub>Florian</sub>](https://github.com/floschoepfer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=floschoepfer "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/7305753?v=4" width="110px;"/><br /><sub>Spencer Long</sub>](http://spencerlong.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=spencerrlongg "Code") | [<img src="https://avatars.githubusercontent.com/u/1141514?v=4" width="110px;"/><br /><sub>Marcus Moore</sub>](https://github.com/marcusmoore)<br />[💻](https://github.com/snipe/snipe-it/commits?author=marcusmoore "Code") | [<img src="https://avatars.githubusercontent.com/u/570639?v=4" width="110px;"/><br /><sub>Martin Meredith</sub>](https://github.com/Mezzle)<br /> | [<img src="https://avatars.githubusercontent.com/u/5731963?v=4" width="110px;"/><br /><sub>dboth</sub>](http://dboth.de)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dboth "Code") | [<img src="https://avatars.githubusercontent.com/u/87536651?v=4" width="110px;"/><br /><sub>Zachary Fleck</sub>](https://github.com/zacharyfleck)<br />[💻](https://github.com/snipe/snipe-it/commits?author=zacharyfleck "Code") | [<img src="https://avatars.githubusercontent.com/u/74609912?v=4" width="110px;"/><br /><sub>VIKAAS-A</sub>](https://github.com/vikaas-cyper)<br />[💻](https://github.com/snipe/snipe-it/commits?author=vikaas-cyper "Code") | [<img src="https://avatars.githubusercontent.com/u/88882041?v=4" width="110px;"/><br /><sub>Abdul Kareem</sub>](https://github.com/ak-piracha)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ak-piracha "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/111287779?v=4" width="110px;"/><br /><sub>NojoudAlshehri</sub>](https://github.com/NojoudAlshehri)<br />[💻](https://github.com/snipe/snipe-it/commits?author=NojoudAlshehri "Code") | [<img src="https://avatars.githubusercontent.com/u/54367449?v=4" width="110px;"/><br /><sub>Stefan Stidl</sub>](https://github.com/stefanstidlffg)<br />[💻](https://github.com/snipe/snipe-it/commits?author=stefanstidlffg "Code") | [<img src="https://avatars.githubusercontent.com/u/87803479?v=4" width="110px;"/><br /><sub>Quentin Aymard</sub>](https://github.com/qay21)<br />[💻](https://github.com/snipe/snipe-it/commits?author=qay21 "Code") | [<img src="https://avatars.githubusercontent.com/u/5396871?v=4" width="110px;"/><br /><sub>Grant Le Roux</sub>](https://github.com/cram42)<br />[💻](https://github.com/snipe/snipe-it/commits?author=cram42 "Code") | [<img src="https://avatars.githubusercontent.com/u/58479551?v=4" width="110px;"/><br /><sub>Bogdan</sub>](http://@singrity)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Singrity "Code") |
 <!-- ALL-CONTRIBUTORS-LIST:END -->
 
 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!

TESTING.md

@@ -1,75 +1,52 @@
-# Using the Test Suite
+# Running the Test Suite
 
-This document is targeted at developers looking to make modifications to
-this application's code base and want to run the existing test suite.
+This document is targeted at developers looking to make modifications to this application's code base and want to run the existing test suite.
 
+Before starting, follow the [instructions](README.md#installation) for installing the application locally and ensure you can load it in a browser properly.
 
-## Setup
+## Unit and Feature Tests
 
-Follow the instructions for installing the application locally,
-making sure to have also run the [database migrations](link to db migrations).
+Before attempting to run the test suite copy the example environment file for tests and update the values to match your environment:
 
+`cp .env.testing.example .env.testing`
 
-## Unit Tests 
+The following should work for running tests in memory with sqlite:
+```
+# --------------------------------------------
+# REQUIRED: BASIC APP SETTINGS
+# --------------------------------------------
+APP_ENV=testing
+APP_DEBUG=true
+APP_KEY=base64:glJpcM7BYwWiBggp3SQ/+NlRkqsBQMaGEOjemXqJzOU=
+APP_URL=http://localhost:8000
+APP_TIMEZONE='UTC'
+APP_LOCALE=en
 
-The application will use values in the `.env.testing` file located
-in the root directory to override the
-default settings and/or other values that exist in your `.env` files.
-
-Make sure to modify the section in `.env.testing` that has the
-database settings. In the example below, it is connecting to the
-[MariaDB](link-to-maria-db) server that is used if you install the
-application using [Docker](https://docker.com).
-
-```dotenv
 # --------------------------------------------
 # REQUIRED: DATABASE SETTINGS
 # --------------------------------------------
-DB_CONNECTION=mysql
-DB_HOST=127.0.0.1
-DB_DATABASE=snipeit
-DB_USERNAME=root
-DB_PASSWORD=changeme1234
+DB_CONNECTION=sqlite_testing
+#DB_HOST=127.0.0.1
+#DB_PORT=3306
+#DB_DATABASE=null
+#DB_USERNAME=null
+#DB_PASSWORD=null
 ```
 
-To run the entire unit test suite, use the following command from your terminal:
+To use MySQL you should update the `DB_` variables to match your local test database:
+```
+DB_CONNECTION=mysql
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE={}
+DB_USERNAME={}
+DB_PASSWORD={}
+```
 
-`php artisan test --env=testing`
+Now you are ready to run the entire test suite from your terminal:
 
-To run individual test files, you can pass the path to the test that
-you want to run.
-
-`php artisan test --env=testing tests/Unit/AccessoryTest.php`
-
-## Browser Tests 
-
-Browser tests are run via [Laravel Dusk](https://laravel.com/docs/8.x/dusk) and require Google Chrome to be installed.
-
-Before attempting to run Dusk tests copy the example environment file for Dusk and update the values to match your environment:
-
-`cp .env.dusk.example .env.dusk.local`
-> `local` refers to the value of `APP_ENV` in your `.env` so if you have it set to `dev` then the file should be named `.env.dusk.dev`.
-
-**Important**: Dusk tests cannot be run using an in-memory SQLite database. Additionally, the Dusk test suite uses the `DatabaseMigrations` trait which will leave the database in a fresh state after running. Therefore, it is recommended that you create a test database and point `DB_DATABASE` in `.env.dusk.local` to it.  
-
-### Test Setup
-
-Your application needs to be configured and up and running in order for the browser
-tests to actually run. When running the tests locally, you can start the application
-using the following command:
-
-`php artisan serve`
-
-Now you are ready to run the test suite. Use the following command from another terminal tab or window:
-
-`php artisan dusk`
+`php artisan test`
 
 To run individual test files, you can pass the path to the test that you want to run:
 
-`php artisan dusk tests/Browser/LoginTest.php`
-
-If you get an error when attempting to run Dusk tests that says `Couldn't connect to server` run:
-
-`php artisan dusk:chrome-driver --detect`
-
-This command will install the specific ChromeDriver Dusk needs for your operating system and Chrome version.
+`php artisan test tests/Unit/AccessoryTest.php`

app/Console/Commands/CheckoutLicenseToAllUsers.php

@@ -56,7 +56,7 @@ class CheckoutLicenseToAllUsers extends Command
             return false;
         }
 
-        $users = User::whereNull('deleted_at')->with('licenses')->get();
+        $users = User::whereNull('deleted_at')->where('autoassign_licenses', '=', 1)->with('licenses')->get();
 
         if ($users->count() > $license->getAvailSeatsCountAttribute()) {
             $this->info('You do not have enough free seats to complete this task, so we will check out as many as we can. ');

app/Console/Commands/CreateAdmin.php

@@ -3,15 +3,31 @@
 namespace App\Console\Commands;
 
 use Illuminate\Console\Command;
+use \App\Models\User;
+
 
 class CreateAdmin extends Command
 {
+
+    /** @mixin User **/
     /**
-     * The name and signature of the console command.
-     *
-     * @var string
+     * App\Console\CreateAdmin
+     * @property mixed $first_name
+     * @property string $last_name
+     * @property string $username
+     * @property string $email
+     * @property string $permissions
+     * @property string $password
+     * @property boolean $activated
+     * @property boolean $show_in_list
+     * @property boolean $autoassign_licenses
+     * @property \Illuminate\Support\Carbon|null $created_at
+     * @property mixed $created_by
      */
-    protected $signature = 'snipeit:create-admin {--first_name=} {--last_name=}  {--email=}  {--username=}  {--password=}   {show_in_list?}';
+
+
+
+    protected $signature = 'snipeit:create-admin {--first_name=} {--last_name=}  {--email=}  {--username=}  {--password=} {show_in_list?} {autoassign_licenses?}';
 
     /**
      * The console command description.
@@ -30,11 +46,7 @@ class CreateAdmin extends Command
         parent::__construct();
     }
 
-    /**
-     * Execute the console command.
-     *
-     * @return mixed
-     */
+
     public function handle()
     {
         $first_name = $this->option('first_name');
@@ -43,11 +55,14 @@ class CreateAdmin extends Command
         $email = $this->option('email');
         $password = $this->option('password');
         $show_in_list = $this->argument('show_in_list');
+        $autoassign_licenses = $this->argument('autoassign_licenses');
+
+
 
         if (($first_name == '') || ($last_name == '') || ($username == '') || ($email == '') || ($password == '')) {
             $this->info('ERROR: All fields are required.');
         } else {
-            $user = new \App\Models\User;
+            $user = new User;
             $user->first_name = $first_name;
             $user->last_name = $last_name;
             $user->username = $username;
@@ -59,6 +74,11 @@ class CreateAdmin extends Command
             if ($show_in_list == 'false') {
                 $user->show_in_list = 0;
             }
+
+            if ($autoassign_licenses == 'false') {
+                $user->autoassign_licenses = 0;
+            }
+
             if ($user->save()) {
                 $this->info('New user created');
                 $user->groups()->attach(1);

app/Console/Commands/LdapSync.php

@@ -62,6 +62,7 @@ class LdapSync extends Command
         $ldap_result_phone = Setting::getSettings()->ldap_phone_field;
         $ldap_result_jobtitle = Setting::getSettings()->ldap_jobtitle;
         $ldap_result_country = Setting::getSettings()->ldap_country;
+        $ldap_result_location = Setting::getSettings()->ldap_location;
         $ldap_result_dept = Setting::getSettings()->ldap_dept;
         $ldap_result_manager = Setting::getSettings()->ldap_manager;
         $ldap_default_group = Setting::getSettings()->ldap_default_group;
@@ -74,7 +75,7 @@ class LdapSync extends Command
                 $json_summary = ['error' => true, 'error_message' => $e->getMessage(), 'summary' => []];
                 $this->info(json_encode($json_summary));
             }
-            LOG::info($e);
+            Log::info($e);
 
             return [];
         }
@@ -84,7 +85,7 @@ class LdapSync extends Command
         try {
             if ($this->option('base_dn') != '') {
                 $search_base = $this->option('base_dn');
-                LOG::debug('Importing users from specified base DN: \"'.$search_base.'\".');
+                Log::debug('Importing users from specified base DN: \"'.$search_base.'\".');
             } else {
                 $search_base = null;
             }
@@ -98,7 +99,7 @@ class LdapSync extends Command
                 $json_summary = ['error' => true, 'error_message' => $e->getMessage(), 'summary' => []];
                 $this->info(json_encode($json_summary));
             }
-            LOG::info($e);
+            Log::info($e);
 
             return [];
         }
@@ -108,16 +109,16 @@ class LdapSync extends Command
 
         if ($this->option('location') != '') {
             $location = Location::where('name', '=', $this->option('location'))->first();
-            LOG::debug('Location name '.$this->option('location').' passed');
-            LOG::debug('Importing to '.$location->name.' ('.$location->id.')');
+            Log::debug('Location name '.$this->option('location').' passed');
+            Log::debug('Importing to '.$location->name.' ('.$location->id.')');
         } elseif ($this->option('location_id') != '') {
             $location = Location::where('id', '=', $this->option('location_id'))->first();
-            LOG::debug('Location ID '.$this->option('location_id').' passed');
-            LOG::debug('Importing to '.$location->name.' ('.$location->id.')');
+            Log::debug('Location ID '.$this->option('location_id').' passed');
+            Log::debug('Importing to '.$location->name.' ('.$location->id.')');
         }
 
         if (! isset($location)) {
-            LOG::debug('That location is invalid or a location was not provided, so no location will be assigned by default.');
+            Log::debug('That location is invalid or a location was not provided, so no location will be assigned by default.');
         }
 
         /* Process locations with explicitly defined OUs, if doing a full import. */
@@ -133,7 +134,7 @@ class LdapSync extends Command
             array_multisort($ldap_ou_lengths, SORT_ASC, $ldap_ou_locations);
 
             if (count($ldap_ou_locations) > 0) {
-                LOG::debug('Some locations have special OUs set. Locations will be automatically set for users in those OUs.');
+                Log::debug('Some locations have special OUs set. Locations will be automatically set for users in those OUs.');
             }
 
             // Inject location information fields
@@ -151,7 +152,7 @@ class LdapSync extends Command
                         $json_summary = ['error' => true, 'error_message' => trans('admin/users/message.error.ldap_could_not_search').' Location: '.$ldap_loc['name'].' (ID: '.$ldap_loc['id'].') cannot connect to "'.$ldap_loc['ldap_ou'].'" - '.$e->getMessage(), 'summary' => []];
                         $this->info(json_encode($json_summary));
                     }
-                    LOG::info($e);
+                    Log::info($e);
 
                     return [];
                 }
@@ -179,10 +180,6 @@ class LdapSync extends Command
             }
         }
 
-        /* Create user account entries in Snipe-IT */
-        $tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 20);
-        $pass = bcrypt($tmp_pass);
-
         $manager_cache = [];
 
         if($ldap_default_group != null) {
@@ -197,20 +194,26 @@ class LdapSync extends Command
 
         for ($i = 0; $i < $results['count']; $i++) {
                 $item = [];
-                $item['username'] = isset($results[$i][$ldap_result_username][0]) ? $results[$i][$ldap_result_username][0] : '';
-                $item['employee_number'] = isset($results[$i][$ldap_result_emp_num][0]) ? $results[$i][$ldap_result_emp_num][0] : '';
-                $item['lastname'] = isset($results[$i][$ldap_result_last_name][0]) ? $results[$i][$ldap_result_last_name][0] : '';
-                $item['firstname'] = isset($results[$i][$ldap_result_first_name][0]) ? $results[$i][$ldap_result_first_name][0] : '';
-                $item['email'] = isset($results[$i][$ldap_result_email][0]) ? $results[$i][$ldap_result_email][0] : '';
-                $item['ldap_location_override'] = isset($results[$i]['ldap_location_override']) ? $results[$i]['ldap_location_override'] : '';
-                $item['location_id'] = isset($results[$i]['location_id']) ? $results[$i]['location_id'] : '';
-                $item['telephone'] = isset($results[$i][$ldap_result_phone][0]) ? $results[$i][$ldap_result_phone][0] : '';
-                $item['jobtitle'] = isset($results[$i][$ldap_result_jobtitle][0]) ? $results[$i][$ldap_result_jobtitle][0] : '';
-                $item['country'] = isset($results[$i][$ldap_result_country][0]) ? $results[$i][$ldap_result_country][0] : '';
-                $item['department'] = isset($results[$i][$ldap_result_dept][0]) ? $results[$i][$ldap_result_dept][0] : '';
-                $item['manager'] = isset($results[$i][$ldap_result_manager][0]) ? $results[$i][$ldap_result_manager][0] : '';
-
+                $item['username'] = $results[$i][$ldap_result_username][0] ?? '';
+                $item['employee_number'] = $results[$i][$ldap_result_emp_num][0] ?? '';
+                $item['lastname'] = $results[$i][$ldap_result_last_name][0] ?? '';
+                $item['firstname'] = $results[$i][$ldap_result_first_name][0] ?? '';
+                $item['email'] = $results[$i][$ldap_result_email][0] ?? '';
+                $item['ldap_location_override'] = $results[$i]['ldap_location_override'] ?? '';
+                $item['location_id'] = $results[$i]['location_id'] ?? '';
+                $item['telephone'] = $results[$i][$ldap_result_phone][0] ?? '';
+                $item['jobtitle'] = $results[$i][$ldap_result_jobtitle][0] ?? '';
+                $item['country'] = $results[$i][$ldap_result_country][0] ?? '';
+                $item['department'] = $results[$i][$ldap_result_dept][0] ?? '';
+                $item['manager'] = $results[$i][$ldap_result_manager][0] ?? '';
+                $item['location'] = $results[$i][$ldap_result_location][0] ?? '';
 
+                // ONLY if you are using the "ldap_location" option *AND* you have an actual result
+                if ($ldap_result_location && $item['location']) {
+                        $location = Location::firstOrCreate([
+                                'name' => $item['location'],
+                        ]);
+                }
                 $department = Department::firstOrCreate([
                     'name' => $item['department'],
                 ]);
@@ -222,21 +225,44 @@ class LdapSync extends Command
                 } else {
                     // Creating a new user.
                     $user = new User;
-                    $user->password = $pass;
+                    $user->password = $user->noPassword();
                     $user->activated = 1; // newly created users can log in by default, unless AD's UAC is in use, or an active flag is set (below)
                     $item['createorupdate'] = 'created';
                 }
 
-                $user->first_name = $item['firstname'];
-                $user->last_name = $item['lastname'];
+            //If a sync option is not filled in on the LDAP settings don't populate the user field
+            if($ldap_result_username  != null){
                 $user->username = $item['username'];
-                $user->email = $item['email'];
+            }
+            if($ldap_result_last_name != null){
+                $user->last_name = $item['lastname'];
+            }
+            if($ldap_result_first_name != null){
+                $user->first_name = $item['firstname'];
+            }
+            if($ldap_result_emp_num  != null){
                 $user->employee_num = e($item['employee_number']);
+            }
+            if($ldap_result_email != null){
+                $user->email = $item['email'];
+            }
+            if($ldap_result_phone != null){
                 $user->phone = $item['telephone'];
+            }
+            if($ldap_result_jobtitle != null){
                 $user->jobtitle = $item['jobtitle'];
+            }
+            if($ldap_result_country != null){
                 $user->country = $item['country'];
+            }
+            if($ldap_result_dept  != null){
                 $user->department_id = $department->id;
+            }
+            if($ldap_result_location != null){
+                $user->location_id = $location ? $location->id : null;
+            }
 
+            if($ldap_result_manager != null){
                 if($item['manager'] != null) {
                     // Check Cache first
                     if (isset($manager_cache[$item['manager']])) {
@@ -276,6 +302,7 @@ class LdapSync extends Command
 
                     }
                 }
+            }
 
                 // Sync activated state for Active Directory.
                 if ( !empty($ldap_result_active_flag)) { // IF we have an 'active' flag set....

app/Console/Commands/NormalizeUserNames.php

@@ -0,0 +1,52 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use App\Models\User;
+
+class NormalizeUserNames extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:normalize-names';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Normalizes weirdly formatted names as first-letter upercased';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return int
+     */
+    public function handle()
+    {
+
+        $users = User::get();
+            $this->info($users->count() . ' users');
+
+            foreach ($users as $user) {
+                $user->first_name = ucwords(strtolower($user->first_name));
+                $user->last_name = ucwords(strtolower($user->last_name));
+                $user->email = strtolower($user->email);
+                $user->save();
+        }
+    }
+}

app/Console/Commands/SystemBackup.php

@@ -11,7 +11,7 @@ class SystemBackup extends Command
      *
      * @var string
      */
-    protected $name = 'snipeit:backup';
+    protected $signature = 'snipeit:backup {--filename=}';
 
     /**
      * The console command description.
@@ -37,7 +37,18 @@ class SystemBackup extends Command
      */
     public function handle()
     {
-        //
+        if ($this->option('filename')) {
+            $filename = $this->option('filename');
+
+            // Make sure the filename ends in .zip
+            if (!ends_with($filename, '.zip')) {
+                $filename = $filename.'.zip';
+            }
+
+            $this->call('backup:run', ['--filename' => $filename]);
+        } else {
             $this->call('backup:run');
         }
+
+    }
 }

app/Events/CheckoutableCheckedIn.php

@@ -15,18 +15,20 @@ class CheckoutableCheckedIn
     public $checkedInBy;
     public $note;
     public $action_date; // Date setted in the hardware.checkin view at the checkin_at input, for the action log
+    public $originalValues;
 
     /**
      * Create a new event instance.
      *
      * @return void
      */
-    public function __construct($checkoutable, $checkedOutTo, User $checkedInBy, $note, $action_date = null)
+    public function __construct($checkoutable, $checkedOutTo, User $checkedInBy, $note, $action_date = null, $originalValues = [])
     {
         $this->checkoutable = $checkoutable;
         $this->checkedOutTo = $checkedOutTo;
         $this->checkedInBy = $checkedInBy;
         $this->note = $note;
         $this->action_date = $action_date ?? date('Y-m-d');
+        $this->originalValues = $originalValues;
     }
 }

app/Events/CheckoutableCheckedOut.php

@@ -14,17 +14,19 @@ class CheckoutableCheckedOut
     public $checkedOutTo;
     public $checkedOutBy;
     public $note;
+    public $originalValues;
 
     /**
      * Create a new event instance.
      *
      * @return void
      */
-    public function __construct($checkoutable, $checkedOutTo, User $checkedOutBy, $note)
+    public function __construct($checkoutable, $checkedOutTo, User $checkedOutBy, $note, $originalValues = [])
     {
         $this->checkoutable = $checkoutable;
         $this->checkedOutTo = $checkedOutTo;
         $this->checkedOutBy = $checkedOutBy;
         $this->note = $note;
+        $this->originalValues = $originalValues;
     }
 }

app/Events/UserMerged.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Events;
+
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+use App\Models\User;
+
+class UserMerged
+{
+    use Dispatchable, SerializesModels;
+
+    /**
+     * Create a new event instance.
+     *
+     * @return void
+     */
+    public function __construct(User $from_user, User $to_user, User $admin)
+    {
+        $this->merged_from        = $from_user;
+        $this->merged_to      = $to_user;
+        $this->admin            = $admin;
+    }
+}

app/Exceptions/Handler.php

@@ -6,10 +6,11 @@ use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
 use App\Helpers\Helper;
 use Illuminate\Validation\ValidationException;
 use Illuminate\Auth\AuthenticationException;
+use ArieTimmerman\Laravel\SCIMServer\Exceptions\SCIMException;
 use Log;
 use Throwable;
 use JsonException;
-
+use Carbon\Exceptions\InvalidFormatException;
 
 class Handler extends ExceptionHandler
 {
@@ -28,6 +29,8 @@ class Handler extends ExceptionHandler
         \Intervention\Image\Exception\NotSupportedException::class,
         \League\OAuth2\Server\Exception\OAuthServerException::class,
         JsonException::class,
+        SCIMException::class, //these generally don't need to be reported
+        InvalidFormatException::class,
     ];
 
     /**
@@ -41,7 +44,9 @@ class Handler extends ExceptionHandler
     public function report(Throwable $exception)
     {
         if ($this->shouldReport($exception)) {
+            if (class_exists(\Log::class)) {
                 \Log::error($exception);
+            }
             return parent::report($exception);
         }
     }
@@ -51,7 +56,7 @@ class Handler extends ExceptionHandler
      * 
      * @param  \Illuminate\Http\Request  $request
      * @param  \Exception  $e
-     * @return \Illuminate\Http\Response
+     * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\RedirectResponse|\Illuminate\Http\Response
      */
     public function render($request, Throwable $e)
     {
@@ -65,18 +70,39 @@ class Handler extends ExceptionHandler
         // Invalid JSON exception
         // TODO: don't understand why we have to do this when we have the invalidJson() method, below, but, well, whatever
         if ($e instanceof JsonException) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'invalid JSON'), 422);
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Invalid JSON'), 422);
         }
 
+        // Handle SCIM exceptions
+        if ($e instanceof SCIMException) {
+            try {
+                $e->report(); // logs as 'debug', so shouldn't get too noisy
+            } catch(\Exception $reportException) {
+                //do nothing
+            }
+            return $e->render($request); // ALL SCIMExceptions have the 'render()' method
+        }
 
-        // Handle Ajax requests that fail because the model doesn't exist
+        // Handle standard requests that fail because Carbon cannot parse the date on validation (when a submitted date value is definitely not a date)
+        if ($e instanceof InvalidFormatException) {
+            return redirect()->back()->withInput()->with('error', trans('validation.date', ['attribute' => 'date']));
+        }
+
+        // Handle API requests that fail
         if ($request->ajax() || $request->wantsJson()) {
 
+            // Handle API requests that fail because Carbon cannot parse the date on validation (when a submitted date value is definitely not a date)
+            if ($e instanceof InvalidFormatException) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('validation.date', ['attribute' => 'date'])), 200);
+            }
+
+            // Handle API requests that fail because the model doesn't exist
             if ($e instanceof \Illuminate\Database\Eloquent\ModelNotFoundException) {
                 $className = last(explode('\\', $e->getModel()));
                 return response()->json(Helper::formatStandardApiResponse('error', null, $className . ' not found'), 200);
             }
 
+            // Handle API requests that fail because of an HTTP status code and return a useful error message
             if ($this->isHttpException($e)) {
 
                 $statusCode = $e->getStatusCode();
@@ -96,6 +122,8 @@ class Handler extends ExceptionHandler
         }
 
 
+
+
         if ($this->isHttpException($e) && (isset($statusCode)) && ($statusCode == '404' )) {
             return response()->view('layouts/basic', [
                 'content' => view('errors/404')
@@ -111,7 +139,7 @@ class Handler extends ExceptionHandler
      *
      * @param  \Illuminate\Http\Request  $request
      * @param  \Illuminate\Auth\AuthenticationException  $exception
-     * @return \Illuminate\Http\Response
+     * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\RedirectResponse
   */
     protected function unauthenticated($request, AuthenticationException $exception)
     {

app/Helpers/Helper.php

@@ -2,6 +2,8 @@
 
 namespace App\Helpers;
 use App\Models\Accessory;
+use App\Models\Asset;
+use App\Models\AssetModel;
 use App\Models\Component;
 use App\Models\Consumable;
 use App\Models\CustomField;
@@ -33,6 +35,16 @@ class Helper
         }
     }
 
+    public static function parseEscapedMarkedownInline($str = null)
+    {
+        $Parsedown = new \Parsedown();
+        $Parsedown->setSafeMode(true);
+
+        if ($str) {
+            return $Parsedown->line($str);
+        }
+    }
+
     /**
      * The importer has formatted number strings since v3,
      * so the value might be a string, or an integer.
