Bumped version

Better handle the logic to determine if we should display the license checkout blade [ch13792]

.all-contributorsrc

@@ -1659,6 +1659,78 @@
       "contributions": [
         "code"
       ]
+    },
+    {
+      "login": "mskrip",
+      "name": "Marián Skrip",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/17459600?v=4",
+      "profile": "https://github.com/mskrip",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Godmartinz",
+      "name": "Godfrey Martinez",
+      "avatar_url": "https://avatars2.githubusercontent.com/u/47435081?v=4",
+      "profile": "https://github.com/Godmartinz",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "bigtreeEdo",
+      "name": "bigtreeEdo",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/2075128?v=4",
+      "profile": "https://github.com/bigtreeEdo",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ColinMcNeil",
+      "name": "Colin  McNeil",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/5000430?v=4",
+      "profile": "https://colinmcneil.me/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "JoKneeMo",
+      "name": "JoKneeMo",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/421625?v=4",
+      "profile": "https://github.com/JoKneeMo",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "joshi-redbridge",
+      "name": "Joshi",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/54849013?v=4",
+      "profile": "http://www.redbridge.se",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "anthonypburns",
+      "name": "Anthony Burns",
+      "avatar_url": "https://avatars2.githubusercontent.com/u/15731458?v=4",
+      "profile": "https://github.com/anthonypburns",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "alek13",
+      "name": "Alexander Chibrikin",
+      "avatar_url": "https://avatars2.githubusercontent.com/u/1972329?v=4",
+      "profile": "http://phpprofi.ru/",
+      "contributions": [
+        "code"
+      ]
     }
   ]
 }

.env.example

@@ -7,6 +7,7 @@ APP_KEY=ChangeMe
 APP_URL=null
 APP_TIMEZONE='UTC'
 APP_LOCALE=en
+MAX_RESULTS=500
 
 # --------------------------------------------
 # REQUIRED: DATABASE SETTINGS
@@ -25,6 +26,7 @@ DB_COLLATION=utf8mb4_unicode_ci
 # OPTIONAL: SSL DATABASE SETTINGS
 # --------------------------------------------
 DB_SSL=false
+DB_SSL_IS_PAAS=false
 DB_SSL_KEY_PATH=null
 DB_SSL_CERT_PATH=null
 DB_SSL_CA_PATH=null
@@ -43,6 +45,7 @@ MAIL_FROM_ADDR=you@example.com
 MAIL_FROM_NAME='Snipe-IT'
 MAIL_REPLYTO_ADDR=you@example.com
 MAIL_REPLYTO_NAME='Snipe-IT'
+MAIL_BACKUP_NOTIFICATION_ADDRESS=you@example.com
 
 # --------------------------------------------
 # REQUIRED: IMAGE LIBRARY
@@ -63,8 +66,11 @@ SECURE_COOKIES=false
 # --------------------------------------------
 # OPTIONAL: SECURITY HEADER SETTINGS
 # --------------------------------------------
+APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
+ALLOW_IFRAMING=false
 REFERRER_POLICY=same-origin
 ENABLE_CSP=false
+CORS_ALLOWED_ORIGINS=null
 
 # --------------------------------------------
 # OPTIONAL: CACHE SETTINGS
@@ -108,8 +114,8 @@ APP_LOG=single
 APP_LOG_MAX_FILES=10
 APP_LOCKED=false
 FILESYSTEM_DISK=local
-APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
-ALLOW_IFRAMING=false
 APP_CIPHER=AES-256-CBC
 GOOGLE_MAPS_API=
 BACKUP_ENV=true
+LDAP_MEM_LIM=500M
+LDAP_TIME_LIM=600

.travis.yml

@@ -14,9 +14,7 @@ services:
 
 # list any PHP version you want to test against
 php:
-  - 5.6
-  - 7.0
-  - 7.1
+  - 7.1.2
   - 7.2
   - 7.3
 

Dockerfile

@@ -1,19 +1,21 @@
 FROM ubuntu:xenial
-MAINTAINER Brady Wetherington <uberbrady@gmail.com>
+LABEL maintainer="uberbrady, hinchk"
 
+RUN apt-get update && apt-get install -y software-properties-common
+RUN LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
 RUN apt-get update && apt-get install -y \
 apache2 \
 apache2-bin \
-libapache2-mod-php7.0 \
-php7.0-curl \
-php7.0-ldap \
-php7.0-mysql \
-php7.0-mcrypt \
-php7.0-gd \
-php7.0-xml \
-php7.0-mbstring \
-php7.0-zip \
-php7.0-bcmath \
+libapache2-mod-php7.1 \
+php7.1-curl \
+php7.1-ldap \
+php7.1-mysql \
+php7.1-mcrypt \
+php7.1-gd \
+php7.1-xml \
+php7.1-mbstring \
+php7.1-zip \
+php7.1-bcmath \
 patch \
 curl \
 vim \
@@ -27,8 +29,8 @@ RUN phpenmod mcrypt
 RUN phpenmod gd
 RUN phpenmod bcmath
 
-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.0/apache2/php.ini
-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.0/cli/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.1/apache2/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.1/cli/php.ini
 
 RUN useradd -m --uid 1000 --gid 50 docker
 

README.md

@@ -1,14 +1,14 @@
 [![Build Status](https://travis-ci.org/snipe/snipe-it.svg?branch=master)](https://travis-ci.org/snipe/snipe-it) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/snipe/snipe-it?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&utm_medium=referral&utm_content=snipe/snipe-it&utm_campaign=Badge_Grade)
-[![All Contributors](https://img.shields.io/badge/all_contributors-181-orange.svg?style=flat-square)](#contributors) [![Open Source Helpers](https://www.codetriage.com/snipe/snipe-it/badges/users.svg)](https://www.codetriage.com/snipe/snipe-it)
+[![All Contributors](https://img.shields.io/badge/all_contributors-189-orange.svg?style=flat-square)](#contributors) [![Open Source Helpers](https://www.codetriage.com/snipe/snipe-it/badges/users.svg)](https://www.codetriage.com/snipe/snipe-it)
 
 
 ## Snipe-IT - Open Source Asset Management System
 
 This is a FOSS project for asset management in IT Operations. Knowing who has which laptop, when it was purchased in order to depreciate it correctly, handling software licenses, etc.
 
-It is built on [Laravel 5.4](http://laravel.com).
+It is built on [Laravel 5.5](http://laravel.com).
 
-Snipe-IT is actively developed and we're [releasing quite frequently](https://github.com/snipe/snipe-it/releases). ([Check out the live demo here](https://snipeitapp.com/demo/).)
+Snipe-IT is actively developed and we [release quite frequently](https://github.com/snipe/snipe-it/releases). ([Check out the live demo here](https://snipeitapp.com/demo/).)
 
 __This is web-based software__. This means there is no executable file (aka no .exe files), and it must be run on a web server and accessed through a web browser. It runs on any Mac OSX, flavor of Linux, as well as Windows, and we have a [Docker image](https://snipe-it.readme.io/docs/docker) available if that's what you're into.
 
@@ -58,13 +58,22 @@ Since the release of the JSON REST API, several third-party developers have been
 - [SnipeSharp - .NET module in C#](https://github.com/barrycarey/SnipeSharp) by [@barrycarey](https://github.com/barrycarey)
 - [InQRy](https://github.com/Microsoft/InQRy) by [@Microsoft](https://github.com/Microsoft)
 - [SnipeitPS](https://github.com/snazy2000/SnipeitPS) by [@snazy2000](https://github.com/snazy2000) - Powershell API Wrapper for Snipe-it
-- [jamf2snipe](https://github.com/ParadoxGuitarist/jamf2snipe) by [@ParadoxGuitarist](https://github.com/ParadoxGuitarist) - Python script to sync assets between a JAMFPro instance and a Snipe-II instance
+- [jamf2snipe](https://github.com/ParadoxGuitarist/jamf2snipe) by [@ParadoxGuitarist](https://github.com/ParadoxGuitarist) - Python script to sync assets between a JAMFPro instance and a Snipe-IT instance
 - [Marksman](https://github.com/Scope-IT/marksman) - A Windows agent for Snipe-IT
+- [Snipe-IT plugin for Jira Service Desk (beta)](https://marketplace.atlassian.com/apps/1220379/snipe-it-for-jira-service-desk-beta?hosting=cloud&tab=overview) - for the upcoming Snipe-IT v5 only
+- [Python 3 CSV importer](https://github.com/gastamper/snipeit-csvimporter) - allows importing assets into Snipe-IT based on Item Name rather than Asset Tag.
+- [Snipe-IT Kubernetes Helm Chart](https://github.com/t3n/helm-charts/tree/master/snipeit) - For more information, [click here](https://hub.helm.sh/charts/t3n/snipeit).
 
 As these were created by third-parties, Snipe-IT cannot provide support for these project, and you should contact the developers directly if you need assistance. Additionally, Snipe-IT makes no guarantees as to the reliability, accuracy or maintainability of these libraries. Use at your own risk. :) 
 
 -----
 
+### Security
+
+To report a security vulnerability, please email security@snipeitapp.com instead of using the issue tracker. 
+
+-----
+
 ### Contributors
 
 Thanks goes to all of these wonderful people ([emoji key](https://github.com/kentcdodds/all-contributors#emoji-key)) who have helped Snipe-IT get this far:
@@ -96,7 +105,8 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 | [<img src="https://avatars2.githubusercontent.com/u/982885?v=4" width="110px;"/><br /><sub>Martin Stub</sub>](http://martinstub.dk)<br />[🌍](#translation-stubben "Translation") | [<img src="https://avatars2.githubusercontent.com/u/28959963?v=4" width="110px;"/><br /><sub>Meyer Flavio</sub>](https://github.com/meyerf99)<br />[🌍](#translation-meyerf99 "Translation") | [<img src="https://avatars3.githubusercontent.com/u/796443?v=4" width="110px;"/><br /><sub>Micael Rodrigues</sub>](https://github.com/MicaelRodrigues)<br />[🌍](#translation-MicaelRodrigues "Translation") | [<img src="https://avatars0.githubusercontent.com/u/10481331?v=4" width="110px;"/><br /><sub>Mikael Rasmussen</sub>](http://rubixy.com/)<br />[🌍](#translation-mikaelssen "Translation") | [<img src="https://avatars1.githubusercontent.com/u/1544552?v=4" width="110px;"/><br /><sub>IxFail</sub>](https://github.com/IxFail)<br />[🌍](#translation-IxFail "Translation") | [<img src="https://avatars3.githubusercontent.com/u/18483118?v=4" width="110px;"/><br /><sub>Mohammed Fota</sub>](http://www.mohammedfota.com)<br />[🌍](#translation-MohammedFota "Translation") | [<img src="https://avatars0.githubusercontent.com/u/227080?v=4" width="110px;"/><br /><sub>Moayad Alserihi</sub>](https://github.com/omego)<br />[🌍](#translation-omego "Translation") |
 | [<img src="https://avatars0.githubusercontent.com/u/1680266?v=4" width="110px;"/><br /><sub>saymd</sub>](https://github.com/saymd)<br />[🌍](#translation-saymd "Translation") | [<img src="https://avatars0.githubusercontent.com/u/1826808?v=4" width="110px;"/><br /><sub>Patrik Larsson</sub>](https://nordsken.se)<br />[🌍](#translation-pooot "Translation") | [<img src="https://avatars1.githubusercontent.com/u/20584746?v=4" width="110px;"/><br /><sub>drcryo</sub>](https://github.com/drcryo)<br />[🌍](#translation-drcryo "Translation") | [<img src="https://avatars1.githubusercontent.com/u/19408004?v=4" width="110px;"/><br /><sub>pawel1615</sub>](https://github.com/pawel1615)<br />[🌍](#translation-pawel1615 "Translation") | [<img src="https://avatars2.githubusercontent.com/u/23340468?v=4" width="110px;"/><br /><sub>bodrovics</sub>](https://github.com/bodrovics)<br />[🌍](#translation-bodrovics "Translation") | [<img src="https://avatars0.githubusercontent.com/u/3257654?v=4" width="110px;"/><br /><sub>priatna</sub>](https://github.com/priatna)<br />[🌍](#translation-priatna "Translation") | [<img src="https://avatars1.githubusercontent.com/u/5358374?v=4" width="110px;"/><br /><sub>Fan Jiang</sub>](https://amayume.net)<br />[🌍](#translation-ProfFan "Translation") |
 | [<img src="https://avatars1.githubusercontent.com/u/22555451?v=4" width="110px;"/><br /><sub>ragnarcx</sub>](https://github.com/ragnarcx)<br />[🌍](#translation-ragnarcx "Translation") | [<img src="https://avatars2.githubusercontent.com/u/18654582?v=4" width="110px;"/><br /><sub>Rein van Haaren</sub>](http://www.reinvanhaaren.nl/)<br />[🌍](#translation-reinvanhaaren "Translation") | [<img src="https://avatars1.githubusercontent.com/u/386672?v=4" width="110px;"/><br /><sub>Teguh Dwicaksana</sub>](http://dheche.songolimo.net)<br />[🌍](#translation-dheche "Translation") | [<img src="https://avatars2.githubusercontent.com/u/2572552?v=4" width="110px;"/><br /><sub>fraccie</sub>](https://github.com/FRaccie)<br />[🌍](#translation-FRaccie "Translation") | [<img src="https://avatars0.githubusercontent.com/u/35182720?v=4" width="110px;"/><br /><sub>vinzruzell</sub>](https://github.com/vinzruzell)<br />[🌍](#translation-vinzruzell "Translation") | [<img src="https://avatars1.githubusercontent.com/u/7883603?v=4" width="110px;"/><br /><sub>Kevin Austin</sub>](http://kevinaustin.com)<br />[🌍](#translation-vipsystem "Translation") | [<img src="https://avatars3.githubusercontent.com/u/3861828?v=4" width="110px;"/><br /><sub>Wira Sandy</sub>](http://azuraweb.xyz)<br />[🌍](#translation-wira-sandy "Translation") |
-| [<img src="https://avatars2.githubusercontent.com/u/8663789?v=4" width="110px;"/><br /><sub>Илья</sub>](https://github.com/GrayHoax)<br />[🌍](#translation-GrayHoax "Translation") | [<img src="https://avatars3.githubusercontent.com/u/30119111?v=4" width="110px;"/><br /><sub>GodUseVPN</sub>](https://github.com/godusevpn)<br />[🌍](#translation-godusevpn "Translation") | [<img src="https://avatars1.githubusercontent.com/u/745576?v=4" width="110px;"/><br /><sub>周周</sub>](https://github.com/EngrZhou)<br />[🌍](#translation-EngrZhou "Translation") | [<img src="https://avatars3.githubusercontent.com/u/1631095?v=4" width="110px;"/><br /><sub>Sam</sub>](https://github.com/takuy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=takuy "Code") | [<img src="https://avatars1.githubusercontent.com/u/264022?v=4" width="110px;"/><br /><sub>Azerothian</sub>](https://www.illisian.com.au)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Azerothian "Code") | [<img src="https://avatars1.githubusercontent.com/u/7632599?v=4" width="110px;"/><br /><sub>Tim Farmer</sub>](https://github.com/timothyfarmer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=timothyfarmer "Code") |
+| [<img src="https://avatars2.githubusercontent.com/u/8663789?v=4" width="110px;"/><br /><sub>Илья</sub>](https://github.com/GrayHoax)<br />[🌍](#translation-GrayHoax "Translation") | [<img src="https://avatars3.githubusercontent.com/u/30119111?v=4" width="110px;"/><br /><sub>GodUseVPN</sub>](https://github.com/godusevpn)<br />[🌍](#translation-godusevpn "Translation") | [<img src="https://avatars1.githubusercontent.com/u/745576?v=4" width="110px;"/><br /><sub>周周</sub>](https://github.com/EngrZhou)<br />[🌍](#translation-EngrZhou "Translation") | [<img src="https://avatars3.githubusercontent.com/u/1631095?v=4" width="110px;"/><br /><sub>Sam</sub>](https://github.com/takuy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=takuy "Code") | [<img src="https://avatars1.githubusercontent.com/u/264022?v=4" width="110px;"/><br /><sub>Azerothian</sub>](https://www.illisian.com.au)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Azerothian "Code") | [<img src="https://avatars1.githubusercontent.com/u/7632599?v=4" width="110px;"/><br /><sub>Tim Farmer</sub>](https://github.com/timothyfarmer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=timothyfarmer "Code") | [<img src="https://avatars0.githubusercontent.com/u/17459600?v=4" width="110px;"/><br /><sub>Marián Skrip</sub>](https://github.com/mskrip)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mskrip "Code") |
+| [<img src="https://avatars2.githubusercontent.com/u/47435081?v=4" width="110px;"/><br /><sub>Godfrey Martinez</sub>](https://github.com/Godmartinz)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Godmartinz "Code") | [<img src="https://avatars1.githubusercontent.com/u/2075128?v=4" width="110px;"/><br /><sub>bigtreeEdo</sub>](https://github.com/bigtreeEdo)<br />[💻](https://github.com/snipe/snipe-it/commits?author=bigtreeEdo "Code") | [<img src="https://avatars0.githubusercontent.com/u/5000430?v=4" width="110px;"/><br /><sub>Colin  McNeil</sub>](https://colinmcneil.me/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ColinMcNeil "Code") | [<img src="https://avatars0.githubusercontent.com/u/421625?v=4" width="110px;"/><br /><sub>JoKneeMo</sub>](https://github.com/JoKneeMo)<br />[💻](https://github.com/snipe/snipe-it/commits?author=JoKneeMo "Code") | [<img src="https://avatars0.githubusercontent.com/u/54849013?v=4" width="110px;"/><br /><sub>Joshi</sub>](http://www.redbridge.se)<br />[💻](https://github.com/snipe/snipe-it/commits?author=joshi-redbridge "Code") | [<img src="https://avatars2.githubusercontent.com/u/15731458?v=4" width="110px;"/><br /><sub>Anthony Burns</sub>](https://github.com/anthonypburns)<br />[💻](https://github.com/snipe/snipe-it/commits?author=anthonypburns "Code") | [<img src="https://avatars2.githubusercontent.com/u/1972329?v=4" width="110px;"/><br /><sub>Alexander Chibrikin</sub>](http://phpprofi.ru/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=alek13 "Code") |
 <!-- ALL-CONTRIBUTORS-LIST:END -->
 
 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!
@@ -109,9 +119,3 @@ Please see the documentation on [contributing and developing for Snipe-IT](https
 
 
 Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
-
------
-
-### Security
-
-To report a security vulnerability, please email security@snipeitapp.com instead of using the issue tracker. 

app/Console/Commands/ImportLocations.php

@@ -48,60 +48,90 @@ class ImportLocations extends Command
         $filename = $this->argument('filename');
         $csv = Reader::createFromPath(storage_path('private_uploads/imports/').$filename, 'r');
         $this->info('Attempting to process: '.storage_path('private_uploads/imports/').$filename);
-        $csv->setOffset(1); //because we don't want to insert the header
-        $results = $csv->fetchAssoc();
+        $csv->setHeaderOffset(0); //because we don't want to insert the header
+        $results = $csv->getRecords();
 
         // Import parent location names first if they don't exist
         foreach ($results as $parent_index => $parent_row) {
 
-            $parent_name = trim($parent_row['Parent Name']);
-            // First create any parents if they don't exist
-
-            if ($parent_name!='') {
+            if (array_key_exists('Parent Name', $parent_row)) {
+                $parent_name = trim($parent_row['Parent Name']);
+                if (array_key_exists('Name', $parent_row)) {
+                    $this->info('- Parent: ' . $parent_name . ' in row as: ' . trim($parent_row['Parent Name']));
+                }
 
                 // Save parent location name
                 // This creates a sort of name-stub that we'll update later on in this script
                 $parent_location = Location::firstOrCreate(array('name' => $parent_name));
-                $this->info('Parent for '.$parent_row['Name'].' is '.$parent_name.'. Attempting to save '.$parent_name.'.');
+                if (array_key_exists('Name', $parent_row)) {
+                    $this->info('Parent for ' . $parent_row['Name'] . ' is ' . $parent_name . '. Attempting to save ' . $parent_name . '.');
+                }
 
                 // Check if the record was updated or created.
                 // This is mostly for clearer debugging.
                 if ($parent_location->exists) {
-                        $this->info('- Parent location '.$parent_name.' already exists.');
+                    $this->info('- Parent location '.$parent_name.' already exists.');
                 } else {
                     $this->info('- Parent location '.$parent_name.' was created.');
                 }
 
             } else {
-                $this->info('- No parent location for '.$parent_row['Name'].' provided.');
+                $this->info('- No Parent Name provided, so no parent location will be created.');
             }
 
         }
 
+        $this->info('----- Parents Created.... backfilling additional details... --------');
         // Loop through ALL records and add/update them if there are additional fields
         // besides name
         foreach ($results as $index => $row) {
 
+            if (array_key_exists('Parent Name', $row)) {
+                $parent_name = trim($row['Parent Name']);
+            }
+
             // Set the location attributes to save
-            $location = Location::firstOrNew(array('name' => trim($row['Name'])));
-            $location->name = trim($row['Name']);
-            $location->currency = trim($row['Currency']);
-            $location->address = trim($row['Address 1']);
-            $location->address2 = trim($row['Address 2']);
-            $location->city = trim($row['City']);
-            $location->state = trim($row['State']);
-            $location->zip = trim($row['Zip']);
-            $location->country = trim($row['Country']);
-            $location->ldap_ou = trim($row['OU']);
+            if (array_key_exists('Name', $row)) {
+                $location = Location::firstOrNew(array('name' => trim($row['Name'])));
+                $location->name = trim($row['Name']);
+                $this->info('Checking location: '.$location->name);
+            } else {
+                $this->error('Location name is required and is missing from at least one row in this dataset. Check your CSV for extra trailing rows and try again.');
+                return false;
+            }
+            if (array_key_exists('Currency', $row)) {
+                $location->currency = trim($row['Currency']);
+            }
+            if (array_key_exists('Address 1', $row)) {
+                $location->address = trim($row['Address 1']);
+            }
+            if (array_key_exists('Address 2', $row)) {
+                $location->address2 = trim($row['Address 2']);
+            }
+            if (array_key_exists('City', $row)) {
+                $location->city = trim($row['City']);
+            }
+            if (array_key_exists('State', $row)) {
+                $location->state = trim($row['State']);
+            }
+            if (array_key_exists('Zip', $row)) {
+                $location->zip = trim($row['Zip']);
+            }
+            if (array_key_exists('Country', $row)) {
+                $location->country = trim($row['Country']);
+            }
+            if (array_key_exists('Country', $row)) {
+                $location->ldap_ou = trim($row['OU']);
+            }
 
-            $this->info('Checking location: '.$location->name);
 
-            // If a parent name nis provided, we created it earlier in the script,
+            // If a parent name is provided, we created it earlier in the script,
             // so let's grab that ID
             if ($parent_name) {
+                $this->info('-- Searching for Parent Name: '.$parent_name);
                 $parent = Location::where('name', '=', $parent_name)->first();
                 $location->parent_id = $parent->id;
-                $this->info('Parent ID: '.$parent->id);
+                $this->info('Parent: '.$parent_name.' - ID: '.$parent->id);
             }
 
             // Make sure the more advanced (non-name) fields pass validation

app/Console/Commands/LdapSync.php

@@ -42,9 +42,8 @@ class LdapSync extends Command
      */
     public function handle()
     {
-        ini_set('max_execution_time', 600); //600 seconds = 10 minutes
-        ini_set('memory_limit', '500M');
-
+        ini_set('max_execution_time', env('LDAP_TIME_LIM', 600)); //600 seconds = 10 minutes
+        ini_set('memory_limit', env('LDAP_MEM_LIM', '500M'));
         $ldap_result_username = Setting::getSettings()->ldap_username_field;
         $ldap_result_last_name = Setting::getSettings()->ldap_lname_field;
         $ldap_result_first_name = Setting::getSettings()->ldap_fname_field;
@@ -189,7 +188,7 @@ class LdapSync extends Command
                 // Sync activated state for Active Directory.
                 if ( array_key_exists('useraccountcontrol', $results[$i]) ) {
                   $enabled_accounts = [
-                    '512', '544', '66048', '66080', '262656', '262688', '328192', '328224'
+                    '512', '544', '66048', '66080', '262656', '262688', '328192', '328224', '4260352'
                   ];
                   $user->activated = ( in_array($results[$i]['useraccountcontrol'][0], $enabled_accounts) ) ? 1 : 0;
                 }

app/Console/Commands/ObjectImportCommand.php

@@ -65,7 +65,7 @@ class ObjectImportCommand extends Command
      *
      * @return mixed
      */
-    public function fire()
+    public function handle()
     {
         $filename = $this->argument('filename');
         $class = title_case($this->option('item-type'));

app/Console/Commands/Purge.php

@@ -33,7 +33,7 @@ class Purge extends Command
      *
      * @var string
      */
-    protected $description = 'Purge all soft-deleted deleted records in the database. This will rewrite history for items that have been edited, or checked in or out. It will also reqrite history for users associated with deleted items.';
+    protected $description = 'Purge all soft-deleted deleted records in the database. This will rewrite history for items that have been edited, or checked in or out. It will also rewrite history for users associated with deleted items.';
 
     /**
      * Create a new command instance.

