Bumped minor version

* Rename child locations method

* Use Ajax dropdown for locations selectlist for edit/create

* Removed locations database call on edit/create blades for faster loading

* Updated locations controller to use the new iterator

* Increase pagination on locations controller to 500

We’re already loading all of that data up beforehand anyway, so no point in keeping the query smaller.

* Fixed the else to make codacy happy

* Improve the design and performance of the nested location selectlist (#7484)

* Improve the design and performance of the nested location selectlist

* Fixed parse errors

* Removed debugging code/comments

.all-contributorsrc

@@ -1659,6 +1659,15 @@
       "contributions": [
         "code"
       ]
+    },
+    {
+      "login": "mskrip",
+      "name": "Marián Skrip",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/17459600?v=4",
+      "profile": "https://github.com/mskrip",
+      "contributions": [
+        "code"
+      ]
     }
   ]
 }

.env.example

@@ -7,6 +7,7 @@ APP_KEY=ChangeMe
 APP_URL=null
 APP_TIMEZONE='UTC'
 APP_LOCALE=en
+MAX_RESULTS=500
 
 # --------------------------------------------
 # REQUIRED: DATABASE SETTINGS
@@ -64,6 +65,8 @@ SECURE_COOKIES=false
 # --------------------------------------------
 # OPTIONAL: SECURITY HEADER SETTINGS
 # --------------------------------------------
+APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
+ALLOW_IFRAMING=false
 REFERRER_POLICY=same-origin
 ENABLE_CSP=false
 CORS_ALLOWED_ORIGINS=null
@@ -110,8 +113,6 @@ APP_LOG=single
 APP_LOG_MAX_FILES=10
 APP_LOCKED=false
 FILESYSTEM_DISK=local
-APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
-ALLOW_IFRAMING=false
 APP_CIPHER=AES-256-CBC
 GOOGLE_MAPS_API=
 BACKUP_ENV=true

README.md

@@ -1,5 +1,5 @@
 [![Build Status](https://travis-ci.org/snipe/snipe-it.svg?branch=master)](https://travis-ci.org/snipe/snipe-it) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/snipe/snipe-it?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&utm_medium=referral&utm_content=snipe/snipe-it&utm_campaign=Badge_Grade)
-[![All Contributors](https://img.shields.io/badge/all_contributors-181-orange.svg?style=flat-square)](#contributors) [![Open Source Helpers](https://www.codetriage.com/snipe/snipe-it/badges/users.svg)](https://www.codetriage.com/snipe/snipe-it)
+[![All Contributors](https://img.shields.io/badge/all_contributors-182-orange.svg?style=flat-square)](#contributors) [![Open Source Helpers](https://www.codetriage.com/snipe/snipe-it/badges/users.svg)](https://www.codetriage.com/snipe/snipe-it)
 
 
 ## Snipe-IT - Open Source Asset Management System
@@ -61,6 +61,8 @@ Since the release of the JSON REST API, several third-party developers have been
 - [jamf2snipe](https://github.com/ParadoxGuitarist/jamf2snipe) by [@ParadoxGuitarist](https://github.com/ParadoxGuitarist) - Python script to sync assets between a JAMFPro instance and a Snipe-IT instance
 - [Marksman](https://github.com/Scope-IT/marksman) - A Windows agent for Snipe-IT
 - [Snipe-IT plugin for Jira Service Desk (beta)](https://marketplace.atlassian.com/apps/1220379/snipe-it-for-jira-service-desk-beta?hosting=cloud&tab=overview) - for the upcoming Snipe-IT v5 only
+- [Python 3 CSV importer](https://github.com/gastamper/snipeit-csvimporter) - allows importing assets into Snipe-IT based on Item Name rather than Asset Tag.
+- [Snipe-IT Kubernetes Helm Chart](https://github.com/t3n/helm-charts/tree/master/snipeit) - For more information, [click here](https://hub.helm.sh/charts/t3n/snipeit).
 
 As these were created by third-parties, Snipe-IT cannot provide support for these project, and you should contact the developers directly if you need assistance. Additionally, Snipe-IT makes no guarantees as to the reliability, accuracy or maintainability of these libraries. Use at your own risk. :) 
 