@@ -334,7 +346,11 @@ class Helper
             '#92896B',
         ];
 
+        $total_colors = count($colors);
 
+        if ($index >= $total_colors) {
+            $index = $index - $total_colors;
+        }
 
         return $colors[$index];
     }
@@ -528,20 +544,23 @@ class Helper
      * @since [v2.5]
      * @return array
      */
-    public static function categoryTypeList()
+    public static function categoryTypeList($selection=null)
     {
         $category_types = [
             '' => '',
-            'accessory' => 'Accessory',
-            'asset' => 'Asset',
-            'consumable' => 'Consumable',
-            'component' => 'Component',
-            'license' => 'License',
+            'accessory' => trans('general.accessory'),
+            'asset' => trans('general.asset'),
+            'consumable' => trans('general.consumable'),
+            'component' => trans('general.component'),
+            'license' => trans('general.license'),
         ];
 
+        if ($selection != null){
+            return $category_types[strtolower($selection)];
+        }
+        else
         return $category_types;
     }
-
     /**
      * Get the list of custom fields in an array to make a dropdown menu
      *
@@ -626,6 +645,7 @@ class Helper
         $consumables = Consumable::withCount('consumableAssignments as consumable_assignments_count')->whereNotNull('min_amt')->get();
         $accessories = Accessory::withCount('users as users_count')->whereNotNull('min_amt')->get();
         $components = Component::whereNotNull('min_amt')->get();
+        $asset_models = AssetModel::where('min_amt', '>', 0)->get();
 
         $avail_consumables = 0;
         $items_array = [];
@@ -688,6 +708,28 @@ class Helper
             }
         }
 
+        foreach ($asset_models as $asset_model){
+
+            $asset = new Asset();
+            $total_owned = $asset->where('model_id', '=', $asset_model->id)->count();
+            $avail = $asset->where('model_id', '=', $asset_model->id)->whereNull('assigned_to')->count();
+
+            if ($avail < ($asset_model->min_amt)+ \App\Models\Setting::getSettings()->alert_threshold) {
+                if ($avail > 0) {
+                    $percent = number_format((($avail / $total_owned) * 100), 0);
+                } else {
+                    $percent = 100;
+                }
+                $items_array[$all_count]['id'] = $asset_model->id;
+                $items_array[$all_count]['name'] = $asset_model->name;
+                $items_array[$all_count]['type'] = 'models';
+                $items_array[$all_count]['percent'] = $percent;
+                $items_array[$all_count]['remaining'] = $avail;
+                $items_array[$all_count]['min_amt'] = $asset_model->min_amt;
+                $all_count++;
+            }
+        }
+
         return $items_array;
     }
 
@@ -1092,6 +1134,15 @@ class Helper
         return $file_name;
     }
 
+
+    /**
+     * Universal helper to show file size in human-readable formats
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since 5.0
+     *
+     * @return string[]
+     */
     public static function formatFilesizeUnits($bytes)
     {
         if ($bytes >= 1073741824)
@@ -1121,30 +1172,141 @@ class Helper
 
         return $bytes;
     }
+
+    /**
+     * This is weird but used by the side nav to determine which URL to point the user to
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since 5.0
+     *
+     * @return string[]
+     */
     public static function SettingUrls(){
         $settings=['#','fields.index', 'statuslabels.index', 'models.index', 'categories.index', 'manufacturers.index', 'suppliers.index', 'departments.index', 'locations.index', 'companies.index', 'depreciations.index'];
 
         return $settings;
         }
-    public static function AgeFormat($date) {
-        $year = Carbon::parse($date)
-            ->diff(now())->y;
-        $month = Carbon::parse($date)
-            ->diff(now())->m;
-        $days = Carbon::parse($date)
-            ->diff(now())->d;
-        $age='';
-        if ($year) {
-            $age .= $year.'y ';
-        }
-        if ($month) {
-            $age .= $month.'m ';
-        }
-        if ($days) {
-            $age .= $days.'d';
+
+
+    /**
+     * Generic helper (largely used by livewire right now) that returns the font-awesome icon
+     * for the object type.
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since 6.1.0
+     *
+     * @return string
+     */
+    public static function iconTypeByItem($item) {
+
+        switch ($item) {
+            case 'asset':
+                return 'fas fa-barcode';
+                break;
+            case 'accessory':
+                return 'fas fa-keyboard';
+                break;
+            case 'component':
+                return 'fas fa-hdd';
+                break;
+            case 'consumable':
+                return 'fas fa-tint';
+                break;
+            case 'license':
+                return 'far fa-save';
+                break;
+            case 'location':
+                return 'fas fa-map-marker-alt';
+                break;
+            case 'user':
+                return 'fas fa-user';
+                break;
         }
 
-        return $age;
+    }
 
+
+     /*
+     * This is a shorter way to see if the app is in demo mode.
+     *
+     * This makes it cleanly available in blades and in controllers, e.g.
+     *
+     * Blade:
+     * {{ Helper::isDemoMode() ? ' disabled' : ''}} for form blades where we need to disable a form
+     *
+     * Controller:
+     * if (Helper::isDemoMode()) {
+     *      // don't allow the thing
+     * }
+     * @todo - use this everywhere else in the app where we have very long if/else config('app.lock_passwords') stuff
+     */
+    public static function isDemoMode() {
+        if (config('app.lock_passwords') === true) {
+            return true;
+            \Log::debug('app locked!');
+        }
+        
+        return false;
+    }
+
+  
+    /**
+     * Conversion between units of measurement
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @since 5.0
+     * @param float  $value    Measurement value to convert
+     * @param string $srcUnit  Source unit of measurement
+     * @param string $dstUnit  Destination unit of measurement
+     * @param int    $round    Round the result to decimals (Default false - No rounding)
+     * @return float
+     */
+    public static function convertUnit($value, $srcUnit, $dstUnit, $round=false) {
+        $srcFactor = static::getUnitConversionFactor($srcUnit);
+        $dstFactor = static::getUnitConversionFactor($dstUnit);
+        $output = $value * $srcFactor / $dstFactor;
+        return ($round !== false) ? round($output, $round) : $output;
+    }
+  
+    /**
+     * Get conversion factor from unit of measurement to mm
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @since 5.0
+     * @param string $unit  Unit of measurement
+     * @return float
+     */
+    public static function getUnitConversionFactor($unit) {
+        switch (strtolower($unit)) {
+            case 'mm':
+                return 1.0;
+            case 'cm':
+                return 10.0;
+            case 'm':
+                return 1000.0;
+            case 'in':
+                return 25.4;
+            case 'ft':
+                return 12 * static::getUnitConversionFactor('in');
+            case 'yd':
+                return 3 * static::getUnitConversionFactor('ft');
+            case 'pt':
+                return (1 / 72) * static::getUnitConversionFactor('in');
+            default:
+                throw new \InvalidArgumentException('Unit: \'' . $unit . '\' is not supported');
+
+                return false;
+        }
+    }
+
+
+    /*
+     * I know it's gauche  to return a shitty HTML string, but this is just a helper and since it will be the same every single time,
+     * it seemed pretty safe to do here. Don't you judge me.
+     */
+    public static function showDemoModeFieldWarning() {
+        if (Helper::isDemoMode()) {
+            return "<p class=\"text-warning\"><i class=\"fas fa-lock\"></i>" . trans('general.feature_disabled') . "</p>";
+        }
     }
 }

app/Http/Controllers/Accessories/AccessoriesController.php

@@ -77,7 +77,7 @@ class AccessoriesController extends Controller
         $accessory->manufacturer_id         = request('manufacturer_id');
         $accessory->model_number            = request('model_number');
         $accessory->purchase_date           = request('purchase_date');
-        $accessory->purchase_cost           = Helper::ParseCurrency(request('purchase_cost'));
+        $accessory->purchase_cost           = request('purchase_cost');
         $accessory->qty                     = request('qty');
         $accessory->user_id                 = Auth::user()->id;
         $accessory->supplier_id             = request('supplier_id');
@@ -115,6 +115,34 @@ class AccessoriesController extends Controller
 
     }
 
+    /**
+     * Returns a view that presents a form to clone an accessory.
+     *
+     * @author [J. Vinsmoke]
+     * @param int $accessoryId
+     * @since [v6.0]
+     * @return View
+     */
+    public function getClone($accessoryId = null)
+    {
+
+        $this->authorize('create', Accessory::class);
+
+        // Check if the asset exists
+        if (is_null($accessory_to_clone = Accessory::find($accessoryId))) {
+            // Redirect to the asset management page
+            return redirect()->route('accessories.index')
+                ->with('error', trans('admin/accessories/message.does_not_exist', ['id' => $accessoryId]));
+        }
+
+        $accessory = clone $accessory_to_clone;
+        $accessory->id = null;
+        $accessory->location_id = null;
+
+        return view('accessories/edit')
+            ->with('item', $accessory);
+        
+    }
 
     /**
      * Save edited Accessory from form post
@@ -153,7 +181,7 @@ class AccessoriesController extends Controller
             $accessory->order_number = request('order_number');
             $accessory->model_number = request('model_number');
             $accessory->purchase_date = request('purchase_date');
-            $accessory->purchase_cost = Helper::ParseCurrency(request('purchase_cost'));
+            $accessory->purchase_cost = request('purchase_cost');
             $accessory->qty = request('qty');
             $accessory->supplier_id = request('supplier_id');
             $accessory->notes = request('notes');

app/Http/Controllers/Accessories/AccessoriesFilesController.php

@@ -146,9 +146,8 @@ class AccessoriesFilesController extends Controller
             $this->authorize('view', $accessory);
             $this->authorize('accessories.files', $accessory);
 
-            if (! $log = Actionlog::find($fileId)) {
-                return response('No matching record for that asset/file', 500)
-                    ->header('Content-Type', 'text/plain');
+            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $accessory->id)->find($fileId)) {
+                return redirect()->route('accessories.index')->with('error',  trans('admin/users/message.log_record_not_found'));
             }
 
             $file = 'private_uploads/accessories/'.$log->filename;
@@ -161,22 +160,19 @@ class AccessoriesFilesController extends Controller
                     ->header('Content-Type', 'text/plain');
             } else {
 
+                // Display the file inline
+                if (request('inline') == 'true') {
+                    $headers = [
+                        'Content-Disposition' => 'inline',
+                    ];
+                    return Storage::download($file, $log->filename, $headers);
+                }
+
+
                 // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
                 // won't work, as they're not accessible via the web
                 if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
                     return StorageHelper::downloader($file);
-                } else {
-                    if ($download != 'true') {
-                        \Log::debug('display the file');
-                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
-                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                        }
-
-                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
-                    }
-
-                    return StorageHelper::downloader($file);
-
                 }
             }
         }

app/Http/Controllers/Accessories/AccessoryCheckoutController.php

@@ -25,11 +25,16 @@ class AccessoryCheckoutController extends Controller
     public function create($accessoryId)
     {
         // Check if the accessory exists
-        if (is_null($accessory = Accessory::find($accessoryId))) {
+        if (is_null($accessory = Accessory::withCount('users as users_count')->find($accessoryId))) {
             // Redirect to the accessory management page with error
             return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.not_found'));
         }
 
+        // Make sure there is at least one available to checkout
+        if ($accessory->numRemaining() <= 0){
+            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.checkout.unavailable'));
+        }
+        
         if ($accessory->category) {
             $this->authorize('checkout', $accessory);
 
@@ -55,7 +60,7 @@ class AccessoryCheckoutController extends Controller
     public function store(Request $request, $accessoryId)
     {
         // Check if the accessory exists
-        if (is_null($accessory = Accessory::find($accessoryId))) {
+        if (is_null($accessory = Accessory::withCount('users as users_count')->find($accessoryId))) {
             // Redirect to the accessory management page with error
             return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.user_not_found'));
         }
@@ -66,6 +71,12 @@ class AccessoryCheckoutController extends Controller
             return redirect()->route('accessories.checkout.show', $accessory->id)->with('error', trans('admin/accessories/message.checkout.user_does_not_exist'));
         }
 
+        // Make sure there is at least one available to checkout
+        if ($accessory->numRemaining() <= 0){
+            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.checkout.unavailable'));
+        }
+
+
         // Update the accessory data
         $accessory->assigned_to = e($request->input('assigned_to'));
 

app/Http/Controllers/Account/AcceptanceController.php

@@ -69,7 +69,7 @@ class AcceptanceController extends Controller
         }
 
         if (! Company::isCurrentUserHasAccess($acceptance->checkoutable)) {
-            return redirect()->route('account.accept')->with('error', trans('general.insufficient_permissions'));
+            return redirect()->route('account.accept')->with('error', trans('general.error_user_company'));
         }
 
         return view('account/accept.create', compact('acceptance'));
@@ -121,7 +121,6 @@ class AcceptanceController extends Controller
         $pdf_filename = 'accepted-eula-'.date('Y-m-d-h-i-s').'.pdf';
         $sig_filename='';
 
-
         if ($request->input('asset_acceptance') == 'accepted') {
 
             /**
@@ -153,12 +152,14 @@ class AcceptanceController extends Controller
                 }
             }
 
-
             // this is horrible
             switch($acceptance->checkoutable_type){
                 case 'App\Models\Asset':
                         $pdf_view_route ='account.accept.accept-asset-eula';
                         $asset_model = AssetModel::find($item->model_id);
+                        if (!$asset_model) {
+                            return redirect()->back()->with('error', trans('admin/models/message.does_not_exist'));
+                        }
                         $display_model = $asset_model->name;
                         $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
                 break;
@@ -167,7 +168,7 @@ class AcceptanceController extends Controller
                         $pdf_view_route ='account.accept.accept-accessory-eula';
                         $accessory = Accessory::find($item->id);
                         $display_model = $accessory->name;
-                        $assigned_to = User::find($item->assignedTo);
+                        $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
                 break;
 
                 case 'App\Models\LicenseSeat':
@@ -244,17 +245,51 @@ class AcceptanceController extends Controller
             $return_msg = trans('admin/users/message.accepted');
 
         } else {
+
+            /**
+             * Check for the eula-pdfs directory
+             */
+            if (! Storage::exists('private_uploads/eula-pdfs')) {
+                Storage::makeDirectory('private_uploads/eula-pdfs', 775);
+            }
+
+            if (Setting::getSettings()->require_accept_signature == '1') {
+                
+                // Check if the signature directory exists, if not create it
+                if (!Storage::exists('private_uploads/signatures')) {
+                    Storage::makeDirectory('private_uploads/signatures', 775);
+                }
+
+                // The item was accepted, check for a signature
+                if ($request->filled('signature_output')) {
+                    $sig_filename = 'siglog-' . Str::uuid() . '-' . date('Y-m-d-his') . '.png';
+                    $data_uri = $request->input('signature_output');
+                    $encoded_image = explode(',', $data_uri);
+                    $decoded_image = base64_decode($encoded_image[1]);
+                    Storage::put('private_uploads/signatures/' . $sig_filename, (string)$decoded_image);
+
+                    // No image data is present, kick them back.
+                    // This mostly only applies to users on super-duper crapola browsers *cough* IE *cough*
+                } else {
+                    return redirect()->back()->with('error', trans('general.shitty_browser'));
+                }
+            }
+            
             // Format the data to send the declined notification
             $branding_settings = SettingsController::getPDFBranding();
 
             // This is the most horriblest
             switch($acceptance->checkoutable_type){
                 case 'App\Models\Asset':
+                    $asset_model = AssetModel::find($item->model_id);
+                    $display_model = $asset_model->name;
                     $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
                     break;
 
                 case 'App\Models\Accessory':
-                    $assigned_to = User::find($item->assignedTo);
+                    $accessory = Accessory::find($item->id);
+                    $display_model = $accessory->name;
+                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
                     break;
 
                 case 'App\Models\LicenseSeat':
@@ -266,6 +301,8 @@ class AcceptanceController extends Controller
                     break;
 
                 case 'App\Models\Consumable':
+                    $consumable = Consumable::find($item->id);
+                    $display_model = $consumable->name;
                     $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
                     break;
             }
@@ -274,11 +311,18 @@ class AcceptanceController extends Controller
                 'item_model' => $display_model,
                 'item_serial' => $item->serial,
                 'declined_date' => Carbon::parse($acceptance->declined_at)->format('Y-m-d'),
+                'signature' => ($sig_filename) ? storage_path() . '/private_uploads/signatures/' . $sig_filename : null,
                 'assigned_to' => $assigned_to,
                 'company_name' => $branding_settings->site_name,
                 'date_settings' => $branding_settings->date_display_format,
             ];
 
+            if ($pdf_view_route!='') {
+                \Log::debug($pdf_filename.' is the filename, and the route was specified.');
+                $pdf = Pdf::loadView($pdf_view_route, $data);
+                Storage::put('private_uploads/eula-pdfs/' .$pdf_filename, $pdf->output());
+            }
+
             $acceptance->decline($sig_filename);
             $acceptance->notify(new AcceptanceAssetDeclinedNotification($data));
             event(new CheckoutDeclined($acceptance));

app/Http/Controllers/Api/AccessoriesController.php

@@ -26,7 +26,10 @@ class AccessoriesController extends Controller
      */
     public function index(Request $request)
     {
+        if ($request->user()->cannot('reports.view')) {
             $this->authorize('view', Accessory::class);
+        }
+
 
         // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
         // Relations will be handled in query scopes a little further down.
@@ -77,12 +80,9 @@ class AccessoriesController extends Controller
             $accessories->where('notes','=',$request->input('notes'));
         }
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($accessories) && ($request->get('offset') > $accessories->count())) ? $accessories->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $accessories->count()) ? $accessories->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort_override =  $request->input('sort');
@@ -150,7 +150,7 @@ class AccessoriesController extends Controller
     public function show($id)
     {
         $this->authorize('view', Accessory::class);
-        $accessory = Accessory::findOrFail($id);
+        $accessory = Accessory::withCount('users as users_count')->findOrFail($id);
 
         return (new AccessoriesTransformer)->transformAccessory($accessory);
     }
@@ -331,7 +331,7 @@ class AccessoriesController extends Controller
         $accessory = Accessory::find($accessory_user->accessory_id);
         $this->authorize('checkin', $accessory);
 
-        $logaction = $accessory->logCheckin(User::find($accessory_user->user_id), $request->input('note'));
+        $logaction = $accessory->logCheckin(User::find($accessory_user->assigned_to), $request->input('note'));
 
         // Was the accessory updated?
         if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {

app/Http/Controllers/Api/AssetMaintenancesController.php

@@ -36,7 +36,7 @@ class AssetMaintenancesController extends Controller
     {
         $this->authorize('view', Asset::class);
 
-        $maintenances = AssetMaintenance::select('asset_maintenances.*')->with('asset', 'asset.model', 'asset.location', 'supplier', 'asset.company', 'admin');
+        $maintenances = AssetMaintenance::select('asset_maintenances.*')->with('asset', 'asset.model', 'asset.location', 'asset.defaultLoc', 'supplier', 'asset.company', 'admin');
 
         if ($request->filled('search')) {
             $maintenances = $maintenances->TextSearch($request->input('search'));
@@ -55,12 +55,9 @@ class AssetMaintenancesController extends Controller
         }
 
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($maintenances) && ($request->get('offset') > $maintenances->count())) ? $maintenances->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $maintenances->count()) ? $maintenances->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
 
         $allowed_columns = [
                                 'id',
@@ -74,7 +71,8 @@ class AssetMaintenancesController extends Controller
                                 'asset_tag',
                                 'asset_name',
                                 'user_id',
-                                'supplier'
+                                'supplier',
+                                'is_warranty',
                             ];
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
@@ -121,7 +119,7 @@ class AssetMaintenancesController extends Controller
         $assetMaintenance = new AssetMaintenance();
         $assetMaintenance->supplier_id = $request->input('supplier_id');
         $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost =  $request->input('cost');
         $assetMaintenance->notes = e($request->input('notes'));
         $asset = Asset::find(e($request->input('asset_id')));
 
@@ -178,7 +176,7 @@ class AssetMaintenancesController extends Controller
 
         $assetMaintenance->supplier_id = e($request->input('supplier_id'));
         $assetMaintenance->is_warranty = e($request->input('is_warranty'));
-        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost =  $request->input('cost');
         $assetMaintenance->notes = e($request->input('notes'));
 
         $asset = Asset::find(request('asset_id'));

app/Http/Controllers/Api/AssetModelsController.php

@@ -38,6 +38,7 @@ class AssetModelsController extends Controller
                 'image',
                 'name',
                 'model_number',
+                'min_amt',
                 'eol',
                 'notes',
                 'created_at',
@@ -45,6 +46,7 @@ class AssetModelsController extends Controller
                 'requestable',
                 'assets_count',
                 'category',
+                'fieldset',
             ];
 
         $assetmodels = AssetModel::select([
@@ -52,6 +54,7 @@ class AssetModelsController extends Controller
             'models.image',
             'models.name',
             'model_number',
+            'min_amt',
             'eol',
             'requestable',
             'models.notes',
@@ -63,7 +66,7 @@ class AssetModelsController extends Controller
             'models.deleted_at',
             'models.updated_at',
          ])
-            ->with('category', 'depreciation', 'manufacturer', 'fieldset')
+            ->with('category', 'depreciation', 'manufacturer', 'fieldset.fields.defaultValues')
             ->withCount('assets as assets_count');
 
         if ($request->input('status')=='deleted') {
@@ -78,12 +81,9 @@ class AssetModelsController extends Controller
             $assetmodels->TextSearch($request->input('search'));
         }
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($assetmodels) && ($request->get('offset') > $assetmodels->count())) ? $assetmodels->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $assetmodels->count()) ? $assetmodels->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'models.created_at';
@@ -95,6 +95,9 @@ class AssetModelsController extends Controller
             case 'category':
                 $assetmodels->OrderCategory($order);
                 break;
+            case 'fieldset':
+                $assetmodels->OrderFieldset($order);
+                break;
             default:
                 $assetmodels->orderBy($sort, $order);
                 break;

app/Http/Controllers/Api/AssetsController.php

@@ -101,6 +101,7 @@ class AssetsController extends Controller
             'checkin_counter',
             'requests_counter',
             'byod',
+            'asset_eol_date',
         ];
 
         $filter = [];
@@ -114,7 +115,7 @@ class AssetsController extends Controller
             $allowed_columns[] = $field->db_column_name();
         }
 
-        $assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
+        $assets = Asset::select('assets.*')
             ->with('location', 'assetstatus', 'company', 'defaultLoc','assignedTo',
                 'model.category', 'model.manufacturer', 'model.fieldset','supplier'); //it might be tempting to add 'assetlog' here, but don't. It blows up update-heavy users.
 
@@ -124,11 +125,12 @@ class AssetsController extends Controller
             $assets->InModelList($non_deprecable_models->toArray());
         }
 
+
+
         // These are used by the API to query against specific ID numbers.
         // They are also used by the individual searches on detail pages like
         // locations, etc.
 
-
         // Search custom fields by column name
         foreach ($all_custom_fields as $field) {
             if ($request->filled($field->db_column_name())) {
@@ -136,76 +138,12 @@ class AssetsController extends Controller
             }
         }
 
-
-        if ($request->filled('status_id')) {
-            $assets->where('assets.status_id', '=', $request->input('status_id'));
+        if ((! is_null($filter)) && (count($filter)) > 0) {
+            $assets->ByFilter($filter);
+        } elseif ($request->filled('search')) {
+            $assets->TextSearch($request->input('search'));
         }
 
-        if ($request->filled('asset_tag')) {
-            $assets->where('assets.asset_tag', '=', $request->input('asset_tag'));
-        }
-
-        if ($request->filled('serial')) {
-            $assets->where('assets.serial', '=', $request->input('serial'));
-        }
-
-        if ($request->input('requestable') == 'true') {
-            $assets->where('assets.requestable', '=', '1');
-        }
-
-        if ($request->filled('model_id')) {
-            $assets->InModelList([$request->input('model_id')]);
-        }
-
-        if ($request->filled('category_id')) {
-            $assets->InCategory($request->input('category_id'));
-        }
-
-        if ($request->filled('location_id')) {
-            $assets->where('assets.location_id', '=', $request->input('location_id'));
-        }
-
-        if ($request->filled('rtd_location_id')) {
-            $assets->where('assets.rtd_location_id', '=', $request->input('rtd_location_id'));
-        }
-
-        if ($request->filled('supplier_id')) {
-            $assets->where('assets.supplier_id', '=', $request->input('supplier_id'));
-        }
-
-        if (($request->filled('assigned_to')) && ($request->filled('assigned_type'))) {
-            $assets->where('assets.assigned_to', '=', $request->input('assigned_to'))
-                ->where('assets.assigned_type', '=', $request->input('assigned_type'));
-        }
-
-        if ($request->filled('company_id')) {
-            $assets->where('assets.company_id', '=', $request->input('company_id'));
-        }
-
-        if ($request->filled('manufacturer_id')) {
-            $assets->ByManufacturer($request->input('manufacturer_id'));
-        }
-
-        if ($request->filled('depreciation_id')) {
-            $assets->ByDepreciationId($request->input('depreciation_id'));
-        }
-
-        if ($request->filled('byod')) {
-            $assets->where('assets.byod', '=', $request->input('byod'));
-        }
-
-        $request->filled('order_number') ? $assets = $assets->where('assets.order_number', '=', e($request->get('order_number'))) : '';
-
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($assets) && ($request->get('offset') > $assets->count())) ? $assets->count() : $request->get('offset', 0);
-
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
-
-        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-
         // This is used by the audit reporting routes
         if (Gate::allows('audit', Asset::class)) {
             switch ($audit) {
@@ -219,7 +157,6 @@ class AssetsController extends Controller
         }
 
 
-
         // This is used by the sidenav, mostly
 
         // We switched from using query scopes here because of a Laravel bug
@@ -269,7 +206,7 @@ class AssetsController extends Controller
                 break;
             case 'Deployed':
                 // more sad, horrible workarounds for laravel bugs when doing full text searches
-                $assets->where('assets.assigned_to', '>', '0');
+                $assets->whereNotNull('assets.assigned_to');
                 break;
             case 'byod':
                 // This is kind of redundant, since we already check for byod=1 above, but this keeps the
@@ -295,12 +232,71 @@ class AssetsController extends Controller
         }
 
 
-        if ((! is_null($filter)) && (count($filter)) > 0) {
-            $assets->ByFilter($filter);
-        } elseif ($request->filled('search')) {
-            $assets->TextSearch($request->input('search'));
+        // Leave these under the TextSearch scope, else the fuzziness will override the specific ID (status ID, etc) requested
+        if ($request->filled('status_id')) {
+            $assets->where('assets.status_id', '=', $request->input('status_id'));
         }
 
+        if ($request->filled('asset_tag')) {
+            $assets->where('assets.asset_tag', '=', $request->input('asset_tag'));
+        }
+
+        if ($request->filled('serial')) {
+            $assets->where('assets.serial', '=', $request->input('serial'));
+        }
+
+        if ($request->input('requestable') == 'true') {
+            $assets->where('assets.requestable', '=', '1');
+        }
+
+        if ($request->filled('model_id')) {
+            $assets->InModelList([$request->input('model_id')]);
+        }
+
+        if ($request->filled('category_id')) {
+            $assets->InCategory($request->input('category_id'));
+        }
+
+        if ($request->filled('location_id')) {
+            $assets->where('assets.location_id', '=', $request->input('location_id'));
+        }
+
+        if ($request->filled('rtd_location_id')) {
+            $assets->where('assets.rtd_location_id', '=', $request->input('rtd_location_id'));
+        }
+
+        if ($request->filled('supplier_id')) {
+            $assets->where('assets.supplier_id', '=', $request->input('supplier_id'));
+        }
+
+        if ($request->filled('asset_eol_date')) {
+            $assets->where('assets.asset_eol_date', '=', $request->input('asset_eol_date'));
+        }
+
+        if (($request->filled('assigned_to')) && ($request->filled('assigned_type'))) {
+            $assets->where('assets.assigned_to', '=', $request->input('assigned_to'))
+                ->where('assets.assigned_type', '=', $request->input('assigned_type'));
+        }
+
+        if ($request->filled('company_id')) {
+            $assets->where('assets.company_id', '=', $request->input('company_id'));
+        }
+
+        if ($request->filled('manufacturer_id')) {
+            $assets->ByManufacturer($request->input('manufacturer_id'));
+        }
+
+        if ($request->filled('depreciation_id')) {
+            $assets->ByDepreciationId($request->input('depreciation_id'));
+        }
+
+        if ($request->filled('byod')) {
+            $assets->where('assets.byod', '=', $request->input('byod'));
+        }
+
+        if ($request->filled('order_number')) {
+            $assets->where('assets.order_number', '=', $request->get('order_number'));
+        }
 
         // This is kinda gross, but we need to do this because the Bootstrap Tables
         // API passes custom field ordering as custom_fields.fieldname, and we have to strip
@@ -311,6 +307,7 @@ class AssetsController extends Controller
         // in the allowed_columns array)
         $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'assets.created_at';
 
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         
         switch ($sort_override) {
             case 'model':
@@ -348,6 +345,10 @@ class AssetsController extends Controller
         }
 
 
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $assets->count()) ? $assets->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
         $total = $assets->count();
         $assets = $assets->skip($offset)->take($limit)->get();
         
@@ -460,7 +461,7 @@ class AssetsController extends Controller
     {
         $this->authorize('view', Asset::class);
         $this->authorize('view', License::class);
-        $asset = Asset::where('id', $id)->withTrashed()->first();
+        $asset = Asset::where('id', $id)->withTrashed()->firstorfail();
         $licenses = $asset->licenses()->get();
 
         return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
@@ -478,7 +479,7 @@ class AssetsController extends Controller
     public function selectlist(Request $request)
     {
 
-        $assets = Company::scopeCompanyables(Asset::select([
+        $assets = Asset::select([
             'assets.id',
             'assets.name',
             'assets.asset_tag',
@@ -486,7 +487,7 @@ class AssetsController extends Controller
             'assets.assigned_to',
             'assets.assigned_type',
             'assets.status_id',
-            ])->with('model', 'assetstatus', 'assignedTo')->NotArchived(), 'company_id', 'assets');
+            ])->with('model', 'assetstatus', 'assignedTo')->NotArchived();
 
         if ($request->filled('assetStatusType') && $request->input('assetStatusType') === 'RTD') {
             $assets = $assets->RTD();
@@ -544,14 +545,16 @@ class AssetsController extends Controller
         $asset->model_id                = $request->get('model_id');
         $asset->order_number            = $request->get('order_number');
         $asset->notes                   = $request->get('notes');
-        $asset->asset_tag               = $request->get('asset_tag', Asset::autoincrement_asset());
+        $asset->asset_tag               = $request->get('asset_tag', Asset::autoincrement_asset()); //yup, problem :/
+        // NO IT IS NOT!!! This is never firing; we SHOW the asset_tag you're going to get, so it *will* be filled in!