app/Console/Commands/ReEncodeCustomFieldNames.php

@@ -0,0 +1,126 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\CustomField;
+use Illuminate\Console\Command;
+
+class ReEncodeCustomFieldNames extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:regenerate-fieldnames';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'This utility will regenerate the column names for custom fields. It should typically only be needed when a PHP upgrade changed the behavior of the unicode conversion between versions.';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * All three of these things must match for the custom fields system to work as expected:
+     *
+     * - what the system thinks the output of $field->convertUnicodeDbSlug() is
+     * - the actual db_column name in the customfields table
+     * - the physical column name that was created on the assets table
+     *
+     * For some people who upgraded their version of PHP, the unicode converter now behaves
+     * differently in than it did when their custom fields were first created, specifically as it
+     * relates to handling slashes, ampersands, etc. This can result in the field names no longer
+     * matching up, as an older version of the PHP extension simply dropped slashes, etc, while the
+     * newer version of the PHP extension will convert them to underscores.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+
+        if ($this->confirm('This will regenerate all of the custom field database fieldnames in your database. THIS WILL CHANGE YOUR SCHEMA AND SHOULD NOT BE DONE WITHOUT MAKING A BACKUP FIRST. Do you wish to continue?'))
+        {
+
+            /** Get all of the custom fields */
+            $fields = CustomField::get();
+
+            $asset_columns = \DB::getSchemaBuilder()->getColumnListing('assets');
+            $custom_field_columns = array();
+
+            /** Loop through the columns on the assets table */
+            foreach ($asset_columns as $asset_column) {
+
+                /** Add ones that start with _snipeit_ to an array for handling */
+                if (strpos($asset_column, '_snipeit_') === 0) {
+
+                    /**
+                     * Get the ID of the custom field based on the fieldname.
+                     * For example, in _snipeit_mac_address_1, we grab the 1 because we know
+                     * that's the ID of the custom field that created the column.
+                     * Then use that ID as the array key for use comparing the actual assets field name
+                     * and the db_column value from the custom fields table.
+                     */
+                    $last_part = substr(strrchr($asset_column, "_snipeit_"), 1);
+                    $custom_field_columns[$last_part] = $asset_column;
+                }
+            }
+
+            foreach ($fields as $field) {
+
+                $this->info($field->name .' ('.$field->id.') column should be '. $field->convertUnicodeDbSlug().'');
+
+                /** The assets table has the column it should have, all is well */
+                if (\Schema::hasColumn('assets', $field->convertUnicodeDbSlug()))
+                {
+                    $this->info('-- ✓ This field exists - all good');
+
+                /**
+                 * There is a mismatch between the fieldname on the assets table and
+                 * what $field->convertUnicodeDbSlug() is *now* expecting.
+                 */
+                } else {
+                        $this->warn('-- X Field mismatch: updating... ');
+
+                        /** Make sure the custom_field_columns array has the ID */
+                        if (array_key_exists($field->id, $custom_field_columns)) {
+
+                            /**
+                             * Update the asset schema to the corrected fieldname that will be recognized by the
+                             *  system elsewhere that we use $field->convertUnicodeDbSlug()
+                             */
+                            \Schema::table('assets', function($table) use ($custom_field_columns, $field) {
+                                $table->renameColumn($custom_field_columns[$field->id], $field->convertUnicodeDbSlug());
+                            });
+
+                            $this->warn('-- ✓ Field updated from '.$custom_field_columns[$field->id].' to '.$field->convertUnicodeDbSlug());
+
+                        } else {
+                            $this->warn('-- X WARNING: There is no field on the assets table ending in  '.$field->id.'. This may require more in-depth investigation and may mean the schema was altered manually.');
+                        }
+                }
+
+                /** Update the db_column property in the custom fields table, just in case it doesn't match the other
+                 * things.
+                 */
+                $field->db_column = $field->convertUnicodeDbSlug();
+                $field->save();
+
+
+            }
+
+        }
+
+
+    }
+}

app/Console/Commands/RotateAppKey.php

@@ -0,0 +1,135 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use Artisan;
+use App\Models\CustomField;
+use App\Models\Asset;
+use App\Models\Setting;
+use \Illuminate\Encryption\Encrypter;
+
+class RotateAppKey extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:rotate-key';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Command description';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        if ($this->confirm("\n****************************************************\nTHIS WILL MODIFY YOUR APP_KEY AND DE-CRYPT YOUR ENCRYPTED CUSTOM FIELDS AND \nRE-ENCRYPT THEM WITH A NEWLY GENERATED KEY. \n\nThere is NO undo. \n\nMake SURE you have a database backup and a backup of your .env generated BEFORE running this command. \n\nIf you do not save the newly generated APP_KEY to your .env in this process, \nyour encrypted data will no longer be decryptable. \n\nAre you SURE you wish to continue, and have confirmed you have a database backup and an .env backup? "))  {
+
+
+
+            // Get the existing app_key and ciphers
+            // We put them in a variable since we clear the cache partway through here.
+            $old_app_key = config('app.key');
+            $cipher = config('app.cipher');
+
+            // Generate a new one
+            Artisan::call('key:generate', ['--show' => true]);
+            $new_app_key = Artisan::output();
+
+            // Clear the config cache
+            Artisan::call('config:clear');
+
+            $this->warn('Your app cipher is: '.$cipher);
+            $this->warn('Your old APP_KEY is: '.$old_app_key);
+            $this->warn('Your new APP_KEY is: '.$new_app_key);
+
+            // Write the new app key to the .env file
+            $this->writeNewEnvironmentFileWith($new_app_key);
+
+            // Manually create an old encrypter instance using the old app key
+            // and also create a new encrypter instance so we can re-crypt the field
+            // using the newly generated app key
+            $oldEncrypter = new Encrypter(base64_decode(substr($old_app_key, 7)), $cipher);
+            $newEncrypter = new Encrypter(base64_decode(substr($new_app_key, 7)), $cipher);
+
+            $fields = CustomField::where('field_encrypted', '1')->get();
+
+
+            foreach ($fields as $field) {
+
+                $assets = Asset::whereNotNull($field->db_column)->get();
+
+                foreach ($assets as $asset) {
+
+                    $asset->{$field->db_column} = $oldEncrypter->decrypt($asset->{$field->db_column});
+                    $this->line('DECRYPTED: '. $field->db_column);
+                    $asset->{$field->db_column} = $newEncrypter->encrypt($asset->{$field->db_column});
+                    $this->line('ENCRYPTED: '.$field->db_column);
+                    $asset->save();
+
+                }
+
+            }
+
+            // Handle the LDAP password if one is provided
+            $setting = Setting::first();
+            if ($setting->ldap_pword!='') {
+                $setting->ldap_pword =  $oldEncrypter->decrypt($setting->ldap_pword);
+                $setting->ldap_pword =  $newEncrypter->encrypt($setting->ldap_pword);
+                $setting->save();
+                $this->warn('LDAP password has been re-encrypted.');
+            }
+
+
+        } else {
+            $this->info('This operation has been canceled. No changes have been made.');
+        }
+    }
+
+    /**
+     * Write a new environment file with the given key.
+     *
+     * @param  string  $key
+     * @return void
+     */
+    protected function writeNewEnvironmentFileWith($key)
+    {
+
+        file_put_contents($this->laravel->environmentFilePath(), preg_replace(
+            $this->keyReplacementPattern(),
+            'APP_KEY='.$key,
+            file_get_contents($this->laravel->environmentFilePath())
+        ));
+    }
+
+    /**
+     * Get a regex pattern that will match env APP_KEY with any random key.
+     *
+     * @return string
+     */
+    protected function keyReplacementPattern()
+    {
+        $escaped = preg_quote('='.$this->laravel['config']['app.key'], '/');
+        return "/^APP_KEY{$escaped}/m";
+    }
+
+}

app/Console/Commands/SendExpectedCheckinAlerts.php

@@ -42,7 +42,7 @@ class SendExpectedCheckinAlerts extends Command
      *
      * @return mixed
      */
-    public function fire()
+    public function handle()
     {
         $settings = Setting::getSettings();
         $whenNotify = Carbon::now()->addDays(7);

app/Console/Commands/SendExpirationAlerts.php

@@ -43,7 +43,7 @@ class SendExpirationAlerts extends Command
      *
      * @return mixed
      */
-    public function fire()
+    public function handle()
     {
 
         $settings = Setting::getSettings();

app/Console/Commands/SyncAssetCounters.php

@@ -39,7 +39,7 @@ class SyncAssetCounters extends Command
     public function handle()
     {
         $start = microtime(true);
-        $assets = Asset::withCount('checkins', 'checkouts', 'userRequests')
+        $assets = Asset::withCount('checkins as checkins_count', 'checkouts as checkouts_count', 'userRequests as user_requests_count')
             ->withTrashed()->get();
 
         if ($assets) {

app/Console/Commands/SyncAssetLocations.php

@@ -64,7 +64,7 @@ class SyncAssetLocations extends Command
         $output['info'][] = 'There are '.$assigned_user_assets->count().' assets checked out to users.';
         foreach ($assigned_user_assets as $assigned_user_asset) {
             if (($assigned_user_asset->assignedTo) && ($assigned_user_asset->assignedTo->userLoc)) {
-                $new_location=$assigned_user_asset->assignedTo->userloc->id;
+                $new_location = $assigned_user_asset->assignedTo->userLoc->id;
                 $output['info'][] ='Setting User Asset ' . $assigned_user_asset->id . ' ('.$assigned_user_asset->asset_tag.') to  ' . $assigned_user_asset->assignedTo->userLoc->name . ' which is id: ' . $new_location;
             } else {
                 $output['warn'][] ='Asset ' . $assigned_user_asset->id . ' ('.$assigned_user_asset->asset_tag.') still has no location! ';

app/Console/Commands/SystemBackup.php

@@ -36,7 +36,7 @@ class SystemBackup extends Command
      *
      * @return mixed
      */
-    public function fire()
+    public function handle()
     {
         //
         $this->call('backup:run');

app/Console/Kernel.php

@@ -2,39 +2,14 @@
 
 namespace App\Console;
 
+use App\Console\Commands\ImportLocations;
+use App\Console\Commands\ReEncodeCustomFieldNames;
 use App\Console\Commands\RestoreDeletedUsers;
 use Illuminate\Console\Scheduling\Schedule;
 use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
 
 class Kernel extends ConsoleKernel
 {
-    /**
-     * The Artisan commands provided by your application.
-     *
-     * @var array
-     */
-    protected $commands = [
-        Commands\PaveIt::class,
-        Commands\CreateAdmin::class,
-        Commands\SendExpirationAlerts::class,
-        Commands\SendInventoryAlerts::class,
-        Commands\SendExpectedCheckinAlerts::class,
-        Commands\ObjectImportCommand::class,
-        Commands\Version::class,
-        Commands\SystemBackup::class,
-        Commands\DisableLDAP::class,
-        Commands\Purge::class,
-        Commands\LdapSync::class,
-        Commands\FixDoubleEscape::class,
-        Commands\RecryptFromMcrypt::class,
-        Commands\ResetDemoSettings::class,
-        Commands\SyncAssetLocations::class,
-        Commands\RegenerateAssetTags::class,
-        Commands\SyncAssetCounters::class,
-        Commands\RestoreDeletedUsers::class,
-        Commands\SendUpcomingAuditReport::class,
-        Commands\ImportLocations::class,
-    ];
 
     /**
      * Define the application's command schedule.
@@ -56,5 +31,6 @@ class Kernel extends ConsoleKernel
     protected function commands()
     {
         require base_path('routes/console.php');
+        $this->load(__DIR__.'/Commands');
     }
 }

app/Exceptions/Handler.php

@@ -23,6 +23,7 @@ class Handler extends ExceptionHandler
         \Illuminate\Database\Eloquent\ModelNotFoundException::class,
         \Illuminate\Session\TokenMismatchException::class,
         \Illuminate\Validation\ValidationException::class,
+        \Intervention\Image\Exception\NotSupportedException::class,
     ];
 
     /**
@@ -66,10 +67,6 @@ class Handler extends ExceptionHandler
                 return response()->json(Helper::formatStandardApiResponse('error', null, $className . ' not found'), 200);
             }
 
-            if ($e instanceof \Illuminate\Validation\ValidationException) {
-                return response()->json(Helper::formatStandardApiResponse('error', null, $e->response['messages'], 400));
-            }
-
             if ($this->isHttpException($e)) {
 
                 $statusCode = $e->getStatusCode();
@@ -84,11 +81,6 @@ class Handler extends ExceptionHandler
 
                 }
             }
-            // Try to parse 500 Errors in a bit nicer way when debug is enabled.
-            if (config('app.debug')) {
-                return response()->json(Helper::formatStandardApiResponse('error', null, "An Error has occured! " . $e->getMessage()), 500);
-            }
-
         }
 
 
@@ -117,4 +109,16 @@ class Handler extends ExceptionHandler
 
         return redirect()->guest('login');
     }
+
+    /**
+     * Convert a validation exception into a JSON response.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Illuminate\Validation\ValidationException  $exception
+     * @return \Illuminate\Http\JsonResponse
+     */
+    protected function invalidJson($request, ValidationException $exception)
+    {
+        return response()->json(Helper::formatStandardApiResponse('error', null, $exception->errors(), 400));
+    }
 }

app/Helpers/Helper.php

@@ -281,9 +281,9 @@ class Helper
      */
     public static function checkLowInventory()
     {
-        $consumables = Consumable::withCount('consumableAssignments')->whereNotNull('min_amt')->get();
-        $accessories = Accessory::withCount('users')->whereNotNull('min_amt')->get();
-        $components = Component::withCount('assets')->whereNotNull('min_amt')->get();
+        $consumables = Consumable::withCount('consumableAssignments as consumable_assignments_count')->whereNotNull('min_amt')->get();
+        $accessories = Accessory::withCount('users as users_count')->whereNotNull('min_amt')->get();
+        $components = Component::withCount('assets as assets_count')->whereNotNull('min_amt')->get();
 
         $avail_consumables = 0;
         $items_array = array();

app/Http/Controllers/AccessoriesController.php

@@ -85,26 +85,7 @@ class AccessoriesController extends Controller
         $accessory->qty                     = request('qty');
         $accessory->user_id                 = Auth::user()->id;
         $accessory->supplier_id             = request('supplier_id');
-
-        if ($request->hasFile('image')) {
-
-            if (!config('app.lock_passwords')) {
-                $image = $request->file('image');
-                $ext = $image->getClientOriginalExtension();
-                $file_name = "accessory-".str_random(18).'.'.$ext;
-                $path = public_path('/uploads/accessories');
-                if ($image->getClientOriginalExtension()!='svg') {
-                    Image::make($image->getRealPath())->resize(null, 250, function ($constraint) {
-                        $constraint->aspectRatio();
-                        $constraint->upsize();
-                    })->save($path.'/'.$file_name);
-                } else {
-                    $image->move($path, $file_name);
-                }
-                $accessory->image = $file_name;
-            }
-        }
-
+        $accessory = $request->handleImages($accessory,600, public_path().'/uploads/accessories');
 
 
         // Was the accessory created?
@@ -165,28 +146,7 @@ class AccessoriesController extends Controller
         $accessory->qty                     = request('qty');
         $accessory->supplier_id             = request('supplier_id');
 
-        if ($request->hasFile('image')) {
-
-            if (!config('app.lock_passwords')) {
-                $image = $request->file('image');
-                $ext = $image->getClientOriginalExtension();
-                $file_name = "accessory-".str_random(18).'.'.$ext;
-                $path = public_path('/uploads/accessories');
-                if ($image->getClientOriginalExtension()!='svg') {
-                    Image::make($image->getRealPath())->resize(null, 250, function ($constraint) {
-                        $constraint->aspectRatio();
-                        $constraint->upsize();
-                    })->save($path.'/'.$file_name);
-                } else {
-                    $image->move($path, $file_name);
-                }
-                if (($accessory->image) && (file_exists($path.'/'.$accessory->image))) {
-                    unlink($path.'/'.$accessory->image);
-                }
-
-                $accessory->image = $file_name;
-            }
-        }
+        $accessory = $request->handleImages($accessory,600, public_path().'/uploads/accessories');
 
 
         // Was the accessory updated?
@@ -238,7 +198,7 @@ class AccessoriesController extends Controller
         if (isset($accessory->id)) {
             return view('accessories/view', compact('accessory'));
         }
-        return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.does_not_exist', compact('id')));
+        return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.does_not_exist'));
     }
 
   /**

app/Http/Controllers/Api/AccessoriesController.php

@@ -8,7 +8,10 @@ use App\Helpers\Helper;
 use App\Models\Accessory;
 use App\Http\Transformers\AccessoriesTransformer;
 use App\Models\Company;
-
+use App\Models\User;
+use Carbon\Carbon;
+use Auth;
+use DB;
 
 class AccessoriesController extends Controller
 {
@@ -26,28 +29,34 @@ class AccessoriesController extends Controller
 
         $accessories = Accessory::with('category', 'company', 'manufacturer', 'users', 'location');
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $accessories = $accessories->TextSearch($request->input('search'));
         }
 
-        if ($request->has('company_id')) {
+        if ($request->filled('company_id')) {
             $accessories->where('company_id','=',$request->input('company_id'));
         }
 
-        if ($request->has('category_id')) {
+        if ($request->filled('category_id')) {
             $accessories->where('category_id','=',$request->input('category_id'));
         }
 
-        if ($request->has('manufacturer_id')) {
+        if ($request->filled('manufacturer_id')) {
             $accessories->where('manufacturer_id','=',$request->input('manufacturer_id'));
         }
 
-        if ($request->has('supplier_id')) {
+        if ($request->filled('supplier_id')) {
             $accessories->where('supplier_id','=',$request->input('supplier_id'));
         }
 
-        $offset = (($accessories) && (request('offset') > $accessories->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($accessories) && ($request->get('offset') > $accessories->count())) ? $accessories->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
 
@@ -191,4 +200,94 @@ class AccessoriesController extends Controller
         return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.delete.success')));
 
     }
+
+
+    /**
+     * Save the Accessory checkout information.
+     *
+     * If Slack is enabled and/or asset acceptance is enabled, it will also
+     * trigger a Slack message and send an email.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param  int  $accessoryId
+     * @return Redirect
+     */
+    public function checkout(Request $request, $accessoryId)
+    {
+        // Check if the accessory exists
+        if (is_null($accessory = Accessory::find($accessoryId))) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.does_not_exist')));
+        }
+
+        $this->authorize('checkout', $accessory);
+
+
+        if ($accessory->numRemaining() > 0) {
+
+            if (!$user = User::find($request->input('assigned_to'))) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.checkout.user_does_not_exist')));
+            }
+
+            // Update the accessory data
+            $accessory->assigned_to = $request->input('assigned_to');
+
+            $accessory->users()->attach($accessory->id, [
+                'accessory_id' => $accessory->id,
+                'created_at' => Carbon::now(),
+                'user_id' => Auth::id(),
+                'assigned_to' => $request->get('assigned_to')
+            ]);
+
+            $accessory->logCheckout($request->input('note'), $user);
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.checkout.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'No accessories remaining'));
+
+    }
+
+    /**
+     * Check in the item so that it can be checked out again to someone else
+     *
+     * @uses Accessory::checkin_email() to determine if an email can and should be sent
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param Request $request
+     * @param integer $accessoryUserId
+     * @param string $backto
+     * @return Redirect
+     * @internal param int $accessoryId
+     */
+    public function checkin(Request $request, $accessoryUserId = null)
+    {
+        if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.does_not_exist')));
+        }
+
+        $accessory = Accessory::find($accessory_user->accessory_id);
+        $this->authorize('checkin', $accessory);
+
+        $logaction = $accessory->logCheckin(User::find($accessoryUserId), $request->input('note'));
+
+        // Was the accessory updated?
+        if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {
+            if (!is_null($accessory_user->assigned_to)) {
+                $user = User::find($accessory_user->assigned_to);
+            }
+
+            $data['log_id'] = $logaction->id;
+            $data['first_name'] = $user->first_name;
+            $data['last_name'] = $user->last_name;
+            $data['item_name'] = $accessory->name;
+            $data['checkin_date'] = $logaction->created_at;
+            $data['item_tag'] = '';
+            $data['note'] = $logaction->note;
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.checkin.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/accessories/message.checkin.error')));
+
+    }
+
 }

app/Http/Controllers/Api/AssetMaintenancesController.php

@@ -40,12 +40,17 @@ class AssetMaintenancesController extends Controller
             $maintenances = $maintenances->TextSearch(e($request->input('search')));
         }
 
-        if ($request->has('asset_id')) {
+        if ($request->filled('asset_id')) {
             $maintenances->where('asset_id', '=', $request->input('asset_id'));
         }
 
-        $offset = (($maintenances) && (request('offset') > $maintenances->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($maintenances) && ($request->get('offset') > $maintenances->count())) ? $maintenances->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
 
         $allowed_columns = [
                                 'id',

app/Http/Controllers/Api/AssetModelsController.php

@@ -48,20 +48,25 @@ class AssetModelsController extends Controller
             'models.updated_at',
          ])
             ->with('category','depreciation', 'manufacturer','fieldset')
-            ->withCount('assets');
+            ->withCount('assets as assets_count');
 
 
 
-        if ($request->has('status')) {
+        if ($request->filled('status')) {
             $assetmodels->onlyTrashed();
         }
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $assetmodels->TextSearch($request->input('search'));
         }
 
-        $offset = (($assetmodels) && (request('offset') > $assetmodels->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($assetmodels) && ($request->get('offset') > $assetmodels->count())) ? $assetmodels->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'models.created_at';
 
@@ -114,7 +119,7 @@ class AssetModelsController extends Controller
     public function show($id)
     {
         $this->authorize('view', AssetModel::class);
-        $assetmodel = AssetModel::withCount('assets')->findOrFail($id);
+        $assetmodel = AssetModel::withCount('assets as assets_count')->findOrFail($id);
         return (new AssetModelsTransformer)->transformAssetModel($assetmodel);
     }
 
@@ -210,7 +215,7 @@ class AssetModelsController extends Controller
 
         $settings = \App\Models\Setting::getSettings();
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $assetmodels = $assetmodels->SearchByManufacturerOrCat($request->input('search'));
         }
 

app/Http/Controllers/Api/AssetsController.php

@@ -84,7 +84,7 @@ class AssetsController extends Controller
 
         $filter = array();
 
-        if ($request->has('filter')) {
+        if ($request->filled('filter')) {
             $filter = json_decode($request->input('filter'), true);
         }
 
@@ -101,7 +101,7 @@ class AssetsController extends Controller
         // These are used by the API to query against specific ID numbers.
         // They are also used by the individual searches on detail pages like
         // locations, etc.
-        if ($request->has('status_id')) {
+        if ($request->filled('status_id')) {
             $assets->where('assets.status_id', '=', $request->input('status_id'));
         }
 
@@ -109,43 +109,54 @@ class AssetsController extends Controller
             $assets->where('assets.requestable', '=', '1');
         }
 
-        if ($request->has('model_id')) {
+        if ($request->filled('model_id')) {
             $assets->InModelList([$request->input('model_id')]);
         }
 
-        if ($request->has('category_id')) {
+        if ($request->filled('category_id')) {
             $assets->InCategory($request->input('category_id'));
         }
 
-        if ($request->has('location_id')) {
+        if ($request->filled('location_id')) {
             $assets->where('assets.location_id', '=', $request->input('location_id'));
         }
 
-        if ($request->has('supplier_id')) {
+        if ($request->filled('rtd_location_id')) {
+            $assets->where('assets.rtd_location_id', '=', $request->input('rtd_location_id'));
+        }
+
+        if ($request->filled('supplier_id')) {
             $assets->where('assets.supplier_id', '=', $request->input('supplier_id'));
         }
 
-        if (($request->has('assigned_to')) && ($request->has('assigned_type'))) {
+        if (($request->filled('assigned_to')) && ($request->filled('assigned_type'))) {
             $assets->where('assets.assigned_to', '=', $request->input('assigned_to'))
                 ->where('assets.assigned_type', '=', $request->input('assigned_type'));
         }
 
-        if ($request->has('company_id')) {
+        if ($request->filled('company_id')) {
             $assets->where('assets.company_id', '=', $request->input('company_id'));
         }
 
-        if ($request->has('manufacturer_id')) {
+        if ($request->filled('manufacturer_id')) {
             $assets->ByManufacturer($request->input('manufacturer_id'));
         }
 
-        if ($request->has('depreciation_id')) {
+        if ($request->filled('depreciation_id')) {
             $assets->ByDepreciationId($request->input('depreciation_id'));
         }
 
-        $request->has('order_number') ? $assets = $assets->where('assets.order_number', '=', e($request->get('order_number'))) : '';
+        $request->filled('order_number') ? $assets = $assets->where('assets.order_number', '=', e($request->get('order_number'))) : '';
+
+
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($assets) && ($request->get('offset') > $assets->count())) ? $assets->count() : $request->get('offset', 0);
+
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
 
-        $offset = (($assets) && (request('offset') > $assets->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
 
         // This is used by the audit reporting routes
@@ -216,7 +227,7 @@ class AssetsController extends Controller
                 break;
             default:
 
-                if ((!$request->has('status_id')) && ($settings->show_archived_in_list!='1')) {
+                if ((!$request->filled('status_id')) && ($settings->show_archived_in_list!='1')) {
                     // terrible workaround for complex-query Laravel bug in fulltext
                     $assets->join('status_labels AS status_alias',function ($join) {
                         $join->on('status_alias.id', "=", "assets.status_id")
@@ -235,7 +246,7 @@ class AssetsController extends Controller
 
         if ((!is_null($filter)) && (count($filter)) > 0) {
             $assets->ByFilter($filter);
-        } elseif ($request->has('search')) {
+        } elseif ($request->filled('search')) {
             $assets->TextSearch($request->input('search'));
         }
 
@@ -341,7 +352,7 @@ class AssetsController extends Controller
      */
     public function show($id)
     {
-        if ($asset = Asset::with('assetstatus')->with('assignedTo')->withTrashed()->withCount('checkins', 'checkouts', 'userRequests')->findOrFail($id)) {
+        if ($asset = Asset::with('assetstatus')->with('assignedTo')->withTrashed()->withCount('checkins as checkins_count', 'checkouts as checkouts_count', 'userRequests as userRequests_count')->findOrFail($id)) {
             $this->authorize('view', $asset);
             return (new AssetsTransformer)->transformAsset($asset);
         }
@@ -371,11 +382,11 @@ class AssetsController extends Controller
             'assets.status_id'
         ])->with('model', 'assetstatus', 'assignedTo')->NotArchived(),'company_id', 'assets');
 
-        if ($request->has('assetStatusType') && $request->input('assetStatusType') === 'RTD') {
+        if ($request->filled('assetStatusType') && $request->input('assetStatusType') === 'RTD') {
             $assets = $assets->RTD();
         }
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $assets = $assets->AssignedSearch($request->input('search'));
         }
 
@@ -446,7 +457,7 @@ class AssetsController extends Controller
         // Update custom fields in the database.
         // Validation for these fields is handled through the AssetRequest form request
         $model = AssetModel::find($request->get('model_id'));
-        if ($model->fieldset) {
+        if (($model) && ($model->fieldset)) {
             foreach ($model->fieldset->fields as $field) {
                 if ($field->field_encrypted=='1') {
                     if (Gate::allows('admin')) {
@@ -493,11 +504,11 @@ class AssetsController extends Controller
 
             $asset->fill($request->all());
 
-            ($request->has('model_id')) ?
+            ($request->filled('model_id')) ?
                 $asset->model()->associate(AssetModel::find($request->get('model_id'))) : null;
-            ($request->has('company_id')) ?
+            ($request->filled('company_id')) ?
                 $asset->company_id = Company::getIdForCurrentUser($request->get('company_id')) : null;
-            ($request->has('rtd_location_id')) ?
+            ($request->filled('rtd_location_id')) ?
                 $asset->location_id = $request->get('rtd_location_id') : null;
 
             // Update custom fields
@@ -518,11 +529,15 @@ class AssetsController extends Controller
 
             if ($asset->save()) {
 
-                if (($request->has('assigned_user')) && ($target = User::find($request->get('assigned_user')))) {
+                if (($request->filled('assigned_user')) && ($target = User::find($request->get('assigned_user')))) {
                     $location = $target->location_id;
-                } elseif (($request->has('assigned_asset')) && ($target = Asset::find($request->get('assigned_asset')))) {
+                } elseif (($request->filled('assigned_asset')) && ($target = Asset::find($request->get('assigned_asset')))) {
                     $location = $target->location_id;
-                } elseif (($request->has('assigned_location')) && ($target = Location::find($request->get('assigned_location')))) {
+
+                    Asset::where('assigned_type', '\\App\\Models\\Asset')->where('assigned_to', $id)
+                        ->update(['location_id' => $target->location_id]);
+
+                } elseif (($request->filled('assigned_location')) && ($target = Location::find($request->get('assigned_location')))) {
                     $location = $target->id;
                 }
 
@@ -605,16 +620,14 @@ class AssetsController extends Controller
             $target = Asset::where('id','!=',$asset_id)->find(request('assigned_asset'));
             $asset->location_id = $target->rtd_location_id;
             // Override with the asset's location_id if it has one
-            if ($target->location_id!='') {
-                $asset->location_id = ($target) ? $target->location_id : '';
-            }
+            $asset->location_id = (($target) && (isset($target->location_id))) ? $target->location_id : '';
             $error_payload['target_id'] = $request->input('assigned_asset');
             $error_payload['target_type'] = 'asset';
 
         } elseif (request('checkout_to_type')=='user') {
             // Fetch the target and set the asset's new location_id
             $target = User::find(request('assigned_user'));
-            $asset->location_id = ($target) ? $target->location_id : '';
+            $asset->location_id = (($target) && (isset($target->location_id))) ? $target->location_id : '';
             $error_payload['target_id'] = $request->input('assigned_user');
             $error_payload['target_type'] = 'user';
         }
@@ -633,11 +646,12 @@ class AssetsController extends Controller
         $asset_name = request('name', null);
 
         // Set the location ID to the RTD location id if there is one
-        if ($asset->rtd_location_id!='') {
-            $asset->location_id = $target->rtd_location_id;
-        }
-
+        // Wait, why are we doing this? This overrides the stuff we set further up, which makes no sense.
+        // TODO: Follow up here. WTF. Commented out for now. 
 