@@ -103,7 +105,7 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 | [<img src="https://avatars2.githubusercontent.com/u/982885?v=4" width="110px;"/><br /><sub>Martin Stub</sub>](http://martinstub.dk)<br />[🌍](#translation-stubben "Translation") | [<img src="https://avatars2.githubusercontent.com/u/28959963?v=4" width="110px;"/><br /><sub>Meyer Flavio</sub>](https://github.com/meyerf99)<br />[🌍](#translation-meyerf99 "Translation") | [<img src="https://avatars3.githubusercontent.com/u/796443?v=4" width="110px;"/><br /><sub>Micael Rodrigues</sub>](https://github.com/MicaelRodrigues)<br />[🌍](#translation-MicaelRodrigues "Translation") | [<img src="https://avatars0.githubusercontent.com/u/10481331?v=4" width="110px;"/><br /><sub>Mikael Rasmussen</sub>](http://rubixy.com/)<br />[🌍](#translation-mikaelssen "Translation") | [<img src="https://avatars1.githubusercontent.com/u/1544552?v=4" width="110px;"/><br /><sub>IxFail</sub>](https://github.com/IxFail)<br />[🌍](#translation-IxFail "Translation") | [<img src="https://avatars3.githubusercontent.com/u/18483118?v=4" width="110px;"/><br /><sub>Mohammed Fota</sub>](http://www.mohammedfota.com)<br />[🌍](#translation-MohammedFota "Translation") | [<img src="https://avatars0.githubusercontent.com/u/227080?v=4" width="110px;"/><br /><sub>Moayad Alserihi</sub>](https://github.com/omego)<br />[🌍](#translation-omego "Translation") |
 | [<img src="https://avatars0.githubusercontent.com/u/1680266?v=4" width="110px;"/><br /><sub>saymd</sub>](https://github.com/saymd)<br />[🌍](#translation-saymd "Translation") | [<img src="https://avatars0.githubusercontent.com/u/1826808?v=4" width="110px;"/><br /><sub>Patrik Larsson</sub>](https://nordsken.se)<br />[🌍](#translation-pooot "Translation") | [<img src="https://avatars1.githubusercontent.com/u/20584746?v=4" width="110px;"/><br /><sub>drcryo</sub>](https://github.com/drcryo)<br />[🌍](#translation-drcryo "Translation") | [<img src="https://avatars1.githubusercontent.com/u/19408004?v=4" width="110px;"/><br /><sub>pawel1615</sub>](https://github.com/pawel1615)<br />[🌍](#translation-pawel1615 "Translation") | [<img src="https://avatars2.githubusercontent.com/u/23340468?v=4" width="110px;"/><br /><sub>bodrovics</sub>](https://github.com/bodrovics)<br />[🌍](#translation-bodrovics "Translation") | [<img src="https://avatars0.githubusercontent.com/u/3257654?v=4" width="110px;"/><br /><sub>priatna</sub>](https://github.com/priatna)<br />[🌍](#translation-priatna "Translation") | [<img src="https://avatars1.githubusercontent.com/u/5358374?v=4" width="110px;"/><br /><sub>Fan Jiang</sub>](https://amayume.net)<br />[🌍](#translation-ProfFan "Translation") |
 | [<img src="https://avatars1.githubusercontent.com/u/22555451?v=4" width="110px;"/><br /><sub>ragnarcx</sub>](https://github.com/ragnarcx)<br />[🌍](#translation-ragnarcx "Translation") | [<img src="https://avatars2.githubusercontent.com/u/18654582?v=4" width="110px;"/><br /><sub>Rein van Haaren</sub>](http://www.reinvanhaaren.nl/)<br />[🌍](#translation-reinvanhaaren "Translation") | [<img src="https://avatars1.githubusercontent.com/u/386672?v=4" width="110px;"/><br /><sub>Teguh Dwicaksana</sub>](http://dheche.songolimo.net)<br />[🌍](#translation-dheche "Translation") | [<img src="https://avatars2.githubusercontent.com/u/2572552?v=4" width="110px;"/><br /><sub>fraccie</sub>](https://github.com/FRaccie)<br />[🌍](#translation-FRaccie "Translation") | [<img src="https://avatars0.githubusercontent.com/u/35182720?v=4" width="110px;"/><br /><sub>vinzruzell</sub>](https://github.com/vinzruzell)<br />[🌍](#translation-vinzruzell "Translation") | [<img src="https://avatars1.githubusercontent.com/u/7883603?v=4" width="110px;"/><br /><sub>Kevin Austin</sub>](http://kevinaustin.com)<br />[🌍](#translation-vipsystem "Translation") | [<img src="https://avatars3.githubusercontent.com/u/3861828?v=4" width="110px;"/><br /><sub>Wira Sandy</sub>](http://azuraweb.xyz)<br />[🌍](#translation-wira-sandy "Translation") |
-| [<img src="https://avatars2.githubusercontent.com/u/8663789?v=4" width="110px;"/><br /><sub>Илья</sub>](https://github.com/GrayHoax)<br />[🌍](#translation-GrayHoax "Translation") | [<img src="https://avatars3.githubusercontent.com/u/30119111?v=4" width="110px;"/><br /><sub>GodUseVPN</sub>](https://github.com/godusevpn)<br />[🌍](#translation-godusevpn "Translation") | [<img src="https://avatars1.githubusercontent.com/u/745576?v=4" width="110px;"/><br /><sub>周周</sub>](https://github.com/EngrZhou)<br />[🌍](#translation-EngrZhou "Translation") | [<img src="https://avatars3.githubusercontent.com/u/1631095?v=4" width="110px;"/><br /><sub>Sam</sub>](https://github.com/takuy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=takuy "Code") | [<img src="https://avatars1.githubusercontent.com/u/264022?v=4" width="110px;"/><br /><sub>Azerothian</sub>](https://www.illisian.com.au)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Azerothian "Code") | [<img src="https://avatars1.githubusercontent.com/u/7632599?v=4" width="110px;"/><br /><sub>Tim Farmer</sub>](https://github.com/timothyfarmer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=timothyfarmer "Code") |
+| [<img src="https://avatars2.githubusercontent.com/u/8663789?v=4" width="110px;"/><br /><sub>Илья</sub>](https://github.com/GrayHoax)<br />[🌍](#translation-GrayHoax "Translation") | [<img src="https://avatars3.githubusercontent.com/u/30119111?v=4" width="110px;"/><br /><sub>GodUseVPN</sub>](https://github.com/godusevpn)<br />[🌍](#translation-godusevpn "Translation") | [<img src="https://avatars1.githubusercontent.com/u/745576?v=4" width="110px;"/><br /><sub>周周</sub>](https://github.com/EngrZhou)<br />[🌍](#translation-EngrZhou "Translation") | [<img src="https://avatars3.githubusercontent.com/u/1631095?v=4" width="110px;"/><br /><sub>Sam</sub>](https://github.com/takuy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=takuy "Code") | [<img src="https://avatars1.githubusercontent.com/u/264022?v=4" width="110px;"/><br /><sub>Azerothian</sub>](https://www.illisian.com.au)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Azerothian "Code") | [<img src="https://avatars1.githubusercontent.com/u/7632599?v=4" width="110px;"/><br /><sub>Tim Farmer</sub>](https://github.com/timothyfarmer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=timothyfarmer "Code") | [<img src="https://avatars0.githubusercontent.com/u/17459600?v=4" width="110px;"/><br /><sub>Marián Skrip</sub>](https://github.com/mskrip)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mskrip "Code") |
 <!-- ALL-CONTRIBUTORS-LIST:END -->
 
 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!

app/Console/Commands/LdapSync.php

@@ -189,7 +189,7 @@ class LdapSync extends Command
                 // Sync activated state for Active Directory.
                 if ( array_key_exists('useraccountcontrol', $results[$i]) ) {
                   $enabled_accounts = [
-                    '512', '544', '66048', '66080', '262656', '262688', '328192', '328224'
+                    '512', '544', '66048', '66080', '262656', '262688', '328192', '328224', '4260352'
                   ];
                   $user->activated = ( in_array($results[$i]['useraccountcontrol'][0], $enabled_accounts) ) ? 1 : 0;
                 }