         $asset->user_id                 = Auth::id();
         $asset->archived                = '0';
         $asset->physical                = '1';
         $asset->depreciate              = '0';
         $asset->status_id               = $request->get('status_id', 0);
         $asset->warranty_months         = $request->get('warranty_months', null);
-        $asset->purchase_cost           = Helper::ParseCurrency($request->get('purchase_cost')); // this is the API's store method, so I don't know that I want to do this? Confusing. FIXME (or not?!)
+        $asset->purchase_cost           = $request->get('purchase_cost');
+        $asset->asset_eol_date          = $request->get('asset_eol_date', $asset->present()->eol_date());
         $asset->purchase_date           = $request->get('purchase_date', null);
         $asset->assigned_to             = $request->get('assigned_to', null);
         $asset->supplier_id             = $request->get('supplier_id');
@@ -559,6 +562,7 @@ class AssetsController extends Controller
         $asset->rtd_location_id         = $request->get('rtd_location_id', null);
         $asset->location_id             = $request->get('rtd_location_id', null);
 
+
         /**
         * this is here just legacy reasons. Api\AssetController
         * used image_source  once to allow encoded image uploads.
@@ -572,6 +576,7 @@ class AssetsController extends Controller
         // Update custom fields in the database.
         // Validation for these fields is handled through the AssetRequest form request
         $model = AssetModel::find($request->get('model_id'));
+
         if (($model) && ($model->fieldset)) {
             foreach ($model->fieldset->fields as $field) {
 
@@ -829,7 +834,6 @@ class AssetsController extends Controller
 
         } elseif (request('checkout_to_type') == 'asset') {
             $target = Asset::where('id', '!=', $asset_id)->find(request('assigned_asset'));
-            $asset->location_id = $target->rtd_location_id;
             // Override with the asset's location_id if it has one
             $asset->location_id = (($target) && (isset($target->location_id))) ? $target->location_id : '';
             $error_payload['target_id'] = $request->input('assigned_asset');
@@ -901,6 +905,7 @@ class AssetsController extends Controller
 
         $asset->expected_checkin = null;
         $asset->last_checkout = null;
+        $asset->last_checkin = now();
         $asset->assigned_to = null;
         $asset->assignedTo()->disassociate($asset);
         $asset->accepted = null;
@@ -920,10 +925,14 @@ class AssetsController extends Controller
         }
         
         $checkin_at = $request->filled('checkin_at') ? $request->input('checkin_at').' '. date('H:i:s') : date('Y-m-d H:i:s');
+        $originalValues = $asset->getRawOriginal();
 
+        if (($request->filled('checkin_at')) && ($request->get('checkin_at') != date('Y-m-d'))) {
+            $originalValues['action_date'] = $checkin_at;
+        }
 
         if ($asset->save()) {
-            event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note'), $checkin_at));
+            event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note'), $checkin_at, $originalValues));
 
             return response()->json(Helper::formatStandardApiResponse('success', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkin.success')));
         }
@@ -938,18 +947,21 @@ class AssetsController extends Controller
      * @since [v6.0]
      * @return JsonResponse
      */
-    public function checkinByTag(Request $request)
+    public function checkinByTag(Request $request, $tag = null)
     {
         $this->authorize('checkin', Asset::class);
-        $asset = Asset::where('asset_tag', $request->input('asset_tag'))->first();
+        if(null == $tag && null !== ($request->input('asset_tag'))) {
+            $tag = $request->input('asset_tag');
+        }
+        $asset = Asset::where('asset_tag', $tag)->first();
 
         if ($asset) {
             return $this->checkin($request, $asset->id);
         }
 
         return response()->json(Helper::formatStandardApiResponse('error', [
-            'asset'=> e($request->input('asset_tag'))
-        ], 'Asset with tag '.e($request->input('asset_tag')).' not found'));
+            'asset'=> e($tag)
+        ], 'Asset with tag '.e($tag).' not found'));
     }
 
 
@@ -1026,9 +1038,10 @@ class AssetsController extends Controller
     {
         $this->authorize('viewRequestable', Asset::class);
 
-        $assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
+        $assets = Asset::select('assets.*')
             ->with('location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
-                'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')->requestableAssets();
+                'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')
+            ->requestableAssets();
 
         $offset = request('offset', 0);
         $limit = $request->input('limit', 50);

app/Http/Controllers/Api/CategoriesController.php

@@ -24,10 +24,48 @@ class CategoriesController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Category::class);
-        $allowed_columns = ['id', 'name', 'category_type', 'category_type', 'use_default_eula', 'eula_text', 'require_acceptance', 'checkin_email', 'assets_count', 'accessories_count', 'consumables_count', 'components_count', 'licenses_count', 'image'];
+        $allowed_columns = [
+            'id',
+            'name',
+            'category_type',
+            'category_type',
+            'use_default_eula',
+            'eula_text',
+            'require_acceptance',
+            'checkin_email',
+            'assets_count',
+            'accessories_count',
+            'consumables_count',
+            'components_count',
+            'licenses_count',
+            'image',
+        ];
 
-        $categories = Category::select(['id', 'created_at', 'updated_at', 'name', 'category_type', 'use_default_eula', 'eula_text', 'require_acceptance', 'checkin_email', 'image'])
-            ->withCount('assets as assets_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count');
+        $categories = Category::select([
+            'id',
+            'created_at',
+            'updated_at',
+            'name', 'category_type',
+            'use_default_eula',
+            'eula_text',
+            'require_acceptance',
+            'checkin_email',
+            'image'
+            ])->withCount('accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count');
+
+
+        /*
+         * This checks to see if we should override the Admin Setting to show archived assets in list.
+         * We don't currently use it within the Snipe-IT GUI, but will be useful for API integrations where they
+         * may actually need to fetch assets that are archived.
+         *
+         * @see \App\Models\Category::showableAssets()
+         */
+        if ($request->input('archived')=='true') {
+            $categories = $categories->withCount('assets as assets_count');
+        } else {
+            $categories = $categories->withCount('showableAssets as assets_count');
+        }
 
         if ($request->filled('search')) {
             $categories = $categories->TextSearch($request->input('search'));
@@ -53,14 +91,9 @@ class CategoriesController extends Controller
             $categories->where('checkin_email', '=', $request->input('checkin_email'));
         }
 
-
-
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($categories) && ($request->get('offset') > $categories->count())) ? $categories->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $categories->count()) ? $categories->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'assets_count';

app/Http/Controllers/Api/CompaniesController.php

@@ -27,6 +27,9 @@ class CompaniesController extends Controller
         $allowed_columns = [
             'id',
             'name',
+            'phone',
+            'fax',
+            'email',
             'created_at',
             'updated_at',
             'users_count',
@@ -47,13 +50,15 @@ class CompaniesController extends Controller
             $companies->where('name', '=', $request->input('name'));
         }
 
+		if ($request->filled('email')) {
+            $companies->where('email', '=', $request->input('email'));
+        }
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($companies) && ($request->get('offset') > $companies->count())) ? $companies->count() : $request->get('offset', 0);
 
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $companies->count()) ? $companies->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -168,6 +173,7 @@ class CompaniesController extends Controller
         $companies = Company::select([
             'companies.id',
             'companies.name',
+            'companies.email',
             'companies.image',
         ]);
 

app/Http/Controllers/Api/ComponentsController.php

@@ -12,6 +12,8 @@ use App\Http\Requests\ImageUploadRequest;
 use App\Events\CheckoutableCheckedIn;
 use App\Events\ComponentCheckedIn;
 use App\Models\Asset;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\Database\Query\Builder;
 
 class ComponentsController extends Controller
 {
@@ -43,9 +45,8 @@ class ComponentsController extends Controller
                 'notes',
             ];
 
-
-        $components = Company::scopeCompanyables(Component::select('components.*')
-            ->with('company', 'location', 'category', 'assets'));
+        $components = Component::select('components.*')
+            ->with('company', 'location', 'category', 'assets', 'supplier');
 
         if ($request->filled('search')) {
             $components = $components->TextSearch($request->input('search'));
@@ -63,6 +64,10 @@ class ComponentsController extends Controller
             $components->where('category_id', '=', $request->input('category_id'));
         }
 
+        if ($request->filled('supplier_id')) {
+            $components->where('supplier_id', '=', $request->input('supplier_id'));
+        }
+
         if ($request->filled('location_id')) {
             $components->where('location_id', '=', $request->input('location_id'));
         }
@@ -71,13 +76,9 @@ class ComponentsController extends Controller
             $components->where('notes','=',$request->input('notes'));
         }
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($components) && ($request->get('offset') > $components->count())) ? $components->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
-
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $components->count()) ? $components->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort_override =  $request->input('sort');
@@ -93,6 +94,9 @@ class ComponentsController extends Controller
             case 'company':
                 $components = $components->OrderCompany($order);
                 break;
+            case 'supplier':
+                $components = $components->OrderSupplier($order);
+                break;
             default:
                 $components = $components->orderBy($column_sort, $order);
                 break;
@@ -200,12 +204,29 @@ class ComponentsController extends Controller
         $this->authorize('view', \App\Models\Asset::class);
         
         $component = Component::findOrFail($id);
-        $assets = $component->assets();
         
         $offset = request('offset', 0);
         $limit = $request->input('limit', 50);
+        
+        if ($request->filled('search')) {
+            $assets = $component->assets()
+                                ->where(function ($query) use ($request) {
+                                    $search_str = '%' . $request->input('search') . '%';
+                                    $query->where('name', 'like', $search_str)
+                                            ->orWhereIn('model_id', function (Builder $query) use ($request) {
+                                                $search_str = '%' . $request->input('search') . '%';
+                                                $query->selectRaw('id')->from('models')->where('name', 'like', $search_str);
+                                            })
+                                            ->orWhere('asset_tag', 'like', $search_str);
+                                         })
+                                         ->get();
+            $total = $assets->count();
+        } else {
+            $assets = $component->assets();
+            
             $total = $assets->count();
             $assets = $assets->skip($offset)->take($limit)->get();
+        }
 
         return (new ComponentsTransformer)->transformCheckedoutComponents($assets, $total);
     }
@@ -225,20 +246,30 @@ class ComponentsController extends Controller
     public function checkout(Request $request, $componentId)
     {
         // Check if the component exists
-        if (is_null($component = Component::find($componentId))) {
+        if (!$component = Component::find($componentId)) {
             return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.does_not_exist')));
         }
 
         $this->authorize('checkout', $component);
 
+        $validator = Validator::make($request->all(), [
+            'assigned_to'          => 'required|exists:assets,id',
+            'assigned_qty'      => "required|numeric|min:1|digits_between:1,".$component->numRemaining(),
+        ]);
+
+        if ($validator->fails()) {
+            return response()->json(Helper::formatStandardApiResponse('error', $validator->errors()));
+
+        }
+
+        // Make sure there is at least one available to checkout
+        if ($component->numRemaining() < $request->get('assigned_qty')) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.checkout.unavailable', ['remaining' => $component->numRemaining(), 'requested' => $request->get('assigned_qty')])));
+        }
 
         if ($component->numRemaining() >= $request->get('assigned_qty')) {
 
-            if (!$asset = Asset::find($request->input('assigned_to'))) {
-                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')));
-            }
-
-            // Update the accessory data
+            $asset = Asset::find($request->input('assigned_to'));
             $component->assigned_to = $request->input('assigned_to');
 
             $component->assets()->attach($component->id, [
@@ -255,7 +286,7 @@ class ComponentsController extends Controller
             return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/components/message.checkout.success')));
         }
 
-        return response()->json(Helper::formatStandardApiResponse('error', null, 'Not enough components remaining: '.$component->numRemaining().' remaining, '.$request->get('assigned_qty').' requested.'));
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.checkout.unavailable', ['remaining' => $component->numRemaining(), 'requested' => $request->get('assigned_qty')])));
     }
 
     /**

app/Http/Controllers/Api/ConsumablesController.php

@@ -45,11 +45,8 @@ class ConsumablesController extends Controller
                 'notes',
                 ];
 
-
-        $consumables = Company::scopeCompanyables(
-            Consumable::select('consumables.*')
-                ->with('company', 'location', 'category', 'users', 'manufacturer')
-        );
+        $consumables = Consumable::select('consumables.*')
+            ->with('company', 'location', 'category', 'users', 'manufacturer');
 
         if ($request->filled('search')) {
             $consumables = $consumables->TextSearch(e($request->input('search')));
@@ -75,6 +72,10 @@ class ConsumablesController extends Controller
             $consumables->where('manufacturer_id', '=', $request->input('manufacturer_id'));
         }
 
+        if ($request->filled('supplier_id')) {
+            $consumables->where('supplier_id', '=', $request->input('supplier_id'));
+        }
+
         if ($request->filled('location_id')) {
             $consumables->where('location_id','=',$request->input('location_id'));
         }
@@ -84,12 +85,9 @@ class ConsumablesController extends Controller
         }
 
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($consumables) && ($request->get('offset') > $consumables->count())) ? $consumables->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $consumables->count()) ? $consumables->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
         $allowed_columns = ['id', 'name', 'order_number', 'min_amt', 'purchase_date', 'purchase_cost', 'company', 'category', 'model_number', 'item_no', 'manufacturer', 'location', 'qty', 'image'];
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
@@ -111,6 +109,9 @@ class ConsumablesController extends Controller
             case 'company':
                 $consumables = $consumables->OrderCompany($order);
                 break;
+            case 'supplier':
+                $components = $consumables->OrderSupplier($order);
+                break;
             default:
                 $consumables = $consumables->orderBy($column_sort, $order);
                 break;
@@ -154,7 +155,7 @@ class ConsumablesController extends Controller
     public function show($id)
     {
         $this->authorize('view', Consumable::class);
-        $consumable = Consumable::findOrFail($id);
+        $consumable = Consumable::with('users')->findOrFail($id);
 
         return (new ConsumablesTransformer)->transformConsumable($consumable);
     }
@@ -253,33 +254,39 @@ class ConsumablesController extends Controller
     public function checkout(Request $request, $id)
     {
         // Check if the consumable exists
-        if (is_null($consumable = Consumable::find($id))) {
+        if (!$consumable = Consumable::with('users')->find($id)) {
             return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/consumables/message.does_not_exist')));
         }
 
         $this->authorize('checkout', $consumable);
 
-        if ($consumable->qty > 0) {
+        // Make sure there is at least one available to checkout
+        if ($consumable->numRemaining() <= 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/consumables/message.checkout.unavailable')));
+            \Log::debug('No enough remaining');
+        }
 
-            // Check if the user exists
-            $assigned_to = $request->input('assigned_to');
-            if (is_null($user = User::find($assigned_to))) {
+        // Check if the user exists - @TODO:  this should probably be handled via validation, not here??
+        if (!$user = User::find($request->input('assigned_to'))) {
             // Return error message
             return response()->json(Helper::formatStandardApiResponse('error', null, 'No user found'));
+            \Log::debug('No valid user');
         }
 
         // Update the consumable data
-            $consumable->assigned_to = e($assigned_to);
+        $consumable->assigned_to = $request->input('assigned_to');
 
-            $consumable->users()->attach($consumable->id, [
+        $consumable->users()->attach($consumable->id,
+                [
                     'consumable_id' => $consumable->id,
                     'user_id' => $user->id,
-                'assigned_to' => $assigned_to,
+                    'assigned_to' => $request->input('assigned_to'),
                     'note' => $request->input('note'),
-            ]);
+                ]
+            );
 
             // Log checkout event
-            $logaction = $consumable->logCheckout(e($request->input('note')), $user);
+            $logaction = $consumable->logCheckout($request->input('note'), $user);
             $data['log_id'] = $logaction->id;
             $data['eula'] = $consumable->getEula();
             $data['first_name'] = $user->first_name;
@@ -289,9 +296,7 @@ class ConsumablesController extends Controller
             $data['require_acceptance'] = $consumable->requireAcceptance();
 
             return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/consumables/message.checkout.success')));
-        }
 
-        return response()->json(Helper::formatStandardApiResponse('error', null, 'No consumables remaining'));
     }
 
     /**

app/Http/Controllers/Api/CustomFieldsetsController.php

@@ -7,6 +7,7 @@ use App\Http\Controllers\Controller;
 use App\Http\Transformers\CustomFieldsetsTransformer;
 use App\Http\Transformers\CustomFieldsTransformer;
 use App\Models\CustomFieldset;
+use App\Models\CustomField;
 use Illuminate\Http\Request;
 use Redirect;
 use View;
@@ -94,6 +95,18 @@ class CustomFieldsetsController extends Controller
         $fieldset->fill($request->all());
 
         if ($fieldset->save()) {
+            // Sync fieldset with auto_add_to_fieldsets
+            $fields = CustomField::select('id')->where('auto_add_to_fieldsets', '=', '1')->get();
+
+            if ($fields->count() > 0) {
+
+                foreach ($fields as $field) {
+                    $field_ids[] = $field->id;
+                }
+
+                $fieldset->fields()->sync($field_ids);
+            }
+
             return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.create.success')));
         }
 

app/Http/Controllers/Api/DepartmentsController.php

@@ -27,16 +27,18 @@ class DepartmentsController extends Controller
         $this->authorize('view', Department::class);
         $allowed_columns = ['id', 'name', 'image', 'users_count'];
 
-        $departments = Company::scopeCompanyables(Department::select(
+        $departments = Department::select(
             'departments.id',
             'departments.name',
+            'departments.phone',
+            'departments.fax',
             'departments.location_id',
             'departments.company_id',
             'departments.manager_id',
             'departments.created_at',
             'departments.updated_at',
-            'departments.image'),
-             "company_id", "departments")->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
+            'departments.image'
+        )->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
 
         if ($request->filled('search')) {
             $departments = $departments->TextSearch($request->input('search'));
@@ -58,12 +60,9 @@ class DepartmentsController extends Controller
             $departments->where('location_id', '=', $request->input('location_id'));
         }
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($departments) && ($request->get('offset') > $departments->count())) ? $departments->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $departments->count()) ? $departments->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';

app/Http/Controllers/Api/DepreciationsController.php

@@ -28,12 +28,9 @@ class DepreciationsController extends Controller
             $depreciations = $depreciations->TextSearch($request->input('search'));
         }
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($depreciations) && ($request->get('offset') > $depreciations->count())) ? $depreciations->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $depreciations->count()) ? $depreciations->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';

app/Http/Controllers/Api/GroupsController.php

@@ -8,6 +8,7 @@ use App\Http\Transformers\GroupsTransformer;
 use App\Models\Group;
 use Illuminate\Http\Request;
 
+
 class GroupsController extends Controller
 {
     /**
@@ -19,6 +20,8 @@ class GroupsController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('superadmin');
+
         $this->authorize('view', Group::class);
         $allowed_columns = ['id', 'name', 'created_at', 'users_count'];
 
@@ -32,12 +35,9 @@ class GroupsController extends Controller
             $groups->where('name', '=', $request->input('name'));
         }
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($groups) && ($request->get('offset') > $groups->count())) ? $groups->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $groups->count()) ? $groups->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -59,9 +59,11 @@ class GroupsController extends Controller
      */
     public function store(Request $request)
     {
-        $this->authorize('create', Group::class);
+        $this->authorize('superadmin');
         $group = new Group;
-        $group->fill($request->all());
+
+        $group->name = $request->input('name');
+        $group->permissions = json_encode($request->input('permissions')); // Todo - some JSON validation stuff here
 
         if ($group->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success')));
@@ -80,7 +82,7 @@ class GroupsController extends Controller
      */
     public function show($id)
     {
-        $this->authorize('view', Group::class);
+        $this->authorize('superadmin');
         $group = Group::findOrFail($id);
 
         return (new GroupsTransformer)->transformGroup($group);
@@ -97,9 +99,11 @@ class GroupsController extends Controller
      */
     public function update(Request $request, $id)
     {
-        $this->authorize('update', Group::class);
+        $this->authorize('superadmin');
         $group = Group::findOrFail($id);
-        $group->fill($request->all());
+
+        $group->name = $request->input('name');
+        $group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here
 
         if ($group->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.update.success')));
@@ -118,9 +122,8 @@ class GroupsController extends Controller
      */
     public function destroy($id)
     {
-        $this->authorize('delete', Group::class);
+        $this->authorize('superadmin');
         $group = Group::findOrFail($id);
-        $this->authorize('delete', $group);
         $group->delete();
 
         return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/groups/message.delete.success')));

app/Http/Controllers/Api/ImportController.php

@@ -126,7 +126,14 @@ class ImportController extends Controller
                 }
                 $file_name = date('Y-m-d-his').'-'.$fixed_filename;
                 $import->file_path = $file_name;
+                $import->filesize = null;
+
+                if (!file_exists($path.'/'.$file_name)) {
+                    return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_not_found')), 500);
+                }
+
                 $import->filesize = filesize($path.'/'.$file_name);
+                
                 $import->save();
                 $results[] = $import;
             }
@@ -153,7 +160,7 @@ class ImportController extends Controller
         // Run a backup immediately before processing
         if ($request->get('run-backup')) {
             \Log::debug('Backup manually requested via importer');
-            Artisan::call('backup:run');
+            Artisan::call('snipeit:backup', ['--filename' => 'pre-import-backup-'.date('Y-m-d-H:i:s')]);
         } else {
             \Log::debug('NO BACKUP requested via importer');
         }
@@ -186,6 +193,9 @@ class ImportController extends Controller
             case 'user':
                 $redirectTo = 'users.index';
                 break;
+            case 'location':
+                $redirectTo = 'locations.index';
+                break;
         }
 
         if ($errors) { //Failure

app/Http/Controllers/Api/LabelsController.php

@@ -0,0 +1,71 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\LabelsTransformer;
+use App\Models\Labels\Label;
+use Illuminate\Http\Request;
+use Illuminate\Support\ItemNotFoundException;
+use Auth;
+
+class LabelsController extends Controller
+{
+    /**
+     * Returns JSON listing of all labels.
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @return JsonResponse
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Label::class);
+
+        $labels = Label::find();
+
+        if ($request->filled('search')) {
+            $search = $request->get('search');
+            $labels = $labels->filter(function ($label, $index) use ($search) {
+                return stripos($label->getName(), $search) !== false;
+            });
+        }
+
+        $total = $labels->count();
+
+        $offset = $request->get('offset', 0);
+        $offset = ($offset > $total) ? $total : $offset;
+
+        $maxLimit = config('app.max_results');
+        $limit = $request->get('limit', $maxLimit);
+        $limit = ($limit > $maxLimit) ? $maxLimit : $limit;
+        
+        $labels = $labels->skip($offset)->take($limit);
+
+        return (new LabelsTransformer)->transformLabels($labels, $total, $request);
+    }
+
+    /**
+     * Returns JSON with information about a label for detail view.