+//        if ((isset($target->rtd_location_id)) && ($asset->rtd_location_id!='')) {
+//            $asset->location_id = $target->rtd_location_id;
+//        }
 
 
 
@@ -645,7 +659,7 @@ class AssetsController extends Controller
             return response()->json(Helper::formatStandardApiResponse('success', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkout.success')));
         }
 
-        return response()->json(Helper::formatStandardApiResponse('error', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkout.error')))->withErrors($asset->getErrors());
+        return response()->json(Helper::formatStandardApiResponse('error', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkout.error')));
     }
 
 
@@ -674,10 +688,14 @@ class AssetsController extends Controller
         $asset->assigned_to = null;
         $asset->assignedTo()->disassociate($asset);
         $asset->accepted = null;
-        $asset->name = Input::get('name');
+
+        if ($request->filled('name')) {
+            $asset->name = $request->input('name');
+        }
+        
         $asset->location_id =  $asset->rtd_location_id;
 
-        if ($request->has('location_id')) {
+        if ($request->filled('location_id')) {
             $asset->location_id =  $request->input('location_id');
         }
 

app/Http/Controllers/Api/CategoriesController.php

@@ -24,14 +24,19 @@ class CategoriesController extends Controller
         $allowed_columns = ['id', 'name','category_type', 'category_type','use_default_eula','eula_text', 'require_acceptance','checkin_email', 'assets_count', 'accessories_count', 'consumables_count', 'components_count','licenses_count', 'image'];
 
         $categories = Category::select(['id', 'created_at', 'updated_at', 'name','category_type','use_default_eula','eula_text', 'require_acceptance','checkin_email','image'])
-            ->withCount('assets', 'accessories', 'consumables', 'components','licenses');
+            ->withCount('assets as assets_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count','licenses as licenses_count');
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $categories = $categories->TextSearch($request->input('search'));
         }
 
-        $offset = (($categories) && (request('offset') > $categories->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($categories) && ($request->get('offset') > $categories->count())) ? $categories->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'assets_count';
         $categories->orderBy($sort, $order);
@@ -148,7 +153,7 @@ class CategoriesController extends Controller
             'image',
         ]);
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $categories = $categories->where('name', 'LIKE', '%'.$request->get('search').'%');
         }
 

app/Http/Controllers/Api/CompaniesController.php

@@ -35,14 +35,19 @@ class CompaniesController extends Controller
             'components_count',
         ];
 
-        $companies = Company::withCount('assets','licenses','accessories','consumables','components','users');
+        $companies = Company::withCount('assets as assets_count','licenses as licenses_count','accessories as accessories_count','consumables as consumables_count','components as components_count','users as users_count');
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $companies->TextSearch($request->input('search'));
         }
 
-        $offset = (($companies) && (request('offset') > $companies->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($companies) && ($request->get('offset') > $companies->count())) ? $companies->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $companies->orderBy($sort, $order);
@@ -168,7 +173,7 @@ class CompaniesController extends Controller
             'companies.image',
         ]);
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $companies = $companies->where('companies.name', 'LIKE', '%'.$request->get('search').'%');
         }
 

app/Http/Controllers/Api/ComponentsController.php

@@ -27,24 +27,28 @@ class ComponentsController extends Controller
         $components = Company::scopeCompanyables(Component::select('components.*')
             ->with('company', 'location', 'category'));
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $components = $components->TextSearch($request->input('search'));
         }
 
-        if ($request->has('company_id')) {
+        if ($request->filled('company_id')) {
             $components->where('company_id','=',$request->input('company_id'));
         }
 
-        if ($request->has('category_id')) {
+        if ($request->filled('category_id')) {
             $components->where('category_id','=',$request->input('category_id'));
         }
 
-        if ($request->has('location_id')) {
+        if ($request->filled('location_id')) {
             $components->where('location_id','=',$request->input('location_id'));
         }
 
-        $offset = (($components) && (request('offset') > $components->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($components) && ($request->get('offset') > $components->count())) ? $components->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
 
         $allowed_columns = ['id','name','min_amt','order_number','serial','purchase_date','purchase_cost','company','category','qty','location','image'];
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';

app/Http/Controllers/Api/ConsumablesController.php

@@ -27,25 +27,30 @@ class ConsumablesController extends Controller
                 ->with('company', 'location', 'category', 'users', 'manufacturer')
         );
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $consumables = $consumables->TextSearch(e($request->input('search')));
         }
 
-        if ($request->has('company_id')) {
+        if ($request->filled('company_id')) {
             $consumables->where('company_id','=',$request->input('company_id'));
         }
 
-        if ($request->has('category_id')) {
+        if ($request->filled('category_id')) {
             $consumables->where('category_id','=',$request->input('category_id'));
         }
 
-        if ($request->has('manufacturer_id')) {
+        if ($request->filled('manufacturer_id')) {
             $consumables->where('manufacturer_id','=',$request->input('manufacturer_id'));
         }
 
 
-        $offset = (($consumables) && (request('offset') > $consumables->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($consumables) && ($request->get('offset') > $consumables->count())) ? $consumables->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $allowed_columns = ['id','name','order_number','min_amt','purchase_date','purchase_cost','company','category','model_number', 'item_no', 'manufacturer','location','qty','image'];
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -165,7 +170,7 @@ class ConsumablesController extends Controller
     {
         $consumable = Consumable::with(array('consumableAssignments'=>
         function ($query) {
-            $query->orderBy('created_at', 'DESC');
+            $query->orderBy($query->getModel()->getTable().'.created_at', 'DESC');
         },
         'consumableAssignments.admin'=> function ($query) {
         },

app/Http/Controllers/Api/CustomFieldsController.php

@@ -24,7 +24,7 @@ class CustomFieldsController extends Controller
 
     public function index()
     {
-        $this->authorize('index', CustomFields::class);
+        $this->authorize('index', CustomField::class);
         $fields = CustomField::get();
         return (new CustomFieldsTransformer)->transformCustomFields($fields, $fields->count());
     }
@@ -38,7 +38,7 @@ class CustomFieldsController extends Controller
     */
     public function show($id)
     {
-      $this->authorize('show', CustomField::class);
+      $this->authorize('view', CustomField::class);
         if ($field = CustomField::find($id)) {
             return (new CustomFieldsTransformer)->transformCustomField($field);
         }

app/Http/Controllers/Api/CustomFieldsetsController.php

@@ -43,7 +43,7 @@ class CustomFieldsetsController extends Controller
     public function index()
     {
         $this->authorize('index', CustomFieldset::class);
-        $fieldsets = CustomFieldset::withCount(['fields', 'models'])->get();
+        $fieldsets = CustomFieldset::withCount('fields as fields_count', 'models as models_count')->get();
         return (new CustomFieldsetsTransformer)->transformCustomFieldsets($fieldsets, $fieldsets->count());
 
     }
@@ -58,7 +58,7 @@ class CustomFieldsetsController extends Controller
     */
     public function show($id)
     {
-      $this->authorize('show', CustomFieldset::class);
+      $this->authorize('view', CustomFieldset::class);
         if ($fieldset = CustomFieldset::find($id)) {
             return (new CustomFieldsetsTransformer)->transformCustomFieldset($fieldset);
         }

app/Http/Controllers/Api/DepartmentsController.php

@@ -15,7 +15,7 @@ class DepartmentsController extends Controller
     /**
      * Display a listing of the resource.
      *
-     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @author [Godfrey Martinez] [<snipe@snipe.net>]
      * @since [v4.0]
      * @return \Illuminate\Http\Response
      */
@@ -33,14 +33,19 @@ class DepartmentsController extends Controller
             'departments.created_at',
             'departments.updated_at',
             'departments.image'
-        ])->with('users')->with('location')->with('manager')->with('company')->withCount('users');
+        ])->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $departments = $departments->TextSearch($request->input('search'));
         }
 
-        $offset = (($departments) && (request('offset') > $departments->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($departments) && ($request->get('offset') > $departments->count())) ? $departments->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
 
@@ -76,7 +81,7 @@ class DepartmentsController extends Controller
         $department = new Department;
         $department->fill($request->all());
         $department->user_id = Auth::user()->id;
-        $department->manager_id = ($request->has('manager_id' ) ? $request->input('manager_id') : null);
+        $department->manager_id = ($request->filled('manager_id' ) ? $request->input('manager_id') : null);
 
         if ($department->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $department, trans('admin/departments/message.create.success')));
@@ -142,7 +147,7 @@ class DepartmentsController extends Controller
             'image',
         ]);
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $departments = $departments->where('name', 'LIKE', '%'.$request->get('search').'%');
         }
 
@@ -158,5 +163,28 @@ class DepartmentsController extends Controller
         return (new SelectlistTransformer)->transformSelectlist($departments);
 
     }
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [Godfrey Martinez] [<gmartinez@grokability.com>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, $id)
+    {
+        $this->authorize('update', Department::class);
+        $departments = Department::findOrFail($id);
+        $departments->fill($request->all());
+
+        if ($departments->save()) {
+            return response()
+                ->json(Helper::formatStandardApiResponse('success', (new DepartmentsTransformer())->transformdepartment($departments), trans('admin/departments/message.update.success')));
+        }
+
+        return response()
+            ->json(Helper::formatStandardApiResponse('error', null, $departments->getErrors()));
+    }
 
 }

app/Http/Controllers/Api/DepreciationsController.php

@@ -24,12 +24,17 @@ class DepreciationsController extends Controller
 
         $depreciations = Depreciation::select('id','name','months','user_id','created_at','updated_at');
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $depreciations = $depreciations->TextSearch($request->input('search'));
         }
 
-        $offset = (($depreciations) && (request('offset') > $depreciations->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($depreciations) && ($request->get('offset') > $depreciations->count())) ? $depreciations->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $depreciations->orderBy($sort, $order);

app/Http/Controllers/Api/GroupsController.php

@@ -22,14 +22,19 @@ class GroupsController extends Controller
         $this->authorize('view', Group::class);
         $allowed_columns = ['id','name','created_at', 'users_count'];
 
-        $groups = Group::select('id','name','permissions','created_at','updated_at')->withCount('users');
+        $groups = Group::select('id','name','permissions','created_at','updated_at')->withCount('users as users_count');
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $groups = $groups->TextSearch($request->input('search'));
         }
 
-        $offset = (($groups) && (request('offset') > $groups->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($groups) && ($request->get('offset') > $groups->count())) ? $groups->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $groups->orderBy($sort, $order);

app/Http/Controllers/Api/ImportController.php

@@ -119,7 +119,14 @@ class ImportController extends Controller
     {
         $this->authorize('import');
         // Run a backup immediately before processing
-        Artisan::call('backup:run');
+
+        if ($request->has('run-backup')) {
+            \Log::debug('Backup manually requested via importer');
+            Artisan::call('backup:run');
+        } else {
+            \Log::debug('NO BACKUP requested via importer');
+        }
+
         $errors = $request->import(Import::find($import_id));
         $redirectTo = "hardware.index";
         switch ($request->get('import-type')) {

app/Http/Controllers/Api/LicensesController.php

@@ -25,65 +25,70 @@ class LicensesController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', License::class);
-        $licenses = Company::scopeCompanyables(License::with('company', 'manufacturer', 'freeSeats', 'supplier','category')->withCount('freeSeats'));
+        $licenses = Company::scopeCompanyables(License::with('company', 'manufacturer', 'freeSeats', 'supplier','category')->withCount('freeSeats as free_seats_count'));
 
 
-        if ($request->has('company_id')) {
+        if ($request->filled('company_id')) {
             $licenses->where('company_id','=',$request->input('company_id'));
         }
 
-        if ($request->has('name')) {
+        if ($request->filled('name')) {
             $licenses->where('licenses.name','=',$request->input('name'));
         }
 
-        if ($request->has('product_key')) {
+        if ($request->filled('product_key')) {
             $licenses->where('licenses.serial','=',$request->input('product_key'));
         }
 
-        if ($request->has('order_number')) {
+        if ($request->filled('order_number')) {
             $licenses->where('order_number','=',$request->input('order_number'));
         }
 
-        if ($request->has('purchase_order')) {
+        if ($request->filled('purchase_order')) {
             $licenses->where('purchase_order','=',$request->input('purchase_order'));
         }
 
-        if ($request->has('license_name')) {
+        if ($request->filled('license_name')) {
             $licenses->where('license_name','=',$request->input('license_name'));
         }
 
-        if ($request->has('license_email')) {
+        if ($request->filled('license_email')) {
             $licenses->where('license_email','=',$request->input('license_email'));
         }
 
-        if ($request->has('manufacturer_id')) {
+        if ($request->filled('manufacturer_id')) {
             $licenses->where('manufacturer_id','=',$request->input('manufacturer_id'));
         }
 
-        if ($request->has('supplier_id')) {
+        if ($request->filled('supplier_id')) {
             $licenses->where('supplier_id','=',$request->input('supplier_id'));
         }
 
-        if ($request->has('category_id')) {
+        if ($request->filled('category_id')) {
             $licenses->where('category_id','=',$request->input('category_id'));
         }
 
-        if ($request->has('depreciation_id')) {
+        if ($request->filled('depreciation_id')) {
             $licenses->where('depreciation_id','=',$request->input('depreciation_id'));
         }
 
-        if ($request->has('supplier_id')) {
+        if ($request->filled('supplier_id')) {
             $licenses->where('supplier_id','=',$request->input('supplier_id'));
         }
 
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $licenses = $licenses->TextSearch($request->input('search'));
         }
 
 
-        $offset = (($licenses) && (request('offset') > $licenses->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($licenses) && ($request->get('offset') > $licenses->count())) ? $licenses->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
 
 
@@ -225,14 +230,21 @@ class LicensesController extends Controller
 
             $this->authorize('view', $license);
 
-            $seats = LicenseSeat::where('license_id', $licenseId)->with('license', 'user', 'asset');
+            $seats = LicenseSeat::where('license_seats.license_id', $licenseId)
+                ->with('license', 'user', 'asset', 'user.department');
 
-            $offset = (($seats) && (request('offset') > $seats->count())) ? 0 : request('offset', 0);
-
-            $limit = request('limit', 50);
             $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
 
+            if ($request->input('sort')=='department') {
+                $seats->OrderDepartments($order);
+            } else {
+                $seats->orderBy('id', $order);
+            }
+
             $total = $seats->count();
+            $offset = (($seats) && (request('offset') > $total)) ? 0 : request('offset', 0);
+            $limit = request('limit', 50);
+            
             $seats = $seats->skip($offset)->take($limit)->get();
 
             if ($seats) {

app/Http/Controllers/Api/LocationsController.php

@@ -8,6 +8,8 @@ use App\Helpers\Helper;
 use App\Models\Location;
 use App\Http\Transformers\LocationsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
+use Illuminate\Pagination\LengthAwarePaginator;
+use Illuminate\Support\Collection;
 
 class LocationsController extends Controller
 {
@@ -26,7 +28,7 @@ class LocationsController extends Controller
                 'updated_at','manager_id','image',
                 'assigned_assets_count','users_count','assets_count','currency'];
 
-        $locations = Location::with('parent', 'manager', 'childLocations')->select([
+        $locations = Location::with('parent', 'manager', 'children')->select([
             'locations.id',
             'locations.name',
             'locations.address',
@@ -41,18 +43,22 @@ class LocationsController extends Controller
             'locations.updated_at',
             'locations.image',
             'locations.currency'
-        ])->withCount('assignedAssets')
-        ->withCount('assets')
-        ->withCount('users');
+        ])->withCount('assignedAssets as assigned_assets_count')
+        ->withCount('assets as assets_count')
+        ->withCount('users as users_count');
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $locations = $locations->TextSearch($request->input('search'));
         }
 
 
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($locations) && ($request->get('offset') > $locations->count())) ? $locations->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
 
-        $offset = (($locations) && (request('offset') > $locations->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
 
@@ -106,7 +112,7 @@ class LocationsController extends Controller
     public function show($id)
     {
         $this->authorize('view', Location::class);
-        $location = Location::with('parent', 'manager', 'childLocations')
+        $location = Location::with('parent', 'manager', 'children')
             ->select([
                 'locations.id',
                 'locations.name',
@@ -123,9 +129,9 @@ class LocationsController extends Controller
                 'locations.image',
                 'locations.currency'
             ])
-            ->withCount('assignedAssets')
-            ->withCount('assets')
-            ->withCount('users')->findOrFail($id);
+            ->withCount('assignedAssets as assigned_assets_count')
+            ->withCount('assets as assets_count')
+            ->withCount('users as users_count')->findOrFail($id);
         return (new LocationsTransformer)->transformLocation($location);
     }
 
@@ -143,6 +149,13 @@ class LocationsController extends Controller
     {
         $this->authorize('update', Location::class);
         $location = Location::findOrFail($id);
+
+        if ($request->input('parent_id') == $id) {
+
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'A location cannot be its own parent. Please select a different parent ID.'));
+        }
+
+
         $location->fill($request->all());
 
         if ($location->save()) {
@@ -178,6 +191,27 @@ class LocationsController extends Controller
     /**
      * Gets a paginated collection for the select2 menus
      *
+     * This is handled slightly differently as of ~4.7.8-pre, as
+     * we have to do some recursive magic to get the hierarchy to display
+     * properly when looking at the parent/child relationship in the
+     * rich menus.
+     *
+     * This means we can't use the normal pagination that we use elsewhere
+     * in our selectlists, since we have to get the full set before we can
+     * determine which location is parent/child/grandchild, etc.
+     *
+     * This also means that hierarchy display gets a little funky when people
+     * use the Select2 search functionality, but there's not much we can do about
+     * that right now.
+     *
+     * As a result, instead of paginating as part of the query, we have to grab
+     * the entire data set, and then invoke a paginator manually and pass that
+     * through to the SelectListTransformer.
+     *
+     * Many thanks to @uberbrady for the help getting this working better.
+     * Recursion still sucks, but I guess he doesn't have to get in the
+     * sea... this time.
+     *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0.16]
      * @see \App\Http\Transformers\SelectlistTransformer
@@ -189,25 +223,44 @@ class LocationsController extends Controller
         $locations = Location::select([
             'locations.id',
             'locations.name',
+            'locations.parent_id',
             'locations.image',
         ]);
 
-        if ($request->has('search')) {
-            $locations = $locations->where('locations.name', 'LIKE', '%'.$request->get('search').'%');
+        $page = 1;
+        if ($request->filled('page')) {
+            $page = $request->input('page');
         }
 
-        $locations = $locations->orderBy('name', 'ASC')->paginate(50);
+        if ($request->filled('search')) {
+            $locations = $locations->where('locations.name', 'LIKE', '%'.$request->input('search').'%');
+        }
+
+        $locations = $locations->orderBy('name', 'ASC')->get();
+
+        $locations_with_children = [];
 
-        // Loop through and set some custom properties for the transformer to use.
-        // This lets us have more flexibility in special cases like assets, where
-        // they may not have a ->name value but we want to display something anyway
         foreach ($locations as $location) {
-            $location->use_text = $location->name;
-            $location->use_image = ($location->image) ? url('/').'/uploads/locations/'.$location->image : null;
+            if (!array_key_exists($location->parent_id, $locations_with_children)) {
+                $locations_with_children[$location->parent_id] = [];
+            }
+            $locations_with_children[$location->parent_id][] = $location;
         }
 
-        return (new SelectlistTransformer)->transformSelectlist($locations);
+        if ($request->filled('search')) {
+            $locations_formatted =  $locations;
+        } else {
+            $location_options = Location::indenter($locations_with_children);
+            $locations_formatted = new Collection($location_options);
+
+        }
+
+        $paginated_results =  new LengthAwarePaginator($locations_formatted->forPage($page, 500), $locations_formatted->count(), 500, $page, []);
+
+        //return [];
+        return (new SelectlistTransformer)->transformSelectlist($paginated_results);
 
     }
 
+
 }

app/Http/Controllers/Api/ManufacturersController.php

@@ -26,21 +26,24 @@ class ManufacturersController extends Controller
 
         $manufacturers = Manufacturer::select(
             array('id','name','url','support_url','support_email','support_phone','created_at','updated_at','image', 'deleted_at')
-        )->withCount('assets')->withCount('licenses')->withCount('consumables')->withCount('accessories');
+        )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('consumables as consumables_count')->withCount('accessories as accessories_count');
 
         if ($request->input('deleted')=='true') {
             $manufacturers->onlyTrashed();
         }
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $manufacturers = $manufacturers->TextSearch($request->input('search'));
         }
 
 
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($manufacturers) && ($request->get('offset') > $manufacturers->count())) ? $manufacturers->count() : $request->get('offset', 0);
 
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
 
-        $offset = (($manufacturers) && (request('offset') > $manufacturers->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $manufacturers->orderBy($sort, $order);
@@ -83,7 +86,7 @@ class ManufacturersController extends Controller
     public function show($id)
     {
         $this->authorize('view', Manufacturer::class);
-        $manufacturer = Manufacturer::withCount('assets')->withCount('licenses')->withCount('consumables')->withCount('accessories')->findOrFail($id);
+        $manufacturer = Manufacturer::withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('consumables as consumables_count')->withCount('accessories as accessories_count')->findOrFail($id);
         return (new ManufacturersTransformer)->transformManufacturer($manufacturer);
     }
 
@@ -145,7 +148,7 @@ class ManufacturersController extends Controller
             'image',
         ]);
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $manufacturers = $manufacturers->where('name', 'LIKE', '%'.$request->get('search').'%');
         }
 

app/Http/Controllers/Api/ReportsController.php

@@ -22,25 +22,25 @@ class ReportsController extends Controller
         
         $actionlogs = Actionlog::with('item', 'user', 'target','location');
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $actionlogs = $actionlogs->TextSearch(e($request->input('search')));
         }
 
-        if (($request->has('target_type'))  && ($request->has('target_id'))) {
+        if (($request->filled('target_type'))  && ($request->filled('target_id'))) {
             $actionlogs = $actionlogs->where('target_id','=',$request->input('target_id'))
                 ->where('target_type','=',"App\\Models\\".ucwords($request->input('target_type')));
         }
 
-        if (($request->has('item_type'))  && ($request->has('item_id'))) {
+        if (($request->filled('item_type'))  && ($request->filled('item_id'))) {
             $actionlogs = $actionlogs->where('item_id','=',$request->input('item_id'))
                 ->where('item_type','=',"App\\Models\\".ucwords($request->input('item_type')));
         }
 
-        if ($request->has('action_type')) {
+        if ($request->filled('action_type')) {
             $actionlogs = $actionlogs->where('action_type','=',$request->input('action_type'))->orderBy('created_at', 'desc');
         }
 
-        if ($request->has('uploads')) {
+        if ($request->filled('uploads')) {
             $actionlogs = $actionlogs->whereNotNull('filename')->orderBy('created_at', 'desc');
         }
 

app/Http/Controllers/Api/SettingsController.php

@@ -20,8 +20,8 @@ class SettingsController extends Controller
     {
 
         if (Setting::getSettings()->ldap_enabled!='1') {
-            \Log::debug('LDAP is not enabled cannot test.');
-            return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
+            \Log::debug('LDAP is not enabled so cannot test.');
+            return response()->json(['message' => 'LDAP is not enabled, so we cannot test LDAP connections.'], 400);
         }
 
         \Log::debug('Preparing to test LDAP connection');
@@ -33,13 +33,13 @@ class SettingsController extends Controller
                 Ldap::bindAdminToLdap($connection);
                 return response()->json(['message' => 'It worked!'], 200);
             } catch (\Exception $e) {
-                \Log::debug('Bind failed');
+                \Log::debug('LDAP connected but Bind failed. Please check your LDAP settings and try again.');
                 return response()->json(['message' => $e->getMessage()], 400);
                 //return response()->json(['message' => $e->getMessage()], 500);
             }
         } catch (\Exception $e) {
-            \Log::debug('Connection failed');
-            return response()->json(['message' => $e->getMessage()], 600);
+            \Log::info('LDAP connection failed but we cannot debug it any further on our end.');
+            return response()->json(['message' => 'The LDAP connection failed but we cannot debug it any further on our end. The error from the server is: '.$e->getMessage()], 500);
         }
 
 

app/Http/Controllers/Api/StatuslabelsController.php

@@ -24,14 +24,19 @@ class StatuslabelsController extends Controller
         $this->authorize('view', Statuslabel::class);
         $allowed_columns = ['id','name','created_at', 'assets_count','color','default_label'];
 
-        $statuslabels = Statuslabel::withCount('assets');
+        $statuslabels = Statuslabel::withCount('assets as assets_count');
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $statuslabels = $statuslabels->TextSearch($request->input('search'));
         }
 
-        $offset = (($statuslabels) && (request('offset') > $statuslabels->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($statuslabels) && ($request->get('offset') > $statuslabels->count())) ? $statuslabels->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $statuslabels->orderBy($sort, $order);
@@ -55,7 +60,7 @@ class StatuslabelsController extends Controller
         $this->authorize('create', Statuslabel::class);
         $request->except('deployable', 'pending','archived');
 
-        if (!$request->has('type')) {
+        if (!$request->filled('type')) {
             return response()->json(Helper::formatStandardApiResponse('error', null, ["type" => ["Status label type is required."]]),500);
         }
 
@@ -106,7 +111,7 @@ class StatuslabelsController extends Controller
         
         $request->except('deployable', 'pending','archived');
 
-        if (!$request->has('type')) {
+        if (!$request->filled('type')) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'Status label type is required.'));
         }
 
@@ -162,7 +167,7 @@ class StatuslabelsController extends Controller
     {
         $this->authorize('view', Statuslabel::class);
 
-        $statuslabels = Statuslabel::with('assets')->groupBy('id')->withCount('assets')->get();
+        $statuslabels = Statuslabel::with('assets')->groupBy('id')->withCount('assets as assets_count')->get();
 
         $labels=[];
         $points=[];

app/Http/Controllers/Api/SuppliersController.php

@@ -26,15 +26,20 @@ class SuppliersController extends Controller
         
         $suppliers = Supplier::select(
                 array('id','name','address','address2','city','state','country','fax', 'phone','email','contact','created_at','updated_at','deleted_at','image','notes')
-            )->withCount('assets')->withCount('licenses')->withCount('accessories');
+            )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('accessories as accessories_count');
 
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $suppliers = $suppliers->TextSearch($request->input('search'));
         }
 
-        $offset = (($suppliers) && (request('offset') > $suppliers->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($suppliers) && ($request->get('offset') > $suppliers->count())) ? $suppliers->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $suppliers->orderBy($sort, $order);
@@ -115,7 +120,7 @@ class SuppliersController extends Controller
     public function destroy($id)
     {
         $this->authorize('delete', Supplier::class);
-        $supplier = Supplier::with('asset_maintenances', 'assets', 'licenses')->withCount('asset_maintenances','assets', 'licenses')->findOrFail($id);
+        $supplier = Supplier::with('asset_maintenances', 'assets', 'licenses')->withCount('asset_maintenances as asset_maintenances_count','assets as assets_count', 'licenses as licenses_count')->findOrFail($id);
         $this->authorize('delete', $supplier);
 
 
@@ -153,7 +158,7 @@ class SuppliersController extends Controller
             'image',
         ]);
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $suppliers = $suppliers->where('suppliers.name', 'LIKE', '%'.$request->get('search').'%');
         }
 

app/Http/Controllers/Api/UsersController.php

@@ -13,6 +13,8 @@ use App\Models\Asset;
 use App\Http\Transformers\AssetsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Http\Transformers\AccessoriesTransformer;
+use App\Http\Transformers\LicensesTransformer;
+use Auth;
 
 class UsersController extends Controller
 {
@@ -58,37 +60,43 @@ class UsersController extends Controller
             'users.zip',
 