app/Console/Commands/RotateAppKey.php

@@ -0,0 +1,135 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use Artisan;
+use App\Models\CustomField;
+use App\Models\Asset;
+use App\Models\Setting;
+use \Illuminate\Encryption\Encrypter;
+
+class RotateAppKey extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:rotate-key';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Command description';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        if ($this->confirm("\n****************************************************\nTHIS WILL MODIFY YOUR APP_KEY AND DE-CRYPT YOUR ENCRYPTED CUSTOM FIELDS AND \nRE-ENCRYPT THEM WITH A NEWLY GENERATED KEY. \n\nThere is NO undo. \n\nMake SURE you have a database backup and a backup of your .env generated BEFORE running this command. \n\nIf you do not save the newly generated APP_KEY to your .env in this process, \nyour encrypted data will no longer be decryptable. \n\nAre you SURE you wish to continue, and have confirmed you have a database backup and an .env backup? "))  {
+
+
+
+            // Get the existing app_key and ciphers
+            // We put them in a variable since we clear the cache partway through here.
+            $old_app_key = config('app.key');
+            $cipher = config('app.cipher');
+
+            // Generate a new one
+            Artisan::call('key:generate', ['--show' => true]);
+            $new_app_key = Artisan::output();
+
+            // Clear the config cache
+            Artisan::call('config:clear');
+
+            $this->warn('Your app cipher is: '.$cipher);
+            $this->warn('Your old APP_KEY is: '.$old_app_key);
+            $this->warn('Your new APP_KEY is: '.$new_app_key);
+
+            // Write the new app key to the .env file
+            $this->writeNewEnvironmentFileWith($new_app_key);
+
+            // Manually create an old encrypter instance using the old app key
+            // and also create a new encrypter instance so we can re-crypt the field
+            // using the newly generated app key
+            $oldEncrypter = new Encrypter(base64_decode(substr($old_app_key, 7)), $cipher);
+            $newEncrypter = new Encrypter(base64_decode(substr($new_app_key, 7)), $cipher);
+
+            $fields = CustomField::where('field_encrypted', '1')->get();
+
+
+            foreach ($fields as $field) {
+
+                $assets = Asset::whereNotNull($field->db_column)->get();
+
+                foreach ($assets as $asset) {
+
+                    $asset->{$field->db_column} = $oldEncrypter->decrypt($asset->{$field->db_column});
+                    $this->line('DECRYPTED: '. $field->db_column);
+                    $asset->{$field->db_column} = $newEncrypter->encrypt($asset->{$field->db_column});
+                    $this->line('ENCRYPTED: '.$field->db_column);
+                    $asset->save();
+
+                }
+
+            }
+
+            // Handle the LDAP password if one is provided
+            $setting = Setting::first();
+            if ($setting->ldap_pword!='') {
+                $setting->ldap_pword =  $oldEncrypter->decrypt($setting->ldap_pword);
+                $setting->ldap_pword =  $newEncrypter->encrypt($setting->ldap_pword);
+                $setting->save();
+                $this->warn('LDAP password has been re-encrypted.');
+            }
+
+
+        } else {
+            $this->info('This operation has been canceled. No changes have been made.');
+        }
+    }
+
+    /**
+     * Write a new environment file with the given key.
+     *
+     * @param  string  $key
+     * @return void
+     */
+    protected function writeNewEnvironmentFileWith($key)
+    {
+
+        file_put_contents($this->laravel->environmentFilePath(), preg_replace(
+            $this->keyReplacementPattern(),
+            'APP_KEY='.$key,
+            file_get_contents($this->laravel->environmentFilePath())
+        ));
+    }
+
+    /**
+     * Get a regex pattern that will match env APP_KEY with any random key.
+     *
+     * @return string
+     */
+    protected function keyReplacementPattern()
+    {
+        $escaped = preg_quote('='.$this->laravel['config']['app.key'], '/');
+        return "/^APP_KEY{$escaped}/m";
+    }
+
+}

app/Console/Kernel.php

@@ -3,40 +3,13 @@
 namespace App\Console;
 
 use App\Console\Commands\ImportLocations;
+use App\Console\Commands\ReEncodeCustomFieldNames;
 use App\Console\Commands\RestoreDeletedUsers;
 use Illuminate\Console\Scheduling\Schedule;
 use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
 
 class Kernel extends ConsoleKernel
 {
-    /**
-     * The Artisan commands provided by your application.
-     *
-     * @var array
-     */
-    protected $commands = [
-        Commands\PaveIt::class,
-        Commands\CreateAdmin::class,
-        Commands\SendExpirationAlerts::class,
-        Commands\SendInventoryAlerts::class,
-        Commands\SendExpectedCheckinAlerts::class,
-        Commands\ObjectImportCommand::class,
-        Commands\Version::class,
-        Commands\SystemBackup::class,
-        Commands\DisableLDAP::class,
-        Commands\Purge::class,
-        Commands\LdapSync::class,
-        Commands\FixDoubleEscape::class,
-        Commands\RecryptFromMcrypt::class,
-        Commands\ResetDemoSettings::class,
-        Commands\SyncAssetLocations::class,
-        Commands\RegenerateAssetTags::class,
-        Commands\SyncAssetCounters::class,
-        Commands\RestoreDeletedUsers::class,
-        Commands\SendUpcomingAuditReport::class,
-        Commands\ImportLocations::class,
-        Commands\ReEncodeCustomFieldNames::class,
-    ];
 
     /**
      * Define the application's command schedule.

app/Http/Controllers/Api/AccessoriesController.php

@@ -8,7 +8,10 @@ use App\Helpers\Helper;
 use App\Models\Accessory;
 use App\Http\Transformers\AccessoriesTransformer;
 use App\Models\Company;
-
+use App\Models\User;
+use Carbon\Carbon;
+use Auth;
+use DB;
 
 class AccessoriesController extends Controller
 {
@@ -47,7 +50,11 @@ class AccessoriesController extends Controller
         }
 
         $offset = (($accessories) && (request('offset') > $accessories->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
 
@@ -191,4 +198,94 @@ class AccessoriesController extends Controller
         return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.delete.success')));
 
     }
+
+
+    /**
+     * Save the Accessory checkout information.
+     *
+     * If Slack is enabled and/or asset acceptance is enabled, it will also
+     * trigger a Slack message and send an email.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param  int  $accessoryId
+     * @return Redirect
+     */
+    public function checkout(Request $request, $accessoryId)
+    {
+        // Check if the accessory exists
+        if (is_null($accessory = Accessory::find($accessoryId))) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.does_not_exist')));
+        }
+
+        $this->authorize('checkout', $accessory);
+
+
+        if ($accessory->numRemaining() > 0) {
+
+            if (!$user = User::find($request->input('assigned_to'))) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.checkout.user_does_not_exist')));
+            }
+
+            // Update the accessory data
+            $accessory->assigned_to = $request->input('assigned_to');
+
+            $accessory->users()->attach($accessory->id, [
+                'accessory_id' => $accessory->id,
+                'created_at' => Carbon::now(),
+                'user_id' => Auth::id(),
+                'assigned_to' => $request->get('assigned_to')
+            ]);
+
+            $accessory->logCheckout($request->input('note'), $user);
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.checkout.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'No accessories remaining'));
+
+    }
+
+    /**
+     * Check in the item so that it can be checked out again to someone else
+     *
+     * @uses Accessory::checkin_email() to determine if an email can and should be sent
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param Request $request
+     * @param integer $accessoryUserId
+     * @param string $backto
+     * @return Redirect
+     * @internal param int $accessoryId
+     */
+    public function checkin(Request $request, $accessoryUserId = null)
+    {
+        if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.does_not_exist')));
+        }
+
+        $accessory = Accessory::find($accessory_user->accessory_id);
+        $this->authorize('checkin', $accessory);
+
+        $logaction = $accessory->logCheckin(User::find($accessoryUserId), $request->input('note'));
+
+        // Was the accessory updated?
+        if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {
+            if (!is_null($accessory_user->assigned_to)) {
+                $user = User::find($accessory_user->assigned_to);
+            }
+
+            $data['log_id'] = $logaction->id;
+            $data['first_name'] = $user->first_name;
+            $data['last_name'] = $user->last_name;
+            $data['item_name'] = $accessory->name;
+            $data['checkin_date'] = $logaction->created_at;
+            $data['item_tag'] = '';
+            $data['note'] = $logaction->note;
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.checkin.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/accessories/message.checkin.error')));
+
+    }
+
 }