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @param  string  $labelName
+     * @return JsonResponse
+     */
+    public function show(string $labelName)
+    {
+        $labelName = str_replace('/', '\\', $labelName);
+        try {
+            $label = Label::find($labelName);
+        } catch(ItemNotFoundException $e) {
+            return response()
+                ->json(
+                    Helper::formatStandardApiResponse('error', null, trans('admin/labels/message.does_not_exist')), 
+                    404
+                );
+        }
+        $this->authorize('view', $label);
+        return (new LabelsTransformer)->transformLabel($label);
+    }
+
+}

app/Http/Controllers/Api/LicenseSeatsController.php

@@ -39,8 +39,15 @@ class LicenseSeatsController extends Controller
             }
 
             $total = $seats->count();
-            $offset = (($seats) && (request('offset') >= $total)) ? 0 : request('offset', 0);
-            $limit = request('limit', 50);
+
+            // Make sure the offset and limit are actually integers and do not exceed system limits
+            $offset = ($request->input('offset') > $seats->count()) ? $seats->count() : app('api_offset_value');
+
+            if ($offset >= $total ){
+                $offset = 0;
+            }
+
+            $limit = app('api_limit_value');
 
             $seats = $seats->skip($offset)->take($limit)->get();
 

app/Http/Controllers/Api/LicensesController.php

@@ -26,8 +26,8 @@ class LicensesController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', License::class);
-        $licenses = Company::scopeCompanyables(License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count'));
 
+        $licenses = License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count');
 
         if ($request->filled('company_id')) {
             $licenses->where('company_id', '=', $request->input('company_id'));
@@ -94,12 +94,9 @@ class LicensesController extends Controller
             $licenses->onlyTrashed();
         }
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($licenses) && ($request->get('offset') > $licenses->count())) ? $licenses->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $licenses->count()) ? $licenses->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
 

app/Http/Controllers/Api/LocationsController.php

@@ -37,6 +37,8 @@ class LocationsController extends Controller
             'locations.city',
             'locations.state',
             'locations.zip',
+            'locations.phone',
+            'locations.fax',
             'locations.country',
             'locations.parent_id',
             'locations.manager_id',
@@ -78,14 +80,15 @@ class LocationsController extends Controller
             $locations->where('locations.country', '=', $request->input('country'));
         }
 
-        $offset = (($locations) && (request('offset') > $locations->count())) ? $locations->count() : request('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $locations->count()) ? $locations->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
 
+
+
         switch ($request->input('sort')) {
             case 'parent':
                 $locations->OrderParent($order);
@@ -250,8 +253,12 @@ class LocationsController extends Controller
      */
     public function selectlist(Request $request)
     {
-
-        $this->authorize('view.selectlists');
+        // If a user is in the process of editing their profile, as determined by the referrer,
+        // then we check that they have permission to edit their own location.
+        // Otherwise, we do our normal check that they can view select lists.
+        $request->headers->get('referer') === route('profile')
+            ? $this->authorize('self.edit_location')
+            : $this->authorize('view.selectlists');
 
         $locations = Location::select([
             'locations.id',

app/Http/Controllers/Api/ManufacturersController.php

@@ -23,10 +23,10 @@ class ManufacturersController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Manufacturer::class);
-        $allowed_columns = ['id', 'name', 'url', 'support_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'assets_count', 'consumables_count', 'components_count', 'licenses_count'];
+        $allowed_columns = ['id', 'name', 'url', 'support_url', 'support_email', 'warranty_lookup_url', 'support_phone', 'created_at', 'updated_at', 'image', 'assets_count', 'consumables_count', 'components_count', 'licenses_count'];
 
         $manufacturers = Manufacturer::select(
-            ['id', 'name', 'url', 'support_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'deleted_at']
+            ['id', 'name', 'url', 'support_url', 'warranty_lookup_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'deleted_at']
         )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('consumables as consumables_count')->withCount('accessories as accessories_count');
 
         if ($request->input('deleted') == 'true') {
@@ -49,6 +49,10 @@ class ManufacturersController extends Controller
             $manufacturers->where('support_url', '=', $request->input('support_url'));
         }
 
+        if ($request->filled('warranty_lookup_url')) {
+            $manufacturers->where('warranty_lookup_url', '=', $request->input('warranty_lookup_url'));
+        }
+
         if ($request->filled('support_phone')) {
             $manufacturers->where('support_phone', '=', $request->input('support_phone'));
         }
@@ -57,12 +61,9 @@ class ManufacturersController extends Controller
             $manufacturers->where('support_email', '=', $request->input('support_email'));
         }
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($manufacturers) && ($request->get('offset') > $manufacturers->count())) ? $manufacturers->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $manufacturers->count()) ? $manufacturers->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';

app/Http/Controllers/Api/PredefinedKitsController.php

@@ -29,8 +29,10 @@ class PredefinedKitsController extends Controller
             $kits = $kits->TextSearch($request->input('search'));
         }
 
-        $offset = $request->input('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $kits->count()) ? $kits->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
         $order = $request->input('order') === 'desc' ? 'desc' : 'asc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'name';
         $kits->orderBy($sort, $order);

app/Http/Controllers/Api/ProfileController.php

@@ -10,7 +10,7 @@ use Illuminate\Support\Facades\Auth;
 use Illuminate\Http\Request;
 use Laravel\Passport\TokenRepository;
 use Illuminate\Contracts\Validation\Factory as ValidationFactory;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use DB;
 
 class ProfileController extends Controller

app/Http/Controllers/Api/ReportsController.php

@@ -54,11 +54,15 @@ class ReportsController extends Controller
             'note',
         ];
 
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $actionlogs->count()) ? $actionlogs->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
         $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
         $order = ($request->input('order') == 'asc') ? 'asc' : 'desc';
-        $offset = request('offset', 0);
-        $limit = request('limit', 50);
         $total = $actionlogs->count();
+
         $actionlogs = $actionlogs->orderBy($sort, $order)->skip($offset)->take($limit)->get();
 
         return response()->json((new ActionlogsTransformer)->transformActionlogs($actionlogs, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);

app/Http/Controllers/Api/SettingsController.php

@@ -143,47 +143,6 @@ class SettingsController extends Controller
 
     }
 
-    public function slacktest(SlackSettingsRequest $request)
-    {
-
-        $validator = Validator::make($request->all(), [
-            'slack_endpoint'                      => 'url|required_with:slack_channel|starts_with:https://hooks.slack.com/|nullable',
-            'slack_channel'                       => 'required_with:slack_endpoint|starts_with:#|nullable',
-        ]);
-
-        if ($validator->fails()) {
-            return response()->json(['message' => 'Validation failed', 'errors' => $validator->errors()], 422);
-        }
-
-        // If validation passes, continue to the curl request
-            $slack = new Client([
-                'base_url' => e($request->input('slack_endpoint')),
-                'defaults' => [
-                    'exceptions' => false,
-                ],
-            ]);
-
-            $payload = json_encode(
-                [
-                    'channel'    => e($request->input('slack_channel')),
-                    'text'       => trans('general.slack_test_msg'),
-                    'username'    => e($request->input('slack_botname')),
-                    'icon_emoji' => ':heart:',
-                ]);
-
-            try {
-                $slack->post($request->input('slack_endpoint'), ['body' => $payload]);
-                return response()->json(['message' => 'Success'], 200);
-
-            } catch (\Exception $e) {
-                return response()->json(['message' => 'Please check the channel name and webhook endpoint URL ('.e($request->input('slack_endpoint')).'). Slack responded with: '.$e->getMessage()], 400);
-            }
-
-        //} 
-        return response()->json(['message' => 'Something went wrong :( '], 400);
-    }
-
-
     /**
      * Test the email configuration
      *
@@ -312,7 +271,7 @@ class SettingsController extends Controller
             $headers = ['ContentType' => 'application/zip'];
             return Storage::download($path.'/'.$file, $file, $headers);
         } else {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'File not found'));
+            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('general.file_not_found')));
         }
 
     }

app/Http/Controllers/Api/StatuslabelsController.php

@@ -5,6 +5,7 @@ namespace App\Http\Controllers\Api;
 use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Http\Transformers\AssetsTransformer;
+use App\Http\Transformers\SelectlistTransformer;
 use App\Http\Transformers\StatuslabelsTransformer;
 use App\Models\Asset;
 use App\Models\Statuslabel;
@@ -50,12 +51,9 @@ class StatuslabelsController extends Controller
             }
         }
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($statuslabels) && ($request->get('offset') > $statuslabels->count())) ? $statuslabels->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $statuslabels->count()) ? $statuslabels->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -196,6 +194,7 @@ class StatuslabelsController extends Controller
     {
         $this->authorize('view', Statuslabel::class);
         $statuslabels = Statuslabel::withCount('assets')->get();
+        $total = Array();
 
         foreach ($statuslabels as $statuslabel) {
 
@@ -293,4 +292,45 @@ class StatuslabelsController extends Controller
 
         return '0';
     }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.1.1]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+
+        $this->authorize('view.selectlists');
+        $statuslabels = Statuslabel::orderBy('default_label', 'desc')->orderBy('name', 'asc')->orderBy('deployable', 'desc');
+
+        if ($request->filled('search')) {
+            $statuslabels = $statuslabels->where('name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        if ($request->filled('deployable')) {
+            $statuslabels = $statuslabels->where('deployable', '=', '1');
+        }
+
+        if ($request->filled('pending')) {
+            $statuslabels = $statuslabels->where('pending', '=', '1');
+        }
+
+        if ($request->filled('archived')) {
+            $statuslabels = $statuslabels->where('archived', '=', '1');
+        }
+
+        $statuslabels = $statuslabels->orderBy('name', 'ASC')->paginate(50);
+
+        // Loop through and set some custom properties for the transformer to use.
+        // This lets us have more flexibility in special cases like assets, where
+        // they may not have a ->name value but we want to display something anyway
+        foreach ($statuslabels as $statuslabel) {
+            $statuslabels->use_text = $statuslabel->name;
+        }
+
+        return (new SelectlistTransformer)->transformSelectlist($statuslabels);
+    }
 }

app/Http/Controllers/Api/SuppliersController.php

@@ -23,11 +23,30 @@ class SuppliersController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Supplier::class);
-        $allowed_columns = ['id', 'name', 'address', 'phone', 'contact', 'fax', 'email', 'image', 'assets_count', 'licenses_count', 'accessories_count', 'url'];
+        $allowed_columns = ['
+            id',
+            'name',
+            'address',
+            'phone',
+            'contact',
+            'fax',
+            'email',
+            'image',
+            'assets_count',
+            'licenses_count',
+            'accessories_count',
+            'components_count',
+            'consumables_count',
+            'url',
+        ];
         
         $suppliers = Supplier::select(
-                ['id', 'name', 'address', 'address2', 'city', 'state', 'country', 'fax', 'phone', 'email', 'contact', 'created_at', 'updated_at', 'deleted_at', 'image', 'notes']
-            )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('accessories as accessories_count');
+                ['id', 'name', 'address', 'address2', 'city', 'state', 'country', 'fax', 'phone', 'email', 'contact', 'created_at', 'updated_at', 'deleted_at', 'image', 'notes', 'url'])
+                    ->withCount('assets as assets_count')
+                    ->withCount('licenses as licenses_count')
+                    ->withCount('accessories as accessories_count')
+                    ->withCount('components as components_count')
+                    ->withCount('consumables as consumables_count');
 
 
         if ($request->filled('search')) {
@@ -74,12 +93,9 @@ class SuppliersController extends Controller
             $suppliers->where('notes', '=', $request->input('notes'));
         }
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($suppliers) && ($request->get('offset') > $suppliers->count())) ? $suppliers->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $suppliers->count()) ? $suppliers->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';

app/Http/Controllers/Api/UsersController.php

@@ -20,6 +20,7 @@ use Auth;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Validator;
 
 class UsersController extends Controller
 {
@@ -69,18 +70,13 @@ class UsersController extends Controller
             'users.ldap_import',
             'users.start_date',
             'users.end_date',
+            'users.vip',
+            'users.autoassign_licenses',
 
         ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy',)
             ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count');
-        $users = Company::scopeCompanyables($users);
 
 
-        if (($request->filled('deleted')) && ($request->input('deleted') == 'true')) {
-            $users = $users->onlyTrashed();
-        } elseif (($request->filled('all')) && ($request->input('all') == 'true')) {
-            $users = $users->withTrashed();
-        }
-
         if ($request->filled('activated')) {
             $users = $users->where('users.activated', '=', $request->input('activated'));
         }
@@ -149,6 +145,10 @@ class UsersController extends Controller
             $users = $users->where('remote', '=', $request->input('remote'));
         }
 
+        if ($request->filled('vip')) {
+            $users = $users->where('vip', '=', $request->input('vip'));
+        }
+
         if ($request->filled('two_factor_enrolled')) {
             $users = $users->where('two_factor_enrolled', '=', $request->input('two_factor_enrolled'));
         }
@@ -181,19 +181,19 @@ class UsersController extends Controller
             $users->has('accessories', '=', $request->input('accessories_count'));
         }
 
+        if ($request->filled('autoassign_licenses')) {
+            $users->where('autoassign_licenses', '=', $request->input('autoassign_licenses'));
+        }
+
         if ($request->filled('search')) {
             $users = $users->TextSearch($request->input('search'));
         }
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $offset = (($users) && (request('offset') > $users->count())) ? 0 : request('offset', 0);
 
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($users) && ($request->get('offset') > $users->count())) ? $users->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $users->count()) ? $users->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
 
 
         switch ($request->input('sort')) {
@@ -212,6 +212,14 @@ class UsersController extends Controller
             case 'company':
                 $users = $users->OrderCompany($order);
                 break;
+            case 'first_name':
+                $users->orderBy('first_name', $order);
+                $users->orderBy('last_name', $order);
+                break;
+            case 'last_name':
+                $users->orderBy('last_name', $order);
+                $users->orderBy('first_name', $order);
+                break;
             default:
                 $allowed_columns =
                     [
@@ -246,8 +254,10 @@ class UsersController extends Controller
                         'two_factor_optin',
                         'two_factor_enrolled',
                         'remote',
+                        'vip',
                         'start_date',
                         'end_date',
+                        'autoassign_licenses',
                     ];
 
                 $sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'first_name';
@@ -255,6 +265,14 @@ class UsersController extends Controller
                 break;
         }
 
+        if (($request->filled('deleted')) && ($request->input('deleted') == 'true')) {
+            $users = $users->onlyTrashed();
+        } elseif (($request->filled('all')) && ($request->input('all') == 'true')) {
+            $users = $users->withTrashed();
+        }
+
+        $users = Company::scopeCompanyables($users);
+        
         $total = $users->count();
         $users = $users->skip($offset)->take($limit)->get();
 
@@ -286,9 +304,11 @@ class UsersController extends Controller
         $users = Company::scopeCompanyables($users);
 
         if ($request->filled('search')) {
-            $users = $users->SimpleNameSearch($request->get('search'))
+            $users = $users->where(function ($query) use ($request) {
+                $query->SimpleNameSearch($request->get('search'))
                     ->orWhere('username', 'LIKE', '%'.$request->get('search').'%')
                     ->orWhere('employee_num', 'LIKE', '%'.$request->get('search').'%');
+            });
         }
 
         $users = $users->orderBy('last_name', 'asc')->orderBy('first_name', 'asc');
@@ -343,8 +363,12 @@ class UsersController extends Controller
             $user->permissions = $permissions_array;
         }
 
-        $tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 20);
-        $user->password = bcrypt($request->get('password', $tmp_pass));
+        // 
+        if ($request->filled('password')) {
+            $user->password = bcrypt($request->get('password'));
+        } else {
+            $user->password = $user->noPassword();
+        }
 
         app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
         
@@ -449,6 +473,13 @@ class UsersController extends Controller
 
             // Check if the request has groups passed and has a value
             if ($request->filled('groups')) {
+                $validator = Validator::make($request->all(), [
+                    'groups.*' => 'integer|exists:permission_groups,id',
+                ]);
+                
+                if ($validator->fails()){
+                    return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
+                }
                 $user->groups()->sync($request->input('groups'));
             // The groups field has been passed but it is null, so we should blank it out
             } elseif ($request->has('groups')) {

app/Http/Controllers/AssetMaintenancesController.php

@@ -101,7 +101,7 @@ class AssetMaintenancesController extends Controller
         $assetMaintenance = new AssetMaintenance();
         $assetMaintenance->supplier_id = $request->input('supplier_id');
         $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost = Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost = $request->input('cost');
         $assetMaintenance->notes = $request->input('notes');
         $asset = Asset::find($request->input('asset_id'));
 
@@ -211,7 +211,7 @@ class AssetMaintenancesController extends Controller
 
         $assetMaintenance->supplier_id = $request->input('supplier_id');
         $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost =  $request->input('cost');
         $assetMaintenance->notes = $request->input('notes');
 
         $asset = Asset::find(request('asset_id'));

app/Http/Controllers/AssetModelsController.php

@@ -6,6 +6,7 @@ use App\Helpers\Helper;
 use App\Http\Requests\ImageUploadRequest;
 use App\Models\AssetModel;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\View;
 use Illuminate\Support\Facades\Validator;
@@ -76,14 +77,15 @@ class AssetModelsController extends Controller
         $model->depreciation_id = $request->input('depreciation_id');
         $model->name = $request->input('name');
         $model->model_number = $request->input('model_number');
+        $model->min_amt = $request->input('min_amt');
         $model->manufacturer_id = $request->input('manufacturer_id');
         $model->category_id = $request->input('category_id');
         $model->notes = $request->input('notes');
         $model->user_id = Auth::id();
         $model->requestable = Request::has('requestable');
 
-        if ($request->input('custom_fieldset') != '') {
-            $model->fieldset_id = e($request->input('custom_fieldset'));
+        if ($request->input('fieldset_id') != '') {
+            $model->fieldset_id = e($request->input('fieldset_id'));
         }
 
         $model = $request->handleImages($model);
@@ -153,6 +155,7 @@ class AssetModelsController extends Controller
         $model->eol = $request->input('eol');
         $model->name = $request->input('name');
         $model->model_number = $request->input('model_number');
+        $model->min_amt = $request->input('min_amt');
         $model->manufacturer_id = $request->input('manufacturer_id');
         $model->category_id = $request->input('category_id');
         $model->notes = $request->input('notes');
@@ -160,10 +163,10 @@ class AssetModelsController extends Controller
 
         $this->removeCustomFieldsDefaultValues($model);
 
-        if ($request->input('custom_fieldset') == '') {
+        if ($request->input('fieldset_id') == '') {
             $model->fieldset_id = null;
         } else {
-            $model->fieldset_id = $request->input('custom_fieldset');
+            $model->fieldset_id = $request->input('fieldset_id');
 
             if ($this->shouldAddDefaultValues($request->input())) {
                 if (!$this->assignCustomFieldsDefaultValues($model, $request->input('default_values'))){
@@ -172,7 +175,14 @@ class AssetModelsController extends Controller
             }
         }
        
+      
+       
         if ($model->save()) {
+            if ($model->wasChanged('eol')) {
+                    $newEol = $model->eol; 
+                    $model->assets()->whereNotNull('purchase_date')->where('eol_explicit', false)
+                        ->update(['asset_eol_date' => DB::raw('DATE_ADD(purchase_date, INTERVAL ' . $newEol . ' MONTH)')]);
+                }
             return redirect()->route('models.index')->with('success', trans('admin/models/message.update.success'));
         }
 
@@ -286,6 +296,7 @@ class AssetModelsController extends Controller
         return view('models/edit')
             ->with('depreciation_list', Helper::depreciationList())
             ->with('item', $model)
+            ->with('model_id', $model_to_clone->id)
             ->with('clone_model', $model_to_clone);
     }
 
@@ -444,7 +455,7 @@ class AssetModelsController extends Controller
     {
         return ! empty($input['add_default_values'])
             && ! empty($input['default_values'])
-            && ! empty($input['custom_fieldset']);
+            && ! empty($input['fieldset_id']);
     }
 
     /**

app/Http/Controllers/AssetModelsFilesController.php

@@ -78,7 +78,7 @@ class AssetModelsFilesController extends Controller
      * @return View
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
-    public function show($modelId = null, $fileId = null, $download = true)
+    public function show($modelId = null, $fileId = null)
     {
         $model = AssetModel::find($modelId);
         // the asset is valid
@@ -99,12 +99,13 @@ class AssetModelsFilesController extends Controller
                     ->header('Content-Type', 'text/plain');
             }
 
-            if ($download != 'true') {
-                if ($contents = file_get_contents(Storage::url($file))) {
-                    return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                }
+            if (request('inline') == 'true') {
 
-                return JsonResponse::create(['error' => 'Failed validation: '], 500);
+                $headers = [
+                    'Content-Disposition' => 'inline',
+                ];
+
+                return Storage::download($file, $log->filename, $headers);
             }
 
             return StorageHelper::downloader($file);

app/Http/Controllers/Assets/AssetCheckinController.php

@@ -68,6 +68,7 @@ class AssetCheckinController extends Controller
 
         $asset->expected_checkin = null;
         $asset->last_checkout = null;
+        $asset->last_checkin = now();
         $asset->assigned_to = null;
         $asset->assignedTo()->disassociate($asset);
         $asset->assigned_type = null;
@@ -94,18 +95,25 @@ class AssetCheckinController extends Controller
             \Log::debug('Manually override the location IDs');
             \Log::debug('Original Location ID: '.$asset->location_id);
             $asset->location_id = '';
-            \Log::debug('New RTD Location ID: '.$asset->location_id);
+            \Log::debug('New Location ID: '.$asset->location_id);
         }
 
         $asset->location_id = $asset->rtd_location_id;
 
         if ($request->filled('location_id')) {
             \Log::debug('NEW Location ID: '.$request->get('location_id'));
-            $asset->location_id = e($request->get('location_id'));
+            $asset->location_id = $request->get('location_id');
+
+            if ($request->get('update_default_location') == 0){
+                $asset->rtd_location_id = $request->get('location_id');
             }
+        }
+
+        $originalValues = $asset->getRawOriginal();
 
         $checkin_at = date('Y-m-d H:i:s');
         if (($request->filled('checkin_at')) && ($request->get('checkin_at') != date('Y-m-d'))) {
+            $originalValues['action_date'] = $checkin_at;
             $checkin_at = $request->get('checkin_at');
         }
 
@@ -128,7 +136,7 @@ class AssetCheckinController extends Controller
 
         // Was the asset updated?
         if ($asset->save()) {
-            event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note'), $checkin_at));
+            event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note'), $checkin_at, $originalValues));
 
             if ((isset($user)) && ($backto == 'user')) {
                 return redirect()->route('users.show', $user->id)->with('success', trans('admin/hardware/message.checkin.success'));

app/Http/Controllers/Assets/AssetCheckoutController.php

@@ -27,7 +27,7 @@ class AssetCheckoutController extends Controller
     public function create($assetId)
     {
         // Check if the asset exists
-        if (is_null($asset = Asset::find(e($assetId)))) {
+        if (is_null($asset = Asset::with('company')->find(e($assetId)))) {
             return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
         }
 
@@ -89,6 +89,15 @@ class AssetCheckoutController extends Controller
                 }
             }
 
+            $settings = \App\Models\Setting::getSettings();
+
+            // We have to check whether $target->company_id is null here since locations don't have a company yet
+            if (($settings->full_multiple_companies_support) && ((!is_null($target->company_id)) &&  (!is_null($asset->company_id)))) {
+                if ($target->company_id != $asset->company_id){
+                    return redirect()->to("hardware/$assetId/checkout")->with('error', trans('general.error_user_company'));
+                }
+            }
+            
             if ($asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), $request->get('name'))) {
                 return redirect()->route('hardware.index')->with('success', trans('admin/hardware/message.checkout.success'));
             }

app/Http/Controllers/Assets/AssetFilesController.php

@@ -79,14 +79,14 @@ class AssetFilesController extends Controller
      * @return View
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
-    public function show($assetId = null, $fileId = null, $download = true)
+    public function show($assetId = null, $fileId = null)
     {
         $asset = Asset::find($assetId);
         // the asset is valid
         if (isset($asset->id)) {
             $this->authorize('view', $asset);
 
-            if (! $log = Actionlog::find($fileId)) {
+            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $asset->id)->find($fileId)) {
                 return response('No matching record for that asset/file', 500)
                     ->header('Content-Type', 'text/plain');
             }
@@ -103,12 +103,13 @@ class AssetFilesController extends Controller
                     ->header('Content-Type', 'text/plain');
             }
 
-            if ($download != 'true') {
-                if ($contents = file_get_contents(Storage::url($file))) {
-                    return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                }
+            if (request('inline') == 'true') {
 
-                return JsonResponse::create(['error' => 'Failed validation: '], 500);
+                $headers = [
+                    'Content-Disposition' => 'inline',
+                ];
+
+                return Storage::download($file, $log->filename, $headers);
             }
 
             return StorageHelper::downloader($file);

app/Http/Controllers/Assets/AssetsController.php

@@ -6,32 +6,27 @@ use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\ImageUploadRequest;
 use App\Models\Actionlog;
+use Illuminate\Support\Facades\Log;
 use App\Models\Asset;
 use App\Models\AssetModel;
 use App\Models\CheckoutRequest;
 use App\Models\Company;
 use App\Models\Location;
 use App\Models\Setting;
+use App\Models\Statuslabel;
 use App\Models\User;
-use Auth;
+use Illuminate\Support\Facades\Auth;
+use App\View\Label;
 use Carbon\Carbon;
-use DB;
-use Gate;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\View;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Crypt;
 use Illuminate\Support\Facades\Storage;
-use Illuminate\Support\Facades\Cookie;
-use Input;
-use Intervention\Image\Facades\Image;
+use Illuminate\Support\Facades\Validator;
 use League\Csv\Reader;
-use League\Csv\Statement;
-use Paginator;
-use Redirect;
-use Response;
-use Slack;
-use Str;
-use TCPDF;
-use View;
+use Illuminate\Support\Facades\Redirect;
 
 /**
  * This class controls all actions related to assets for
@@ -140,8 +135,9 @@ class AssetsController extends Controller
             $asset->depreciate              = '0';
             $asset->status_id               = request('status_id');
             $asset->warranty_months         = request('warranty_months', null);
-            $asset->purchase_cost           = Helper::ParseCurrency($request->get('purchase_cost'));
+            $asset->purchase_cost           = request('purchase_cost');
             $asset->purchase_date           = request('purchase_date', null);
+            $asset->asset_eol_date          = request('asset_eol_date', $asset->present()->eol_date());
             $asset->assigned_to             = request('assigned_to', null);
             $asset->supplier_id             = request('supplier_id', null);
             $asset->requestable             = request('requestable', 0);
@@ -170,9 +166,9 @@ class AssetsController extends Controller
                     if ($field->field_encrypted == '1') {
                         if (Gate::allows('admin')) {
                             if (is_array($request->input($field->db_column))) {
-                                $asset->{$field->db_column} = \Crypt::encrypt(implode(', ', $request->input($field->db_column)));
+                                $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                             } else {
-                                $asset->{$field->db_column} = \Crypt::encrypt($request->input($field->db_column));
+                                $asset->{$field->db_column} = Crypt::encrypt($request->input($field->db_column));
                             }
                         }
                     } else {
@@ -295,10 +291,10 @@ class AssetsController extends Controller
     /**
      * Validate and process asset edit form.