         ])->with('manager', 'groups', 'userloc', 'company', 'department','assets','licenses','accessories','consumables')
-            ->withCount('assets','licenses','accessories','consumables');
+            ->withCount('assets as assets_count','licenses as licenses_count','accessories as accessories_count','consumables as consumables_count');
         $users = Company::scopeCompanyables($users);
 
 
-        if (($request->has('deleted')) && ($request->input('deleted')=='true')) {
+        if (($request->filled('deleted')) && ($request->input('deleted')=='true')) {
             $users = $users->GetDeleted();
         }
 
-        if ($request->has('company_id')) {
+        if ($request->filled('company_id')) {
             $users = $users->where('users.company_id', '=', $request->input('company_id'));
         }
 
-        if ($request->has('location_id')) {
+        if ($request->filled('location_id')) {
             $users = $users->where('users.location_id', '=', $request->input('location_id'));
         }
 
-        if ($request->has('group_id')) {
+        if ($request->filled('group_id')) {
             $users = $users->ByGroup($request->get('group_id'));
         }
 
-        if ($request->has('department_id')) {
+        if ($request->filled('department_id')) {
             $users = $users->where('users.department_id','=',$request->input('department_id'));
         }
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $users = $users->TextSearch($request->input('search'));
         }
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $offset = (($users) && (request('offset') > $users->count())) ? 0 : request('offset', 0);
-        $limit = request('limit',  20);
+
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($users) && ($request->get('offset') > $users->count())) ? $users->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
 
         switch ($request->input('sort')) {
             case 'manager':
@@ -100,6 +108,9 @@ class UsersController extends Controller
             case 'department':
                 $users = $users->OrderDepartment($order);
                 break;
+            case 'company':
+                $users = $users->OrderCompany($order);
+                break;
             default:
                 $allowed_columns =
                     [
@@ -148,7 +159,7 @@ class UsersController extends Controller
 
         $users = Company::scopeCompanyables($users);
 
-        if ($request->has('search')) {
+        if ($request->filled('search')) {
             $users = $users->SimpleNameSearch($request->get('search'))
                 ->orWhere('username', 'LIKE', '%'.$request->get('search').'%')
                 ->orWhere('employee_num', 'LIKE', '%'.$request->get('search').'%');
@@ -197,11 +208,22 @@ class UsersController extends Controller
         $user = new User;
         $user->fill($request->all());
 
+        if ($request->has('permissions')) {
+
+            $permissions_array = $request->input('permissions');
+
+            // Strip out the superuser permission if the API user isn't a superadmin
+            if (!Auth::user()->isSuperUser()) {
+                unset($permissions_array['superuser']);
+            }
+            $user->permissions =  $permissions_array;
+        }
+
         $tmp_pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 20);
         $user->password = bcrypt($request->get('password', $tmp_pass));
 
         if ($user->save()) {
-            if ($request->has('groups')) {
+            if ($request->filled('groups')) {
                 $user->groups()->sync($request->input('groups'));
             } else {
                 $user->groups()->sync(array());
@@ -222,7 +244,7 @@ class UsersController extends Controller
     public function show($id)
     {
         $this->authorize('view', User::class);
-        $user = User::findOrFail($id);
+        $user = User::withCount('assets as assets_count','licenses as licenses_count','accessories as accessories_count','consumables as consumables_count')->findOrFail($id);
         return (new UsersTransformer)->transformUser($user);
     }
 
@@ -247,22 +269,48 @@ class UsersController extends Controller
             return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
         }
 
-        if ($request->has('password')) {
+        if ($request->filled('password')) {
             $user->password = bcrypt($request->input('password'));
         }
 
+        // We need to use has()  instead of filled()
+        // here because we need to overwrite permissions
+        // if someone needs to null them out
+        if ($request->has('permissions')) {
+
+            $permissions_array = $request->input('permissions');
+
+            // Strip out the superuser permission if the API user isn't a superadmin
+            if (!Auth::user()->isSuperUser()) {
+                unset($permissions_array['superuser']);
+            }
+            $user->permissions =  $permissions_array;
+        }
+
+
+
+
         // Update the location of any assets checked out to this user
         Asset::where('assigned_type', User::class)
             ->where('assigned_to', $user->id)->update(['location_id' => $request->input('location_id', null)]);
 
         if ($user->save()) {
 
-            if ($request->has('groups')) {
+            // Sync group memberships:
+            // This was changed in Snipe-IT v4.6.x to 4.7, since we upgraded to Laravel 5.5
+            // which changes the behavior of has vs filled.
+            // The $request->has method will now return true even if the input value is an empty string or null.
+            // A new $request->filled method has was added that provides the previous behavior of the has method.
+
+            // Check if the request has groups passed and has a value
+            if ($request->filled('groups')) {
                 $user->groups()->sync($request->input('groups'));
-            } else {
+            // The groups field has been passed but it is null, so we should blank it out
+            } elseif ($request->has('groups'))  {
                 $user->groups()->sync(array());
             }
 
+
             return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
         }
 
@@ -284,10 +332,23 @@ class UsersController extends Controller
         $this->authorize('delete', $user);
 
 
-        if ($user->assets()->count() > 0) {
+        if (($user->assets) && ($user->assets->count() > 0)) {
             return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/users/message.error.delete_has_assets')));
         }
 
+        if (($user->licenses) && ($user->licenses->count() > 0)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null,  'This user still has ' . $user->licenses->count() . ' license(s) associated with them and cannot be deleted.'));
+        }
+
+        if (($user->accessories) && ($user->accessories->count() > 0)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null,  'This user still has ' . $user->accessories->count() . ' accessories associated with them.'));
+        }
+
+        if (($user->managedLocations()) && ($user->managedLocations()->count() > 0)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null,  'This user still has ' . $user->managedLocations()->count() . ' locations that they manage.'));
+        }
+
+
         if ($user->delete()) {
             return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/users/message.success.delete')));
         }
@@ -327,6 +388,23 @@ class UsersController extends Controller
         return (new AccessoriesTransformer)->transformAccessories($accessories, $accessories->count());
     }
 
+    /**
+     * Return JSON containing a list of licenses assigned to a user.
+     *
+     * @author [N. Mathar] [<snipe@snipe.net>]
+     * @since [v5.0]
+     * @param $userId
+     * @return string JSON
+     */
+    public function licenses($id)
+    {
+        $this->authorize('view', User::class);
+        $this->authorize('view', License::class);
+        $user = User::where('id', $id)->withTrashed()->first();
+        $licenses = $user->licenses()->get();
+        return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
+    }
+
     /**
      * Reset the user's two-factor status
      *
@@ -340,7 +418,7 @@ class UsersController extends Controller
 
         $this->authorize('update', User::class);
 
-        if ($request->has('id')) {
+        if ($request->filled('id')) {
             try {
                 $user = User::find($request->get('id'));
                 $user->two_factor_secret = null;
@@ -365,6 +443,6 @@ class UsersController extends Controller
      */
     public function getCurrentUserInfo(Request $request)
     {
-        return response()->json($request->user());
+        return (new UsersTransformer)->transformUser($request->user());
     }
 }

app/Http/Controllers/AssetCheckinController.php

@@ -65,15 +65,15 @@ class AssetCheckinController extends Controller
         $asset->assignedTo()->disassociate($asset);
         $asset->assigned_type = null;
         $asset->accepted = null;
-        $asset->name = e($request->get('name'));
+        $asset->name = $request->get('name');
 
-        if ($request->has('status_id')) {
+        if ($request->filled('status_id')) {
             $asset->status_id =  e($request->get('status_id'));
         }
 
         $asset->location_id = $asset->rtd_location_id;
 
-        if ($request->has('location_id')) {
+        if ($request->filled('location_id')) {
             $asset->location_id =  e($request->get('location_id'));
         }
 
@@ -93,7 +93,7 @@ class AssetCheckinController extends Controller
             $data['model_name'] = $asset->model->name;
             $data['model_number'] = $asset->model->model_number;
 
-            if ($backto=='user') {
+            if ((isset($user)) && ($backto =='user')) {
                 return redirect()->route("users.show", $user->id)->with('success', trans('admin/hardware/message.checkin.success'));
             }
             return redirect()->route("hardware.index")->with('success', trans('admin/hardware/message.checkin.success'));

app/Http/Controllers/AssetCheckoutController.php

@@ -28,7 +28,6 @@ class AssetCheckoutController extends Controller
     {
         // Check if the asset exists
         if (is_null($asset = Asset::find(e($assetId)))) {
-            // Redirect to the asset management page with error
             return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
         }
 
@@ -39,7 +38,6 @@ class AssetCheckoutController extends Controller
         }
         return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.checkout.not_available'));
 
-        // Get the dropdown of users and then pass it to the checkout view
 
     }
 
@@ -71,12 +69,12 @@ class AssetCheckoutController extends Controller
             $asset = $this->updateAssetLocation($asset, $target);
 
             $checkout_at = date("Y-m-d H:i:s");
-            if (($request->has('checkout_at')) && ($request->get('checkout_at')!= date("Y-m-d"))) {
+            if (($request->filled('checkout_at')) && ($request->get('checkout_at')!= date("Y-m-d"))) {
                 $checkout_at = $request->get('checkout_at');
             }
 
             $expected_checkin = '';
-            if ($request->has('expected_checkin')) {
+            if ($request->filled('expected_checkin')) {
                 $expected_checkin = $request->get('expected_checkin');
             }
 

app/Http/Controllers/AssetFilesController.php

@@ -111,12 +111,16 @@ class AssetFilesController extends Controller
             $this->authorize('update', $asset);
 
             $log = Actionlog::find($fileId);
-            $full_filename = $destinationPath.'/'.$log->filename;
-            if (file_exists($full_filename)) {
-                unlink($destinationPath.'/'.$log->filename);
+            if ($log) {
+                $full_filename = $destinationPath.'/'.$log->filename;
+                if (file_exists($full_filename)) {
+                    unlink($destinationPath.'/'.$log->filename);
+                }
+                $log->delete();
+                return redirect()->back()->with('success', trans('admin/hardware/message.deletefile.success'));
             }
-            $log->delete();
-            return redirect()->back()->with('success', trans('admin/hardware/message.deletefile.success'));
+            return redirect()->back()->with('error', 'Could not find matching upload log.');
+
         }
 
         // Redirect to the hardware management page

app/Http/Controllers/AssetModelsController.php

@@ -90,23 +90,7 @@ class AssetModelsController extends Controller
             $model->fieldset_id = e($request->input('custom_fieldset'));
         }
 
-        if (Input::file('image')) {
-
-            $image = Input::file('image');
-            $file_name = str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-            $path = app('models_upload_path');
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(500, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save($path.'/'.$file_name);
-            } else {
-                $image->move($path, $file_name);
-            }
-            $model->image = $file_name;
-
-        }
+        $model = $request->handleImages($model,600, public_path().'/uploads/models');
 
             // Was it created?
         if ($model->save()) {
@@ -182,37 +166,7 @@ class AssetModelsController extends Controller
             }
         }
 
-        $old_image = $model->image;
-
-        // Set the model's image property to null if the image is being deleted
-        if ($request->input('image_delete') == 1) {
-            $model->image = null;
-        }
-
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $model->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(500, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('models_upload_path').$file_name);
-            } else {
-                $image->move(app('models_upload_path'), $file_name);
-            }
-            $model->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('models_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
-
+        $model = $request->handleImages($model,600, public_path().'/uploads/models');
 
         if ($model->save()) {
             return redirect()->route("models.index")->with('success', trans('admin/models/message.update.success'));
@@ -305,11 +259,8 @@ class AssetModelsController extends Controller
         if (isset($model->id)) {
             return view('models/view', compact('model'));
         }
-        // Prepare the error message
-        $error = trans('admin/models/message.does_not_exist', compact('id'));
 
-        // Redirect to the user management page
-        return redirect()->route('models.index')->with('error', $error);
+        return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist'));
     }
 
     /**
@@ -373,7 +324,7 @@ class AssetModelsController extends Controller
         if ((is_array($models_raw_array)) && (count($models_raw_array) > 0)) {
 
 
-            $models = AssetModel::whereIn('id', $models_raw_array)->withCount('assets')->orderBy('assets_count', 'ASC')->get();
+            $models = AssetModel::whereIn('id', $models_raw_array)->withCount('assets as assets_count')->orderBy('assets_count', 'ASC')->get();
 
             // If deleting....
             if ($request->input('bulk_actions')=='delete') {
@@ -420,10 +371,10 @@ class AssetModelsController extends Controller
         $update_array = array();
 
 
-        if (($request->has('manufacturer_id') && ($request->input('manufacturer_id')!='NC'))) {
+        if (($request->filled('manufacturer_id') && ($request->input('manufacturer_id')!='NC'))) {
             $update_array['manufacturer_id'] = $request->input('manufacturer_id');
         }
-        if (($request->has('category_id') && ($request->input('category_id')!='NC'))) {
+        if (($request->filled('category_id') && ($request->input('category_id')!='NC'))) {
             $update_array['category_id'] = $request->input('category_id');
         }
         if ($request->input('fieldset_id')!='NC') {
@@ -461,7 +412,7 @@ class AssetModelsController extends Controller
 
         if ((is_array($models_raw_array)) && (count($models_raw_array) > 0)) {
 
-            $models = AssetModel::whereIn('id', $models_raw_array)->withCount('assets')->get();
+            $models = AssetModel::whereIn('id', $models_raw_array)->withCount('assets as assets_count')->get();
 
             $del_error_count = 0;
             $del_count = 0;

app/Http/Controllers/AssetsController.php

@@ -71,7 +71,7 @@ class AssetsController extends Controller
     public function index(Request $request)
     {
         $this->authorize('index', Asset::class);
-        if ($request->has('company_id')) {
+        if ($request->filled('company_id')) {
             $company = Company::find($request->input('company_id'));
         } else {
             $company = null;
@@ -96,7 +96,7 @@ class AssetsController extends Controller
             ->with('item', new Asset)
             ->with('statuslabel_types', Helper::statusTypeList());
 
-        if ($request->has('model_id')) {
+        if ($request->filled('model_id')) {
             $selected_model = AssetModel::find($request->input('model_id'));
             $view->with('selected_model', $selected_model);
         }
@@ -143,7 +143,7 @@ class AssetsController extends Controller
         }
 
         // Create the image (if one was chosen.)
-        if ($request->has('image')) {
+        if ($request->filled('image')) {
             $image = $request->input('image');
 
             // After modification, the image is prefixed by mime info like the following:
@@ -163,7 +163,7 @@ class AssetsController extends Controller
             }
             $path = public_path('uploads/assets/'.$file_name);
             try {
-                Image::make($image)->resize(500, 500, function ($constraint) {
+                Image::make($image)->resize(800, 800, function ($constraint) {
                     $constraint->aspectRatio();
                     $constraint->upsize();
                 })->save($path);
@@ -183,7 +183,7 @@ class AssetsController extends Controller
         // Validation for these fields is handled through the AssetRequest form request
         $model = AssetModel::find($request->get('model_id'));
 
-        if ($model->fieldset) {
+        if (($model) && ($model->fieldset)) {
             foreach ($model->fieldset->fields as $field) {
                 if ($field->field_encrypted=='1') {
                     if (Gate::allows('admin')) {
@@ -313,7 +313,7 @@ class AssetsController extends Controller
         $asset->supplier_id = $request->input('supplier_id', null);
 
         // If the box isn't checked, it's not in the request at all.
-        $asset->requestable = $request->has('requestable');
+        $asset->requestable = $request->filled('requestable');
         $asset->rtd_location_id = $request->input('rtd_location_id', null);
 
         if ($asset->assigned_to=='') {
@@ -321,12 +321,12 @@ class AssetsController extends Controller
         }
 
 
-        if ($request->has('image_delete')) {
+        if ($request->filled('image_delete')) {
             try {
                 unlink(public_path().'/uploads/assets/'.$asset->image);
                 $asset->image = '';
             } catch (\Exception $e) {
-                \Log::info($e);
+                \Log::debug($e);
             }
 
         }
@@ -343,7 +343,7 @@ class AssetsController extends Controller
         $asset->physical     = '1';
 
         // Update the image
-        if ($request->has('image')) {
+        if ($request->filled('image')) {
             $image = $request->input('image');
             // See postCreate for more explaination of the following.
             $header = explode(';', $image, 2)[0];
@@ -359,7 +359,7 @@ class AssetsController extends Controller
             $file_name = str_random(25).".".$extension;
             $path = public_path('uploads/assets/'.$file_name);
             try {
-                Image::make($image)->resize(500, 500, function ($constraint) {
+                Image::make($image)->resize(800, 800, function ($constraint) {
                     $constraint->aspectRatio();
                     $constraint->upsize();
                 })->save($path);
@@ -380,7 +380,7 @@ class AssetsController extends Controller
         // FIXME: No idea why this is returning a Builder error on db_column_name.
         // Need to investigate and fix. Using static method for now.
         $model = AssetModel::find($request->get('model_id'));
-        if ($model->fieldset) {
+        if (($model) && ($model->fieldset)) {
             foreach ($model->fieldset->fields as $field) {
                 if ($field->field_encrypted=='1') {
                     if (Gate::allows('admin')) {
@@ -394,6 +394,12 @@ class AssetsController extends Controller
 
 
         if ($asset->save()) {
+
+             // Update any assigned assets with the new location_id from the parent asset
+
+            Asset::where('assigned_type', '\\App\\Models\\Asset')->where('assigned_to', $asset->id)
+                ->update(['location_id' => $asset->location_id]);
+
             // Redirect to the new asset page
             \Session::flash('success', trans('admin/hardware/message.update.success'));
             return response()->json(['redirect_url' => route("hardware.show", $assetId)]);
@@ -433,22 +439,63 @@ class AssetsController extends Controller
 
 
     /**
-     * Searches the assets table by asset tag, and redirects if it finds one
+     * Searches the assets table by tag, and redirects if it finds one.
+     *
+     * This is used by the top search box in Snipe-IT, but as of 4.9.x
+     * can also be used as a url segment.
+     *
+     * https://yoursnipe.com/hardware/bytag/?assetTag=foo
+     *
+     * OR
+     *
+     * https://yoursnipe.com/hardware/bytag/foo
+     *
+     * The latter is useful if you're doing home-grown barcodes, or
+     * some other automation where you don't always know the internal ID of
+     * an asset and don't want to query for it.
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param string $tag
      * @since [v3.0]
      * @return Redirect
      */
-    public function getAssetByTag(Request $request)
+    public function getAssetByTag(Request $request, $tag = null)
     {
+
         $topsearch = ($request->get('topsearch')=="true");
 
-        if (!$asset = Asset::where('asset_tag', '=', $request->get('assetTag'))->first()) {
+        // We need this part to determine whether a url query parameter has been passed, OR
+        // whether it's the url fragment we need to look at
+        $tag = ($request->get('assetTag')) ? $request->get('assetTag') : $tag;
+
+        if (!$asset = Asset::where('asset_tag', '=', $tag)->first()) {
             return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
         }
         $this->authorize('view', $asset);
         return redirect()->route('hardware.show', $asset->id)->with('topsearch', $topsearch);
     }
+
+
+    /**
+     * Searches the assets table by serial, and redirects if it finds one
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param string $serial
+     * @since [v4.9.1]
+     * @return Redirect
+     */
+    public function getAssetBySerial(Request $request, $serial = null)
+    {
+
+        $serial = ($request->get('serial')) ? $request->get('serial') : $serial;
+        if (!$asset = Asset::where('serial', '=', $serial)->first()) {
+            return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
+        }
+        $this->authorize('view', $asset);
+        return redirect()->route('hardware.show', $asset->id);
+    }
+
+
     /**
      * Return a QR code for the asset
      *
@@ -499,6 +546,7 @@ class AssetsController extends Controller
         $barcode_file = public_path().'/uploads/barcodes/'.str_slug($settings->alt_barcode).'-'.str_slug($asset->asset_tag).'.png';
 
         if (isset($asset->id, $asset->asset_tag)) {
+
             if (file_exists($barcode_file)) {
                 $header = ['Content-type' => 'image/png'];
                 return response()->file($barcode_file, $header);
@@ -507,10 +555,22 @@ class AssetsController extends Controller
                 $barcode_width = ($settings->labels_width - $settings->labels_display_sgutter) * 96.000000000001;
 
                 $barcode = new \Com\Tecnick\Barcode\Barcode();
-                $barcode_obj = $barcode->getBarcodeObj($settings->alt_barcode,$asset->asset_tag,($barcode_width < 300 ? $barcode_width : 300),50);
 
-                file_put_contents($barcode_file, $barcode_obj->getPngData());
-                return response($barcode_obj->getPngData())->header('Content-type', 'image/png');
+                try {
+
+                    $barcode_obj = $barcode->getBarcodeObj($settings->alt_barcode,$asset->asset_tag,($barcode_width < 300 ? $barcode_width : 300),50);
+
+                    file_put_contents($barcode_file, $barcode_obj->getPngData());
+                    return response($barcode_obj->getPngData())->header('Content-type', 'image/png');
+
+                } catch (\Exception $e) {
+                    \Log::debug('Error creating barcode: '.$e->getMessage());
+                    \Log::debug('This usually happens because the asset tags are of a format that is not compatible with the selected barcode type.');
+                    $img = file_get_contents(public_path().'/uploads/barcodes/invalid_barcode.gif');
+                    return response($img)->header('Content-type', 'image/gif');
+                }
+
+
             }
         }
     }
@@ -570,16 +630,18 @@ class AssetsController extends Controller
      */
     public function postImportHistory(Request $request)
     {
+
+        if (!$request->hasFile('user_import_csv')) {
+            return back()->with('error', 'No file provided. Please select a file for import and try again. ');
+        }
+
         if (!ini_get("auto_detect_line_endings")) {
             ini_set("auto_detect_line_endings", '1');
         }
 
         $csv = Reader::createFromPath(Input::file('user_import_csv'));
-        $csv->setNewline("\r\n");
-        //get the first row, usually the CSV header
-        //$headers = $csv->fetchOne();
-
-        $results = $csv->fetchAssoc();
+        $csv->setHeaderOffset(0);
+        $results = $csv->getRecords();
         $item = array();
         $status = array();
         $status['error'] = array();
@@ -595,7 +657,9 @@ class AssetsController extends Controller
                 }
                 $batch_counter = count($item[$asset_tag]);
 
-                $item[$asset_tag][$batch_counter]['checkout_date'] = Carbon::parse(Helper::array_smart_fetch($row, "date"))->format('Y-m-d H:i:s');
+                $item[$asset_tag][$batch_counter]['checkout_date'] = Carbon::parse(Helper::array_smart_fetch($row, "checkout date"))->format('Y-m-d H:i:s');
+                $item[$asset_tag][$batch_counter]['checkin_date'] = Carbon::parse(Helper::array_smart_fetch($row, "checkin date"))->format('Y-m-d H:i:s');
+                \Log::debug($item[$asset_tag][$batch_counter]['checkin_date']);
 
                 $item[$asset_tag][$batch_counter]['asset_tag'] = Helper::array_smart_fetch($row, "asset tag");
                 $item[$asset_tag][$batch_counter]['name'] = Helper::array_smart_fetch($row, "name");
@@ -678,9 +742,11 @@ class AssetsController extends Controller
                 // Only do this if a matching user was found
                 if ((array_key_exists('checkedout_to', $asset_batch[$x])) && ($asset_batch[$x]['checkedout_to']!='')) {
                     if (($total_in_batch > 1) && ($x < $total_in_batch) && (array_key_exists($next, $asset_batch))) {
-                        $checkin_date = Carbon::parse($asset_batch[$next]['checkout_date'])->subDay(1)->format('Y-m-d H:i:s');
+                        $checkin_date = Carbon::parse($asset_batch[$next]['checkin_date'])->format('Y-m-d H:i:s');
                         $asset_batch[$x]['real_checkin'] = $checkin_date;
 
+                        \Log::debug($asset_batch[$next]['checkin_date']);
+                        \Log::debug($checkin_date);
                         Actionlog::firstOrCreate(array(
                             'item_id' => $asset_batch[$x]['asset_id'],
                             'item_type' => Asset::class,

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -5,6 +5,7 @@ namespace App\Http\Controllers\Auth;
 use App\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Validator;
 
 class ForgotPasswordController extends Controller
 {
@@ -41,6 +42,8 @@ class ForgotPasswordController extends Controller
         return property_exists($this, 'subject') ? $this->subject : \Lang::get('mail.reset_link');
     }
 
+
+
     /**
      * Send a reset link to the given user.
      *
@@ -49,11 +52,21 @@ class ForgotPasswordController extends Controller
      */
     public function sendResetLinkEmail(Request $request)
     {
-        $this->validate($request, ['email' => 'required|email']);
 
-        // We will send the password reset link to this user. Once we have attempted
-        // to send the link, we will examine the response then see the message we
-        // need to show to the user. Finally, we'll send out a proper response.
+        /**
+         * Let's set a max character count here to prevent potential
+         * buffer overflow issues with attackers sending very large
+         * payloads through.
+         */
+        $this->validate($request, ['email' => 'required|email|max:250']);
+
+        /**
+         * If we find a matching email with an activated user, we will
+         * send the password reset link to the user.
+         *
+         * Once we have attempted to send the link, we will examine the response
+         * then see the message we need to show to the user. Finally, we'll send out a proper response.
+         */
         $response = $this->broker()->sendResetLink(
             array_merge(
                 $request->only('email'),
@@ -65,9 +78,25 @@ class ForgotPasswordController extends Controller
             return redirect()->route('login')->with('status', trans($response));
         }
 
-        // If an error was returned by the password broker, we will get this message
-        // translated so we can notify a user of the problem. We'll redirect back
-        // to where the users came from so they can attempt this process again.
+
+        /**
+         * If an error was returned by the password broker, we will get this message
+         * translated so we can notify a user of the problem. We'll redirect back
+         * to where the users came from so they can attempt this process again.
+         *
+         * HOWEVER, we do not want to translate the message if the user isn't found
+         * or isn't active, since that would allow an attacker to walk through
+         * a dictionary attack and figure out registered user email addresses.
+         *
+         * Instead we tell the user we've sent an email even though we haven't.
+         * It's bad UX, but better security. The compromises we sometimes have to make.
+        */
+
+        if ($response == 'passwords.user') {
+            \Log::debug('User with email '.$request->input('email').' attempted a password reset request but was not found. No email was sent.');
+            return redirect()->route('login')->with('success', trans('passwords.user_inactive'));
+        }
+
         return back()->withErrors(
             ['email' => trans($response)]
         );

app/Http/Controllers/Auth/LoginController.php

@@ -193,7 +193,6 @@ class LoginController extends Controller
 
         if ($user = Auth::user()) {
             $user->last_login = \Carbon::now();
-            \Log::debug('Last login:'.$user->last_login);
             $user->save();
         }
         // Redirect to the users page
@@ -276,7 +275,7 @@ class LoginController extends Controller
             return redirect()->route('login')->with('error', trans('auth/general.login_prompt'));
         }
 
-        if (!$request->has('two_factor_secret')) {
+        if (!$request->filled('two_factor_secret')) {
             return redirect()->route('two-factor')->with('error', trans('auth/message.two_factor.code_required'));
         }
 
@@ -304,8 +303,8 @@ class LoginController extends Controller
      */
     public function logout(Request $request)
     {
-        $request->session()->forget('2fa_authed');
 
+        $request->session()->regenerate(true);
         Auth::logout();
 
         $settings = Setting::getSettings();
@@ -314,7 +313,7 @@ class LoginController extends Controller
             return redirect()->away($customLogoutUrl);
         }
 