app/Http/Controllers/Api/AssetMaintenancesController.php

@@ -45,7 +45,10 @@ class AssetMaintenancesController extends Controller
         }
 
         $offset = (($maintenances) && (request('offset') > $maintenances->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
 
         $allowed_columns = [
                                 'id',

app/Http/Controllers/Api/AssetModelsController.php

@@ -61,7 +61,10 @@ class AssetModelsController extends Controller
         }
 
         $offset = (($assetmodels) && (request('offset') > $assetmodels->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'models.created_at';
 

app/Http/Controllers/Api/AssetsController.php

@@ -145,7 +145,10 @@ class AssetsController extends Controller
         $request->filled('order_number') ? $assets = $assets->where('assets.order_number', '=', e($request->get('order_number'))) : '';
 
         $offset = (($assets) && (request('offset') > $assets->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
 
         // This is used by the audit reporting routes
@@ -645,7 +648,7 @@ class AssetsController extends Controller
             return response()->json(Helper::formatStandardApiResponse('success', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkout.success')));
         }
 
-        return response()->json(Helper::formatStandardApiResponse('error', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkout.error')))->withErrors($asset->getErrors());
+        return response()->json(Helper::formatStandardApiResponse('error', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkout.error')));
     }
 
 
@@ -674,7 +677,11 @@ class AssetsController extends Controller
         $asset->assigned_to = null;
         $asset->assignedTo()->disassociate($asset);
         $asset->accepted = null;
-        $asset->name = Input::get('name');
+
+        if ($request->filled('name')) {
+            $asset->name = $request->input('name');
+        }
+        
         $asset->location_id =  $asset->rtd_location_id;
 
         if ($request->filled('location_id')) {

app/Http/Controllers/Api/CategoriesController.php

@@ -31,7 +31,10 @@ class CategoriesController extends Controller
         }
 
         $offset = (($categories) && (request('offset') > $categories->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'assets_count';
         $categories->orderBy($sort, $order);

app/Http/Controllers/Api/CompaniesController.php

@@ -42,7 +42,10 @@ class CompaniesController extends Controller
         }
 
         $offset = (($companies) && (request('offset') > $companies->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $companies->orderBy($sort, $order);

app/Http/Controllers/Api/ComponentsController.php

@@ -44,7 +44,9 @@ class ComponentsController extends Controller
         }
 
         $offset = (($components) && (request('offset') > $components->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
 
         $allowed_columns = ['id','name','min_amt','order_number','serial','purchase_date','purchase_cost','company','category','qty','location','image'];
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';

app/Http/Controllers/Api/ConsumablesController.php

@@ -45,7 +45,10 @@ class ConsumablesController extends Controller
 
 
         $offset = (($consumables) && (request('offset') > $consumables->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $allowed_columns = ['id','name','order_number','min_amt','purchase_date','purchase_cost','company','category','model_number', 'item_no', 'manufacturer','location','qty','image'];
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';

app/Http/Controllers/Api/CustomFieldsController.php

@@ -24,7 +24,7 @@ class CustomFieldsController extends Controller
 
     public function index()
     {
-        $this->authorize('index', CustomFields::class);
+        $this->authorize('index', CustomField::class);
         $fields = CustomField::get();
         return (new CustomFieldsTransformer)->transformCustomFields($fields, $fields->count());
     }
@@ -38,7 +38,7 @@ class CustomFieldsController extends Controller
     */
     public function show($id)
     {
-      $this->authorize('show', CustomField::class);
+      $this->authorize('view', CustomField::class);
         if ($field = CustomField::find($id)) {
             return (new CustomFieldsTransformer)->transformCustomField($field);
         }

app/Http/Controllers/Api/CustomFieldsetsController.php

@@ -58,7 +58,7 @@ class CustomFieldsetsController extends Controller
     */
     public function show($id)
     {
-      $this->authorize('show', CustomFieldset::class);
+      $this->authorize('view', CustomFieldset::class);
         if ($fieldset = CustomFieldset::find($id)) {
             return (new CustomFieldsetsTransformer)->transformCustomFieldset($fieldset);
         }

app/Http/Controllers/Api/DepartmentsController.php

@@ -40,7 +40,10 @@ class DepartmentsController extends Controller
         }
 
         $offset = (($departments) && (request('offset') > $departments->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
 

app/Http/Controllers/Api/DepreciationsController.php

@@ -29,7 +29,10 @@ class DepreciationsController extends Controller
         }
 
         $offset = (($depreciations) && (request('offset') > $depreciations->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $depreciations->orderBy($sort, $order);

app/Http/Controllers/Api/GroupsController.php

@@ -29,7 +29,10 @@ class GroupsController extends Controller
         }
 
         $offset = (($groups) && (request('offset') > $groups->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $groups->orderBy($sort, $order);

app/Http/Controllers/Api/LicensesController.php

@@ -83,7 +83,10 @@ class LicensesController extends Controller
 
 
         $offset = (($licenses) && (request('offset') > $licenses->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
 
 

app/Http/Controllers/Api/LocationsController.php

@@ -8,6 +8,8 @@ use App\Helpers\Helper;
 use App\Models\Location;
 use App\Http\Transformers\LocationsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
+use Illuminate\Pagination\LengthAwarePaginator;
+use Illuminate\Support\Collection;
 
 class LocationsController extends Controller
 {
@@ -26,7 +28,7 @@ class LocationsController extends Controller
                 'updated_at','manager_id','image',
                 'assigned_assets_count','users_count','assets_count','currency'];
 
-        $locations = Location::with('parent', 'manager', 'childLocations')->select([
+        $locations = Location::with('parent', 'manager', 'children')->select([
             'locations.id',
             'locations.name',
             'locations.address',
@@ -52,7 +54,10 @@ class LocationsController extends Controller
 