      *
-     * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param int $assetId
+     * @return \Illuminate\Http\RedirectResponse|Redirect
      *@since [v1.0]
-     * @return Redirect
+     * @author [A. Gianotto] [<snipe@snipe.net>]
      */
     public function update(ImageUploadRequest $request, $assetId = null)
     {
@@ -311,8 +307,24 @@ class AssetsController extends Controller
 
         $asset->status_id = $request->input('status_id', null);
         $asset->warranty_months = $request->input('warranty_months', null);
-        $asset->purchase_cost = Helper::ParseCurrency($request->input('purchase_cost', null));
+        $asset->purchase_cost = $request->input('purchase_cost', null);
         $asset->purchase_date = $request->input('purchase_date', null); 
+        if ($request->filled('purchase_date') && !$request->filled('asset_eol_date') && $asset->model->eol) {
+            $asset->purchase_date = $request->input('purchase_date', null); 
+            $asset->asset_eol_date = Carbon::parse($request->input('purchase_date'))->addMonths($asset->model->eol)->format('Y-m-d');
+        } elseif ($request->filled('asset_eol_date')) {
+           $asset->asset_eol_date = $request->input('asset_eol_date', null);
+           $months = Carbon::parse($asset->asset_eol_date)->diffInMonths($asset->purchase_date);
+           if($asset->model->eol) {
+               if($months != $asset->model->eol) {
+                   $asset->eol_explicit = true;
+               } else {
+                   $asset->eol_explicit = false;
+               }
+           } else {
+               $asset->eol_explicit = true;
+           }
+        }
         $asset->supplier_id = $request->input('supplier_id', null);
         $asset->expected_checkin = $request->input('expected_checkin', null);
 
@@ -321,6 +333,12 @@ class AssetsController extends Controller
         $asset->rtd_location_id = $request->input('rtd_location_id', null);
         $asset->byod = $request->input('byod', 0);
 
+        $status = Statuslabel::find($asset->status_id);
+
+        if($status->archived){
+            $asset->assigned_to = null;
+        }
+
         if ($asset->assigned_to == '') {
             $asset->location_id = $request->input('rtd_location_id', null);
         }
@@ -331,7 +349,7 @@ class AssetsController extends Controller
                 unlink(public_path().'/uploads/assets/'.$asset->image);
                 $asset->image = '';
             } catch (\Exception $e) {
-                \Log::info($e);
+                Log::info($e);
             }
         }
 
@@ -359,9 +377,9 @@ class AssetsController extends Controller
                 if ($field->field_encrypted == '1') {
                     if (Gate::allows('admin')) {
                         if (is_array($request->input($field->db_column))) {
-                            $asset->{$field->db_column} = \Crypt::encrypt(implode(', ', $request->input($field->db_column)));
+                            $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                         } else {
-                            $asset->{$field->db_column} = \Crypt::encrypt($request->input($field->db_column));
+                            $asset->{$field->db_column} = Crypt::encrypt($request->input($field->db_column));
                         }
                     }
                 } else {
@@ -409,7 +427,7 @@ class AssetsController extends Controller
             try {
                 Storage::disk('public')->delete('assets'.'/'.$asset->image);
             } catch (\Exception $e) {
-                \Log::debug($e);
+                Log::debug($e);
             }
         }
 
@@ -443,11 +461,12 @@ class AssetsController extends Controller
      * @since [v3.0]
      * @return Redirect
      */
-    public function getAssetByTag(Request $request)
+    public function getAssetByTag(Request $request, $tag=null)
     {
+        $tag = $tag ? $tag : $request->get('assetTag');
         $topsearch = ($request->get('topsearch') == 'true');
 
-        if (! $asset = Asset::where('asset_tag', '=', $request->get('assetTag'))->first()) {
+        if (! $asset = Asset::where('asset_tag', '=', $tag)->first()) {
             return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
         }
         $this->authorize('view', $asset);
@@ -523,7 +542,7 @@ class AssetsController extends Controller
 
                     return response($barcode_obj->getPngData())->header('Content-type', 'image/png');
                 } catch (\Exception $e) {
-                    \Log::debug('The barcode format is invalid.');
+                    Log::debug('The barcode format is invalid.');
 
                     return response(file_get_contents(public_path('uploads/barcodes/invalid_barcode.gif')))->header('Content-type', 'image/gif');
                 }
@@ -544,9 +563,11 @@ class AssetsController extends Controller
             $asset = Asset::find($assetId);
             $this->authorize('view', $asset);
 
-            return view('hardware/labels')
-                ->with('assets', Asset::find($asset))
+            return (new Label())
+                ->with('assets', collect([ $asset ]))
                 ->with('settings', Setting::getSettings())
+                ->with('template', request()->get('template'))
+                ->with('offset', request()->get('offset'))
                 ->with('bulkedit', false)
                 ->with('count', 0);
         }
@@ -624,7 +645,11 @@ class AssetsController extends Controller
         $csv->setHeaderOffset(0);
         $header = $csv->getHeader();
         $isCheckinHeaderExplicit = in_array('checkin date', (array_map('strtolower', $header)));
+        try {
             $results = $csv->getRecords();
+        } catch (\Exception $e) {
+            return back()->with('error', trans('general.error_in_import_file', ['error' => $e->getMessage()]));
+        } 
         $item = [];
         $status = [];
         $status['error'] = [];
@@ -760,7 +785,7 @@ class AssetsController extends Controller
     }
 
     /**
-     * Retore a deleted asset.
+     * Restore a deleted asset.
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param int $assetId
@@ -838,7 +863,7 @@ class AssetsController extends Controller
             'next_audit_date' => 'date|nullable',
         ];
 
-        $validator = \Validator::make($request->all(), $rules);
+        $validator = Validator::make($request->all(), $rules);
 
         if ($validator->fails()) {
             return response()->json(Helper::formatStandardApiResponse('error', null, $validator->errors()->all()));
@@ -855,7 +880,7 @@ class AssetsController extends Controller
         // Check to see if they checked the box to update the physical location,
         // not just note it in the audit notes
         if ($request->input('update_location') == '1') {
-            \Log::debug('update location in audit');
+            Log::debug('update location in audit');
             $asset->location_id = $request->input('location_id');
         }
 

app/Http/Controllers/Assets/BulkAssetsController.php

@@ -8,11 +8,13 @@ use App\Http\Controllers\CheckInOutRequest;
 use App\Http\Controllers\Controller;
 use App\Models\Asset;
 use App\Models\Setting;
+use App\View\Label;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Session;
 use App\Http\Requests\AssetCheckoutRequest;
+use App\Models\CustomField;
 
 class BulkAssetsController extends Controller
 {
@@ -29,7 +31,7 @@ class BulkAssetsController extends Controller
      */
     public function edit(Request $request)
     {
-        $this->authorize('update', Asset::class);
+        $this->authorize('view', Asset::class);
       
         if (! $request->filled('ids')) {
             return redirect()->back()->with('error', trans('admin/hardware/message.update.no_assets_selected'));
@@ -41,25 +43,58 @@ class BulkAssetsController extends Controller
 
         $asset_ids = array_values(array_unique($request->input('ids')));
        
+        //custom fields logic
+        $asset_custom_field = Asset::with(['model.fieldset.fields', 'model'])->whereIn('id', $asset_ids)->whereHas('model', function ($query) {
+            return $query->where('fieldset_id', '!=', null);
+        })->get();
+
+        $models = $asset_custom_field->unique('model_id');  
+        $modelNames = [];
+        foreach($models as $model) {
+            $modelNames[] = $model->model->name;
+        } 
+
         if ($request->filled('bulk_actions')) {
             switch ($request->input('bulk_actions')) {
                 case 'labels':
-                    return view('hardware/labels')
-                        ->with('assets', Asset::find($asset_ids))
+                    $this->authorize('view', Asset::class);
+                    $assets_found = Asset::find($asset_ids);
+                    
+                    if ($assets_found->isEmpty()){
+                        return redirect()->back();
+                    }
+
+                    return (new Label)
+                        ->with('assets', $assets_found)
                         ->with('settings', Setting::getSettings())
                         ->with('bulkedit', true)
                         ->with('count', 0);
+
                 case 'delete':
+                    $this->authorize('delete', Asset::class);
                     $assets = Asset::with('assignedTo', 'location')->find($asset_ids);
                     $assets->each(function ($asset) {
                         $this->authorize('delete', $asset);
                     });
 
                     return view('hardware/bulk-delete')->with('assets', $assets);
+                   
+                case 'restore':
+                    $this->authorize('update', Asset::class);
+                    $assets = Asset::withTrashed()->find($asset_ids); 
+                    $assets->each(function ($asset) {
+                        $this->authorize('delete', $asset);
+                    });
+
+                    return view('hardware/bulk-restore')->with('assets', $assets);
+
                 case 'edit':
+                    $this->authorize('update', Asset::class);
                     return view('hardware/bulk')
                         ->with('assets', $asset_ids)
-                        ->with('statuslabel_list', Helper::statusLabelList());
+                        ->with('statuslabel_list', Helper::statusLabelList())
+                        ->with('models', $models->pluck(['model'])) 
+                        ->with('modelNames', $modelNames);
             }
         }
 
@@ -77,6 +112,7 @@ class BulkAssetsController extends Controller
     public function update(Request $request)
     {
         $this->authorize('update', Asset::class);
+        $error_bag = [];
 
         // Get the back url from the session and then destroy the session
         $bulk_back_url = route('hardware.index');
@@ -85,12 +121,21 @@ class BulkAssetsController extends Controller
         }
 
 
-        if (! $request->filled('ids') || count($request->input('ids')) <= 0) {
+      $custom_field_columns = CustomField::all()->pluck('db_column')->toArray(); 
+     
+        if(Session::exists('ids')) {
+            $assets = Session::get('ids'); 
+        } elseif (! $request->filled('ids') || count($request->input('ids')) <= 0) {
             return redirect($bulk_back_url)->with('error', trans('admin/hardware/message.update.no_assets_selected'));
         }
          
         $assets = array_keys($request->input('ids'));
         
+       if ($request->anyFilled($custom_field_columns)) {
+           $custom_fields_present = true;
+         } else {
+           $custom_fields_present = false;
+         }
         if (($request->filled('purchase_date'))
             || ($request->filled('expected_checkin'))
             || ($request->filled('purchase_cost'))
@@ -102,8 +147,12 @@ class BulkAssetsController extends Controller
             || ($request->filled('company_id'))
             || ($request->filled('status_id'))
             || ($request->filled('model_id'))
+            || ($request->filled('next_audit_date'))
             || ($request->filled('null_purchase_date'))
             || ($request->filled('null_expected_checkin_date'))
+            || ($request->filled('null_next_audit_date'))
+            || ($request->anyFilled($custom_field_columns))
+
         ) {
             foreach ($assets as $assetId) {
 
@@ -116,7 +165,11 @@ class BulkAssetsController extends Controller
                     ->conditionallyAddItem('requestable')
                     ->conditionallyAddItem('status_id')
                     ->conditionallyAddItem('supplier_id')
-                    ->conditionallyAddItem('warranty_months');
+                    ->conditionallyAddItem('warranty_months')
+                    ->conditionallyAddItem('next_audit_date');
+                    foreach ($custom_field_columns as $key => $custom_field_column) {
+                        $this->conditionallyAddItem($custom_field_column); 
+                   } 
 
                 if ($request->input('null_purchase_date')=='1') {
                     $this->update_array['purchase_date'] = null;
@@ -126,8 +179,12 @@ class BulkAssetsController extends Controller
                     $this->update_array['expected_checkin'] = null;
                 }
 
+                if ($request->input('null_next_audit_date')=='1') {
+                    $this->update_array['next_audit_date'] = null;
+                }
+
                 if ($request->filled('purchase_cost')) {
-                    $this->update_array['purchase_cost'] =  Helper::ParseCurrency($request->input('purchase_cost'));
+                    $this->update_array['purchase_cost'] =  $request->input('purchase_cost');
                 }
 
                 if ($request->filled('company_id')) {
@@ -145,11 +202,11 @@ class BulkAssetsController extends Controller
                 }
 
                 $changed = [];
-                $asset = Asset::where('id' ,$assetId)->get();
+                $assetCollection = Asset::where('id' ,$assetId)->get();
 
                 foreach ($this->update_array as $key => $value) {
-                    if ($this->update_array[$key] != $asset->toArray()[0][$key]) {
-                        $changed[$key]['old'] = $asset->toArray()[0][$key];
+                    if ($this->update_array[$key] != $assetCollection->toArray()[0][$key]) {
+                        $changed[$key]['old'] = $assetCollection->toArray()[0][$key];
                         $changed[$key]['new'] = $this->update_array[$key];
                     }
                 }
@@ -162,16 +219,46 @@ class BulkAssetsController extends Controller
                 $logAction->log_meta = json_encode($changed);
                 $logAction->logaction('update');
  
-                DB::table('assets')
-                    ->where('id', $assetId)
-                    ->update($this->update_array);
-            } // endforeach
-
-            return redirect($bulk_back_url)->with('success', trans('admin/hardware/message.update.success'));
-
-
+                if($custom_fields_present) { 
+                    $asset = Asset::find($assetId); 
+                    $assetCustomFields = $asset->model()->first()->fieldset; 
+                    if($assetCustomFields && $assetCustomFields->fields) {
+                            foreach ($assetCustomFields->fields as $field) { 
+                                if (array_key_exists($field->db_column, $this->update_array)) {
+                                        $asset->{$field->db_column} = $this->update_array[$field->db_column]; 
+                                        $saved = $asset->save();    
+                                        if(!$saved) {
+                                            $error_bag[] = $asset->getErrors();
+                                        }
+                                        continue; 
+                                } else { 
+                                        $array = $this->update_array; 
+                                        array_except($array, $field->db_column); 
+                                        $asset->save($array); 
+                                    }     
+                                    if (!$asset->save()) {
+                                        $error_bag[] = $asset->getErrors();
+                                } 
+                    } 
+                }
+                } else {
+                    Asset::find($assetId)->update($this->update_array);
+                } 
+            } 
+            if(!empty($error_bag)) {
+                $errors = [];
+               //find the customfield name from the name of the messagebag items 
+                foreach ($error_bag as $key => $bag) {
+                  foreach($bag->keys() as $key => $value) {
+                        CustomField::where('db_column', $value)->get()->map(function($item) use (&$errors) {
+                            $errors[] = $item->name; 
+                        });
+                    }
+                }
+                return redirect($bulk_back_url)->with('bulk_errors', array_unique($errors));
+              }
+            return redirect($bulk_back_url)->with('success', trans('admin/hardware/message.update.success'));
         }
-
         // no values given, nothing to update
         return redirect($bulk_back_url)->with('warning', trans('admin/hardware/message.update.nothing_updated'));
     }
@@ -288,7 +375,8 @@ class BulkAssetsController extends Controller
                 foreach ($asset_ids as $asset_id) {
                     $asset = Asset::findOrFail($asset_id);
                     $this->authorize('checkout', $asset);
-                    $error = $asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), null);
+
+                    $error = $asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), $asset->name, null);
 
                     if ($target->location_id != '') {
                         $asset->location_id = $target->location_id;
@@ -311,5 +399,19 @@ class BulkAssetsController extends Controller
         } catch (ModelNotFoundException $e) {
             return redirect()->route('hardware.bulkcheckout.show')->with('error', $e->getErrors());
         }
+        
+    }
+    public function restore(Request $request) {
+        $this->authorize('update', Asset::class);
+       $assetIds = $request->get('ids');
+      if (empty($assetIds)) {
+          return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.restore.nothing_updated'));
+        } else {
+            foreach ($assetIds as $key => $assetId) {
+                    $asset = Asset::withTrashed()->find($assetId);
+                    $asset->restore(); 
+            } 
+        return redirect()->route('hardware.index')->with('success', trans('admin/hardware/message.restore.success'));
+        }
     }
 }

app/Http/Controllers/Auth/LoginController.php

@@ -191,9 +191,11 @@ class LoginController extends Controller
 
              $ldap_attr = Ldap::parseAndMapLdapAttributes($ldap_user);
 
+            $user->password = $user->noPassword();
             if (Setting::getSettings()->ldap_pw_sync=='1') {
                 $user->password = bcrypt($request->input('password'));
             }
+
             $user->email = $ldap_attr['email'];
             $user->first_name = $ldap_attr['firstname'];
             $user->last_name = $ldap_attr['lastname']; //FIXME (or TODO?) - do we need to map additional fields that we now support? E.g. country, phone, etc.

app/Http/Controllers/BulkAssetModelsController.php

@@ -92,7 +92,7 @@ class BulkAssetModelsController extends Controller
             AssetModel::whereIn('id', $models_raw_array)->update($update_array);
 
             return redirect()->route('models.index')
-                ->with('success', trans('admin/models/message.bulkedit.success'));
+                ->with('success', trans_choice('admin/models/message.bulkedit.success', count($models_raw_array), ['model_count' => count($models_raw_array)]));
         }
 
         return redirect()->route('models.index')

app/Http/Controllers/CompaniesController.php

@@ -60,6 +60,9 @@ final class CompaniesController extends Controller
 
         $company = new Company;
         $company->name = $request->input('name');
+        $company->phone = $request->input('phone');
+        $company->fax = $request->input('fax');
+        $company->email = $request->input('email');
 
         $company = $request->handleImages($company);
 
@@ -111,6 +114,9 @@ final class CompaniesController extends Controller
         $this->authorize('update', $company);
 
         $company->name = $request->input('name');
+        $company->phone = $request->input('phone');
+        $company->fax = $request->input('fax');
+        $company->email = $request->input('email');
 
         $company = $request->handleImages($company);
 
@@ -119,8 +125,7 @@ final class CompaniesController extends Controller
                 ->with('success', trans('admin/companies/message.update.success'));
         }
 
-        return redirect()->route('companies.edit', ['company' => $companyId])
-            ->with('error', trans('admin/companies/message.update.error'));
+        return redirect()->back()->withInput()->withErrors($company->getErrors());
     }
 
     /**

app/Http/Controllers/Components/ComponentCheckinController.php

@@ -56,10 +56,11 @@ class ComponentCheckinController extends Controller
      * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
-    public function store(Request $request, $component_asset_id)
+    public function store(Request $request, $component_asset_id, $backto = null)
     {
         if ($component_assets = DB::table('components_assets')->find($component_asset_id)) {
             if (is_null($component = Component::find($component_assets->component_id))) {
+
                 return redirect()->route('components.index')->with('error',
                     trans('admin/components/message.not_found'));
             }
@@ -95,6 +96,10 @@ class ComponentCheckinController extends Controller
             $asset = Asset::find($component_assets->asset_id);
 
             event(new CheckoutableCheckedIn($component, $asset, Auth::user(), $request->input('note'), Carbon::now()));
+            if($backto == 'asset'){
+                return redirect()->route('hardware.view', $asset->id)->with('success',
+                    trans('admin/components/message.checkin.success'));
+            }
 
             return redirect()->route('components.index')->with('success',
                 trans('admin/components/message.checkin.success'));

app/Http/Controllers/Components/ComponentCheckoutController.php

@@ -33,6 +33,11 @@ class ComponentCheckoutController extends Controller
         }
         $this->authorize('checkout', $component);
 
+        // Make sure there is at least one available to checkout
+        if ($component->numRemaining() <= 0){
+            return redirect()->route('components.index')->with('error', trans('admin/components/message.checkout.unavailable'));
+        }
+
         return view('components/checkout', compact('component'));
     }
 
@@ -50,7 +55,7 @@ class ComponentCheckoutController extends Controller
     public function store(Request $request, $componentId)
     {
         // Check if the component exists
-        if (is_null($component = Component::find($componentId))) {
+        if (!$component = Component::find($componentId)) {
             // Redirect to the component management page with error
             return redirect()->route('components.index')->with('error', trans('admin/components/message.not_found'));
         }
@@ -58,9 +63,15 @@ class ComponentCheckoutController extends Controller
         $this->authorize('checkout', $component);
 
         $max_to_checkout = $component->numRemaining();
+
+        // Make sure there are at least the requested number of components available to checkout
+        if ($max_to_checkout < $request->get('assigned_qty')) {
+            return redirect()->back()->withInput()->with('error', trans('admin/components/message.checkout.unavailable', ['remaining' => $max_to_checkout, 'requested' => $request->get('assigned_qty')]));
+        }
+
         $validator = Validator::make($request->all(), [
-            'asset_id'          => 'required',
-            'assigned_qty'      => "required|numeric|between:1,$max_to_checkout",
+            'asset_id'          => 'required|exists:assets,id',
+            'assigned_qty'      => "required|numeric|min:1|digits_between:1,$max_to_checkout",
         ]);
 
         if ($validator->fails()) {
@@ -69,24 +80,17 @@ class ComponentCheckoutController extends Controller
                 ->withInput();
         }
 
-        $admin_user = Auth::user();
-        $asset_id = e($request->input('asset_id'));
-
         // Check if the user exists
-        if (is_null($asset = Asset::find($asset_id))) {
-            // Redirect to the component management page with error
-            return redirect()->route('components.index')->with('error', trans('admin/components/message.asset_does_not_exist'));
-        }
+        $asset = Asset::find($request->input('asset_id'));
 
         // Update the component data
-        $component->asset_id = $asset_id;
-
+        $component->asset_id = $request->input('asset_id');
         $component->assets()->attach($component->id, [
             'component_id' => $component->id,
-            'user_id' => $admin_user->id,
+            'user_id' => Auth::user(),
             'created_at' => date('Y-m-d H:i:s'),
             'assigned_qty' => $request->input('assigned_qty'),
-            'asset_id' => $asset_id,
+            'asset_id' => $request->input('asset_id'),
             'note' => $request->input('note'),
         ]);
 

app/Http/Controllers/Components/ComponentsController.php

@@ -71,13 +71,14 @@ class ComponentsController extends Controller
         $component = new Component();
         $component->name                   = $request->input('name');
         $component->category_id            = $request->input('category_id');
+        $component->supplier_id            = $request->input('supplier_id');
         $component->location_id            = $request->input('location_id');
         $component->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
         $component->order_number           = $request->input('order_number', null);
         $component->min_amt                = $request->input('min_amt', null);
         $component->serial                 = $request->input('serial', null);
         $component->purchase_date          = $request->input('purchase_date', null);
-        $component->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost', null));
+        $component->purchase_cost          = $request->input('purchase_cost', null);
         $component->qty                    = $request->input('qty');
         $component->user_id                = Auth::id();
         $component->notes                  = $request->input('notes');
@@ -145,13 +146,14 @@ class ComponentsController extends Controller
         // Update the component data
         $component->name                   = $request->input('name');
         $component->category_id            = $request->input('category_id');
+        $component->supplier_id            = $request->input('supplier_id');
         $component->location_id            = $request->input('location_id');
         $component->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
         $component->order_number           = $request->input('order_number');
         $component->min_amt                = $request->input('min_amt');
         $component->serial                 = $request->input('serial');
         $component->purchase_date          = $request->input('purchase_date');
-        $component->purchase_cost          = Helper::ParseCurrency(request('purchase_cost'));
+        $component->purchase_cost          = request('purchase_cost');
         $component->qty                    = $request->input('qty');
         $component->notes                  = $request->input('notes');
 

app/Http/Controllers/Components/ComponentsFilesController.php

@@ -132,7 +132,7 @@ class ComponentsFilesController extends Controller
      * @return \Symfony\Component\HttpFoundation\Response
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
-    public function show($componentId = null, $fileId = null, $download = true)
+    public function show($componentId = null, $fileId = null)
     {
         \Log::debug('Private filesystem is: '.config('filesystems.default'));
         $component = Component::find($componentId);
@@ -142,7 +142,7 @@ class ComponentsFilesController extends Controller
             $this->authorize('view', $component);
             $this->authorize('components.files', $component);
 
-            if (! $log = Actionlog::find($fileId)) {
+            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $component->id)->find($fileId)) {
                 return response('No matching record for that asset/file', 500)
                     ->header('Content-Type', 'text/plain');
             }
@@ -157,20 +157,16 @@ class ComponentsFilesController extends Controller
                     ->header('Content-Type', 'text/plain');
             } else {
 
+                // Display the file inline
+                if (request('inline') == 'true') {
+                    $headers = [
+                        'Content-Disposition' => 'inline',
+                    ];
+                    return Storage::download($file, $log->filename, $headers);
+                }
+
                 if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
                     return StorageHelper::downloader($file);
-                } else {
-                    if ($download != 'true') {
-                        \Log::debug('display the file');
-                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
-                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                        }
-
-                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
-                    }
-
-                    return StorageHelper::downloader($file);
-
                 } 
             }
         }

app/Http/Controllers/Consumables/ConsumableCheckoutController.php

@@ -24,9 +24,16 @@ class ConsumableCheckoutController extends Controller
      */
     public function create($consumableId)
     {
-        if (is_null($consumable = Consumable::find($consumableId))) {
+
+        if (is_null($consumable = Consumable::with('users')->find($consumableId))) {
             return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist'));
         }
+
+        // Make sure there is at least one available to checkout
+        if ($consumable->numRemaining() <= 0){
+            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.checkout.unavailable'));
+        }
+
         $this->authorize('checkout', $consumable);
 
         return view('consumables/checkout', compact('consumable'));
@@ -44,12 +51,18 @@ class ConsumableCheckoutController extends Controller
      */
     public function store(Request $request, $consumableId)
     {
-        if (is_null($consumable = Consumable::find($consumableId))) {
+        if (is_null($consumable = Consumable::with('users')->find($consumableId))) {
             return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.not_found'));
         }
 
         $this->authorize('checkout', $consumable);
 
+        // Make sure there is at least one available to checkout
+        if ($consumable->numRemaining() <= 0) {
+            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.checkout.unavailable'));
+        }
+
+
         $admin_user = Auth::user();
         $assigned_to = e($request->input('assigned_to'));
 

app/Http/Controllers/Consumables/ConsumablesController.php

@@ -68,6 +68,7 @@ class ConsumablesController extends Controller
         $consumable = new Consumable();
         $consumable->name                   = $request->input('name');
         $consumable->category_id            = $request->input('category_id');
+        $consumable->supplier_id            = $request->input('supplier_id');
         $consumable->location_id            = $request->input('location_id');
         $consumable->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
         $consumable->order_number           = $request->input('order_number');
@@ -76,7 +77,7 @@ class ConsumablesController extends Controller
         $consumable->model_number           = $request->input('model_number');
         $consumable->item_no                = $request->input('item_no');
         $consumable->purchase_date          = $request->input('purchase_date');
-        $consumable->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost'));
+        $consumable->purchase_cost          = $request->input('purchase_cost');
         $consumable->qty                    = $request->input('qty');
         $consumable->user_id                = Auth::id();
         $consumable->notes                  = $request->input('notes');
@@ -144,6 +145,7 @@ class ConsumablesController extends Controller
 
         $consumable->name                   = $request->input('name');
         $consumable->category_id            = $request->input('category_id');
+        $consumable->supplier_id            = $request->input('supplier_id');
         $consumable->location_id            = $request->input('location_id');
         $consumable->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
         $consumable->order_number           = $request->input('order_number');
@@ -152,7 +154,7 @@ class ConsumablesController extends Controller
         $consumable->model_number           = $request->input('model_number');
         $consumable->item_no                = $request->input('item_no');
         $consumable->purchase_date          = $request->input('purchase_date');
-        $consumable->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost'));
+        $consumable->purchase_cost          = $request->input('purchase_cost');
         $consumable->qty                    = Helper::ParseFloat($request->input('qty'));
         $consumable->notes                  = $request->input('notes');
 

app/Http/Controllers/Consumables/ConsumablesFilesController.php

@@ -131,7 +131,7 @@ class ConsumablesFilesController extends Controller
      * @return \Symfony\Consumable\HttpFoundation\Response
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
-    public function show($consumableId = null, $fileId = null, $download = true)
+    public function show($consumableId = null, $fileId = null)
     {
         $consumable = Consumable::find($consumableId);
 
@@ -140,7 +140,7 @@ class ConsumablesFilesController extends Controller
             $this->authorize('view', $consumable);
             $this->authorize('consumables.files', $consumable);
 
-            if (! $log = Actionlog::find($fileId)) {
+            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $consumable->id)->find($fileId)) {
                 return response('No matching record for that asset/file', 500)
                     ->header('Content-Type', 'text/plain');
             }
@@ -155,22 +155,19 @@ class ConsumablesFilesController extends Controller
                     ->header('Content-Type', 'text/plain');
             } else {
 
+                // Display the file inline
+                if (request('inline') == 'true') {
+                    $headers = [
+                        'Content-Disposition' => 'inline',
+                    ];
+                    return Storage::download($file, $log->filename, $headers);
+                }
+
+
                 // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
                 // won't work, as they're not accessible via the web
                 if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
                     return StorageHelper::downloader($file);
-                } else {
-                    if ($download != 'true') {
-                        \Log::debug('display the file');
-                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
-                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                        }
-
-                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
-                    }
-
-                    return StorageHelper::downloader($file);
-
                 }
             }
         }

app/Http/Controllers/Controller.php

@@ -9,11 +9,11 @@
  *
  * **THIS DOCUMENTATION DOES NOT COVER INSTALLATION.** If you're here and you're not a
  * developer, you're probably in the wrong place. Please see the
- * [Installation documentation](http://docs.snipeitapp.com) for
+ * [Installation documentation](https://snipe-it.readme.io) for
  * information on how to install Snipe-IT.