-        return redirect()->route('login')->with('success',  trans('auth/general.logout.success'));
+        return redirect()->route('login')->with('success',  trans('auth/message.logout.success'));
     }
 
 

app/Http/Controllers/BulkAssetsController.php

@@ -26,13 +26,13 @@ class BulkAssetsController extends Controller
     {
         $this->authorize('update', Asset::class);
 
-        if (!$request->has('ids')) {
+        if (!$request->filled('ids')) {
             return redirect()->back()->with('error', 'No assets selected');
         }
 
         $asset_ids = array_keys($request->input('ids'));
 
-        if ($request->has('bulk_actions')) {
+        if ($request->filled('bulk_actions')) {
             switch($request->input('bulk_actions')) {
                 case 'labels':
                     return view('hardware/labels')
@@ -68,22 +68,22 @@ class BulkAssetsController extends Controller
 
         \Log::debug($request->input('ids'));
 
-        if(!$request->has('ids') || count($request->input('ids')) <= 0) {
+        if(!$request->filled('ids') || count($request->input('ids')) <= 0) {
             return redirect()->route("hardware.index")->with('warning', trans('No assets selected, so nothing was updated.'));
         }
 
         $assets = array_keys($request->input('ids'));
 
-        if (($request->has('purchase_date'))
-            || ($request->has('purchase_cost'))
-            || ($request->has('supplier_id'))
-            || ($request->has('order_number'))
-            || ($request->has('warranty_months'))
-            || ($request->has('rtd_location_id'))
-            || ($request->has('requestable'))
-            || ($request->has('company_id'))
-            || ($request->has('status_id'))
-            || ($request->has('model_id'))
+        if (($request->filled('purchase_date'))
+            || ($request->filled('purchase_cost'))
+            || ($request->filled('supplier_id'))
+            || ($request->filled('order_number'))
+            || ($request->filled('warranty_months'))
+            || ($request->filled('rtd_location_id'))
+            || ($request->filled('requestable'))
+            || ($request->filled('company_id'))
+            || ($request->filled('status_id'))
+            || ($request->filled('model_id'))
         ) {
             foreach ($assets as $assetId) {
                 $this->update_array = [];
@@ -96,20 +96,20 @@ class BulkAssetsController extends Controller
                     ->conditionallyAddItem('supplier_id')
                     ->conditionallyAddItem('warranty_months');
 
-                if ($request->has('purchase_cost')) {
+                if ($request->filled('purchase_cost')) {
                     $this->update_array['purchase_cost'] =  Helper::ParseFloat($request->input('purchase_cost'));
                 }
 
-                if ($request->has('company_id')) {
+                if ($request->filled('company_id')) {
                     $this->update_array['company_id'] =  $request->input('company_id');
                     if ($request->input('company_id')=="clear") {
                         $this->update_array['company_id'] = null;
                     }
                 }
 
-                if ($request->has('rtd_location_id')) {
+                if ($request->filled('rtd_location_id')) {
                     $this->update_array['rtd_location_id'] = $request->input('rtd_location_id');
-                    if (($request->has('update_real_loc')) && (($request->input('update_real_loc')) == '1')) {
+                    if (($request->filled('update_real_loc')) && (($request->input('update_real_loc')) == '1')) {
                         $this->update_array['location_id'] = $request->input('rtd_location_id');
                     }
                 }
@@ -137,7 +137,7 @@ class BulkAssetsController extends Controller
      */
     protected function conditionallyAddItem($field)
     {
-        if(request()->has($field)) {
+        if(request()->filled($field)) {
             $this->update_array[$field] = request()->input($field);
         }
         return $this;
@@ -155,7 +155,7 @@ class BulkAssetsController extends Controller
     {
         $this->authorize('delete', Asset::class);
 
-        if ($request->has('ids')) {
+        if ($request->filled('ids')) {
             $assets = Asset::find($request->get('ids'));
             foreach ($assets as $asset) {
                 $update_array['deleted_at'] = date('Y-m-d H:i:s');
@@ -206,13 +206,13 @@ class BulkAssetsController extends Controller
                 }
             }
             $checkout_at = date("Y-m-d H:i:s");
-            if (($request->has('checkout_at')) && ($request->get('checkout_at')!= date("Y-m-d"))) {
+            if (($request->filled('checkout_at')) && ($request->get('checkout_at')!= date("Y-m-d"))) {
                 $checkout_at = e($request->get('checkout_at'));
             }
 
             $expected_checkin = '';
 
-            if ($request->has('expected_checkin')) {
+            if ($request->filled('expected_checkin')) {
                 $expected_checkin = e($request->get('expected_checkin'));
             }
 

app/Http/Controllers/CategoriesController.php

@@ -83,17 +83,7 @@ class CategoriesController extends Controller
         $category->checkin_email        = $request->input('checkin_email', '0');
         $category->user_id              = Auth::id();
 
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/categories/'.$file_name);
-            Image::make($image->getRealPath())->resize(200, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $category->image = $file_name;
-        }
-
+        $category = $request->handleImages($category,600, public_path().'/uploads/categories');
 
         if ($category->save()) {
             return redirect()->route('categories.index')->with('success', trans('admin/categories/message.create.success'));
@@ -152,37 +142,12 @@ class CategoriesController extends Controller
         $category->require_acceptance   = $request->input('require_acceptance', '0');
         $category->checkin_email        = $request->input('checkin_email', '0');
 
-        $old_image = $category->image;
-
         // Set the model's image property to null if the image is being deleted
         if ($request->input('image_delete') == 1) {
             $category->image = null;
         }
 
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $category->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(500, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('categories_upload_path').$file_name);
-            } else {
-                $image->move(app('categories_upload_path'), $file_name);
-            }
-            $category->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('categories_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
-
+        $category = $request->handleImages($category,600, public_path().'/uploads/categories');
 
         if ($category->save()) {
             // Redirect to the new category page
@@ -254,10 +219,7 @@ class CategoriesController extends Controller
                 ->with('category_type_route',$category_type_route);
         }
 
-        // Prepare the error message
-        $error = trans('admin/categories/message.does_not_exist', compact('id'));
-        // Redirect to the user management page
-        return redirect()->route('categories.index')->with('error', $error);
+        return redirect()->route('categories.index')->with('error', trans('admin/categories/message.does_not_exist'));
     }
 
 

app/Http/Controllers/CompaniesController.php

@@ -63,16 +63,7 @@ final class CompaniesController extends Controller
         $company = new Company;
         $company->name = $request->input('name');
 
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/companies/'.$file_name);
-            Image::make($image->getRealPath())->resize(200, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $company->image = $file_name;
-        }
+        $company = $request->handleImages($company,600, public_path().'/uploads/companies');
 
         if ($company->save()) {
             return redirect()->route('companies.index')
@@ -121,36 +112,12 @@ final class CompaniesController extends Controller
 
         $company->name = $request->input('name');
 
-        $old_image = $company->image;
-
         // Set the model's image property to null if the image is being deleted
         if ($request->input('image_delete') == 1) {
             $company->image = null;
         }
 
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $company->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(500, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('companies_upload_path').$file_name);
-            } else {
-                $image->move(app('companies_upload_path'), $file_name);
-            }
-            $company->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('companies_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
+        $company = $request->handleImages($company,600, public_path().'/uploads/companies');
 
 
         if ($company->save()) {

app/Http/Controllers/ComponentsController.php

@@ -91,16 +91,7 @@ class ComponentsController extends Controller
         $component->user_id                = Auth::id();
 
 
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/components/'.$file_name);
-            Image::make($image->getRealPath())->resize(200, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $component->image = $file_name;
-        }
+        $component = $request->handleImages($component,600, public_path().'/uploads/components');
 
         if ($component->save()) {
             return redirect()->route('components.index')->with('success', trans('admin/components/message.create.success'));
@@ -164,18 +155,7 @@ class ComponentsController extends Controller
         $component->purchase_cost          = request('purchase_cost');
         $component->qty                    = Input::get('qty');
 
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/components/'.$file_name);
-            Image::make($image->getRealPath())->resize(200, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $component->image = $file_name;
-        } elseif ($request->input('image_delete')=='1') {
-            $component->image = null;
-        }
+        $component = $request->handleImages($component,600, public_path().'/uploads/components');
 
         if ($component->save()) {
             return redirect()->route('components.index')->with('success', trans('admin/components/message.update.success'));
@@ -219,10 +199,8 @@ class ComponentsController extends Controller
             $this->authorize('view', $component);
             return view('components/view', compact('component'));
         }
-        // Prepare the error message
-        $error = trans('admin/components/message.does_not_exist', compact('id'));
-        // Redirect to the user management page
-        return redirect()->route('components.index')->with('error', $error);
+
+        return redirect()->route('components.index')->with('error', trans('admin/components/message.does_not_exist'));
     }
 
     /**

app/Http/Controllers/ConsumablesController.php

@@ -87,16 +87,8 @@ class ConsumablesController extends Controller
         $consumable->user_id                = Auth::id();
 
 
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/consumables/'.$file_name);
-            Image::make($image->getRealPath())->resize(200, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $consumable->image = $file_name;
-        }
+        $consumable = $request->handleImages($consumable,600, public_path().'/uploads/components');
+
 
         if ($consumable->save()) {
             return redirect()->route('consumables.index')->with('success', trans('admin/consumables/message.create.success'));
@@ -162,7 +154,7 @@ class ConsumablesController extends Controller
             $image = $request->file('image');
             $file_name = str_random(25).".".$image->getClientOriginalExtension();
             $path = public_path('uploads/consumables/'.$file_name);
-            Image::make($image->getRealPath())->resize(200, null, function ($constraint) {
+            Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
                 $constraint->aspectRatio();
                 $constraint->upsize();
             })->save($path);
@@ -212,7 +204,7 @@ class ConsumablesController extends Controller
         if (isset($consumable->id)) {
             return view('consumables/view', compact('consumable'));
         }
-        return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist', compact('id')));
+        return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist'));
     }
 
     /**

app/Http/Controllers/CustomFieldsetsController.php

@@ -44,7 +44,7 @@ class CustomFieldsetsController extends Controller
             $custom_fields_list = ["" => "Add New Field to Fieldset"] + CustomField::pluck("name", "id")->toArray();
 
             $maxid = 0;
-            foreach ($cfset->fields() as $field) {
+            foreach ($cfset->fields as $field) {
                 if ($field->pivot->order > $maxid) {
                     $maxid=$field->pivot->order;
                 }
@@ -172,21 +172,66 @@ class CustomFieldsetsController extends Controller
     * @since [v1.8]
     * @return View
     */
-    public function associate($id)
+    public function associate(Request $request, $id)
     {
 
         $set = CustomFieldset::find($id);
 
         $this->authorize('update', $set);
 
-        foreach ($set->fields as $field) {
-            if ($field->id == Input::get('field_id')) {
-                return redirect()->route("fieldsets.show", [$id])->withInput()->withErrors(['field_id' => trans('admin/custom_fields/message.field.already_added')]);
+        if ($request->filled('field_id')) {
+            foreach ($set->fields as $field) {
+                if ($field->id == $request->input('field_id')) {
+                    return redirect()->route("fieldsets.show", [$id])->withInput()->withErrors(['field_id' => trans('admin/custom_fields/message.field.already_added')]);
+                }
             }
+
+            $results = $set->fields()->attach(Input::get('field_id'), ["required" => ($request->input('required') == "on"),"order" => $request->input('order', 1)]);
+
+            return redirect()->route("fieldsets.show", [$id])->with("success", trans('admin/custom_fields/message.field.create.assoc_success'));
         }
+        return redirect()->route("fieldsets.show", [$id])->with("error", 'No field selected.');
 
-        $results=$set->fields()->attach(Input::get('field_id'), ["required" => (Input::get('required') == "on"),"order" => Input::get('order')]);
 
-        return redirect()->route("fieldsets.show", [$id])->with("success", trans('admin/custom_fields/message.field.create.assoc_success'));
     }
+
+    /**
+     * Set the field in a fieldset to required
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v5.0]
+     */
+    public function makeFieldRequired($fieldset_id, $field_id)
+    {
+
+        $this->authorize('update', CustomFieldset::class);
+        $field = CustomField::findOrFail($field_id);
+        $fieldset = CustomFieldset::findOrFail($fieldset_id);
+        $fields[$field->id] = ['required' => 1];
+        $fieldset->fields()->syncWithoutDetaching($fields);
+
+        return redirect()->route('fieldsets.show', ['fieldset' => $fieldset_id])
+            ->with("success", trans('Field successfully set to required'));
+
+    }
+
+    /**
+     * Set the field in a fieldset to optional
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v5.0]
+     */
+    public function makeFieldOptional($fieldset_id, $field_id)
+    {
+        $this->authorize('update', CustomFieldset::class);
+        $field = CustomField::findOrFail($field_id);
+        $fieldset = CustomFieldset::findOrFail($fieldset_id);
+        $fields[$field->id] = ['required' => 0];
+        $fieldset->fields()->syncWithoutDetaching($fields);
+
+        return redirect()->route('fieldsets.show', ['fieldset' => $fieldset_id])
+            ->with("success", trans('Field successfully set to optional'));
+
+    }
+
 }

app/Http/Controllers/DepartmentsController.php

@@ -30,7 +30,7 @@ class DepartmentsController extends Controller
     {
         $this->authorize('index', Department::class);
         $company = null;
-        if ($request->has('company_id')) {
+        if ($request->filled('company_id')) {
             $company = Company::find($request->input('company_id'));
         }
         return view('departments/index')->with('company', $company);
@@ -51,18 +51,9 @@ class DepartmentsController extends Controller
         $department = new Department;
         $department->fill($request->all());
         $department->user_id = Auth::user()->id;
-        $department->manager_id = ($request->has('manager_id' ) ? $request->input('manager_id') : null);
+        $department->manager_id = ($request->filled('manager_id' ) ? $request->input('manager_id') : null);
 
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/departments/'.$file_name);
-            Image::make($image->getRealPath())->resize(200, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $department->image = $file_name;
-        }
+        $department = $request->handleImages($department,600, public_path().'/uploads/departments');
 
         if ($department->save()) {
             return redirect()->route("departments.index")->with('success', trans('admin/departments/message.create.success'));
@@ -88,7 +79,7 @@ class DepartmentsController extends Controller
         if (isset($department->id)) {
             return view('departments/view', compact('department'));
         }
-        return redirect()->route('departments.index')->with('error', trans('admin/departments/message.does_not_exist', compact('id')));
+        return redirect()->route('departments.index')->with('error', trans('admin/departments/message.does_not_exist'));
     }
 
 
@@ -162,38 +153,9 @@ class DepartmentsController extends Controller
         $this->authorize('update', $department);
 
         $department->fill($request->all());
-        $department->manager_id = ($request->has('manager_id' ) ? $request->input('manager_id') : null);
+        $department->manager_id = ($request->filled('manager_id' ) ? $request->input('manager_id') : null);
 
-        $old_image = $department->image;
-
-        // Set the model's image property to null if the image is being deleted
-        if ($request->input('image_delete') == 1) {
-            $department->image = null;
-        }
-
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $department->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(500, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('departments_upload_path').$file_name);
-            } else {
-                $image->move(app('departments_upload_path'), $file_name);
-            }
-            $department->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('departments_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
+        $department = $request->handleImages($department,600, public_path().'/uploads/departments');
 
         if ($department->save()) {
             return redirect()->route("departments.index")->with('success', trans('admin/departments/message.update.success'));

app/Http/Controllers/LicensesController.php

@@ -246,17 +246,23 @@ class LicensesController extends Controller
      */
     public function getCheckout($licenceId)
     {
+
         // Check that the license is valid
         if ($license = License::where('id',$licenceId)->first()) {
 
+            $this->authorize('checkout', $license);
+
             // If the license is valid, check that there is an available seat
             if ($license->getAvailSeatsCountAttribute() < 1) {
                 return redirect()->route('licenses.index')->with('error', 'There are no available seats for this license');
             }
+            return view('licenses/checkout', compact('license'));
         }
 
-        $this->authorize('checkout', $license);
-        return view('licenses/checkout', compact('license'));
+        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
+
+
+
     }
 
 
@@ -455,7 +461,7 @@ class LicensesController extends Controller
             $this->authorize('view', $license);
             return view('licenses/view', compact('license'));
         }
-        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist', compact('id')));
+        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
     }
     
 
@@ -524,9 +530,8 @@ class LicensesController extends Controller
             }
             return redirect()->route('licenses.show', $license->id)->with('error', trans('admin/licenses/message.upload.nofiles'));
         }
-        // Prepare the error message
-        $error = trans('admin/licenses/message.does_not_exist', compact('id'));
-        return redirect()->route('licenses.index')->with('error', $error);
+
+        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
     }
 
 
@@ -545,21 +550,24 @@ class LicensesController extends Controller
         $destinationPath = config('app.private_uploads').'/licenses';
 
         // the license is valid
-        if (isset($license->id)) {
+        if ($license) {
             $this->authorize('edit', $license);
             $log = Actionlog::find($fileId);
-            $full_filename = $destinationPath.'/'.$log->filename;
-            if (file_exists($full_filename)) {
-                unlink($destinationPath.'/'.$log->filename);
+            if ($log) {
+                $full_filename = $destinationPath.'/'.$log->filename;
+                if (file_exists($full_filename)) {
+                    unlink($destinationPath.'/'.$log->filename);
+                }
+                $log->delete();
+                return redirect()->back()->with('success', trans('admin/licenses/message.deletefile.success'));
             }
-            $log->delete();
-            return redirect()->back()->with('success', trans('admin/licenses/message.deletefile.success'));
+
+            return redirect()->back()->with('error', 'Could not locate that file.');
+
         }
-        // Prepare the error message
-        $error = trans('admin/licenses/message.does_not_exist', compact('id'));
 
         // Redirect to the licence management page
-        return redirect()->route('licenses.index')->with('error', $error);
+        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
     }
 
 
@@ -582,33 +590,35 @@ class LicensesController extends Controller
         if (isset($license->id)) {
             $this->authorize('view', $license);
             $log = Actionlog::find($fileId);
-            $file = $log->get_src('licenses');
 
+            if ($log) {
 
-            if ($file =='') {
-                return response('File not found on server', 404)
-                    ->header('Content-Type', 'text/plain');
-            }
-
-            $mimetype = \File::mimeType($file);
-
-
-            if (!file_exists($file)) {
-                return response('File '.$file.' not found on server', 404)
-                    ->header('Content-Type', 'text/plain');
-            }
-
-            if ($download != 'true') {
-                if ($contents = file_get_contents($file)) {
-                    return Response::make($contents)->header('Content-Type', $mimetype);
+                $file = $log->get_src('licenses');
+                if ($file =='') {
+                    return response('File not found on server', 404)
+                        ->header('Content-Type', 'text/plain');
                 }
-                return JsonResponse::create(["error" => "Failed validation: "], 500);
+
+                $mimetype = \File::mimeType($file);
+
+                if (!file_exists($file)) {
+                    return response('File '.$file.' not found on server', 404)
+                        ->header('Content-Type', 'text/plain');
+                }
+
+                if ($download != 'true') {
+                    if ($contents = file_get_contents($file)) {
+                        return Response::make($contents)->header('Content-Type', $mimetype);
+                    }
+                    return JsonResponse::create(["error" => "Failed validation: "], 500);
+                }
+                return Response::download($file);
             }
-            return Response::download($file);
+
         }
 
 
-        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist', compact('id')));
+        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
     }
 
 

app/Http/Controllers/LocationsController.php

@@ -41,8 +41,6 @@ class LocationsController extends Controller
     {
         // Grab all the locations
         $this->authorize('view', Location::class);
-        $locations = Location::orderBy('created_at', 'DESC')->with('parent', 'assets', 'assignedassets')->get();
-
         // Show the page
         return view('locations/index');
     }
@@ -59,14 +57,7 @@ class LocationsController extends Controller
     public function create()
     {
         $this->authorize('create', Location::class);
-        $locations = Location::orderBy('name', 'ASC')->get();
-
-        $location_options_array = Location::getLocationHierarchy($locations);
-        $location_options = Location::flattenLocationsArray($location_options_array);
-        $location_options = array('' => 'Top Level') + $location_options;
-
         return view('locations/edit')
-            ->with('location_options', $location_options)
             ->with('item', new Location);
     }
 
@@ -97,16 +88,7 @@ class LocationsController extends Controller
         $location->manager_id       = $request->input('manager_id');
         $location->user_id          = Auth::id();
 
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/locations/'.$file_name);
-            Image::make($image->getRealPath())->resize(600, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $location->image = $file_name;
-        }
+        $location = $request->handleImages($location,600, public_path().'/uploads/locations');
 
         if ($location->save()) {
             return redirect()->route("locations.index")->with('success', trans('admin/locations/message.create.success'));
@@ -132,14 +114,8 @@ class LocationsController extends Controller
             return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist'));
         }
 
-        // Show the page
-        $locations = Location::orderBy('name', 'ASC')->get();
-        $location_options_array = Location::getLocationHierarchy($locations);
-        $location_options = Location::flattenLocationsArray($location_options_array);
-        $location_options = array('' => 'Top Level') + $location_options;
 
-        return view('locations/edit', compact('item'))
-            ->with('location_options', $location_options);
+        return view('locations/edit', compact('item'));
     }
 
 
@@ -160,6 +136,11 @@ class LocationsController extends Controller
             return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist'));
         }
 
+        if ($request->input('parent_id') == $locationId) {
+            return redirect()->back()->withInput()->with('error', 'A location cannot be its own parent. Please select a different parent location.');
+        }
+
+
         // Update the location data
         $location->name         = $request->input('name');
         $location->parent_id    = $request->input('parent_id', null);
@@ -172,37 +153,7 @@ class LocationsController extends Controller
         $location->zip          = $request->input('zip');
         $location->ldap_ou      = $request->input('ldap_ou');
         $location->manager_id   = $request->input('manager_id');
-
-        $old_image = $location->image;
-
-        // Set the model's image property to null if the image is being deleted
-        if ($request->input('image_delete') == 1) {
-            $location->image = null;
-        }
-
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $location->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(600, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('locations_upload_path').$file_name);
-            } else {
-                $image->move(app('locations_upload_path'), $file_name);
-            }
-            $location->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('locations_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
+        $location = $request->handleImages($location,600, public_path().'/uploads/locations');
 
 
         if ($location->save()) {
@@ -229,7 +180,7 @@ class LocationsController extends Controller
         if ($location->users->count() > 0) {
             return redirect()->to(route('locations.index'))->with('error', trans('admin/locations/message.assoc_users'));
 
-        } elseif ($location->childLocations->count() > 0) {
+        } elseif ($location->children->count() > 0) {
             return redirect()->to(route('locations.index'))->with('error', trans('admin/locations/message.assoc_child_loc'));
 
         } elseif ($location->assets->count() > 0) {
@@ -262,7 +213,7 @@ class LocationsController extends Controller
             return view('locations/view', compact('location'));
         }
 
-        return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist', compact('id')));
+        return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist'));
     }
 
 }

app/Http/Controllers/ManufacturersController.php

@@ -75,18 +75,7 @@ class ManufacturersController extends Controller
         $manufacturer->support_url     = $request->input('support_url');
         $manufacturer->support_phone    = $request->input('support_phone');
         $manufacturer->support_email    = $request->input('support_email');
-
-
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_slug($image->getClientOriginalName()).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/manufacturers/'.$file_name);
-            Image::make($image->getRealPath())->resize(200, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $manufacturer->image = $file_name;
-        }
+        $manufacturer = $request->handleImages($manufacturer,600, public_path().'/uploads/manufacturers');
 
 
 
@@ -107,11 +96,14 @@ class ManufacturersController extends Controller
      */
     public function edit($id = null)
     {
-        $this->authorize('edit', Manufacturer::class);
+        // Handles manufacturer checks and permissions.
+        $this->authorize('update', Manufacturer::class);
+
         // Check if the manufacturer exists
-        if (is_null($item = Manufacturer::find($id))) {
+        if (!$item = Manufacturer::find($id)) {
             return redirect()->route('manufacturers.index')->with('error', trans('admin/manufacturers/message.does_not_exist'));
         }
+        
         // Show the page
         return view('manufacturers/edit', compact('item'));
     }
@@ -129,7 +121,7 @@ class ManufacturersController extends Controller
      */
     public function update(ImageUploadRequest $request, $manufacturerId = null)
     {
-        $this->authorize('edit', Manufacturer::class);
+        $this->authorize('update', Manufacturer::class);
         // Check if the manufacturer exists
         if (is_null($manufacturer = Manufacturer::find($manufacturerId))) {
             // Redirect to the manufacturer  page
@@ -142,37 +134,14 @@ class ManufacturersController extends Controller
         $manufacturer->support_url     = $request->input('support_url');
         $manufacturer->support_phone    = $request->input('support_phone');
         $manufacturer->support_email    = $request->input('support_email');
-
-        $old_image = $manufacturer->image;
-
+        
         // Set the model's image property to null if the image is being deleted
         if ($request->input('image_delete') == 1) {
             $manufacturer->image = null;
         }
 
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $manufacturer->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
+        $manufacturer = $request->handleImages($manufacturer,600, public_path().'/uploads/manufacturers');
 
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(500, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('manufacturers_upload_path').$file_name);
-            } else {
-                $image->move(app('manufacturers_upload_path'), $file_name);
-            }
-            $manufacturer->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('manufacturers_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
 
 
         if ($manufacturer->save()) {

app/Http/Controllers/ReportsController.php

@@ -307,72 +307,78 @@ class ReportsController extends Controller
     public function postCustom(Request $request)
     {
 
+        ini_set('max_execution_time', 12000);
+
+
         \Debugbar::disable();
         $customfields = CustomField::get();
         $response = new StreamedResponse(function () use ($customfields, $request) {
 
+            \Log::debug('Starting streamed response');
+
             // Open output stream
             $handle = fopen('php://output', 'w');
+            stream_set_timeout($handle, 2000);
             
-            if ($request->has('use_bom')) {
+            if ($request->filled('use_bom')) {
                 fprintf($handle, chr(0xEF) . chr(0xBB) . chr(0xBF));
             }
 
             $header = [];
 
 
-            if ($request->has('company')) {
+            if ($request->filled('company')) {
                 $header[] = trans('general.company');
             }
 
-            if ($request->has('asset_name')) {
+            if ($request->filled('asset_name')) {
                 $header[] = trans('admin/hardware/form.name');
             }
 
-            if ($request->has('asset_tag')) {
+            if ($request->filled('asset_tag')) {
                 $header[] = trans('admin/hardware/table.asset_tag');
             }
 
-            if ($request->has('model')) {
+            if ($request->filled('model')) {
                 $header[] = trans('admin/hardware/form.model');
                 $header[] = trans('general.model_no');
             }
 
-            if ($request->has('category')) {
+            if ($request->filled('category')) {
                 $header[] = trans('general.category');
             }
 
-            if ($request->has('manufacturer')) {
+            if ($request->filled('manufacturer')) {
                 $header[] = trans('admin/hardware/form.manufacturer');
             }
 
-            if ($request->has('serial')) {
+            if ($request->filled('serial')) {
                 $header[] = trans('admin/hardware/table.serial');
             }
-            if ($request->has('purchase_date')) {
+            if ($request->filled('purchase_date')) {
                 $header[] = trans('admin/hardware/table.purchase_date');
             }
 
-            if (($request->has('purchase_cost'))  || ($request->has('depreciation'))) {
+            if (($request->filled('purchase_cost'))  || ($request->filled('depreciation'))) {
                 $header[] = trans('admin/hardware/table.purchase_cost');
             }
 
-            if ($request->has('eol')) {
+            if ($request->filled('eol')) {
                 $header[] = trans('admin/hardware/table.eol');
             }
 