 
         $offset = (($locations) && (request('offset') > $locations->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
 
@@ -106,7 +111,7 @@ class LocationsController extends Controller
     public function show($id)
     {
         $this->authorize('view', Location::class);
-        $location = Location::with('parent', 'manager', 'childLocations')
+        $location = Location::with('parent', 'manager', 'children')
             ->select([
                 'locations.id',
                 'locations.name',
@@ -143,6 +148,13 @@ class LocationsController extends Controller
     {
         $this->authorize('update', Location::class);
         $location = Location::findOrFail($id);
+
+        if ($request->input('parent_id') == $id) {
+
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'A location cannot be its own parent. Please select a different parent ID.'));
+        }
+
+
         $location->fill($request->all());
 
         if ($location->save()) {
@@ -178,6 +190,27 @@ class LocationsController extends Controller
     /**
      * Gets a paginated collection for the select2 menus
      *
+     * This is handled slightly differently as of ~4.7.8-pre, as
+     * we have to do some recursive magic to get the hierarchy to display
+     * properly when looking at the parent/child relationship in the
+     * rich menus.
+     *
+     * This means we can't use the normal pagination that we use elsewhere
+     * in our selectlists, since we have to get the full set before we can
+     * determine which location is parent/child/grandchild, etc.
+     *
+     * This also means that hierarchy display gets a little funky when people
+     * use the Select2 search functionality, but there's not much we can do about
+     * that right now.
+     *
+     * As a result, instead of paginating as part of the query, we have to grab
+     * the entire data set, and then invoke a paginator manually and pass that
+     * through to the SelectListTransformer.
+     *
+     * Many thanks to @uberbrady for the help getting this working better.
+     * Recursion still sucks, but I guess he doesn't have to get in the
+     * sea... this time.
+     *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0.16]
      * @see \App\Http\Transformers\SelectlistTransformer
@@ -189,25 +222,39 @@ class LocationsController extends Controller
         $locations = Location::select([
             'locations.id',
             'locations.name',
+            'locations.parent_id',
             'locations.image',
         ]);
 
+        $page = 1;
+        if ($request->filled('page')) {
+            $page = $request->input('page');
+        }
+
         if ($request->filled('search')) {
-            $locations = $locations->where('locations.name', 'LIKE', '%'.$request->get('search').'%');
+            \Log::debug('Searching... ');
+            $locations = $locations->where('locations.name', 'LIKE', '%'.$request->input('search').'%');
         }
 
-        $locations = $locations->orderBy('name', 'ASC')->paginate(50);
+        $locations = $locations->orderBy('name', 'ASC')->get();
 
-        // Loop through and set some custom properties for the transformer to use.
-        // This lets us have more flexibility in special cases like assets, where
-        // they may not have a ->name value but we want to display something anyway
+        $locations_with_children = [];
         foreach ($locations as $location) {
-            $location->use_text = $location->name;
-            $location->use_image = ($location->image) ? url('/').'/uploads/locations/'.$location->image : null;
+            if(!array_key_exists($location->parent_id, $locations_with_children)) {
+                $locations_with_children[$location->parent_id] = [];
+            }
+            $locations_with_children[$location->parent_id][] = $location;
         }
 
-        return (new SelectlistTransformer)->transformSelectlist($locations);
+        $location_options = Location::indenter($locations_with_children);
+
+        $locations_formatted = new Collection($location_options);
+        $paginated_results =  new LengthAwarePaginator($locations_formatted->forPage($page, 500), $locations_formatted->count(), 500, $page, []);
+
+        //return [];
+        return (new SelectlistTransformer)->transformSelectlist($paginated_results);
 
     }
 
+
 }

app/Http/Controllers/Api/ManufacturersController.php

@@ -40,7 +40,10 @@ class ManufacturersController extends Controller
 
 
         $offset = (($manufacturers) && (request('offset') > $manufacturers->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $manufacturers->orderBy($sort, $order);

app/Http/Controllers/Api/StatuslabelsController.php

@@ -31,7 +31,10 @@ class StatuslabelsController extends Controller
         }
 
         $offset = (($statuslabels) && (request('offset') > $statuslabels->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $statuslabels->orderBy($sort, $order);

app/Http/Controllers/Api/SuppliersController.php

@@ -34,7 +34,10 @@ class SuppliersController extends Controller
         }
 
         $offset = (($suppliers) && (request('offset') > $suppliers->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
         $suppliers->orderBy($sort, $order);

app/Http/Controllers/Api/UsersController.php

@@ -88,7 +88,10 @@ class UsersController extends Controller
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $offset = (($users) && (request('offset') > $users->count())) ? 0 : request('offset', 0);
-        $limit = request('limit',  20);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
 
         switch ($request->input('sort')) {
             case 'manager':

app/Http/Controllers/AssetsController.php

@@ -570,15 +570,17 @@ class AssetsController extends Controller
      */
     public function postImportHistory(Request $request)
     {
+
+        if (!$request->hasFile('user_import_csv')) {
+            return back()->with('error', 'No file provided. Please select a file for import and try again. ');
+        }
+
         if (!ini_get("auto_detect_line_endings")) {
             ini_set("auto_detect_line_endings", '1');
         }
 
         $csv = Reader::createFromPath(Input::file('user_import_csv'));
-        $csv->setNewline("\r\n");
-        //get the first row, usually the CSV header
-        //$headers = $csv->fetchOne();
-
+        $csv->setHeaderOffset(0);
         $results = $csv->getRecords();
         $item = array();
         $status = array();
@@ -595,7 +597,9 @@ class AssetsController extends Controller
                 }
                 $batch_counter = count($item[$asset_tag]);
 
-                $item[$asset_tag][$batch_counter]['checkout_date'] = Carbon::parse(Helper::array_smart_fetch($row, "date"))->format('Y-m-d H:i:s');
+                $item[$asset_tag][$batch_counter]['checkout_date'] = Carbon::parse(Helper::array_smart_fetch($row, "checkout date"))->format('Y-m-d H:i:s');
+                $item[$asset_tag][$batch_counter]['checkin_date'] = Carbon::parse(Helper::array_smart_fetch($row, "checkin date"))->format('Y-m-d H:i:s');
+                \Log::debug($item[$asset_tag][$batch_counter]['checkin_date']);
 