  *
  * To learn how to set up a development environment and get started developing for Snipe-IT,
- * please see the [contributing documentation](http://docs.snipeitapp.com/contributing.html).
+ * please see the [contributing documentation](https://snipe-it.readme.io/docs/contributing-overview).
  *
  * Only the Snipe-IT specific controllers, models, helpers, service providers,
  * etc have been included in this documentation (excluding vendors, Laravel core, etc)

app/Http/Controllers/CustomFieldsController.php

@@ -7,6 +7,7 @@ use App\Http\Requests\CustomFieldRequest;
 use App\Models\CustomField;
 use App\Models\CustomFieldset;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Http\Request;
 use Redirect;
 
 /**
@@ -45,7 +46,7 @@ class CustomFieldsController extends Controller
      * @see CustomFieldsController::storeField()
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v5.1.5]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function show()
@@ -63,14 +64,17 @@ class CustomFieldsController extends Controller
      * @return \Illuminate\Support\Facades\View
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
-    public function create()
+    public function create(Request $request)
     {
         $this->authorize('create', CustomField::class);
+        $fieldsets = CustomFieldset::get();
 
         return view('custom_fields.fields.edit', [
             'predefinedFormats' => Helper::predefined_formats(),
             'customFormat' => '',
-        ])->with('field', new CustomField());
+            'fieldsets' => $fieldsets,
+            'field' => new CustomField(),
+        ]);
     }
 
     /**
@@ -79,7 +83,7 @@ class CustomFieldsController extends Controller
      * @see CustomFieldsController::createField()
      * @author [Brady Wetherington] [<uberbrady@gmail.com>]
      * @since [v1.8]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function store(CustomFieldRequest $request)
@@ -104,6 +108,8 @@ class CustomFieldsController extends Controller
             "show_in_email" => $show_in_email,
             "is_unique" => $request->get("is_unique", 0),
             "display_in_user_view" => $display_in_user_view,
+            "auto_add_to_fieldsets" => $request->get("auto_add_to_fieldsets", 0),
+            "show_in_listview" => $request->get("show_in_listview", 0),
             "user_id" => Auth::id()
         ]);
 
@@ -115,10 +121,20 @@ class CustomFieldsController extends Controller
         }
 
         if ($field->save()) {
+
+            // Sync fields with fieldsets
+            $fieldset_array = $request->input('associate_fieldsets');
+            if ($request->has('associate_fieldsets') && (is_array($fieldset_array))) {
+                $field->fieldset()->sync(array_keys($fieldset_array));
+            } else {
+                $field->fieldset()->sync([]);
+            }
+
+
             return redirect()->route('fields.index')->with('success', trans('admin/custom_fields/message.field.create.success'));
         }
 
-        return redirect()->back()->withInput()
+        return redirect()->back()->with('selected_fieldsets', $request->input('associate_fieldsets'))->withInput()
             ->with('error', trans('admin/custom_fields/message.field.create.error'));
     }
 
@@ -128,7 +144,7 @@ class CustomFieldsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v3.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function deleteFieldFromFieldset($field_id, $fieldset_id)
@@ -148,7 +164,6 @@ class CustomFieldsController extends Controller
             } else {
                 return redirect()->back()->withErrors(['message' => "Field is in use and cannot be deleted."]);
             }
-
         }
 
         return redirect()->back()->withErrors(['message' => "Error deleting field from fieldset"]);
@@ -161,7 +176,7 @@ class CustomFieldsController extends Controller
      *
      * @author [Brady Wetherington] [<uberbrady@gmail.com>]
      * @since [v1.8]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function destroy($field_id)
@@ -190,12 +205,12 @@ class CustomFieldsController extends Controller
      * @return \Illuminate\Support\Facades\View
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
-    public function edit($id)
+    public function edit(Request $request, $id)
     {
         if ($field = CustomField::find($id)) {
 
         $this->authorize('update', $field);
-
+        $fieldsets = CustomFieldset::get();
         $customFormat = '';
         if ((stripos($field->format, 'regex') === 0) && ($field->format !== CustomField::PREDEFINED_FORMATS['MAC'])) {
             $customFormat = $field->format;
@@ -204,6 +219,7 @@ class CustomFieldsController extends Controller
         return view('custom_fields.fields.edit', [
             'field'             => $field,
             'customFormat'      => $customFormat,
+            'fieldsets'         => $fieldsets,
             'predefinedFormats' => Helper::predefined_formats(),
         ]);
         } 
@@ -222,7 +238,7 @@ class CustomFieldsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param  int $id
      * @since [v4.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function update(CustomFieldRequest $request, $id)
@@ -249,6 +265,8 @@ class CustomFieldsController extends Controller
         $field->show_in_email = $show_in_email;
         $field->is_unique     = $request->get("is_unique", 0);
         $field->display_in_user_view = $display_in_user_view;
+        $field->auto_add_to_fieldsets = $request->get("auto_add_to_fieldsets", 0);
+        $field->show_in_listview = $request->get("show_in_listview", 0);
 
         if ($request->get('format') == 'CUSTOM REGEX') {
             $field->format = e($request->get('custom_format'));
@@ -261,6 +279,16 @@ class CustomFieldsController extends Controller
         }
 
         if ($field->save()) {
+
+
+            // Sync fields with fieldsets
+            $fieldset_array = $request->input('associate_fieldsets');
+            if ($request->has('associate_fieldsets') && (is_array($fieldset_array))) {
+                $field->fieldset()->sync(array_keys($fieldset_array));
+            } else {
+                $field->fieldset()->sync([]);
+            }
+
             return redirect()->route('fields.index')->with('success', trans('admin/custom_fields/message.field.update.success'));
         }
 

app/Http/Controllers/CustomFieldsetsController.php

@@ -93,16 +93,27 @@ class CustomFieldsetsController extends Controller
     {
         $this->authorize('create', CustomField::class);
 
-        $cfset = new CustomFieldset([
-                'name' => e($request->get('name')),
+        $fieldset = new CustomFieldset([
+                'name' => $request->get('name'),
                 'user_id' => Auth::user()->id,
         ]);
 
-        $validator = Validator::make($request->all(), $cfset->rules);
-        if ($validator->passes()) {
-            $cfset->save();
+        $validator = Validator::make($request->all(), $fieldset->rules);
 
-            return redirect()->route('fieldsets.show', [$cfset->id])
+        if ($validator->passes()) {
+            $fieldset->save();
+
+            // Sync fieldset with auto_add_to_fieldsets
+            $fields = CustomField::select('id')->where('auto_add_to_fieldsets', '=', '1')->get();
+            if ($fields->count() > 0) {
+                foreach ($fields as $field) {
+                    $field_ids[] = $field->id;
+                }
+
+                $fieldset->fields()->sync($field_ids);
+            }
+
+            return redirect()->route('fieldsets.show', [$fieldset->id])
                 ->with('success', trans('admin/custom_fields/message.fieldset.create.success'));
         }
 

app/Http/Controllers/DepartmentsController.php

@@ -170,6 +170,8 @@ class DepartmentsController extends Controller
         $department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
         $department->location_id = ($request->filled('location_id') ? $request->input('location_id') : null);
         $department->company_id = ($request->filled('company_id') ? $request->input('company_id') : null);
+        $department->phone = $request->input('phone');
+        $department->fax = $request->input('fax');
 
         $department = $request->handleImages($department);
 

app/Http/Controllers/GoogleAuthController.php

@@ -0,0 +1,74 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+use App\Models\User;
+use Illuminate\Support\Facades\Auth;
+use Laravel\Socialite\Facades\Socialite;
+use Laravel\Socialite\Two\InvalidStateException;
+use App\Models\Setting;
+
+
+class GoogleAuthController extends Controller
+{
+    /**
+     * We need this constructor so that we override the socialite expected config variables,
+     * since we want to allow this to be changed via database fields
+     */
+    public function __construct()
+    {
+        parent::__construct();
+        $setting = Setting::getSettings();
+        config(['services.google.redirect' => config('app.url').'/google/callback']);
+        config(['services.google.client_id' => $setting->google_client_id]);
+        config(['services.google.client_secret' => $setting->google_client_secret]);
+    }
+
+    public function redirectToGoogle()
+    {
+        return Socialite::driver('google')->redirect();
+    }
+
+    public function handleGoogleCallback()
+    {
+        try {
+            $socialUser = Socialite::driver('google')->user();
+            \Log::debug('Google user found in Google Workspace');
+        } catch (InvalidStateException $exception) {
+            \Log::debug('Google user NOT found in Google Workspace');
+            return redirect()->route('login')
+                ->withErrors(
+                    [
+                        'username' => [
+                           trans('auth/general.google_login_failed')
+                        ],
+                    ]
+                );
+        }
+
+
+        $user = User::where('username', $socialUser->getEmail())->first();
+
+
+        if ($user) {
+            \Log::debug('Google user '.$socialUser->getEmail().' found in Snipe-IT');
+            $user->update([
+                'avatar'   => $socialUser->avatar,
+            ]);
+
+            Auth::login($user, true);
+            return redirect()->route('home');
+        }
+
+        \Log::debug('Google user '.$socialUser->getEmail().' NOT found in Snipe-IT');
+        return redirect()->route('login')
+            ->withErrors(
+                [
+                    'username' => [
+                        trans('auth/general.google_login_failed'),
+                    ],
+                ]
+            );
+    }
+}

app/Http/Controllers/GroupsController.php

@@ -92,7 +92,7 @@ class GroupsController extends Controller
             return view('groups.edit', compact('group', 'permissions', 'selected_array', 'groupPermissions'));
         }
 
-        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found'));
+        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
     }
 
     /**
@@ -107,7 +107,7 @@ class GroupsController extends Controller
     public function update(Request $request, $id = null)
     {
         if (! $group = Group::find($id)) {
-            return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', compact('id')));
+            return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
         }
         $group->name = $request->input('name');
         $group->permissions = json_encode($request->input('permission'));
@@ -133,14 +133,13 @@ class GroupsController extends Controller
      * @return \Illuminate\Http\RedirectResponse
      * @throws \Exception
      */
-    public function destroy($id = null)
+    public function destroy($id)
     {
         if (! config('app.lock_passwords')) {
             if (! $group = Group::find($id)) {
-                return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', compact('id')));
+                return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
             }
             $group->delete();
-            // Redirect to the group management page
             return redirect()->route('groups.index')->with('success', trans('admin/groups/message.success.delete'));
         }
 
@@ -164,6 +163,6 @@ class GroupsController extends Controller
             return view('groups/view', compact('group'));
         }
 
-        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', compact('id')));
+        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
     }
 }

app/Http/Controllers/ImportsController.php

@@ -1,22 +0,0 @@
-<?php
-
-namespace App\Http\Controllers;
-
-use App\Http\Transformers\ImportsTransformer;
-use App\Models\Asset;
-use App\Models\Import;
-
-class ImportsController extends Controller
-{
-    /**
-     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
-     * @throws \Illuminate\Auth\Access\AuthorizationException
-     */
-    public function index()
-    {
-        $this->authorize('import');
-        $imports = (new ImportsTransformer)->transformImports(Import::latest()->get());
-
-        return view('importer/import')->with('imports', $imports);
-    }
-}

app/Http/Controllers/LabelsController.php

@@ -0,0 +1,77 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Models\Asset;
+use App\Models\AssetModel;
+use App\Models\Category;
+use App\Models\Company;
+use App\Models\Labels\Label;
+use App\Models\Manufacturer;
+use App\Models\Setting;
+use App\Models\User;
+use App\View\Label as LabelView;
+use Illuminate\Support\Facades\Storage;
+
+class LabelsController extends Controller
+{
+    /**
+     * Returns the Label view with test data
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @param  string  $labelName
+     * @return \Illuminate\Contracts\View\View
+     */
+    public function show(string $labelName)
+    {
+        $labelName = str_replace('/', '\\', $labelName);
+        $template = Label::find($labelName);
+
+        $exampleAsset = new Asset();
+
+        $exampleAsset->id = 999999;
+        $exampleAsset->name = 'JEN-867-5309';
+        $exampleAsset->asset_tag = '100001';
+        $exampleAsset->serial = 'SN9876543210';
+
+        $exampleAsset->company = new Company();
+        $exampleAsset->company->id = 999999;
+        $exampleAsset->company->name = 'Test Company Limited';
+        $exampleAsset->company->image = 'company-image-test.png';
+
+        $exampleAsset->assignedto = new User();
+        $exampleAsset->assignedto->id = 999999;
+        $exampleAsset->assignedto->first_name = 'Test';
+        $exampleAsset->assignedto->last_name = 'Person';
+        $exampleAsset->assignedto->username = 'Test.Person';
+        $exampleAsset->assignedto->employee_num = '0123456789';
+
+        $exampleAsset->model = new AssetModel();
+        $exampleAsset->model->id = 999999;
+        $exampleAsset->model->name = 'Test Model';
+        $exampleAsset->model->model_number = 'MDL5678';
+        $exampleAsset->model->manufacturer = new Manufacturer();
+        $exampleAsset->model->manufacturer->id = 999999;
+        $exampleAsset->model->manufacturer->name = 'Test Manufacturing Inc.';
+        $exampleAsset->model->category = new Category();
+        $exampleAsset->model->category->id = 999999;
+        $exampleAsset->model->category->name = 'Test Category';
+
+        $settings = Setting::getSettings();
+        if (request()->has('settings')) {
+            $overrides = request()->get('settings');
+            foreach ($overrides as $key => $value) {
+                $settings->$key = $value;
+            }
+        }
+
+        return (new LabelView())
+            ->with('assets', collect([$exampleAsset]))
+            ->with('settings', $settings)
+            ->with('template', $template)
+            ->with('bulkedit', false)
+            ->with('count', 0);
+
+        return redirect()->route('home')->with('error', trans('admin/labels/message.does_not_exist'));
+    }
+}

app/Http/Controllers/Licenses/LicenseCheckinController.php

@@ -59,6 +59,12 @@ class LicenseCheckinController extends Controller
         }
 
         $license = License::find($licenseSeat->license_id);
+
+        // LicenseSeat is not assigned, it can't be checked in
+        if (is_null($licenseSeat->assigned_to) && is_null($licenseSeat->asset_id)) {
+            return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.checkin.error'));
+        }
+
         $this->authorize('checkout', $license);
 
         if (! $license->reassignable) {
@@ -70,7 +76,7 @@ class LicenseCheckinController extends Controller
 
         // Declare the rules for the form validation
         $rules = [
-            'note'   => 'string|nullable',
+            'notes'   => 'string|nullable',
         ];
 
         // Create a new validator instance from our validation rules
@@ -91,6 +97,7 @@ class LicenseCheckinController extends Controller
         // Update the asset data
         $licenseSeat->assigned_to = null;
         $licenseSeat->asset_id = null;
+        $licenseSeat->notes = $request->input('notes');
 
         // Was the asset updated?
         if ($licenseSeat->save()) {
@@ -106,4 +113,61 @@ class LicenseCheckinController extends Controller
         // Redirect to the license page with error
         return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.checkin.error'));
     }
+
+    /**
+     * Bulk checkin all license seats
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @see LicenseCheckinController::create() method that provides the form view
+     * @since [v6.1.1]
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+
+    public function bulkCheckin(Request $request, $licenseId) {
+
+        $license = License::findOrFail($licenseId);
+        $this->authorize('checkin', $license);
+
+        if (! $license->reassignable) {
+            // Not allowed to checkin
+            Session::flash('error', 'License not reassignable.');
+
+            return redirect()->back()->withInput();
+        }
+
+        $licenseSeatsByUser = LicenseSeat::where('license_id', '=', $licenseId)
+            ->whereNotNull('assigned_to')
+            ->with('user')
+            ->get();
+
+        foreach ($licenseSeatsByUser as $user_seat) {
+            $user_seat->assigned_to = null;
+
+            if ($user_seat->save()) {
+                \Log::debug('Checking in '.$license->name.' from user '.$user_seat->username);
+                $user_seat->logCheckin($user_seat->user, trans('admin/licenses/general.bulk.checkin_all.log_msg'));
+            }
+        }
+
+        $licenseSeatsByAsset = LicenseSeat::where('license_id', '=', $licenseId)
+            ->whereNotNull('asset_id')
+            ->with('asset')
+            ->get();
+
+        $count = 0;
+        foreach ($licenseSeatsByAsset as $asset_seat) {
+            $asset_seat->asset_id = null;
+
+            if ($asset_seat->save()) {
+                \Log::debug('Checking in '.$license->name.' from asset '.$asset_seat->asset_tag);
+                $asset_seat->logCheckin($asset_seat->asset, trans('admin/licenses/general.bulk.checkin_all.log_msg'));
+                $count++;
+            }
+        }
+
+        return redirect()->back()->with('success', trans_choice('admin/licenses/general.bulk.checkin_all.success', 2, ['count' => $count] ));
+
+    }
+
 }

app/Http/Controllers/Licenses/LicenseCheckoutController.php

@@ -30,15 +30,17 @@ class LicenseCheckoutController extends Controller
         // Check that the license is valid
         if ($license = License::find($licenseId)) {
 
+            $this->authorize('checkout', $license);
             // If the license is valid, check that there is an available seat
             if ($license->avail_seats_count < 1) {
                 return redirect()->route('licenses.index')->with('error', 'There are no available seats for this license');
             }
+            return view('licenses/checkout', compact('license'));
         }
 
-        $this->authorize('checkout', $license);
+        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
+
 
-        return view('licenses/checkout', compact('license'));
     }
 
     /**
@@ -61,6 +63,7 @@ class LicenseCheckoutController extends Controller
 
         $licenseSeat = $this->findLicenseSeatToCheckout($license, $seatId);
         $licenseSeat->user_id = Auth::id();
+        $licenseSeat->notes = $request->input('notes');
         
 
         $checkoutMethod = 'checkoutTo'.ucwords(request('checkout_to_type'));
@@ -126,4 +129,70 @@ class LicenseCheckoutController extends Controller
 
         return false;
     }
+
+    /**
+     * Bulk checkin all license seats
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @see LicenseCheckinController::create() method that provides the form view
+     * @since [v6.1.1]
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+
+    public function bulkCheckout($licenseId) {
+
+        \Log::debug('Checking out '.$licenseId.' via bulk');
+        $license = License::findOrFail($licenseId);
+        $this->authorize('checkin', $license);
+        $avail_count = $license->getAvailSeatsCountAttribute();
+
+        $users = User::whereNull('deleted_at')->where('autoassign_licenses', '=', 1)->with('licenses')->get();
+        \Log::debug($avail_count.' will be assigned');
+
+        if ($users->count() > $avail_count) {
+            \Log::debug('You do not have enough free seats to complete this task, so we will check out as many as we can. ');
+        }
+
+        // If the license is valid, check that there is an available seat
+        if ($license->availCount()->count() < 1) {
+            return redirect()->back()->with('error', trans('admin/licenses/general.bulk.checkout_all.error_no_seats'));
+        }
+
+
+        $assigned_count = 0;
+
+        foreach ($users as $user) {
+
+            // Check to make sure this user doesn't already have this license checked out to them
+            if ($user->licenses->where('id', '=', $licenseId)->count()) {
+                \Log::debug($user->username.' already has this license checked out to them. Skipping... ');
+                continue;
+            }
+
+            $licenseSeat = $license->freeSeat();
+
+            // Update the seat with checkout info
+            $licenseSeat->assigned_to = $user->id;
+
+            if ($licenseSeat->save()) {
+                $avail_count--;
+                $assigned_count++;
+                $licenseSeat->logCheckout(trans('admin/licenses/general.bulk.checkout_all.log_msg'), $user);
+                \Log::debug('License '.$license->name.' seat '.$licenseSeat->id.' checked out to '.$user->username);
+            }
+
+            if ($avail_count ==  0) {
+                return redirect()->back()->with('warning', trans('admin/licenses/general.bulk.checkout_all.warn_not_enough_seats', ['count' => $assigned_count]));
+            }
+        }
+
+        if ($assigned_count ==  0) {
+            return redirect()->back()->with('warning', trans('admin/licenses/general.bulk.checkout_all.warn_no_avail_users', ['count' => $assigned_count]));
+        }
+
+        return redirect()->back()->with('success', trans_choice('admin/licenses/general.bulk.checkout_all.success', 2, ['count' => $assigned_count] ));
+
+
+    }
 }

app/Http/Controllers/Licenses/LicenseFilesController.php

@@ -91,12 +91,11 @@ class LicenseFilesController extends Controller
      */
     public function destroy($licenseId = null, $fileId = null)
     {
-        $license = License::find($licenseId);
+        if ($license = License::find($licenseId)) {
 
-        // the asset is valid
-        if (isset($license->id)) {
             $this->authorize('update', $license);
-            $log = Actionlog::find($fileId);
+
+            if ($log = Actionlog::find($fileId)) {
 
                 // Remove the file if one exists
                 if (Storage::exists('licenses/'.$log->filename)) {
@@ -113,7 +112,9 @@ class LicenseFilesController extends Controller
                     ->with('success', trans('admin/hardware/message.deletefile.success'));
             }
 
-        // Redirect to the licence management page
+            return redirect()->route('licenses.index')->with('error', trans('general.log_does_not_exist'));
+        }
+
         return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
     }
 
@@ -129,7 +130,6 @@ class LicenseFilesController extends Controller
      */
     public function show($licenseId = null, $fileId = null, $download = true)
     {
-        \Log::info('Private filesystem is: '.config('filesystems.default'));
         $license = License::find($licenseId);
 
         // the license is valid
@@ -137,7 +137,7 @@ class LicenseFilesController extends Controller
             $this->authorize('view', $license);
             $this->authorize('licenses.files', $license);
 
-            if (! $log = Actionlog::find($fileId)) {
+            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $license->id)->find($fileId)) {
                 return response('No matching record for that asset/file', 500)
                     ->header('Content-Type', 'text/plain');
             }
@@ -152,21 +152,19 @@ class LicenseFilesController extends Controller
                     ->header('Content-Type', 'text/plain');
             } else {
 
+                if (request('inline') == 'true') {
+
+                    $headers = [
+                        'Content-Disposition' => 'inline',
+                    ];
+
+                    return Storage::download($file, $log->filename, $headers);
+                }
+
                 // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
                 // won't work, as they're not accessible via the web
                 if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
                     return StorageHelper::downloader($file);
-                } else {
-                    if ($download != 'true') {
-                        \Log::debug('display the file');
-                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
-                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                        }
-
-                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
-                    }
-
-                    return StorageHelper::downloader($file);
 
                 }
             }

app/Http/Controllers/Licenses/LicensesController.php

@@ -6,6 +6,8 @@ use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Models\Company;
 use App\Models\License;
+use App\Models\LicenseSeat;
+use App\Models\User;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
@@ -86,7 +88,7 @@ class LicensesController extends Controller
         $license->name              = $request->input('name');
         $license->notes             = $request->input('notes');
         $license->order_number      = $request->input('order_number');
-        $license->purchase_cost     = Helper::ParseCurrency($request->input('purchase_cost'));
+        $license->purchase_cost     = $request->input('purchase_cost');
         $license->purchase_date     = $request->input('purchase_date');
         $license->purchase_order    = $request->input('purchase_order');
         $license->purchase_order    = $request->input('purchase_order');
@@ -164,7 +166,7 @@ class LicensesController extends Controller
         $license->name              = $request->input('name');
         $license->notes             = $request->input('notes');
         $license->order_number      = $request->input('order_number');
-        $license->purchase_cost     = Helper::ParseCurrency($request->input('purchase_cost'));
+        $license->purchase_cost     = $request->input('purchase_cost');
         $license->purchase_date     = $request->input('purchase_date');
         $license->purchase_order    = $request->input('purchase_order');
         $license->reassignable      = $request->input('reassignable', 0);
@@ -205,7 +207,7 @@ class LicensesController extends Controller
         if ($license->assigned_seats_count == 0) {
             // Delete the license and the associated license seats
             DB::table('license_seats')
-                ->where('id', $license->id)
+                ->where('license_id', $license->id)
                 ->update(['assigned_to' => null, 'asset_id' => null]);
 
             $licenseSeats = $license->licenseseats();
@@ -233,16 +235,40 @@ class LicensesController extends Controller
     {
         $license = License::with('assignedusers')->find($licenseId);
 
-        if ($license) {