-            if ($request->has('order')) {
+            if ($request->filled('order')) {
                 $header[] = trans('admin/hardware/form.order');
             }
 
-            if ($request->has('supplier')) {
+            if ($request->filled('supplier')) {
                 $header[] = trans('general.supplier');
             }
 
-            if ($request->has('location')) {
+            if ($request->filled('location')) {
                 $header[] = trans('admin/hardware/table.location');
             }
-            if ($request->has('location_address')) {
+            if ($request->filled('location_address')) {
                 $header[] = trans('general.address');
                 $header[] = trans('general.address');
                 $header[] = trans('general.city');
@@ -381,11 +387,11 @@ class ReportsController extends Controller
                 $header[] = trans('general.zip');
             }
 
-            if ($request->has('rtd_location')) {
+            if ($request->filled('rtd_location')) {
                 $header[] = trans('admin/hardware/form.default_location');
             }
             
-            if ($request->has('rtd_location_address')) {
+            if ($request->filled('rtd_location_address')) {
                 $header[] = trans('general.address');
                 $header[] = trans('general.address');
                 $header[] = trans('general.city');
@@ -395,65 +401,65 @@ class ReportsController extends Controller
             }
 
 
-            if ($request->has('assigned_to')) {
+            if ($request->filled('assigned_to')) {
                 $header[] = trans('admin/hardware/table.checkoutto');
                 $header[] = trans('general.type');
             }
 
-            if ($request->has('username')) {
+            if ($request->filled('username')) {
                 $header[] = 'Username';
             }
 
-            if ($request->has('employee_num')) {
+            if ($request->filled('employee_num')) {
                 $header[] = 'Employee No.';
             }
 
-            if ($request->has('manager')) {
+            if ($request->filled('manager')) {
                 $header[] = trans('admin/users/table.manager');
             }
 
-            if ($request->has('department')) {
+            if ($request->filled('department')) {
                 $header[] = trans('general.department');
             }
 
-            if ($request->has('status')) {
+            if ($request->filled('status')) {
                 $header[] = trans('general.status');
             }
 
-            if ($request->has('warranty')) {
+            if ($request->filled('warranty')) {
                 $header[] = 'Warranty';
                 $header[] = 'Warranty Expires';
             }
-            if ($request->has('depreciation')) {
+            if ($request->filled('depreciation')) {
                 $header[] = 'Value';
                 $header[] = 'Diff';
             }
 
-            if ($request->has('checkout_date')) {
+            if ($request->filled('checkout_date')) {
                 $header[] = trans('admin/hardware/table.checkout_date');
             }
 
-            if ($request->has('expected_checkin')) {
+            if ($request->filled('expected_checkin')) {
                 $header[] = trans('admin/hardware/form.expected_checkin');
             }
 
-            if ($request->has('created_at')) {
+            if ($request->filled('created_at')) {
                 $header[] = trans('general.created_at');
             }
 
-            if ($request->has('updated_at')) {
+            if ($request->filled('updated_at')) {
                 $header[] = trans('general.updated_at');
             }
 
-            if ($request->has('last_audit_date')) {
+            if ($request->filled('last_audit_date')) {
                 $header[] = trans('general.last_audit');
             }
 
-            if ($request->has('next_audit_date')) {
+            if ($request->filled('next_audit_date')) {
                 $header[] = trans('general.next_audit_date');
             }
 
-            if ($request->has('notes')) {
+            if ($request->filled('notes')) {
                 $header[] = trans('general.notes');
             }
 
@@ -464,122 +470,130 @@ class ReportsController extends Controller
                 }
             }
 
-
+            $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+            \Log::debug('Starting headers: '.$executionTime);
             fputcsv($handle, $header);
+            $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+            \Log::debug('Added headers: '.$executionTime);
+
 
             $assets = \App\Models\Company::scopeCompanyables(Asset::select('assets.*'))->with(
                 'location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
                 'model.category', 'model.manufacturer','supplier');
             
-            if ($request->has('by_location_id')) {
+            if ($request->filled('by_location_id')) {
                 $assets->where('assets.location_id', $request->input('by_location_id'));
             }
 
-            if ($request->has('by_rtd_location_id')) {
+            if ($request->filled('by_rtd_location_id')) {
                 \Log::debug('RTD location should match: '.$request->input('by_rtd_location_id'));
                 $assets->where('assets.rtd_location_id', $request->input('by_rtd_location_id'));
             }
 
-            if ($request->has('by_supplier_id')) {
+            if ($request->filled('by_supplier_id')) {
                 $assets->where('assets.supplier_id', $request->input('by_supplier_id'));
             }
 
-            if ($request->has('by_company_id')) {
+            if ($request->filled('by_company_id')) {
                 $assets->where('assets.company_id', $request->input('by_company_id'));
             }
 
-            if ($request->has('by_model_id')) {
+            if ($request->filled('by_model_id')) {
                 $assets->where('assets.model_id', $request->input('by_model_id'));
             }
 
-            if ($request->has('by_category_id')) {
+            if ($request->filled('by_category_id')) {
                 $assets->InCategory($request->input('by_category_id'));
             }
 
-            if ($request->has('by_manufacturer_id')) {
+            if ($request->filled('by_manufacturer_id')) {
                 $assets->ByManufacturer($request->input('by_manufacturer_id'));
             }
 
-            if ($request->has('by_order_number')) {
+            if ($request->filled('by_order_number')) {
                 $assets->where('assets.order_number', $request->input('by_order_number'));
             }
 
-            if ($request->has('by_status_id')) {
+            if ($request->filled('by_status_id')) {
                 $assets->where('assets.status_id', $request->input('by_status_id'));
             }
 
-            if (($request->has('purchase_start')) && ($request->has('purchase_end'))) {
+            if (($request->filled('purchase_start')) && ($request->filled('purchase_end'))) {
                 $assets->whereBetween('assets.purchase_date', [$request->input('purchase_start'), $request->input('purchase_end')]);
             }
 
-            if (($request->has('created_start')) && ($request->has('created_end'))) {
+            if (($request->filled('created_start')) && ($request->filled('created_end'))) {
                 $assets->whereBetween('assets.created_at', [$request->input('created_start'), $request->input('created_end')]);
             }
 
-            if (($request->has('expected_checkin_start')) && ($request->has('expected_checkin_end'))) {
+            if (($request->filled('expected_checkin_start')) && ($request->filled('expected_checkin_end'))) {
                 $assets->whereBetween('assets.expected_checkin', [$request->input('expected_checkin_start'), $request->input('expected_checkin_end')]);
             }
             
-            $assets->orderBy('assets.created_at', 'ASC')->chunk(500, function($assets) use($handle, $customfields, $request) {
+            $assets->orderBy('assets.created_at', 'ASC')->chunk(20, function($assets) use($handle, $customfields, $request) {
 
+                $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+                \Log::debug('Walking results: '.$executionTime);
+                $count = 0;
                 foreach ($assets as $asset) {
+                    $count++;
                     $row = [];
                     
-                    if ($request->has('company')) {
+                    if ($request->filled('company')) {
                         $row[] = ($asset->company) ? $asset->company->name : '';
                     }
 
-                    if ($request->has('asset_name')) {
+                    if ($request->filled('asset_name')) {
                         $row[] = ($asset->name) ? $asset->name : '';
                     }
 
-                    if ($request->has('asset_tag')) {
+                    if ($request->filled('asset_tag')) {
                         $row[] = ($asset->asset_tag) ? $asset->asset_tag : '';
                     }
 
-                    if ($request->has('model')) {
+                    if ($request->filled('model')) {
                         $row[] = ($asset->model) ? $asset->model->name : '';
                         $row[] = ($asset->model) ? $asset->model->model_number : '';
                     }
 
-                    if ($request->has('category')) {
+                    if ($request->filled('category')) {
                         $row[] = (($asset->model) && ($asset->model->category)) ? $asset->model->category->name : '';
                     }
 
-                    if ($request->has('manufacturer')) {
+                    if ($request->filled('manufacturer')) {
                         $row[] = ($asset->model && $asset->model->manufacturer) ? $asset->model->manufacturer->name : '';
                     }
 
-                    if ($request->has('serial')) {
+                    if ($request->filled('serial')) {
                         $row[] = ($asset->serial) ? $asset->serial : '';
                     }
 
-                    if ($request->has('purchase_date')) {
+                    if ($request->filled('purchase_date')) {
                         $row[] = ($asset->purchase_date) ? $asset->purchase_date : '';
                     }
 
-                    if ($request->has('purchase_cost')) {
+                    if ($request->filled('purchase_cost')) {
                         $row[] = ($asset->purchase_cost) ? Helper::formatCurrencyOutput($asset->purchase_cost) : '';
                     }
 
-                    if ($request->has('eol')) {
+                    if ($request->filled('eol')) {
                         $row[] = ($asset->purchase_date!='') ? $asset->present()->eol_date() : '';
                     }
 
-                    if ($request->has('order')) {
+                    if ($request->filled('order')) {
                         $row[] = ($asset->order_number) ? $asset->order_number : '';
                     }
 
-                    if ($request->has('supplier')) {
+                    if ($request->filled('supplier')) {
                         $row[] = ($asset->supplier) ? $asset->supplier->name : '';
                     }
                     
 
-                    if ($request->has('location')) {
+                    if ($request->filled('location')) {
                         $row[] = ($asset->location) ? $asset->location->present()->name() : '';
                     }
 
-                    if ($request->has('location_address')) {
+                    if ($request->filled('location_address')) {
                         $row[] = ($asset->location) ? $asset->location->address : '';
                         $row[] = ($asset->location) ? $asset->location->address2 : '';
                         $row[] = ($asset->location) ? $asset->location->city : '';
@@ -588,11 +602,11 @@ class ReportsController extends Controller
                         $row[] = ($asset->location) ? $asset->location->zip : '';
                     }
 
-                    if ($request->has('rtd_location')) {
+                    if ($request->filled('rtd_location')) {
                         $row[] = ($asset->defaultLoc) ? $asset->defaultLoc->present()->name() : '';
                     }
 
-                    if ($request->has('rtd_location_address')) {
+                    if ($request->filled('rtd_location_address')) {
                         $row[] = ($asset->defaultLoc) ? $asset->defaultLoc->address : '';
                         $row[] = ($asset->defaultLoc) ? $asset->defaultLoc->address2 : '';
                         $row[] = ($asset->defaultLoc) ? $asset->defaultLoc->city : '';
@@ -602,12 +616,12 @@ class ReportsController extends Controller
                     }
 
 
-                    if ($request->has('assigned_to')) {
+                    if ($request->filled('assigned_to')) {
                         $row[] = ($asset->checkedOutToUser() && $asset->assigned) ? $asset->assigned->getFullNameAttribute() : ($asset->assigned ? $asset->assigned->display_name : '');
                         $row[] = ($asset->checkedOutToUser() && $asset->assigned) ? 'user' : $asset->assignedType();
                     }
 
-                    if ($request->has('username')) {
+                    if ($request->filled('username')) {
                         // Only works if we're checked out to a user, not anything else.
                         if ($asset->checkedOutToUser()) {
                             $row[] = ($asset->assignedto) ? $asset->assignedto->username : '';
@@ -616,7 +630,7 @@ class ReportsController extends Controller
                         }
                     }
 
-                    if ($request->has('employee_num')) {
+                    if ($request->filled('employee_num')) {
                         // Only works if we're checked out to a user, not anything else.
                         if ($asset->checkedOutToUser()) {
                             $row[] = ($asset->assignedto) ? $asset->assignedto->employee_num : '';
@@ -625,7 +639,7 @@ class ReportsController extends Controller
                         }
                     }
 
-                    if ($request->has('manager')) {
+                    if ($request->filled('manager')) {
                         if ($asset->checkedOutToUser()) {
                             $row[] = (($asset->assignedto) && ($asset->assignedto->manager)) ? $asset->assignedto->manager->present()->fullName : '';
                         } else {
@@ -634,7 +648,7 @@ class ReportsController extends Controller
                     }
 
 
-                    if ($request->has('department')) {
+                    if ($request->filled('department')) {
                         if ($asset->checkedOutToUser()) {
                             $row[] = (($asset->assignedto) && ($asset->assignedto->department)) ? $asset->assignedto->department->name : '';
                         } else {
@@ -642,70 +656,77 @@ class ReportsController extends Controller
                         }
                     }
 
-                    if ($request->has('status')) {
+                    if ($request->filled('status')) {
                         $row[] = ($asset->assetstatus) ? $asset->assetstatus->name.' ('.$asset->present()->statusMeta.')' : '';
                     }
 
 
-                    if ($request->has('warranty')) {
+                    if ($request->filled('warranty')) {
                         $row[] = ($asset->warranty_months) ? $asset->warranty_months : '';
                         $row[] = $asset->present()->warrantee_expires();
                     }
 
 
-                    if ($request->has('depreciation')) {
+                    if ($request->filled('depreciation')) {
                             $depreciation = $asset->getDepreciatedValue();
                             $diff = ($asset->purchase_cost - $depreciation);
                             $row[]        = Helper::formatCurrencyOutput($depreciation);
                             $row[]        = Helper::formatCurrencyOutput($diff);
                     }
 
-                    if ($request->has('checkout_date')) {
+                    if ($request->filled('checkout_date')) {
                         $row[] = ($asset->last_checkout) ? $asset->last_checkout : '';
                     }
 
-                    if ($request->has('expected_checkin')) {
+                    if ($request->filled('expected_checkin')) {
                         $row[] = ($asset->expected_checkin) ? $asset->expected_checkin : '';
                     }
 
-                    if ($request->has('created_at')) {
+                    if ($request->filled('created_at')) {
                         $row[] = ($asset->created_at) ? $asset->created_at : '';
                     }
 
-                    if ($request->has('updated_at')) {
+                    if ($request->filled('updated_at')) {
                         $row[] = ($asset->updated_at) ? $asset->updated_at : '';
                     }
 
-                    if ($request->has('last_audit_date')) {
+                    if ($request->filled('last_audit_date')) {
                         $row[] = ($asset->last_audit_date) ? $asset->last_audit_date : '';
                     }
 
-                    if ($request->has('next_audit_date')) {
+                    if ($request->filled('next_audit_date')) {
                         $row[] = ($asset->next_audit_date) ? $asset->next_audit_date : '';
                     }
 
-                    if ($request->has('notes')) {
+                    if ($request->filled('notes')) {
                         $row[] = ($asset->notes) ? $asset->notes : '';
                     }
 
                     foreach ($customfields as $customfield) {
                         $column_name = $customfield->db_column_name();
-                        if ($request->has($customfield->db_column_name())) {
+                        if ($request->filled($customfield->db_column_name())) {
                             $row[] = $asset->$column_name;
                         }
                     }
                     fputcsv($handle, $row);
+                    $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+                    \Log::debug('-- Record '.$count.' Asset ID:' .$asset->id. ' in '. $executionTime);
+
                 }
             });
 
             // Close the output stream
             fclose($handle);
+            $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+            \Log::debug('-- SCRIPT COMPLETED IN '. $executionTime);
+
         }, 200, [
             'Content-Type' => 'text/csv',
             'Content-Disposition'
             => 'attachment; filename="custom-assets-report-'.date('Y-m-d-his').'.csv"',
         ]);
 
+
         return $response;
 
 

app/Http/Controllers/SettingsController.php

@@ -1,6 +1,7 @@
 <?php
 namespace App\Http\Controllers;
 
+use enshrined\svgSanitize\Sanitizer;
 use Input;
 use Lang;
 use Illuminate\Http\Request;
@@ -326,7 +327,7 @@ class SettingsController extends Controller
 
         $setting->modellist_displays = '';
 
-        if (($request->has('show_in_model_list')) && (count($request->input('show_in_model_list')) > 0))
+        if (($request->filled('show_in_model_list')) && (count($request->input('show_in_model_list')) > 0))
         {
             $setting->modellist_displays = implode(',', $request->input('show_in_model_list'));
         }
@@ -426,12 +427,23 @@ class SettingsController extends Controller
                 $file_name = "logo.".$image->getClientOriginalExtension();
                 $path = public_path('uploads');
                 if ($image->getClientOriginalExtension()!='svg') {
+
                     Image::make($image->getRealPath())->resize(null, 150, function ($constraint) {
                         $constraint->aspectRatio();
                         $constraint->upsize();
                     })->save($path.'/'.$file_name);
                 } else {
-                    $image->move($path, $file_name);
+
+                    // This is kinda copypasta from the ImageUploadRequest - should refactor the ImageUploadRequest to better handle maybe
+                    $sanitizer = new Sanitizer();
+                    $dirtySVG = file_get_contents($image->getRealPath());
+                    $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                    try {
+                        file_put_contents($path.'/'.$file_name, $cleanSVG);
+                    } catch (\Exception $e) {
+                        \Log::debug($e);
+                    }
                 }
                 $setting->logo = $file_name;
             }
@@ -495,7 +507,7 @@ class SettingsController extends Controller
         $setting->pwd_secure_complexity = '';
 
 
-        if ($request->has('pwd_secure_complexity')) {
+        if ($request->filled('pwd_secure_complexity')) {
             $setting->pwd_secure_complexity =  implode('|', $request->input('pwd_secure_complexity'));
         }
 
@@ -633,14 +645,24 @@ class SettingsController extends Controller
             return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
         }
 
-        $setting->slack_endpoint = $request->input('slack_endpoint');
-        $setting->slack_channel = $request->input('slack_channel');
-        $setting->slack_botname = $request->input('slack_botname');
+        $validatedData = $request->validate([
+            'slack_endpoint'   => 'url|required_with:slack_channel|nullable',
+            'slack_channel'   => 'regex:/(?<!\w)#\w+/|required_with:slack_endpoint|nullable',
+            'slack_botname'   => 'string|nullable',
+        ]);
 
-        if ($setting->save()) {
+        if ($validatedData) {
+
+            $setting->slack_endpoint = $request->input('slack_endpoint');
+            $setting->slack_channel = $request->input('slack_channel');
+            $setting->slack_botname = $request->input('slack_botname');
+
+            $setting->save();
             return redirect()->route('settings.index')
                 ->with('success', trans('admin/settings/message.update.success'));
+
         }
+
         return redirect()->back()->withInput()->withErrors($setting->getErrors());
 
     }
@@ -794,31 +816,31 @@ class SettingsController extends Controller
 
 
 
-        if ($request->has('labels_display_name')) {
+        if ($request->filled('labels_display_name')) {
             $setting->labels_display_name = 1;
         } else {
             $setting->labels_display_name = 0;
         }
 
-        if ($request->has('labels_display_serial')) {
+        if ($request->filled('labels_display_serial')) {
             $setting->labels_display_serial = 1;
         } else {
             $setting->labels_display_serial = 0;
         }
 
-        if ($request->has('labels_display_tag')) {
+        if ($request->filled('labels_display_tag')) {
             $setting->labels_display_tag = 1;
         } else {
             $setting->labels_display_tag = 0;
 	    }
 
-	    if ($request->has('labels_display_tag')) {
+	    if ($request->filled('labels_display_tag')) {
              $setting->labels_display_tag = 1;
          } else {
              $setting->labels_display_tag = 0;
          }
 
-        if ($request->has('labels_display_model')) {
+        if ($request->filled('labels_display_model')) {
             $setting->labels_display_model = 1;
         } else {
             $setting->labels_display_model = 0;
@@ -865,7 +887,7 @@ class SettingsController extends Controller
         $setting->ldap_server = $request->input('ldap_server');
         $setting->ldap_server_cert_ignore = $request->input('ldap_server_cert_ignore', false);
         $setting->ldap_uname = $request->input('ldap_uname');
-        if (Input::has('ldap_pword')) {
+        if (Input::filled('ldap_pword')) {
             $setting->ldap_pword = Crypt::encrypt($request->input('ldap_pword'));
         }
         $setting->ldap_basedn = $request->input('ldap_basedn');
@@ -907,7 +929,7 @@ class SettingsController extends Controller
     public function getBackups()
     {
 
-        $path = storage_path().'/app/'.config('laravel-backup.backup.name');
+        $path = storage_path().'/app/'.config('backup.backup.name');
 
         $files = array();
 
@@ -983,7 +1005,7 @@ class SettingsController extends Controller
     public function downloadFile($filename = null)
     {
         if (!config('app.lock_passwords')) {
-            $path = storage_path().'/app/'.config('laravel-backup.backup.name');
+            $path = storage_path().'/app/'.config('backup.backup.name');
             $file = $path.'/'.$filename;
             if (file_exists($file)) {
                 return Response::download($file);
@@ -1012,7 +1034,7 @@ class SettingsController extends Controller
 
         if (!config('app.lock_passwords')) {
 
-            $path = storage_path().'/app/'.config('laravel-backup.backup.name');
+            $path = storage_path().'/app/'.config('backup.backup.name');
             $file = $path.'/'.$filename;
             if (file_exists($file)) {
                 unlink($file);

app/Http/Controllers/StatuslabelsController.php

@@ -43,7 +43,7 @@ class StatuslabelsController extends Controller
             return view('statuslabels.view')->with('statuslabel', $statuslabel);
         }
 
-        return redirect()->route('statuslabels.index')->with('error', trans('admin/statuslabels/message.does_not_exist', compact('id')));
+        return redirect()->route('statuslabels.index')->with('error', trans('admin/statuslabels/message.does_not_exist'));
     }
 
 
@@ -78,7 +78,7 @@ class StatuslabelsController extends Controller
         // create a new model instance
         $statusLabel = new Statuslabel();
 
-        if (!$request->has('statuslabel_types')) {
+        if (!$request->filled('statuslabel_types')) {
             return redirect()->back()->withInput()->withErrors(['statuslabel_types' => trans('validation.statuslabel_type')]);
         }
 
@@ -141,7 +141,7 @@ class StatuslabelsController extends Controller
             return redirect()->route('statuslabels.index')->with('error', trans('admin/statuslabels/message.does_not_exist'));
         }
 
-        if (!$request->has('statuslabel_types')) {
+        if (!$request->filled('statuslabel_types')) {
             return redirect()->back()->withInput()->withErrors(['statuslabel_types' => trans('validation.statuslabel_type')]);
         }
 

app/Http/Controllers/SuppliersController.php

@@ -78,17 +78,8 @@ class SuppliersController extends Controller
         $supplier->notes                = request('notes');
         $supplier->url                  = $supplier->addhttp(request('url'));
         $supplier->user_id              = Auth::id();
+        $supplier = $request->handleImages($supplier,600, public_path().'/uploads/suppliers');
 
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/suppliers/'.$file_name);
-            Image::make($image->getRealPath())->resize(200, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $supplier->image = $file_name;
-        }
 
         if ($supplier->save()) {
             return redirect()->route('suppliers.index')->with('success', trans('admin/suppliers/message.create.success'));
@@ -145,39 +136,7 @@ class SuppliersController extends Controller
         $supplier->email                = request('email');
         $supplier->url                  = $supplier->addhttp(request('url'));
         $supplier->notes                = request('notes');
-
-
-        $old_image = $supplier->image;
-
-        // Set the model's image property to null if the image is being deleted
-        if ($request->input('image_delete') == 1) {
-            $supplier->image = null;
-        }
-
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $supplier->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(500, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('suppliers_upload_path').$file_name);
-            } else {
-                $image->move(app('suppliers_upload_path'), $file_name);
-            }
-            $supplier->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('suppliers_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
-
+        $supplier = $request->handleImages($supplier,600, public_path().'/uploads/suppliers');
 
         if ($supplier->save()) {
             return redirect()->route('suppliers.index')->with('success', trans('admin/suppliers/message.update.success'));
@@ -196,7 +155,7 @@ class SuppliersController extends Controller
     public function destroy($supplierId)
     {
         $this->authorize('delete', Supplier::class);
-        if (is_null($supplier = Supplier::with('asset_maintenances', 'assets', 'licenses')->withCount('asset_maintenances','assets','licenses')->find($supplierId))) {
+        if (is_null($supplier = Supplier::with('asset_maintenances', 'assets', 'licenses')->withCount('asset_maintenances as asset_maintenances_count','assets as assets_count','licenses as licenses_count')->find($supplierId))) {
             return redirect()->route('suppliers.index')->with('error', trans('admin/suppliers/message.not_found'));
         }
 
@@ -236,11 +195,8 @@ class SuppliersController extends Controller
         if (isset($supplier->id)) {
                 return view('suppliers/view', compact('supplier'));
         }
-        // Prepare the error message
-        $error = trans('admin/suppliers/message.does_not_exist', compact('id'));
 
-        // Redirect to the user management page
-        return redirect()->route('suppliers.index')->with('error', $error);
+        return redirect()->route('suppliers.index')->with('error', trans('admin/suppliers/message.does_not_exist'));
     }
 
 }

app/Http/Controllers/UsersController.php

@@ -107,7 +107,7 @@ class UsersController extends Controller
         //Username, email, and password need to be handled specially because the need to respect config values on an edit.
         $user->email = $data['email'] = e($request->input('email'));
         $user->username = $data['username'] = e($request->input('username'));
-        if ($request->has('password')) {
+        if ($request->filled('password')) {
             $user->password = bcrypt($request->input('password'));
             $data['password'] =  $request->input('password');
         }
@@ -139,13 +139,13 @@ class UsersController extends Controller
 
         if ($user->save()) {
 
-            if ($request->has('groups')) {
+            if ($request->filled('groups')) {
                 $user->groups()->sync($request->input('groups'));
             } else {
                 $user->groups()->sync(array());
             }
 
-            if (($request->input('email_user') == 1) && ($request->has('email'))) {
+            if (($request->input('email_user') == 1) && ($request->filled('email'))) {
               // Send the credentials through email
                 $data = array();
                 $data['email'] = e($request->input('email'));
@@ -263,7 +263,7 @@ class UsersController extends Controller
         }
 
 
-        if ($request->has('username')) {
+        if ($request->filled('username')) {
             $user->username = $request->input('username');
         }
         $user->email = $request->input('email');
@@ -297,7 +297,7 @@ class UsersController extends Controller
             ->where('assigned_to', $user->id)->update(['location_id' => $request->input('location_id', null)]);
 
         // Do we want to update the user password?
-        if ($request->has('password')) {
+        if ($request->filled('password')) {
             $user->password = bcrypt($request->input('password'));
         }
 
@@ -340,25 +340,25 @@ class UsersController extends Controller
             // Check if we are not trying to delete ourselves
             if ($user->id === Auth::user()->id) {
                 // Redirect to the user management page
-                return redirect()->route('users.index')->with('error', 'This user still has ' . $user->assets()->count() . ' assets associated with them.');
+                return redirect()->route('users.index')->with('error', 'You cannot delete yourself.');
             }
 
-            if ($user->assets->count() > 0) {
+            if (($user->assets) && ($user->assets->count() > 0)) {
                 // Redirect to the user management page
-                return redirect()->route('users.index')->with('error', 'This user still has ' . count($user->assets->count()) . ' assets associated with them.');
+                return redirect()->route('users.index')->with('error', 'This user still has ' . $user->assets->count() . ' assets associated with them. Use the Checkin and Delete button on the user profile to check these items back in and delete this user.');
             }
 
-            if ($user->licenses()->count() > 0) {
+            if (($user->licenses) && ($user->licenses->count() > 0)) {
                 // Redirect to the user management page
-                return redirect()->route('users.index')->with('error', 'This user still has ' . $user->assets()->count() . ' assets associated with them.');
+                return redirect()->route('users.index')->with('error', 'This user still has ' . $user->licenses->count() . ' license(s associated with them. Use the Checkin and Delete button on the user profile to check these items back in and delete this user.');
             }
 