                 $item[$asset_tag][$batch_counter]['asset_tag'] = Helper::array_smart_fetch($row, "asset tag");
                 $item[$asset_tag][$batch_counter]['name'] = Helper::array_smart_fetch($row, "name");
@@ -678,9 +682,11 @@ class AssetsController extends Controller
                 // Only do this if a matching user was found
                 if ((array_key_exists('checkedout_to', $asset_batch[$x])) && ($asset_batch[$x]['checkedout_to']!='')) {
                     if (($total_in_batch > 1) && ($x < $total_in_batch) && (array_key_exists($next, $asset_batch))) {
-                        $checkin_date = Carbon::parse($asset_batch[$next]['checkout_date'])->subDay(1)->format('Y-m-d H:i:s');
+                        $checkin_date = Carbon::parse($asset_batch[$next]['checkin_date'])->format('Y-m-d H:i:s');
                         $asset_batch[$x]['real_checkin'] = $checkin_date;
 
+                        \Log::debug($asset_batch[$next]['checkin_date']);
+                        \Log::debug($checkin_date);
                         Actionlog::firstOrCreate(array(
                             'item_id' => $asset_batch[$x]['asset_id'],
                             'item_type' => Asset::class,

app/Http/Controllers/LocationsController.php

@@ -41,8 +41,6 @@ class LocationsController extends Controller
     {
         // Grab all the locations
         $this->authorize('view', Location::class);
-        $locations = Location::orderBy('created_at', 'DESC')->with('parent', 'assets', 'assignedassets')->get();
-
         // Show the page
         return view('locations/index');
     }
@@ -59,14 +57,7 @@ class LocationsController extends Controller
     public function create()
     {
         $this->authorize('create', Location::class);
-        $locations = Location::orderBy('name', 'ASC')->get();
-
-        $location_options_array = Location::getLocationHierarchy($locations);
-        $location_options = Location::flattenLocationsArray($location_options_array);
-        $location_options = array('' => 'Top Level') + $location_options;
-
         return view('locations/edit')
-            ->with('location_options', $location_options)
             ->with('item', new Location);
     }
 
@@ -132,14 +123,8 @@ class LocationsController extends Controller
             return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist'));
         }
 
-        // Show the page
-        $locations = Location::orderBy('name', 'ASC')->get();
-        $location_options_array = Location::getLocationHierarchy($locations);
-        $location_options = Location::flattenLocationsArray($location_options_array);
-        $location_options = array('' => 'Top Level') + $location_options;
 
-        return view('locations/edit', compact('item'))
-            ->with('location_options', $location_options);
+        return view('locations/edit', compact('item'));
     }
 
 
@@ -160,6 +145,11 @@ class LocationsController extends Controller
             return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist'));
         }
 
+        if ($request->input('parent_id') == $locationId) {
+            return redirect()->back()->withInput()->with('error', 'A location cannot be its own parent. Please select a different parent location.');
+        }
+
+
         // Update the location data
         $location->name         = $request->input('name');
         $location->parent_id    = $request->input('parent_id', null);
@@ -229,7 +219,7 @@ class LocationsController extends Controller
         if ($location->users->count() > 0) {
             return redirect()->to(route('locations.index'))->with('error', trans('admin/locations/message.assoc_users'));
 
-        } elseif ($location->childLocations->count() > 0) {
+        } elseif ($location->children->count() > 0) {
             return redirect()->to(route('locations.index'))->with('error', trans('admin/locations/message.assoc_child_loc'));
 
         } elseif ($location->assets->count() > 0) {

app/Http/Controllers/ReportsController.php

@@ -307,12 +307,18 @@ class ReportsController extends Controller
     public function postCustom(Request $request)
     {
 
+        ini_set('max_execution_time', 12000);
+
+
         \Debugbar::disable();
         $customfields = CustomField::get();
         $response = new StreamedResponse(function () use ($customfields, $request) {
 
+            \Log::debug('Starting streamed response');
+
             // Open output stream
             $handle = fopen('php://output', 'w');
+            stream_set_timeout($handle, 2000);
             
             if ($request->filled('use_bom')) {
                 fprintf($handle, chr(0xEF) . chr(0xBB) . chr(0xBF));
@@ -464,8 +470,12 @@ class ReportsController extends Controller
                 }
             }
 
-
+            $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+            \Log::debug('Starting headers: '.$executionTime);
             fputcsv($handle, $header);
+            $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+            \Log::debug('Added headers: '.$executionTime);
+
 
             $assets = \App\Models\Company::scopeCompanyables(Asset::select('assets.*'))->with(
                 'location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
@@ -520,9 +530,13 @@ class ReportsController extends Controller
                 $assets->whereBetween('assets.expected_checkin', [$request->input('expected_checkin_start'), $request->input('expected_checkin_end')]);
             }
             
-            $assets->orderBy('assets.created_at', 'ASC')->chunk(500, function($assets) use($handle, $customfields, $request) {
+            $assets->orderBy('assets.created_at', 'ASC')->chunk(20, function($assets) use($handle, $customfields, $request) {
 
+                $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+                \Log::debug('Walking results: '.$executionTime);
+                $count = 0;
                 foreach ($assets as $asset) {
+                    $count++;
                     $row = [];
                     
                     if ($request->filled('company')) {
@@ -695,17 +709,24 @@ class ReportsController extends Controller
                         }
                     }
                     fputcsv($handle, $row);
+                    $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+                    \Log::debug('-- Record '.$count.' Asset ID:' .$asset->id. ' in '. $executionTime);
+
                 }
             });
 
             // Close the output stream
             fclose($handle);
+            $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+            \Log::debug('-- SCRIPT COMPLETED IN '. $executionTime);
+
         }, 200, [
             'Content-Type' => 'text/csv',
             'Content-Disposition'
             => 'attachment; filename="custom-assets-report-'.date('Y-m-d-his').'.csv"',
         ]);
 
+
         return $response;
 
 

app/Http/Transformers/ActionlogsTransformer.php

@@ -32,7 +32,15 @@ class ActionlogsTransformer
             $meta_array = json_decode($actionlog->log_meta);
             foreach ($meta_array as $key => $value) {
                 foreach ($value as $meta_key => $meta_value) {
-                    $clean_meta[$key][$meta_key] = e($meta_value);
+
+                    if (is_array($meta_value)) {
+                        foreach ($meta_value as $meta_value_key => $meta_value_value) {
+                            $clean_meta[$key][$meta_value_key] = e($meta_value_value);
+                        }
+                    } else {
+                        $clean_meta[$key][$meta_key] = e($meta_value);
+                    }
+
                 }
             }
         }

app/Http/Transformers/LocationsTransformer.php

@@ -23,7 +23,7 @@ class LocationsTransformer
         if ($location) {
 
             $children_arr = [];
-            foreach($location->childLocations as $child) {
+            foreach($location->children as $child) {
                 $children_arr[] = [
                     'id' => (int) $child->id,
                     'name' => $child->name