-            $this->authorize('view', $license);
-
-            return view('licenses/view', compact('license'));
-        }
-
+        if (!$license) {
             return redirect()->route('licenses.index')
             ->with('error', trans('admin/licenses/message.does_not_exist'));
         }
 
+        $users_count = User::where('autoassign_licenses', '1')->count();
+        $total_seats_count = $license->totalSeatsByLicenseID();
+        $available_seats_count = $license->availCount()->count();
+        $checkedout_seats_count = ($total_seats_count - $available_seats_count);
+
+        \Log::debug('Total: '.$total_seats_count);
+        \Log::debug('Users: '.$users_count);
+        \Log::debug('Available: '.$available_seats_count);
+        \Log::debug('Checkedout: '.$checkedout_seats_count);
+
+
+        $this->authorize('view', $license);
+        return view('licenses.view', compact('license'))
+            ->with('users_count', $users_count)
+            ->with('total_seats_count', $total_seats_count)
+            ->with('available_seats_count', $available_seats_count)
+            ->with('checkedout_seats_count', $checkedout_seats_count);
+
+    }
+
+
+    /**
+     * Returns a view with prepopulated data for clone
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param int $licenseId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
     public function getClone($licenseId = null)
     {
         if (is_null($license_to_clone = License::find($licenseId))) {

app/Http/Controllers/LocationsController.php

@@ -79,6 +79,8 @@ class LocationsController extends Controller
         $location->ldap_ou = $request->input('ldap_ou');
         $location->manager_id = $request->input('manager_id');
         $location->user_id = Auth::id();
+        $location->phone = request('phone');
+        $location->fax = request('fax');
 
         $location = $request->handleImages($location);
 
@@ -139,6 +141,8 @@ class LocationsController extends Controller
         $location->state = $request->input('state');
         $location->country = $request->input('country');
         $location->zip = $request->input('zip');
+        $location->phone = request('phone');
+        $location->fax = request('fax');
         $location->ldap_ou = $request->input('ldap_ou');
         $location->manager_id = $request->input('manager_id');
 
@@ -227,6 +231,36 @@ class LocationsController extends Controller
 
     }
 
+
+    /**
+     * Returns a view that presents a form to clone a location.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param int $locationId
+     * @since [v6.0.14]
+     * @return View
+     */
+    public function getClone($locationId = null)
+    {
+        $this->authorize('create', Location::class);
+
+        // Check if the asset exists
+        if (is_null($location_to_clone = Location::find($locationId))) {
+            // Redirect to the asset management page
+            return redirect()->route('licenses.index')->with('error', trans('admin/locations/message.does_not_exist'));
+        }
+
+        $location = clone $location_to_clone;
+
+        // unset these values
+        $location->id = null;
+        $location->image = null;
+
+        return view('locations/edit')
+            ->with('item', $location);
+    }
+
+
     public function print_all_assigned($id)
     {
         if ($location = Location::where('id', $id)->first()) {

app/Http/Controllers/ManufacturersController.php

@@ -68,6 +68,7 @@ class ManufacturersController extends Controller
         $manufacturer->user_id = Auth::id();
         $manufacturer->url = $request->input('url');
         $manufacturer->support_url = $request->input('support_url');
+        $manufacturer->warranty_lookup_url = $request->input('warranty_lookup_url');
         $manufacturer->support_phone = $request->input('support_phone');
         $manufacturer->support_email = $request->input('support_email');
         $manufacturer = $request->handleImages($manufacturer);
@@ -127,6 +128,7 @@ class ManufacturersController extends Controller
         $manufacturer->name = $request->input('name');
         $manufacturer->url = $request->input('url');
         $manufacturer->support_url = $request->input('support_url');
+        $manufacturer->warranty_lookup_url = $request->input('warranty_lookup_url');
         $manufacturer->support_phone = $request->input('support_phone');
         $manufacturer->support_email = $request->input('support_email');
 

app/Http/Controllers/ModalController.php

@@ -17,7 +17,7 @@ class ModalController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net]
      * @return View
      */
-    function show ($type, $itemId = null) {
+    public function show ($type, $itemId = null) {
 
         // These values should correspond to a file in resources/views/modals/
         $allowed_types = [

app/Http/Controllers/ProfileController.php

@@ -8,7 +8,7 @@ use App\Models\Setting;
 use App\Models\User;
 use App\Notifications\CurrentInventory;
 use Illuminate\Support\Facades\Auth;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Storage;

app/Http/Controllers/ReportsController.php

@@ -51,9 +51,8 @@ class ReportsController extends Controller
     public function getAccessoryReport()
     {
         $this->authorize('reports.view');
-        $accessories = Accessory::orderBy('created_at', 'DESC')->with('company')->get();
 
-        return view('reports/accessories', compact('accessories'));
+        return view('reports/accessories');
     }
 
     /**
@@ -285,7 +284,7 @@ class ReportsController extends Controller
 
                     $row = [
                         $actionlog->created_at,
-                        ($actionlog->user) ? e($actionlog->user->getFullNameAttribute()) : '',
+                        ($actionlog->admin) ? e($actionlog->admin->getFullNameAttribute()) : '',
                         $actionlog->present()->actionType(),
                         e($actionlog->itemType()),
                         ($actionlog->itemType() == 'user') ? $actionlog->filename : $item_name,
@@ -502,7 +501,6 @@ class ReportsController extends Controller
                 $header[] = trans('general.zip');
             }
 
-
             if ($request->filled('assigned_to')) {
                 $header[] = trans('admin/hardware/table.checkoutto');
                 $header[] = trans('general.type');
@@ -533,19 +531,24 @@ class ReportsController extends Controller
             }
 
             if ($request->filled('warranty')) {
-                $header[] = 'Warranty';
-                $header[] = 'Warranty Expires';
+                $header[] = trans('admin/hardware/form.warranty');
+                $header[] = trans('admin/hardware/form.warranty_expires');
             }
+
             if ($request->filled('depreciation')) {
-                $header[] = 'Value';
-                $header[] = 'Diff';
-                $header[] = 'Fully Depreciated';
+                $header[] = trans('admin/hardware/table.book_value');
+                $header[] = trans('admin/hardware/table.diff');
+                $header[] = trans('admin/hardware/form.fully_depreciated');
             }
 
             if ($request->filled('checkout_date')) {
                 $header[] = trans('admin/hardware/table.checkout_date');
             }
 
+            if ($request->filled('checkin_date')) {
+                $header[] = trans('admin/hardware/table.last_checkin_date');
+            }
+
             if ($request->filled('expected_checkin')) {
                 $header[] = trans('admin/hardware/form.expected_checkin');
             }
@@ -591,28 +594,28 @@ class ReportsController extends Controller
             $executionTime = microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'];
             \Log::debug('Added headers: '.$executionTime);
 
-            $assets = \App\Models\Company::scopeCompanyables(Asset::select('assets.*'))->with(
+            $assets = Asset::select('assets.*')->with(
                 'location', 'assetstatus', 'company', 'defaultLoc', 'assignedTo',
                 'model.category', 'model.manufacturer', 'supplier');
             
             if ($request->filled('by_location_id')) {
-                $assets->where('assets.location_id', $request->input('by_location_id'));
+                $assets->whereIn('assets.location_id', $request->input('by_location_id'));
             }
 
             if ($request->filled('by_rtd_location_id')) {
-                $assets->where('assets.rtd_location_id', $request->input('by_rtd_location_id'));
+                $assets->whereIn('assets.rtd_location_id', $request->input('by_rtd_location_id'));
             }
 
             if ($request->filled('by_supplier_id')) {
-                $assets->where('assets.supplier_id', $request->input('by_supplier_id'));
+                $assets->whereIn('assets.supplier_id', $request->input('by_supplier_id'));
             }
 
             if ($request->filled('by_company_id')) {
-                $assets->where('assets.company_id', $request->input('by_company_id'));
+                $assets->whereIn('assets.company_id', $request->input('by_company_id'));
             }
 
             if ($request->filled('by_model_id')) {
-                $assets->where('assets.model_id', $request->input('by_model_id'));
+                $assets->whereIn('assets.model_id', $request->input('by_model_id'));
             }
 
             if ($request->filled('by_category_id')) {
@@ -632,7 +635,7 @@ class ReportsController extends Controller
             }
 
             if ($request->filled('by_status_id')) {
-                $assets->where('assets.status_id', $request->input('by_status_id'));
+                $assets->whereIn('assets.status_id', $request->input('by_status_id'));
             }
 
             if (($request->filled('purchase_start')) && ($request->filled('purchase_end'))) {
@@ -640,7 +643,24 @@ class ReportsController extends Controller
             }
 
             if (($request->filled('created_start')) && ($request->filled('created_end'))) {
-                $assets->whereBetween('assets.created_at', [$request->input('created_start'), $request->input('created_end')]);
+                $created_start = \Carbon::parse($request->input('created_start'))->startOfDay();
+                $created_end = \Carbon::parse($request->input('created_end'))->endOfDay();
+                
+                $assets->whereBetween('assets.created_at', [$created_start, $created_end]);
+            }
+            if (($request->filled('checkout_date_start')) && ($request->filled('checkout_date_end'))) {
+                $checkout_start = \Carbon::parse($request->input('checkout_date_start'))->startOfDay();
+                $checkout_end = \Carbon::parse($request->input('checkout_date_end'))->endOfDay();
+
+                $assets->whereBetween('assets.last_checkout', [$checkout_start, $checkout_end]);
+            }
+
+            if (($request->filled('checkin_date_start'))) {
+                $assets->whereBetween('last_checkin', [
+                    Carbon::parse($request->input('checkin_date_start'))->startOfDay(),
+                    // use today's date is `checkin_date_end` is not provided
+                    Carbon::parse($request->input('checkin_date_end', now()))->endOfDay(),
+                ]);
             }
 
             if (($request->filled('expected_checkin_start')) && ($request->filled('expected_checkin_end'))) {
@@ -648,7 +668,10 @@ class ReportsController extends Controller
             }
 
             if (($request->filled('last_audit_start')) && ($request->filled('last_audit_end'))) {
-                $assets->whereBetween('assets.last_audit_date', [$request->input('last_audit_start'), $request->input('last_audit_end')]);
+                $last_audit_start = \Carbon::parse($request->input('last_audit_start'))->startOfDay();
+                $last_audit_end = \Carbon::parse($request->input('last_audit_end'))->endOfDay();
+
+                $assets->whereBetween('assets.last_audit_date', [$last_audit_start, $last_audit_end]);
             }
 
             if (($request->filled('next_audit_start')) && ($request->filled('next_audit_end'))) {
@@ -664,6 +687,7 @@ class ReportsController extends Controller
                 $assets->onlyTrashed();
             }
 
+            \Log::debug($assets->toSql());
             $assets->orderBy('assets.id', 'ASC')->chunk(20, function ($assets) use ($handle, $customfields, $request) {
             
                 $executionTime = microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'];
@@ -823,6 +847,12 @@ class ReportsController extends Controller
                         $row[] = ($asset->last_checkout) ? $asset->last_checkout : '';
                     }
 
+                    if ($request->filled('checkin_date')) {
+                        $row[] = ($asset->last_checkin)
+                            ? Carbon::parse($asset->last_checkin)->format('Y-m-d')
+                            : '';
+                    }
+
                     if ($request->filled('expected_checkin')) {
                         $row[] = ($asset->expected_checkin) ? $asset->expected_checkin : '';
                     }
@@ -899,12 +929,8 @@ class ReportsController extends Controller
     public function getAssetMaintenancesReport()
     {
         $this->authorize('reports.view');
-        // Grab all the improvements
-        $assetMaintenances = AssetMaintenance::with('asset', 'supplier', 'asset.company')
-                                              ->orderBy('created_at', 'DESC')
-                                              ->get();
 
-        return view('reports/asset_maintenances', compact('assetMaintenances'));
+        return view('reports.asset_maintenances');
     }
 
     /**
@@ -995,7 +1021,12 @@ class ReportsController extends Controller
 
         $assetsForReport = $acceptances
             ->filter(function ($acceptance) {
-                return $acceptance->checkoutable_type == 'App\Models\Asset';
+                $acceptance_checkoutable_flag = false;
+                if ($acceptance->checkoutable){
+                    $acceptance_checkoutable_flag = $acceptance->checkoutable->checkedOutToUser();
+                }
+                
+                return $acceptance->checkoutable_type == 'App\Models\Asset' && $acceptance_checkoutable_flag;
             })
             ->map(function($acceptance) {
                 return ['assetItem' => $acceptance->checkoutable, 'acceptance' => $acceptance];
@@ -1012,20 +1043,31 @@ class ReportsController extends Controller
      * @throws \Illuminate\Auth\Access\AuthorizationException
      * @version v1.0
      */
-    public function sentAssetAcceptanceReminder($acceptanceId = null)
+    public function sentAssetAcceptanceReminder(Request $request)
     {
         $this->authorize('reports.view');
 
-        if (!$acceptance = CheckoutAcceptance::pending()->find($acceptanceId)) {
+        if (!$acceptance = CheckoutAcceptance::pending()->find($request->input('acceptance_id'))) {
+            \Log::debug('No pending acceptances');
             // Redirect to the unaccepted assets report page with error
             return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
         }
+
         $assetItem = $acceptance->checkoutable;
 
+        \Log::debug(print_r($assetItem, true));
+
         if (is_null($acceptance->created_at)){
+            \Log::debug('No acceptance created_at');
             return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
         } else {
-            $logItem = $assetItem->checkouts()->where('created_at', '=', $acceptance->created_at)->get()[0];
+            $logItem_res = $assetItem->checkouts()->where('created_at', '=', $acceptance->created_at)->get();
+
+            if ($logItem_res->isEmpty()){
+                \Log::debug('Acceptance date mismatch');
+                return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
+            }
+            $logItem = $logItem_res[0];
         }
 
         if (!$assetItem->assignedTo->locale){
@@ -1120,8 +1162,6 @@ class ReportsController extends Controller
                 $row[]  = str_replace(',', '', e($item['assetItem']->asset_tag));
                 $row[]  = str_replace(',', '', e(($item['acceptance']->assignedTo) ? $item['acceptance']->assignedTo->present()->name() : trans('admin/reports/general.deleted_user')));
                 $rows[] = implode(',', $row);
-            } else {
-                // Log the error maybe?
             }
         }
 

app/Http/Controllers/SettingsController.php

@@ -65,18 +65,27 @@ class SettingsController extends Controller
             $start_settings['db_error'] = $e->getMessage();
         }
 
-        $protocol = array_key_exists('HTTPS', $_SERVER) && ('on' == $_SERVER['HTTPS']) ? 'https://' : 'http://';
+        if (array_key_exists("HTTP_X_FORWARDED_PROTO", $_SERVER)) {
+            $protocol = $_SERVER["HTTP_X_FORWARDED_PROTO"] . "://";
+        } elseif (array_key_exists('HTTPS', $_SERVER) && ('on' == $_SERVER['HTTPS'])) {
+            $protocol = "https://";
+        } else {
+            $protocol = "http://";
+        }
 
+        if (array_key_exists("HTTP_X_FORWARDED_HOST", $_SERVER)) {
+            $host = $_SERVER["HTTP_X_FORWARDED_HOST"];
+        } else {
             $host = array_key_exists('SERVER_NAME', $_SERVER) ? $_SERVER['SERVER_NAME'] : null;
             $port = array_key_exists('SERVER_PORT', $_SERVER) ? $_SERVER['SERVER_PORT'] : null;
             if (('http://' === $protocol && '80' != $port) || ('https://' === $protocol && '443' != $port)) {
                 $host .= ':'.$port;
             }
+        }
         $pageURL = $protocol.$host.$_SERVER['REQUEST_URI'];
 
-        $start_settings['url_valid'] = (url('/').'/setup' === $pageURL);
-
-        $start_settings['url_config'] = url('/');
+        $start_settings['url_config'] = config('app.url').'/setup';
+        $start_settings['url_valid'] = ($start_settings['url_config'] === $pageURL);
         $start_settings['real_url'] = $pageURL;
         $start_settings['php_version_min'] = true;
 
@@ -111,17 +120,17 @@ class SettingsController extends Controller
             $start_settings['prod'] = true;
         }
 
+        $start_settings['owner'] = '';
+
         if (function_exists('posix_getpwuid')) { // Probably Linux
             $owner = posix_getpwuid(fileowner($_SERVER['SCRIPT_FILENAME']));
+            // This *should* be an array, but we've seen this return a bool in some chrooted environments
+            if (is_array($owner)) {
                 $start_settings['owner'] = $owner['name'];
-        } else { // Windows
-            // TODO: Is there a way of knowing if a windows user has elevated permissions
-            // This just gets the user name, which likely isn't 'root'
-            // $start_settings['owner'] = getenv('USERNAME');
-            $start_settings['owner'] = '';
+            }
         }
 
-        if (('root' === $start_settings['owner']) || ('0' === $start_settings['owner'])) {
+        if (($start_settings['owner'] === 'root') || ($start_settings['owner'] === '0')) {
             $start_settings['owner_is_admin'] = true;
         } else {
             $start_settings['owner_is_admin'] = false;
@@ -581,6 +590,7 @@ class SettingsController extends Controller
         $setting->date_display_format = $request->input('date_display_format');
         $setting->time_display_format = $request->input('time_display_format');
         $setting->digit_separator = $request->input('digit_separator');
+        $setting->name_display_format = $request->input('name_display_format');
 
         if ($setting->save()) {
             return redirect()->route('settings.index')
@@ -679,33 +689,6 @@ class SettingsController extends Controller
         return view('settings.slack', compact('setting'));
     }
 
-    /**
-     * Return a form to allow a super admin to update settings.
-     *
-     * @author [A. Gianotto] [<snipe@snipe.net>]
-     *
-     * @since [v1.0]
-     *
-     * @return View
-     */
-    public function postSlack(SlackSettingsRequest $request)
-    {
-        if (is_null($setting = Setting::getSettings())) {
-            return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
-        }
-
-        $setting->slack_endpoint = $request->input('slack_endpoint');
-        $setting->slack_channel = $request->input('slack_channel');
-        $setting->slack_botname = $request->input('slack_botname');
-
-        if ($setting->save()) {
-            return redirect()->route('settings.index')
-                ->with('success', trans('admin/settings/message.update.success'));
-        }
-
-        return redirect()->back()->withInput()->withErrors($setting->getErrors());
-    }
-
     /**
      * Return a form to allow a super admin to update settings.
      *
@@ -807,7 +790,7 @@ class SettingsController extends Controller
      */
     public function getPhpInfo()
     {
-        if (true === config('app.debug')) {
+        if (config('app.debug') === true) {
             return view('settings.phpinfo');
         }
 
@@ -845,6 +828,14 @@ class SettingsController extends Controller
         if (is_null($setting = Setting::getSettings())) {
             return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
         }
+        $setting->label2_enable = $request->input('label2_enable');
+        $setting->label2_template = $request->input('label2_template');
+        $setting->label2_title = $request->input('label2_title');
+        $setting->label2_asset_logo = $request->input('label2_asset_logo');
+        $setting->label2_1d_type = $request->input('label2_1d_type');
+        $setting->label2_2d_type = $request->input('label2_2d_type');
+        $setting->label2_2d_target = $request->input('label2_2d_target');
+        $setting->label2_fields = $request->input('label2_fields');
         $setting->labels_per_page = $request->input('labels_per_page');
         $setting->labels_width = $request->input('labels_width');
         $setting->labels_height = $request->input('labels_height');
@@ -893,7 +884,7 @@ class SettingsController extends Controller
         }
 
         if ($setting->save()) {
-            return redirect()->route('settings.index')
+            return redirect()->route('settings.labels.index')
                 ->with('success', trans('admin/settings/message.update.success'));
         }
 
@@ -979,6 +970,7 @@ class SettingsController extends Controller
             $setting->ldap_phone_field = $request->input('ldap_phone');
             $setting->ldap_jobtitle = $request->input('ldap_jobtitle');
             $setting->ldap_country = $request->input('ldap_country');
+            $setting->ldap_location = $request->input('ldap_location');
             $setting->ldap_dept = $request->input('ldap_dept');
             $setting->ldap_client_tls_cert   = $request->input('ldap_client_tls_cert');
             $setting->ldap_client_tls_key    = $request->input('ldap_client_tls_key');
@@ -1056,6 +1048,48 @@ class SettingsController extends Controller
         return $pdf_branding;
     }
 
+
+    /**
+     * Show Google login settings form
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.1.1]
+     * @return View
+     */
+    public function getGoogleLoginSettings()
+    {
+        $setting = Setting::getSettings();
+        return view('settings.google', compact('setting'));
+    }
+
+    /**
+     * ShSaveow Google login settings form
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.1.1]
+     * @return View
+     */
+    public function postGoogleLoginSettings(Request $request)
+    {
+        if (!config('app.lock_passwords')) {
+            $setting = Setting::getSettings();
+
+            $setting->google_login = $request->input('google_login', 0);
+            $setting->google_client_id = $request->input('google_client_id');
+            $setting->google_client_secret = $request->input('google_client_secret');
+
+            if ($setting->save()) {
+                return redirect()->route('settings.index')
+                    ->with('success', trans('admin/settings/message.update.success'));
+            }
+
+            return redirect()->back()->withInput()->withErrors($setting->getErrors());
+        }
+
+        return redirect()->back()->with('error', trans('general.feature_disabled'));
+    }
+
+
     /**
      * Show the listing of backups.
      *
@@ -1111,7 +1145,7 @@ class SettingsController extends Controller
     public function postBackups()
     {
         if (! config('app.lock_passwords')) {
-            Artisan::call('backup:run');
+            Artisan::call('snipeit:backup', ['--filename' => 'manual-backup-'.date('Y-m-d-H-i-s')]);
             $output = Artisan::output();
 
             // Backup completed

app/Http/Controllers/Users/BulkUsersController.php

@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers\Users;
 
+use App\Events\UserMerged;
 use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Models\Accessory;
@@ -13,6 +14,7 @@ use App\Models\LicenseSeat;
 use App\Models\ConsumableAssignment;
 use App\Models\Consumable;
 use App\Models\User;
+use Carbon\Carbon;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
@@ -21,7 +23,7 @@ use Illuminate\Support\Facades\Password;
 class BulkUsersController extends Controller
 {
     /**
-     * Returns a view that confirms the user's a bulk delete will be applied to.
+     * Returns a view that confirms the user's a bulk action will be applied to.
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v1.7]
@@ -35,16 +37,32 @@ class BulkUsersController extends Controller
 
         // Make sure there were users selected
         if (($request->filled('ids')) && (count($request->input('ids')) > 0)) {
+
             // Get the list of affected users
             $user_raw_array = request('ids');
             $users = User::whereIn('id', $user_raw_array)
                 ->with('groups', 'assets', 'licenses', 'accessories')->get();
 
+            // bulk edit, display the bulk edit form
             if ($request->input('bulk_actions') == 'edit') {
                 return view('users/bulk-edit', compact('users'))
                     ->with('groups', Group::pluck('name', 'id'));
+
+            // bulk delete, display the bulk delete confirmation form
             } elseif ($request->input('bulk_actions') == 'delete') {
                 return view('users/confirm-bulk-delete')->with('users', $users)->with('statuslabel_list', Helper::statusLabelList());
+
+            // merge, confirm they have at least 2 users selected and display the merge screen
+            } elseif ($request->input('bulk_actions') == 'merge') {
+
+                if (($request->filled('ids')) && (count($request->input('ids')) > 1)) {
+                    return view('users/confirm-merge')->with('users', $users);
+                // Not enough users selected, send them back
+                } else {
+                    return redirect()->back()->with('error', trans('general.not_enough_users_selected', ['count' => 2]));
+                }
+
+            // bulk password reset, just do the thing
             } elseif ($request->input('bulk_actions') == 'bulkpasswordreset') {
                 foreach ($users as $user) {
                     if (($user->activated == '1') && ($user->email != '')) {
@@ -59,7 +77,7 @@ class BulkUsersController extends Controller
             }
         }
 
-        return redirect()->back()->with('error', 'No users selected');
+        return redirect()->back()->with('error', trans('general.no_users_selected'));
     }
 
     /**
@@ -76,7 +94,7 @@ class BulkUsersController extends Controller
         $this->authorize('update', User::class);
 
         if ((! $request->filled('ids')) || $request->input('ids') <= 0) {
-            return redirect()->back()->with('error', 'No users selected');
+            return redirect()->back()->with('error', trans('general.no_users_selected'));
         }
         $user_raw_array = $request->input('ids');
 
@@ -95,7 +113,8 @@ class BulkUsersController extends Controller
             ->conditionallyAddItem('locale')
             ->conditionallyAddItem('remote')
             ->conditionallyAddItem('ldap_import')
-            ->conditionallyAddItem('activated');
+            ->conditionallyAddItem('activated')
+            ->conditionallyAddItem('autoassign_licenses');
 
 
         // If the manager_id is one of the users being updated, generate a warning.