-            if ($user->accessories()->count() > 0) {
+            if (($user->accessories) && ($user->accessories->count() > 0)) {
                 // Redirect to the user management page
-                return redirect()->route('users.index')->with('error', 'This user still has ' . $user->accessories()->count() . ' accessories associated with them.');
+                return redirect()->route('users.index')->with('error', 'This user still has ' . $user->accessories->count() . ' accessories associated with them. Use the Checkin and Delete button on the user profile to check these items back in and delete this user.');
             }
 
-            if ($user->managedLocations()->count() > 0) {
+            if (($user->managedLocations()) && ($user->managedLocations()->count() > 0)) {
                 // Redirect to the user management page
                 return redirect()->route('users.index')->with('error', 'This user still has ' . $user->managedLocations()->count() . ' locations that they manage.');
             }
@@ -390,7 +390,7 @@ class UsersController extends Controller
     {
         $this->authorize('update', User::class);
 
-        if (($request->has('ids')) && (count($request->input('ids')) > 0)) {
+        if (($request->filled('ids')) && (count($request->input('ids')) > 0)) {
             $statuslabel_list = Helper::statusLabelList();
             $user_raw_array = array_keys(Input::get('ids'));
             $users = User::whereIn('id', $user_raw_array)->with('groups', 'assets', 'licenses', 'accessories')->get();
@@ -416,28 +416,28 @@ class UsersController extends Controller
     {
         $this->authorize('update', User::class);
 
-        if (($request->has('ids')) && (count($request->input('ids')) > 0)) {
+        if (($request->filled('ids')) && (count($request->input('ids')) > 0)) {
 
             $user_raw_array = $request->input('ids');
             $update_array = array();
             $manager_conflict = false;
             $users = User::whereIn('id', $user_raw_array)->where('id', '!=', Auth::user()->id)->get();
 
-            if ($request->has('location_id')) {
+            if ($request->filled('location_id')) {
                 $update_array['location_id'] = $request->input('location_id');
             }
-            if ($request->has('department_id')) {
+            if ($request->filled('department_id')) {
                 $update_array['department_id'] = $request->input('department_id');
             }
-            if ($request->has('company_id')) {
+            if ($request->filled('company_id')) {
                 $update_array['company_id'] = $request->input('company_id');
             }
-            if ($request->has('locale')) {
+            if ($request->filled('locale')) {
                 $update_array['locale'] = $request->input('locale');
             }
 
 
-            if ($request->has('manager_id')) {
+            if ($request->filled('manager_id')) {
 
                 // Do not allow a manager update if the selected manager is one of the users being
                 // edited.
@@ -448,7 +448,7 @@ class UsersController extends Controller
                 }
 
             }
-            if ($request->has('activated')) {
+            if ($request->filled('activated')) {
                 $update_array['activated'] = $request->input('activated');
             }
 
@@ -458,7 +458,7 @@ class UsersController extends Controller
             }
 
             // Only sync groups if groups were selected
-            if ($request->has('groups')) {
+            if ($request->filled('groups')) {
                 foreach ($users as $user) {
                     $user->groups()->sync($request->input('groups'));
                 }
@@ -490,9 +490,9 @@ class UsersController extends Controller
     {
         $this->authorize('update', User::class);
 
-        if ((!$request->has('ids')) || (count($request->input('ids')) == 0)) {
+        if ((!$request->filled('ids')) || (count($request->input('ids')) == 0)) {
             return redirect()->back()->with('error', 'No users selected');
-        } elseif ((!$request->has('status_id')) || ($request->input('status_id')=='')) {
+        } elseif ((!$request->filled('status_id')) || ($request->input('status_id')=='')) {
             return redirect()->route('users.index')->with('error', 'No status selected');
         } else {
 
@@ -606,10 +606,12 @@ class UsersController extends Controller
      */
     public function show($userId = null)
     {
-        if(!$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($userId)) {
-            $error = trans('admin/users/message.user_not_found', compact('id'));
-            // Redirect to the user management page
-            return redirect()->route('users.index')->with('error', $error);
+        if (!$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')
+            ->withTrashed()
+            ->find($userId))
+        {
+
+            return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found', ['id' => $userId]));
         }
 
         $userlog = $user->userlog->load('item');
@@ -706,10 +708,8 @@ class UsersController extends Controller
                             ->with('userGroups', $userGroups)
                             ->with('clone_user', $user_to_clone);
         } catch (UserNotFoundException $e) {
-            // Prepare the error message
-            $error = trans('admin/users/message.user_not_found', compact('id'));
-            // Redirect to the user management page
-            return redirect()->route('users.index')->with('error', $error);
+
+            return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found'));
         }
     }
 
@@ -731,30 +731,38 @@ class UsersController extends Controller
         if (isset($user->id)) {
             $this->authorize('update', $user);
 
-            foreach (Input::file('file') as $file) {
+            if (!$request->has('file')) {
+                \Log::debug('No file selected: ');
+                \Log::debug(print_r($request, true));
+                return redirect()->back()->with('error', 'No file submitted.');
 
-                $extension = $file->getClientOriginalExtension();
-                $filename = 'user-' . $user->id . '-' . str_random(8);
-                $filename .= '-' . str_slug($file->getClientOriginalName()) . '.' . $extension;
-                $upload_success = $file->move($destinationPath, $filename);
+            } else {
+                foreach ($request->file('file') as $file) {
 
-                //Log the uploaded file to the log
-                $logAction = new Actionlog();
-                $logAction->item_id = $user->id;
-                $logAction->item_type = User::class;
-                $logAction->user_id = Auth::user()->id;
-                $logAction->note = e(Input::get('notes'));
-                $logAction->target_id = null;
-                $logAction->created_at = date("Y-m-d H:i:s");
-                $logAction->filename = $filename;
-                $logAction->action_type = 'uploaded';
-                $logAction->save();
+                    $extension = $file->getClientOriginalExtension();
+                    $filename = 'user-' . $user->id . '-' . str_random(8);
+                    $filename .= '-' . str_slug($file->getClientOriginalName()) . '.' . $extension;
+                    $upload_success = $file->move($destinationPath, $filename);
 
+                    //Log the uploaded file to the log
+                    $logAction = new Actionlog();
+                    $logAction->item_id = $user->id;
+                    $logAction->item_type = User::class;
+                    $logAction->target_type = User::class;
+                    $logAction->target_id = $user->id;
+                    $logAction->user_id = Auth::user()->id;
+                    $logAction->note = $request->input('notes');
+                    $logAction->created_at = date("Y-m-d H:i:s");
+                    $logAction->filename = $filename;
+                    $logAction->action_type = 'uploaded';
+                    $logAction->save();
+
+                }
+                return redirect()->back()->with('success', 'File uploaded');
             }
-            return JsonResponse::create($logAction);
 
         }
-        return JsonResponse::create(["error" => "Failed validation: ".print_r($logAction->getErrors(), true)], 500);
+        return redirect()->route('users.index')->with('error', 'Error uploading files');
     }
 
 
@@ -782,10 +790,8 @@ class UsersController extends Controller
             $log->delete();
             return redirect()->back()->with('success', trans('admin/users/message.deletefile.success'));
         }
-        // Prepare the error message
-        $error = trans('admin/users/message.does_not_exist', compact('id'));
-        // Redirect to the licence management page
-        return redirect()->route('users.index')->with('error', $error);
+
+        return redirect()->route('users.index')->with('error', trans('admin/users/message.does_not_exist'));
 
     }
 

app/Http/Controllers/ViewAssetsController.php

@@ -269,7 +269,7 @@ class ViewAssetsController extends Controller
             return redirect()->to('account/view-assets')->with('error', trans('admin/users/message.error.incorrect_user_accepted'));
         }
 
-        if ($request->has('signature_output')) {
+        if ($request->filled('signature_output')) {
             $path = config('app.private_uploads').'/signatures';
             $sig_filename = "siglog-".$findlog->id.'-'.date('Y-m-d-his').".png";
             $data_uri = e($request->get('signature_output'));

app/Http/Kernel.php

@@ -44,7 +44,8 @@ class Kernel extends HttpKernel
         ],
 
         'api' => [
-            'throttle:60,1',
+            \Barryvdh\Cors\HandleCors::class,
+            'throttle:120,1',
             'auth:api',
         ],
     ];

app/Http/Middleware/ContentSecurityPolicyHeader.php

@@ -21,7 +21,7 @@ class ContentSecurityPolicyHeader
 
         $policy[] = "default-src 'self'";
         $policy[] = "style-src 'self' 'unsafe-inline' oss.maxcdn.com";
-        $policy[] = "script-src 'self' 'unsafe-inline' oss.mafxcdn.com cdnjs.cloudflare.com'";
+        $policy[] = "script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com";
         $policy[] = "connect-src 'self'";
         $policy[] = "object-src 'none'";
         $policy[] = "font-src 'self' data:";

app/Http/Middleware/EncryptCookies.php

@@ -6,6 +6,8 @@ use Illuminate\Cookie\Middleware\EncryptCookies as BaseEncrypter;
 
 class EncryptCookies extends BaseEncrypter
 {
+
+
     /**
      * The names of the cookies that should not be encrypted.
      *
@@ -14,4 +16,13 @@ class EncryptCookies extends BaseEncrypter
     protected $except = [
         //
     ];
+
+    /**
+     * Indicates if cookies should be serialized.
+     *
+     * @var bool
+     */
+    protected static $serialize = true;
+
+
 }

app/Http/Requests/AssetRequest.php

@@ -2,9 +2,11 @@
 
 namespace App\Http\Requests;
 
-use App\Http\Requests\Request;
 use App\Models\AssetModel;
 use Session;
+use Illuminate\Http\Exceptions\HttpResponseException;
+
+use Illuminate\Contracts\Validation\Validator;
 
 class AssetRequest extends Request
 {
@@ -30,7 +32,7 @@ class AssetRequest extends Request
             'model_id'        => 'required|integer|exists:models,id',
             'status_id'       => 'required|integer|exists:status_labels,id',
             'company_id'      => 'integer|nullable',
-            'warranty_months' => 'numeric|nullable',
+            'warranty_months' => 'numeric|nullable|digits_between:0,240',
             'physical'        => 'integer|nullable',
             'checkout_date'   => 'date',
             'checkin_date'    => 'date',
@@ -46,10 +48,10 @@ class AssetRequest extends Request
 
         $rules['asset_tag'] = ($settings->auto_increment_assets == '1') ? 'max:255' : 'required';
 
-        if($this->request->get('model_id') != '') {
+        if ($this->request->get('model_id') != '') {
             $model = AssetModel::find($this->request->get('model_id'));
 
-            if (($model) && ($model->fieldset)) {
+            if (($model) && (isset($model->fieldset)) && ($model->fieldset)) {
                 $rules += $model->fieldset->validation_rules();
             }
         }
@@ -58,11 +60,26 @@ class AssetRequest extends Request
 
     }
 
-    public function response(array $errors)
+
+    /**
+     * Handle a failed validation attempt.
+     *
+     * public function json($data = [], $status = 200, array $headers = [], $options = 0)
+     *
+     * @param  \Illuminate\Contracts\Validation\Validator  $validator
+     * @return void
+     *
+     * @throws \Illuminate\Http\Exceptions\HttpResponseException
+     */
+    protected function failedValidation(Validator $validator)
     {
         $this->session()->flash('errors', Session::get('errors', new \Illuminate\Support\ViewErrorBag)
-            ->put('default', new \Illuminate\Support\MessageBag($errors)));
+            ->put('default', new \Illuminate\Support\MessageBag($validator->errors()->toArray())));
         \Input::flash();
-        return parent::response($errors);
+        throw new HttpResponseException(response()->json([
+            'status' => 'error',
+            'messages' => $validator->errors(),
+            'payload' => null
+        ], 422));
     }
 }

app/Http/Requests/ImageUploadRequest.php

@@ -2,7 +2,9 @@
 
 namespace App\Http\Requests;
 
-use App\Http\Requests\Request;
+use App\Models\SnipeModel;
+use Intervention\Image\Facades\Image;
+use enshrined\svgSanitize\Sanitizer;
 
 class ImageUploadRequest extends Request
 {
@@ -33,4 +35,83 @@ class ImageUploadRequest extends Request
     {
         return $this->redirector->back()->withInput()->withErrors($errors, $this->errorBag);
     }
-}
+
+    /**
+     * Handle and store any images attached to request
+     * @param SnipeModel $item Item the image is associated with
+     * @param String $path  location for uploaded images, defaults to uploads/plural of item type.
+     * @return SnipeModel        Target asset is being checked out to.
+     */
+    public function handleImages($item, $w = 600, $path = null)
+    {
+
+        $type = strtolower(class_basename(get_class($item)));
+
+        if (is_null($path)) {
+            $path =  str_plural($type);
+        }
+
+        \Log::debug('Trying to upload to '. $path);
+
+        if ($this->hasFile('image')) {
+
+            if (!config('app.lock_passwords')) {
+
+
+                if (!is_dir($path)) {
+                    \Log::debug($path.' does not exist');
+                    mkdir($path);
+                }
+
+                $image = $this->file('image');
+                $ext = $image->getClientOriginalExtension();
+                $file_name = $type.'-'.str_random(18).'.'.$ext;
+                \Log::debug('File name will be: '.$file_name);
+
+                if ($image->getClientOriginalExtension()!=='svg') {
+                    \Log::debug('Not an SVG - resize');
+                    \Log::debug('Trying to upload to: '.$path.'/'.$file_name);
+                    $upload = Image::make($image->getRealPath())->resize(null, $w, function ($constraint) {
+                        $constraint->aspectRatio();
+                        $constraint->upsize();
+                    })->save($path.'/'.$file_name);
+                } else {
+                    \Log::debug('This is an SVG');
+                    $sanitizer = new Sanitizer();
+                    $dirtySVG = file_get_contents($image->getRealPath());
+                    $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                    try {
+                        \Log::debug('Trying to upload to: '.$path.'/'.$file_name);
+                        file_put_contents($path.'/'.$file_name, $cleanSVG);
+                    } catch (\Exception $e) {
+                        \Log::debug($e);
+                    }
+                }
+
+
+                // Remove Current image if exists
+                if (($item->image) && (file_exists($path.'/'.$item->image))) {
+                    try {
+                        unlink($path.'/'.$item->image);
+                    } catch (\Exception $e) {
+                        \Log::debug($e);
+                    }
+                }
+
+                $item->image = $file_name;
+            }
+
+        } elseif ($this->input('image_delete')=='1') {
+
+            try {
+                unlink($path.'/'.$item->image);
+            } catch (\Exception $e) {
+                \Log::debug($e);
+            }
+
+            $item->image = null;
+        }
+        return $item;
+    }
+}

app/Http/Requests/SaveUserRequest.php

@@ -2,10 +2,12 @@
 
 namespace App\Http\Requests;
 
-use App\Http\Requests\Request;
 use App\Models\Setting;
+use Illuminate\Http\Exceptions\HttpResponseException;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Contracts\Validation\Validator;
 
-class SaveUserRequest extends Request
+class SaveUserRequest extends FormRequest
 {
     /**
      * Determine if the user is authorized to make this request.
@@ -62,4 +64,5 @@ class SaveUserRequest extends Request
         return $rules;
 
     }
+
 }

app/Http/Transformers/ActionlogsTransformer.php

@@ -30,10 +30,49 @@ class ActionlogsTransformer
         // This is necessary since we can't escape special characters within a JSON object
         if (($actionlog->log_meta) && ($actionlog->log_meta!='')) {
             $meta_array = json_decode($actionlog->log_meta);
-            foreach ($meta_array as $key => $value) {
-                foreach ($value as $meta_key => $meta_value) {
-                    $clean_meta[$key][$meta_key] = e($meta_value);
+
+            if ($meta_array) {
+                foreach ($meta_array as $key => $value) {
+                    foreach ($value as $meta_key => $meta_value) {
+
+                        if (is_array($meta_value)) {
+                            foreach ($meta_value as $meta_value_key => $meta_value_value) {
+                                $clean_meta[$key][$meta_value_key] = e($meta_value_value);
+                            }
+                        } else {
+
+                            // This object stuff is weird, and is used to make up for the fact that
+                            // older data can get strangely formatted if an asset existed,
+                            // then a new custom field is added, and the asset is saved again.
+                            // It can result in funnily-formatted strings like:
+                            //
+                            // {"_snipeit_right_sized_fault_tolerant_localareanetwo_1":
+                            // {"old":null,"new":{"value":"1579490695972","_snipeit_new_field_2":2,"_snipeit_new_field_3":"Monday, 20 January 2020 2:24:55 PM"}}
+                            // so we have to walk down that next level
+
+                            if (is_object($meta_value)) {
+
+                                foreach ($meta_value as $meta_value_key => $meta_value_value) {
+
+                                    if ($meta_value_key == 'value') {
+                                        $clean_meta[$key]['old'] = null;
+                                        $clean_meta[$key]['new'] = e($meta_value->value);
+                                    } else {
+                                        $clean_meta[$meta_value_key]['old'] = null;
+                                        $clean_meta[$meta_value_key]['new'] = e($meta_value_value);
+                                    }
+                                }
+
+
+
+                            } else {
+                                $clean_meta[$key][$meta_key] = e($meta_value);
+                            }
+                        }
+
+                    }
                 }
+
             }
         }
 
@@ -50,7 +89,7 @@ class ActionlogsTransformer
 
             'item' => ($actionlog->item) ? [
                 'id' => (int) $actionlog->item->id,
-                'name' => e($actionlog->item->getDisplayNameAttribute()),
+                'name' => ($actionlog->itemType()=='user') ? $actionlog->filename : e($actionlog->item->getDisplayNameAttribute()),
                 'type' => e($actionlog->itemType()),
             ] : null,
             'location' => ($actionlog->location) ? [

app/Http/Transformers/AssetMaintenancesTransformer.php

@@ -5,6 +5,7 @@ use App\Models\AssetMaintenance;
 use Gate;
 use Illuminate\Database\Eloquent\Collection;
 use App\Helpers\Helper;
+use App\Models\Asset;
 
 class AssetMaintenancesTransformer
 {

app/Http/Transformers/LicenseSeatsTransformer.php

@@ -29,7 +29,14 @@ class LicenseSeatsTransformer
             'name' => 'Seat '.$seat_count,
             'assigned_user' => ($seat->user) ? [
                 'id' => (int) $seat->user->id,
-                'name'=> e($seat->user->present()->fullName)
+                'name'=> e($seat->user->present()->fullName),
+                'department'=>
+                    ($seat->user->department) ?
+                        [
+                            "id" => (int) $seat->user->department->id,
+                            "name" => e($seat->user->department->name)
+
+                        ] : null
             ] : null,
             'assigned_asset' => ($seat->asset) ? [
                 'id' => (int) $seat->asset->id,

app/Http/Transformers/LocationsTransformer.php

@@ -23,7 +23,7 @@ class LocationsTransformer
         if ($location) {
 
             $children_arr = [];
-            foreach($location->childLocations as $child) {
+            foreach($location->children as $child) {
                 $children_arr[] = [
                     'id' => (int) $child->id,
                     'name' => $child->name

app/Importer/AssetImporter.php

@@ -27,9 +27,17 @@ class AssetImporter extends ItemImporter
 
             foreach ($this->customFields as $customField) {
                 $customFieldValue = $this->array_smart_custom_field_fetch($row, $customField);
+
                 if ($customFieldValue) {
-                    $this->item['custom_fields'][$customField->db_column_name()] = $customFieldValue;
-                    $this->log('Custom Field '. $customField->name.': '.$customFieldValue);
+
+                    if ($customField->field_encrypted == 1) {
+                        $this->item['custom_fields'][$customField->db_column_name()] = \Crypt::encrypt($customFieldValue);
+                        $this->log('Custom Field '. $customField->name.': '.\Crypt::encrypt($customFieldValue));
+                    } else {
+                        $this->item['custom_fields'][$customField->db_column_name()] = $customFieldValue;
+                        $this->log('Custom Field '. $customField->name.': '.$customFieldValue);
+                    }
+
                 } else {
                     // Clear out previous data.
                     $this->item['custom_fields'][$customField->db_column_name()] = null;
@@ -68,6 +76,8 @@ class AssetImporter extends ItemImporter
         }
 
         $this->item['image'] = $this->findCsvMatch($row, "image");
+        $this->item['requestable'] = $this->fetchHumanBoolean($this->findCsvMatch($row, "requestable"));;
+        $asset->requestable =  $this->fetchHumanBoolean($this->findCsvMatch($row, "requestable"));
         $this->item['warranty_months'] = intval($this->findCsvMatch($row, "warranty_months"));
         $this->item['model_id'] = $this->createOrFetchAssetModel($row);
 

app/Importer/Importer.php

@@ -120,7 +120,8 @@ abstract class Importer
     public function import()
     {
         $headerRow = $this->csv->fetchOne();
-        $results = $this->normalizeInputArray($this->csv->fetchAssoc());
+        $this->csv->setHeaderOffset(0); //explicitly sets the CSV document header record
+        $results = $this->normalizeInputArray($this->csv->getRecords($headerRow));
 
         $this->populateCustomFields($headerRow);
 
@@ -442,11 +443,7 @@ abstract class Importer
 
     public function fetchHumanBoolean($value)
     {
-        if (($value =='1') || (strtolower($value) =='true') || (strtolower($value) =='yes'))
-        {
-            return '1';
-        }
-        return '0';
+       return (int) filter_var($value, FILTER_VALIDATE_BOOLEAN);
     }
 
     /**

app/Models/Asset.php

@@ -75,7 +75,7 @@ class Asset extends Depreciable
         'model_id'        => 'required|integer|exists:models,id',
         'status_id'       => 'required|integer|exists:status_labels,id',
         'company_id'      => 'integer|nullable',
-        'warranty_months' => 'numeric|nullable',
+        'warranty_months' => 'numeric|nullable|digits_between:0,240',
         'physical'        => 'numeric|max:1|nullable',
         'checkout_date'   => 'date|max:10|min:10|nullable',
         'checkin_date'    => 'date|max:10|min:10|nullable',
@@ -111,6 +111,7 @@ class Asset extends Depreciable
         'status_id',
         'supplier_id',
         'warranty_months',
+        'requestable',
     ];
 
     use Searchable;
@@ -225,10 +226,10 @@ class Asset extends Depreciable
         if ($location != null) {
             $this->location_id = $location;
         } else {
-            if($target->location) {
+            if (isset($target->location)) {
                 $this->location_id = $target->location->id;
             }
-            if($target instanceof Location) {
+            if ($target instanceof Location) {
                 $this->location_id = $target->id;
             }
         }
@@ -604,20 +605,26 @@ class Asset extends Depreciable
 
     public function requireAcceptance()
     {
-        return $this->model->category->require_acceptance;
+        if (($this->model) && ($this->model->category)) {
+            return $this->model->category->require_acceptance;
+        }
+
     }
 
     public function getEula()
     {
         $Parsedown = new \Parsedown();
-
-        if ($this->model->category->eula_text) {
-            return $Parsedown->text(e($this->model->category->eula_text));
-        } elseif ($this->model->category->use_default_eula == '1') {
-            return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
-        } else {
-            return false;
+        
+        if (($this->model) && ($this->model->category)) {
+            if ($this->model->category->eula_text) {
+                return $Parsedown->text(e($this->model->category->eula_text));
+            } elseif ($this->model->category->use_default_eula == '1') {
+                return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+            } else {
+                return false;
+            }
         }
+        return false;
     }
 
     /**
@@ -821,9 +828,11 @@ class Asset extends Depreciable
 
     public function scopeDueForAudit($query, $settings)
     {
+        $interval = $settings->audit_warning_days ?? 0;
+
         return $query->whereNotNull('assets.next_audit_date')
             ->where('assets.next_audit_date', '>=', Carbon::now())
-            ->whereRaw("DATE_SUB(assets.next_audit_date, INTERVAL $settings->audit_warning_days DAY) <= '".Carbon::now()."'")
+            ->whereRaw("DATE_SUB(assets.next_audit_date, INTERVAL $interval DAY) <= '".Carbon::now()."'")
             ->where('assets.archived', '=', 0)
             ->NotArchived();
     }
@@ -866,8 +875,10 @@ class Asset extends Depreciable
 
     public function scopeDueOrOverdueForAudit($query, $settings)
     {
+        $interval = $settings->audit_warning_days ?? 0;
+
         return $query->whereNotNull('assets.next_audit_date')
-            ->whereRaw("DATE_SUB(assets.next_audit_date, INTERVAL $settings->audit_warning_days DAY) <= '".Carbon::now()."'")
+            ->whereRaw("DATE_SUB(assets.next_audit_date, INTERVAL $interval DAY) <= '".Carbon::now()."'")
             ->where('assets.archived', '=', 0)
             ->NotArchived();
     }
@@ -1038,9 +1049,7 @@ class Asset extends Depreciable
                     ->orWhere('assets.order_number', 'LIKE', '%'.$search.'%')
                     ->orWhere('assets.notes', 'LIKE', '%'.$search.'%');
             }
-            foreach (CustomField::all() as $field) {
-                $query->orWhere('assets.'.$field->db_column_name(), 'LIKE', "%$search%");
-            }
+
         })->withTrashed()->whereNull("assets.deleted_at"); //workaround for laravel bug
     }
 
@@ -1167,7 +1176,29 @@ class Asset extends Depreciable
                 }
             }
 
-            if (($fieldname!='category') && ($fieldname!='model_number') && ($fieldname!='location') && ($fieldname!='supplier')
+            /**
+             * THIS CLUNKY BIT IS VERY IMPORTANT
+             *
+             * Although inelegant, this section matters a lot when querying against fields that do not
+             * exist on the asset table. There's probably a better way to do this moving forward, for
+             * example using the Schema:: methods to determine whether or not a column actually exists,
+             * or even just using the $searchableRelations variable earlier in this file.
+             *
+             * In short, this set of statements tells the query builder to ONLY query against an
+             * actual field that's being passed if it doesn't meet known relational fields. This
+             * allows us to query custom fields directly in the assetsv table
+             * (regardless of their name) and *skip* any fields that we already know can only be
+             * searched through relational searches that we do earlier in this method.
+             *
+             * For example, we do not store "location" as a field on the assets table, we store
+             * that relationship through location_id on the assets table, therefore querying
+             * assets.location would fail, as that field doesn't exist -- plus we're already searching
+             * against those relationships earlier in this method.
+             *
+             * - snipe 
+             *
+             */
+            if (($fieldname!='category') && ($fieldname!='model_number') && ($fieldname!='rtd_location') && ($fieldname!='location') && ($fieldname!='supplier')
                 && ($fieldname!='status_label') && ($fieldname!='model') && ($fieldname!='company') && ($fieldname!='manufacturer')) {
                     $query->orWhere('assets.'.$fieldname, 'LIKE', '%' . $search_val . '%');
             }
@@ -1367,8 +1398,7 @@ class Asset extends Depreciable
 