app/Importer/AssetImporter.php

@@ -27,9 +27,17 @@ class AssetImporter extends ItemImporter
 
             foreach ($this->customFields as $customField) {
                 $customFieldValue = $this->array_smart_custom_field_fetch($row, $customField);
+
                 if ($customFieldValue) {
-                    $this->item['custom_fields'][$customField->db_column_name()] = $customFieldValue;
-                    $this->log('Custom Field '. $customField->name.': '.$customFieldValue);
+
+                    if ($customField->field_encrypted == 1) {
+                        $this->item['custom_fields'][$customField->db_column_name()] = \Crypt::encrypt($customFieldValue);
+                        $this->log('Custom Field '. $customField->name.': '.\Crypt::encrypt($customFieldValue));
+                    } else {
+                        $this->item['custom_fields'][$customField->db_column_name()] = $customFieldValue;
+                        $this->log('Custom Field '. $customField->name.': '.$customFieldValue);
+                    }
+
                 } else {
                     // Clear out previous data.
                     $this->item['custom_fields'][$customField->db_column_name()] = null;

app/Models/Asset.php

@@ -1167,7 +1167,29 @@ class Asset extends Depreciable
                 }
             }
 
-            if (($fieldname!='category') && ($fieldname!='model_number') && ($fieldname!='location') && ($fieldname!='supplier')
+            /**
+             * THIS CLUNKY BIT IS VERY IMPORTANT
+             *
+             * Although inelegant, this section matters a lot when querying against fields that do not
+             * exist on the asset table. There's probably a better way to do this moving forward, for
+             * example using the Schema:: methods to determine whether or not a column actually exists,
+             * or even just using the $searchableRelations variable earlier in this file.
+             *
+             * In short, this set of statements tells the query builder to ONLY query against an
+             * actual field that's being passed if it doesn't meet known relational fields. This
+             * allows us to query custom fields directly in the assetsv table
+             * (regardless of their name) and *skip* any fields that we already know can only be
+             * searched through relational searches that we do earlier in this method.
+             *
+             * For example, we do not store "location" as a field on the assets table, we store
+             * that relationship through location_id on the assets table, therefore querying
+             * assets.location would fail, as that field doesn't exist -- plus we're already searching
+             * against those relationships earlier in this method.
+             *
+             * - snipe 
+             *
+             */
+            if (($fieldname!='category') && ($fieldname!='model_number') && ($fieldname!='rtd_location') && ($fieldname!='location') && ($fieldname!='supplier')
                 && ($fieldname!='status_label') && ($fieldname!='model') && ($fieldname!='company') && ($fieldname!='manufacturer')) {
                     $query->orWhere('assets.'.$fieldname, 'LIKE', '%' . $search_val . '%');
             }

app/Models/AssetMaintenance.php

@@ -73,7 +73,8 @@ class AssetMaintenance extends Model implements ICompanyableChild
             trans('admin/asset_maintenances/general.upgrade')     => trans('admin/asset_maintenances/general.upgrade'),
             'PAT test'      => 'PAT test',
             trans('admin/asset_maintenances/general.calibration')     => trans('admin/asset_maintenances/general.calibration'),
-            'PAT test'      => 'PAT test',
+            'Software Support'      => trans('admin/asset_maintenances/general.software_support'),
+            'Hardware Support'      => trans('admin/asset_maintenances/general.hardware_support'),
         ];
     }
 

app/Models/License.php

@@ -48,7 +48,7 @@ class License extends Depreciable
     protected $table = 'licenses';
     protected $rules = array(
         'name'   => 'required|string|min:3|max:255',
-        'seats'   => 'required|min:1|max:1000000|integer',
+        'seats'   => 'required|min:1|max:999|integer',
         'license_email'   => 'email|nullable|max:120',
         'license_name'   => 'string|nullable|max:100',
         'notes'   => 'string|nullable',

app/Models/Location.php

@@ -113,7 +113,8 @@ class Location extends SnipeModel
 
     public function parent()
     {
-        return $this->belongsTo('\App\Models\Location', 'parent_id','id');
+        return $this->belongsTo('\App\Models\Location', 'parent_id','id')
+            ->with('parent');
     }
 
     public function manager()
@@ -121,9 +122,9 @@ class Location extends SnipeModel
         return $this->belongsTo('\App\Models\User', 'manager_id');
     }
 
-    public function childLocations()
-    {
-        return $this->hasMany('\App\Models\Location', 'parent_id');
+    public function children() {
+        return $this->hasMany('\App\Models\Location','parent_id')
+            ->with('children');
     }
 
     // I don't think we need this anymore since we de-normed location_id in assets?
@@ -137,59 +138,37 @@ class Location extends SnipeModel
         return $this->attributes['ldap_ou'] = empty($ldap_ou) ? null : $ldap_ou;
     }
 
-    public static function getLocationHierarchy($locations, $parent_id = null)
-    {
 
+    /**
+     * Query builder scope to order on parent
+     *
+     * @param  Illuminate\Database\Query\Builder  $query  Query builder instance
+     * @param  text                              $order       Order
+     *
+     * @return Illuminate\Database\Query\Builder          Modified query builder
+     */
 
-        $op = array();
-
-        foreach ($locations as $location) {
-
-            if ($location['parent_id'] == $parent_id) {
-                $op[$location['id']] =
-                    array(
-                        'name' => $location['name'],
-                        'parent_id' => $location['parent_id']
-                    );
-
-                // Using recursion
-                $children =  Location::getLocationHierarchy($locations, $location['id']);
-                if ($children) {
-                    $op[$location['id']]['children'] = $children;
-                }
-
-            }
-
+    public static function indenter($locations_with_children, $parent_id = null, $prefix = '') {
+        $results = Array();
+        
+        if (!array_key_exists($parent_id, $locations_with_children)) {
+            return [];
         }
-        return $op;
+
+        foreach ($locations_with_children[$parent_id] as $location) {
+            $location->use_text = $prefix.' '.$location->name;
+            $location->use_image = ($location->image) ? url('/').'/uploads/locations/'.$location->image : null;
+            $results[] = $location;
+            //now append the children. (if we have any)
+            if (array_key_exists($location->id, $locations_with_children)) {
+                $results = array_merge($results, Location::indenter($locations_with_children, $location->id,$prefix.'--'));
+            }
+        }
+        return $results;
     }
 
 
-    public static function flattenLocationsArray($location_options_array = null)
-    {
-        $location_options = array();
-        foreach ($location_options_array as $id => $value) {
 
-            // get the top level key value
-            $location_options[$id] = $value['name'];
-
-                // If there is a key named children, it has child locations and we have to walk it
-            if (array_key_exists('children', $value)) {
-
-                foreach ($value['children'] as $child_id => $child_location_array) {
-                    $child_location_options = Location::flattenLocationsArray($value['children']);
-
-                    foreach ($child_location_options as $child_id => $child_name) {
-                        $location_options[$child_id] = '--'.$child_name;
-                    }
-                }
-
-            }
-
-        }
-
-        return $location_options;
-    }
 