@@ -105,6 +124,11 @@ class BulkUsersController extends Controller
                 'warning' => trans('admin/users/message.bulk_manager_warn'),
             ];
         }
+
+        if ($request->input('null_location_id')=='1') {
+            $this->update_array['location_id'] = null;
+        }
+
         if (! $manager_conflict) {
             $this->conditionallyAddItem('manager_id');
         }
@@ -163,11 +187,11 @@ class BulkUsersController extends Controller
         $this->authorize('update', User::class);
 
         if ((! $request->filled('ids')) || (count($request->input('ids')) == 0)) {
-            return redirect()->back()->with('error', 'No users selected');
+            return redirect()->back()->with('error', trans('general.no_users_selected'));
         }
 
         if (config('app.lock_passwords')) {
-            return redirect()->route('users.index')->with('error', 'Bulk delete is not enabled in this installation');
+            return redirect()->route('users.index')->with('error', trans('general.feature_disabled'));
         }
 
         $user_raw_array = request('ids');
@@ -249,4 +273,80 @@ class BulkUsersController extends Controller
             $logAction->logaction('checkin from');
         }
     }
+
+    /**
+     * Save bulk-edited users
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param Request $request
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function merge(Request $request)
+    {
+        $this->authorize('update', User::class);
+
+        if (config('app.lock_passwords')) {
+            return redirect()->route('users.index')->with('error', trans('general.feature_disabled'));
+        }
+
+        $user_ids_to_merge = $request->input('ids_to_merge');
+        $user_ids_to_merge = array_diff($user_ids_to_merge, array($request->input('merge_into_id')));
+
+        if ((!$request->filled('merge_into_id')) || (count($user_ids_to_merge) < 1)) {
+            return redirect()->back()->with('error', trans('general.no_users_selected'));
+        }
+
+        // Get the users
+        $merge_into_user = User::find($request->input('merge_into_id'));
+        $users_to_merge = User::whereIn('id', $user_ids_to_merge)->with('assets', 'licenses', 'consumables','accessories')->get();
+        $admin = User::find(Auth::user()->id);
+
+        // Walk users
+        foreach ($users_to_merge as $user_to_merge) {
+
+            foreach ($user_to_merge->assets as $asset) {
+                \Log::debug('Updating asset: '.$asset->asset_tag . ' to '.$merge_into_user->id);
+                $asset->assigned_to = $request->input('merge_into_id');
+                $asset->save();
+            }
+
+            foreach ($user_to_merge->licenses as $license) {
+                \Log::debug('Updating license pivot: '.$license->id . ' to '.$merge_into_user->id);
+                $user_to_merge->licenses()->updateExistingPivot($license->id, ['assigned_to' => $merge_into_user->id]);
+            }
+
+            foreach ($user_to_merge->consumables as $consumable) {
+                \Log::debug('Updating consumable pivot: '.$consumable->id . ' to '.$merge_into_user->id);
+                $user_to_merge->consumables()->updateExistingPivot($consumable->id, ['assigned_to' => $merge_into_user->id]);
+            }
+
+            foreach ($user_to_merge->accessories as $accessory) {
+                $user_to_merge->accessories()->updateExistingPivot($accessory->id, ['assigned_to' => $merge_into_user->id]);
+            }
+
+            foreach ($user_to_merge->userlog as $log) {
+                $log->target_id = $user_to_merge->id;
+                $log->save();
+            }
+
+            User::where('manager_id', '=', $user_to_merge->id)->update(['manager_id' => $merge_into_user->id]);
+
+            foreach ($user_to_merge->managedLocations as $managedLocation) {
+                $managedLocation->manager_id = $merge_into_user->id;
+                $managedLocation->save();
+            }
+
+            $user_to_merge->delete();
+            //$user_to_merge->save();
+
+            event(new UserMerged($user_to_merge, $merge_into_user, $admin));
+
+        }
+
+        return redirect()->route('users.index')->with('success', trans('general.merge_success', ['count' => $users_to_merge->count(), 'into_username' => $merge_into_user->username]));
+
+
+    }
 }

app/Http/Controllers/Users/UserFilesController.php

@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers\Users;
 
+use App\Helpers\StorageHelper;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\AssetFileRequest;
 use App\Models\Actionlog;
@@ -135,22 +136,36 @@ class UserFilesController extends Controller
      */
     public function show($userId = null, $fileId = null)
     {
+
+        if (empty($fileId)) {
+            return redirect()->route('users.show')->with('error', 'Invalid file request');
+        }
+
         $user = User::find($userId);
 
         // the license is valid
         if (isset($user->id)) {
+
             $this->authorize('view', $user);
 
-            $log = Actionlog::find($fileId);
-            $file = $log->get_src('users');
+            if ($log = Actionlog::whereNotNull('filename')->where('item_id', $user->id)->find($fileId)) {
 
-            return Response::download($file); //FIXME this doesn't use the new StorageHelper yet, but it's complicated...
+                // Display the file inline
+                if (request('inline') == 'true') {
+                    $headers = [
+                        'Content-Disposition' => 'inline',
+                    ];
+                    return Storage::download('private_uploads/users/'.$log->filename, $log->filename, $headers);
                 }
-        // Prepare the error message
-        $error = trans('admin/users/message.user_not_found', ['id' => $userId]);
 
-        // Redirect to the licence management page
-        return redirect()->route('users.index')->with('error', $error);
+                return Storage::download('private_uploads/users/'.$log->filename);
+            }
+
+            return redirect()->route('users.index')->with('error',  trans('admin/users/message.log_record_not_found'));
+        }
+
+        // Redirect to the user management page if the user doesn't exist
+        return redirect()->route('users.index')->with('error',  trans('admin/users/message.user_not_found', ['id' => $userId]));
     }
 
 }

app/Http/Controllers/Users/UsersController.php

@@ -74,7 +74,6 @@ class UsersController extends Controller
         $permissions = $this->filterDisplayable($permissions);
 
         $user = new User;
-        $user->activated = 1;
 
         return view('users/edit', compact('groups', 'userGroups', 'permissions', 'userPermissions'))
             ->with('user', $user);
@@ -121,6 +120,7 @@ class UsersController extends Controller
         $user->created_by = Auth::user()->id;
         $user->start_date = $request->input('start_date', null);
         $user->end_date = $request->input('end_date', null);
+        $user->autoassign_licenses = $request->input('autoassign_licenses', 0);
 
         // Strip out the superuser permission if the user isn't a superadmin
         $permissions_array = $request->input('permission');
@@ -210,7 +210,6 @@ class UsersController extends Controller
      */
     public function update(SaveUserRequest $request, $id = null)
     {
-
         // We need to reverse the UI specific logic for our
         // permissions here before we update the user.
         $permissions = $request->input('permissions', []);
@@ -268,12 +267,15 @@ class UsersController extends Controller
         $user->city = $request->input('city', null);
         $user->state = $request->input('state', null);
         $user->country = $request->input('country', null);
-        $user->activated = $request->input('activated', 0);
+        // if a user is editing themselves we should always keep activated true
+        $user->activated = $request->input('activated', $request->user()->is($user) ? 1 : 0);
         $user->zip = $request->input('zip', null);
         $user->remote = $request->input('remote', 0);
+        $user->vip = $request->input('vip', 0);
         $user->website = $request->input('website', null);
         $user->start_date = $request->input('start_date', null);
         $user->end_date = $request->input('end_date', null);
+        $user->autoassign_licenses = $request->input('autoassign_licenses', 0);
 
         // Update the location of any assets checked out to this user
         Asset::where('assigned_type', User::class)

app/Http/Controllers/ViewAssetsController.php

@@ -82,7 +82,7 @@ class ViewAssetsController extends Controller
         return view('account/requestable-assets', compact('assets', 'models'));
     }
 
-    public function getRequestItem(Request $request, $itemType, $itemId = null)
+    public function getRequestItem(Request $request, $itemType, $itemId = null, $cancel_by_admin = false, $requestingUser = null)
     {
         $item = null;
         $fullItemType = 'App\\Models\\'.studly_case($itemType);
@@ -119,16 +119,16 @@ class ViewAssetsController extends Controller
 
         $settings = Setting::getSettings();
 
-        if ($item_request = $item->isRequestedBy($user)) {
-            $item->cancelRequest();
-            $data['item_quantity'] = $item_request->qty;
+        if (($item_request = $item->isRequestedBy($user)) || $cancel_by_admin) {
+            $item->cancelRequest($requestingUser);
+            $data['item_quantity'] = ($item_request) ? $item_request->qty : 1;
             $logaction->logaction('request_canceled');
 
             if (($settings->alert_email != '') && ($settings->alerts_enabled == '1') && (! config('app.lock_passwords'))) {
                 $settings->notify(new RequestAssetCancelation($data));
             }
 
-            return redirect()->route('requestable-assets')->with('success')->with('success', trans('admin/hardware/message.requests.canceled'));
+            return redirect()->back()->with('success')->with('success', trans('admin/hardware/message.requests.canceled'));
         } else {
             $item->request();
             if (($settings->alert_email != '') && ($settings->alerts_enabled == '1') && (! config('app.lock_passwords'))) {

app/Http/Livewire/CategoryEditForm.php

@@ -0,0 +1,67 @@
+<?php
+
+namespace App\Http\Livewire;
+
+use Livewire\Component;
+
+class CategoryEditForm extends Component
+{
+    public $defaultEulaText;
+
+    public $eulaText;
+
+    public $originalSendCheckInEmailValue;
+
+    public $requireAcceptance;
+
+    public $sendCheckInEmail;
+
+    public $useDefaultEula;
+
+    public function mount()
+    {
+        $this->originalSendCheckInEmailValue = $this->sendCheckInEmail;
+
+        if ($this->eulaText || $this->useDefaultEula) {
+            $this->sendCheckInEmail = 1;
+        }
+    }
+
+    public function render()
+    {
+        return view('livewire.category-edit-form');
+    }
+
+    public function updated($property, $value)
+    {
+        if (! in_array($property, ['eulaText', 'useDefaultEula'])) {
+            return;
+        }
+
+        $this->sendCheckInEmail = $this->eulaText || $this->useDefaultEula ? 1 : $this->originalSendCheckInEmailValue;
+    }
+
+    public function getShouldDisplayEmailMessageProperty(): bool
+    {
+        return $this->eulaText || $this->useDefaultEula;
+    }
+
+    public function getEmailMessageProperty(): string
+    {
+        if ($this->useDefaultEula) {
+            return trans('admin/categories/general.email_will_be_sent_due_to_global_eula');
+        }
+
+        return trans('admin/categories/general.email_will_be_sent_due_to_category_eula');
+    }
+
+    public function getEulaTextDisabledProperty()
+    {
+        return (bool)$this->useDefaultEula;
+    }
+
+    public function getSendCheckInEmailDisabledProperty()
+    {
+        return $this->eulaText || $this->useDefaultEula;
+    }
+}

app/Http/Livewire/Importer.php

@@ -0,0 +1,546 @@
+<?php
+
+namespace App\Http\Livewire;
+
+use App\Models\CustomField;
+use Livewire\Component;
+
+use App\Models\Import;
+use Storage;
+
+use Log;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
+
+
+class Importer extends Component
+{
+    use AuthorizesRequests;
+
+    public $files;
+
+    public $progress; //upload progress - '-1' means don't show
+    public $progress_message;
+    public $progress_bar_class;
+
+    public $message; //status/error message?
+    public $message_type; //success/error?
+
+    //originally from ImporterFile
+    public $import_errors; //
+    public ?Import $activeFile = null;
+    public $importTypes;
+    public $columnOptions;
+    public $statusType;
+    public $statusText;
+    public $update;
+    public $send_welcome;
+    public $run_backup;
+    public $field_map; // we need a separate variable for the field-mapping, because the keys in the normal array are too complicated for Livewire to understand
+    public $file_id; // TODO: I can't figure out *why* we need this, but it really seems like we do. I can't seem to pull the id from the activeFile for some reason?
+
+    // Make these variables public - we set the properties in the constructor so we can localize them (versus the old static arrays)
+    public $accessories_fields;
+    public $assets_fields;
+    public $users_fields;
+    public $licenses_fields;
+    public $locations_fields;
+    public $consumables_fields;
+    public $components_fields;
+    public $aliases_fields;
+
+    protected $rules = [
+        'files.*.file_path' => 'required|string',
+        'files.*.created_at' => 'required|string',
+        'files.*.filesize' => 'required|integer',
+        'activeFile' => 'Import',
+        'activeFile.import_type' => 'string',
+        'activeFile.field_map' => 'array',
+        'activeFile.header_row' => 'array',
+        'field_map' => 'array'
+    ];
+
+    public function generate_field_map()
+    {
+        \Log::debug("header row is: ".print_r($this->activeFile->header_row,true));
+        \Log::debug("Field map is: ".print_r($this->field_map,true));
+        $tmp = array_combine($this->activeFile->header_row, $this->field_map);
+        return json_encode(array_filter($tmp));
+    }
+
+
+
+    private function getColumns($type)
+    {
+        switch ($type) {
+            case 'asset':
+                $results = $this->assets_fields;
+                break;
+            case 'accessory':
+                $results = $this->accessories_fields;
+                break;
+            case 'consumable':
+                $results = $this->consumables_fields;
+                break;
+            case 'component':
+                $results = $this->components_fields;
+                break;
+            case 'license':
+                $results = $this->licenses_fields;
+                break;
+            case 'user':
+                $results = $this->users_fields;
+                break;
+            case 'location':
+                $results = $this->locations_fields;
+                break;
+            default:
+                $results = [];
+        }
+        asort($results, SORT_FLAG_CASE | SORT_STRING);
+        if ($type == "asset") {
+            // add Custom Fields after a horizontal line
+            $results['-'] = "———" . trans('admin/custom_fields/general.custom_fields') . "———’";
+            foreach (CustomField::orderBy('name')->get() as $field) {
+                $results[$field->db_column_name()] = $field->name;
+            }
+        }
+        return $results;
+    }
+
+    public function updating($name, $new_import_type)
+    {
+        if ($name == "activeFile.import_type") {
+            \Log::debug("WE ARE CHANGING THE import_type!!!!! TO: " . $new_import_type);
+            \Log::debug("so, what's \$this->>field_map at?: " . print_r($this->field_map, true));
+            // go through each header, find a matching field to try and map it to.
+            foreach ($this->activeFile->header_row as $i => $header) {
+                // do we have something mapped already?
+                if (array_key_exists($i, $this->field_map)) {
+                    // yes, we do. Is it valid for this type of import?
+                    // (e.g. the import type might have been changed...?)
+                    if (array_key_exists($this->field_map[$i], $this->columnOptions[$new_import_type])) {
+                        //yes, this key *is* valid. Continue on to the next field.
+                        continue;
+                    } else {
+                        //no, this key is *INVALID* for this import type. Better set it to null
+                        // and we'll hope that the $aliases_fields or something else picks it up.
+                        $this->field_map[$i] = null; // fingers crossed! But it's not likely, tbh.
+                    } // TODO - strictly speaking, this isn't necessary here I don't think.
+                }
+                // first, check for exact matches
+                foreach ($this->columnOptions[$new_import_type] as $value => $text) {
+                    if (strcasecmp($text, $header) === 0) { // case-INSENSITIVe on purpose!
+                        $this->field_map[$i] = $value;
+                        continue 2; //don't bother with the alias check, go to the next header
+                    }
+                }
+                // if you got here, we didn't find a match. Try the $aliases_fields
+                foreach ($this->aliases_fields as $key => $alias_values) {
+                    foreach ($alias_values as $alias_value) {
+                        if (strcasecmp($alias_value, $header) === 0) { // aLsO CaSe-INSENSitiVE!
+                            // Make *absolutely* sure that this key actually _exists_ in this import type -
+                            // you can trigger this by importing accessories with a 'Warranty' column (which don't exist
+                            // in "Accessories"!)
+                            if (array_key_exists($key, $this->columnOptions[$new_import_type])) {
+                                $this->field_map[$i] = $key;
+                                continue 3; // bust out of both of these loops; as well as the surrounding one - e.g. move on to the next header
+                            }
+                        }
+                    }
+                }
+                // and if you got here, we got nothing. Let's recommend 'null'
+                $this->field_map[$i] = null; // Booooo :(
+            }
+        }
+    }
+
+    public function boot() { // FIXME - delete or undelete.
+        ///////$this->activeFile = null; // I do *not* understand why I have to do this, but, well, whatever.
+    }
+
+
+    public function mount()
+    {
+        $this->authorize('import');
+        $this->progress = -1; // '-1' means 'don't show the progressbar'
+        $this->progress_bar_class = 'progress-bar-warning';
+        $this->importTypes = [
+            'asset' =>      trans('general.assets'),
+            'accessory' =>  trans('general.accessories'),
+            'consumable' => trans('general.consumables'),
+            'component' =>  trans('general.components'),
+            'license' =>    trans('general.licenses'),
+            'user' =>       trans('general.users'),
+            'location' =>    trans('general.locations'),
+        ];
+
+        /**
+         * These are the item-type specific columns
+         */
+        $this->accessories_fields  = [
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'quantity' => trans('general.qty'),
+            'item_name' => trans('general.item_name_var', ['item' => trans('general.accessory')]),
+            'model_number' => trans('general.model_no'),
+            'notes' => trans('general.notes'),
+            'category' => trans('general.category'),
+            'supplier' => trans('general.supplier'),
+            'min_amt' => trans('mail.min_QTY'),
+            'purchase_cost' => trans('general.purchase_cost'),
+            'purchase_date' => trans('general.purchase_date'),
+            'manufacturer' => trans('general.manufacturer'),
+            'order_number' => trans('general.order_number'),
+        ];
+
+        $this->assets_fields = [
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'item_name' => trans('general.item_name_var', ['item' => trans('general.asset')]),
+            'asset_tag' => trans('general.asset_tag'),
+            'asset_model' => trans('general.model_name'),
+            'byod' => trans('general.byod'),
+            'model_number' => trans('general.model_no'),
+            'status' => trans('general.status'),
+            'warranty_months' => trans('admin/hardware/form.warranty'),
+            'category' => trans('general.category'),
+            'requestable' => trans('admin/hardware/general.requestable'),
+            'serial' => trans('general.serial_number'),
+            'supplier' => trans('general.supplier'),
+            'purchase_cost' => trans('general.purchase_cost'),
+            'purchase_date' => trans('general.purchase_date'),
+            'purchase_order' => trans('admin/licenses/form.purchase_order'),
+            'asset_notes' => trans('general.item_notes', ['item' => trans('admin/hardware/general.asset')]),
+            'model_notes' => trans('general.item_notes', ['item' => trans('admin/hardware/form.model')]),
+            'manufacturer' => trans('general.manufacturer'),
+            'order_number' => trans('general.order_number'),
+            'image' => trans('general.importer.image_filename'),
+            'asset_eol_date' => trans('admin/hardware/form.eol_date'),
+            /**
+             * Checkout fields:
+             * Assets can be checked out to other assets, people, or locations, but we currently
+             * only support checkout to people and locations in the importer
+             **/
+            'checkout_class' => trans('general.importer.checkout_type'),
+            'first_name' => trans('general.importer.checked_out_to_first_name'),
+            'last_name' => trans('general.importer.checked_out_to_last_name'),
+            'full_name' => trans('general.importer.checked_out_to_fullname'),
+            'email' => trans('general.importer.checked_out_to_email'),
+            'username' => trans('general.importer.checked_out_to_username'),
+            'checkout_location' => trans('general.importer.checkout_location'),
+        ];
+
+        $this->consumables_fields = [
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'quantity' => trans('general.qty'),
+            'item_name' => trans('general.item_name_var', ['item' => trans('general.consumable')]),
+            'model_number' => trans('general.model_no'),
+            'notes' => trans('general.notes'),
+            'min_amt' => trans('mail.min_QTY'),
+            'category' => trans('general.category'),
+            'purchase_cost' => trans('general.purchase_cost'),
+            'purchase_date' => trans('general.purchase_date'),
+            'checkout_class' => trans('general.importer.checkout_type'),
+            'supplier' => trans('general.supplier'),
+            'manufacturer' => trans('general.manufacturer'),
+            'order_number' => trans('general.order_number'),
+            'item_no' => trans('admin/consumables/general.item_no'),
+        ];
+
+        $this->components_fields = [
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'quantity' => trans('general.qty'),
+            'item_name' => trans('general.item_name_var', ['item' => trans('general.component')]),
+            'model_number' => trans('general.model_no'),
+            'notes' => trans('general.notes'),
+            'category' => trans('general.category'),
+            'supplier' => trans('general.supplier'),
+            'min_amt' => trans('mail.min_QTY'),
+            'purchase_cost' => trans('general.purchase_cost'),
+            'purchase_date' => trans('general.purchase_date'),
+            'manufacturer' => trans('general.manufacturer'),
+            'order_number' => trans('general.order_number'),
+            'serial' => trans('general.serial_number'),
+        ];
+
+        $this->licenses_fields = [
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'item_name' => trans('general.item_name_var', ['item' => trans('general.license')]),
+            'asset_tag' => trans('general.importer.checked_out_to_tag'),
+            'expiration_date' => trans('admin/licenses/form.expiration'),
+            'full_name' => trans('general.importer.checked_out_to_fullname'),
+            'license_email' => trans('admin/licenses/form.to_email'),
+            'license_name' => trans('admin/licenses/form.to_name'),
+            'purchase_order' => trans('admin/licenses/form.purchase_order'),
+            'order_number' => trans('general.order_number'),
+            'reassignable' => trans('admin/licenses/form.reassignable'),
+            'seats' => trans('admin/licenses/form.seats'),
+            'notes' => trans('general.notes'),
+            'category' => trans('general.category'),
+            'supplier' => trans('general.supplier'),
+            'purchase_cost' => trans('general.purchase_cost'),
+            'purchase_date' => trans('general.purchase_date'),
+            'maintained' => trans('admin/licenses/form.maintained'),
+            'checkout_class' => trans('general.importer.checkout_type'),
+            'serial' => trans('general.license_serial'),
+            'email' => trans('general.importer.checked_out_to_email'),
+            'username' => trans('general.importer.checked_out_to_username'),
+            'manufacturer' => trans('general.manufacturer'),
+        ];
+
+        $this->users_fields  = [
+            'id' => trans('general.id'),
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'department' => trans('general.department'),
+            'first_name' => trans('general.first_name'),
+            'last_name' => trans('general.last_name'),
+            'notes' => trans('general.notes'),
+            'username' => trans('admin/users/table.username'),
+            'jobtitle' => trans('admin/users/table.title'),
+            'phone_number' => trans('admin/users/table.phone'),
+            'manager_first_name' => trans('general.importer.manager_first_name'),
+            'manager_last_name' => trans('general.importer.manager_last_name'),
+            'activated' => trans('general.activated'),
+            'address' => trans('general.address'),
+            'city' => trans('general.city'),
+            'state' => trans('general.state'),
+            'country' => trans('general.country'),
+            'zip' => trans('general.zip'),
+            'vip' => trans('general.importer.vip'),
+            'remote' => trans('admin/users/general.remote'),
+            'email' => trans('admin/users/table.email'),
+            'website' => trans('general.website'),
+            'avatar' => trans('general.image'),
+            'gravatar' => trans('general.importer.gravatar'),
+            'start_date'    => trans('general.start_date'),
+            'end_date'   => trans('general.end_date'),
+            'employee_num'   => trans('general.employee_number'),
+        ];
+
+        $this->locations_fields  = [
+            'name' => trans('general.item_name_var', ['item' => trans('general.location')]),
+            'address' => trans('general.address'),
+            'address2' => trans('general.importer.address2'),
+            'city' => trans('general.city'),
+            'state' => trans('general.state'),
+            'country' => trans('general.country'),
+            'zip' => trans('general.zip'),
+            'currency' => trans('general.importer.currency'),
+            'ldap_ou' => trans('admin/locations/table.ldap_ou'),
+            'manager_username' => trans('general.importer.manager_username'),
+            'manager' => trans('general.importer.manager_full_name'),
+            'parent_location' => trans('admin/locations/table.parent'),
+        ];
+
+        // "real fieldnames" to a list of aliases for that field
+        $this->aliases_fields = [
+            'item_name' =>
+                [
+                    'item name',
+                    'asset name',
+                    'accessory name',
+                    'user name',
+                    'consumable name',
+                    'component name',
+                    'name',
+                ],
+            'item_no' => [
+                'item number',
+                'item no.',
+                'item #',
+            ],
+            'asset_model' =>
+                [
+                    'model name',
+                    'model',
+                ],
+            'gravatar' =>
+                [
+                    'gravatar',
+                ],
+            'currency' =>
+                [
+                    '$',
+                ],
+            'jobtitle' =>
+                [
+                    'job title for user',
+                    'job title',
+                ],
+            'username' =>
+                [
+                    'user name',
+                    'username',
+                    trans('general.importer.checked_out_to_username'),
+                ],
+            'first_name' =>
+                [
+                    'first name',
+                    trans('general.importer.checked_out_to_first_name'),
+                ],
+            'last_name' =>
+                [
+                    'last name',
+                    'lastname',
+                    trans('general.importer.checked_out_to_last_name'),
+                ],
+            'email' =>
+                [
+                    'email',
+                    'e-mail',
+                    trans('general.importer.checked_out_to_email'),
+                ],
+            'phone_number' =>
+                [
+                    'phone',
+                    'phone number',
+                    'phone num',
+                    'telephone number',
+                    'telephone',
+                    'tel.',
+                ],
+            'serial' =>
+                [
+                    'serial number',
+                    'serial no.',
+                    'serial no',
+                    'product key',
+                    'key',
+                ],
+            'model_number' =>
+                [
+                    'model',
+                    'model no',
+                    'model no.',
+                    'model number',
+                    'model num',
+                    'model num.'
+                ],
+            'warranty_months' =>
+                [
+                    'Warranty',
+                    'Warranty Months'
+                ],
+            'qty' =>
+                [
+                    'QTY',
+                    'Quantity'
+                ],
+            'zip' =>
+                [
+                    'Postal Code',
+                    'Post Code',
+                    'Zip Code'
+                ],
+            'min_amt' =>
+                [
+                    'Min Amount',
+                    'Minimum Amount',
+                    'Min Quantity',
+                    'Minimum Quantity',
+                ],
+            'next_audit_date' =>
+                [
+                    'Next Audit',
+                ],
+            'address2' =>
+                [
+                    'Address 2',
+                    'Address2',
+                ],
+            'ldap_ou' =>
+                [
+                    'LDAP OU',
+                    'OU',
+                ],
+            'parent_location' =>
+                [
+                    'Parent',
+                    'Parent Location',
+                ],
+            'manager' =>
+                [
+                    'Managed By',
+                    'Manager Name',
+                    'Manager Full Name',
+                ],
+            'manager_username' =>
+                [
+                    'Manager Username',
+                ],
+        ];
+
+        $this->columnOptions[''] = $this->getColumns(''); //blank mode? I don't know what this is supposed to mean
+        foreach($this->importTypes AS $type => $name) {
+            $this->columnOptions[$type] = $this->getColumns($type);
+        }
+        if ($this->activeFile) {
+            $this->field_map = $this->activeFile->field_map ? array_values($this->activeFile->field_map) : [];
+        }
+    }
+
+    public function selectFile($id)
+    {
+        $this->clearMessage();
+
+        $this->activeFile = Import::find($id);
+
+        if (!$this->activeFile) {
+            $this->message = trans('admin/hardware/message.import.file_missing');
+            $this->message_type = 'danger';
+
+            return;
+        }
+
+        $this->field_map = null;
+        foreach($this->activeFile->header_row as $element) {
+            if(isset($this->activeFile->field_map[$element])) {
+                $this->field_map[] = $this->activeFile->field_map[$element];
+            } else {
+                $this->field_map[] = null; // re-inject the 'nulls' if a file was imported with some 'Do Not Import' settings
+            }
+        }
+        $this->file_id = $id;
+        $this->import_errors = null;
+        $this->statusText = null;
+
+    }
+
+    public function destroy($id)
+    {
+        // TODO: why don't we just do File::find($id)? This seems dumb.
+        foreach($this->files as $file) {
+            \Log::debug("File id is: ".$file->id);
+            if($id == $file->id) {
+                if(Storage::delete('private_uploads/imports/'.$file->file_path)) {
+                    $file->delete();
+
+                    $this->message = trans('admin/hardware/message.import.file_delete_success');
+                    $this->message_type = 'success';
+                    return;
+                } else {
+                    $this->message = trans('admin/hardware/message.import.file_delete_error');
+                    $this->message_type = 'danger';
+                }
+            }
+        }
+    }
+
+    public function clearMessage()
+    {
+        $this->message = null;
+        $this->message_type = null;
+    }
+
+    public function render()
+    {
+        $this->files = Import::orderBy('id','desc')->get(); //HACK - slows down renders.
+        return view('livewire.importer')
+                ->extends('layouts.default')
+                ->section('content');
+    }
+}