 
     /**
-     * Query builder scope to search on location ID
-     *
+     * Query builder scope to search on depreciation name
      * @param  \Illuminate\Database\Query\Builder  $query  Query builder instance
      * @param  text                              $search      Search term
      *

app/Models/AssetMaintenance.php

@@ -73,7 +73,8 @@ class AssetMaintenance extends Model implements ICompanyableChild
             trans('admin/asset_maintenances/general.upgrade')     => trans('admin/asset_maintenances/general.upgrade'),
             'PAT test'      => 'PAT test',
             trans('admin/asset_maintenances/general.calibration')     => trans('admin/asset_maintenances/general.calibration'),
-            'PAT test'      => 'PAT test',
+            'Software Support'      => trans('admin/asset_maintenances/general.software_support'),
+            'Hardware Support'      => trans('admin/asset_maintenances/general.hardware_support'),
         ];
     }
 

app/Models/Company.php

@@ -80,7 +80,13 @@ final class Company extends SnipeModel
         }
 
         $table = ($table_name) ? DB::getTablePrefix().$table_name."." : '';
-        return $query->where($table.$column, '=', $company_id); 
+
+        if(\Schema::hasColumn($query->getModel()->getTable(), $column)){
+             return $query->where($table.$column, '=', $company_id); 
+        } else {
+            return $query->join('users as users_comp', 'users_comp.id', 'user_id')->where('users_comp.company_id', '=', $company_id); 
+        }
+            
     }
 
     public static function getIdFromInput($unescaped_input)

app/Models/Department.php

@@ -26,7 +26,6 @@ class Department extends SnipeModel
 
     protected $rules = [
         'name'                  => 'required|max:255',
-        'user_id'               => 'nullable|exists:users,id',
         'location_id'           => 'numeric|nullable',
         'company_id'            => 'numeric|nullable',
         'manager_id'            => 'numeric|nullable',

app/Models/Group.php

@@ -7,10 +7,10 @@ use Watson\Validating\ValidatingTrait;
 
 class Group extends SnipeModel
 {
-    protected $table = 'groups';
+    protected $table = 'permission_groups';
 
     public $rules = array(
-      'name' => 'required|min:3|max:255',
+      'name' => 'required|min:2|max:255',
     );
 
     /**

app/Models/License.php

@@ -48,7 +48,7 @@ class License extends Depreciable
     protected $table = 'licenses';
     protected $rules = array(
         'name'   => 'required|string|min:3|max:255',
-        'seats'   => 'required|min:1|max:1000000|integer',
+        'seats'   => 'required|min:1|max:999|integer',
         'license_email'   => 'email|nullable|max:120',
         'license_name'   => 'string|nullable|max:100',
         'notes'   => 'string|nullable',

app/Models/LicenseSeat.php

@@ -55,4 +55,23 @@ class LicenseSeat extends Model implements ICompanyableChild
         return false;
 
     }
+
+    /**
+     * Query builder scope to order on department
+     *
+     * @param  \Illuminate\Database\Query\Builder  $query  Query builder instance
+     * @param  text                              $order         Order
+     *
+     * @return \Illuminate\Database\Query\Builder          Modified query builder
+     */
+    public function scopeOrderDepartments($query, $order)
+    {
+        return $query->leftJoin('users as license_seat_users',  'license_seats.assigned_to', '=', 'license_seat_users.id')
+            ->leftJoin('departments as license_user_dept',  'license_user_dept.id', '=', 'license_seat_users.department_id')
+            ->orderBy('license_user_dept.name', $order);
+    }
+
+
+
+
 }

app/Models/Location.php

@@ -113,7 +113,8 @@ class Location extends SnipeModel
 
     public function parent()
     {
-        return $this->belongsTo('\App\Models\Location', 'parent_id','id');
+        return $this->belongsTo('\App\Models\Location', 'parent_id','id')
+            ->with('parent');
     }
 
     public function manager()
@@ -121,9 +122,9 @@ class Location extends SnipeModel
         return $this->belongsTo('\App\Models\User', 'manager_id');
     }
 
-    public function childLocations()
-    {
-        return $this->hasMany('\App\Models\Location', 'parent_id');
+    public function children() {
+        return $this->hasMany('\App\Models\Location','parent_id')
+            ->with('children');
     }
 
     // I don't think we need this anymore since we de-normed location_id in assets?
@@ -137,59 +138,39 @@ class Location extends SnipeModel
         return $this->attributes['ldap_ou'] = empty($ldap_ou) ? null : $ldap_ou;
     }
 
-    public static function getLocationHierarchy($locations, $parent_id = null)
-    {
 
+    /**
+     * Query builder scope to order on parent
+     *
+     * @param  Illuminate\Database\Query\Builder  $query  Query builder instance
+     * @param  text                              $order       Order
+     *
+     * @return Illuminate\Database\Query\Builder          Modified query builder
+     */
 
-        $op = array();
-
-        foreach ($locations as $location) {
-
-            if ($location['parent_id'] == $parent_id) {
-                $op[$location['id']] =
-                    array(
-                        'name' => $location['name'],
-                        'parent_id' => $location['parent_id']
-                    );
-
-                // Using recursion
-                $children =  Location::getLocationHierarchy($locations, $location['id']);
-                if ($children) {
-                    $op[$location['id']]['children'] = $children;
-                }
-
-            }
+    public static function indenter($locations_with_children, $parent_id = null, $prefix = '') {
+        $results = Array();
 
+        
+        if (!array_key_exists($parent_id, $locations_with_children)) {
+            return [];
         }
-        return $op;
+
+
+        foreach ($locations_with_children[$parent_id] as $location) {
+            $location->use_text = $prefix.' '.$location->name;
+            $location->use_image = ($location->image) ? url('/').'/uploads/locations/'.$location->image : null;
+            $results[] = $location;
+            //now append the children. (if we have any)
+            if (array_key_exists($location->id, $locations_with_children)) {
+                $results = array_merge($results, Location::indenter($locations_with_children, $location->id,$prefix.'--'));
+            }
+        }
+        return $results;
     }
 
 
-    public static function flattenLocationsArray($location_options_array = null)
-    {
-        $location_options = array();
-        foreach ($location_options_array as $id => $value) {
 
-            // get the top level key value
-            $location_options[$id] = $value['name'];
-
-                // If there is a key named children, it has child locations and we have to walk it
-            if (array_key_exists('children', $value)) {
-
-                foreach ($value['children'] as $child_id => $child_location_array) {
-                    $child_location_options = Location::flattenLocationsArray($value['children']);
-
-                    foreach ($child_location_options as $child_id => $child_name) {
-                        $location_options[$child_id] = '--'.$child_name;
-                    }
-                }
-
-            }
-
-        }
-
-        return $location_options;
-    }
 
     /**
     * Query builder scope to order on parent

app/Models/Loggable.php

@@ -45,9 +45,15 @@ trait Loggable
             $log->user_id = Auth::user()->id;
 
         if (!isset($target)) {
-            throw new Exception('All checkout logs require a target');
+            throw new \Exception('All checkout logs require a target.');
             return;
         }
+
+        if (!isset($target->id)) {
+            throw new \Exception('That target seems invalid (no target ID available).');
+            return;
+        }
+
         $log->target_type = get_class($target);
         $log->target_id = $target->id;
 

app/Models/Setting.php

@@ -20,10 +20,7 @@ class Setting extends Model
           'admin_cc_email'   => 'email|nullable',
           'default_currency'   => 'required',
           'locale'   => 'required',
-          'slack_endpoint'   => 'url|required_with:slack_channel|nullable',
-          'slack_channel'   => 'regex:/(?<!\w)#\w+/|required_with:slack_endpoint|nullable',
-          'slack_botname'   => 'string|nullable',
-          'labels_per_page' => 'numeric',
+          'labels_per_page' => 'numeric|min:1',
           'labels_width' => 'numeric',
           'labels_height' => 'numeric',
           'labels_pmargin_left' => 'numeric|nullable',

app/Models/User.php

@@ -491,7 +491,7 @@ class User extends SnipeModel implements AuthenticatableContract, CanResetPasswo
 
     public function scopeByGroup($query, $id) {
         return $query->whereHas('groups', function ($query) use ($id) {
-            $query->where('groups.id', '=', $id);
+            $query->where('permission_groups.id', '=', $id);
         });
     }
 
@@ -549,4 +549,17 @@ class User extends SnipeModel implements AuthenticatableContract, CanResetPasswo
     {
         return $query->leftJoin('departments as departments_users', 'users.department_id', '=', 'departments_users.id')->orderBy('departments_users.name', $order);
     }
+
+    /**
+     * Query builder scope to order on company
+     *
+     * @param  Illuminate\Database\Query\Builder  $query  Query builder instance
+     * @param  text                              $order         Order
+     *
+     * @return Illuminate\Database\Query\Builder          Modified query builder
+     */
+    public function scopeOrderCompany($query, $order)
+    {
+        return $query->leftJoin('companies as companies_user', 'users.company_id', '=', 'companies_user.id')->orderBy('companies_user.name', $order);
+    }
 }

app/Presenters/AssetModelPresenter.php

@@ -67,7 +67,7 @@ class AssetModelPresenter extends Presenter
     public function imageUrl()
     {
         if (!empty($this->image)) {
-            return '<img src="' . url('/') . '/uploads/models/' . $this->image . '" height=50 width=50>';
+            return '<img src="' . url('/') . '/uploads/models/' . $this->image . '" alt="'.$this->name.'" height="50" width="50">';
         }
         return '';
     }

app/Presenters/AssetPresenter.php

@@ -258,13 +258,17 @@ class AssetPresenter extends Presenter
             $query->whereHas('models');
         })->get();
 
+
+        // Note: We do not need to e() escape the field names here, as they are already escaped when
+        // they are presented in the blade view. If we escape them here, custom fields with quotes in their
+        // name can break the listings page. - snipe
         foreach ($fields as $field) {
             $layout[] = [
                 "field" => 'custom_fields.'.$field->convertUnicodeDbSlug(),
                 "searchable" => true,
                 "sortable" => true,
                 "switchable" => true,
-                "title" => ($field->field_encrypted=='1') ?'<i class="fa fa-lock"></i> '.e($field->name) : e($field->name),
+                "title" => ($field->field_encrypted=='1') ?'<i class="fa fa-lock"></i> '.$field->name : $field->name,
                 "formatter" => "customFieldsFormatter"
             ];
 
@@ -320,12 +324,14 @@ class AssetPresenter extends Presenter
         $imagePath = '';
         if ($this->image && !empty($this->image)) {
             $imagePath = $this->image;
+            $imageAlt = $this->name;
         } elseif ($this->model && !empty($this->model->image)) {
             $imagePath = $this->model->image;
+            $imageAlt = $this->model->name;
         }
         $url = config('app.url');
         if (!empty($imagePath)) {
-            $imagePath = "<img src='{$url}/uploads/assets/{$imagePath}' height=50 width=50>";
+            $imagePath = '<img src="'.$url.'/uploads/assets/'.$imagePath.' height="50" width="50" alt="'.$imageAlt.'">';
         }
         return $imagePath;
     }
@@ -391,7 +397,7 @@ class AssetPresenter extends Presenter
     public function eol_date()
     {
 
-        if (( $this->purchase_date ) && ( $this->model ) && ($this->model->model->eol) ) {
+        if (( $this->purchase_date ) && ( $this->model->model ) && ($this->model->model->eol) ) {
             $date = date_create($this->purchase_date);
             date_add($date, date_interval_create_from_date_string($this->model->model->eol . ' months'));
             return date_format($date, 'Y-m-d');
@@ -512,6 +518,6 @@ class AssetPresenter extends Presenter
 
     public function glyph()
     {
-        return '<i class="fa fa-barcode"></i>';
+        return '<i class="fa fa-barcode" aria-hidden="true"></i>';
     }
 }

app/Presenters/CompanyPresenter.php

@@ -49,7 +49,7 @@ class CompanyPresenter extends Presenter
                 "field" => "assets_count",
                 "searchable" => false,
                 "sortable" => true,
-                "title" => '<span class="hidden-xs"><i class="fa fa-barcode"></i></span><span class="hidden-md hidden-lg">'.trans('general.assets').'</span>',
+                "title" => '<span class="hidden-xs"><i class="fa fa-barcode" aria-hidden="true"></i></span><span class="hidden-md hidden-lg">'.trans('general.assets').'</span>',
                 "visible" => true,
 
             ],[

app/Presenters/LicensePresenter.php

@@ -176,6 +176,15 @@ class LicensePresenter extends Presenter
                 "visible" => true,
                 "formatter" => "usersLinkObjFormatter"
             ], [
+                "field" => "department",
+                "searchable" => false,
+                "sortable" => true,
+                "switchable" => true,
+                "title" => trans('general.department'),
+                "visible" => false,
+                "formatter" => "departmentNameLinkFormatter"
+            ],
+            [
                 "field" => "assigned_asset",
                 "searchable" => false,
                 "sortable" => false,
@@ -191,7 +200,8 @@ class LicensePresenter extends Presenter
                 "title" => trans('general.location'),
                 "visible" => true,
                 "formatter" => "locationsLinkObjFormatter"
-            ], [
+            ],
+            [
                 "field" => "checkincheckout",
                 "searchable" => false,
                 "sortable" => false,

app/Presenters/LocationPresenter.php

@@ -190,7 +190,7 @@ class LocationPresenter extends Presenter
 
     public function glyph()
     {
-        return '<i class="fa fa-map-marker"></i>';
+        return '<i class="fa fa-map-marker" aria-hidden="true"></i>';
     }
     
     public function fullName() {

app/Presenters/UserPresenter.php

@@ -171,21 +171,22 @@ class UserPresenter extends Presenter
                 "formatter" => "usersLinkObjFormatter"
             ],
             [
-                "field" => "assets_count",
-                "searchable" => false,
-                "sortable" => true,
-                "switchable" => true,
-                "title" => ' <span class="hidden-md hidden-lg">Assets</span>'
-                            .'<span class="hidden-xs"><i class="fa fa-barcode fa-lg"></i></span>',
-                "visible" => true,
+                'field' => 'assets_count',
+                'searchable' => false,
+                'sortable' => true,
+                'switchable' => true,
+                'escape' => true,
+                'class' => 'css-barcode',
+                'title' => 'Assets',
+                'visible' => true,
             ],
             [
                 "field" => "licenses_count",
                 "searchable" => false,
                 "sortable" => true,
                 "switchable" => true,
-                "title" => ' <span class="hidden-md hidden-lg">Licenses</span>'
-                    .'<span class="hidden-xs"><i class="fa fa-floppy-o fa-lg"></i></span>',
+                'class' => 'css-license',
+                "title" => 'License',
                 "visible" => true,
             ],
             [
@@ -193,8 +194,8 @@ class UserPresenter extends Presenter
                 "searchable" => false,
                 "sortable" => true,
                 "switchable" => true,
-                "title" => ' <span class="hidden-md hidden-lg">Consumables</span>'
-                    .'<span class="hidden-xs"><i class="fa fa-tint fa-lg"></i></span>',
+                'class' => 'css-consumable',
+                "title" => 'Consumables',
                 "visible" => true,
             ],
             [
@@ -202,8 +203,8 @@ class UserPresenter extends Presenter
                 "searchable" => false,
                 "sortable" => true,
                 "switchable" => true,
-                "title" => ' <span class="hidden-md hidden-lg">Accessories</span>'
-                    .'<span class="hidden-xs"><i class="fa fa-keyboard-o fa-lg"></i></span>',
+                'class' => 'css-accessory',
+                "title" => 'Accessories',
                 "visible" => true,
             ],
             [
@@ -323,9 +324,14 @@ class UserPresenter extends Presenter
             return config('app.url').'/uploads/avatars/'.$this->avatar;
         }
 
-        if ((Setting::getSettings()->load_remote=='1') && ($this->email!='')) {
-            $gravatar = md5(strtolower(trim($this->email)));
-            return "//gravatar.com/avatar/".$gravatar;
+        if (Setting::getSettings()->load_remote=='1') {
+            if ($this->model->gravatar!='') {
+                $gravatar = md5(strtolower(trim($this->model->gravatar)));
+                return "//gravatar.com/avatar/".$gravatar;
+            } elseif ($this->email!='') {
+                $gravatar = md5(strtolower(trim($this->email)));
+                return "//gravatar.com/avatar/".$gravatar;
+            }
         }
 
         // Set a fun, gender-neutral default icon
@@ -353,6 +359,6 @@ class UserPresenter extends Presenter
 
     public function glyph()
     {
-        return '<i class="fa fa-user"></i>';
+        return '<i class="fa fa-user" aria-hidden="true"></i>';
     }
 }

app/Providers/SettingsServiceProvider.php

@@ -111,6 +111,34 @@ class SettingsServiceProvider extends ServiceProvider
             return url('/').'/uploads/companies/';
         });
 
+        // Accessories paths and URLs
+        \App::singleton('accessories_upload_path', function(){
+            return public_path('/uploads/accessories/');
+        });
+
+        \App::singleton('accessories_upload_url', function(){
+            return url('/').'/uploads/accessories/';
+        });
+
+        // Consumables paths and URLs
+        \App::singleton('consumables_upload_path', function(){
+            return public_path('/uploads/consumables/');
+        });
+
+        \App::singleton('consumables_upload_url', function(){
+            return url('/').'/uploads/consumables/';
+        });
+
+
+        // Components paths and URLs
+        \App::singleton('components_upload_path', function(){
+            return public_path('/uploads/components/');
+        });
+
+        \App::singleton('components_upload_url', function(){
+            return url('/').'/uploads/components/';
+        });
+
 
 
         // Set the monetary locale to the configured locale to make helper::parseFloat work.

composer.json

@@ -5,44 +5,49 @@
   "license": "AGPL-3.0-or-later",
   "type": "project",
     "require": {
-    "php": ">=5.6.4",
-    "barryvdh/laravel-debugbar": "^2.4",
-    "doctrine/cache": "^1.6",
-    "doctrine/common": "^2.7",
-    "doctrine/dbal": "^2.5.13",
-    "doctrine/inflector": "1.1.*",
-    "doctrine/instantiator": "1.0.*",
+    "php": ">=7.1.2",
+    "barryvdh/laravel-cors": "^0.11.3",
+    "barryvdh/laravel-debugbar": "^3.2",
+    "doctrine/cache": "^1.8",
+    "doctrine/common": "^2.10",
+    "doctrine/dbal": "2.9.0",
+    "doctrine/inflector": "^1.3",
+    "doctrine/instantiator": "^1.2",
     "eduardokum/laravel-mail-auto-embed": "^1.0",
-    "erusev/parsedown": "^1.7.3",
-    "fideloper/proxy": "^3.3",
-    "intervention/image": "^2.3",
+    "enshrined/svg-sanitize": "^0.13.3",
+    "erusev/parsedown": "^1.7",
+    "fideloper/proxy": "^4.1",
+    "guzzlehttp/guzzle": "^6.3",
+    "intervention/image": "^2.4",
     "javiereguiluz/easyslugger": "^1.0",
-    "laravel/framework": "5.4.35",
-    "laravel/passport": "^3.0",
+    "laravel/framework": "5.5.*",
+    "laravel/passport": "4.*",
     "laravel/tinker": "^1.0",
-    "laravelcollective/html": "^5.3",
-    "league/csv": "^8.1",
-    "maknz/slack": "^1.7",
+    "laravelcollective/html": "^5.5",
+    "league/csv": "^9.2",
+    "alek13/slack": "^1.7",
     "neitanod/forceutf8": "^2.0",
-    "patchwork/utf8": "~1.2",
-    "phpdocumentor/reflection-docblock": "3.2.2",
-    "phpspec/prophecy": "1.6.2",
+    "patchwork/utf8": "^1.3",
+    "phpdocumentor/reflection-docblock": "^4.0",
+    "phpspec/prophecy": "^1.8",
     "pragmarx/google2fa": "^5.0",
-    "pragmarx/google2fa-laravel": "^0.3.0",
+    "pragmarx/google2fa-laravel": "^1.0",
     "predis/predis": "^1.1",
-    "rollbar/rollbar-laravel": "2.4.1",
+    "rollbar/rollbar-laravel": "2.*",
     "schuppo/password-strength": "~1.5",
-    "spatie/laravel-backup": "3.11.0",
+    "spatie/laravel-backup": "^5.12",
     "tecnickcom/tc-lib-barcode": "^1.15",
-    "tightenco/ziggy": "^0.4.1",
+    "tightenco/ziggy": "^0.7.1",
     "unicodeveloper/laravel-password": "^1.0",
     "watson/validating": "^3.0"
   },
     "require-dev": {
     "codeception/codeception": "2.3.6",
-    "fzaninotto/faker": "~1.4",
+    "filp/whoops": "~2.0",
+    "fzaninotto/faker": "1.9.1",
     "phpunit/php-token-stream": "1.4.11",
-    "phpunit/phpunit": "~5.7",
+    "phpunit/phpunit": "~6.0",
+    "roave/security-advisories": "dev-master",
     "squizlabs/php_codesniffer": "*",
     "symfony/css-selector": "3.1.*",
     "symfony/dom-crawler": "3.1.*"
@@ -67,6 +72,10 @@
         ],
         "post-create-project-cmd": [
             "php artisan key:generate"
+        ],
+        "post-autoload-dump": [
+          "Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
+          "@php artisan package:discover"
         ]
     },
     "config": {
@@ -75,7 +84,7 @@
         "optimize-autoloader": true,
         "process-timeout":3000,
         "platform": {
-          "php": "5.6.4"
+          "php": "7.1.2"
         }
     }
 

config/app.php

@@ -36,6 +36,19 @@ return [
 
     'env' => env('APP_ENV', 'production'),
 
+    /*
+    |--------------------------------------------------------------------------
+    | Result Limit
+    |--------------------------------------------------------------------------
+    |
+    | This value determines the max number of results to return, even if a higher limit
+    | is passed in the API request. This is done to prevent server timeouts when
+    | custom scripts are requesting 100k assets at a time.
+    |
+    */
+
+    'max_results' => env('MAX_RESULTS', 500),
+
     /*
     |--------------------------------------------------------------------------
     | Application Debug Mode
@@ -286,7 +299,6 @@ return [
          * Package Service Providers...
          */
 
-        Barryvdh\Debugbar\ServiceProvider::class,
         Intervention\Image\ImageServiceProvider::class,
         Collective\Html\HtmlServiceProvider::class,
         Spatie\Backup\BackupServiceProvider::class,

config/backup.php

@@ -0,0 +1,222 @@
+<?php
+
+// This is janky, but necessary to figure out whether to include the .env in the backup
+$included_dirs = [
+    base_path('public/uploads'),
+    base_path('config'),
+    base_path('storage/private_uploads'),
+    base_path('storage/oauth-private.key'),
+    base_path('storage/oauth-public.key'),
+
+];
+
+if (env('BACKUP_ENV')=='true') {
+    $included_dirs[] = base_path('.env');
+}
+
+return [
+
+    'backup' => [
+
+        /*
+         * The name of this application. You can use this name to monitor
+         * the backups.
+         */
+        'name' => 'backups',
+
+        'source' => [
+
+            'files' => [
+
+                /*
+                 * The list of directories and files that will be included in the backup.
+                 */
+                'include' => $included_dirs,
+
+                /*
+                 * These directories and files will be excluded from the backup.
+                 *
+                 * Directories used by the backup process will automatically be excluded.
+                 */
+                'exclude' => [
+                    base_path('vendor'),
+                    base_path('node_modules'),
+                ],
+
+                /*
+                 * Determines if symlinks should be followed.
+                 */
+                'followLinks' => false,
+            ],
+
+            /*
+             * The names of the connections to the databases that should be backed up
+             * MySQL, PostgreSQL, SQLite and Mongo databases are supported.
+             *
+             * The content of the database dump may be customized for each connection
+             * by adding a 'dump' key to the connection settings in config/database.php.
+             * E.g.
+             * 'mysql' => [
+             *       ...
+             *      'dump' => [
+             *           'excludeTables' => [
+             *                'table_to_exclude_from_backup',
+             *                'another_table_to_exclude'
+             *            ]
+             *       ]
+             * ],
+             *
+             * For a complete list of available customization options, see https://github.com/spatie/db-dumper
+             */
+            'databases' => [
+                'mysql',
+            ],
+        ],
+
+        /*
+         * The database dump can be compressed to decrease diskspace usage.
+         *
+         * Out of the box Laravel-backup supplies
+         * Spatie\DbDumper\Compressors\GzipCompressor::class.
+         *
+         * You can also create custom compressor. More info on that here:
+         * https://github.com/spatie/db-dumper#using-compression
+         *
+         * If you do not want any compressor at all, set it to null.
+         */
+        'database_dump_compressor' => null,
+
+        'destination' => [
+
+            /*
+             * The filename prefix used for the backup zip file.
+             */
+            'filename_prefix' => 'snipe-it-',
+
+            /*
+             * The disk names on which the backups will be stored.
+             */
+            'disks' => [
+                'local',
+            ],
+        ],
+
+        /*
+         * The directory where the temporary files will be stored.
+         */
+        'temporary_directory' => storage_path('app/backup-temp'),
+    ],
+
+    /*
+     * You can get notified when specific events occur. Out of the box you can use 'mail' and 'slack'.
+     * For Slack you need to install guzzlehttp/guzzle.
+     *
+     * You can also use your own notification classes, just make sure the class is named after one of
+     * the `Spatie\Backup\Events` classes.
+     */
+    'notifications' => [
+
+        'notifications' => [
+            \Spatie\Backup\Notifications\Notifications\BackupHasFailed::class         => ['mail'],
+            \Spatie\Backup\Notifications\Notifications\UnhealthyBackupWasFound::class => ['mail'],
+            \Spatie\Backup\Notifications\Notifications\CleanupHasFailed::class        => ['mail'],
+            \Spatie\Backup\Notifications\Notifications\BackupWasSuccessful::class     => ['mail'],
+            \Spatie\Backup\Notifications\Notifications\HealthyBackupWasFound::class   => ['mail'],
+            \Spatie\Backup\Notifications\Notifications\CleanupWasSuccessful::class    => ['mail'],
+        ],
+
+        /*
+         * Here you can specify the notifiable to which the notifications should be sent. The default
+         * notifiable will use the variables specified in this config file.
+         */
+        'notifiable' => \Spatie\Backup\Notifications\Notifiable::class,
+
+        'mail' => [
+            'to' => env('MAIL_BACKUP_NOTIFICATION_ADDRESS', null),
+        ],
+
+        'slack' => [
+            'webhook_url' => '',
+
+            /*
+             * If this is set to null the default channel of the webhook will be used.
+             */
+            'channel' => null,
+
+            'username' => null,
+
+            'icon' => null,
+
+        ],
+    ],
+
+    /*
+     * Here you can specify which backups should be monitored.
+     * If a backup does not meet the specified requirements the
+     * UnHealthyBackupWasFound event will be fired.
+     */
+    'monitorBackups' => [
+        [
+            'name' => config('app.name'),
+            'disks' => ['local'],
+            'newestBackupsShouldNotBeOlderThanDays' => 1,
+            'storageUsedMayNotBeHigherThanMegabytes' => 5000,
+        ],
+
+        /*
+        [
+            'name' => 'name of the second app',
+            'disks' => ['local', 's3'],
+            'newestBackupsShouldNotBeOlderThanDays' => 1,
+            'storageUsedMayNotBeHigherThanMegabytes' => 5000,
+        ],
+        */
+    ],
+
+    'cleanup' => [
+        /*
+         * The strategy that will be used to cleanup old backups. The default strategy
+         * will keep all backups for a certain amount of days. After that period only
+         * a daily backup will be kept. After that period only weekly backups will
+         * be kept and so on.
+         *
+         * No matter how you configure it the default strategy will never
+         * delete the newest backup.
+         */
+        'strategy' => \Spatie\Backup\Tasks\Cleanup\Strategies\DefaultStrategy::class,
+
+        'defaultStrategy' => [
+
+            /*
+             * The number of days for which backups must be kept.
+             */
+            'keepAllBackupsForDays' => 7,
+
+            /*
+             * The number of days for which daily backups must be kept.
+             */
+            'keepDailyBackupsForDays' => 16,
+
+            /*
+             * The number of weeks for which one weekly backup must be kept.
+             */
+            'keepWeeklyBackupsForWeeks' => 8,
+
+            /*
+             * The number of months for which one monthly backup must be kept.
+             */
+            'keepMonthlyBackupsForMonths' => 4,
+
+            /*
+             * The number of years for which one yearly backup must be kept.
+             */
+            'keepYearlyBackupsForYears' => 2,
+
+            /*
+             * After cleaning up the backups remove the oldest backup until
+             * this amount of megabytes has been reached.
+             */
+            'deleteOldestBackupsWhenUsingMoreMegabytesThan' => 5000,
+        ],
+    ],
+];