     /**
     * Query builder scope to order on parent

composer.json

@@ -27,7 +27,7 @@
     "maknz/slack": "^1.7",
     "neitanod/forceutf8": "^2.0",
     "patchwork/utf8": "^1.3",
-    "phpdocumentor/reflection-docblock": "3.2.2",
+    "phpdocumentor/reflection-docblock": "^4.0",
     "phpspec/prophecy": "^1.8",
     "pragmarx/google2fa": "^5.0",
     "pragmarx/google2fa-laravel": "^1.0",

config/app.php

@@ -36,6 +36,19 @@ return [
 
     'env' => env('APP_ENV', 'production'),
 
+    /*
+    |--------------------------------------------------------------------------
+    | Result Limit
+    |--------------------------------------------------------------------------
+    |
+    | This value determines the max number of results to return, even if a higher limit
+    | is passed in the API request. This is done to prevent server timeouts when
+    | custom scripts are requesting 100k assets at a time.
+    |
+    */
+
+    'max_results' => env('MAX_RESULTS', 500),
+
     /*
     |--------------------------------------------------------------------------
     | Application Debug Mode

config/version.php

@@ -1,10 +1,10 @@
 <?php
 return array (
-  'app_version' => 'v4.7.5',
-  'full_app_version' => 'v4.7.5 - build 4137-g55ee90b25',
-  'build_version' => '4137',
+  'app_version' => 'v4.7.8',
+  'full_app_version' => 'v4.7.8 - build 4170-g4fe689dc5',
+  'build_version' => '4170',
   'prerelease_version' => '',
-  'hash_version' => 'g55ee90b25',
-  'full_hash' => 'v4.7.5-18-g55ee90b25',
+  'hash_version' => 'g4fe689dc5',
+  'full_hash' => 'v4.7.8-7-g4fe689dc5',
   'branch' => 'master',
 );

package.json

@@ -10,7 +10,7 @@
     "production": "cross-env NODE_ENV=production node_modules/webpack/bin/webpack.js --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js "
   },
   "devDependencies": {
-    "axios": "^0.16.2",
+    "axios": ">=0.18.1",
     "babel-preset-latest": "^6.24.1",
     "cross-env": "^5.0.5",
     "jquery": "^3.1.1",

resources/lang/en/admin/asset_maintenances/general.php

@@ -8,5 +8,7 @@
         'repair'             => 'Repair',
         'maintenance'        => 'Maintenance',
         'upgrade'            => 'Upgrade',
-        'calibration'        => 'Calibration'
+        'calibration'        => 'Calibration',
+        'software_support'   => 'Software Support',
+        'hardware_support'   => 'Hardware Support',
     ];

resources/lang/fr/admin/asset_maintenances/general.php

@@ -7,5 +7,7 @@
         'view'               => 'Voir les détails de la maintenance d\'actif',
         'repair'             => 'Réparation',
         'maintenance'        => 'Entretien',
-        'upgrade'            => 'Mise à niveau'
+        'upgrade'            => 'Mise à niveau',
+        'software_support'   => 'Support logiciel',
+        'hardware_support'   => 'Support matériel',
     ];

resources/views/hardware/history.blade.php

@@ -64,9 +64,8 @@
                            Upload a CSV that contains asset history. The assets and users MUST already exist in the system, or they will be skipped. Matching assets for history import happens against the asset tag. We will try to find a matching user based on the user's name you provide, and the criteria you select below. If you do not select any criteria below, it will simply try to match on the username format you configured in the Admin > General Settings.
                         </p>
 
-                        <p>Fields included in the CSV must match the headers: <strong>Date, Tag, Name</strong>. Any additional fields will be ignored. </p>
+                        <p>Fields included in the CSV must match the headers: <strong>Asset Tag, Checkout Date, Checkin Date, Name</strong>. Any additional fields will be ignored. </p>
 
-                        <p><strong>Date</strong> should be the checkout date. <strong>Tag</strong> should be the asset tag. <strong>Name</strong> should be the user's name (firstname lastname).</p>
 
                         <p><strong>History should be ordered by date in ascending order.</strong></p>
 

resources/views/locations/edit.blade.php

@@ -10,16 +10,8 @@
 @section('inputFields')
 @include ('partials.forms.edit.name', ['translated_name' => trans('admin/locations/table.name')])
 
-<!-- Parent-->
-<div class="form-group {{ $errors->has('parent_id') ? ' has-error' : '' }}">
-    <label for="parent_id" class="col-md-3 control-label">
-        {{ trans('admin/locations/table.parent') }}
-    </label>
-    <div class="col-md-9{{  (\App\Helpers\Helper::checkIfRequired($item, 'parent_id')) ? ' required' : '' }}">
-        {!! Form::select('parent_id', $location_options , Input::old('parent_id', $item->parent_id), array('class'=>'select2 parent', 'style'=>'width:350px')) !!}
-        {!! $errors->first('parent_id', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
-    </div>
-</div>
+<!-- parent -->
+@include ('partials.forms.edit.location-select', ['translated_name' => trans('admin/locations/table.parent'), 'fieldname' => 'parent_id'])
 
 <!-- Manager-->
 @include ('partials.forms.edit.user-select', ['translated_name' => trans('admin/users/table.manager'), 'fieldname' => 'manager_id'])

routes/api.php

@@ -56,6 +56,21 @@ Route::group(['prefix' => 'v1','namespace' => 'Api', 'middleware' => 'api'], fun
                 'uses' => 'AccessoriesController@checkedout'
             ]
         );
+
+        Route::post('{accessory}/checkout',
+            [
+                'as' => 'api.accessories.checkout',
+                'uses' => 'AccessoriesController@checkout'
+            ]
+        );
+
+        Route::post('{accessory}/checkin',
+            [
+                'as' => 'api.accessories.checkin',
+                'uses' => 'AccessoriesController@checkin'
+            ]
+        );
+
     }); // Accessories group
 
 

upgrade.php

@@ -49,9 +49,11 @@ $git_version = shell_exec('git --version');
 
 if ((strpos('git version', $git_version)) === false) {
     echo "Git is installed. \n";
+    $git_fetch = shell_exec('git fetch');
     $git_checkout = shell_exec('git checkout '.$branch);
     $git_stash = shell_exec('git stash');
     $git_pull = shell_exec('git pull');
+    echo '-- '.$git_fetch;
     echo '-- '.$git_stash;
     echo '-- '.$git_checkout;
     echo '-- '.$git_pull;